Remoção de vírus

subzirow disse:
Opa, e ai Mr.Wolf. Aqui esta tudo bem

Pois é, essa é uma dúvida no tanto quanto complicada, porque lembra que eu disse que o Kaspersky 2009 deixava o sistema lerdo demais? por isso eu estou com medo de instalar ele aqui no Windows 7 que é meu sistema principal no momento.
Clique para expandir...
Opa, Sub

Realmente lembro quando você comentou isso comigo. Infelizmente o Kaspersky, às vezes, deixa o sistema lento e pesado mesmo. O meu conhecido que instalou o KAV Beta no Windows 7 dele, não reclamou de lerdeza na máquina.

Se pelo menos der para usar ele desabilitado e usar só quando precisar ( passar scan ) pra mim tudo bem, pelo menos de uma forma da até para usar. Mas, se mesmo assim ficar pesado, dai é sacanagem haha.
Clique para expandir...
Sub, você já sabe o que eu acho de deixar os antivirus desativados né, rsrs. Não recomendo!

Mas aqui há um fator a ser levado em questão, você é um usuário que sabe muito bem se cuidar na web. Portanto, o que você pode fazer é, manter um software de monitoramente de pastas ativo (o que não usa nem 5 k de uso de sua memória), e manter o KAV com o real-time desativado. Mas procure passar o scan de dois em dois dias no mínimo com o antivirus. Para o monitoramento das pastas, recomendo o programa Spy the Spy amigo Sub. Basta, após instalá-lo, clicar com o botão do mouse no ícone localizado ao lado do relógio e selecionar a opção "Settings". Clique em "Add Folder" e selecione as pastas para monitoramento. Deixe a opção "Include Subfolders" também marcada.

Ainda assim há riscos Sub, mas se deseja fazer isso...
 
Mr.Wolf disse:
_Ado_, há um adware em seu log do RSIT (o AdVantage). Este programa é totalmente inseguro, se foi você quem o instalou, recomendo sua desinstalação imediatamente. Como ele não está em Adicionar ou Remover Programas, delete a pasta dele em: C:\Arquivos de programas\Advantage. Caso não consiga excluí-la, entre dentro da pasta e dê um duplo clique no arquivo AdVUninst.exe. Conseguindo ou não excluir o programa, siga a instrução abaixo:

- Faça o download do Malwarebytes Anti-Malware e salve-o no desktop;

● Dê dois cliques no programa para iniciar a instalação. Selecione o idioma Português (Brasil);
● Ao final da instalação, marque as opções "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em Concluir;
● Após a instalação execute o programa;
● Marque a opção Verificação Completa e depois clique em Verificar. Selecione sua unidade C: e clique no botão Iniciar Verificação;
● Quando o scan terminar, clique em OK e o log será automaticamente aberto para você;
● Se algo for detectado, verifique se todos os itens estão marcados e clique no botão Remover.
OBS: Caso apareça uma mensagem pedindo para que você reinicie o computador para completar o processo de remoção, reinicie-o imediatamente;
● O log pode ser consultado clicando em Logs do menu principal também;

Copie e cole o conteúdo desse log na sua próxima resposta, juntamente com um novo log do HijackThis.
___________________________________
Clique para expandir...

Feito mestre:

Log do malwarebytes:

Malwarebytes' Anti-Malware 1.36
Versão do banco de dados: 2090
Windows 5.1.2600 Service Pack 3

7/5/2009 20:40:21
mbam-log-2009-05-07 (20-40-21).txt

Tipo de Verificação: Completa (C:\|)
Objetos verificados: 218611
Tempo decorrido: 43 minute(s), 31 second(s)

Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registro infectadas: 1
Valores do Registro infectados: 0
Ítens do Registro infectados: 3
Pastas infectadas: 0
Arquivos infectados: 1

Processos da Memória infectados:
(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:
(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:
HKEY_CURRENT_USER\SOFTWARE\advantage (Adware.Vomba) -> Quarantined and deleted successfully.

Valores do Registro infectados:
(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Pastas infectadas:
(Nenhum ítem malicioso foi detectado)

Arquivos infectados:
C:\WINDOWS\system32\rar.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.

e um do HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:11:47, on 7/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\adm\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\Documents and Settings\adm\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\MSN Messenger\usnsvc.exe
C:\Documents and Settings\adm\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\adm\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\adm\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\adm\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\adm\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "C:\Dados Antigos\ado\Arquivo de programas\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RGSC] C:\Arquivos de programas\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Arquivos de programas\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Arquivos de programas\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221616179359
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://200.220.140.155:2584/activex/AMC.cab
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 9908 bytes

To livre? hehe. Abraço! :yes:
 
faaala grande e eterno Mestre Wolf como tah irmao????

siguinti Mr eu tava dando uma estudada nesses logs do hijack this ker dizer tentando neh pq eh mtoooo phoda cara !!!!!!!!! vc eh o cara msm p analisar isso ae e mais cara ainda de analisar tao rapido do jeito q analisa!!!!!

Mestre vejo mtas entradas no hijack this com um tal de no fail, no name, unknow owner, essas coisas ao lado das entradas essas entradas sao virus??????

eh soh uma curiosidade msm!!!!! :D

obrigado Mestre

um abraçao
 
_Ado_, abra o Malwarebytes e clique em Quarentena. Selecione os itens que lá estão e clique em Remover Tudo. Abra o HijackThis e clique em Do a system scan only, marque a entrada abaixo e clique no botão Fix checked:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Clique para expandir...
No mais, log limpo amigo _Ado_ :)

Algum problema ainda?
 
Megadeeth disse:
Mestre vejo mtas entradas no hijack this com um tal de no fail, no name, unknow owner, essas coisas ao lado das entradas essas entradas sao virus??????
Clique para expandir...
Nem sempre são vírus não Megadeeth. E não é "no fail" é "no file" ;)

Explicando:

File Missing -> O HijackThis não encontrou o arquivo no sistema (pode ser um bug da ferramenta ou não)

No File -> A entrada não possui um arquivo associado (pode ser um bug ou não)

No Name -> A entrada não possui nome(s) (pode ser um bug ou não)

Unknown Owner -> O HijackThis não reconheceu o responsável pela entrada (pode ser um bug ou não)
 
upsss vlw pela ixplicaçao Mestre!!!!! :D

mais como saberei se eh um bug do hijack this ou ñ???? :cry:

tem algum truc e se tiver pode me passar plisss???? :yes:

brigadao Mestre Wolf
 
Megadeeth disse:
mais como saberei se eh um bug do hijack this ou ñ???? :cry:
Clique para expandir...
Estudando. Analisando corretamente TODO o log, você conseguirá saber se é um bug ou não. Dúvidas? Pergunte ao dono do log se ele removeu o referido programa. Entretanto, não há necessidade nem de perguntar, pelo log fica óbvio, pelo menos para mim. O HijackThis às vezes gera bugs feios em entradas totalmente legítmas, como entradas referente ao antivirus. Por exemplo:

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
Clique para expandir...
Sim, o usuário pode ter desinstalado o antivirus, e por isso as informações ao lado das entradas. Mas há casos em que o antivirus do usuário está perfeitamente instalado e funcionando e o HijackThis mostra um "no file" ou um "file missing" ao lado da mesma.

Inclusive o HijackThis está com alguns bugs nas entradas O23, deve-se tomar cuidado ao tomar alguma providência. Já estamos corrigindo o bug.

tem algum truc e se tiver pode me passar plisss???? :yes:
Clique para expandir...
Não tem truque algum.
 
vlw Mestre to tentando me aprimorar na analise de logs mais ta dificil eh mto phoda!!!! :D

vou prestar bastante atençao agora obrigado pelas ixplicaçoes Mr.Wolf vlw msm ixplico tdinho q eu precisava sabe!!!!

um abraçao irmao e mais uma veiz obrigadao msm
 
Mr.Wolf disse:
Opa, Sub

Realmente lembro quando você comentou isso comigo. Infelizmente o Kaspersky, às vezes, deixa o sistema lento e pesado mesmo. O meu conhecido que instalou o KAV Beta no Windows 7 dele, não reclamou de lerdeza na máquina.


Sub, você já sabe o que eu acho de deixar os antivirus desativados né, rsrs. Não recomendo!

Mas aqui há um fator a ser levado em questão, você é um usuário que sabe muito bem se cuidar na web. Portanto, o que você pode fazer é, manter um software de monitoramente de pastas ativo (o que não usa nem 5 k de uso de sua memória), e manter o KAV com o real-time desativado. Mas procure passar o scan de dois em dois dias no mínimo com o antivirus. Para o monitoramento das pastas, recomendo o programa Spy the Spy amigo Sub. Basta, após instalá-lo, clicar com o botão do mouse no ícone localizado ao lado do relógio e selecionar a opção "Settings". Clique em "Add Folder" e selecione as pastas para monitoramento. Deixe a opção "Include Subfolders" também marcada.

Ainda assim há riscos Sub, mas se deseja fazer isso...
Clique para expandir...

Hum... interessante, não sabia desse programa. Espero que o Kaspersky não fique pesado como ficou no Vista mesmo, porque com isso eu uso ele sem problemas algum, como usava o Kaspersky 7.

Vou ver aqui com calma sobre isso, valeu pela dica Mr.Wolf, como sempre ajudando.

:yes:
 
Mr.Wolf disse:
Olá pessoal, boa tarde!


landeis, seja bem vindo ao fórum. Amigo não copie instruções de outros casos. Cada caso é um caso. Principalmente porque você utilizou uma ferramenta poderosa como o OTMoveIt3 e usou um script feito para outro usuário, os scripts não são iguais, o script é um preparo especial e pessoal para o caso que esteja sendo tratado.

Peço que, por favor, poste um log do HijackThis aqui landeis.


Qualquer dúvida ou pergunta que queira fazer ainda, fique a vontade XQuest :)
Clique para expandir...

Olá Mr. Molf, agradeço pela resposta, realmente eu não sabia que o script não era "universal" rs....
Não entendi quanto ao HijackThis, pode me orientar como fazer ?

Agradeço desde já ;)
 
Virus..

Olá Pessoal...

