Remoção de vírus

skywalkerpg · 20/07/2009

Oi baixei o arquivo dds e aqui estão os logs:

DDS (Ver_09-06-26.01) - NTFSx86
Run by Sky at 18:30:44,62 on seg 20/07/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1112 [GMT -3:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
C:\Arquivos de programas\Google\Google Talk\googletalk.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Steam\Steam.exe
C:\Arquivos de programas\Microsoft Office\Office\1046\msoffice.exe
C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\rundll32.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Sky\Meus documentos\CryptLoad_1.1.6\CryptLoad.exe
C:\Documents and Settings\Sky\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
mWinlogon: SFCDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\arquivos de programas\bitcomet\tools\BitCometBHO_1.2.8.7.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll
BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\arquivos de programas\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Kwyshell MidpX: {ebe9e2b5-b526-48bc-ad46-687263edcb0e} - c:\arquivos de programas\kwyshell\midpx\jadinvoker\MidpInvoker.dll
TB: Kwyshell MidpX: {ebe9e2b5-b526-48bc-ad46-687263edcb0e} - c:\arquivos de programas\kwyshell\midpx\jadinvoker\MidpInvoker.dll
TB: TextAloud: {f053c368-5458-45b2-9b4d-d8914bdddbff} - c:\arquiv~1\textal~1\TAForIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AlcoholAutomount] "c:\arquivos de programas\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\arquivos de programas\arquivos comuns\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [CoolSMS]
uRun: [Google Update] "c:\documents and settings\sky\configurações locais\dados de aplicativos\google\update\GoogleUpdate.exe" /c
uRun: [Steam] "c:\arquivos de programas\steam\Steam.exe" -silent
mRun: [Google Desktop Search] "c:\arquivos de programas\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [googletalk] c:\arquivos de programas\google\google talk\googletalk.exe /autostart
mRun: [GrooveMonitor] "c:\arquivos de programas\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] c:\arquivos de programas\arquivos comuns\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\arquivos de programas\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avgnt] "c:\arquivos de programas\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\arquivos de programas\quicktime\qttask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\sky\menuin~1\progra~1\inicia~1\mozill~1.lnk - c:\arquivos de programas\mozilla firefox\firefox.exe
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\barrad~1.lnk - c:\windows\installer\{00000416-78e1-11d2-b60f-006097c998e7}\misc.exe
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\micros~1.lnk - c:\arquivos de programas\microsoft office\office\OSA9.EXE
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Baixar com o FDM - file://c:\arquivos de programas\free download manager\dllink.htm
IE: Baixar link usando &BitComet - c:\arquivos de programas\bitcomet\BitComet.exe/AddLink.htm
IE: Baixar todos os links usando BitComet - c:\arquivos de programas\bitcomet\BitComet.exe/AddAllLink.htm
IE: Baixar todos os vídeos usando BitComet - c:\arquivos de programas\bitcomet\BitComet.exe/AddVideo.htm
IE: Baixar tudo com o FDM - file://c:\arquivos de programas\free download manager\dlall.htm
IE: Download selecionado pelo FDM - file://c:\arquivos de programas\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\arquivos de programas\free download manager\dlfvideo.htm
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~3\office12\EXCEL.EXE/3000
IE: Link to &MidpX - c:\arquivos de programas\kwyshell\midpx\jadinvoker\extent\jad_wrap.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\arquivos de programas\bitcomet\tools\BitCometBHO_1.2.8.7.dll/206
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\sky\menu iniciar\programas\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\arquivos de programas\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~3\office11\REFIEBAR.DLL
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/da/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225330116359
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} - hxxp://simcity.ea.com/play/classic/SimCityX.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\arquivos de programas\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\arquivos de programas\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\arquiv~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\arquivos de programas\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sky\dadosd~1\mozilla\firefox\profiles\pleipi00.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - YouTube
FF - prefs.js: browser.startup.homepage - www.orkut.com
FF - component: c:\arquivos de programas\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\sky\configuraã§ãµes locais\dados de aplicativos\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\sky\dados de aplicativos\mozilla\firefox\profiles\pleipi00.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\arquivos de programas\avira\antivir desktop\avgio.sys [2009-5-16 11608]
R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\avira\antivir desktop\sched.exe [2009-5-16 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\arquivos de programas\avira\antivir desktop\avguard.exe [2009-5-16 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-16 55640]
S3 GoogleDesktopManager-092308-165331;Gerenciador do Google Desktop 5.8.809.23506;c:\arquivos de programas\google\google desktop search\GoogleDesktop.exe [2008-10-31 30192]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\arquivos de programas\sisoftware\sisoftware sandra lite 2009\RpcAgentSrv.exe [2009-2-3 98488]
S3 SASENUM;SASENUM;c:\arquivos de programas\superantispyware\SASENUM.SYS [2009-6-23 7408]

=============== Created Last 30 ================

2009-07-19 10:53 <DIR> --d----- c:\docume~1\sky\dadosd~1\Malwarebytes
2009-07-19 10:53 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-19 10:53 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-19 10:53 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Malwarebytes
2009-07-19 10:53 <DIR> --d----- c:\arquivos de programas\Malwarebytes' Anti-Malware
2009-07-17 01:25 139,016 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-14 21:03 189,488 a------- c:\windows\system32\PnkBstrB.exe
2009-07-13 12:11 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-07-13 12:11 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\SUPERAntiSpyware.com
2009-07-13 02:24 <DIR> --d----- c:\docume~1\sky\dadosd~1\SUPERAntiSpyware.com
2009-07-13 02:24 <DIR> --d----- c:\arquivos de programas\SUPERAntiSpyware
2009-07-03 13:15 <DIR> --d----- c:\docume~1\sky\dadosd~1\Activision
2009-07-03 13:15 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Activision
2009-06-26 12:18 189,488 a------- c:\windows\system32\PnkBstrB.xtr
2009-06-26 06:13 139,152 a------- c:\docume~1\sky\dadosd~1\PnkBstrK.sys
2009-06-26 06:12 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-06-26 06:12 794,408 a------- c:\windows\system32\pbsvc.exe
2009-06-26 04:16 <DIR> --d----- c:\arquivos de programas\EA Games
2009-06-25 14:42 5,632 a------- c:\windows\system32\BReWErS.dll
2009-06-22 06:36 0 a------- c:\windows\graphedit.INI

==================== Find3M ====================

2009-06-19 01:04 106,496 a------- c:\windows\Cuninst.exe
2009-06-18 18:17 418,480 a------- c:\windows\system32\wrap_oal.dll
2009-06-18 18:17 115,432 a------- c:\windows\system32\OpenAL32.dll
2009-06-18 14:43 3,709 a------- c:\windows\system32\sdbackup.reg
2009-06-14 18:45 25,280 a------- c:\windows\system32\drivers\hamachi.sys
2009-05-10 02:47 737,280 a------- c:\windows\iun6002.exe
2009-05-01 00:31 1,657,376 a------- c:\windows\system32\nwiz.exe
2009-05-01 00:31 449,056 a------- c:\windows\system32\nvappbar.exe
2009-05-01 00:31 436,768 a------- c:\windows\system32\keystone.exe
2009-05-01 00:31 1,724,416 a------- c:\windows\system32\nvwdmcpl.dll
2009-05-01 00:31 1,507,328 a------- c:\windows\system32\nview.dll
2009-05-01 00:31 1,101,824 a------- c:\windows\system32\nvwimg.dll
2009-05-01 00:31 466,944 a------- c:\windows\system32\nvshell.dll
2009-04-30 22:02 9,994,240 a------- c:\windows\system32\nvoglnt.dll
2009-04-30 22:02 5,896,320 a------- c:\windows\system32\nv4_disp.dll
2009-04-30 22:02 1,720,320 a------- c:\windows\system32\nvcuda.dll
2009-04-30 22:02 1,579,630 a------- c:\windows\system32\nvdata.bin
2009-04-30 22:02 1,314,816 a------- c:\windows\system32\nvcuvenc.dll
2009-04-30 22:02 806,912 a------- c:\windows\system32\nvapi.dll
2009-04-30 22:02 663,552 a------- c:\windows\system32\nvcuvid.dll
2009-04-30 22:02 457,248 a------- c:\windows\system32\nvudisp.exe
2009-04-30 22:02 143,360 a------- c:\windows\system32\nvcodins.dll
2009-04-30 22:02 143,360 a------- c:\windows\system32\nvcod.dll
2009-04-27 00:42 457,248 a------- c:\windows\system32\NVUNINST.EXE
2009-02-03 11:48 87,608 a------- c:\docume~1\sky\dadosd~1\inst.exe
2009-02-03 11:48 47,360 a------- c:\docume~1\sky\dadosd~1\pcouffin.sys

============= FINISH: 18:31:11,31 ===============

E aqui está o outro

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 29/10/2008 22:06:12
System Uptime: 20/7/2009 15:31:43 (3 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5WD2
Processor: Intel(R) Pentium(R) D CPU 3.40GHz | Socket 775 | 3412/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 0,337 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is CDROM (CDFS)
G: is CDROM ()
H: is CDROM ()
I: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Controlador Ethernet
Device ID: PCI\VEN_13F0&DEV_0200&SUBSYS_020113F0&REV_31\4&CF81C54&0&00F0
Manufacturer:
Name: Controlador Ethernet
PNP Device ID: PCI\VEN_13F0&DEV_0200&SUBSYS_020113F0&REV_31\4&CF81C54&0&00F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Controlador de comunicação PCI simples
Device ID: PCI\VEN_E159&DEV_0001&SUBSYS_00038086&REV_00\4&CF81C54&0&08F0
Manufacturer:
Name: Controlador de comunicação PCI simples
PNP Device ID: PCI\VEN_E159&DEV_0001&SUBSYS_00038086&REV_00\4&CF81C54&0&08F0
Service:

==== System Restore Points ===================

RP311: 13/7/2009 02:24:22 - Installed SUPERAntiSpyware Free Edition
RP312: 13/7/2009 11:57:16 - Operação de restauração
RP313: 13/7/2009 12:11:03 - Operação de restauração
RP314: 14/7/2009 13:12:59 - Ponto de verificação do sistema
RP315: 15/7/2009 17:53:11 - Ponto de verificação do sistema
RP316: 16/7/2009 18:50:04 - Ponto de verificação do sistema
RP317: 18/7/2009 11:30:09 - Ponto de verificação do sistema
RP318: 19/7/2009 14:31:12 - Ponto de verificação do sistema

