Remoção de vírus

[Gustavo MPO]

Gustavo aqui segue o Log do HijackThis:

Ps: não consegui anexa o Log dai tive que posta assim mesmo, mals :s

Spoiler

ComboFix 09-08-24.06 - Dorival 25/08/2009 12:54.4.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.479.137 [GMT -3:00]
Executando de: C:\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Menu Iniciar\Programas\Windows Live Messenger .lnk
c:\windows\Installer\17a4bdc.msi
c:\windows\Installer\2d6b4.msp
c:\windows\Installer\3984ea.msi

.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-25 to 2009-08-25 ))))))))))))))))))))))))))))
.

2009-08-25 15:51 . 2009-08-25 15:52 3184368 ----a-r- C:\ComboFix.exe
2009-08-25 02:30 . 2009-08-25 02:51 -------- dc----w- C:\videos darghow war
2009-08-25 01:14 . 2009-08-25 01:20 -------- dc----w- C:\Lop SD
2009-08-23 22:46 . 2009-08-24 22:33 13 -c--a-w- C:\pipe11.dat
2009-08-23 20:27 . 2009-08-23 20:27 -------- d-----w- c:\arquivos de programas\Gabest
2009-08-23 20:25 . 2009-08-23 20:26 734160 ----a-w- C:\vobsub_2.23.exe
2009-08-23 20:24 . 2009-08-23 20:24 -------- dc----w- C:\Pastas de Bots
2009-08-22 17:30 . 2009-08-22 17:30 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!
2009-08-22 17:30 . 2009-08-22 17:30 -------- d-----w- c:\arquivos de programas\Circle Dvelopement
2009-08-22 17:30 . 2009-08-22 17:30 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live
2009-08-22 17:22 . 2009-08-22 17:22 -------- d-----w- c:\arquivos de programas\MessengerPlus! 3
2009-08-12 17:18 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-09 16:36 . 2009-08-24 22:08 -------- d-----w- c:\arquivos de programas\Magebot
2009-08-08 23:55 . 2009-08-08 23:55 -------- d-----w- c:\arquivos de programas\DVDVideoSoft
2009-08-08 06:35 . 2009-08-08 06:39 337 ----a-w- c:\windows\IntMon.dat
2009-08-06 05:34 . 2009-08-06 05:50 -------- d-----w- c:\arquivos de programas\TibiaBot NG
2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 02:38 . 2009-08-19 15:33 -------- d-----w- c:\arquivos de programas\ElfBot NG
2009-07-31 22:07 . 2009-07-31 22:07 546333 ----a-w- C:\MagebotSetupvT850.exe
2009-07-30 21:28 . 2009-05-02 00:36 106868 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4a71feb0\validationdir\aevdf.dll
2009-07-30 21:28 . 2009-07-30 21:21 450938 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4a71feb0\validationdir\aescript.dll
2009-07-30 21:28 . 2009-07-22 21:57 127348 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4a71feb0\validationdir\aescn.dll
2009-07-30 21:27 . 2009-07-15 20:13 430452 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4a71feb0\validationdir\aerdl.dll
2009-07-30 21:27 . 2009-05-30 15:38 401783 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4a71feb0\validationdir\aepack.dll
2009-07-30 21:27 . 2009-06-17 20:05 196987 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4a71feb0\validationdir\aeoffice.dll
2009-07-30 21:27 . 2009-07-29 20:17 1884536 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4a71feb0\validationdir\aeheur.dll
2009-07-30 21:26 . 2009-07-22 21:56 233846 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4a71feb0\validationdir\aehelp.dll
2009-07-30 21:26 . 2009-07-30 21:19 356724 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4a71feb0\validationdir\aegen.dll
2009-07-30 21:26 . 2008-10-14 13:05 393588 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4a71feb0\validationdir\aeemu.dll
2009-07-30 21:26 . 2009-07-22 21:55 184694 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4a71feb0\validationdir\aecore.dll
2009-07-30 21:26 . 2008-10-14 13:05 53618 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4a71feb0\validationdir\aebb.dll
2009-07-30 21:21 . 2009-07-30 21:21 450938 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4a71feb0\ave2\aescript.dll
2009-07-30 21:19 . 2009-07-30 21:19 356724 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4a71feb0\ave2\aegen.dll
2009-07-28 20:46 . 2009-07-28 20:45 450939 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4a6f5bac\validationdir\aescript.dll
2009-07-28 20:46 . 2009-05-02 00:36 106868 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4a6f5bac\validationdir\aevdf.dll
2009-07-28 20:46 . 2009-07-22 21:57 127348 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4a6f5bac\validationdir\aescn.dll
2009-07-28 20:46 . 2009-07-15 20:13 430452 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4a6f5bac\validationdir\aerdl.dll
2009-07-28 20:46 . 2009-05-30 15:38 401783 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4a6f5bac\validationdir\aepack.dll
2009-07-28 20:46 . 2009-06-17 20:05 196987 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4a6f5bac\validationdir\aeoffice.dll
2009-07-28 20:45 . 2009-07-28 20:45 1884536 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4a6f5bac\validationdir\aeheur.dll
2009-07-28 20:45 . 2009-07-22 21:56 233846 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4a6f5bac\validationdir\aehelp.dll
2009-07-28 20:45 . 2009-07-28 20:42 352629 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4a6f5bac\validationdir\aegen.dll
2009-07-28 20:45 . 2008-10-14 13:05 393588 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4a6f5bac\validationdir\aeemu.dll
2009-07-28 20:45 . 2009-07-22 21:55 184694 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4a6f5bac\validationdir\aecore.dll
2009-07-28 20:45 . 2008-10-14 13:05 53618 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4a6f5bac\validationdir\aebb.dll
2009-07-28 20:45 . 2009-07-28 20:45 450939 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4a6f5bac\ave2\aescript.dll
2009-07-28 20:45 . 2009-07-28 20:45 1884536 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4a6f5bac\ave2\aeheur.dll
2009-07-28 20:42 . 2009-07-28 20:42 352629 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4a6f5bac\ave2\aegen.dll
2009-07-26 16:14 . 2009-07-26 16:14 -------- d-----w- c:\documents and settings\Lucas\Dados de aplicativos\Pasta de Uploads Share-to-Web