Alguém poderia me dar uma ajudinha????
Meu pc alguns dias estava meio lento... E de ontem pra cá, deu pra não abrir mais nos navegadores páginas de antivirus....
Segue o log do hijackThis...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:06:20, on 08/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe
C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\Documents and Settings\Humanizar\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\3M\PSNLite\PsnLite.exe
C:\ARQUIV~1\3M\PSNLite\PSNGive.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Humanizar\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Humanizar\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Humanizar\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE
C:\Documents and Settings\Humanizar\Desktop\Portable_Kaspersky_Anti virus_7.0.0.120_baixebr\Kaspersky 7.0\PKAV7.exe
C:\Documents and Settings\Humanizar\Desktop\Portable_Kaspersky_Anti virus_7.0.0.120_baixebr\Kaspersky 7.0\avp.exe
C:\Arquivos de programas\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\Humanizar\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
D:\Programas\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.d ll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleIn stance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield. exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AVP] "C:\Documents and Settings\Humanizar\Desktop\Portable_Kaspersky_Anti virus_7.0.0.120_baixebr\Kaspersky 7.0\avp.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Humanizar\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Arquivos de programas\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1233749838234
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1233749821250
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br...bPluginUni.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: avp - Kaspersky Lab - C:\Documents and Settings\Humanizar\Desktop\Portable_Kaspersky_Anti virus_7.0.0.120_baixebr\Kaspersky 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - VSO Software - (no file)
O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

--
End of file - 11776 bytes
 
Mr.Wolf disse:
_Ado_, abra o Malwarebytes e clique em Quarentena. Selecione os itens que lá estão e clique em Remover Tudo. Abra o HijackThis e clique em Do a system scan only, marque a entrada abaixo e clique no botão Fix checked:

No mais, log limpo amigo _Ado_ :)

Algum problema ainda?
Clique para expandir...

Nada, ta tudo beleza! :D

Valeuzão, abraço :wave:
 
Boa tarde pessoal!


Olá carolgsn, seja bem vinda ao fórum! Possível sintoma de Conficker amiga Carol.

Antes de mais nada, faça um teste: Veja se consegue acessar o site abaixo e me diga:

http://www.microsoft.com/en/us/default.aspx

Logo em seguida, acesse este site abaixo e veja se consegue visualizar as seis imagens que são apresentadas na página:

http://www.joestewart.org/cfeyechart.html

Após isto, siga as instruções dentro do spoiler abaixo carolgsn (basta clicar no botão Mostrar):

- Faça o download do RSIT e salve no seu desktop;

● Dê dois cliques em RSIT.exe para executar o programa;
● Na janela que abrir, na janela "List files/folders created or modified in the last: 1 month" altere para 2 months e clique no botão Continue para que a ferramenta comece a rodar;
● Quando a ferramenta terminar de rodar, abrirá um log automaticamente no bloco de notas contendo o resultado do scan. Cole o resultado desse log (log.txt) na sua próxima resposta;
● Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt.
__________________________________________


Opa landeis, para gerar um log do HijackThis faça o seguinte:

- Baixe o HijackThis e extraia-o para uma pasta própria em C:.
- Execute o HijackThis e clique em Do a system scan and a save logfile.
- Será gerado um log no bloco de notas. Copie e cole-o aqui.
 
subzirow disse:
Mr.Wolf, você viu isso aqui ?

Pesquisa na web por gripe suína pode levar vírus ao PC

Hoje em dia, qualquer motivo é questão de jogar vírus na rede. Complicado, se não ficar ligado, roda fácil.
Clique para expandir...
Vi sim amigo Sub.

Pois é, hoje em dia qualquer novidade é motivo para colocarem vírus na Internet. Foi assim com o Rootkit Russo. Na época em que ele foi disseminado na web, o motivo foi a morte do estadista araquiano Saddam Hussein (em Dezembro de 2006). Aproveitaram o "embalo" das notícias para disseminarem o código russo do rootkit. Os usuários recebiam em suas caixas de e-mail vídeos dizendo que mostravam a morte dele (do começo ao fim); notícias dizendo que o mundo iria acabar se ele morresse (continha um arquivo, PDF, para baixar e ler a notícia inteira - notícia fake obviamente); enfim... tudo absolutamente falso. Caso o usuário abrisse um dos e-mails seria automaticamente infectado pelo desastroso Rootkit Russo. Por sorte dos brasileiros, esta infecção afetou mais aos usuário do exterior - Estados Unidos, Inglaterra, Rússia, Suécia, Itália, França, etc. No Brasil este rootkit é raro (ainda), por pura sorte nossa!

Imaginei que esta gripe suína não seria diferente, também está sendo uma forma de "ponte" e "pretesto" para os crackers disseminarem seus vírus. Porém, o vírus por detrás desta notícia da gripe suína é um falso antivirus brasileiro, feito atualmente. Trata-se de um Ransomware (malwares que roubam dados do usuário e pedem dinheiro para o resgate dos mesmos). Veja toda a informação abaixo:

http://www.linhadefensiva.org/2009/05/antivirus-fraudulento-brasileiro-sequestra-sistema/

Outro ransomware, que não é brasileiro, mas está dando muitas dores de cabeça chama-se FileFix. Informações:

http://idgnow.uol.com.br/seguranca/...ivos-dos-internautas-e-pede-resgate-de-us-50/

Este malware está virando "moda" atualmente, e futuramente, creio eu, que será uma epidemia digital. este malware impede seu acesso à pasta Meus Documentos e rouba seus dados, pedindo dinheiro para o resgate deles. Mas a alegria dos criadores deste malware já acabou, pois já foi criada uma ferramenta para a remoção do FileFix - o Anti FileFix:

http://www.bleepingcomputer.com/virus-removal/remove-filefix-professional

É, Sub, hoje em dia temos que estar sempre atualizados (isso é essencial) e sermos espertos na web. Principalmente quando surge alguma coisa que vira notícia mundial - como a gripe suína. Pois é a hora que os crackers fazem a festa!
 
Mr.Wolf disse:
Estranho estas pastas não terem aparecido em seu log do ComboFix, XQuest. Estas pastas, apesar de não afetarem o sistema em si, são maliciosas. Você deve excluir sim, todas estas pastas FOUND.

Uma pergunta: Estas pastas foram criadas quando? Antes ou depois de rodar o ComboFix? Pois deveriam ter sido mostradas no log.
Clique para expandir...
Foram criadas antes, tem algumas são de 2007 e outras de 2008, nenhuma é deste ano. Teriam essas pastas alguma coisa a ver com o Scandisk?

Mr.Wolf disse:
Pode excluí-los sim, tranquilamente. Os arquivo sqm (Software Quality Metrics) são gerados pelo programa de Aperfeiçoamento da Experiência do Usuário do Windows Live Messenger. Quando este programa de aperfeiçoamento fica ativado ele começa a gerar estes arquivos sqm na raiz de seu OS. Portanto, pode excluí-los, e, para fazer com que estes arquivos não sejam mais criados, basta fazer o seguinte procedimento:

Faça login em seu Live Messenger e clique em Ferramentas > Opções > Geral > Aprimoramento de Qualidade. Desmarque a opção: “Permitir que a Microsoft colete informações anônimas sobre como eu utilizo o Windows Live Messenger” > OK. Logo em seguida, voltando a janela inicial de seu MSN, clique no menu Ajuda > Programa de Aperfeiçoamento da Experiência do Usuário. Marque a opção: “Não desejo participar imediatamente” > OK.

Reinicie seu MSN.
Clique para expandir...
A opção referida do MSN não estava marcada, estava até desabilitada, assim como a opção Não desejo participar imediatamente que também aparece como desabilitada.

Mr.Wolf disse:
A pasta System Volume Information é da Restauração do Sistema. Por default do OS, muitos vírus são copiados para esta pasta como uma forma de "desativá-los". Para excluir um vírus desta pasta basta desativar e ativar a restauração. Para isso prossiga da seguinte maneira:

Vá em Iniciar > Executar, digite sysdm.cpl e dê um OK. Clique na aba Restauração do Sistema e marque a opção "Desativar restauração do sistema" > OK. Logo após, volte neste local e desmarque esta opção.
Clique para expandir...
O Kaspersky acabou apagando os arquivos infectados dessa pasta.

Mr.Wolf disse:
Verifique uma coisa para mim, só para me esclarecer: Vá em Painel de Controle > Central de Segurança. Veja se a opção "Firewall" está como Ativado. Se sim, veja qual dos dois é o que está permanecendo. Depois me diga.
Clique para expandir...
Está ativado, e o que aparece lá como ativado é somente o firewall do Windows mesmo.
 
Nossa, dessa de pedir resgate eu não sabia. Os caras pensam em tudo mesmo. O que o povo não faz por dinheiro.

Por isso que as notícias que abro são apenas de sites conhecidos, nunca abro sites que aparecem no google que eu não conheço. A coisa esta ficando feia, ainda mais para quem não manja ( a grande maioria ) e para quem não presta atenção.

Belo post Mr.Wolf.
 
Oi Mr.Wolf tudo bem?? Espero que esteja mto bem. Lembra de mim ainda?? hauahauahaua Vc me ajudou uma vez aqui no fórum a combater uns virus malas pakas lembras?? hauaha

Mr.Wolf eu to precisando denovo de sua ajuda ou sua explicaçao para comigo. Ontem tava no meu orkut com meu notebook e uma miga minha me enviou um scrap dizendo pra mim cadastrar na comunidade q ela tinha criado, a comunidade chama Top vips. Ta, eu entrei mais logo depois meu internet explore fechou sozinho e agora não to conseguindo entrar no meu orkut de primeira assim sabe?? Tenho q fazer login umas 3 vezes seguidas para conseguir acessar. Ta, quando entrei no meu orkut denovo mandei um scrap pra minha miga dizendo q comunidade péssima q ela tinha criado hauahauahauah ABAFA :)

Quando ve minha miga me diz q nao criou nenhuma comunidade nem nada e ela disse q tinham enviado a msma comunidade pra ela fazer parte e quando ela entrou tbm deu o msm problema q no meu notebook.

O q sera q é isso Mr.Wolf?? Sera q é virus?? No notebook eu tenho o avast e ele nao alertou nada quando passei um e-scan com ele aqui :-(

To com medo agora dessa tal comunidade esquisita ter roubado minha senha e login do orkut?? É possivel isso??

O q posso fazer a respeito disso??