==== Installed Programs ======================

ABC 3GP/MP4 Converter 3.00
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Default Language CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Viewer CS3
Adobe PDF Library Files
Adobe Reader 9.1.2 - Português
Adobe Setup
Adobe Shockwave Player
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe XMP Panels CS3
ADPHONE3
Arquivo do WinRAR
Ask.com Search Assistant 1.0.1
Assistente de Conexão do Windows Live
Atualização de Segurança para o Windows Media Player (KB952069)
Atualização de Segurança para o Windows Media Player 11 (KB936782)
Atualização de Segurança para o Windows Media Player 11 (KB954154)
Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)
Atualização de Segurança para Windows Internet Explorer 7 (KB956390)
Atualização de Segurança para Windows Internet Explorer 7 (KB958215)
Atualização de Segurança para Windows Internet Explorer 7 (KB960714)
Atualização de Segurança para Windows XP (KB938464)
Atualização de Segurança para Windows XP (KB941569)
Atualização de Segurança para Windows XP (KB946648)
Atualização de Segurança para Windows XP (KB950762)
Atualização de Segurança para Windows XP (KB950974)
Atualização de Segurança para Windows XP (KB951066)
Atualização de Segurança para Windows XP (KB951376-v2)
Atualização de Segurança para Windows XP (KB951698)
Atualização de Segurança para Windows XP (KB952954)
Atualização de Segurança para Windows XP (KB954211)
Atualização de Segurança para Windows XP (KB954459)
Atualização de Segurança para Windows XP (KB954600)
Atualização de Segurança para Windows XP (KB955069)
Atualização de Segurança para Windows XP (KB956391)
Atualização de Segurança para Windows XP (KB956802)
Atualização de Segurança para Windows XP (KB956803)
Atualização de Segurança para Windows XP (KB956841)
Atualização de Segurança para Windows XP (KB957095)
Atualização de Segurança para Windows XP (KB957097)
Atualização de Segurança para Windows XP (KB958644)
Atualização para Windows XP (KB898461)
Atualização para Windows XP (KB951072-v2)
Atualização para Windows XP (KB951978)
Atualização para Windows XP (KB955839)
aTube Catcher 1.0
Avira AntiVir Personal - Free Antivirus
Battlefield Heroes
Big Fish Games Client
BitComet 1.05
BS.Player
BS.Player PRO
Call of Duty(R) - World at War(TM)
CCleaner (remove only)
CDisplay 1.8
Choice Guard
Clean Virus MSN
CoolSMS 2.06 beta
Dead Space™
Descrambler
Dic Michaelis - UOL
Discador InteligWeb
Driver Detective
EasyCleaner
Fallout
Fallout 3
Fallout2
Ferramenta de Carregamento do Windows Live
Free Download Manager 2.5
GameHike
GameTap
Garena
Google Chrome
Google Desktop
Google Earth
Google Talk (remove only)
HijackThis 2.0.2
Hockey Elétrico
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix para o Windows Media Player 11 (KB939683)
Hotfix para Windows XP (KB942288-v3)
Hotfix para Windows XP (KB952287)
hp deskjet 3420 series
Huffyuv AVI lossless video codec (Remove Only)
ICQ6.5
ImgBurn
IMVU Avatar Chat Software
IncrediMail
IrfanView (remove only)
IRPF2009 - Declaração de Ajuste Anual e Final de Espólio
Java DB 10.4.1.3
Java(TM) 6 Update 13
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 13
K-Lite Codec Pack 4.2.5 (Full)
Kwyshell MidpX Emulator Package 1.3.1
Malwarebytes' Anti-Malware
Mario Soccer Demo #7
Marvell Miniport Driver
Max Payne
Megacubo 6.0.3
Messenger Plus! Live
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PTB
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Office Access MUI (Portuguese (Brazil)) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
Microsoft Office Professional Edição 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Portuguese (Brazil)) 2007
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
Microsoft Office Word MUI (Portuguese (Brazil)) 2007
Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft XML Parser
Microsoft XNA Framework Redistributable 3.0
Miranda IM 0.7.17
Mozilla Firefox (3.0.11)
MSVCRT
MSXML 4.0 SP2 (KB954430)
nCleaner second 2.3.4.0
Nero 8
neroxml
NextUp-ScanSoft Raquel Brazilian Portuguese Voice
NVIDIA Drivers
NVIDIA PhysX
Nvu 1.0
OpenAL
PC Health Optimizer Free Edition
PC Pitstop Driver Alert 1.0.0.13
Peggle Extreme
PicaView
Plain Sight
PodProducer Beta v0.28
Power Card Maker 5.20
Quest for Glory V: Dragon Fire
Quick Menu Builder 1.2
QuickTime
QuickTime 3.0
Real Alternative 1.9.0 Lite
Realtek High Definition Audio Driver
Receitanet Java 2009.01
Requiem
River Past Screen Recorder Pro
River Past Video Cleaner
Segoe UI
Sierra Utilities
SiSoftware Sandra Lite 2009
Skype™ 4.0
SopCast 3.0.3
Spelling Dictionaries Support For Adobe Reader 9
Spider-Man(R) - Web of Shadows(TM) 1.1 Patch
Star Wars Jedi Knight Jedi Academy
Star Wars JK II Jedi Outcast
Steam
SUPERAntiSpyware Free Edition
System Requirements Lab
Team Fortress 2
TeamSpeak 2 RC2
TextAloud
Tradutor 2.5 (Beta)
Unlocker 1.8.7
Vampire - The Masquerade Bloodlines
VC 9.0 Runtime
VCRedistSetup
VisuAlg 2.0.0.12 (20/09/06)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
XML Paper Specification Shared Components Pack 1.0
XviD MPEG-4 Codec

==== End Of File ===========================

Mais uma coisa eu to jogando battlfield heroes e ele tem um programinha anti-cheat la que toda vez que vou jogar o avira apita no jogo e fala que esse programinha que ta sendo detectado como virus ai tenho que mandar ignorar, é possivel que seja ele que esteja fazendo apitar? Porque creio que ele só é ativo quando abro o jogo.

Tiagoquiroga · 20/07/2009

Ola wolf segue o log do OTM

Service\Driver awoy0ky0 not found.
Service\Driver ayottguv not found.
Service\Driver ayottguv not found.
Service\Driver ayottguv not found.
Service\Driver catchme deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 2609029 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: User
->Temp folder emptied: 585635936 bytes
->Temporary Internet Files folder emptied: 974061960 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 70075845 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2114593 bytes
%systemroot%\System32 .tmp files removed: 2969 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\unp190114203.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_68c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 247205 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1559,05 mb

OTM by OldTimer - Version 3.0.0.5 log created on 07202009_200118

Files moved on Reboot...
File C:\WINDOWS\temp\_avast4_\unp190114203.tmp not found!
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_68c.dat not found!

Registry entries deleted on Reboot...

sonny · 20/07/2009

Mr.Wolf disse:
Sua opinião é a mesma do amigo Victorm, Sonny - criar um kernel do zero. E como já expliquei ao Victor, explico aqui também. Zerar o kernel seria algo realmente bom, com certeza iria atrapalhar as artimanhas de muitos cracker por aí, mas, creio eu, que para Rootkit.Russo ainda não seria eficaz, este é um dos motivos que torna este rootkit o malware mais avançado dos últimos tempos. Pois o mesmo consegue se adaptar em qualquer tipo de kernel por causa da programação que ele carrega. Vendo que, até mesmo o Linux é afetado por este rootkit, lógico, as chances de um Linux ser afetado desta maneira são nulas, mas não impossíveis! E já registramos isso em testes com este rootkit.

Porém, se o kernel do Windows fosse parecido com o do Linux já seria uma mão na roda, tanto para a Microsoft quanto para nós, evitar este rootkit. Acho que isso seria ainda mais viável do que refazer um kernel do zero. Porque se formos examinar a fundo a diferença entre o kernel Linux e Windows, é bastante dificil encontrar uma área onde o Windows é melhor que o Linux, tirando provalvelmente os tipos de discos suportados pelo kernel do Windows, uma vez que este suporta discos flash e hybrid e o kernel do Linux ainda não suporta.

Entretanto, algo notável é o fato de que quase todos os drivers de dispositivos para o Linux (USB, FUSE, Graphics, etc) estarem no "user space" enquanto que no Windows ainda funcionam no "kernel space". Isto é um significativo passo a frente em termos de segurança e de estabilidade (evita também a necessidade de fazer reboots por tudo e por nada...). Creio que isso ajudaria bastante a evitar um rootkit desta categoria.

É verdade. Como dizem por aí: "A única pessoa que consegue manter o computador 100% seguro, é a que sabe hackear...". E se formos analisar este comentário, é a mais pura verdade. Porque a pessoa que saber hackear mesmo, não esses lammers que existem por aí que pensam serem hackers, mas digo um hacker profissional e "competente", conhece todas as manhas utilizadas em um hack, sabe o que é explorado em um hack, portanto, ele tem a total capacidade de deixar o sistema devidamente protegido de ataques.

Os bancos usam mesmo esse método de contratar hackers para trabalhar na área de segurança. Já prestei serviços para o Bradesco e para o Unibanco, e os administradores da rede de segurança dos bancos eram nada mais que hackers. Tanto que notei claramente que a segurança dos bancos estava 100%, perfeita, sem comentários. Para um vírus ou um hacker invadir o sistema desses bancos tem que ser no mínimo "O Cara".

Um caso interessante é um de um dos crackers brasileiros mais inteligentes (considerado o gênio da informática), o João Sperandio Neto . Ele além de ter trabalhado para alguns bancos nacionais, trabalhou inclusive para a polícia. Veja a notícia sobre o mesmo:

http://www.linhadefensiva.org/forum/index.php?showtopic=85543

Nossa o cara causou geral hahahaha.

Eu lembro que na época que eu invadia, tinha um programinha que mostrava todas as senhas do sistema. Ou seja, você invadia e dai usava esse programa e ele aparecia todas as senhas. Claro que, eu não usava senha de banco nem documentos, que eu acho isso uma verdadeira sacanagem. Mas na época que não tinha provedor e acava usando as senhas de provedores hahaha.

Mas era totalmente sem prejudicar ninguém. Antigamente era muito fácil invadir um PC, com programas, por ftp ou até mesmo pelo DOS. Eu cansei de fazer isso. Na época de mIRC quem me xingasse eu invadir para deixar de ser bobo. Mas isso era época de moleque, 1999 e tal. Hoje as coisas mudaram, não faço mais isso, mas na verdade eu fazia isso justamente para aprender a ter mais segurança no PC. Hoje eu não sei mais nada, mudou todo o esquema e eu nem sei como funciona. Acho que quem continou a fazer isso, hoje com certeza deve manjar muito mesmo. Ainda mais que hoje, parece que um quer competir com o outro.

Eu acho bom ler, estudar sobre o assunto. Mas, a partir do momento em que a pessoa usa isso para ferrar a vida de outra pessoa, dai eu já não concordo.

É interessante essas coisas... Mas sempre quando lembro dessas coisas de hacker e invasão, eu lembro do nerd que fez o Napster, aquele usou a inteligência para uma coisa boa, até que tornou ilegal... mas mesmo assim ficou milionário. hahaha.

imartynetz · 21/07/2009

Ola Wolf, quanto tempo que não te perturbo.

BOm segue meu log do Hijeckthis, podia checar ver se estou com algum virus??
Se puder tem como me falar aonde que ester virus estão?? Posso ir pelo linux e remove-lo, isto se é que tem como saber por ali aonde estão alojados

Grato

victoram · 21/07/2009

Wolf estou com um pc aqui que ta complicado, consegui tirar alguns malwares mais ainda deve ta sobrando alguns que nao to conseugindo tirar!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:27:58, on 21/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Windows\3xHybridRMT.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\vsnpstd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\new.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\rundll32.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\Felipe\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\conime.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\Windows\3xHybridRMT.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [kisys64] "c:\windows\system32\new.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: REALTEK USB Wireless LAN Utility.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD7/JSCDL/...6u13-windows-i586-jc.cab&BHost=javadl.sun.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - (no file)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 8792 bytes

OBS: o pc ta muito muito lerdo! tanto que quando escrevo vai aparecendo uma letra de cada vez :x

Mr.Wolf · 21/07/2009

Olá pessoal, boa tarde!

tavinhogd, delete a pasta C:\Lop SD e a ferramenta também. Vá em Painel de Controle > Adicionar ou Remover Programas, encontre e desinstale o ASKBarDis ou ASK Toolbar.

Reinicie o computador, gere um novo log e poste-o aqui tavinhogd.

_____________________________________________________________

tarcisinho, execute o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique no botão Fix checked:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101764&l=dis
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Arquivos de programas\AskSearch\bin\DefaultSearch.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

Clique em Sim na mensagem e feche o programa.

No mais, log limpo tarcisinho.

_____________________________________________________________

skywalkerpg, seu log possui infecções por Trojans.Agent e Spywares. Siga as instruções no spoiler abaixo amigo skywalkerpg:

Vá em Painel de Controle > Adicionar ou Remover Programas. Encontre e desinstale os programas abaixo:

Ask.com Search Assistant 1.0.1
Clean Virus MSN (se quiser reinstale-o mais tarde, pois o programa foi afetado pelos trojans)

- Faça o download do ComboFix e salve-o na área de trabalho.
OBS: Não execute a ferramenta dando dois cliques!

Selecione e copie este texto abaixo. Cole no Bloco de Notas e salve-o no desktop como CFScript.txt

File::
c:\windows\system32\BReWErS.dll
c:\windows\iun6002.exe
c:\docume~1\sky\dadosd~1\inst.exe
c:\docume~1\sky\dadosd~1\pcouffin.sys
ADS::

KillAll::

Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:

● Se for solicitado à você, pressione Enter para iniciar o processo de remoção;
● Não use o mouse nem o teclado quando o ComboFix estiver rodando;
● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt;
● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt.

skywalkerpg disse:
Mais uma coisa eu to jogando battlfield heroes e ele tem um programinha anti-cheat la que toda vez que vou jogar o avira apita no jogo e fala que esse programinha que ta sendo detectado como virus ai tenho que mandar ignorar, é possivel que seja ele que esteja fazendo apitar? Porque creio que ele só é ativo quando abro o jogo.

Não. O que o Avira acusa são os trojans e/ou os spywares que estão em seu computador mesmo. Ou o Avira pode estar acusando os arquivos do PunkBuster (PnkBstrB.exe, PnkBstrA.exe e PnkBstrK.sys), que não são virus, mas o Avira estava detectando-os estes dias, sendo um falso-positivo. E a atualização para a correção do falso-positivo ainda não foi lançada.

_____________________________________________________________

Tiagoquiroga, delete as ferramentas OTM e RunScanner.

O log está limpo.

_____________________________________________________________

imartynetz, o log está limpo.

_____________________________________________________________

victoram, siga as instruções abaixo:

- Faça o download do RSIT e salve no seu desktop;

● Dê dois cliques em RSIT.exe para executar o programa;
● Na janela que abrir clique no botão Continue para que a ferramenta comece a rodar;
● Quando a ferramenta terminar de rodar, abrirá um log automaticamente no bloco de notas contendo o resultado do scan. Cole o resultado desse log (log.txt) na sua próxima resposta;
● Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt.