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 13:10 . 2009-04-21 14:20 -------- d-----w- c:\documents and settings\Dorival\Dados de aplicativos\Skype
2009-08-22 22:57 . 2009-06-11 22:54 -------- d-----w- c:\documents and settings\Dorival\Dados de aplicativos\Tibia
2009-08-16 20:56 . 2009-07-23 18:52 -------- d-----w- c:\arquivos de programas\AV Vcs 7.0 DIAMOND
2009-08-12 21:27 . 2009-08-12 21:27 3873097 ----a-w- c:\arquivos de programas\TibiaBot NG.rar
2009-08-08 23:55 . 2009-06-14 00:40 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DVDVideoSoft
2009-08-05 09:00 . 2004-08-04 03:45 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-28 01:28 . 2009-05-29 18:44 -------- d-----w- c:\arquivos de programas\TibiaCam TV Lite
2009-07-25 01:12 . 2007-02-06 19:31 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-07-23 18:43 . 2009-07-23 18:43 -------- d-----w- c:\documents and settings\Dorival\Dados de aplicativos\Screaming Bee
2009-07-20 16:51 . 2007-04-12 23:13 -------- d-----w- c:\documents and settings\Dorival\Dados de aplicativos\teamspeak2
2009-07-17 20:23 . 2009-07-17 20:23 442746 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4a60daff\ave2\aescript.dll
2009-07-17 20:22 . 2009-07-17 20:22 1864055 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4a60daff\ave2\aeheur.dll
2009-07-17 19:03 . 2004-08-04 03:45 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 19:23 . 2009-07-16 19:18 -------- d-----w- c:\arquivos de programas\Tibia 8.50
2009-07-15 03:34 . 2007-02-06 17:36 -------- d-----r- c:\arquivos de programas\MSN Messenger
2009-07-14 20:29 . 2008-10-14 10:32 -------- d-----w- c:\arquivos de programas\Windows Live
2009-07-14 20:20 . 2008-10-14 10:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WLInstaller
2009-07-14 05:23 . 2009-07-02 02:24 -------- d-----w- c:\documents and settings\Dorival\Dados de aplicativos\sqlitestudio
2009-07-13 13:08 . 2004-08-04 03:45 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 15:32 . 2009-07-08 21:27 -------- d-----w- c:\arquivos de programas\Essentials Codec Pack
2009-07-08 21:54 . 2009-07-08 21:52 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack
2009-07-08 21:35 . 2009-04-22 15:45 -------- d-----w- c:\arquivos de programas\XP Codec Pack
2009-07-05 00:10 . 2009-06-29 15:09 -------- d-----w- c:\arquivos de programas\HyCam2
2009-07-04 20:58 . 2009-04-21 14:23 -------- d-----w- c:\documents and settings\Dorival\Dados de aplicativos\skypePM
2009-06-29 15:58 . 2004-08-04 03:45 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 15:58 . 2004-08-04 03:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:58 . 2004-08-04 03:45 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-29 01:04 . 2003-03-30 14:06 84802 ----a-w- c:\windows\system32\perfc016.dat
2009-06-29 01:04 . 2003-03-30 14:06 483048 ----a-w- c:\windows\system32\perfh016.dat
2009-06-16 14:39 . 2004-08-04 03:45 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:39 . 2003-03-30 14:05 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 10:44 . 2004-08-04 03:45 77824 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:44 . 2004-08-04 03:45 81408 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:14 . 2004-08-04 03:45 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 12:21 . 2007-02-06 15:52 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2004-08-04 03:45 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:10 . 2004-08-04 03:45 1295872 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 16:11 . 2009-07-08 21:52 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-06-01 01:30 . 2009-06-01 01:30 15256 ----a-w- c:\documents and settings\Dorival\Dados de aplicativos\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll
2009-05-30 15:38 . 2008-12-14 20:39 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-29 21:37 . 2009-07-08 21:53 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-05-29 21:31 . 2009-07-08 21:53 881664 ----a-w- c:\windows\system32\xvidcore.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-20_22.01.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-02-06 17:33 . 2007-07-27 13:41 26488 c:\windows\system32\spupdsvc.exe
- 2007-02-06 17:33 . 2008-07-09 07:34 26488 c:\windows\system32\spupdsvc.exe
+ 2009-03-09 01:14 . 2008-07-08 12:58 18296 c:\windows\system32\spmsg.dll
- 2009-03-09 01:14 . 2008-07-09 07:34 18296 c:\windows\system32\spmsg.dll
+ 2007-10-18 14:31 . 2007-10-18 14:31 51224 c:\windows\system32\sirenacm.dll
+ 2007-03-16 21:47 . 2009-07-26 15:17 37644 c:\windows\system32\Restore\rstrlog.dat
+ 2009-07-08 21:52 . 2009-01-07 18:14 60273 c:\windows\system32\pthreadGC2.dll
- 2004-08-04 03:45 . 2009-04-29 04:45 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-04 03:45 . 2009-06-29 15:58 44544 c:\windows\system32\pngfilt.dll
- 2003-03-30 14:06 . 2009-05-02 16:27 72864 c:\windows\system32\perfc009.dat
+ 2003-03-30 14:06 . 2009-06-29 01:04 72864 c:\windows\system32\perfc009.dat
- 2006-11-08 00:03 . 2009-04-29 04:45 52224 c:\windows\system32\msfeedsbs.dll
+ 2006-11-08 00:03 . 2009-06-29 15:58 52224 c:\windows\system32\msfeedsbs.dll
- 2004-08-04 03:45 . 2009-04-29 04:45 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-04 03:45 . 2009-06-29 15:58 27648 c:\windows\system32\jsproxy.dll
+ 2006-11-07 06:26 . 2009-06-29 11:07 13824 c:\windows\system32\ieudinit.exe
- 2006-11-07 06:26 . 2009-04-28 09:08 13824 c:\windows\system32\ieudinit.exe
+ 2004-08-04 03:45 . 2009-06-29 15:58 44544 c:\windows\system32\iernonce.dll
- 2004-08-04 03:45 . 2009-04-29 04:45 44544 c:\windows\system32\iernonce.dll
- 2004-08-04 03:45 . 2009-04-28 09:08 70656 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 03:45 . 2009-06-29 11:07 70656 c:\windows\system32\ie4uinit.exe
+ 2006-10-17 14:58 . 2009-06-29 15:58 63488 c:\windows\system32\icardie.dll
- 2006-10-17 14:58 . 2009-04-29 04:45 63488 c:\windows\system32\icardie.dll
+ 2004-08-03 23:08 . 2008-04-13 18:45 49408 c:\windows\system32\drivers\stream.sys
- 2004-08-03 23:08 . 2008-04-13 18:45 49408 c:\windows\system32\drivers\stream.sys
+ 2009-04-06 16:19 . 2009-04-06 16:19 23064 c:\windows\system32\drivers\ScreamingBAudio.sys
+ 2009-07-08 21:53 . 2009-05-01 21:02 90112 c:\windows\system32\dpl100.dll
+ 2009-06-15 10:44 . 2009-06-15 10:44 81408 c:\windows\system32\dllcache\tlntsess.exe
+ 2009-06-15 10:44 . 2009-06-15 10:44 77824 c:\windows\system32\dllcache\telnet.exe
+ 2004-08-03 23:08 . 2008-04-13 18:45 49408 c:\windows\system32\dllcache\stream.sys
+ 2004-08-04 03:45 . 2009-06-29 15:58 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-04 03:45 . 2009-04-29 04:45 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2007-10-10 23:50 . 2009-04-29 04:45 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-10-10 23:50 . 2009-06-29 15:58 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2004-08-04 03:45 . 2009-04-29 04:45 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 03:45 . 2009-06-29 15:58 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-10-10 10:59 . 2009-06-29 11:07 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2007-10-10 10:59 . 2009-04-28 09:08 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2004-08-04 03:45 . 2009-04-29 04:45 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2004-08-04 03:45 . 2009-06-29 15:58 44544 c:\windows\system32\dllcache\iernonce.dll
- 2009-02-20 17:11 . 2009-04-29 04:45 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2009-02-20 17:11 . 2009-06-29 15:58 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-04 03:45 . 2009-06-29 11:07 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2004-08-04 03:45 . 2009-04-28 09:08 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-10-10 23:50 . 2009-04-29 04:45 63488 c:\windows\system32\dllcache\icardie.dll
+ 2007-10-10 23:50 . 2009-06-29 15:58 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-06-16 14:39 . 2009-06-16 14:39 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2007-02-06 19:05 . 2008-04-13 18:45 60160 c:\windows\system32\dllcache\drmk.sys
+ 2009-06-29 15:58 . 2009-06-29 15:58 17408 c:\windows\system32\dllcache\corpol.dll
+ 2009-06-10 14:14 . 2009-06-10 14:14 85504 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 19:03 . 2009-07-17 19:03 58880 c:\windows\system32\dllcache\atl.dll
+ 2008-07-31 02:39 . 2008-07-31 02:39 30208 c:\windows\Installer\770550.msp
+ 2009-03-31 19:31 . 2009-03-31 19:31 81920 c:\windows\Installer\770538.msi
+ 2008-07-30 00:07 . 2008-07-30 00:07 23040 c:\windows\Installer\709692.msp
+ 2009-03-31 19:22 . 2009-03-31 19:22 88576 c:\windows\Installer\6c91e4.msi
+ 2009-04-30 18:04 . 2009-04-30 18:04 24064 c:\windows\Installer\4b084.msi
- 2007-02-06 18:18 . 2009-06-11 06:12 23040 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-02-06 18:18 . 2009-08-13 15:46 23040 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-02-06 18:17 . 2009-06-11 06:12 61440 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-02-06 18:17 . 2009-08-13 15:46 61440 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-02-06 18:18 . 2009-06-11 06:12 27136 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-02-06 18:18 . 2009-08-13 15:46 27136 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-02-06 18:18 . 2009-08-13 15:46 11264 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-02-06 18:18 . 2009-06-11 06:12 11264 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-02-06 18:18 . 2009-08-13 15:46 86016 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-02-06 18:18 . 2009-06-11 06:12 86016 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-02-06 18:17 . 2009-06-11 06:12 12288 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-02-06 18:17 . 2009-08-13 15:46 12288 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-07-14 20:28 . 2009-07-14 20:28 29926 c:\windows\Installer\{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}\MsblIco.Exe
+ 2009-07-29 06:02 . 2009-04-29 04:45 44544 c:\windows\ie7updates\KB972260-IE7\pngfilt.dll
+ 2009-07-29 06:02 . 2009-04-29 04:45 52224 c:\windows\ie7updates\KB972260-IE7\msfeedsbs.dll
+ 2009-07-29 06:02 . 2009-04-29 04:45 27648 c:\windows\ie7updates\KB972260-IE7\jsproxy.dll
+ 2009-07-29 06:02 . 2009-04-28 09:08 13824 c:\windows\ie7updates\KB972260-IE7\ieudinit.exe
+ 2009-07-29 06:02 . 2009-04-29 04:45 44544 c:\windows\ie7updates\KB972260-IE7\iernonce.dll
+ 2009-07-29 06:02 . 2009-04-29 04:45 78336 c:\windows\ie7updates\KB972260-IE7\ieencode.dll
+ 2009-07-29 06:02 . 2009-04-28 09:08 70656 c:\windows\ie7updates\KB972260-IE7\ie4uinit.exe
+ 2009-07-29 06:02 . 2009-04-29 04:45 63488 c:\windows\ie7updates\KB972260-IE7\icardie.dll
+ 2009-07-29 06:02 . 2008-04-14 02:20 35328 c:\windows\ie7updates\KB972260-IE7\corpol.dll
+ 2009-07-15 06:01 . 2008-04-14 02:20 80896 c:\windows\$NtUninstallKB961371$\fontsub.dll
+ 2009-07-15 06:06 . 2008-07-08 12:58 26488 c:\windows\$hf_mig$\KB973346\update\spcustom.dll
+ 2009-07-15 06:06 . 2008-07-08 12:58 18296 c:\windows\$hf_mig$\KB973346\spmsg.dll
+ 2009-07-15 06:06 . 2008-07-08 12:58 26488 c:\windows\$hf_mig$\KB971633\update\spcustom.dll
+ 2009-07-15 06:06 . 2008-07-08 12:58 18296 c:\windows\$hf_mig$\KB971633\spmsg.dll
+ 2009-07-15 06:01 . 2008-07-08 12:58 26488 c:\windows\$hf_mig$\KB961371\update\spcustom.dll
+ 2009-07-15 06:01 . 2008-07-08 12:58 18296 c:\windows\$hf_mig$\KB961371\spmsg.dll
+ 2009-06-16 14:44 . 2009-06-16 14:44 81920 c:\windows\$hf_mig$\KB961371\SP3QFE\fontsub.dll
+ 2009-07-08 21:53 . 1998-05-12 18:36 5632 c:\windows\system32\pndx5032.dll
+ 2009-07-08 21:53 . 1998-03-26 02:57 6656 c:\windows\system32\pndx5016.dll
+ 2007-02-06 18:18 . 2009-08-13 15:46 4096 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-02-06 18:18 . 2009-06-11 06:12 4096 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2006-06-05 17:14 . 2006-06-05 17:14 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
+ 2006-06-05 17:14 . 2006-06-05 17:14 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 17:14 . 2006-06-05 17:14 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2009-07-08 21:53 . 2004-01-25 16:18 217088 c:\windows\system32\yv12vfw.dll
- 2004-08-04 03:45 . 2009-04-29 04:45 233472 c:\windows\system32\webcheck.dll
+ 2004-08-04 03:45 . 2009-06-29 15:58 233472 c:\windows\system32\webcheck.dll
+ 2002-12-11 08:19 . 2002-12-11 08:19 368640 c:\windows\system32\vobsub.dll
+ 2004-08-04 03:45 . 2009-06-29 15:58 105984 c:\windows\system32\url.dll
- 2004-08-04 03:45 . 2009-04-29 04:45 105984 c:\windows\system32\url.dll