Se puder me dar um helpizinho denovo como vc deu da outra vez q ate hj meu pc ta lindissimo hauahauahauaha eu agradeceria mtooooooooo.

Desculpe encomodar vc Mr.Wolf com meus problemas mais é q to apavorada tbm, nao só eu mais minha miga q aceitou o convite da comunidade tbm está. Vc me ajudando ajudara ele tbm kkkkkkkkkk

Obrgadão desde ja lindo

Bjussssssss =*
 
Olá Wolf, faz um tempo que não posto pois estive viajando, mas eu fiz vários logs do USBfix, como vc falou, e estou postando les tudo aqui embaixo. Dê uma olhada, também tem o do hijackthis, após ter feito as opções do USBfix. Os logs estão em ordem cronológica.

1)
############################## [ UsbFix V3.017 # Cleaning ]

# User : Computador (Administradores) # CRIS
# Update on 06/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 18:51:05 | 9/5/2009

# Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1335 [VPS 090509-0] 4.8.1335 [ Enabled | Updated ]

# A:\ # Unidade de disquete de 3 1/2 polegadas
# C:\ # Disco fixo local # 117,19 Go (96,46 Go free) # NTFS
# D:\ # Disco fixo local # 31,85 Go (27,35 Go free) [BKP] # NTFS
# E:\ # Disco CD-ROM

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Fichiers # Dossiers infectieux ]


################## [ Registre # Clés Run infectieuses ]

# HKLM\software\microsoft\security center\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !

################## [ Registre # Mountpoints2 ]

Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{f5014e18-8c00-11dd-aef8-001fc6386a5d}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{feaef3bc-0c33-11de-b004-001fc6386a5d}\Shell\AutoRun\command

################## [ Listing des fichiers présent ]

[10/08/2008 12:18|--a------|0] - C:\AUTOEXEC.BAT
[10/08/2008 12:13|---hs----|211] - C:\boot.ini
[14/04/2008 09:00|-rahs----|4952] - C:\Bootfont.bin
[10/08/2008 12:18|--a------|0] - C:\CONFIG.SYS
[04/12/2008 16:03|--a------|1090] - C:\INSTALL.LOG
[10/08/2008 12:18|-rahs----|0] - C:\IO.SYS
[10/08/2008 12:18|-rahs----|0] - C:\MSDOS.SYS
[14/04/2008 09:00|-rahs----|47564] - C:\NTDETECT.COM
[14/04/2008 09:00|-rahs----|251696] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[10/08/2008 14:55|--ah-----|268] - C:\sqmdata00.sqm
[17/02/2009 21:47|--ah-----|268] - C:\sqmdata01.sqm
[02/04/2009 15:01|--ah-----|268] - C:\sqmdata02.sqm
[10/08/2008 14:55|--ah-----|244] - C:\sqmnoopt00.sqm
[17/02/2009 21:47|--ah-----|244] - C:\sqmnoopt01.sqm
[02/04/2009 15:01|--ah-----|244] - C:\sqmnoopt02.sqm
[10/01/2001 11:23|--a------|162304] - C:\UNWISE.EXE
[09/05/2009 18:51|--a------|3158] - C:\UsbFix.txt
[09/08/2008 20:43|--a------|3028840] - D:\drivermax.exe
[09/08/2008 14:21|--a------|634] - D:\Minhas Pastas de Compartilhamento.lnk
[21/05/2008 13:58|-r-h-----|1440488010] - D:\NAO_A001.GHS
[21/05/2008 13:58|-r-h-----|2147474672] - D:\NAO_APAGAR_GHOST.GHO
[02/08/2008 22:12|--a------|24576] - D:\NOMES ALUNOS.doc
[06/07/2008 13:11|--a------|828] - D:\PDVD_MediaDisc.PlayList
[12/04/2009 21:03|--a------|40448] - F:\ECA.doc
[15/09/2008 20:10|--a------|127429] - F:\mestrado[1].txt
[11/03/2009 08:21|--a------|255488] - F:\est1.doc
[23/03/2009 20:29|--a------|102911] - F:\jaqmt.pif
[02/04/2008 07:25|-r-hs----|103084] - F:\6l6w8.com
[09/03/2009 16:42|--a------|33280] - F:\Potencial%20de%20a%C3%A7%C3%A3o[1].doc
[11/03/2009 08:43|--a------|93184] - F:\Um gato.doc
[25/10/2008 17:02|-r-hs----|106524] - F:\xih9.cmd
[24/10/2008 15:07|--a------|12241] - F:\rel brinc 1
[09/03/2009 16:43|--a------|108544] - F:\Estimula%C3%A7%C3%A3o%20cerebral[1].doc
[09/03/2009 16:49|--a------|2587136] - F:\Relat%C3%B3rio%203[1].doc
[11/03/2009 08:30|--a------|98816] - F:\quadrinho.doc
[03/08/2004 19:20|-rahs----|420472] - F:\oedzux.exe
[11/03/2009 08:27|--a------|91648] - F:\ordem alfab‚tica.doc
[09/03/2009 19:23|---h-----|100352] - F:\~WRL0002.tmp
[16/03/2009 21:26|--a------|78336] - F:\estudo de matematica.doc
[17/03/2009 16:50|--a------|56320] - F:\estudo de geografia.doc
[03/08/2004 14:36|-rahs----|499488] - F:\ylfmqe.exe
[27/10/2008 16:06|--a------|25600] - F:\SLIDE ARQUITETURA.doc
[17/03/2009 20:25|-r-hs----|172543] - F:\kbro.pif
[13/02/2009 17:43|-r-hs----|107823] - F:\ur0.com
[18/03/2009 15:52|--a------|42496] - F:\atividades complementares.doc
[18/03/2009 15:53|--a------|31232] - F:\SER MULHER DIREITO.doc
[03/08/2004 03:07|-rahs----|636548] - F:\lzdovs.exe
[06/05/2009 16:49|--a------|65024] - F:\neoro.doc
[06/11/2008 07:56|---hs----|348160] - F:\msvcr71.dll
[18/03/2009 15:55|--a------|55296] - F:\atividades complementares2.doc
[19/03/2009 15:37|--a------|49152] - F:\pro dia nascer feliz.doc
[23/03/2009 15:44|--a------|274432] - F:\O_Manifesto_dos_Pioneiros.ppt
[10/11/2008 14:45|--a------|41984] - F:\resenha do livo jaq.doc
[22/03/2009 21:15|--a------|347136] - F:\estudo de historia 2009.doc
[05/04/2009 11:05|--a------|74752] - F:\conta1.doc
[23/03/2009 15:46|--a------|42496] - F:\O Manifesto dos Pioneiros da Escola Nova de 1932.doc
[23/03/2009 15:46|--a------|95232] - F:\O Manifesto dos Pioneiros da Educa‡Æo Nova.doc
[23/03/2009 20:29|--a------|392192] - F:\Apresenta‡Æo Pol¡tica.ppt
[31/03/2009 17:12|--a------|39424] - F:\neo.doc
[25/11/2008 15:35|--a------|26624] - F:\AUTO AVALIAۂO.doc
[25/03/2009 18:14|--a------|94208] - F:\estudo de ciencias.doc
[01/12/2008 17:07|--a------|43008] - F:\impressÆo1.doc
[28/04/2009 17:53|--a------|3773440] - F:\linguagem_2009.ppt
[02/12/2008 18:04|--a------|61952] - F:\antropologia[1].doc
[27/04/2009 18:12|--a------|594432] - F:\O c‚rebro humano.doc
[22/01/2009 12:25|--a------|69632] - F:\Pasta1.xls
[22/01/2009 12:25|--a------|37888] - F:\PLANEJAMENTO.xls
[31/03/2009 16:13|--a------|36864] - F:\Protesto de rua contra a Ditadura Militar no Brasil.doc
[27/04/2009 18:13|--a------|54272] - F:\INSTITUTO PRESBITERIANO MACKENZIE.doc
[28/04/2009 17:53|--a------|181248] - F:\Relatorio_6.doc
[28/04/2009 17:53|--a------|31232] - F:\linguagem_1.doc
[08/05/2009 15:48|--a------|54272] - F:\PNBE.doc
[28/04/2009 17:54|--a------|30208] - F:\Shrek 2.doc
[06/05/2009 15:44|--a------|32256] - F:\Endereo[1].doc
[08/05/2009 21:48|--a------|58368] - F:\TRABALHO DE HISTàRIA.doc
[05/03/2009 21:16|--a------|88064] - F:\Hist¢rico.doc

################## [ Vaccination ]

# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.
# F:\autorun.inf -> Folder created by UsbFix.

################## [ Cracks / Keygens / Serials ]

# -> Nothing found !

################## [ ! Fin du rapport # UsbFix V3.017 ! ]
2)
############################## [ UsbFix V3.017 # Cleaning ]

# User : Computador (Administradores) # CRIS
# Update on 06/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 18:55:37 | 9/5/2009

# Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1335 [VPS 090509-0] 4.8.1335 [ Enabled | Updated ]

# A:\ # Unidade de disquete de 3 1/2 polegadas
# C:\ # Disco fixo local # 117,19 Go (96,46 Go free) # NTFS
# D:\ # Disco fixo local # 31,85 Go (27,35 Go free) [BKP] # NTFS
# E:\ # Disco CD-ROM
# F:\ # Disco removível # 245,98 Mo (205,25 Mo free) # FAT

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Fichiers # Dossiers infectieux ]

Deleted ! F:\ur0.com
Deleted ! F:\xih9.cmd
Deleted ! F:\msvcr71.dll
Deleted ! F:\jaqmt.pif
Deleted ! F:\kbro.pif
Deleted ! F:\recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
Deleted ! F:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini

################## [ Registre # Clés Run infectieuses ]


################## [ Registre # Mountpoints2 ]

# -> Not Found !

################## [ Listing des fichiers présent ]