Baixe o GMER e extraia o arquivo no desktop.

Dê um duplo clique em gmer.exe e clique em "Rootkit/Malware".
Verifique se todas as caixas de seleção à direita estão marcadas. Só não marque a caixa Show All.
Clique em Scan e aguarde.
Ao término, clique em Save e salve o log no desktop.

Poste o log do GMER, juntamente com os logs do RSIT.

Mr.Wolf · 21/07/2009

Sonny disse:
Nossa o cara causou geral hahahaha.

Eu lembro que na época que eu invadia, tinha um programinha que mostrava todas as senhas do sistema. Ou seja, você invadia e dai usava esse programa e ele aparecia todas as senhas. Claro que, eu não usava senha de banco nem documentos, que eu acho isso uma verdadeira sacanagem. Mas na época que não tinha provedor e acava usando as senhas de provedores hahaha.

Mas era totalmente sem prejudicar ninguém. Antigamente era muito fácil invadir um PC, com programas, por ftp ou até mesmo pelo DOS. Eu cansei de fazer isso. Na época de mIRC quem me xingasse eu invadir para deixar de ser bobo. Mas isso era época de moleque, 1999 e tal. Hoje as coisas mudaram, não faço mais isso, mas na verdade eu fazia isso justamente para aprender a ter mais segurança no PC. Hoje eu não sei mais nada, mudou todo o esquema e eu nem sei como funciona. Acho que quem continou a fazer isso, hoje com certeza deve manjar muito mesmo. Ainda mais que hoje, parece que um quer competir com o outro.

Eu acho bom ler, estudar sobre o assunto. Mas, a partir do momento em que a pessoa usa isso para ferrar a vida de outra pessoa, dai eu já não concordo

Pois é amigo Sonny, todo mundo tem uma época dessas, rs. Particularmente nunca hackeei computador nenhum. Sei como fazer, sei o que explorar, o que usar para esses fins... mas nunca fiz em computadores alheios. Primeiro que comecei a trabalhar cedo com segurança, então meu intuíto sempre foi a segurança dos PCs. Segundo que não tinha motivos na verdade para tal. Antigamente o pessoal hackeava por prazer mesmo, para mostrar à vítima que sabia fazer aquilo, para assustar, por um simples privilégio no mundo "undergound" dos hackers. Mas hoje em dia os hacks estão ocorrendo por um outro motivo -- fins financeiros. Lógico, os motivos pelos quais alguém tentaria invadir um computador são inúmeros. Porém, olhando para o mundo atual, os principais são estes:

> Utilizar seu computador em alguma atividade ilícita, para esconder a real identidade e localização do invasor;
> Utilizar seu computador para lançar ataques contra outros computadores;
> Utilizar seu disco rígido como repositório de dados;
> Propagar vírus de computador;
> Furtar números de cartões de crédito e senhas bancárias;
> Furtar dados do seu computador, como por exemplo, informações do seu Imposto de Renda.

O quinto item é o principal. Computadores domésticos principalmente são utilizados para realizar inúmeras tarefas, tais como: transações financeiras, sejam elas bancárias ou mesmo compra de produtos e serviços; comunicação, por exemplo, através de e-mails; armazenamento de dados, sejam eles pessoais ou comerciais, etc. Ouço muitos por aí dizerem: "Não atualizo meu sistema. Não uso antivirus. Nunca peguei um vírus. Eu sei me cuidar"... Agora vejamos: Manter um sistema desatualizado é saber se cuidar?! Baixar cracks por aí é saber se cuidar?! Acho que não. E o que pessoal não sabe é o seguinte, os crackers sabem que o pensamento da maioria dos usuários são estes que citei, e exploram justamente isso. Muita gente acha que uma falha em um serviço não irá prejudicá-lo tanto assim. Pois bem, o Conficker e o Rootkit.Russo estão aí para mostrar que isso não é verdade, vendo que, estes malwares exploram, também, falhas em softwares e sistemas desatualizados. Principalmente o Windows que é cheio de falhas em seus serviços.
Engenharia social, erros em protocolos e bugs de softwares são as formas de ataques mais exploradas hoje em dia por hackers.

Sonny disse:
É interessante essas coisas... Mas sempre quando lembro dessas coisas de hacker e invasão, eu lembro do nerd que fez o Napster, aquele usou a inteligência para uma coisa boa, até que tornou ilegal... mas mesmo assim ficou milionário. hahaha.

Bem lembrado Sonny. Infelizmente o Shawn Fanning (criador do programa) começou a usá-lo de forma ilegal realmente.

Lembro-me claramente, como se fosse hoje, que meses após seu lançamento, o Napster já havia sido processado pela Associação da Indústria de Gravação da América (RIAA) por violação de direitos autorais. Algum tempo depois, artistas como Metallica, Dr. Dre e Madonna descobriram que músicas suas, ainda não lançadas, já estavam circulando pela rede do Napster, fato que os fez também processar a empresa. Com o tempo, o número de processos somente aumentou e a justiça mandou que o Napster impedisse o compartilhamento de músicas com direito autoral e que ele pagasse mais ou menos 36 milhões de dólares para os detentores dos direitos autorais infringidos e mais um adiantamento para infrações que pudessem vir a acontecer. Devido a isso, o Napster tentou passar a ser um serviço pago, fazendo com que seu número de usuários diminuísse drasticamente e, depois de algumas tentativas de se reerguer, o Napster foi forçado a declarar falência.

victoram · 21/07/2009

Ok, la vai Wolf log do RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Felipe at 2009-07-21 17:10:17
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 2 GB (3%) free of 44 GB
Total RAM: 1013 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:10:35, on 21/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Windows\3xHybridRMT.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\vsnpstd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\new.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\rundll32.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Felipe\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Felipe\Downloads\RSIT(2).exe
C:\Program Files\Trend Micro\HijackThis\Felipe.exe

O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\Windows\3xHybridRMT.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [kisys64] "c:\windows\system32\new.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: REALTEK USB Wireless LAN Utility.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD7/JSCDL/...6u13-windows-i586-jc.cab&BHost=javadl.sun.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - (no file)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 8927 bytes

======Scheduled tasks folder======

C:\Windows\tasks\RtlVistaStart.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-02-06 61808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programa Auxiliar de Início de Sessão do Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-27 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-16 815104]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2006-11-22 90191]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2006-11-22 7757824]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2006-11-22 81920]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-12-01 4186112]
"PCMService"=C:\Program Files\Acer\Acer Arcade\PCMService.exe [2006-11-18 151552]
"Acer Product Registration"=C:\Program Files\Acer Registration\ACE1.exe [2006-12-13 3166208]
"SetPanel"= []
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2006-11-17 479232]
"eRecoveryService"= []
"TV Card Remote Control Device Monitor"=C:\Windows\3xHybridRMT.exe [2007-03-09 466944]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2007-05-14 35328]
"QuickTime Task"=C:\Program Files\VistaCodecPack\QT\QTTask.exe [2007-06-29 286720]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-12-03 2213160]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-01-02 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-01-02 166424]
"snpstd"=C:\Windows\vsnpstd.exe [2003-12-31 40960]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"fssui"=C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-02-06 454000]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-27 148888]
"kisys64"=c:\windows\system32\new.exe [2009-05-18 1765627]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-05-14 2029640]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2007-12-13 1688872]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
REALTEK USB Wireless LAN Utility.lnk - C:\Program Files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-01-02 200704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{07C7156E-D651-4ACC-9AD3-498C916E9651}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\Windows\system32\awvur.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Puxa Rápido\PuxaRapido.exe"="C:\Program Files\Puxa Rápido\PuxaRapido.exe:*:Enabled

uxa Rápido"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{005f068a-3c88-11dd-bdc8-001636c8d06c}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{530c6168-fac5-11dd-a123-001636c8d06c}]
shell\1\command - F:\
shell\2\command - F:\
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e6dfa73-96b8-11dc-9f5f-001636c8d06c}]
shell\Auto\command - MicrosoftPowerPoint.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df4a1d3d-32a2-11de-8b9f-001636c8d06c}]
shell\1\command - F:\Recycled.exe
shell\2\command - F:\Recycled.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Recycled.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee09aed1-21cb-11dc-87ef-001636c8d06c}]
shell\Auto\command - F:\msnmsgr.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\msnmsgr.exe

======List of files/folders created in the last 1 months======

2009-07-21 16:57:39 ----D---- C:\rsit
2009-07-20 17:41:57 ----D---- C:\Program Files\abgx360
2009-07-19 09:28:50 ----D---- C:\ProgramData\ESET
2009-07-19 09:28:50 ----D---- C:\Program Files\ESET
2009-07-18 21:06:50 ----D---- C:\Program Files\Trend Micro
2009-07-17 23:02:25 ----D---- C:\Users\Felipe\AppData\Roaming\Hamachi
2009-07-17 22:58:48 ----D---- C:\Program Files\Hamachi
2009-07-13 18:27:29 ----SH---- C:\Windows\system32\vt-7326.exe
2009-07-06 21:29:33 ----A---- C:\Windows\system32\HV-FDAA0.EXE
2009-07-06 21:29:33 ----A---- C:\Windows\system32\a5.ini
2009-07-06 21:29:32 ----SH---- C:\Windows\system32\vt-7626.exe

======List of files/folders modified in the last 1 months======

2009-07-21 17:10:23 ----D---- C:\Windows\Prefetch
2009-07-21 17:10:22 ----D---- C:\Windows\Temp
2009-07-21 17:09:48 ----D---- C:\Windows\System32
2009-07-21 17:09:48 ----D---- C:\Windows\inf
2009-07-21 17:09:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-07-21 17:06:13 ----D---- C:\Program Files\Mozilla Firefox
2009-07-21 17:04:14 ----D---- C:\Windows\Minidump
2009-07-21 17:04:14 ----D---- C:\Windows
2009-07-21 17:00:58 ----D---- C:\Users\Felipe\AppData\Roaming\uTorrent
2009-07-21 16:27:20 ----A---- C:\Windows\NeroDigital.ini
2009-07-21 04:07:27 ----SHD---- C:\System Volume Information
2009-07-20 17:41:57 ----RD---- C:\Program Files
2009-07-20 16:37:39 ----A---- C:\Windows\IFinst27.exe
2009-07-19 09:31:32 ----ASH---- C:\Windows\system32\og.dll
2009-07-19 09:30:38 ----SHD---- C:\Windows\Installer
2009-07-19 09:30:37 ----HD---- C:\Config.Msi
2009-07-19 09:30:27 ----D---- C:\Windows\system32\drivers
2009-07-19 09:28:50 ----HD---- C:\ProgramData
2009-07-19 08:58:32 ----ASH---- C:\Windows\system32\ul.dll
2009-07-18 21:00:51 ----D---- C:\Program Files\Fraps
2009-07-17 17:38:39 ----D---- C:\Windows\system32\catroot2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2007-04-28 110360]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver; C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
R2 {2FF8D163-C3C2-46ce-BD8D-D85AC1BC56DD};{2FF8D163-C3C2-46ce-BD8D-D85AC1BC56DD}; \??\C:\Program Files\Acer\Acer Arcade\000.fcl [2006-11-18 6656]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2009-05-14 93312]
R2 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2008-12-08 55264]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 69632]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-19 95744]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-10-05 1161152]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2006-11-10 506368]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-07-17 25280]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-12-01 1655464]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2006-12-05 6144]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-16 179896]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2006-07-06 168448]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-08 194560]
S1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys []
S2 713xTVCard;SAA7135 TV Card; C:\Windows\system32\DRIVERS\SAA713x.sys [2006-08-29 289280]
S2 WDMTVTuner;Universal WDM TV Tuner; C:\Windows\system32\drivers\WDMTuner.sys [2006-08-29 26880]
S3 3xHybrid;SAA7135 TV Card Service; C:\Windows\system32\DRIVERS\3xHybrid.sys [2007-01-24 716160]
S3 CCCP106;D-Link CIF Webcam; C:\Windows\system32\DRIVERS\cccp106.sys [2003-05-06 227200]
S3 ddsxeiservice;ddsxeiservice2; \??\C:\Program Files\sXe Injected\ddsxei.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2007-06-27 53184]
S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2007-06-27 71488]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 npkcrypt;npkcrypt; \??\D:\Gravity\RO\npkcrypt.sys []
S3 npkycryp;npkycryp; \??\D:\Gravity\RO\npkycryp.sys []
S3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2006-11-02 30720]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-11-22 4455264]
S3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187.sys [2007-05-21 248320]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [2006-11-18 254050]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe [2006-11-18 114784]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [2006-11-18 1073152]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2006-11-16 45056]
R2 fsssvc;Segurança Familiar do Windows Live; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-12-03 869672]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-01-21 143360]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-12-13 447784]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-05-14 20680]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

Log do GMER

GMER 1.0.15.14972 - GMER - Rootkit Detector and Remover
Rootkit scan 2009-07-21 17:42:43
Windows 6.0.6001 Service Pack 1

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2304] kernel32.dll!SetUnhandledExceptionFilter 76FD6E2D 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[2332] ADVAPI32.dll!RegOpenKeyExA 773AD4E8 5 Bytes JMP 00E1F7BF C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Family Safety Service/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74247BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [742898C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7424D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7423F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74247599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7423E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7427B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7424D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7424012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74240095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [742371F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [742CD802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [742675E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7423DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7423668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [742366BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74241E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[292] @ C:\Windows\system32\ole32.dll [msvcrt.dll!free] [715FF563] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:360] 84BEE790

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@DhcpNameServer 200.189.80.73 200.189.80.75
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FE5B05E8-5CF4-47CF-AA9F-51C10188492C}@LeaseObtainedTime 1248207164
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FE5B05E8-5CF4-47CF-AA9F-51C10188492C}@T1 1248207291
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FE5B05E8-5CF4-47CF-AA9F-51C10188492C}@T2 1248207387
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FE5B05E8-5CF4-47CF-AA9F-51C10188492C}@LeaseTerminatesTime 1248207419

---- EOF - GMER 1.0.15 ----

plyndagos · 21/07/2009

Mr.Wolf disse:
Opa amigo plyndagos, seu log está limpo.