+ 2002-10-15 22:54 . 2002-10-15 22:54 153088 c:\windows\system32\unrar.dll
+ 2009-07-08 21:53 . 2008-09-10 18:56 185920 c:\windows\system32\rmoc3260.dll
+ 2009-07-08 21:53 . 2001-06-22 23:31 278528 c:\windows\system32\pncrt.dll
- 2003-03-30 14:06 . 2009-05-02 16:27 447240 c:\windows\system32\perfh009.dat
+ 2003-03-30 14:06 . 2009-06-29 01:04 447240 c:\windows\system32\perfh009.dat
- 2004-08-04 03:45 . 2009-04-29 04:45 102912 c:\windows\system32\occache.dll
+ 2004-08-04 03:45 . 2009-06-29 15:58 102912 c:\windows\system32\occache.dll
- 2004-08-04 03:45 . 2009-04-29 04:45 671232 c:\windows\system32\mstime.dll
+ 2004-08-04 03:45 . 2009-06-29 15:58 671232 c:\windows\system32\mstime.dll
- 2004-08-04 03:45 . 2009-04-29 04:45 193024 c:\windows\system32\msrating.dll
+ 2004-08-04 03:45 . 2009-06-29 15:58 193024 c:\windows\system32\msrating.dll
+ 2004-08-04 03:45 . 2009-06-29 15:58 477696 c:\windows\system32\mshtmled.dll
- 2004-08-04 03:45 . 2009-04-29 04:45 477696 c:\windows\system32\mshtmled.dll
+ 2006-11-08 00:03 . 2009-06-29 15:58 459264 c:\windows\system32\msfeeds.dll
- 2006-11-08 00:03 . 2009-04-29 04:45 459264 c:\windows\system32\msfeeds.dll
+ 2006-10-17 14:57 . 2009-06-29 15:58 268288 c:\windows\system32\iertutil.dll
- 2006-10-17 14:57 . 2009-04-29 04:45 268288 c:\windows\system32\iertutil.dll
+ 2004-08-04 03:45 . 2009-06-29 15:58 385024 c:\windows\system32\iedkcs32.dll
- 2004-08-04 03:45 . 2009-04-29 04:45 385024 c:\windows\system32\iedkcs32.dll
+ 2006-10-17 14:27 . 2009-06-29 15:58 380928 c:\windows\system32\ieapfltr.dll
- 2003-03-30 14:05 . 2009-04-25 05:26 161792 c:\windows\system32\ieakui.dll
+ 2003-03-30 14:05 . 2009-06-29 08:33 161792 c:\windows\system32\ieakui.dll
- 2004-08-04 03:45 . 2009-04-29 04:45 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-04 03:45 . 2009-06-29 15:58 230400 c:\windows\system32\ieaksie.dll
- 2004-08-04 03:45 . 2009-04-29 04:45 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-04 03:45 . 2009-06-29 15:58 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-04 03:45 . 2009-06-29 15:58 133120 c:\windows\system32\extmgr.dll
- 2004-08-04 03:45 . 2009-04-29 04:45 133120 c:\windows\system32\extmgr.dll
- 2004-08-04 03:45 . 2009-04-29 04:45 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-04 03:45 . 2009-06-29 15:58 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-04 03:45 . 2009-06-29 15:58 347136 c:\windows\system32\dxtmsft.dll
- 2004-08-04 03:45 . 2009-04-29 04:45 347136 c:\windows\system32\dxtmsft.dll
+ 2007-02-06 19:05 . 2008-04-13 19:19 146048 c:\windows\system32\drivers\portcls.sys
- 2007-02-06 19:05 . 2008-04-13 19:19 146048 c:\windows\system32\drivers\portcls.sys
+ 2004-08-04 03:45 . 2009-07-13 13:08 286720 c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-06-10 06:15 . 2009-06-10 06:15 132096 c:\windows\system32\dllcache\wkssvc.dll
- 2004-08-04 03:45 . 2009-04-29 04:45 827392 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 03:45 . 2009-06-29 15:58 827392 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 03:45 . 2009-06-29 15:58 233472 c:\windows\system32\dllcache\webcheck.dll
- 2004-08-04 03:45 . 2009-04-29 04:45 233472 c:\windows\system32\dllcache\webcheck.dll
- 2004-08-04 03:45 . 2009-04-29 04:45 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-04 03:45 . 2009-06-29 15:58 105984 c:\windows\system32\dllcache\url.dll
+ 2009-06-16 14:39 . 2009-06-16 14:39 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2007-02-06 19:05 . 2008-04-13 19:19 146048 c:\windows\system32\dllcache\portcls.sys
+ 2004-08-04 03:45 . 2009-06-29 15:58 102912 c:\windows\system32\dllcache\occache.dll
- 2004-08-04 03:45 . 2009-04-29 04:45 102912 c:\windows\system32\dllcache\occache.dll
- 2004-08-04 03:45 . 2009-04-29 04:45 671232 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 03:45 . 2009-06-29 15:58 671232 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 03:45 . 2009-06-29 15:58 193024 c:\windows\system32\dllcache\msrating.dll
- 2004-08-04 03:45 . 2009-04-29 04:45 193024 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-04 03:45 . 2009-06-29 15:58 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-04 03:45 . 2009-04-29 04:45 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-10-10 23:50 . 2009-06-29 15:58 459264 c:\windows\system32\dllcache\msfeeds.dll
- 2007-10-10 23:50 . 2009-04-29 04:45 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2004-08-03 23:15 . 2008-04-13 19:16 141056 c:\windows\system32\dllcache\ks.sys
+ 2007-02-06 15:53 . 2009-06-29 08:35 634632 c:\windows\system32\dllcache\iexplore.exe
- 2007-10-10 23:50 . 2009-04-29 04:45 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2007-10-10 23:50 . 2009-06-29 15:58 268288 c:\windows\system32\dllcache\iertutil.dll
- 2004-08-04 03:45 . 2009-04-29 04:45 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-04 03:45 . 2009-06-29 15:58 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-10-10 23:50 . 2009-06-29 15:58 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2003-03-30 14:05 . 2009-06-29 08:33 161792 c:\windows\system32\dllcache\ieakui.dll
- 2003-03-30 14:05 . 2009-04-25 05:26 161792 c:\windows\system32\dllcache\ieakui.dll
- 2004-08-04 03:45 . 2009-04-29 04:45 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-04 03:45 . 2009-06-29 15:58 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2004-08-04 03:45 . 2009-04-29 04:45 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-04 03:45 . 2009-06-29 15:58 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-04 03:45 . 2009-04-29 04:45 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 03:45 . 2009-06-29 15:58 133120 c:\windows\system32\dllcache\extmgr.dll
- 2004-08-04 03:45 . 2009-04-29 04:45 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 03:45 . 2009-06-29 15:58 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-04 03:45 . 2009-04-29 04:45 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 03:45 . 2009-06-29 15:58 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 03:45 . 2009-06-29 15:58 124928 c:\windows\system32\dllcache\advpack.dll
- 2004-08-04 03:45 . 2009-04-29 04:45 124928 c:\windows\system32\dllcache\advpack.dll
+ 2009-07-08 21:53 . 2009-05-01 21:02 685056 c:\windows\system32\divx.dll
- 2004-08-04 03:45 . 2009-04-29 04:45 124928 c:\windows\system32\advpack.dll
+ 2004-08-04 03:45 . 2009-06-29 15:58 124928 c:\windows\system32\advpack.dll
+ 2009-03-31 19:25 . 2009-03-31 19:25 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2008-07-31 03:54 . 2008-07-31 03:54 442880 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - ptb\vs_setup.msi
+ 2009-07-14 20:30 . 2009-07-14 20:30 805376 c:\windows\Installer\f869a99.msi
+ 2008-10-28 21:29 . 2008-10-28 21:29 889344 c:\windows\Installer\af99a8.msi
+ 2007-09-12 18:37 . 2007-09-12 18:37 344064 c:\windows\Installer\a44ab1.msp
+ 2009-06-01 01:06 . 2009-06-01 01:06 467968 c:\windows\Installer\7e84cf7.msi
+ 2009-03-31 19:31 . 2009-03-31 19:31 438784 c:\windows\Installer\77055b.msi
+ 2008-07-31 02:04 . 2008-07-31 02:04 182784 c:\windows\Installer\770554.msp
+ 2008-07-31 02:24 . 2008-07-31 02:24 180224 c:\windows\Installer\770553.msp
+ 2008-07-31 01:53 . 2008-07-31 01:53 864256 c:\windows\Installer\770552.msp
+ 2008-07-31 02:07 . 2008-07-31 02:07 122368 c:\windows\Installer\770551.msp
+ 2008-07-31 02:32 . 2008-07-31 02:32 103424 c:\windows\Installer\77054f.msp
+ 2008-07-31 02:16 . 2008-07-31 02:16 215040 c:\windows\Installer\77054e.msp
+ 2009-03-31 19:31 . 2009-03-31 19:31 299008 c:\windows\Installer\77054d.msi
+ 2008-07-31 00:48 . 2008-07-31 00:48 710656 c:\windows\Installer\77053d.msp
+ 2008-07-31 00:45 . 2008-07-31 00:45 252928 c:\windows\Installer\77053c.msp
+ 2008-07-31 00:50 . 2008-07-31 00:50 590336 c:\windows\Installer\77053b.msp
+ 2008-07-31 00:47 . 2008-07-31 00:47 355840 c:\windows\Installer\77053a.msp
+ 2008-07-31 00:49 . 2008-07-31 00:49 359424 c:\windows\Installer\770539.msp
+ 2008-12-13 12:58 . 2008-12-13 12:58 754688 c:\windows\Installer\71d910.msp
+ 2009-03-31 19:25 . 2009-03-31 19:25 648192 c:\windows\Installer\71d8ea.msi
+ 2008-07-30 00:23 . 2008-07-30 00:23 250880 c:\windows\Installer\70969b.msp
+ 2008-07-30 00:28 . 2008-07-30 00:28 278016 c:\windows\Installer\709699.msp
+ 2008-07-29 22:40 . 2008-07-29 22:40 291840 c:\windows\Installer\709697.msp
+ 2009-03-31 19:24 . 2009-03-31 19:24 137728 c:\windows\Installer\709691.msi
+ 2008-07-29 20:35 . 2008-07-29 20:35 553472 c:\windows\Installer\6c91e9.msp
+ 2008-07-29 20:33 . 2008-07-29 20:33 506368 c:\windows\Installer\6c91e7.msp
+ 2008-07-29 20:37 . 2008-07-29 20:37 911360 c:\windows\Installer\6c91e6.msp
+ 2009-03-31 19:14 . 2009-03-31 19:14 432640 c:\windows\Installer\66228f.msi
+ 2007-02-06 16:05 . 2007-02-06 16:05 265216 c:\windows\Installer\5c251.msi
+ 2007-02-06 17:30 . 2007-02-06 17:30 257024 c:\windows\Installer\508e1d.msi
+ 2007-02-06 17:30 . 2007-02-06 17:30 349696 c:\windows\Installer\508e18.msi
+ 2007-02-06 17:30 . 2007-02-06 17:30 304640 c:\windows\Installer\508e11.msi
+ 2007-02-06 17:29 . 2007-02-06 17:29 305152 c:\windows\Installer\508e0a.msi
+ 2007-02-06 17:29 . 2007-02-06 17:29 353280 c:\windows\Installer\508e03.msi
+ 2007-02-06 17:29 . 2007-02-06 17:29 305152 c:\windows\Installer\508dfc.msi
+ 2007-02-06 17:29 . 2007-02-06 17:29 305152 c:\windows\Installer\508df5.msi
+ 2007-02-06 17:29 . 2007-02-06 17:29 377344 c:\windows\Installer\508dee.msi
+ 2007-02-06 17:29 . 2007-02-06 17:29 305152 c:\windows\Installer\508de8.msi
+ 2007-02-06 17:29 . 2007-02-06 17:29 305152 c:\windows\Installer\508de1.msi
+ 2007-02-06 17:29 . 2007-02-06 17:29 913920 c:\windows\Installer\508ddc.msi
+ 2008-01-23 19:10 . 2008-01-23 19:10 817152 c:\windows\Installer\39c54.msp
+ 2007-12-18 12:58 . 2007-12-18 12:58 431104 c:\windows\Installer\3937e.msi
+ 2007-02-06 19:10 . 2007-02-06 19:10 890368 c:\windows\Installer\35732d.msi
+ 2007-10-06 10:46 . 2007-10-06 10:46 205312 c:\windows\Installer\296a4.msp
+ 2008-07-28 16:47 . 2008-07-28 16:47 162304 c:\windows\Installer\2969d.msp
+ 2007-02-18 13:05 . 2007-02-18 13:05 428544 c:\windows\Installer\27c6f.msi
+ 2008-12-01 16:32 . 2008-12-01 16:32 683008 c:\windows\Installer\113fd35.msi
- 2007-02-06 18:17 . 2009-06-11 06:12 409600 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-02-06 18:17 . 2009-08-13 15:46 409600 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-02-06 18:17 . 2009-08-13 15:46 286720 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-02-06 18:17 . 2009-06-11 06:12 286720 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-02-06 18:17 . 2009-08-13 15:46 249856 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-02-06 18:17 . 2009-06-11 06:12 249856 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-02-06 18:18 . 2009-06-11 06:12 794624 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-02-06 18:18 . 2009-08-13 15:46 794624 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-02-06 18:17 . 2009-08-13 15:46 135168 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-02-06 18:17 . 2009-06-11 06:12 135168 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-02-06 18:17 . 2009-08-13 15:46 593920 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2007-02-06 18:17 . 2009-06-11 06:12 593920 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2002-01-30 01:45 . 2002-01-30 01:45 464272 c:\windows\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.8173\OWC11PIA.DLL
+ 2003-07-15 13:18 . 2003-07-15 13:18 141360 c:\windows\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\ATP.DLL
+ 2009-07-29 06:02 . 2009-04-29 04:45 827392 c:\windows\ie7updates\KB972260-IE7\wininet.dll
+ 2009-07-29 06:02 . 2009-04-29 04:45 233472 c:\windows\ie7updates\KB972260-IE7\webcheck.dll
+ 2009-07-29 06:02 . 2009-04-29 04:45 105984 c:\windows\ie7updates\KB972260-IE7\url.dll
+ 2009-07-29 06:02 . 2009-05-26 11:40 395128 c:\windows\ie7updates\KB972260-IE7\spuninst\updspapi.dll
+ 2009-07-29 06:02 . 2008-07-08 12:58 233336 c:\windows\ie7updates\KB972260-IE7\spuninst\spuninst.exe
+ 2009-07-29 06:02 . 2009-04-29 04:45 102912 c:\windows\ie7updates\KB972260-IE7\occache.dll
+ 2009-07-29 06:02 . 2009-04-29 04:45 671232 c:\windows\ie7updates\KB972260-IE7\mstime.dll
+ 2009-07-29 06:02 . 2009-04-29 04:45 193024 c:\windows\ie7updates\KB972260-IE7\msrating.dll
+ 2009-07-29 06:02 . 2009-04-29 04:45 477696 c:\windows\ie7updates\KB972260-IE7\mshtmled.dll
+ 2009-07-29 06:02 . 2009-04-29 04:45 459264 c:\windows\ie7updates\KB972260-IE7\msfeeds.dll
+ 2009-07-29 06:02 . 2009-04-25 05:27 636088 c:\windows\ie7updates\KB972260-IE7\iexplore.exe