[10/08/2008 12:18|--a------|0] - C:\AUTOEXEC.BAT
[10/08/2008 12:13|---hs----|211] - C:\boot.ini
[14/04/2008 09:00|-rahs----|4952] - C:\Bootfont.bin
[10/08/2008 12:18|--a------|0] - C:\CONFIG.SYS
[04/12/2008 16:03|--a------|1090] - C:\INSTALL.LOG
[10/08/2008 12:18|-rahs----|0] - C:\IO.SYS
[10/08/2008 12:18|-rahs----|0] - C:\MSDOS.SYS
[14/04/2008 09:00|-rahs----|47564] - C:\NTDETECT.COM
[14/04/2008 09:00|-rahs----|251696] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[10/08/2008 14:55|--ah-----|268] - C:\sqmdata00.sqm
[17/02/2009 21:47|--ah-----|268] - C:\sqmdata01.sqm
[02/04/2009 15:01|--ah-----|268] - C:\sqmdata02.sqm
[10/08/2008 14:55|--ah-----|244] - C:\sqmnoopt00.sqm
[17/02/2009 21:47|--ah-----|244] - C:\sqmnoopt01.sqm
[02/04/2009 15:01|--ah-----|244] - C:\sqmnoopt02.sqm
[10/01/2001 11:23|--a------|162304] - C:\UNWISE.EXE
[09/05/2009 18:56|--a------|3172] - C:\UsbFix.txt
[09/05/2009 18:54|--a------|4410] - C:\UsbFix2.txt
[09/08/2008 20:43|--a------|3028840] - D:\drivermax.exe
[09/08/2008 14:21|--a------|634] - D:\Minhas Pastas de Compartilhamento.lnk
[21/05/2008 13:58|-r-h-----|1440488010] - D:\NAO_A001.GHS
[21/05/2008 13:58|-r-h-----|2147474672] - D:\NAO_APAGAR_GHOST.GHO
[02/08/2008 22:12|--a------|24576] - D:\NOMES ALUNOS.doc
[06/07/2008 13:11|--a------|828] - D:\PDVD_MediaDisc.PlayList
[12/04/2009 21:03|--a------|40448] - F:\ECA.doc
[15/09/2008 20:10|--a------|127429] - F:\mestrado[1].txt
[11/03/2009 08:21|--a------|255488] - F:\est1.doc
[02/04/2008 07:25|-r-hs----|103084] - F:\6l6w8.com
[09/03/2009 16:42|--a------|33280] - F:\Potencial%20de%20a%C3%A7%C3%A3o[1].doc
[11/03/2009 08:43|--a------|93184] - F:\Um gato.doc
[24/10/2008 15:07|--a------|12241] - F:\rel brinc 1
[09/03/2009 16:43|--a------|108544] - F:\Estimula%C3%A7%C3%A3o%20cerebral[1].doc
[09/03/2009 16:49|--a------|2587136] - F:\Relat%C3%B3rio%203[1].doc
[11/03/2009 08:30|--a------|98816] - F:\quadrinho.doc
[03/08/2004 19:20|-rahs----|420472] - F:\oedzux.exe
[11/03/2009 08:27|--a------|91648] - F:\ordem alfab‚tica.doc
[09/03/2009 19:23|---h-----|100352] - F:\~WRL0002.tmp
[16/03/2009 21:26|--a------|78336] - F:\estudo de matematica.doc
[17/03/2009 16:50|--a------|56320] - F:\estudo de geografia.doc
[03/08/2004 14:36|-rahs----|499488] - F:\ylfmqe.exe
[27/10/2008 16:06|--a------|25600] - F:\SLIDE ARQUITETURA.doc
[18/03/2009 15:52|--a------|42496] - F:\atividades complementares.doc
[18/03/2009 15:53|--a------|31232] - F:\SER MULHER DIREITO.doc
[03/08/2004 03:07|-rahs----|636548] - F:\lzdovs.exe
[06/05/2009 16:49|--a------|65024] - F:\neoro.doc
[18/03/2009 15:55|--a------|55296] - F:\atividades complementares2.doc
[19/03/2009 15:37|--a------|49152] - F:\pro dia nascer feliz.doc
[23/03/2009 15:44|--a------|274432] - F:\O_Manifesto_dos_Pioneiros.ppt
[10/11/2008 14:45|--a------|41984] - F:\resenha do livo jaq.doc
[22/03/2009 21:15|--a------|347136] - F:\estudo de historia 2009.doc
[05/04/2009 11:05|--a------|74752] - F:\conta1.doc
[23/03/2009 15:46|--a------|42496] - F:\O Manifesto dos Pioneiros da Escola Nova de 1932.doc
[23/03/2009 15:46|--a------|95232] - F:\O Manifesto dos Pioneiros da Educa‡Æo Nova.doc
[23/03/2009 20:29|--a------|392192] - F:\Apresenta‡Æo Pol¡tica.ppt
[31/03/2009 17:12|--a------|39424] - F:\neo.doc
[25/11/2008 15:35|--a------|26624] - F:\AUTO AVALIAۂO.doc
[25/03/2009 18:14|--a------|94208] - F:\estudo de ciencias.doc
[01/12/2008 17:07|--a------|43008] - F:\impressÆo1.doc
[28/04/2009 17:53|--a------|3773440] - F:\linguagem_2009.ppt
[02/12/2008 18:04|--a------|61952] - F:\antropologia[1].doc
[27/04/2009 18:12|--a------|594432] - F:\O c‚rebro humano.doc
[22/01/2009 12:25|--a------|69632] - F:\Pasta1.xls
[22/01/2009 12:25|--a------|37888] - F:\PLANEJAMENTO.xls
[31/03/2009 16:13|--a------|36864] - F:\Protesto de rua contra a Ditadura Militar no Brasil.doc
[27/04/2009 18:13|--a------|54272] - F:\INSTITUTO PRESBITERIANO MACKENZIE.doc
[28/04/2009 17:53|--a------|181248] - F:\Relatorio_6.doc
[28/04/2009 17:53|--a------|31232] - F:\linguagem_1.doc
[08/05/2009 15:48|--a------|54272] - F:\PNBE.doc
[28/04/2009 17:54|--a------|30208] - F:\Shrek 2.doc
[06/05/2009 15:44|--a------|32256] - F:\Endereo[1].doc
[08/05/2009 21:48|--a------|58368] - F:\TRABALHO DE HISTàRIA.doc
[05/03/2009 21:16|--a------|88064] - F:\Hist¢rico.doc

################## [ Vaccination ]

# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.
# F:\autorun.inf -> Folder created by UsbFix.

################## [ Cracks / Keygens / Serials ]

# -> Nothing found !

################## [ ! Fin du rapport # UsbFix V3.017 ! ]

3)
############################## [ UsbFix V3.017 # Vaccination ]

# User : Computador (Administradores) # CRIS
# Update on 06/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 18:57:50 | 9/5/2009

# Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1335 [VPS 090509-0] 4.8.1335 [ Enabled | Updated ]

# A:\ # Unidade de disquete de 3 1/2 polegadas
# C:\ # Disco fixo local # 117,19 Go (96,46 Go free) # NTFS
# D:\ # Disco fixo local # 31,85 Go (27,35 Go free) [BKP] # NTFS
# E:\ # Disco CD-ROM
# F:\ # Disco removível # 245,98 Mo (206,23 Mo free) # FAT

################## [ Vaccination ]

# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.
# F:\autorun.inf -> Folder created by UsbFix.

################## [ ! Fin du rapport # UsbFix V3.017 ! ]
4)
############################## [ UsbFix V3.017 # Listing ]

# User : Computador (Administradores) # CRIS
# Update on 06/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 18:58:16 | 9/5/2009

# Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1335 [VPS 090509-0] 4.8.1335 [ Enabled | Updated ]

# A:\ # Unidade de disquete de 3 1/2 polegadas
# C:\ # Disco fixo local # 117,19 Go (96,46 Go free) # NTFS
# D:\ # Disco fixo local # 31,85 Go (27,35 Go free) [BKP] # NTFS
# E:\ # Disco CD-ROM
# F:\ # Disco removível # 245,98 Mo (206,23 Mo free) # FAT

###################### [ Listing des fichiers présents C:\ ]

[10/08/2008 12:18|--a------|0] - C:\AUTOEXEC.BAT
[10/08/2008 12:13|---hs----|211] - C:\boot.ini
[14/04/2008 09:00|-rahs----|4952] - C:\Bootfont.bin
[10/08/2008 12:18|--a------|0] - C:\CONFIG.SYS
[04/12/2008 16:03|--a------|1090] - C:\INSTALL.LOG
[10/08/2008 12:18|-rahs----|0] - C:\IO.SYS
[10/08/2008 12:18|-rahs----|0] - C:\MSDOS.SYS
[14/04/2008 09:00|-rahs----|47564] - C:\NTDETECT.COM
[14/04/2008 09:00|-rahs----|251696] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[10/08/2008 14:55|--ah-----|268] - C:\sqmdata00.sqm
[17/02/2009 21:47|--ah-----|268] - C:\sqmdata01.sqm
[02/04/2009 15:01|--ah-----|268] - C:\sqmdata02.sqm
[10/08/2008 14:55|--ah-----|244] - C:\sqmnoopt00.sqm
[17/02/2009 21:47|--ah-----|244] - C:\sqmnoopt01.sqm
[02/04/2009 15:01|--ah-----|244] - C:\sqmnoopt02.sqm
[10/01/2001 11:23|--a------|162304] - C:\UNWISE.EXE
[09/05/2009 18:58|--a------|1701] - C:\UsbFix.txt
[09/05/2009 18:57|--a------|6990] - C:\UsbFix3.txt
[09/05/2009 18:58|--a------|1048] - C:\UsbFix4.txt

###################### [ Listing des dossiers présents C:\ ]

[10/08/2008 14:52|d--------|0] - C:\415a98fcca072118a32d
[22/03/2009 10:37|dr-------|0] - C:\Arquivos de programas
[09/05/2009 18:51|drahs----|0] - C:\autorun.inf
[10/08/2008 12:22|d--------|0] - C:\Documents and Settings
[16/08/2008 22:22|dr-h-----|0] - C:\MSOCache
[23/01/2009 14:48|d--------|0] - C:\MyWorks
[10/08/2008 13:47|d--------|0] - C:\NVIDIA
[05/04/2009 11:14|d--------|0] - C:\Program Files
[04/04/2009 08:27|dr-hs----|0] - C:\RECYCLER
[10/08/2008 12:20|d--hs----|0] - C:\System Volume Information
[09/05/2009 18:58|d--------|0] - C:\UsbFix
[03/05/2009 09:27|d--------|0] - C:\WINDOWS

###################### [ Listing des fichiers présents D:\ ]