Algum problema com o PC plyndagos?

Tive um probleminha com 2 arquivos infectados por aqui, passei o Avira Premium e retirei-os, mas ainda assim fiquei com um pé atrás e vim tirar a dúvida contigo hehe. Obrigado por olhar o log

Mr.Wolf · 21/07/2009

victoram, temos um problema aí amigo. Seu PC está infectado por alguns trojans downloaders, um rootkit (por sorte desativado) e worms. Caso possua rede aí, desconecte o computador da rede imediatamente. Recomendo também que formate seus dispositivos removíveis.

Siga abaixo:

Abra o Bloco de Notas do PC e cole este texto abaixo:

Código:

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{005f068a-3c88-11dd-bdc8-001636c8d06c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{530c6168-fac5-11dd-a123-001636c8d06c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e6dfa73-96b8-11dc-9f5f-001636c8d06c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df4a1d3d-32a2-11de-8b9f-001636c8d06c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee09aed1-21cb-11dc-87ef-001636c8d06c}]

Salve no desktop como RFix.reg. Dê um duplo clique neste arquivo e clique em Sim na mensagem.

- Faça o download do Avenger e salve-o no desktop;

● Extraia o conteúdo do zip para o desktop;
● Selecione e copie o texto aqui abaixo:

Código:

Files to delete:
c:\windows\system32\new.exe
C:\Windows\system32\awvur.dll
C:\Windows\system32\vt-7326.exe
C:\Windows\system32\HV-FDAA0.EXE
C:\Windows\system32\a5.ini
C:\Windows\system32\vt-7626.exe
C:\Windows\IFinst27.exe
C:\Windows\system32\og.dll
C:\Windows\system32\ul.dll

Registry values to delete:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | kisys64

Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{07C7156E-D651-4ACC-9AD3-498C916E9651}

● Execute o programa Avenger, dando dois cliques em avenger.exe;
● Clique no menu Load Script > Paste from Clipboard;
● Clique no botão Execute > Yes > OK;
● Seu computador será reiniciado;
● Será gerado um log em C:\avenger.txt

Cole este log em sua próxima resposta.

Gere um novo log do RSIT e cole em sua resposta, juntamente com o do Avenger.

tavinhogd · 21/07/2009

log hijackthis

desinstalei o ASK Toolbar, aqui está log do hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:16:13, on 21/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
C:\Arquivos de programas\uTorrent\uTorrent.exe
C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9724CA61-AFCA-4497-9830-ACF318608A5D}: NameServer = 204.74.97.104,69.111.95.106
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4045 bytes

vlw

Mr.Wolf · 21/07/2009

Opa tavinhogd, o log está limpo

Algo mais em que eu possa lhe ajudar?

victoram · 21/07/2009

Log do avenger

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\system32\new.exe" deleted successfully.

Error: file "C:\Windows\system32\awvur.dll" not found!
Deletion of file "C:\Windows\system32\awvur.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Windows\system32\vt-7326.exe" deleted successfully.
File "C:\Windows\system32\HV-FDAA0.EXE" deleted successfully.
File "C:\Windows\system32\a5.ini" deleted successfully.
File "C:\Windows\system32\vt-7626.exe" deleted successfully.
File "C:\Windows\IFinst27.exe" deleted successfully.
File "C:\Windows\system32\og.dll" deleted successfully.
File "C:\Windows\system32\ul.dll" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|kisys64" deleted successfully.

Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{07C7156E-D651-4ACC-9AD3-498C916E9651}" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{07C7156E-D651-4ACC-9AD3-498C916E9651}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

Novo LOG do RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Felipe at 2009-07-21 18:32:53
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 2 GB (3%) free of 44 GB
Total RAM: 1013 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:33:13, on 21/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Windows\3xHybridRMT.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\vsnpstd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\rundll32.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\Felipe\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Felipe\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Felipe.exe

O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\Windows\3xHybridRMT.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: REALTEK USB Wireless LAN Utility.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD7/JSCDL/...6u13-windows-i586-jc.cab&BHost=javadl.sun.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - (no file)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 8859 bytes

======Scheduled tasks folder======

C:\Windows\tasks\RtlVistaStart.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-02-06 61808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programa Auxiliar de Início de Sessão do Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-27 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-16 815104]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2006-11-22 90191]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2006-11-22 7757824]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2006-11-22 81920]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-12-01 4186112]
"PCMService"=C:\Program Files\Acer\Acer Arcade\PCMService.exe [2006-11-18 151552]
"Acer Product Registration"=C:\Program Files\Acer Registration\ACE1.exe [2006-12-13 3166208]
"SetPanel"= []
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2006-11-17 479232]
"eRecoveryService"= []
"TV Card Remote Control Device Monitor"=C:\Windows\3xHybridRMT.exe [2007-03-09 466944]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2007-05-14 35328]
"QuickTime Task"=C:\Program Files\VistaCodecPack\QT\QTTask.exe [2007-06-29 286720]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-12-03 2213160]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-01-02 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-01-02 166424]
"snpstd"=C:\Windows\vsnpstd.exe [2003-12-31 40960]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"fssui"=C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-02-06 454000]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-27 148888]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-05-14 2029640]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2007-12-13 1688872]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
REALTEK USB Wireless LAN Utility.lnk - C:\Program Files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-01-02 200704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{07C7156E-D651-4ACC-9AD3-498C916E9651}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\Windows\system32\awvur.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Puxa Rápido\PuxaRapido.exe"="C:\Program Files\Puxa Rápido\PuxaRapido.exe:*:Enabled

uxa Rápido"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-07-21 18:25:57 ----D---- C:\Avenger
2009-07-21 18:25:57 ----A---- C:\avenger.txt
2009-07-21 16:57:39 ----D---- C:\rsit
2009-07-20 17:41:57 ----D---- C:\Program Files\abgx360
2009-07-19 09:28:50 ----D---- C:\ProgramData\ESET
2009-07-19 09:28:50 ----D---- C:\Program Files\ESET
2009-07-18 21:06:50 ----D---- C:\Program Files\Trend Micro
2009-07-17 23:02:25 ----D---- C:\Users\Felipe\AppData\Roaming\Hamachi
2009-07-17 22:58:48 ----D---- C:\Program Files\Hamachi

======List of files/folders modified in the last 1 months======

2009-07-21 18:32:58 ----D---- C:\Windows\Temp
2009-07-21 18:31:43 ----D---- C:\Windows\System32
2009-07-21 18:31:43 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-07-21 18:31:42 ----D---- C:\Windows\inf
2009-07-21 18:28:46 ----D---- C:\Program Files\Mozilla Firefox
2009-07-21 18:25:58 ----D---- C:\Windows
2009-07-21 18:25:57 ----D---- C:\Windows\system32\drivers
2009-07-21 18:23:24 ----D---- C:\Users\Felipe\AppData\Roaming\uTorrent
2009-07-21 18:23:01 ----D---- C:\Windows\Prefetch
2009-07-21 17:04:14 ----D---- C:\Windows\Minidump
2009-07-21 16:27:20 ----A---- C:\Windows\NeroDigital.ini
2009-07-21 04:07:27 ----SHD---- C:\System Volume Information
2009-07-20 17:41:57 ----RD---- C:\Program Files
2009-07-19 09:30:38 ----SHD---- C:\Windows\Installer
2009-07-19 09:30:37 ----HD---- C:\Config.Msi
2009-07-19 09:28:50 ----HD---- C:\ProgramData
2009-07-18 21:00:51 ----D---- C:\Program Files\Fraps
2009-07-17 17:38:39 ----D---- C:\Windows\system32\catroot2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2007-04-28 110360]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver; C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
R2 {2FF8D163-C3C2-46ce-BD8D-D85AC1BC56DD};{2FF8D163-C3C2-46ce-BD8D-D85AC1BC56DD}; \??\C:\Program Files\Acer\Acer Arcade\000.fcl [2006-11-18 6656]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2009-05-14 93312]
R2 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2008-12-08 55264]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 69632]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-19 95744]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-10-05 1161152]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2006-11-10 506368]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-07-17 25280]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-12-01 1655464]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2006-12-05 6144]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-16 179896]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2006-07-06 168448]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-08 194560]
S1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys []
S2 713xTVCard;SAA7135 TV Card; C:\Windows\system32\DRIVERS\SAA713x.sys [2006-08-29 289280]
S2 WDMTVTuner;Universal WDM TV Tuner; C:\Windows\system32\drivers\WDMTuner.sys [2006-08-29 26880]
S3 3xHybrid;SAA7135 TV Card Service; C:\Windows\system32\DRIVERS\3xHybrid.sys [2007-01-24 716160]
S3 CCCP106;D-Link CIF Webcam; C:\Windows\system32\DRIVERS\cccp106.sys [2003-05-06 227200]
S3 ddsxeiservice;ddsxeiservice2; \??\C:\Program Files\sXe Injected\ddsxei.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2007-06-27 53184]
S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2007-06-27 71488]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 npkcrypt;npkcrypt; \??\D:\Gravity\RO\npkcrypt.sys []
S3 npkycryp;npkycryp; \??\D:\Gravity\RO\npkycryp.sys []
S3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2006-11-02 30720]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-11-22 4455264]
S3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187.sys [2007-05-21 248320]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [2006-11-18 254050]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe [2006-11-18 114784]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [2006-11-18 1073152]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2006-11-16 45056]
R2 fsssvc;Segurança Familiar do Windows Live; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-12-03 869672]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-01-21 143360]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-12-13 447784]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-05-14 20680]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

o computador ja deu boot mais rapido!
A, só pra falar mesmo, antes de lhe pedir ajuda eu instalei o nod32 4 aqui (o pc estava sem anti virus ou chame de avg se quiser) e ele achou 21 arquivos infectados, e talvez seja isso que desativou o root kit, não?

Etdet · 21/07/2009

Mr.Wolf disse:
Amigo Etdet, temos um enorme problema pela frente! Você está infectado por um tipo de vírus chamado File Infector e suas variantes -- o Parite. Este vírus contamina arquivos executáveis (.exe) legítmos do computador. Veja que até mesmo os arquivos do Malwarebytes foram contaminados pelo vírus.

Não utilize o Malwarebytes até que os arquivos dele estejam desinfectados Etdet. E após limpar o computador, reinstale o Malwarebytes.

Siga as instruções abaixo Etdet:

Clique com o botão direito do mouse sobre Meu Computador e selecione Propriedades. Clique na aba Restauração do Sistema e marque a opção "Desativar restauração do sistema" > OK. Deixe, por enquanto, este recurso desativado.

1ª Etapa

- Baixe esta ferramenta abaixo:
http://files.avast.com/files/eng/aswclnr.exe

- Desconecte seu PC da internet ou de alguma rede em que ele esteja conectado.

- Desative o ESET Smart Security (por completo) temporariamente

- Execute a ferramenta. Aguarde até o término. Caso ele encontre o virus na memória, será pedido para que o PC seja reiniciado. Ao voltar, pode ser que a ferramenta faça algum outro escaneamento para completar a remoção.

2ª Etapa

- Faça o download do AVZ4 e salve-o no desktop;

- Extraia os arquivos do WinZip para o desktop, onde será criada uma pasta chamada avz4 no mesmo local;
- Entre nesta pasta e dê um duplo clique sobre o arquivo AVZ.exe para rodar a ferramenta;
- Ao abrir a janela do programa, clique no menu File > Database Update. Ou clique no botão

no canto direito do painel da ferramenta, e clique no botão Start para atualizar a ferramenta;
- Clique no menu File > Standard scripts e marque a opção "2. Advanced System Analysis";
- Clique então no botão Execute selected scripts e clique em Yes na próxima mensagem. Aguarde a análise;
- Quando a análise terminar, clique em OK na mensagem. Voltando à janela Standard scripts, clique em Close para fechá-la. E feche também a janela do AVZ4;
- Vá até a pasta avz4 no desktop, e abra a pasta LOG que está dentro dela;
- Nesta estará os logs e uma pasta zipada denominada: virusinfo_syscheck.zip.