+ 2009-07-29 06:02 . 2009-04-29 04:45 268288 c:\windows\ie7updates\KB972260-IE7\iertutil.dll
+ 2009-07-29 06:02 . 2009-04-29 04:45 385024 c:\windows\ie7updates\KB972260-IE7\iedkcs32.dll
+ 2009-07-29 06:02 . 2009-04-29 04:45 383488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dll
+ 2009-07-29 06:02 . 2009-04-25 05:26 161792 c:\windows\ie7updates\KB972260-IE7\ieakui.dll
+ 2009-07-29 06:02 . 2009-04-29 04:45 230400 c:\windows\ie7updates\KB972260-IE7\ieaksie.dll
+ 2009-07-29 06:02 . 2009-04-29 04:45 153088 c:\windows\ie7updates\KB972260-IE7\ieakeng.dll
+ 2009-07-29 06:02 . 2009-04-29 04:45 133120 c:\windows\ie7updates\KB972260-IE7\extmgr.dll
+ 2009-07-29 06:02 . 2009-04-29 04:45 214528 c:\windows\ie7updates\KB972260-IE7\dxtrans.dll
+ 2009-07-29 06:02 . 2009-04-29 04:45 347136 c:\windows\ie7updates\KB972260-IE7\dxtmsft.dll
+ 2009-07-29 06:02 . 2009-04-29 04:45 124928 c:\windows\ie7updates\KB972260-IE7\advpack.dll
+ 2007-02-28 17:21 . 2007-02-28 17:21 131472 c:\windows\Downloaded Program Files\msgrchkr.dll
+ 2007-02-23 02:41 . 2007-02-23 02:41 304544 c:\windows\Downloaded Program Files\MessengerStatsPAClient.dll
+ 2007-02-06 17:29 . 2007-02-06 17:29 350296 c:\windows\Downloaded Installations\Virtual Desktop Manager Powertoy for Windows XP.msi
+ 2007-02-06 17:30 . 2007-02-06 17:30 411684 c:\windows\Downloaded Installations\Timershot Powertoy for Windows XP.msi
+ 2007-02-06 17:29 . 2007-02-06 17:29 348240 c:\windows\Downloaded Installations\Slideshow Generator Powertoy for Windows XP.msi
+ 2007-02-06 17:29 . 2007-02-06 17:29 313916 c:\windows\Downloaded Installations\Magnifier Powertoy for Windows XP.msi
+ 2007-02-06 17:29 . 2007-02-06 17:29 320064 c:\windows\Downloaded Installations\Image Resizer Powertoy for Windows XP.msi
+ 2007-10-13 00:06 . 2007-11-11 16:20 829952 c:\windows\Downloaded Installations\DAEMON Tools 3.47\daemon.msi
+ 2007-02-06 17:29 . 2007-02-06 17:29 313404 c:\windows\Downloaded Installations\CmdHere Powertoy For Windows XP.msi
+ 2007-02-06 17:29 . 2007-02-06 17:29 426012 c:\windows\Downloaded Installations\Calculator Powertoy for Windows XP.msi
+ 2007-02-06 17:30 . 2007-02-06 17:30 333332 c:\windows\Downloaded Installations\Alt-Tab Task Switcher Powertoy for Windows XP.msi
+ 2009-08-13 15:44 . 2009-08-13 15:44 477056 c:\windows\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll
+ 2009-07-15 06:06 . 2008-07-08 12:58 395128 c:\windows\$NtUninstallKB973346$\spuninst\updspapi.dll
+ 2009-07-15 06:06 . 2008-07-08 12:58 233336 c:\windows\$NtUninstallKB973346$\spuninst\spuninst.exe
+ 2009-07-15 06:06 . 2008-07-09 07:35 395128 c:\windows\$NtUninstallKB971633$\spuninst\updspapi.dll
+ 2009-07-15 06:06 . 2008-07-08 12:58 233336 c:\windows\$NtUninstallKB971633$\spuninst\spuninst.exe
+ 2009-07-15 06:01 . 2008-04-14 02:20 117760 c:\windows\$NtUninstallKB961371$\t2embed.dll
+ 2009-07-15 06:01 . 2009-05-26 11:40 395128 c:\windows\$NtUninstallKB961371$\spuninst\updspapi.dll
+ 2009-07-15 06:01 . 2008-07-08 12:58 233336 c:\windows\$NtUninstallKB961371$\spuninst\spuninst.exe
+ 2009-07-15 06:06 . 2008-07-08 12:58 395128 c:\windows\$hf_mig$\KB973346\update\updspapi.dll
+ 2009-07-15 06:06 . 2008-07-08 12:58 760696 c:\windows\$hf_mig$\KB973346\update\update.exe
+ 2009-07-15 06:06 . 2008-07-08 12:58 233336 c:\windows\$hf_mig$\KB973346\spuninst.exe
+ 2009-07-15 06:06 . 2008-07-09 07:35 395128 c:\windows\$hf_mig$\KB971633\update\updspapi.dll
+ 2009-07-15 06:06 . 2008-07-09 07:34 760696 c:\windows\$hf_mig$\KB971633\update\update.exe
+ 2009-07-15 06:06 . 2008-07-08 12:58 233336 c:\windows\$hf_mig$\KB971633\spuninst.exe
+ 2009-07-15 06:01 . 2009-05-26 11:40 395128 c:\windows\$hf_mig$\KB961371\update\updspapi.dll
+ 2009-07-15 06:01 . 2009-05-26 11:40 760696 c:\windows\$hf_mig$\KB961371\update\update.exe
+ 2009-07-15 06:01 . 2008-07-08 12:58 233336 c:\windows\$hf_mig$\KB961371\spuninst.exe
+ 2009-06-16 14:44 . 2009-06-16 14:44 119808 c:\windows\$hf_mig$\KB961371\SP3QFE\t2embed.dll
- 2004-08-04 03:45 . 2007-04-30 10:20 5537792 c:\windows\system32\wmp.dll
+ 2004-08-04 03:45 . 2009-07-13 13:08 5537792 c:\windows\system32\wmp.dll
+ 2004-07-17 14:35 . 2004-07-17 14:35 1354752 c:\windows\system32\webfldrs.msi
- 2004-08-04 03:45 . 2009-04-29 04:45 1159680 c:\windows\system32\urlmon.dll
+ 2004-08-04 03:45 . 2009-06-29 15:58 1159680 c:\windows\system32\urlmon.dll
+ 2009-07-08 21:53 . 2008-11-06 16:37 3596288 c:\windows\system32\qt-dx331.dll
+ 2004-08-04 03:45 . 2009-07-19 13:29 3597824 c:\windows\system32\mshtml.dll
+ 2006-11-08 00:03 . 2009-07-19 13:29 6067200 c:\windows\system32\ieframe.dll
+ 2006-09-06 02:01 . 2009-06-29 08:33 2452872 c:\windows\system32\ieapfltr.dat
+ 2004-08-04 03:45 . 2009-07-13 13:08 5537792 c:\windows\system32\dllcache\wmp.dll
- 2004-08-04 03:45 . 2007-04-30 10:20 5537792 c:\windows\system32\dllcache\wmp.dll
+ 2004-08-04 03:45 . 2009-06-29 15:58 1159680 c:\windows\system32\dllcache\urlmon.dll
- 2004-08-04 03:45 . 2009-04-29 04:45 1159680 c:\windows\system32\dllcache\urlmon.dll
+ 2008-05-07 05:11 . 2009-06-03 19:10 1295872 c:\windows\system32\dllcache\quartz.dll
+ 2007-02-06 15:52 . 2009-06-10 12:21 2066432 c:\windows\system32\dllcache\mstscax.dll
+ 2004-08-04 03:45 . 2009-07-19 13:29 3597824 c:\windows\system32\dllcache\mshtml.dll
+ 2007-10-10 23:50 . 2009-07-19 13:29 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2007-07-01 03:31 . 2009-06-29 08:33 2452872 c:\windows\system32\dllcache\ieapfltr.dat
+ 2008-10-26 16:25 . 2004-07-17 14:35 1354752 c:\windows\ServicePackFiles\i386\webfldrs.msi
+ 2007-05-25 14:08 . 2007-05-25 14:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp
+ 2009-08-05 05:11 . 2009-08-05 05:11 5518848 c:\windows\Installer\e5781.msp
+ 2009-07-01 16:21 . 2009-07-01 16:21 8891904 c:\windows\Installer\e576a.msp
+ 2009-06-30 14:30 . 2009-06-30 14:30 5520384 c:\windows\Installer\8acc5d.msp
+ 2008-06-11 17:05 . 2008-06-11 17:05 9994240 c:\windows\Installer\7adca.msp
+ 2009-02-11 18:02 . 2009-02-11 18:02 5519872 c:\windows\Installer\770570.msp
+ 2008-12-13 12:57 . 2008-12-13 12:57 8397824 c:\windows\Installer\71d8f9.msp
+ 2008-07-29 22:26 . 2008-07-29 22:26 1043456 c:\windows\Installer\70969a.msp
+ 2008-07-29 23:37 . 2008-07-29 23:37 2679808 c:\windows\Installer\709698.msp
+ 2008-07-30 00:15 . 2008-07-30 00:15 3697664 c:\windows\Installer\709696.msp
+ 2008-07-29 22:34 . 2008-07-29 22:34 1448448 c:\windows\Installer\709695.msp
+ 2008-07-29 23:22 . 2008-07-29 23:22 4137984 c:\windows\Installer\709694.msp
+ 2008-07-29 22:18 . 2008-07-29 22:18 3376640 c:\windows\Installer\709693.msp
+ 2008-07-29 20:45 . 2008-07-29 20:45 2543616 c:\windows\Installer\6c91ed.msp
+ 2008-07-29 20:29 . 2008-07-29 20:29 2926080 c:\windows\Installer\6c91ec.msp
+ 2008-07-29 20:41 . 2008-07-29 20:41 6487040 c:\windows\Installer\6c91eb.msp
+ 2008-07-29 20:39 . 2008-07-29 20:39 3403264 c:\windows\Installer\6c91ea.msp
+ 2008-07-29 20:43 . 2008-07-29 20:43 1013248 c:\windows\Installer\6c91e8.msp
+ 2008-07-29 20:31 . 2008-07-29 20:31 6083072 c:\windows\Installer\6c91e5.msp
+ 2008-11-19 12:01 . 2008-11-19 12:01 3732480 c:\windows\Installer\6622c4.msp
+ 2008-10-23 01:48 . 2008-10-23 01:48 7672832 c:\windows\Installer\6622ba.msp
+ 2008-10-23 01:43 . 2008-10-23 01:43 6820352 c:\windows\Installer\6622a4.msp
+ 2008-10-25 12:15 . 2008-10-25 12:15 6227456 c:\windows\Installer\662280.msp
+ 2007-12-20 19:07 . 2007-12-20 19:07 4048384 c:\windows\Installer\50ad75.msi
+ 2005-04-18 15:42 . 2005-04-18 15:42 5864960 c:\windows\Installer\508e24.msp
+ 2007-02-06 17:27 . 2007-02-06 17:27 3807744 c:\windows\Installer\508dd7.msi
+ 2007-02-07 15:07 . 2007-02-07 15:07 4006400 c:\windows\Installer\490305.msi
+ 2007-02-07 15:07 . 2007-02-07 15:07 2927104 c:\windows\Installer\4902fe.msi
+ 2008-01-14 18:53 . 2008-01-14 18:53 5213696 c:\windows\Installer\3e777.msp
+ 2008-04-01 16:33 . 2008-04-01 16:33 5479936 c:\windows\Installer\39c6d.msp
+ 2007-02-06 19:27 . 2007-02-06 19:27 2725888 c:\windows\Installer\357339.msi
+ 2007-02-06 19:15 . 2007-02-06 19:15 1150464 c:\windows\Installer\357335.msi
+ 2009-05-14 15:34 . 2009-05-14 15:34 3730944 c:\windows\Installer\32e0e0e.msp
+ 2009-05-12 16:01 . 2009-05-12 16:01 6818816 c:\windows\Installer\32e0e04.msp
+ 2009-05-28 15:32 . 2009-05-28 15:32 5518848 c:\windows\Installer\32e0dee.msp
+ 2009-04-23 20:57 . 2009-04-23 20:57 7672832 c:\windows\Installer\32e0dd8.msp
+ 2008-04-10 16:23 . 2008-04-10 16:23 5893632 c:\windows\Installer\32362.msi
+ 2007-02-06 18:17 . 2007-02-06 18:17 5788160 c:\windows\Installer\304f0.msi
+ 2008-01-31 12:30 . 2008-01-31 12:30 9947648 c:\windows\Installer\2d686.msp
+ 2008-09-05 15:08 . 2008-09-05 15:08 5515776 c:\windows\Installer\2d669.msp
+ 2008-07-08 13:27 . 2008-07-08 13:27 8436736 c:\windows\Installer\2d653.msp
+ 2007-11-15 15:31 . 2007-11-15 15:31 4120064 c:\windows\Installer\2d63d.msp
+ 2009-04-21 14:20 . 2009-04-21 14:20 1602048 c:\windows\Installer\25f720f.msi
+ 2008-04-24 12:22 . 2008-04-24 12:22 4275712 c:\windows\Installer\17afd7.msp
+ 2009-04-06 20:00 . 2009-04-06 20:00 5518336 c:\windows\Installer\11cf0b8.msp
+ 2005-10-26 16:59 . 2005-10-26 16:59 2883072 c:\windows\Installer\11b5222.msp
+ 2008-06-10 16:09 . 2008-06-10 16:09 5517312 c:\windows\Installer\11b520c.msp
+ 2009-05-01 18:49 . 2009-05-01 18:49 4328960 c:\windows\Installer\114f330.msp
+ 2009-03-05 18:40 . 2009-03-05 18:40 6819840 c:\windows\Installer\10bb5f3.msp
+ 2007-05-10 15:45 . 2007-05-10 15:45 8069464 c:\windows\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.8173\OWC11.DLL
+ 2007-03-14 15:10 . 2007-03-14 15:10 7255384 c:\windows\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.8173\OWC10.DLL
+ 2009-07-29 06:02 . 2009-04-29 04:45 1159680 c:\windows\ie7updates\KB972260-IE7\urlmon.dll
+ 2009-07-29 06:02 . 2009-04-29 04:45 3596288 c:\windows\ie7updates\KB972260-IE7\mshtml.dll
+ 2009-07-29 06:02 . 2009-04-29 04:45 6066176 c:\windows\ie7updates\KB972260-IE7\ieframe.dll
+ 2009-07-29 06:02 . 2008-07-09 14:25 2455488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dat
+ 2007-02-06 17:29 . 2007-02-06 17:29 1861632 c:\windows\Downloaded Installations\{55563D4B-7D92-4556-952F-4545AB0112D1}\HMTCDWizard.msi
+ 2009-07-15 06:06 . 2008-12-20 22:14 1292800 c:\windows\$NtUninstallKB971633$\quartz.dll
+ 2009-06-03 19:12 . 2009-06-03 19:12 1295872 c:\windows\$hf_mig$\KB971633\SP3QFE\quartz.dll
+ 2007-02-06 17:45 . 2009-07-30 00:49 24281536 c:\windows\system32\MRT.exe
+ 2009-07-01 16:19 . 2009-07-01 16:19 10607104 c:\windows\Installer\e576b.msp
+ 2007-09-12 18:42 . 2007-09-12 18:42 12873216 c:\windows\Installer\a44ab2.msp
+ 2008-12-13 13:21 . 2008-12-13 13:21 10473472 c:\windows\Installer\71d904.msp
+ 2008-07-30 10:50 . 2008-07-30 10:50 12506112 c:\windows\Installer\39c83.msp
+ 2007-12-18 13:04 . 2007-12-18 13:04 15256576 c:\windows\Installer\393dd.msp
+ 2008-07-08 12:09 . 2008-07-08 12:09 11887616 c:\windows\Installer\2d6b2.msp
+ 2008-06-04 15:29 . 2008-06-04 15:29 16905728 c:\windows\Installer\2d69c.msp
+ 2008-08-13 16:49 . 2008-08-13 16:49 11816960 c:\windows\Installer\1d305e.msp
+ 2008-01-14 17:24 . 2008-01-14 17:24 10721280 c:\windows\Installer\1780ad.msp
+ 2008-04-10 16:15 . 2008-04-10 16:15 39060840 c:\windows\Downloaded Installations\{2352A5E3-0109-4D7F-BF13-16A5C01AB37D}\Sony Ericsson PC Suite.msi
+ 2007-07-27 10:49 . 2007-07-27 10:49 110136832 c:\windows\Installer\88ba16.msp
.
-- Snapshot resetado para data atual --
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-18 68856]
"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2009-03-27 24103720]
"MSMSGS"="c:\arquivos de programas\Messenger\Msmsgs.exe" [2008-04-14 1695232]
"MessengerPlus3"="c:\arquivos de programas\MessengerPlus! 3\MsgPlus.exe" [2009-08-22 190024]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2006-01-13 176128]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 49263]
"Share-to-Web Namespace Daemon"="c:\arquivos de programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"avgnt"="c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Motive SmartBridge"="c:\arquiv~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2005-04-15 397312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Assistente Tecnico Speedy.lnk - c:\arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe [2009-4-7 217088]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Assistente Tecnico Speedy.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Assistente Tecnico Speedy.lnk
backup=c:\windows\pss\Assistente Tecnico Speedy.lnkCommon Startup