[09/08/2008 20:43|--a------|3028840] - D:\drivermax.exe
[09/08/2008 14:21|--a------|634] - D:\Minhas Pastas de Compartilhamento.lnk
[21/05/2008 13:58|-r-h-----|1440488010] - D:\NAO_A001.GHS
[21/05/2008 13:58|-r-h-----|2147474672] - D:\NAO_APAGAR_GHOST.GHO
[02/08/2008 22:12|--a------|24576] - D:\NOMES ALUNOS.doc
[06/07/2008 13:11|--a------|828] - D:\PDVD_MediaDisc.PlayList

###################### [ Listing des dossiers présents D:\ ]

[09/08/2008 20:44|d--------|0] - D:\Arquivos de Instala‡Æo
[09/05/2009 18:51|drahs----|0] - D:\autorun.inf
[03/08/2008 15:06|d--------|0] - D:\Calango
[09/08/2008 20:39|d--------|0] - D:\Cris
[09/08/2008 20:41|d--------|0] - D:\CyberLink
[09/08/2008 20:51|d--------|0] - D:\Drivers
[09/08/2008 20:41|d--------|0] - D:\Meus arquivos recebidos
[09/08/2008 20:41|d--------|0] - D:\Minhas m£sicas
[05/11/2008 21:11|d--------|0] - D:\Priscila
[10/08/2008 13:19|d--hs----|0] - D:\RECYCLER
[10/08/2008 12:22|d--hs----|0] - D:\System Volume Information

###################### [ Listing des fichiers présents F:\ ]

[12/04/2009 21:03|--a------|40448] - F:\ECA.doc
[15/09/2008 20:10|--a------|127429] - F:\mestrado[1].txt
[11/03/2009 08:21|--a------|255488] - F:\est1.doc
[02/04/2008 07:25|-r-hs----|103084] - F:\6l6w8.com
[09/03/2009 16:42|--a------|33280] - F:\Potencial%20de%20a%C3%A7%C3%A3o[1].doc
[11/03/2009 08:43|--a------|93184] - F:\Um gato.doc
[24/10/2008 15:07|--a------|12241] - F:\rel brinc 1
[09/03/2009 16:43|--a------|108544] - F:\Estimula%C3%A7%C3%A3o%20cerebral[1].doc
[09/03/2009 16:49|--a------|2587136] - F:\Relat%C3%B3rio%203[1].doc
[11/03/2009 08:30|--a------|98816] - F:\quadrinho.doc
[03/08/2004 19:20|-rahs----|420472] - F:\oedzux.exe
[11/03/2009 08:27|--a------|91648] - F:\ordem alfab‚tica.doc
[09/03/2009 19:23|---h-----|100352] - F:\~WRL0002.tmp
[16/03/2009 21:26|--a------|78336] - F:\estudo de matematica.doc
[17/03/2009 16:50|--a------|56320] - F:\estudo de geografia.doc
[03/08/2004 14:36|-rahs----|499488] - F:\ylfmqe.exe
[27/10/2008 16:06|--a------|25600] - F:\SLIDE ARQUITETURA.doc
[18/03/2009 15:52|--a------|42496] - F:\atividades complementares.doc
[18/03/2009 15:53|--a------|31232] - F:\SER MULHER DIREITO.doc
[03/08/2004 03:07|-rahs----|636548] - F:\lzdovs.exe
[06/05/2009 16:49|--a------|65024] - F:\neoro.doc
[18/03/2009 15:55|--a------|55296] - F:\atividades complementares2.doc
[19/03/2009 15:37|--a------|49152] - F:\pro dia nascer feliz.doc
[23/03/2009 15:44|--a------|274432] - F:\O_Manifesto_dos_Pioneiros.ppt
[10/11/2008 14:45|--a------|41984] - F:\resenha do livo jaq.doc
[22/03/2009 21:15|--a------|347136] - F:\estudo de historia 2009.doc
[05/04/2009 11:05|--a------|74752] - F:\conta1.doc
[23/03/2009 15:46|--a------|42496] - F:\O Manifesto dos Pioneiros da Escola Nova de 1932.doc
[23/03/2009 15:46|--a------|95232] - F:\O Manifesto dos Pioneiros da Educa‡Æo Nova.doc
[23/03/2009 20:29|--a------|392192] - F:\Apresenta‡Æo Pol¡tica.ppt
[31/03/2009 17:12|--a------|39424] - F:\neo.doc
[25/11/2008 15:35|--a------|26624] - F:\AUTO AVALIAۂO.doc
[25/03/2009 18:14|--a------|94208] - F:\estudo de ciencias.doc
[01/12/2008 17:07|--a------|43008] - F:\impressÆo1.doc
[28/04/2009 17:53|--a------|3773440] - F:\linguagem_2009.ppt
[02/12/2008 18:04|--a------|61952] - F:\antropologia[1].doc
[27/04/2009 18:12|--a------|594432] - F:\O c‚rebro humano.doc
[22/01/2009 12:25|--a------|69632] - F:\Pasta1.xls
[22/01/2009 12:25|--a------|37888] - F:\PLANEJAMENTO.xls
[31/03/2009 16:13|--a------|36864] - F:\Protesto de rua contra a Ditadura Militar no Brasil.doc
[27/04/2009 18:13|--a------|54272] - F:\INSTITUTO PRESBITERIANO MACKENZIE.doc
[28/04/2009 17:53|--a------|181248] - F:\Relatorio_6.doc
[28/04/2009 17:53|--a------|31232] - F:\linguagem_1.doc
[08/05/2009 15:48|--a------|54272] - F:\PNBE.doc
[28/04/2009 17:54|--a------|30208] - F:\Shrek 2.doc
[06/05/2009 15:44|--a------|32256] - F:\Endereo[1].doc
[08/05/2009 21:48|--a------|58368] - F:\TRABALHO DE HISTàRIA.doc
[05/03/2009 21:16|--a------|88064] - F:\Hist¢rico.doc

###################### [ Listing des dossiers présents F:\ ]

[04/05/2009 10:40|d--------|0] - F:\CUBISMO
[11/09/2008 17:13|d--------|0] - F:\2 semestre
[17/03/2009 20:25|dr-hs----|0] - F:\RESTORE
[06/05/2009 18:16|dr-hs----|0] - F:\RECYCLER32
[06/05/2009 18:16|dr-hs----|0] - F:\Driver
[09/05/2009 18:51|d--------|0] - F:\autorun.inf
[24/03/2008 17:08|dr-hs----|0] - F:\RECYCLER

################## [ ! Fin du rapport # UsbFix V3.017 ! ]
5)
############################## [ UsbFix V3.017 # Listing ]

# User : Computador (Administradores) # CRIS
# Update on 06/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 18:58:16 | 9/5/2009

# Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1335 [VPS 090509-0] 4.8.1335 [ Enabled | Updated ]

# A:\ # Unidade de disquete de 3 1/2 polegadas
# C:\ # Disco fixo local # 117,19 Go (96,46 Go free) # NTFS
# D:\ # Disco fixo local # 31,85 Go (27,35 Go free) [BKP] # NTFS
# E:\ # Disco CD-ROM
# F:\ # Disco removível # 245,98 Mo (206,23 Mo free) # FAT

###################### [ Listing des fichiers présents C:\ ]

[10/08/2008 12:18|--a------|0] - C:\AUTOEXEC.BAT
[10/08/2008 12:13|---hs----|211] - C:\boot.ini
[14/04/2008 09:00|-rahs----|4952] - C:\Bootfont.bin
[10/08/2008 12:18|--a------|0] - C:\CONFIG.SYS
[04/12/2008 16:03|--a------|1090] - C:\INSTALL.LOG
[10/08/2008 12:18|-rahs----|0] - C:\IO.SYS
[10/08/2008 12:18|-rahs----|0] - C:\MSDOS.SYS
[14/04/2008 09:00|-rahs----|47564] - C:\NTDETECT.COM
[14/04/2008 09:00|-rahs----|251696] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[10/08/2008 14:55|--ah-----|268] - C:\sqmdata00.sqm
[17/02/2009 21:47|--ah-----|268] - C:\sqmdata01.sqm
[02/04/2009 15:01|--ah-----|268] - C:\sqmdata02.sqm
[10/08/2008 14:55|--ah-----|244] - C:\sqmnoopt00.sqm
[17/02/2009 21:47|--ah-----|244] - C:\sqmnoopt01.sqm
[02/04/2009 15:01|--ah-----|244] - C:\sqmnoopt02.sqm
[10/01/2001 11:23|--a------|162304] - C:\UNWISE.EXE
[09/05/2009 18:58|--a------|1701] - C:\UsbFix.txt
[09/05/2009 18:57|--a------|6990] - C:\UsbFix3.txt
[09/05/2009 18:58|--a------|1048] - C:\UsbFix4.txt

###################### [ Listing des dossiers présents C:\ ]

[10/08/2008 14:52|d--------|0] - C:\415a98fcca072118a32d
[22/03/2009 10:37|dr-------|0] - C:\Arquivos de programas
[09/05/2009 18:51|drahs----|0] - C:\autorun.inf
[10/08/2008 12:22|d--------|0] - C:\Documents and Settings
[16/08/2008 22:22|dr-h-----|0] - C:\MSOCache
[23/01/2009 14:48|d--------|0] - C:\MyWorks
[10/08/2008 13:47|d--------|0] - C:\NVIDIA
[05/04/2009 11:14|d--------|0] - C:\Program Files
[04/04/2009 08:27|dr-hs----|0] - C:\RECYCLER
[10/08/2008 12:20|d--hs----|0] - C:\System Volume Information
[09/05/2009 18:58|d--------|0] - C:\UsbFix
[03/05/2009 09:27|d--------|0] - C:\WINDOWS

###################### [ Listing des fichiers présents D:\ ]

[09/08/2008 20:43|--a------|3028840] - D:\drivermax.exe
[09/08/2008 14:21|--a------|634] - D:\Minhas Pastas de Compartilhamento.lnk
[21/05/2008 13:58|-r-h-----|1440488010] - D:\NAO_A001.GHS
[21/05/2008 13:58|-r-h-----|2147474672] - D:\NAO_APAGAR_GHOST.GHO
[02/08/2008 22:12|--a------|24576] - D:\NOMES ALUNOS.doc
[06/07/2008 13:11|--a------|828] - D:\PDVD_MediaDisc.PlayList