Anexe esta pasta em sua próxima resposta.

aswclnr

21/7/2009, 22:06:53
Escaneamento da memória iniciado...
Não foi encontrado nenhum corpo de vírus na memória.
Escaneamento da memória terminado (48,3s).
----------
Escaneamento de arquivos iniciado...
C:\Arquivos de programas\Cobian Backup 9\DB\log.txt... o arquivo não pôde ser escaneado!
C:\WINDOWS\system32\drivers\sptd.sys... o arquivo não pôde ser escaneado!
C:\WINDOWS\Temp\sqlite_aOJqQGTVsFUqWyP... o arquivo não pôde ser escaneado!
C:\WINDOWS\Temp\sqlite_BQy2HwcuTVTeQn1... o arquivo não pôde ser escaneado!
C:\WINDOWS\Temp\sqlite_nYl2UI8jmybuQAY... o arquivo não pôde ser escaneado!
E:\Disk C\Documents and Settings\Ludson\Favoritos\Importantes 4\...wWw.IndicePS2.com......wWw.IndicePS2.com... Juegos de PS2 ripeados, full DVD, Etc....url... o arquivo não pôde ser escaneado!
Não foi encontrado nenhum corpo de vírus.
Escaneamento de arquivos terminado (118679 arquivos, 0 infectado(s), 1140,6s).
Drives escaneados: C: D: E:
----------

anexo voce pediu ta ai!

aguardo a resposta

skywalkerpg · 22/07/2009

Cara, eu fiz o que pediu e tal só que agora está muito pior do que antes =/
Aconteceu o seguinte, eu fiz aquilo de puxar o arquivo pra cima do combofix ai abriu uma tela azul do prompt de comando e disse que tinha que baixar um negocio da microsoft, eu cliquei em sim, ai apareceu no prompt escrito que tava fazendo download, esperei até que disse que estava instalado e então começou a aparecer no prompt analisando um monte de diretorios e também escrito "Etapa 1" "Etapa 2" "Etapa 3" e assim foi até a 49 se não me engano ai o PC reiniciou e notei que agora na inicialização aparece escrito duas opções pra entrar, a de entrar no windows XP normal e outra chamada "microsoft windows recovery console" sendo que mais tarde tentei clicar nela, apareceu que estava preparando para recuperar, carregou uma barrinha e deu tela azul e só voltou ao normal quando apertei reset.
Quando eu entrei no windows apareceu de novo o prompt azul escrito para não usar outros programas enquanto ele estivesse sendo rodado, então esperei, mas já tinha notado que o icone de conexão à internet etava com "conectividade nula ou limitada" mas esperei, quando terminou gerou o log e apareceu escrito par eu ter certeza que estava conectado na internet para eles enviarem o relatorio, e então fui tentar desativar a conexão para ativar de novo e ver se funcionava, mas ao tentar fazer isso aparece escrito na tela

"Não é possível desativar a conexão desta vez Esta conexão pode estar usando um ou mais protocoles que não oferecem suporte a Plug-and-Play, ou pode ter sido iniciada por outro usuário ou conta do sistema."

Se mando reparar a conexão fala que não pode, reiniciei o pc para ver se voltava ao normal e percebi que agora demora um bocado para aparecerem os computadorezinhos do lado do relogio e se eu tento entrar na pasta "conexões de rede" da pau no explorer e fica um tempão até voltar ao normal, sendo que quando volta os computadores do lado do relogio indicando conexão aparecem mas ainda como conexão nula, tentei então reparar o sistema, na hora que estava reiniciando aparecia que deu pau em um programa chamado "Generic Host Process" que não sei se tem a ver com o que ocorreu, mas bom quando reinicia o computador diz que a restauração foi interrompida e que eu não posso fazer isso.
Cara tem jeito de voltar a internet ao normal e tirar aquele negocio da microsoft do inicio do windows sem ter que formatar? Tenho muitos arquivos importantes pra mim e ia perder muita coisa com uma formatação, tudo bem se ficar igual antes com trojans, incomodava o avira apitando de vez em quando mas fora isso o pc não ficava leno então da pra sobreviver hehehehe mas formatação é bem ruim pra mim, eu estou usando outro pc pra mandar essa mensagem. Aqui está o log que salvou:

ComboFix 09-07-21.03 - Sky 22/07/2009 3:31.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1244 [GMT -3:00]
Executando de: c:\documents and settings\Sky\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Sky\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\docume~1\sky\dadosd~1\inst.exe"
"c:\docume~1\sky\dadosd~1\pcouffin.sys"
"c:\windows\iun6002.exe"
"c:\windows\system32\BReWErS.dll"
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\congo jungle\Congo BG (tipo melee)\1\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\congo jungle\Congo BG (tipo melee)\10\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\congo jungle\Congo BG (tipo melee)\11\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\congo jungle\Congo BG (tipo melee)\12\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\congo jungle\Congo BG (tipo melee)\13\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\congo jungle\Congo BG (tipo melee)\14\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\congo jungle\Congo BG (tipo melee)\15\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\congo jungle\Congo BG (tipo melee)\16\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\congo jungle\Congo BG (tipo melee)\17\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\congo jungle\Congo BG (tipo melee)\18\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\congo jungle\Congo BG (tipo melee)\19\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\congo jungle\Congo BG (tipo melee)\2\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\congo jungle\Congo BG (tipo melee)\20\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\congo jungle\Congo BG (tipo melee)\21\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\congo jungle\Congo BG (tipo melee)\22\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\congo jungle\Congo BG (tipo melee)\23\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\congo jungle\Congo BG (tipo melee)\24\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\congo jungle\Congo BG (tipo melee)\25\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\congo jungle\Congo BG (tipo melee)\26\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\congo jungle\Congo BG (tipo melee)\27\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\congo jungle\Congo BG (tipo melee)\3\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\congo jungle\Congo BG (tipo melee)\4\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\congo jungle\Congo BG (tipo melee)\5\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\congo jungle\Congo BG (tipo melee)\6\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\congo jungle\Congo BG (tipo melee)\7\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\congo jungle\Congo BG (tipo melee)\8\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\congo jungle\Congo BG (tipo melee)\9\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\congo jungle\Congo BG (tipo melee)\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\final destination BG\1\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\final destination BG\2\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\final destination BG\3\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\final destination BG\34\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\final destination BG\35\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\final destination BG\36\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\final destination BG\37\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\final destination BG\38\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\final destination BG\39\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\final destination BG\4\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\final destination BG\40\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\final destination BG\41\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\final destination BG\42\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\final destination BG\43\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\final destination BG\44\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\final destination BG\5\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\final destination BG\6\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\final destination BG\7\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\final destination BG\8\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\final destination BG\9\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\final destination\Final Destination BG (movible)\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\01\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\010\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\011\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\012\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\013\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\014\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\015\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\016\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\017\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\018\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\019\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\02\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\020\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\021\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\022\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\023\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\024\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\025\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\026\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\027\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\028\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\029\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\03\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\030\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\031\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\032\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\033\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\034\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\035\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\036\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\037\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\038\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\039\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\04\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\040\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\041\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\042\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\043\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\044\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\05\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\06\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\07\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\08\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\09\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\BG\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\mushroom kingdom\Mushroom Kingdom (BRAWL)\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\sector Z\Background de Fox\34\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\sector Z\Background de Fox\35\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\sector Z\Background de Fox\36\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\sector Z\Background de Fox\37\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\sector Z\Background de Fox\38\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\sector Z\Background de Fox\39\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\sector Z\Background de Fox\40\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\sector Z\Background de Fox\41\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\sector Z\Background de Fox\42\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\sector Z\Background de Fox\43\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\estages1\sector Z\Background de Fox\44\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\BG\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Data Menu\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Dings\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Einzelspieler\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Go!\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Options Menu\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Fonts\Big\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Fonts\Damage Indicator\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Fonts\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Fonts\Misc\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Fonts\Outline\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Fonts\Small\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Pause and Controller Buttons\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Stage Finish\Bonus\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Stage Finish\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Stage Finish\Numbers\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Stages Names\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Tabs\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Textos Menu\Datos\Datos de los personajes\Captain Falcon\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Textos Menu\Datos\Datos de los personajes\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Textos Menu\Datos\Datos de los personajes\Donkey Kong\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Textos Menu\Datos\Datos de los personajes\Fox McCloud\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Textos Menu\Datos\Datos de los personajes\Jigglypuff\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Textos Menu\Datos\Datos de los personajes\Kirby\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Textos Menu\Datos\Datos de los personajes\Link\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Textos Menu\Datos\Datos de los personajes\Luigi\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Textos Menu\Datos\Datos de los personajes\Mario\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Textos Menu\Datos\Datos de los personajes\Moves\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Textos Menu\Datos\Datos de los personajes\Ness\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Textos Menu\Datos\Datos de los personajes\Pikachu\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Textos Menu\Datos\Datos de los personajes\Samus Aran\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Textos Menu\Datos\Datos de los personajes\Works\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Textos Menu\Datos\Datos de los personajes\Yoshi\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Textos Menu\Datos\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Textos Menu\Datos\Record Vs\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Textos Menu\Datos\Record Vs\Iconos\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Textos Menu\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Textos Menu\Modo VS\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Textos Menu\Opciones\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Textos Menu\Un jugador\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Text\Training Mode\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Versus Menu\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\Versus Menu\VS Mode Results\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\VS Options Items\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\menu\Main Menu\VS Options\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\otros\GAME SET BETA no acabado\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\otros\Simbolos\De Batalla\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\otros\Simbolos\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\otros\Simbolos\Seleccion de Personajes\Desktop_.ini
c:\arquivos de programas\Emuladores\Nintendo 64\textures-load\SMASH BROTHERS\personajes\c.falcon\Blue Falcon\Desktop_.ini
c:\documents and settings\Sky\Dados de aplicativos\inst.exe
c:\windows\Installer\4982f29.msi
c:\windows\Installer\4982f2a.msp
c:\windows\Installer\4982f2b.msp
c:\windows\Installer\4982f2c.msp
c:\windows\Installer\4982f2d.msp
c:\windows\Installer\4982f2e.msp
c:\windows\Installer\4982f2f.msp
c:\windows\Installer\4982f30.msp
c:\windows\iun6002.exe
c:\windows\system32\sfcfiles.dll
c:\windows\system32\w32apiw.dll

.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-22 to 2009-07-22 ))))))))))))))))))))))))))))
.

2009-07-19 13:53 . 2009-07-19 13:53 -------- d-----w- c:\documents and settings\Sky\Dados de aplicativos\Malwarebytes
2009-07-19 13:53 . 2009-07-13 16:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-19 13:53 . 2009-07-19 13:53 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2009-07-19 13:53 . 2009-07-19 13:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2009-07-19 13:53 . 2009-07-13 16:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-17 04:25 . 2009-07-21 06:37 139016 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-15 00:03 . 2009-07-21 06:36 189488 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-13 15:11 . 2009-07-13 15:11 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-13 15:11 . 2009-07-13 15:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com
2009-07-13 05:25 . 2009-07-16 13:53 117760 ----a-w- c:\documents and settings\Sky\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-13 05:24 . 2009-07-16 13:53 -------- d-----w- c:\arquivos de programas\SUPERAntiSpyware
2009-07-13 05:24 . 2009-07-13 05:24 -------- d-----w- c:\documents and settings\Sky\Dados de aplicativos\SUPERAntiSpyware.com
2009-07-07 00:18 . 2009-07-07 00:37 -------- d-----w- c:\documents and settings\Sky\Dados de aplicativos\ImgBurn
2009-07-07 00:17 . 2009-07-07 00:17 -------- d-----w- c:\arquivos de programas\ImgBurn
2009-07-03 16:15 . 2009-07-03 16:15 -------- d-----w- c:\documents and settings\Sky\Dados de aplicativos\Activision
2009-07-03 16:15 . 2009-07-03 16:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Activision
2009-06-26 15:02 . 2009-06-25 19:36 1291640 ----a-w- c:\documents and settings\Sky\Dados de aplicativos\Mozilla\Firefox\Profiles\pleipi00.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-06-26 15:02 . 2009-06-25 19:36 729088 ----a-w- c:\documents and settings\Sky\Dados de aplicativos\Mozilla\Firefox\Profiles\pleipi00.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-06-26 09:13 . 2009-06-26 09:13 139152 ----a-w- c:\documents and settings\Sky\Dados de aplicativos\PnkBstrK.sys
2009-06-26 09:12 . 2009-07-17 04:22 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-26 09:12 . 2009-07-15 21:06 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-06-26 07:16 . 2009-06-26 07:16 -------- d-----w- c:\arquivos de programas\EA Games