[HKLM\~\startupfolder\^ntuser.dat]
path=\ntuser.dat
backup=c:\windows\pss\ntuser.datCommon Startup

[HKLM\~\startupfolder\^ntuser.dat.LOG]
path=\ntuser.dat.LOG
backup=c:\windows\pss\ntuser.dat.LOGCommon Startup

[HKLM\~\startupfolder\^ntuser.ini]
path=\ntuser.ini
backup=c:\windows\pss\ntuser.iniCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Arquivos de programas\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=
"c:\\Arquivos de programas\\Tibia 8.42\\Tibia\\Tibia.exe"=
"c:\\Arquivos de programas\\Tibia 8.31\\Tibia.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Arquivos de programas\\tibia 8.41\\Tibia\\Tibia.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009

R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\Cópia de SUPERAntiSpyware\sasdifsv.sys [24/9/2007 15:09 5632]
R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\Cópia de SUPERAntiSpyware\SASKUTIL.SYS [24/9/2007 15:09 32256]
S3 SASENUM;SASENUM;c:\arquivos de programas\Cópia de SUPERAntiSpyware\SASENUM.SYS [24/9/2007 15:09 4096]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [6/4/2009 13:19 23064]
.
- - - - ORFÃOS REMOVIDOS - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\arquivos de programas\AskBarDis\bar\bin\askBar.dll


.
------- Scan Suplementar -------
.
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {44BC92C3-4150-409E-B047-0FA0491523CB} = 200.204.0.10 200.204.0.138
TCP: {49900B58-C59B-4F42-B7C7-75E2D1051CD1} = 200.204.0.10,200.204.0.138
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Dorival\Dados de aplicativos\Mozilla\Firefox\Profiles\vi7sqhj5.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - www.uol.com.br
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101795&gct=&gc=1&q=
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_10\bin\NPJava11.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_10\bin\NPJava12.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_10\bin\NPJava13.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_10\bin\NPJava14.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_10\bin\NPJava32.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_10\bin\NPJPI150_10.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_10\bin\NPOJI610.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
.
------- Associação de arquivos/ficheiros -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-08-25 13:04
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Tempo para conclusão: 2009-08-25 13:07
ComboFix-quarantined-files.txt 2009-08-25 16:07
ComboFix2.txt 2009-06-20 22:03

Pré-execução: 17 pasta(s) 55.997.222.912 bytes disponíveis
Pós execução: 17 pasta(s) 56.235.307.008 bytes disponíveis

650 --- E O F --- 2009-08-13 15:46

Não é necessário anexar, basta colocar entre as tags

Spoiler

LOG [/spoiler.] < sem o ponto.
O log que você postou foi o do combofix, poste um novo com o HiJackThis. :thumbs_up

 

[lukox]

Spoiler

Logfile of HijackThis v1.99.1
Scan saved at 13:36:32, on 25/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Arquivos de programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe
c:\Arquivos de programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mad.exe
C:\ARQUIV~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe
C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Teamspeak2_RC2\TeamSpeak.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Arquivos de programas\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Arquivos de programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{44BC92C3-4150-409E-B047-0FA0491523CB}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{49900B58-C59B-4F42-B7C7-75E2D1051CD1}: NameServer = 200.204.0.10,200.204.0.138
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

[Gustavo MPO]

iguimtalk Siga as instruções:

Vá em iniciar > executar > digite cmd e pressione ENTER

Digite sc delete npggsvc e pressione ENTER
Agora digite sc delete GarenaPEngine e pressione ENTER

Abra o bloco de notas, copie e cole o conteúdo abaixo.
Salve o arquivo com o nome de CFScript na mesma pasta do Combofix

KillAll::
File::
C:\WINDOWS\system32\GameMon.des.exe
c:\docume~1\ADMINI~1\CONFIG~1\Tem p\EEQ5194.tmp

RegLock::
[HKEY_USERS\S-1-5-21-1409082233-1682526488-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]

Registry::
[HKEY_USERS\S-1-5-21-1409082233-1682526488-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=-
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

Após salvar, arraste-o em cima do combofix e aguarde.
Poste o novo log do combofix em sua próxima resposta.

Faça o download do F-Secure Blacklight.
Execute-o e exclua se encontrar algo.
Na pasta onde foi executado, ficará o log com um nome do tipo fsbl-20090825....., cole o conteúdo desse log aqui em sua próxima resposta.

------------------------------------------------------------
​

Os logs não apresentam mais infecções lukox, apenas um pequeno vestigio, siga as instruções abaixo.
Abra o bloco de notas, copie e cole o conteúdo abaixo.

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\Ø•€|ÿÿÿÿ•€|ù•6~*]

Salve o arquivo como "fix.reg" (certifique-se que a extensão é .reg mesmo)
Execute-o e confirme.

Recomendo que faça uma análise com o Kaspersky Virus Removal tool para retirar qualquer arquivo malicioso que restou mas que não está ativo.

Desinstale o combofix. (iniciar > executar: combofix /u), pode remover também as pastas e arquivos criados por ele e pelo Loop SD em C:.

 

[iguimtalk]

Gustavo MPO, fiz tudo perfeitamente o que vc falou!
Este aqui é o log do Combofix

Spoiler

ComboFix 09-08-24.06 - Administrador 25/08/2009 16:12.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.358 [GMT -3:00]
Executando de: c:\documents and settings\Administrador\Desktop\Nova pasta\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Administrador\Desktop\Nova pasta\CFScript.txt
* AV residente está ativo


FILE ::
"c:\docume~1\ADMINI~1\CONFIG~1\Tem p\EEQ5194.tmp"
"c:\windows\system32\GameMon.des.exe"
.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-25 to 2009-08-25 ))))))))))))))))))))))))))))
.

2009-08-25 16:05 . 2009-08-25 16:05 -------- dc----w- c:\arquivos de programas\Messenger Plus! Live
2009-08-24 22:32 . 2009-08-24 22:32 68296 ----a-w- c:\windows\system32\drivers\GRD.sys
2009-08-24 22:24 . 2009-08-24 22:24 50888 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2009-08-24 22:24 . 2009-08-24 22:24 50888 ----a-w- c:\windows\system32\drivers\GDTdiIcpt.sys
2009-08-24 22:24 . 2009-08-25 15:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\G DATA
2009-08-24 22:21 . 2009-08-25 15:15 -------- dc----w- c:\arquivos de programas\G DATA
2009-08-24 22:21 . 2009-08-25 15:15 -------- dc----w- c:\arquivos de programas\Arquivos comuns\G DATA
2009-08-24 17:11 . 2009-08-24 22:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Symantec
2009-08-24 17:11 . 2009-08-24 22:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Norton
2009-08-24 17:10 . 2009-08-24 17:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NortonInstaller
2009-08-24 15:40 . 2008-12-24 20:24 703904 ----a-w- c:\windows\system32\drivers\SandBox.sys
2009-08-24 15:39 . 2008-12-17 14:07 257176 ----a-w- c:\windows\system32\drivers\afwcore.sys
2009-08-24 15:38 . 2008-06-20 12:45 30864 ----a-w- c:\windows\system32\drivers\afw.sys
2009-08-24 15:37 . 2009-08-24 15:40 -------- d-----w- c:\windows\system32\Filt
2009-08-24 15:37 . 2009-08-24 15:37 -------- dc----w- c:\arquivos de programas\Agnitum
2009-08-24 15:37 . 2009-08-24 15:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Agnitum
2009-08-24 15:19 . 2009-08-24 15:26 -------- d-----w- c:\documents and settings\Administrador\.housecall6.6
2009-08-24 15:18 . 2009-08-24 15:18 -------- d-----w- c:\windows\Sun
2009-08-23 23:27 . 2009-08-23 23:27 -------- dc----w- c:\arquivos de programas\Windows Live
2009-08-23 23:22 . 2009-08-23 23:22 -------- dc----w- c:\arquivos de programas\Arquivos comuns\Windows Live
2009-08-23 23:17 . 2009-08-23 23:17 3584 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-08-23 23:17 . 2009-08-23 23:17 -------- dc----w- c:\arquivos de programas\Windows Installer Clean Up
2009-08-23 23:16 . 2009-08-23 23:16 -------- dc----w- c:\arquivos de programas\MSECACHE
2009-08-23 22:54 . 2009-08-23 22:54 -------- dc----w- c:\arquivos de programas\Microsoft
2009-08-22 06:05 . 2009-08-22 06:05 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-22 06:05 . 2009-08-22 06:05 -------- dc----w- c:\arquivos de programas\MSBuild
2009-08-22 06:05 . 2009-08-22 06:05 -------- dc----w- c:\arquivos de programas\Reference Assemblies
2009-08-22 06:04 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-22 06:04 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-22 06:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-22 06:04 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-22 06:04 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-22 06:04 . 2009-08-22 06:05 -------- dc----w- C:\d7527117bb1007bf767e85f160ab4674
2009-08-22 06:04 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-22 06:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-17 18:30 . 2009-08-17 18:29 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2009-08-17 18:30 . 2009-08-17 18:29 298104 ----a-w- c:\windows\system32\imon.dll
2009-08-17 18:30 . 2009-08-17 18:29 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2009-08-07 01:03 . 2001-08-18 13:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-08-07 01:03 . 2001-08-18 13:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-08-07 01:03 . 2001-08-18 13:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-08-07 01:03 . 2001-08-18 13:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-08-07 01:03 . 2001-08-18 05:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-08-07 01:03 . 2001-08-18 05:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-08-07 01:03 . 2001-08-18 05:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2009-08-07 01:03 . 2001-08-18 05:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-08-07 01:03 . 2001-08-18 05:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-08-07 01:03 . 2001-08-18 05:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-08-07 01:03 . 2008-04-14 02:18 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-08-07 01:03 . 2008-04-14 02:18 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-07-30 00:09 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-30 00:09 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-26 19:44 . 2009-07-26 19:44 48448 ----a-w- c:\windows\system32\sirenacm.dll

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 15:27 . 2009-02-19 20:11 -------- d-----w- c:\arquivos de programas\Eset
2009-08-22 06:09 . 2008-04-14 12:00 73154 ----a-w- c:\windows\system32\perfc016.dat
2009-08-22 06:09 . 2008-04-14 12:00 452534 ----a-w- c:\windows\system32\perfh016.dat
2009-08-19 20:10 . 2009-02-19 21:41 2516 -csha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys
2009-08-19 20:10 . 2009-02-19 21:41 2516 -csha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys
2009-08-05 09:00 . 2008-04-14 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 18:06 . 2009-07-25 18:06 -------- dc----w- c:\arquivos de programas\Windows Media Connect 2
2009-07-25 17:57 . 2009-07-25 17:57 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\SoundSpectrum
2009-07-25 17:56 . 2009-07-25 17:56 -------- dc----w- c:\arquivos de programas\SoundSpectrum
2009-07-25 17:56 . 2009-07-25 17:56 -------- dc----w- c:\arquivos de programas\Arquivos comuns\Real
2009-07-17 19:03 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 02:43 . 2008-04-14 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 16:04 . 2009-07-13 15:34 -------- dc----w- c:\arquivos de programas\Free Music Zilla
2009-07-13 15:35 . 2009-07-04 16:08 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\FMZilla
2009-07-10 02:00 . 2009-07-10 02:00 -------- dc----w- c:\arquivos de programas\SigmaTel
2009-07-10 02:00 . 2009-06-14 15:34 -------- dc-h--w- c:\arquivos de programas\InstallShield Installation Information
2009-07-06 19:17 . 2009-07-01 18:14 -------- dc----w- c:\arquivos de programas\Arquivos comuns\DVDVideoSoft
2009-07-06 16:41 . 2009-07-06 16:41 -------- dc----w- c:\arquivos de programas\MSXML 4.0
2009-07-04 22:35 . 2009-07-04 22:35 -------- dc----w- c:\arquivos de programas\Google
2009-07-03 16:59 . 2008-04-14 12:00 915456 ------w- c:\windows\system32\wininet.dll
2009-07-03 13:16 . 2009-07-03 13:16 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Ableton
2009-07-02 14:43 . 2009-05-19 16:23 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\LimeWire
2009-06-29 04:47 . 2009-06-29 04:47 -------- dc----w- c:\arquivos de programas\Lavalys
2009-06-25 08:27 . 2008-04-14 12:00 732672 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:27 . 2008-04-14 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:27 . 2008-04-14 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:27 . 2008-04-14 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:27 . 2008-04-14 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:27 . 2008-04-14 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2008-04-14 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:39 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:39 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:44 . 2008-04-14 12:00 77824 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:44 . 2008-04-14 12:00 81408 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:14 . 2008-04-14 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 12:21 . 2009-02-19 20:06 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2008-04-14 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:10 . 2008-04-14 12:00 1295872 ----a-w- c:\windows\system32\quartz.dll
.