###################### [ Listing des dossiers présents D:\ ]

[09/08/2008 20:44|d--------|0] - D:\Arquivos de Instala‡Æo
[09/05/2009 18:51|drahs----|0] - D:\autorun.inf
[03/08/2008 15:06|d--------|0] - D:\Calango
[09/08/2008 20:39|d--------|0] - D:\Cris
[09/08/2008 20:41|d--------|0] - D:\CyberLink
[09/08/2008 20:51|d--------|0] - D:\Drivers
[09/08/2008 20:41|d--------|0] - D:\Meus arquivos recebidos
[09/08/2008 20:41|d--------|0] - D:\Minhas m£sicas
[05/11/2008 21:11|d--------|0] - D:\Priscila
[10/08/2008 13:19|d--hs----|0] - D:\RECYCLER
[10/08/2008 12:22|d--hs----|0] - D:\System Volume Information

###################### [ Listing des fichiers présents F:\ ]

[12/04/2009 21:03|--a------|40448] - F:\ECA.doc
[15/09/2008 20:10|--a------|127429] - F:\mestrado[1].txt
[11/03/2009 08:21|--a------|255488] - F:\est1.doc
[02/04/2008 07:25|-r-hs----|103084] - F:\6l6w8.com
[09/03/2009 16:42|--a------|33280] - F:\Potencial%20de%20a%C3%A7%C3%A3o[1].doc
[11/03/2009 08:43|--a------|93184] - F:\Um gato.doc
[24/10/2008 15:07|--a------|12241] - F:\rel brinc 1
[09/03/2009 16:43|--a------|108544] - F:\Estimula%C3%A7%C3%A3o%20cerebral[1].doc
[09/03/2009 16:49|--a------|2587136] - F:\Relat%C3%B3rio%203[1].doc
[11/03/2009 08:30|--a------|98816] - F:\quadrinho.doc
[03/08/2004 19:20|-rahs----|420472] - F:\oedzux.exe
[11/03/2009 08:27|--a------|91648] - F:\ordem alfab‚tica.doc
[09/03/2009 19:23|---h-----|100352] - F:\~WRL0002.tmp
[16/03/2009 21:26|--a------|78336] - F:\estudo de matematica.doc
[17/03/2009 16:50|--a------|56320] - F:\estudo de geografia.doc
[03/08/2004 14:36|-rahs----|499488] - F:\ylfmqe.exe
[27/10/2008 16:06|--a------|25600] - F:\SLIDE ARQUITETURA.doc
[18/03/2009 15:52|--a------|42496] - F:\atividades complementares.doc
[18/03/2009 15:53|--a------|31232] - F:\SER MULHER DIREITO.doc
[03/08/2004 03:07|-rahs----|636548] - F:\lzdovs.exe
[06/05/2009 16:49|--a------|65024] - F:\neoro.doc
[18/03/2009 15:55|--a------|55296] - F:\atividades complementares2.doc
[19/03/2009 15:37|--a------|49152] - F:\pro dia nascer feliz.doc
[23/03/2009 15:44|--a------|274432] - F:\O_Manifesto_dos_Pioneiros.ppt
[10/11/2008 14:45|--a------|41984] - F:\resenha do livo jaq.doc
[22/03/2009 21:15|--a------|347136] - F:\estudo de historia 2009.doc
[05/04/2009 11:05|--a------|74752] - F:\conta1.doc
[23/03/2009 15:46|--a------|42496] - F:\O Manifesto dos Pioneiros da Escola Nova de 1932.doc
[23/03/2009 15:46|--a------|95232] - F:\O Manifesto dos Pioneiros da Educa‡Æo Nova.doc
[23/03/2009 20:29|--a------|392192] - F:\Apresenta‡Æo Pol¡tica.ppt
[31/03/2009 17:12|--a------|39424] - F:\neo.doc
[25/11/2008 15:35|--a------|26624] - F:\AUTO AVALIAۂO.doc
[25/03/2009 18:14|--a------|94208] - F:\estudo de ciencias.doc
[01/12/2008 17:07|--a------|43008] - F:\impressÆo1.doc
[28/04/2009 17:53|--a------|3773440] - F:\linguagem_2009.ppt
[02/12/2008 18:04|--a------|61952] - F:\antropologia[1].doc
[27/04/2009 18:12|--a------|594432] - F:\O c‚rebro humano.doc
[22/01/2009 12:25|--a------|69632] - F:\Pasta1.xls
[22/01/2009 12:25|--a------|37888] - F:\PLANEJAMENTO.xls
[31/03/2009 16:13|--a------|36864] - F:\Protesto de rua contra a Ditadura Militar no Brasil.doc
[27/04/2009 18:13|--a------|54272] - F:\INSTITUTO PRESBITERIANO MACKENZIE.doc
[28/04/2009 17:53|--a------|181248] - F:\Relatorio_6.doc
[28/04/2009 17:53|--a------|31232] - F:\linguagem_1.doc
[08/05/2009 15:48|--a------|54272] - F:\PNBE.doc
[28/04/2009 17:54|--a------|30208] - F:\Shrek 2.doc
[06/05/2009 15:44|--a------|32256] - F:\Endereo[1].doc
[08/05/2009 21:48|--a------|58368] - F:\TRABALHO DE HISTàRIA.doc
[05/03/2009 21:16|--a------|88064] - F:\Hist¢rico.doc

###################### [ Listing des dossiers présents F:\ ]

[04/05/2009 10:40|d--------|0] - F:\CUBISMO
[11/09/2008 17:13|d--------|0] - F:\2 semestre
[17/03/2009 20:25|dr-hs----|0] - F:\RESTORE
[06/05/2009 18:16|dr-hs----|0] - F:\RECYCLER32
[06/05/2009 18:16|dr-hs----|0] - F:\Driver
[09/05/2009 18:51|d--------|0] - F:\autorun.inf
[24/03/2008 17:08|dr-hs----|0] - F:\RECYCLER

################## [ ! Fin du rapport # UsbFix V3.017 ! ]

6) log do hijackthis apóis tudo isso:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:07:08, on 9/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Computador\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1218388438546
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E8F3BBE-94E6-4751-AD83-2BEC4051BD53}: NameServer = 200.204.0.10 200.204.0.138
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

--
End of file - 7736 bytes
Desculpe mas nãi tinha entendido direito quando vc falou pra teclar a opção [/b[b2] ou algo assim...fiz todas as opções quase do proraminha e depoi o hijackthis. Espero que tenha funcionado. E agora o que devo fazer??
abraço e muuuuito obrigado!
 
Gostaria de saber se ainda tá oinfectado e qual é o vírus se tiver...valew!
 
e aí galera, to precisando muito de ajuda!
meu pc tá cheio de trojans, tanto que se eu o ligo em modo normal, logo logo ele trava... e quando eu inicio no modo de segurança com acesso a rede, quando baixo programas eles são salvos com a terminação .part e não consigo executá-los.

se alguém puder me ajudar, agradeço muito!
 
Olá Mr. Wolf!

Bom, falei contigo há um bom tempo (29/04 de tarde) sobre meu PC. Minha situação é que meu laptop tá bem mais lento que o normal e o log do hijack tava limpo. Então tu me sugeriste usar o RSIT. Segue ai meu log e info do RSIT como tu me sugeriste. Fiz de 2 meses porque me queijo de lentidão há mais de um mês.

LOG:

Logfile of random's system information tool 1.06 (written by random/random)
Run by LHZucco at 2009-05-10 03:33:38
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 140 GB (62%) free of 227 GB
Total RAM: 3837 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:33:42, on 10/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10b.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Ares\Ares.exe
C:\Program Files (x86)\Google\Google Earth\googleearth.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\LHZucco\Desktop\RSIT.exe
C:\Program Files (x86)\Trend Micro\HijackThis\LHZucco.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_br&c=83&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_br&c=83&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_br&c=83&bd=Pavilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_a02f3f3d\AESTSr64.exe (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate1c98a91419ca349) (gupdate1c98a91419ca349) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_a02f3f3d\STacSV64.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14354 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachine.job
C:\Windows\tasks\HPCeeScheduleForLHZucco.job
C:\Windows\tasks\Norton Internet Security - Run Full System Scan - LHZucco.job
C:\Windows\tasks\User_Feed_Synchronization-{81AC7372-6BAE-451B-BD88-8AF78044A68A}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll [2009-03-31 357744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-05-21 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Auxiliar de Conexão do Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [2009-04-30 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-18 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]
GbIehObj Class - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2009-03-10 421168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-30 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-04-08 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-14 501056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [2009-03-31 357744]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [2009-04-30 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"UCam_Menu"=C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-12-24 222504]
"QPService"=C:\Program Files (x86)\HP\QuickPlay\QPService.exe [2008-05-15 468264]
"ccApp"=c:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]
"QlbCtrl.exe"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-03-14 202032]
"hpqSRMon"=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2008-06-02 80896]
"HP Health Check Scheduler"=c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-15 70912]
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"hpWirelessAssistant"=C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-11-20 488752]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-04-08 148888]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2009-01-05 413696]
"AppleSyncNotifier"=C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-02-06 177472]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2009-04-02 342312]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-20 1555968]
"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-08 39408]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 138240]
"WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe []

C:\Users\LHZucco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2009-03-10 421168]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20dad79b-53c2-11dd-8b03-001e688d1dbe}]
shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61975c62-f48a-11dd-8169-001e688d1dbe}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e26d1f40-f606-11dd-a258-001e688d1dbe}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn