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-22 06:55 . 2009-05-22 14:30 -------- d-----w- c:\arquivos de programas\Steam
2009-07-22 02:03 . 2009-06-03 20:48 -------- d-----w- c:\arquivos de programas\Garena
2009-07-21 00:52 . 2008-11-02 17:24 -------- d-----w- c:\arquivos de programas\Windows Live Safety Center
2009-07-16 17:53 . 2008-10-30 16:38 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live
2009-07-15 22:46 . 2008-10-30 16:20 -------- d-----w- c:\arquivos de programas\Gravador
2009-07-15 03:57 . 2009-05-24 00:05 23 ----a-w- c:\windows\popcinfot.dat
2009-07-13 05:23 . 2009-03-06 18:16 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard
2009-07-12 03:39 . 2008-10-30 00:12 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-07-10 21:55 . 2008-10-30 21:36 -------- d-----w- c:\arquivos de programas\LucasArts
2009-07-06 05:03 . 2009-06-09 06:02 -------- d-----w- c:\arquivos de programas\Electronic Arts
2009-06-30 04:12 . 2009-05-06 00:53 -------- d-----w- c:\documents and settings\Sky\Dados de aplicativos\teamspeak2
2009-06-29 18:22 . 2009-04-25 18:52 96 ---ha-w- c:\windows\system32\HsInfo.dat
2009-06-24 02:03 . 2009-02-14 01:30 -------- d-----w- c:\arquivos de programas\Megacubo
2009-06-24 01:57 . 2008-11-12 12:30 -------- d-----w- c:\arquivos de programas\Activision
2009-06-19 04:04 . 2009-06-19 04:04 106496 ----a-w- c:\windows\Cuninst.exe
2009-06-18 21:17 . 2009-06-18 07:22 418480 ----a-w- c:\windows\system32\wrap_oal.dll
2009-06-18 21:17 . 2009-06-18 07:22 115432 ----a-w- c:\windows\system32\OpenAL32.dll
2009-06-18 17:43 . 2009-06-18 17:43 3709 ----a-w- c:\windows\system32\sdbackup.reg
2009-06-18 07:26 . 2009-06-18 07:26 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\wanted
2009-06-18 07:23 . 2009-03-06 18:22 -------- d-----w- c:\arquivos de programas\AGEIA Technologies
2009-06-18 07:22 . 2009-06-18 07:22 -------- d-----w- c:\arquivos de programas\OpenAL
2009-06-14 22:24 . 2009-06-14 21:46 -------- d-----w- c:\documents and settings\Sky\Dados de aplicativos\Hamachi
2009-06-14 22:20 . 2009-06-14 22:20 3774 ----a-r- c:\documents and settings\Sky\Dados de aplicativos\Microsoft\Installer\{A4957F2C-A8C1-4575-A5C7-78BCDA42A83A}\_B200E49132AB7CA622D161.exe
2009-06-14 22:20 . 2009-06-14 22:20 3774 ----a-r- c:\documents and settings\Sky\Dados de aplicativos\Microsoft\Installer\{A4957F2C-A8C1-4575-A5C7-78BCDA42A83A}\_156CF089B169BB4F6F5351.exe
2009-06-14 21:45 . 2009-06-14 21:45 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-06-14 07:44 . 2009-06-14 07:44 -------- d-----w- c:\arquivos de programas\Beatnik Games
2009-06-14 07:43 . 2009-06-14 07:43 -------- d-----w- c:\arquivos de programas\Microsoft XNA
2009-06-12 18:21 . 2009-06-12 18:21 -------- d-----w- c:\arquivos de programas\NovaLogic
2009-06-12 05:03 . 2009-06-12 05:03 -------- d-----w- c:\documents and settings\Sky\Dados de aplicativos\Apple Computer
2009-06-12 04:57 . 2009-03-21 11:49 -------- d-----w- c:\arquivos de programas\QuickTime
2009-06-12 04:55 . 2009-06-12 04:55 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer
2009-06-12 04:40 . 2009-06-12 04:40 -------- d-----w- c:\arquivos de programas\Sierra On-Line
2009-06-12 01:52 . 2009-06-12 00:19 -------- d-----w- c:\arquivos de programas\Silver Style Entertainment
2009-06-12 01:52 . 2009-06-12 00:27 -------- d-----w- c:\documents and settings\Sky\Dados de aplicativos\Silver Style Entertainment
2009-06-08 05:44 . 2008-11-03 13:38 -------- d-----w- c:\documents and settings\Sky\Dados de aplicativos\Free Download Manager
2009-06-03 04:46 . 2009-03-28 00:51 -------- d-----w- c:\arquivos de programas\TextAloud
2009-05-24 22:11 . 2009-05-24 22:11 -------- d-----w- c:\arquivos de programas\Sun
2009-05-24 22:10 . 2008-11-27 00:02 -------- d-----w- c:\arquivos de programas\Java
2009-05-21 23:24 . 2009-05-21 23:24 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-17 00:26 . 2009-05-17 00:26 25214 ----a-r- c:\documents and settings\Sky\Dados de aplicativos\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
2009-05-17 00:26 . 2009-05-17 00:26 25214 ----a-r- c:\documents and settings\Sky\Dados de aplicativos\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-05-17 00:26 . 2009-05-17 00:26 25214 ----a-r- c:\documents and settings\Sky\Dados de aplicativos\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-05-17 00:26 . 2009-05-17 00:26 25214 ----a-r- c:\documents and settings\Sky\Dados de aplicativos\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-05-17 00:26 . 2009-05-17 00:26 25214 ----a-r- c:\documents and settings\Sky\Dados de aplicativos\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-05-17 00:26 . 2009-05-17 00:26 25214 ----a-r- c:\documents and settings\Sky\Dados de aplicativos\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ARPPRODUCTICON.exe
2009-05-01 03:31 . 2009-05-01 03:31 1657376 ----a-w- c:\windows\system32\nwiz.exe
2009-05-01 03:31 . 2009-05-01 03:31 449056 ----a-w- c:\windows\system32\nvappbar.exe
2009-05-01 03:31 . 2009-05-01 03:31 436768 ----a-w- c:\windows\system32\keystone.exe
2009-05-01 03:31 . 2009-05-01 03:31 466944 ----a-w- c:\windows\system32\nvshell.dll
2009-05-01 03:31 . 2009-05-01 03:31 1724416 ----a-w- c:\windows\system32\nvwdmcpl.dll
2009-05-01 03:31 . 2009-05-01 03:31 1507328 ----a-w- c:\windows\system32\nview.dll
2009-05-01 03:31 . 2009-05-01 03:31 1101824 ----a-w- c:\windows\system32\nvwimg.dll
2009-05-01 01:02 . 2009-05-01 01:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll
2009-05-01 01:02 . 2009-05-01 01:02 1579630 ----a-w- c:\windows\system32\nvdata.bin
2009-05-01 01:02 . 2009-05-01 01:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-05-01 01:02 . 2008-10-30 01:18 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-05-01 01:02 . 2008-09-17 11:55 9994240 ----a-w- c:\windows\system32\nvoglnt.dll
2009-05-01 01:02 . 2008-09-17 11:55 806912 ----a-w- c:\windows\system32\nvapi.dll
2009-05-01 01:02 . 2008-09-17 11:55 8055584 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-05-01 01:02 . 2008-09-17 11:55 5896320 ----a-w- c:\windows\system32\nv4_disp.dll
2009-05-01 01:02 . 2008-09-17 11:55 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-05-01 01:02 . 2008-09-17 11:55 143360 ----a-w- c:\windows\system32\nvcodins.dll
2009-05-01 01:02 . 2008-09-17 11:55 143360 ----a-w- c:\windows\system32\nvcod.dll
2009-04-27 03:42 . 2008-10-30 00:38 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-07-22 05:51 . 2008-10-30 00:27 134648 ----a-w- c:\arquivos de programas\mozilla firefox\components\brwsrcmp.dll
2008-10-31 15:37 . 2008-10-31 15:37 122880 ----a-w- c:\arquivos de programas\mozilla firefox\components\GoogleDesktopMozilla.dll
.

------- Sigcheck -------

[-] 2008-04-14 12:00 14336 ED2D69CD4B0EBE37EFE11D4DC4ABC68F c:\windows\system32\svchost.exe
[-] 2008-04-14 12:00 14336 ED2D69CD4B0EBE37EFE11D4DC4ABC68F c:\windows\system32\dllcache\svchost.exe

[-] 2008-04-14 12:00 579072 54907DB28872A7A6D3EE2B4747A23828 c:\windows\system32\user32.dll
[-] 2008-04-14 12:00 579072 54907DB28872A7A6D3EE2B4747A23828 c:\windows\system32\dllcache\user32.dll

[-] 2008-04-14 12:00 82432 1FA3C4B2D7E35176E65FB69AB597B0F0 c:\windows\system32\ws2_32.dll
[-] 2008-04-14 12:00 82432 1FA3C4B2D7E35176E65FB69AB597B0F0 c:\windows\system32\dllcache\ws2_32.dll

[-] 2008-08-26 09:10 827904 CC9CD001AE0FF30D0E16A172BF39576A c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-10-16 19:33 827904 4BCD45D77BD42A5E9C2DD2E847A5467E c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-04-14 12:00 668160 DF6D0F37A71883BE3505DD517EB8AD83 c:\windows\ie7\wininet.dll
[-] 2007-08-13 20:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-08-26 08:11 826368 ACB8649F0EFDCC6D7B081E3BC213B93A c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-10-16 20:23 826368 779479E6F38BC77831F26BD9AAE3FAD3 c:\windows\system32\wininet.dll
[-] 2008-10-16 20:23 826368 779479E6F38BC77831F26BD9AAE3FAD3 c:\windows\system32\dllcache\wininet.dll

[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\SoftwareDistribution\Download\abc8d424bc7438e463cef8a2ec1c00e4\sp3gdr\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\SoftwareDistribution\Download\abc8d424bc7438e463cef8a2ec1c00e4\sp3qfe\tcpip.sys
[-] 2008-04-14 12:00 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\system32\dllcache\tcpip.sys
[-] 2008-04-14 12:00 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-14 12:00 509952 71D440F79B711627B12B567FB2EADB42 c:\windows\system32\winlogon.exe
[-] 2008-04-14 12:00 509952 71D440F79B711627B12B567FB2EADB42 c:\windows\system32\dllcache\winlogon.exe

[-] 2008-04-14 12:00 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\dllcache\ndis.sys
[-] 2008-04-14 12:00 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

[-] 2008-04-14 12:00 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\dllcache\ip6fw.sys
[-] 2008-04-14 12:00 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

[-] 2008-08-14 21:26 2070272 586A93E0C23F6A1893F6706F36B22598 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-04-14 12:00 2028032 763EE1C250EC83EFD11FBF51AC4A6D82 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2008-08-14 13:24 2070272 A62251C7C1F0DBC3241ABF1985EDE75E c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-08-14 13:24 2028032 616D6CD2B6AD2B022234C4A524DB3E46 c:\windows\system32\ntkrnlpa.exe
[-] 2008-08-14 13:24 2070272 A62251C7C1F0DBC3241ABF1985EDE75E c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2008-08-14 21:26 2193408 A42CC3CFC02A7B2BAEC7B0D45808B257 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-04-14 12:00 2149376 0ED0AB8E279126064A46A73A5ED59069 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2008-08-14 13:24 2193408 04BA43B0D2A13BD6B06D707299243CFC c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-08-14 13:24 2149376 023A1B1C004483AEEB4209239524DCC5 c:\windows\system32\ntoskrnl.exe
[-] 2008-08-14 13:24 2193408 04BA43B0D2A13BD6B06D707299243CFC c:\windows\system32\dllcache\ntoskrnl.exe

[-] 2008-04-14 12:00 1035776 064EC7FF5F58B928C3E119402977FA6D c:\windows\explorer.exe
[-] 2008-04-14 12:00 1035776 064EC7FF5F58B928C3E119402977FA6D c:\windows\system32\dllcache\explorer.exe

[-] 2008-04-14 12:00 109056 EE7999BAACA84CFAA03726E677EE2A33 c:\windows\system32\services.exe
[-] 2008-04-14 12:00 109056 EE7999BAACA84CFAA03726E677EE2A33 c:\windows\system32\dllcache\services.exe

[-] 2008-04-14 12:00 13312 9607142710D3B64AB7FCCE4BE4E30D37 c:\windows\system32\lsass.exe
[-] 2008-04-14 12:00 13312 9607142710D3B64AB7FCCE4BE4E30D37 c:\windows\system32\dllcache\lsass.exe