------- Sigcheck -------




[-] 2008-05-05 08:31 1571840 4A242109B08C4355E72860807F151BF4 c:\windows\system32\sfcfiles.dll


c:\windows\system32\drivers\beep.sys ... está faltando !!
c:\windows\system32\msgsvc.dll ... está faltando !!
c:\windows\system32\wscntfy.exe ... está faltando !!
c:\windows\system32\regsvc.dll ... está faltando !!
.
((((((((((((((((((((((((((((( SnapShot@2009-08-25_15.39.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-25 19:21 . 2009-08-25 19:21 16384 c:\windows\temp\Perflib_Perfdata_6a0.dat
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-05-19 148888]
"ATICCC"="c:\arquivos de programas\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"nod32kui"="c:\arquivos de programas\Eset\nod32kui.exe" [2009-08-17 949376]
"OutpostMonitor"="c:\arquiv~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-01-29 1227592]
"OutpostFeedBack"="c:\arquivos de programas\Agnitum\Outpost Firewall Pro\feedback.exe" [2008-12-25 432968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Arquivos de programas\\Free Music Zilla\\FMZilla.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\VALVe\\Counter-Strike Source\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56879:TCP"= 56879:TCPando Media Booster
"56879:UDP"= 56879:UDPando Media Booster

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [17/8/2009 15:30 15424]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [24/8/2009 12:40 703904]
R2 acssrv;Agnitum Client Security Service;c:\arquiv~1\Agnitum\OUTPOS~1\acs.exe [24/8/2009 12:37 1267016]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [24/8/2009 12:38 30864]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [24/8/2009 12:39 257176]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [24/8/2009 12:40 34080]

NETSVCS PRECISA DE REPAROS - Entradas atuais mostradas
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
SENS
Sharedaccess
SRService
Tapisrv
Themes
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
napagent
hkmsvc
BITS
wuauserv
ShellHWDetection
WmdmPmSN

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\iycytwmq.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com.br/
FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}\components\AvkWebFilterFF.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-08-25 16:22
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]
"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(608)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(668)
c:\windows\system32\imon.dll
c:\arquivos de programas\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(2528)
c:\windows\system32\WININET.dll
c:\arquivos de programas\Windows Media Player\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\imon.dll
c:\arquivos de programas\Eset\pr_imon.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\arquivos de programas\Eset\nod32krn.exe
c:\arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe
c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-08-25 16:28 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-08-25 19:28
ComboFix2.txt 2009-08-25 15:45

Pré-execução: 11 pasta(s) 42.047.676.416 bytes disponíveis
Pós execução: 11 pasta(s) 42.017.624.064 bytes disponíveis

331 --- E O F --- 2009-08-22 14:49

E aqui o do F-Secure

Spoiler

08/25/09 16:34:05 [Info]: BlackLight Engine 2.2.1092 initialized
08/25/09 16:34:05 [Info]: OS: 5.1 build 2600 (Service Pack 3)
08/25/09 16:34:05 [Note]: 7019 4
08/25/09 16:34:05 [Note]: 7005 0
08/25/09 16:34:13 [Note]: 7006 0
08/25/09 16:34:13 [Note]: 7011 2528
08/25/09 16:34:13 [Note]: 7035 0
08/25/09 16:34:16 [Note]: 7026 0
08/25/09 16:34:17 [Note]: 7026 0
08/25/09 16:34:17 [Note]: 7015 368
08/25/09 16:34:17 [Note]: 7015 2
08/25/09 16:34:17 [Note]: 7015 1608
08/25/09 16:34:17 [Note]: 7015 2
08/25/09 16:34:21 [Note]: FSRAW library version 1.7.1024
08/25/09 16:38:32 [Note]: 2000 1012
08/25/09 16:42:05 [Note]: 7007 0

Te perguntar eu jogo Counter Strike, deve ser por isso que instalou auto. aquele Game Guard, mas é necessario eu ter ele, ou posso exclui-lo?

 

[gwcampos]

Para jogar counter-strike não precisa de gameguard..

 

[Tiagoquiroga]

Ola wolf acho q tem infecçao aqui denovo e acho q ela esta em meu pendrive o pc esta lento e estranho segue o log ddo hijack

Spoiler

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:13:55, on 25/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Arquivos de programas\Winamp\winampa.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\bokafeque.exe
C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
C:\Arquivos de programas\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Sony Ericsson\Sony Ericsson Wireless Manager 5\WirelessManager.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe
C:\Arquivos de programas\uTorrent\uTorrent.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pesbrasil.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - Default URLSearchHook is missing
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE LG webpro2 Camera
O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [zoussyb] C:\WINDOWS\system32\bokafeque.exe
O4 - HKLM\..\RunServices: [zoussyb] C:\WINDOWS\system32\bokafeque.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [zoussyb] C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft\bokafeque.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://127.0.0.1:9070/etc/var/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe (file missing)
O23 - Service: Backbone Service (e1dgkiyryoc) - Unknown owner - C:\WINDOWS\system32\caref.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8752 bytes

 

[LuiZz``]

Ola wolf... bom meu PC está com um arquivo estranho e o do meu irmão tbm rodando em segundo plano.. um tal de cybermania.exe

ai vai meu log do hijack

Spoiler

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:27:15, on 25/08/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7509 bytes

e o log do notebook do meu irmao

Spoiler

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:58:36, on 25/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Brasil Telecom\UIMain.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=13928&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldpt-br.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{437E78DB-144A-4C47-9725-BE30402DC4FA}: NameServer = 201.10.120.2 201.10.128.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9115 bytes

 

[spider22]

ajuda por favor!!
estou com um virus que rouba minhas senhas de msn,orkut e email.
ja usei varios anti spy e anti virus e nenhum deles resolveu.
se alguém puder me ajudar agradeço desde ja!!
ah ja formatei q maquina e mesmo assim continua o problema.

 

[Gustavo MPO]

Gustavo MPO, fiz tudo perfeitamente o que vc falou!
Este aqui é o log do Combofix

E aqui o do F-Secure

Te perguntar eu jogo Counter Strike, deve ser por isso que instalou auto. aquele Game Guard, mas é necessario eu ter ele, ou posso exclui-lo?

O log já não apresenta mais infecções iguimtalk.
Vá em Iniciar > Executar e digite: combofix /u.
Pode apagar as pastas criadas por ele em C: também.

Sobre o gameguard, já foi respondido pelo user acima.

------------------------------------------------------------------
​

Ola wolf acho q tem infecçao aqui denovo e acho q ela esta em meu pendrive o pc esta lento e estranho segue o log ddo hijack

Spoiler

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:13:55, on 25/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Arquivos de programas\Winamp\winampa.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\bokafeque.exe
C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
C:\Arquivos de programas\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Sony Ericsson\Sony Ericsson Wireless Manager 5\WirelessManager.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe
C:\Arquivos de programas\uTorrent\uTorrent.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pesbrasil.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - Default URLSearchHook is missing
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE LG webpro2 Camera
O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [zoussyb] C:\WINDOWS\system32\bokafeque.exe
O4 - HKLM\..\RunServices: [zoussyb] C:\WINDOWS\system32\bokafeque.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [zoussyb] C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft\bokafeque.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://127.0.0.1:9070/etc/var/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe (file missing)
O23 - Service: Backbone Service (e1dgkiyryoc) - Unknown owner - C:\WINDOWS\system32\caref.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8752 bytes

Bom, Tiagoquiroga o Mr.Wolf está ausente do fórum a um bom tempo e ninguem sabe ao certo o que houve com ele. Estou ajudando com as infecções mais simples e que tenho conhecimento de como remover.
Realmente seu log apresenta entradas de programas maliciosos.
Poste um log do RSIT por favor.

------------------------------------------------------------------
​

Ola wolf... bom meu PC está com um arquivo estranho e o do meu irmão tbm rodando em segundo plano.. um tal de cybermania.exe

ai vai meu log do hijack

Spoiler

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:27:15, on 25/08/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7509 bytes

e o log do notebook do meu irmao

Spoiler

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:58:36, on 25/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Brasil Telecom\UIMain.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=13928&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldpt-br.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{437E78DB-144A-4C47-9725-BE30402DC4FA}: NameServer = 201.10.120.2 201.10.128.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9115 bytes

LuiZz`` esse cybermania.exe é proveniente de versões não oficiais do Nod32 (se é que me entende). Recomendo que não tenha versões pirtatas de antivírus pois muitos cracks (ou patchs, como chamam) podem conter código malicioso e até mesmo bloquear a ação do AV.
Se tiver algum outro problema, recomendo que faça uma verificação com o Kaspersky Online Scanner.

------------------------------------------------------------------
​

ajuda por favor!!
estou com um virus que rouba minhas senhas de msn,orkut e email.
ja usei varios anti spy e anti virus e nenhum deles resolveu.
se alguém puder me ajudar agradeço desde ja!!
ah ja formatei q maquina e mesmo assim continua o problema.

Poste um log do HiJackThis por favor.

 

[MerlimBR]

Gustavo, poderia ver se meu Log está limpo?

Spoiler

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:11 AM, on 26/08/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16384)
Boot mode: Normal

Running processes:
C:\Fraps\fraps.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Megaupload\Mega Manager\MegaManager.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Anexar a PDF existente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Anexar destino do link a PDF existente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converter destino do link em Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{B572D5F9-7403-401C-954B-462EA41D31A8}: NameServer = 200.175.5.139,200.175.89.139
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10416 bytes

Vlw

 

[Gustavo MPO]

Gustavo, poderia ver se meu Log está limpo?

Spoiler

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:11 AM, on 26/08/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16384)
Boot mode: Normal

Running processes:
C:\Fraps\fraps.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Megaupload\Mega Manager\MegaManager.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Anexar a PDF existente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Anexar destino do link a PDF existente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converter destino do link em Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{B572D5F9-7403-401C-954B-462EA41D31A8}: NameServer = 200.175.5.139,200.175.89.139
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10416 bytes

Vlw

Aparentemente limpo sim.
Se quiser uma verificação melhor, poste um log do OTL :thumbs_up.

 

[iguimtalk]

Gustavo MPO, valeu meu brother!
Fiquei seu fã velho, hehe.
Muito Obrigado!

 

[Tiagoquiroga]

onde pego o rsit?

 

[Gustavo MPO]

No post acima mesmo, RSIT escrito ali é um link.

 

[Tunadisss]

boas rapaziada

seguinte to com um problema *** aqui e pá tipo nao to conseguindo entrar nos sites do microsoft de downloads e nem de anti-virus :S
tipo eu entro e acontece isso



e isso acontece no internet explorer, opera e firefox :S

to achando q é virus e pá, alguem ja teve isso??? tentei seguir algumas dicas no google mais nenhuma deu certo

alguem ae saberia me dizer como arrumar e tirar esse virus daqui????


ahhhhh meu anti-virus tb nao abre entao nao da pra fazer uma verificaçaozinha e pá

vlw'zzzz

TUNADISSSSSSSS VRUMMMMM

(y)

ae rapaziada

eu postei aqui esses dias e acho que me esqueceram HAUAHUEHAUHuehUHAUE

alguem pode me dar uma mao ae com esse problema ainda to com ele!!!!!

vlw'zzz

 

[Tiagoquiroga]

ae gustavo mr wolf fazendo escola hhehe valeu pela ajuda segue log do rsit
log.txt

Spoiler

Logfile of random's system information tool 1.06 (written by random/random)
Run by User at 2009-08-26 17:49:01
Microsoft Windows XP Professional Service Pack 2
System drive C: has 25 GB (64%) free of 40 GB
Total RAM: 1015 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:49:13, on 26/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Arquivos de programas\Winamp\winampa.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\bokafeque.exe
C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
C:\Arquivos de programas\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Sony Ericsson\Sony Ericsson Wireless Manager 5\WirelessManager.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\uTorrent\uTorrent.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Winamp\winamp.exe
C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Arquivos de programas\Trend Micro\HijackThis\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pesbrasil.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - Default URLSearchHook is missing
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE LG webpro2 Camera
O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [zoussyb] C:\WINDOWS\system32\bokafeque.exe
O4 - HKLM\..\RunServices: [zoussyb] C:\WINDOWS\system32\bokafeque.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [zoussyb] C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft\bokafeque.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://127.0.0.1:9070/etc/var/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe (file missing)
O23 - Service: Backbone Service (e1dgkiyryoc) - Unknown owner - C:\WINDOWS\system32\caref.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8839 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll [2008-10-31 130248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Facilitador de Leitor de Link Adobe PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll [2009-01-20 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-07-07 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-20 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll [2008-10-31 441464]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"Adobe Reader Speed Launcher"=C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"BigDogPath"=C:\WINDOWS\VM_STI.EXE [2003-01-21 40960]
"WinampAgent"=C:\Arquivos de programas\Winamp\winampa.exe [2008-08-03 36352]
"avast!"=C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
"zoussyb"=C:\WINDOWS\system32\bokafeque.exe [2009-08-20 283648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"AlcoholAutomount"=C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe [2007-07-02 219520]
"DAEMON Tools Lite"=C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]
"swg"=C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-07 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2007-01-12 163840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2007-01-12 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe [2007-01-12 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2007-06-13 16377344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe [2008-01-28 2097488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-07 68856]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar
Orbit.lnk - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-01-12 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\JOGOS\Medal\mohpa.exe"="D:\JOGOS\Medal\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault(tm)"
"D:\JOGOS\LOTR BFME\game.dat"="D:\JOGOS\LOTR BFME\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"C:\Arquivos de programas\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Arquivos de programas\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"C:\Arquivos de programas\DreaMule\emule.exe"="C:\Arquivos de programas\DreaMule\emule.exe:*:Enabledreamule"
"C:\Arquivos de programas\Orbitdownloader\orbitdm.exe"="C:\Arquivos de programas\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Arquivos de programas\Orbitdownloader\orbitnet.exe"="C:\Arquivos de programas\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"D:\JOGOS\combat\Combat Arms\CombatArms.exe"="D:\JOGOS\combat\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"D:\JOGOS\combat\Combat Arms\Engine.exe"="D:\JOGOS\combat\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"D:\JOGOS\combat\Combat Arms\NMService.exe"="D:\JOGOS\combat\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\Arquivos de programas\uTorrent\uTorrent.exe"="C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\JOGOS\LOTR BFME\patchget.dat"="D:\JOGOS\LOTR BFME\patchget.dat:*:Enabledatchgrabber"
"C:\Arquivos de programas\Garena\Garena.exe"="C:\Arquivos de programas\Garena\Garena.exe:*isabled:Garena"
"D:\JOGOS\Left for dead\Left 4 Dead\left4dead.exe"="D:\JOGOS\Left for dead\Left 4 Dead\left4dead.exe:*isabled:left4dead"
"D:\JOGOS\Futebol\pes2009.exe"="D:\JOGOS\Futebol\pes2009.exe:*:Enabledro Evolution Soccer 2009"
"D:\JOGOS\Futebol\PES2008\PES2008.exe"="D:\JOGOS\Futebol\PES2008\PES2008.exe:*:Enabledro Evolution Soccer 2008"
"C:\Arquivos de programas\KONAMI\Pro Evolution Soccer 2008\PES2008.exe"="C:\Arquivos de programas\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:*:Enabledro Evolution Soccer 2008"
"C:\Arquivos de programas\PEScript2009\mirc_wem.exe"="C:\Arquivos de programas\PEScript2009\mirc_wem.exe:*:Enabled:mIRC traduzido por Teco"
"C:\Arquivos de programas\Megacubo\megacubo.exe"="C:\Arquivos de programas\Megacubo\megacubo.exe:*isabled:MegaCubo"
"C:\Arquivos de programas\KONAMI\Pro Evolution Soccer 2008\WEM2008.exe"="C:\Arquivos de programas\KONAMI\Pro Evolution Soccer 2008\WEM2008.exe:*:Enabledro Evolution Soccer 2008"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Arquivos de programas\Valve\hl.exe"="C:\Arquivos de programas\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\JOGOS\combat\Combat Arms\CombatArms.exe"="D:\JOGOS\combat\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"D:\JOGOS\combat\Combat Arms\Engine.exe"="D:\JOGOS\combat\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-08-26 17:49:01 ----D---- C:\rsit
2009-08-25 18:56:36 ----A---- C:\b3_log_8.txt
2009-08-23 13:46:31 ----RASH---- C:\WINDOWS\system32\caref.exe
2009-08-20 20:16:08 ----RASH---- C:\WINDOWS\system32\bokafeque.exe
2009-08-02 12:08:53 ----A---- C:\WINDOWS\system32\aswBoot.exe