======List of files/folders created in the last 2 months======

2009-05-10 03:33:38 ----D---- C:\rsit
2009-04-29 02:25:11 ----D---- C:\Program Files (x86)\LuckyTender
2009-04-16 17:39:26 ----A---- C:\Windows\system32\mshtml.dll
2009-04-16 17:39:25 ----A---- C:\Windows\system32\ieframe.dll
2009-04-16 17:39:24 ----A---- C:\Windows\system32\wininet.dll
2009-04-16 17:39:24 ----A---- C:\Windows\system32\urlmon.dll
2009-04-16 17:39:23 ----A---- C:\Windows\system32\iertutil.dll
2009-04-16 17:39:23 ----A---- C:\Windows\system32\iedkcs32.dll
2009-04-16 17:39:22 ----A---- C:\Windows\system32\occache.dll
2009-04-16 17:39:22 ----A---- C:\Windows\system32\msfeeds.dll
2009-04-16 17:39:22 ----A---- C:\Windows\system32\ieUnatt.exe
2009-04-16 17:39:22 ----A---- C:\Windows\system32\ieaksie.dll
2009-04-16 17:39:21 ----A---- C:\Windows\system32\mstime.dll
2009-04-16 17:39:21 ----A---- C:\Windows\system32\jsproxy.dll
2009-04-16 17:39:21 ----A---- C:\Windows\system32\ieencode.dll
2009-04-16 17:13:16 ----A---- C:\Windows\system32\winhttp.dll
2009-04-16 17:13:09 ----A---- C:\Windows\system32\secur32.dll
2009-04-16 17:13:09 ----A---- C:\Windows\system32\kernel32.dll
2009-04-16 17:13:09 ----A---- C:\Windows\system32\apilogen.dll
2009-04-16 17:13:09 ----A---- C:\Windows\system32\amxread.dll
2009-04-16 16:56:30 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-16 16:56:30 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-16 16:56:30 ----A---- C:\Windows\system32\iashost.exe
2009-04-16 16:56:30 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-16 16:56:30 ----A---- C:\Windows\system32\iasads.dll
2009-04-16 16:49:12 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-16 16:49:12 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-09 01:35:15 ----D---- C:\ProgramData\GbPlugin
2009-04-09 01:35:15 ----D---- C:\Program Files (x86)\GbPlugin
2009-04-08 18:33:03 ----A---- C:\Windows\system32\javaws.exe
2009-04-08 18:33:03 ----A---- C:\Windows\system32\javaw.exe
2009-04-08 18:33:03 ----A---- C:\Windows\system32\java.exe
2009-04-08 18:33:03 ----A---- C:\Windows\system32\deploytk.dll
2009-04-07 23:49:38 ----A---- C:\Windows\system32\GEARAspi.dll
2009-04-07 23:49:04 ----D---- C:\Program Files (x86)\iPod
2009-04-07 23:49:02 ----D---- C:\ProgramData\{35733029-9859-49C7-8475-1E78E2AAE413}
2009-04-07 23:49:02 ----D---- C:\Program Files (x86)\iTunes
2009-03-31 04:07:30 ----D---- C:\Program Files (x86)\Nero
2009-03-31 04:05:31 ----A---- C:\Windows\system32\d3dx9_30.dll
2009-03-31 03:34:46 ----D---- C:\Program Files (x86)\Trend Micro
2009-03-29 20:18:15 ----D---- C:\Users\LHZucco\AppData\Roaming\CyberLink
2009-03-13 01:20:38 ----D---- C:\ProgramData\{CD649BED-8A0E-48BE-B3B6-0F5055BED534}
2009-03-11 12:04:35 ----A---- C:\Windows\system32\schannel.dll

======List of files/folders modified in the last 2 months======

2009-05-10 03:33:42 ----D---- C:\Windows\Temp
2009-05-10 03:33:42 ----D---- C:\Windows\Prefetch
2009-05-09 23:11:46 ----D---- C:\Windows\System32
2009-05-09 23:11:46 ----D---- C:\Windows\inf
2009-05-09 22:10:41 ----SHD---- C:\System Volume Information
2009-05-06 15:44:01 ----SHD---- C:\Windows\Installer
2009-05-06 01:39:45 ----D---- C:\Windows\Tasks
2009-05-05 02:23:38 ----SD---- C:\Users\LHZucco\AppData\Roaming\Microsoft
2009-05-01 03:01:04 ----D---- C:\ProgramData\Microsoft Help
2009-04-29 02:59:01 ----RD---- C:\Program Files (x86)
2009-04-17 12:35:16 ----D---- C:\Windows\winsxs
2009-04-17 12:23:12 ----D---- C:\Windows\SysWOW64
2009-04-17 12:23:11 ----D---- C:\Windows\system32\manifeststore
2009-04-17 12:23:11 ----D---- C:\Windows\AppPatch
2009-04-17 12:23:09 ----D---- C:\Program Files (x86)\Internet Explorer
2009-04-17 12:23:08 ----D---- C:\Program Files (x86)\Windows Mail
2009-04-17 12:23:07 ----D---- C:\Windows\system32\wbem
2009-04-13 22:02:55 ----D---- C:\Program Files (x86)\Norton Internet Security
2009-04-09 01:37:14 ----D---- C:\Windows\system32\drivers
2009-04-09 01:35:15 ----HD---- C:\ProgramData
2009-04-08 18:32:16 ----D---- C:\Program Files (x86)\Java
2009-04-07 23:49:03 ----D---- C:\Program Files (x86)\Common Files\Apple
2009-04-07 23:49:02 ----RD---- C:\Program Files
2009-03-31 13:51:58 ----D---- C:\ProgramData\Nero
2009-03-29 20:18:18 ----D---- C:\ProgramData\CyberLink
2009-03-13 20:52:33 ----D---- C:\Windows

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2008-01-22 486960]
R1 IDSvia64;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~3\Symantec\DEFINI~1\SymcData\ipsdefs\20080716.002\IDSvia64.sys [2008-03-20 359472]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS []
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys []
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS []
R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys []
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys []
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys []
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys []
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-01-22 134704]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys []
R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 NAVENG;NAVENG; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20080716.041\ENG64.SYS [2008-06-18 138800]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20080716.041\EX64.SYS [2008-06-18 1430576]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR64.SYS []
R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS []
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt64.sys []
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS []
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS []
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS []
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS []
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys []
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys []
S3 COH_Mon;COH_Mon; \??\C:\Windows\system32\Drivers\COH_Mon.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV6.SYS []
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL6.SYS []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 nmwcdx64;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmbx64.sys []
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x64.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys []
S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys []
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_a02f3f3d\AESTSr64.exe []
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agr64svc.exe []
R2 Apple Mobile Device;Dispositivo Celular da Apple; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe []
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-09 238968]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ccEvtMgr;Symantec Event Manager; c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 GbpSv;Gbp Service; C:\PROGRA~2\GbPlugin\GbpSv.exe [2009-03-10 52560]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-04-15 94208]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe []
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 LiveUpdate Notice;LiveUpdate Notice; c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-12-05 935208]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2008-05-15 292248]
R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe [2008-05-15 116112]
R2 Recovery Service for Windows;Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [2008-03-26 341328]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_a02f3f3d\STacSV64.exe []
R3 Com4QLBEx;Com4QLBEx; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 hpqwmiex;hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2008-01-25 148832]
R3 iPod Service;iPod Service; C:\Program Files (x86)\iPod\bin\iPodService.exe [2009-04-02 656168]
R3 Symantec Core LC;Symantec Core LC; C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-05-21 1245064]
S2 gupdate1c98a91419ca349;Google Update Service (gupdate1c98a91419ca349); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-02-09 133104]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-01-20 93696]
S3 comHost;COM Host; c:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-22 267096]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe [2007-12-04 181784]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-06 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LiveUpdate;LiveUpdate; c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-09-05 3220856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]

-----------------EOF-----------------

INFO:

info.txt logfile of random's system information tool 1.06 2009-05-10 03:33:45

======Uninstall list======

-->"C:\Program Files (x86)\HP Games\7 Wonders II\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Amazing Adventures The Lost Tomb\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Belle's Beauty Boutique\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Boggle\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Build-a-lot\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Diner Dash Hometown Hero\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Jewel Quest Solitaire 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Luxor 3\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Mystery P.I. - The Lottery Ticket\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Paradise Pet Salon\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Pirateville\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Plant Tycoon\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Poker Superstars 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Supercow\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Wedding Dash\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Wheel of Fortune\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Zuma Deluxe\Uninstall.exe"
-->"c:\Program Files (x86)\Symantec\LiveUpdate\LSETUP.EXE" /U
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {00C5525B-3CB3-467D-8100-2E6FB306CD86}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A90000000001}
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ares 2.1.0-->"C:\Program Files (x86)\Ares\uninstall.exe"
Assistente de Conexão do Windows Live-->MsiExec.exe /I{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}
Atheros Driver Installation Program-->C:\Program Files (x86)\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe -runfromtemp -l0x0009
Catalyst Control Center - Branding-->MsiExec.exe /I{3FA93E4C-CB3B-4B25-B091-9DB0FCC56A74}
ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Cisco EAP-FAST Module-->MsiExec.exe /I{415B2719-AD3A-4944-B404-C472DB6085B3}
Cisco LEAP Module-->MsiExec.exe /I{83770D14-21B9-44B3-8689-F7B523F94560}
Cisco PEAP Module-->MsiExec.exe /I{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Component Framework-->MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
CyberLink DVD Suite-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
Ferramenta de Carregamento do Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Google Earth-->MsiExec.exe /X{548EAC70-EE00-11DD-908C-005056806466}
Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Active Support Library-->C:\Program Files (x86)\InstallShield Installation Information\{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Help and Support-->MsiExec.exe /X{31216452-5540-4C96-B754-94890A63D5AB}
HP MULTIPLE MODEM INSTALLER for VISTA-->MsiExec.exe /I{45A136EC-88BF-4B95-99F5-C45D3930E1CC}
HP Quick Launch Buttons 6.40 D3-->C:\Program Files (x86)\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP QuickPlay 3.7-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Smart Web Printing-->msiexec /i{380357CA-29F4-4B3C-B401-32C057E6B59B}
HP Total Care Advisor-->MsiExec.exe /X{f32502b5-5b64-4882-bf61-77f23edcac4f}
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP User Guides 0102-->MsiExec.exe /I{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}
HP Wireless Assistant-->MsiExec.exe /I{A5CE7175-080D-49AC-B5A3-E7E3502428F5}
HPTCSSetup-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}\setup.exe" -l0x9 -removeonly
IDT Audio-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -l0x9 -remove -removeonly
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
LabelPrint-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
LightScribe System Software 1.14.17.1-->MsiExec.exe /X{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "c:\ProgramData\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
LuckyTender 1.3.0-->C:\Program Files (x86)\LuckyTender\uninst.exe
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 6.1-->C:\Program Files (x86)\InstallShield Installation Information\{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}\muveesetup.exe -removeonly -runfromtemp
My HP Games-->"C:\Program Files (x86)\HP Games\Uninstall.exe"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}
Nokia PC Suite-->C:\ProgramData\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_wu_por_br.exe
Nokia PC Suite-->MsiExec.exe /I{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}
Norton AntiVirus Help-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton AntiVirus-->MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton Confidential Core-->MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Norton Internet Security (Symantec Corporation)-->"C:\Program Files (x86)\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Setup.exe" /X
Norton Internet Security-->MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
Norton Protection Center-->MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
PC Connectivity Solution-->MsiExec.exe /I{D848D140-41C3-4A53-86D8-E866A100B4CD}
Power2Go-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
QuickPlay SlingPlayer 0.4.6-->"C:\Program Files (x86)\HP\QuickPlay\unins000.exe"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek USB 2.0 Card Reader-->C:\Program Files (x86)\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe -runfromtemp -l0x0009 -removeonly
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Slingbox Flash Tour-->MsiExec.exe /I{38EAC694-0D90-445F-8C17-8B50ADFE3162}
SlingPlayer-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{004B0DCB-4C60-465B-8F01-44B0A4111187} /l1033
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Windows Live Call-->MsiExec.exe /I{32BC546A-8AA3-4239-AE92-9CF3291C35A6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{3B96F4EA-CD82-4C57-B86A-646A017CAF18}
Windows Live Mail-->MsiExec.exe /I{852E74A9-74F1-4F71-BE3E-991A48EF232D}
Windows Live Messenger-->MsiExec.exe /X{C8DD4EAD-674B-461B-94D5-4C80CCFB8401}