[-] 2008-04-14 12:00 15360 4E486ADFE3A0B9ED0EB0639902E9F64F c:\windows\system32\ctfmon.exe
[-] 2008-04-14 12:00 15360 4E486ADFE3A0B9ED0EB0639902E9F64F c:\windows\system32\dllcache\ctfmon.exe

[-] 2008-04-14 12:00 57856 AF1D9AE15C11163F576DF6ED6194B53C c:\windows\system32\spoolsv.exe
[-] 2008-04-14 12:00 57856 AF1D9AE15C11163F576DF6ED6194B53C c:\windows\system32\dllcache\spoolsv.exe

[-] 2008-04-14 12:00 26112 A7EA40F680163808D96F89B4FF991876 c:\windows\system32\userinit.exe
[-] 2008-04-14 12:00 26112 A7EA40F680163808D96F89B4FF991876 c:\windows\system32\dllcache\userinit.exe

[-] 2008-04-14 12:00 296960 0F4DB70DCE17B9DC1A5D835B1A5EE469 c:\windows\system32\termsrv.dll
[-] 2008-04-14 12:00 296960 0F4DB70DCE17B9DC1A5D835B1A5EE469 c:\windows\system32\dllcache\termsrv.dll

[-] 2008-04-14 12:00 1028608 68ECDAD8AE2768DE61C20C41A28CC0B0 c:\windows\system32\kernel32.dll
[-] 2008-04-14 12:00 1028608 68ECDAD8AE2768DE61C20C41A28CC0B0 c:\windows\system32\dllcache\kernel32.dll

[-] 2008-04-14 12:00 17408 C008BBC88156E0EE109C7FF445CD9555 c:\windows\system32\powrprof.dll
[-] 2008-04-14 12:00 17408 C008BBC88156E0EE109C7FF445CD9555 c:\windows\system32\dllcache\powrprof.dll

[-] 2008-04-14 12:00 110080 05C621EAA979D33A12F3B510FF4C6F9F c:\windows\system32\imm32.dll
[-] 2008-04-14 12:00 110080 05C621EAA979D33A12F3B510FF4C6F9F c:\windows\system32\dllcache\imm32.dll

[-] 2008-04-14 12:00 172032 27683D3EE8FCB7E620B25C8A84B329D6 c:\windows\system32\appmgmts.dll
[-] 2008-04-14 12:00 172032 27683D3EE8FCB7E620B25C8A84B329D6 c:\windows\system32\dllcache\appmgmts.dll

[-] 2008-04-14 12:00 25088 D3D4832B494CBF9A87CF86D7517013CB c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-14 12:00 821760 D3F8E8DBE93A80440CAC78B305B40A67 c:\windows\system32\comres.dll
[-] 2008-04-14 12:00 821760 D3F8E8DBE93A80440CAC78B305B40A67 c:\windows\system32\dllcache\comres.dll

[-] 2008-04-14 12:00 22016 5F6337EAC9EA401AA0F9040CB6F16C80 c:\windows\system32\lpk.dll
[-] 2008-04-14 12:00 22016 5F6337EAC9EA401AA0F9040CB6F16C80 c:\windows\system32\dllcache\lpk.dll

[-] 2008-04-14 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\beep.sys
[-] 2008-04-14 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\drivers\beep.sys

[-] 2008-04-14 12:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\dllcache\null.sys
[-] 2008-04-14 12:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\drivers\null.sys

[-] 2008-04-13 11:39 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\system32\dllcache\aec.sys
[-] 2008-04-13 11:39 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\system32\drivers\aec.sys

[-] 2008-04-14 12:00 927504 DAE8EC624824A8AD8660C2EF5F1ECE0B c:\windows\system32\mfc40u.dll
[-] 2008-04-14 12:00 927504 DAE8EC624824A8AD8660C2EF5F1ECE0B c:\windows\system32\dllcache\mfc40u.dll

[-] 2008-04-14 12:00 399360 E34A1B6160A90C7CB90BF2EE8D6AD921 c:\windows\system32\rpcss.dll
[-] 2008-04-14 12:00 399360 E34A1B6160A90C7CB90BF2EE8D6AD921 c:\windows\system32\dllcache\rpcss.dll

[-] 2008-04-14 12:00 33792 1DCE231F3E55B71B66AA0B7B8FD9BD97 c:\windows\system32\msgsvc.dll
[-] 2008-04-14 12:00 33792 1DCE231F3E55B71B66AA0B7B8FD9BD97 c:\windows\system32\dllcache\msgsvc.dll

[-] 2008-04-14 12:00 617472 085C5892D9C1E19B3CEFD1B79F5BBF13 c:\windows\system32\comctl32.dll
[-] 2008-04-14 12:00 617472 085C5892D9C1E19B3CEFD1B79F5BBF13 c:\windows\system32\dllcache\comctl32.dll
[-] 2008-04-14 12:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2008-04-14 12:00 1054208 3356DF9145BC1AD45B43C528F9F7527C c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 2008-04-14 12:00 11904 EBD5CF43AD9526EAB9B2A15A54760EA9 c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-14 12:00 5120 39FD0DD101277F7261C7D602462C9A95 c:\windows\system32\sfc.dll
[-] 2008-04-14 12:00 5120 39FD0DD101277F7261C7D602462C9A95 c:\windows\system32\dllcache\sfc.dll

[-] 2008-04-14 12:00 171520 4423787F4261EE43B7341429AF0CBB77 c:\windows\system32\srsvc.dll
[-] 2008-04-14 12:00 171520 4423787F4261EE43B7341429AF0CBB77 c:\windows\system32\dllcache\srsvc.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
"Google Update"="c:\documents and settings\Sky\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2009-04-13 133104]
"Steam"="c:\arquivos de programas\Steam\Steam.exe" [2009-06-10 1217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-31 30192]
"googletalk"="c:\arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 3735552]
"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-01 86016]
"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2009-06-12 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Sky\Menu Iniciar\Programas\Inicializar\
Mozilla Firefox (2).lnk - c:\arquivos de programas\Mozilla Firefox\firefox.exe [2008-10-29 307704]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Barra de atalhos do Microsoft Office.lnk - c:\windows\Installer\{00000416-78E1-11D2-B60F-006097C998E7}\misc.exe [2008-11-2 28160]
Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 15:05 356352 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\arquiv~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\BitComet\\BitComet.exe"=
"c:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Arquivos de programas\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Arquivos de programas\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Arquivos de programas\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Arquivos de programas\\SiSoftware\\SiSoftware Sandra Lite 2009\\RpcAgentSrv.exe"=
"c:\\Arquivos de programas\\SiSoftware\\SiSoftware Sandra Lite 2009\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"c:\\Arquivos de programas\\ICQ6.5\\ICQ.exe"=
"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Arquivos de programas\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15038:TCP"= 15038:TCP:BitComet 15038 TCP
"15038:UDP"= 15038:UDP:BitComet 15038 UDP
"22036:TCP"= 22036:TCP:BitComet 22036 TCP
"22036:UDP"= 22036:UDP:BitComet 22036 UDP
"24816:TCP"= 24816:TCP:nerdmaldito

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled

xpsp3res.dll,-20000
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled

xpsp2res.dll,-22019
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= c:\arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled

xpsp3res.dll,-20000
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled

xpsp2res.dll,-22019
"c:\\Arquivos de programas\\BitComet\\BitComet.exe"= c:\arquivos de programas\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client
"c:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"= c:\arquivos de programas\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"= c:\arquivos de programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove
"c:\\Arquivos de programas\\IncrediMail\\bin\\ImApp.exe"= c:\arquivos de programas\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail
"c:\\Arquivos de programas\\IncrediMail\\bin\\IncMail.exe"= c:\arquivos de programas\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail
"c:\\Arquivos de programas\\IncrediMail\\bin\\ImpCnt.exe"= c:\arquivos de programas\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail
"c:\\Arquivos de programas\\SiSoftware\\SiSoftware Sandra Lite 2009\\RpcAgentSrv.exe"= c:\arquivos de programas\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service
"c:\\Arquivos de programas\\SiSoftware\\SiSoftware Sandra Lite 2009\\WNt500x86\\RpcSandraSrv.exe"= c:\arquivos de programas\SiSoftware\SiSoftware Sandra Lite 2009\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= c:\arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype
"c:\\Arquivos de programas\\ICQ6.5\\ICQ.exe"= c:\arquivos de programas\ICQ6.5\ICQ.exe:*:Enabled:ICQ6
"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"= c:\arquivos de programas\Megacubo\megacubo.exe:*:Enabled:MegaCubo
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= c:\windows\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistência Remota - Windows Messenger e Voz
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= c:\arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"c:\\Arquivos de programas\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"= c:\arquivos de programas\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:*:Enabled

eggle Extreme
"c:\\WINDOWS\\system32\\PnkBstrA.exe"= c:\windows\system32\PnkBstrA.exe:*:Enabled

nkBstrA
"c:\\WINDOWS\\system32\\PnkBstrB.exe"= c:\windows\system32\PnkBstrB.exe:*:Enabled

nkBstrB
"c:\\Arquivos de programas\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= c:\arquivos de programas\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\GloballyOpenPorts\List]
"15038:TCP"= 15038:TCP:*:Enabled:BitComet 15038 TCP
"15038:UDP"= 15038:UDP:*:Enabled:BitComet 15038 UDP
"1900:UDP"= 1900:UDP:LocalSubNet

isabled

xpsp2res.dll,-22007
"2869:TCP"= 2869:TCP:LocalSubNet

isabled

xpsp2res.dll,-22008
"22036:TCP"= 22036:TCP:*:Enabled:BitComet 22036 TCP
"22036:UDP"= 22036:UDP:*:Enabled:BitComet 22036 UDP
"24816:TCP"= 24816:TCP:*:Enabled:nerdmaldito

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\sasdifsv.sys [23/6/2009 11:01 9968]
R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [23/6/2009 11:01 72944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [16/5/2009 14:34 108289]
S3 GoogleDesktopManager-092308-165331;Gerenciador do Google Desktop 5.8.809.23506;c:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe [31/10/2008 12:37 30192]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\arquivos de programas\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe [3/2/2009 16:20 98488]
S3 SASENUM;SASENUM;c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [23/6/2009 11:01 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter
DcomLaunch REG_MULTI_SZ DcomLaunch TermService
eapsvcs REG_MULTI_SZ eaphost
dot3svc REG_MULTI_SZ dot3svc
WudfServiceGroup REG_MULTI_SZ WUDFSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
Alerter
LmHosts

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05858497-a6b8-11dd-942f-0015f2370f00}]
\Shell\AutoRun\command - F:\autorun.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-CoolSMS - (no file)

.
------- Scan Suplementar -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Baixar com o FDM - file://c:\arquivos de programas\Free Download Manager\dllink.htm
IE: Baixar link usando &BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddLink.htm
IE: Baixar todos os links usando BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm
IE: Baixar todos os vídeos usando BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddVideo.htm
IE: Baixar tudo com o FDM - file://c:\arquivos de programas\Free Download Manager\dlall.htm
IE: Download selecionado pelo FDM - file://c:\arquivos de programas\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Link to &MidpX - c:\arquivos de programas\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Sky\Menu Iniciar\Programas\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\Sky\Dados de aplicativos\Mozilla\Firefox\Profiles\pleipi00.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - YouTube
FF - prefs.js: browser.startup.homepage - www.orkut.com
FF - component: c:\arquivos de programas\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Sky\Dados de aplicativos\Mozilla\Firefox\Profiles\pleipi00.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-07-22 03:59
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-861567501-1383384898-1177238915-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f8,68,b3,a5,d3,48,b2,b3,cc,cb,27,9b,f5,31,6d,b6,28,7c,d2,f4,cd,47,0d,
b0,f4,6d,9f,09,26,59,4c,bb,ed,4b,fe,70,c7,94,a3,e7,17,52,bd,f6,c2,91,f7,88,\
"??"=hex:12,5a,4d,42,65,a9,c6,df,b3,8c,f5,08,59,7c,c1,18

[HKEY_USERS\S-1-5-21-861567501-1383384898-1177238915-1003\Software\SecuROM\License information*]
"datasecu"=hex:c5,cf,5f,57,36,8f,98,ad,52,e1,bc,9c,22,88,73,bb,c6,ee,23,f8,53,
6f,6f,d6,f3,17,55,de,23,01,65,50,d6,20,e7,a8,2d,15,61,29,d2,eb,fe,51,c6,ba,\
"rkeysecu"=hex:2b,76,63,e3,79,a5,cc,06,3a,27,34,3f,78,ee,98,29

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10a.exe"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{8D8763AB-E93B-4812-964E-F04E0008FD50}\Version]
@Denied: (A) (Everyone)
@="{8D8763AB-E93B-4812-964E-F04E0008FD50}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10a.ocx, 1"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10a.ocx, 1"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"

[HKEY_LOCAL_MACHINE\softwareSoftware\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]
"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(1892)
c:\arquivos de programas\Windows Media Player\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\arquivos de programas\Microsoft Office\Office\1046\MSOFFICE.EXE
c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-07-22 4:16 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-07-22 07:15

Pré-execução: 1.088.692.224 bytes disponíveis
Pós execução: 1.186.639.872 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

651 --- E O F --- 2008-12-18 15:18

OBS: Acabei de conseguir evitar fazer dar a tela azul colocando os drivers do HD via disquete, mas se eu mandar recuperar o sistema vai formatar e vou perder tudo?