======List of files/folders modified in the last 1 months======

2009-08-26 17:49:14 ----D---- C:\Documents and Settings\User\Dados de aplicativos\uTorrent
2009-08-26 17:49:07 ----D---- C:\WINDOWS\Prefetch
2009-08-26 16:11:28 ----D---- C:\WINDOWS\Temp
2009-08-25 22:39:29 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-25 19:04:10 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-25 18:59:18 ----D---- C:\Arquivos de programas\Mozilla Firefox
2009-08-25 18:56:55 ----D---- C:\Documents and Settings\User\Dados de aplicativos\Orbit
2009-08-25 18:56:18 ----D---- C:\WINDOWS\system32\drivers
2009-08-25 18:56:18 ----D---- C:\WINDOWS\system32\config
2009-08-24 21:58:32 ----D---- C:\Arquivos de programas\DreaMule
2009-08-24 21:47:47 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-23 14:43:38 ----D---- C:\Arquivos de programas\PEScript2009
2009-08-23 13:50:09 ----D---- C:\WINDOWS
2009-08-23 13:46:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-23 13:46:35 ----HD---- C:\WINDOWS\inf
2009-08-23 13:46:34 ----D---- C:\WINDOWS\system32
2009-08-18 21:04:21 ----A---- C:\WINDOWS\win.ini
2009-08-02 13:24:17 ----D---- C:\Arquivos de programas
2009-08-02 13:22:27 ----HD---- C:\Arquivos de programas\InstallShield Installation Information
2009-08-02 13:22:23 ----SHD---- C:\WINDOWS\Installer
2009-07-27 18:32:38 ----SHD---- C:\System Volume Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2008-02-20 4224]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2008-02-20 3968]
R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40192]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-06-02 278984]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2008-02-20 4960]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-06-02 25416]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-12 5672032]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-06-22 4432384]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-05 12288]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-04-14 94592]
R3 sembbus;SEMC WMC Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sembbus.sys [2008-02-06 260992]
R3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM); C:\WINDOWS\system32\DRIVERS\sembcard.sys [2008-02-06 337408]
R3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter; C:\WINDOWS\system32\DRIVERS\sembmdfl2.sys [2008-02-06 14976]
R3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver; C:\WINDOWS\system32\DRIVERS\sembmdm2.sys [2008-02-06 380672]
R3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\sembmgmt.sys [2008-02-06 343680]
R3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS); C:\WINDOWS\system32\DRIVERS\sembnd5.sys [2008-02-06 24960]
R3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM); C:\WINDOWS\system32\DRIVERS\sembunic.sys [2008-02-06 344064]
R3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM); C:\WINDOWS\system32\DRIVERS\sembwwan.sys [2008-02-06 337408]
R3 SEMCReserved;SEMC Reserved Interface; C:\WINDOWS\system32\DRIVERS\semcreserved.sys [2008-02-15 17408]
R3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader; C:\WINDOWS\system32\DRIVERS\sesc.sys [2007-08-14 12672]
R3 usbaudio;Driver de áudio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 ZSMC302;LG webpro2 Camera; C:\WINDOWS\System32\Drivers\usbvm302.sys [2004-06-16 91271]
S1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2008-02-20 775680]
S1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2008-02-20 27776]
S2 asc3550p;asc3550p; C:\WINDOWS\system32\drivers\asc3550p.sys []
S3 a5cyngq2;a5cyngq2; C:\WINDOWS\system32\drivers\a5cyngq2.sys []
S3 a8oate32;a8oate32; C:\WINDOWS\system32\drivers\a8oate32.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 w200bus;Sony Ericsson W200 driver (WDM); C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 86368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Driver de filtro de restauração do sistema; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 MDM;Machine Debug Manager; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 StarWindServiceAE;StarWind AE Service; C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
S2 Avg7Alrt;AVG7 Alert Manager Server; C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe []
S2 Avg7UpdSvc;AVG7 Update Service; C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe []
S2 AVGEMS;AVG E-mail Scanner; C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe []
S2 e1dgkiyryoc;Backbone Service; C:\WINDOWS\system32\caref.exe [2009-08-20 283648]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 gusvc;Google Updater Service; C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-20 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 NBService;NBService; C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-02 914944]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

info.txt

Spoiler

info.txt logfile of random's system information tool 1.06 2009-08-26 17:49:16

======Uninstall list======

-->C:\Arquivos de programas\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Arquivos de programas\7-Zip\Uninstall.exe"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A81200000003}
Arquivo do WinRAR-->C:\Arquivos de programas\WinRAR\uninstall.exe
Atualização de Segurança para o Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Atualização de Segurança para o Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Atualização de Segurança para o Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Atualização para Windows XP (KB896256)-->"C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe"
Atualização para Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Atualização para Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Atualização para Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Aurélio - Século XXI-->C:\WINDOWS\IsUn0416.exe -f"C:\Arquivos de programas\Aurélio - Século XXI\Uninst.isu"
avast! Antivirus-->C:\Arquivos de programas\Alwil Software\Avast4\aswRunDll.exe "C:\Arquivos de programas\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Canon S200-->C:\WINDOWS\system32\CNMCP3W.EXE -@C:\WINDOWS\IsUn0816.exe -f"C:\BJPrinter\CNMWINDOWS\Canon S200 Installer\Inst\DeIsL1.isu" -pCanon S200-c"C:\BJPrinter\CNMWINDOWS\Canon S200 Installer\Inst\bjinst.dll
CCleaner (remove only)-->"C:\Arquivos de programas\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Counter-Strike 1.6-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{13B792AA-C078-43A4-8A3A-8B12D629940D}\Setup.exe" -l0x19
Disc2Phone-->MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
DreaMule 3.2-->"C:\Arquivos de programas\DreaMule\unins000.exe"
DVD Shrink 3.2-->"C:\Arquivos de programas\DVD Shrink\unins000.exe"
EVEREST Ultimate Edition v4.60-->"C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
Handy Recovery 4.0-->C:\ARQUIV~1\SOFTLO~1\HANDYR~1\UNWISE.EXE C:\ARQUIV~1\SOFTLO~1\HANDYR~1\INSTALL.LOG
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix para o Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix para Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix para Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
K-Lite Mega Codec Pack 4.0.0-->"C:\Arquivos de programas\K-Lite Codec Pack\unins000.exe"
L&H Power Translator Pro 7.0-->C:\WINDOWS\ISUN0416.EXE -f"C:\Arquivos de programas\LHSP\L&H Power Translator Pro\Uninst.isu" -c"C:\Arquivos de programas\LHSP\L&H Power Translator Pro\Uninstall.dll"
LG webpro2 Driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{5EA24DA8-F398-42C7-8CDC-39273493C514}\setup.exe" -l0x9 UNINSTALL
Medal of Honor Pacific Assault(tm)-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}\Setup.exe" -l0x9 -removeonly
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Language Pack - PTB-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - PTB\install.exe
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0 Brazilian Portuguese Language Pack-->MsiExec.exe /X{F407D6FB-D3AD-44CC-B77B-5B3F0FF1F22C}
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edição 2003-->MsiExec.exe /I{90110416-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.5.2)-->C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Nero 7 Essentials-->MsiExec.exe /X{66EBD70F-A42C-475F-AEDF-277378151046}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Orbit Downloader-->"C:\Arquivos de programas\Orbitdownloader\unins000.exe"
Pacote de Idiomas do Português (Brasil) para Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 Brazilian Portuguese Language Pack\setup.exe
PC Inspector File Recovery-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x9
PEScript-->"C:\WINDOWS\PEScript\uninstall.exe" "/U:C:\Arquivos de programas\PEScript2009\Uninstall\uninstall.xml"
PowerDVD-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime Alternative 2.7.0-->"C:\Arquivos de programas\QuickTime Alternative\unins000.exe"
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sony Ericsson MD300 Wireless Modem-->MsiExec.exe /I{EF4E0DA6-02E0-47BF-9BB6-DC0E83CC6F4C}
Sony Ericsson Wireless Manager 5-->MsiExec.exe /I{37964A88-DAA1-488B-AE88-A5B6DDC6E9A6}
Spybot - Search & Destroy-->"C:\Arquivos de programas\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1-->"C:\Arquivos de programas\SpywareBlaster\unins000.exe"
TeamViewer 3-->C:\Arquivos de programas\TeamViewer3\uninstall.exe
The Battle for Middle-earth (tm)-->D:\JOGOS\LOTR BFME\EAUninstall.exe
Winamp-->"C:\Arquivos de programas\Winamp\UninstWA.exe"
WinAVIVideoConverter-->"C:\Arquivos de programas\WinAVIVideoConverter\unins000.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{32BC546A-8AA3-4239-AE92-9CF3291C35A6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Arquivos de programas\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{3B96F4EA-CD82-4C57-B86A-646A017CAF18}
Windows Live Mail-->MsiExec.exe /I{852E74A9-74F1-4F71-BE3E-991A48EF232D}
Windows Live Messenger-->MsiExec.exe /X{C8DD4EAD-674B-461B-94D5-4C80CCFB8401}
Windows Media Format 11 runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Arquivos de programas\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation Language Pack (PTB)-->MsiExec.exe /X{93676FC6-C7DB-45A6-A62B-74A324F17313}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation BR Language Pack-->MsiExec.exe /I{6A288CAE-32D0-4CA7-8166-210D380A8045}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: AVG 7.5.446 (outdated)
AV: avast! antivirus 4.8.1351 [VPS 090826-0]

======System event log======

Computer Name: USER-87DA080C3C
Event Code: 11
Message: O driver detectou um erro de controlador em \Device\CdRom0.

Record Number: 16524
Source Name: Cdrom
Time Written: 20090718193124.000000-180
Event Type: Erro
User:

Computer Name: USER-87DA080C3C
Event Code: 11
Message: O driver detectou um erro de controlador em \Device\CdRom0.

Record Number: 16523
Source Name: Cdrom
Time Written: 20090718193115.000000-180
Event Type: Erro
User:

Computer Name: USER-87DA080C3C
Event Code: 11
Message: O driver detectou um erro de controlador em \Device\CdRom0.

Record Number: 16522
Source Name: Cdrom
Time Written: 20090718193106.000000-180
Event Type: Erro
User:

Computer Name: USER-87DA080C3C
Event Code: 11
Message: O driver detectou um erro de controlador em \Device\CdRom0.

Record Number: 16521
Source Name: Cdrom
Time Written: 20090718193057.000000-180
Event Type: Erro
User:

Computer Name: USER-87DA080C3C
Event Code: 11
Message: O driver detectou um erro de controlador em \Device\CdRom0.

Record Number: 16520
Source Name: Cdrom
Time Written: 20090718193047.000000-180
Event Type: Erro
User:

=====Application event log=====

Computer Name: USER-87DA080C3C
Event Code: 101
Message: MsnMsgr (136) O mecanismo de banco de dados parou.

Record Number: 6086
Source Name: ESENT
Time Written: 20090329143339.000000-180
Event Type: Informações
User:

Computer Name: USER-87DA080C3C
Event Code: 103
Message: MsnMsgr (136) \\.\C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Microsoft\Messenger\barebones_1@msn.com\SharingMetadata\Working\database_6AA0_ACD2_A0AC_A653\dfsr.db: O mecanismo de banco de dados interrompeu uma instância (0).