======Security center information======

AV: Norton Internet Security (outdated)
FW: Norton Internet Security
AS: Windows Defender
AS: Norton Internet Security (outdated)

======System event log======

Computer Name: LHZucco-PC
Event Code: 225
Message: The application \Device\HarddiskVolume1\Windows\explorer.exe with process id 3340 stopped the removal or ejection for the device USBSTOR\DISK&Ven_Generic-&Prod_Multi-Card&Rev_1.00\20071114173400000&0.
Record Number: 156205
Source Name: Microsoft-Windows-Kernel-PnP
Time Written: 20090510021938.937103-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: LHZucco-PC
Event Code: 10
Message: The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505
Record Number: 156300
Source Name: VDS Dynamic Provider
Time Written: 20090510024401.000000-000
Event Type: Error
User:

Computer Name: LHZucco-PC
Event Code: 10
Message: The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505
Record Number: 156379
Source Name: VDS Dynamic Provider
Time Written: 20090510030356.000000-000
Event Type: Error
User:

Computer Name: LHZucco-PC
Event Code: 10
Message: The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505
Record Number: 157004
Source Name: VDS Dynamic Provider
Time Written: 20090510054158.000000-000
Event Type: Error
User:

Computer Name: LHZucco-PC
Event Code: 10
Message: The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505
Record Number: 157109
Source Name: VDS Dynamic Provider
Time Written: 20090510060759.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: LHZucco-PC
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6001.18226, time stamp 0x49ac95d6, faulting module Flash10b.ocx, version 10.0.22.87, time stamp 0x4987a6c3, exception code 0xc0000005, fault offset 0x002da8fa, process id 0x1554, application start time 0x01c9d018da1301c2.
Record Number: 11859
Source Name: Application Error
Time Written: 20090508201134.000000-000
Event Type: Error
User:

Computer Name: LHZucco-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
12 user registry handles leaked from \Registry\User\S-1-5-21-3492935456-4103742105-2579068075-1000:
Process 668 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3492935456-4103742105-2579068075-1000
Process 668 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3492935456-4103742105-2579068075-1000
Process 668 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3492935456-4103742105-2579068075-1000
Process 904 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3492935456-4103742105-2579068075-1000
Process 668 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3492935456-4103742105-2579068075-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 668 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3492935456-4103742105-2579068075-1000\Software\Microsoft\SystemCertificates\Root
Process 668 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3492935456-4103742105-2579068075-1000\Software\Microsoft\SystemCertificates\trust
Process 668 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3492935456-4103742105-2579068075-1000\Software\Microsoft\SystemCertificates\MY
Process 668 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3492935456-4103742105-2579068075-1000\Software\Microsoft\SystemCertificates\CA
Process 668 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3492935456-4103742105-2579068075-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 668 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3492935456-4103742105-2579068075-1000\Software\Policies\Microsoft\SystemCertificates
Process 668 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3492935456-4103742105-2579068075-1000\Software\Policies\Microsoft\SystemCertificates

Record Number: 11878
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090508235030.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: LHZucco-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3492935456-4103742105-2579068075-1000_Classes:
Process 904 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3492935456-4103742105-2579068075-1000_CLASSES

Record Number: 11879
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090508235031.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: LHZucco-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 11915
Source Name: Microsoft-Windows-WMI
Time Written: 20090509234519.000000-000
Event Type: Error
User:

Computer Name: LHZucco-PC
Event Code: 78
Message: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero 9\Nero Recode\Recode.exe.Manifest".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
Record Number: 11921
Source Name: SideBySide
Time Written: 20090509234605.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: LHZucco-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: LHZUCCO-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x28c
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 122173
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090510063256.467103-000
Event Type: Audit Success
User:

Computer Name: LHZucco-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 122174
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090510063256.467103-000
Event Type: Audit Success
User:

Computer Name: LHZucco-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: LHZUCCO-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x28c
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 122175
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090510063358.856103-000
Event Type: Audit Success
User:

Computer Name: LHZucco-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: LHZUCCO-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x28c
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 122176
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090510063358.856103-000
Event Type: Audit Success
User:

Computer Name: LHZucco-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 122177
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090510063358.856103-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\CyberLink\Power2Go;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=17
"PROCESSOR_IDENTIFIER"=AMD64 Family 17 Model 3 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0301
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Platform"=MCD
"PCBRAND"=Pavilion
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------
 
Mais uma vez a sua ajuda!!!!

Boa noite Mr. Wolf!

Acho que estou com problemas outra vez, o avira acusou vírus, a máquina reiniciou sozinha, e qndo reiniciou continuou acusando worm/bagle.gen.worm....mandei todos para a quarantina, claro.
Mas toda vez que a pagina inicial do google é aberta continua acusando mesmo vírus como se o google estivesse infectado....
Segue o Log em anexo

Desde já agradeço!
 

Attachments

  • hijackthis10.05.txt
    6 KB · Visitas: 97
Grande Mr. Wolf, postei só para ao mesmo tempo dizer que agora está tudo em ordem com o meu micro, graças a tua intervenção, e ao mesmo tempo agradecer a tua ajuda. Quero dizer também que vou viajar amanhã e por isso ficarei ausente e um bom tempo sem postar por aqui.
Obrigado por tudo e um forte abraço.
XQuest
 
Boa tarde pessoal! Vou responder a todos neste mesmo post.

Olá Mariana SMS, sinto lhe informar que você foi enganada por uma comunidade fake amiga Mariana. Isso é vírus sim! Sugiro que não acesse seu Orkut, MSN ou qualquer site e/ou programa que seja necessário inserir senhas.
Poste um log do HijackThis aqui Mariana, por gentileza.

__________________________________________


Olá PoletixP, por favor, poste um log do HijackThis conforme as instruções no spoiler abaixo:

- Baixe o HijackThis e extraia-o para uma pasta própria em C:.
- Execute o HijackThis e clique em Do a system scan and a save logfile.
- Será gerado um log no bloco de notas. Copie e cole-o aqui.
__________________________________________


Amigo brunobyof, era só apertar a tecla 2 + Enter na tela de opções da ferramenta. Você teclou todas opções, mas no fim fez corretamente, rsrs. Siga a instrução abaixo Bruno:

Execute o USBFix e tecle 5 + Enter para desinstalar a ferramenta do computador. Execute o HijackThis e clique em Do a system scan only. Marque as entradas abaixo no log e clique no botão Fix checked

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
Clique para expandir...
Clique em Sim na mensagem e feche a ferramenta.

No mais o log está limpo brunobyof. Como está o PC?

Gostaria de saber se ainda tá oinfectado e qual é o vírus se tiver...valew!
Clique para expandir...
Não está mais infectado. O vírus era um worm proveniente de mídias removíveis (pendrive, MP3, MP4, celular, HD externo, câmera digital, etc). Sugiro que desabilite o autorun do Windows amigo Bruno. Caso não saiba como fazer é só dizer.
__________________________________________


Opa zucco, seu log possui algumas entradas maliciosas. Mas creio que não é o principal causador da lentidão em sua máquina. Siga as instruções abaixo zucco:

- Faça o download do ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Duplo clique no ícone combofix.exe para iniciar o scan;
● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.

Cole este log em sua próxima resposta.
__________________________________________


Amiga vimed, em seu log constam três entradas ocultas que teremos que verificar de quem são. Não creio que sejam de um worm bagle não, pois ele buga o antivirus, fazendo com que sempre que for executá-lo gerar uma mensagem de erro dizendo que: 'Seu antivirus não é um aplicativo Win32 válido'. Seu Avira está abrindo normalmente, tal como qualquer outro programa?

Siga estas instruções abaixo vimed:

Baixe o FindyKill e salve-o no desktop;

- Dê um duplo clique em FindyKill.exe e instale-o normalmente seguindo os prompts;
- Após a instalação, dê um duplo clique no ícone que será criado no desktop;
- Será aberta uma tela onde você deve escolher a linguagem. Digite E e tecle Enter;
- Na tela que abrir pressione a tecla 1 + Enter para criar o relatório.

Poste este relatório em sua próxima resposta.
__________________________________________


XQuest disse:
Grande Mr. Wolf, postei só para ao mesmo tempo dizer que agora está tudo em ordem com o meu micro, graças a tua intervenção, e ao mesmo tempo agradecer a tua ajuda. Quero dizer também que vou viajar amanhã e por isso ficarei ausente e um bom tempo sem postar por aqui.
Obrigado por tudo e um forte abraço.
XQuest
Clique para expandir...
Opa amigo XQuest, fico feliz que esteja tudo ok na máquina. Boa viagem para você amigo. Se precisar novamente, estarei às ordens aqui. :)

Abraços
 
Você deve fazer login ou se registrar para responder aqui.

Users who are viewing this thread

Total: 2 (membros: 0, visitantes: 2)
Voltar
Topo