Renan DARK · 22/07/2009

Cara bela iniciativa de ajudar a rapaziada aqui, parabéns ! ! ! !

Gostaria de uma força aqui também. É o seguinte meu pc vem apresentando problemas muito grotescos durante ha um tempo ja. Alguns programas não estão respondendo os processos deles ficam ativos no gerenciador mas o programa não abre nem responde, os unicos programas que abrem mas com muito custo é o navegador, windows media player e o skype, nem o antivirus, nem o spybot e nem super antis-spyware abrem mais e nao consigo fazer o scan deles. O winxp sp3 ta demorando uma cara pra iniciar sabe aquela barrinha azul que tem quando o pc liga? a barrinha passa umas 20x e antes passava uma 3 ha 4 x só. Não consigo abrir o services.msc e nem o gpedit.msc eu digito eles no executar e nao aparece nada. Sempre que dou um clique com o mouse em algum lugar a janela minimiza e o zoom das letras ficam grandes horrivel. Alguns documentos meu do word e do powerpoint que uso no trabalho desapareceram do mapa, pluft sumiram misteriosamente, a sorte que tenho eles salvos no meu Pendrive. Pra conectar na internet aqui ta um sacrificio, minha net o ig banda larga, fica dando o erro 532 sempre que tento conectar de 1ª que sempre consegui agora tenho que insistir umas 5 x ou mais pra conseguir conectar.

Ainda tem mais um monte de problemas. Cara não to mais aguentando essa situação. Tentei reparar o winxp sp3 com o cd e não surtiu efeito nenhum. Não consigo formatar porque não consigo fazer backup das minhas coisas porque o nero não ta abrindo, os programas que baixo pra tentar gravar tambem não abrem, a pasta de videos aqui ta com acesso negado :S

Tá foda mesmo. Se puder me dizer o que fazer eu agradeceria muito. Já tentei de muitas coisas que vi no google e nada resolveu nem metade dos meus problemas. Fiz até um negocio de mudar o nome da pasta system 32 pra system 32 old mas deu erro e quase tomei no rabo. <_<

Agradeço desde já

[]'ss

Ahhhh e o som do pc tambem não ta saindo, eu reinstalei os drivers de audio e nada

victoram · 22/07/2009

Gostaria de pedir pra todos postarem os logs em spoiler, assim deixa o forum mais limpo e leve e facilita pro wolf ler

pra quem nao sabe eh simples

[SPOILER.]
seu log
[/SPOILER.]

sem o ponto

skywalkerpg · 23/07/2009

chkdsk /r

Oi cara, eu de novo, é o seguinte eu usei os drivers da placa mãe e consegui entrar na segunda opção do inicio do windows e então usei o comando "chkdsk /r" pois li que iria reparar o sistema e ficou a noite toda fazendo isso, quando terminou entrei no windows e tava a mesma coisa, então desinstalei o driver da placa de rede e reinstalei, mas agora ao invés de aparecer que a conexão é nula, aparece que ta "obtendo endereço de rede" e fica assim tentando conectar eternamente e se tento fechar aparece aquela mesma mensagem que não posso fechar, ah um detalhe que esqueci de mensionar é que agora o "adicionar e remover programas" demora um tempo gigantesco para carregar, acha que tem algo a ver? Vou colar aqui um novo log que fiz hoje

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:00:48, on 23/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\Google\Google Talk\googletalk.exe
C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\Sky\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Microsoft Office\Office\1046\msoffice.exe
C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Sky\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Arquivos de programas\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Arquivos de programas\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\ARQUIV~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Steam] "C:\Arquivos de programas\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sky\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Mozilla Firefox (2).lnk = C:\Arquivos de programas\Mozilla Firefox\firefox.exe
O4 - Global Startup: Barra de atalhos do Microsoft Office.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Arquivos de programas\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Sky\Menu Iniciar\Programas\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/da/PCPitStop.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1225330116359
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Arquivos de programas\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gerenciador do Google Desktop 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Arquivos de programas\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 12086 bytes

Mr.Wolf · 23/07/2009

Olá pessoal, boa tarde!

victoram, provavelmente foi o NOD32 4 sim que desativou o rootkit. Siga as instruções abaixo:

- Faça o download do Malwarebytes Anti-Malware e salve-o no desktop;

● Dê dois cliques no programa para iniciar a instalação. Selecione o idioma Português (Brasil);
● Ao final da instalação, marque as opções "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em Concluir;
● Após a instalação, reinicie seu computador em Modo de Segurança;
● Já em modo seguro, execute o programa, marque a opção Verificação Completa e depois clique em Verificar. Selecione sua unidade C: e clique no botão Iniciar Verificação;
● Quando o scan terminar, clique em OK e o log será automaticamente aberto para você;
● Se algo for detectado, verifique se todos os itens estão marcados e clique no botão Remover.
OBS: Caso apareça uma mensagem pedindo para que você reinicie o computador para completar o processo de remoção, reinicie-o imediatamente;
● O log pode ser consultado clicando em Logs do menu principal também;

Copie e cole o conteúdo desse log na sua próxima resposta, juntamente com um novo log do HijackThis.

___________________________________

Etdet, siga as instruções abaixo:

Baixe o OAD e salve no desktop.

Dê um duplo clique em OAD.exe.
Na janela digite: sput.sys e tecle Enter.
Na outra janela tecle 6 + Enter e aguarde.

Abrirá um log no Bloco de Notas contendo algumas informações. Poste-o aqui.

Faça o mesmo com este arquivo -> vjhj.sys

___________________________________

Amigo skywalkerpg, sinceramente, não era para isso ter acontecido. Os arquivos que coloquei no script para serem removidos não têm absolutamente nenhuma relação com sua conexão ou com o sistema. Já o Console de Recuperação é instalado juntamente com o ComboFix, mas é de fácil remoção.
O que presumo ter acontecido é, as infecções terem comprometido a escada LSP e o kernel do seu sistema quando foram removidas. Isso acontece bastante quando os vírus já estão a um tempo longo na máquina.

De qualquer forma, mesmo sem entender o que ocorreu, irei reportar o ocorrido para o criador do ComboFix (sUBs).

Vamos tentar resolver este problema amigo skywalkerpg, e desculpe-me de qualquer forma! Realmente não entendi o porquê disso, vendo que, trabalho com esta ferramenta à anos e praticamente todos os dias, além de ajudar na atualização do banco de dados da mesma, e nunca vi isso.

Por favor, siga abaixo skywalkerpg:

Baixe este arquivo abaixo e coloque-o na pasta C:\WINDOWS\system32.

http://www.dlldump.com/cgi-bin/testwrap/downloadcounts.cgi?rt=count&path=dllfiles/S/sfcfiles.dll

Se ainda tiver com problemas para se conectar com a Internet, tente isto:

- Faça o download do WinSockFix e salve-o no desktop;

- Execute o WinSockFix e reinicie seu computador.

Veja se a conexão voltou ao normal.

me diga se houve alguma melhora no PC após isto.

Mr.Wolf · 23/07/2009

Renan DARK disse:
Cara bela iniciativa de ajudar a rapaziada aqui, parabéns ! ! ! !

Gostaria de uma força aqui também. É o seguinte meu pc vem apresentando problemas muito grotescos durante ha um tempo ja. Alguns programas não estão respondendo os processos deles ficam ativos no gerenciador mas o programa não abre nem responde, os unicos programas que abrem mas com muito custo é o navegador, windows media player e o skype, nem o antivirus, nem o spybot e nem super antis-spyware abrem mais e nao consigo fazer o scan deles. O winxp sp3 ta demorando uma cara pra iniciar sabe aquela barrinha azul que tem quando o pc liga? a barrinha passa umas 20x e antes passava uma 3 ha 4 x só. Não consigo abrir o services.msc e nem o gpedit.msc eu digito eles no executar e nao aparece nada. Sempre que dou um clique com o mouse em algum lugar a janela minimiza e o zoom das letras ficam grandes horrivel. Alguns documentos meu do word e do powerpoint que uso no trabalho desapareceram do mapa, pluft sumiram misteriosamente, a sorte que tenho eles salvos no meu Pendrive. Pra conectar na internet aqui ta um sacrificio, minha net o ig banda larga, fica dando o erro 532 sempre que tento conectar de 1ª que sempre consegui agora tenho que insistir umas 5 x ou mais pra conseguir conectar.

Ainda tem mais um monte de problemas. Cara não to mais aguentando essa situação. Tentei reparar o winxp sp3 com o cd e não surtiu efeito nenhum. Não consigo formatar porque não consigo fazer backup das minhas coisas porque o nero não ta abrindo, os programas que baixo pra tentar gravar tambem não abrem, a pasta de videos aqui ta com acesso negado :S

Tá foda mesmo. Se puder me dizer o que fazer eu agradeceria muito. Já tentei de muitas coisas que vi no google e nada resolveu nem metade dos meus problemas. Fiz até um negocio de mudar o nome da pasta system 32 pra system 32 old mas deu erro e quase tomei no rabo. <_<

Agradeço desde já

[]'ss

Ahhhh e o som do pc tambem não ta saindo, eu reinstalei os drivers de audio e nada

Olá Renan DARK, há uma possibilidade de um rootkit estar causando estes problemas, pela sua descrição. Espero, sinceramente, que eu esteja errado...

Primeiramente verifique duas coisas Renan:

1ª) Veja se consegue reiniciar seu computador em Modo Seguro

2ª) Caso consiga acessar o Modo Seguro livremente e sem problemas, veja se os programas continuarão não respondendo, principalmente o antivirus. E veja se o services.msc e o gpedit.msc continuarão também sem responder.

Me diga o resultado destes testes em sua próxima resposta.

Renan DARK · 23/07/2009

Mr.Wolf disse:
Olá Renan DARK, há uma possibilidade de um rootkit estar causando estes problemas, pela sua descrição. Espero, sinceramente, que eu esteja errado...

Primeiramente verifique duas coisas Renan:

1ª) Veja se consegue reiniciar seu computador em Modo Seguro

2ª) Caso consiga acessar o Modo Seguro livremente e sem problemas, veja se os programas continuarão não respondendo, principalmente o antivirus. E veja se o services.msc e o gpedit.msc continuarão também sem responder.

Me diga o resultado destes testes em sua próxima resposta.

Obrigado por responder

Não consigo nem entrar em modo de segurança

O negocio ta feio mesmo

Mr.Wolf · 23/07/2009

Como eu esperava...

Com certeza é um rootkit. Tente este procedimento abaixo e veja se conseguirá acessar o modo seguro Renan:

- Faça o download do SafeBootKeyRepair e salve no desktop;

● Rode a ferramenta dando dois cliques e aguarde;
● Veja então se já consegue entrar em Modo Seguro.

Renan DARK · 23/07/2009

Mr.Wolf não deu certo ! ! ! !

dexmi · 23/07/2009

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:33:06, on 23/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\ARQUIV~1\AVG\AVG8\avgam.exe
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\ARQUIV~1\AVG\AVG8\avgnsx.exe
C:\ARQUIV~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe
C:\Arquivos de programas\Windows Media Player\wmplayer.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Local Strike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Arquivos de programas\Local_Strike\tbLoca.dll
O2 - BHO: Local Strike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Arquivos de programas\Local_Strike\tbLoca.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll
O2 - BHO: EmuleHelper.cP2P - {7A0618CF-C1D2-4EA2-ADC9-DBF1EF35B466} - C:\WINDOWS\nlvrun.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Local Strike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Arquivos de programas\Local_Strike\tbLoca.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &B&aixar &com o BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &B&aixar todos os vídeos com o BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &B&aixar tudo usando o BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 6292 bytes

Mr.Wolf · 23/07/2009

Renan DARK disse:
Mr.Wolf não deu certo ! ! ! !

Renan, verifique uma coisa:

Digite estes cinco comandos abaixo no Executar do menu iniciar, um após o outro, e veja se os consoles abrirão normalmente:

ciadv.msc
compmgmt.msc
devmgmt.msc
dfrg.msc
diskmgmt.msc

Remoção de vírus

Hungry Member

Member

Banido

Member

Attachments

Random

Malware Removal

Malware Removal

Random

All Rights Reserved.

Malware Removal

New Member

Malware Removal

Random

Misterioso "D"

Attachments

Hungry Member

Member

Random

Hungry Member

Malware Removal

Malware Removal

Member

Malware Removal

Member

New Member

Malware Removal

Users who are viewing this thread