Record Number: 6085
Source Name: ESENT
Time Written: 20090329143339.000000-180
Event Type: Informações
User:

Computer Name: USER-87DA080C3C
Event Code: 102
Message: MsnMsgr (136) \\.\C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Microsoft\Messenger\barebones_1@msn.com\SharingMetadata\Working\database_6AA0_ACD2_A0AC_A653\dfsr.db: O mecanismo de banco de dados iniciou uma nova instância (0).

Record Number: 6084
Source Name: ESENT
Time Written: 20090329140623.000000-180
Event Type: Informações
User:

Computer Name: USER-87DA080C3C
Event Code: 100
Message: MsnMsgr (136) O mecanismo de banco de dados 5.01.2600.2180 foi iniciado.

Record Number: 6083
Source Name: ESENT
Time Written: 20090329140623.000000-180
Event Type: Informações
User:

Computer Name: USER-87DA080C3C
Event Code: 101
Message: MsnMsgr (136) O mecanismo de banco de dados parou.

Record Number: 6082
Source Name: ESENT
Time Written: 20090329001754.000000-180
Event Type: Informações
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

 

[Tosko]

Meu log.

Ao meu ver ta limpo, mais da um olho ai.

Spoiler

Logfile of HijackThis v1.99.1
Scan saved at 18:23:03, on 26-ago-2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)

Running processes:
C:\Windows\vVX1000.exe
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files (x86)\Program DJ\Wireless Switch\wlss.exe
C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\VibrateGameDeviceDriver\rfpicon.exe
C:\Program Files (x86)\Program DJ\Program DJ\ProgramDJ.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Olivio\Documents\Download\PC\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [WLSS] C:\Program Files (x86)\Program DJ\Wireless Switch\WLSS.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files (x86)\VibrateGameDeviceDriver\RFPIcon.exe
O4 - HKLM\..\Run: [Program DJ] "C:\Program Files (x86)\Program DJ\Program DJ\ProgramDJ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Serviço de estado do ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - Unknown owner - C:\Windows\System32\TUProgSt.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Vlw

 

[Flea]

To dando uma ajuda pra minha tia, ela tá com um daqueles virus que ficam mandando email fajutos, problema que ela mora lá em Porto Alegre hehehe mas consegui fazer que ela me mandasse o log do hijackthis, eu dei uma passada por aquele analisador online e não achou nada de suspeito...

Spoiler

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50:24, on 26/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SnAgOS.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\SnMgrSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SnLiveUp.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\ARQUIV~1\AVG\AVG8\avgtray.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\SnEngine.EXE
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe
C:\ARQUIV~1\WinZip\winzip32.exe
C:\DOCUME~1\MARIAI~2\CONFIG~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {3A5A2021-0895-11D2-8817-0060089E0724} (GlobalEnglish Learning Technology) - http://corp.globalenglish.com/html/setup/cabs/ge.cab
O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) - https://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1187265538578
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1c9ccfee49e11b6) (gupdate1c9ccfee49e11b6) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Arquivos de programas\Arquivos comuns\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 9185 bytes

 

[MerlimBR]

Aparentemente limpo sim.
Se quiser uma verificação melhor, poste um log do OTL :thumbs_up.

Blz, abri aqui mas não sei se fiz correto, deixei tudo como veio e cliquei em Run Scan, gerou 2 logs:

OTL.txt

Spoiler

OTL logfile created on: 26/08/2009 07:52:42 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = E:\BKP\Meus documentos\Downloads\Programs
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16384)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 234,38 Gb Total Space | 133,81 Gb Free Space | 57,09% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 15,25 Gb Free Space | 10,23% Space Free | Partition Type: NTFS
Drive E: | 231,38 Gb Total Space | 29,54 Gb Free Space | 12,77% Space Free | Partition Type: NTFS
Drive F: | 4,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: I7
Current User Name: mLm
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/04/02 12:27:26 | 00,090,112 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
PRC - [2009/02/06 18:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009/08/21 14:23:49 | 00,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/01/03 08:28:20 | 01,203,880 | ---- | M] (Beepa P/L) -- C:\Fraps\fraps.exe
PRC - [2009/05/18 13:29:16 | 03,866,624 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
PRC - [2009/04/08 16:53:54 | 00,657,920 | ---- | M] (Ray Adams) -- C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray.exe
PRC - [2009/07/15 16:43:19 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2008/06/11 22:43:26 | 00,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2009/06/05 17:42:04 | 01,310,720 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
PRC - [2009/07/11 05:05:17 | 00,673,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/07/11 05:05:17 | 00,673,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/07/14 00:48:28 | 01,217,784 | ---- | M] (Valve Corporation) -- E:\Arquivos de Programas\Steam\Steam.exe
PRC - [2009/08/12 19:18:49 | 00,312,568 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2009/02/06 18:50:38 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/02/06 17:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
PRC - [2008/11/25 13:19:58 | 00,935,856 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2009/07/16 13:10:02 | 00,283,440 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2009/07/11 05:02:41 | 00,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/08/19 19:37:26 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/08/26 19:52:12 | 00,514,048 | ---- | M] (OldTimer Tools) -- E:\BKP\Meus documentos\Downloads\Programs\OTL.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/07/15 12:09:48 | 00,111,616 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters [Auto | Running])
SRV:64bit: - [2009/07/02 14:16:05 | 00,203,264 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility [Auto | Running])
SRV:64bit: - [2009/07/11 05:34:34 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc [On_Demand | Stopped])
SRV:64bit: - [2009/07/11 05:34:34 | 00,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt [On_Demand | Stopped])
SRV:64bit: - [2009/07/11 05:34:37 | 00,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AxInstSV.dll -- (AxInstSV [On_Demand | Stopped])
SRV:64bit: - [2009/07/11 05:34:38 | 00,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC [Unknown | Stopped])
SRV:64bit: - [2009/07/11 05:34:40 | 00,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\bthserv.dll -- (bthserv [On_Demand | Stopped])
SRV:64bit: - [2009/07/11 05:34:50 | 00,689,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cscsvc.dll -- (CscService [Auto | Running])
SRV:64bit: - [2009/07/11 05:34:52 | 00,291,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc [On_Demand | Stopped])
SRV:64bit: - [2009/07/11 05:34:52 | 00,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp [Auto | Running])
SRV:64bit: - [2009/02/06 18:27:10 | 00,023,296 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])
SRV:64bit: - [2009/02/06 18:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn [Auto | Running])
SRV:64bit: - [2009/07/11 05:33:46 | 00,689,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\fxssvc.exe -- (Fax [On_Demand | Stopped])
SRV:64bit: - [2009/07/16 11:23:24 | 01,038,088 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64 [On_Demand | Stopped])
SRV:64bit: - [2009/07/11 05:35:12 | 01,127,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll -- (FontCache [On_Demand | Stopped])
SRV:64bit: - [2009/07/11 05:35:28 | 00,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener [On_Demand | Running])
SRV:64bit: - [2009/07/11 05:36:32 | 00,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider [On_Demand | Running])
SRV:64bit: - [2009/07/11 05:36:30 | 00,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc [On_Demand | Running])
SRV:64bit: - [2009/07/11 05:36:28 | 01,361,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\peerdistsvc.dll -- (PeerDistSvc [On_Demand | Stopped])
SRV:64bit: - [2009/07/11 05:36:30 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg [On_Demand | Stopped])
SRV:64bit: - [2009/07/11 05:36:30 | 00,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc [On_Demand | Running])
SRV:64bit: - [2009/07/11 05:36:41 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\umpo.dll -- (Power [Auto | Running])
SRV:64bit: - [2009/07/11 05:36:36 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper [Unknown | Running])
SRV:64bit: - [2009/07/11 05:36:39 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc [On_Demand | Stopped])
SRV:64bit: - [2009/07/11 05:34:02 | 03,524,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc [Auto | Stopped])
SRV:64bit: - [2009/07/11 05:36:40 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify [On_Demand | Stopped])
SRV:64bit: - [2009/07/11 05:36:40 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\themeservice.dll -- (Themes [Auto | Running])
SRV:64bit: - [2009/07/11 05:36:41 | 00,195,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService [On_Demand | Stopped])
SRV:64bit: - [2009/07/11 05:34:23 | 01,503,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wbengine.exe -- (wbengine [On_Demand | Stopped])
SRV:64bit: - [2009/07/11 05:36:41 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc [On_Demand | Stopped])
SRV:64bit: - [2009/07/11 05:35:36 | 01,011,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV:64bit: - [2009/07/11 05:34:28 | 01,525,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])
SRV:64bit: - [2009/07/11 05:36:45 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc [On_Demand | Stopped])
SRV - [2008/08/15 05:46:20 | 00,284,016 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4 [On_Demand | Stopped])
SRV - [2009/05/06 11:23:10 | 00,043,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v4.0.20506\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/04/02 12:27:26 | 00,090,112 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService [Auto | Running])
SRV - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2009/06/10 18:23:09 | 00,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/06/10 17:39:58 | 00,089,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
SRV - [2009/05/06 09:08:16 | 00,104,272 | ---- | M] (Microsoft Corporation) -- c:\Windows\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe -- (clr_optimization_v4.0.20506_32 [On_Demand | Stopped])
SRV - [2009/05/06 09:01:12 | 00,122,192 | ---- | M] (Microsoft Corporation) -- c:\Windows\Microsoft.NET\Framework64\v4.0.20506\mscorsvw.exe -- (clr_optimization_v4.0.20506_64 [On_Demand | Stopped])
SRV - [2009/07/11 05:03:06 | 00,253,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore.dll -- (Dhcp [Auto | Running])
SRV - [2009/07/11 05:33:44 | 00,696,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2009/07/11 05:33:44 | 00,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2009/07/16 11:21:27 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2009/06/10 17:30:59 | 00,042,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/07/11 05:04:25 | 00,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\provsvc.dll -- (HomeGroupProvider [On_Demand | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/06/10 17:30:45 | 00,856,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/11 05:03:36 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\keyiso.dll -- (KeyIso [On_Demand | Running])
SRV - [2009/07/11 07:32:26 | 00,000,000 | ---D | M] -- C:\Windows\SysWow64\Msdtc -- (MSDTC [Unknown | Stopped])
SRV - [2009/07/11 05:04:10 | 00,563,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netlogon.dll -- (Netlogon [On_Demand | Stopped])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/08/21 14:23:49 | 00,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2009/08/12 19:18:49 | 00,312,568 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service [On_Demand | Running])
SRV - [2009/07/11 00:20:44 | 00,061,056 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vds.mof -- (vds [On_Demand | Stopped])
SRV - [2009/07/11 07:32:26 | 00,000,000 | ---D | M] -- C:\Windows\Vss -- (VSS [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/07/11 03:57:50 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\1394ohci.sys -- (1394ohci [On_Demand | Running])
DRV:64bit: - [2009/07/11 03:15:59 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\acpipmi.sys -- (AcpiPmi [On_Demand | Stopped])
DRV:64bit: - [2008/06/27 07:51:10 | 00,088,632 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs [Auto | Running])
DRV:64bit: - [2009/06/05 17:42:04 | 00,475,136 | ---- | M] (Analog Devices, Inc.) -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
DRV:64bit: - [2009/07/11 03:09:14 | 00,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\amdppm.sys -- (AmdPPM [On_Demand | Stopped])
DRV:64bit: - [2009/07/11 05:47:35 | 00,106,576 | ---- | M] (Advanced Micro Devices) -- C:\Windows\SysNative\DRIVERS\amdsata.sys -- (amdsata [On_Demand | Stopped])
DRV:64bit: - [2009/07/11 05:47:35 | 00,194,128 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\SysNative\DRIVERS\amdsbs.sys -- (amdsbs [On_Demand | Stopped])
DRV:64bit: - [2009/07/11 05:47:35 | 00,028,752 | ---- | M] (Advanced Micro Devices) -- C:\Windows\SysNative\DRIVERS\amdxata.sys -- (amdxata [Boot | Running])
DRV:64bit: - [2009/07/11 03:43:15 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\appid.sys -- (AppID [On_Demand | Stopped])
DRV:64bit: - [2009/06/05 06:20:26 | 00,114,192 | ---- | M] (ATI Research Inc.) -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService [On_Demand | Running])
DRV:64bit: - [2009/07/02 14:51:28 | 06,036,480 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag [On_Demand | Running])
DRV:64bit: - [2009/07/28 23:25:28 | 00,314,016 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])
DRV:64bit: - [2009/06/10 17:34:28 | 00,468,480 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\DRIVERS\bxvbda.sys -- (b06bdrv [On_Demand | Stopped])
DRV:64bit: - [2009/06/10 17:34:23 | 00,270,848 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a [On_Demand | Stopped])
DRV:64bit: - [2009/07/11 03:51:22 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\beep.sys -- (Beep [System | Running])
DRV:64bit: - [2009/07/11 03:20:06 | 00,017,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt [On_Demand | Stopped])
DRV:64bit: - [2009/07/11 05:40:07 | 00,460,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Drivers\cng.sys -- (CNG [Boot | Running])
DRV:64bit: - [2009/07/11 03:51:42 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\CompositeBus.sys -- (CompositeBus [On_Demand | Running])
DRV:64bit: - [2009/07/11 03:13:38 | 00,514,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\csc.sys -- (CSC [System | Running])
DRV:64bit: - [2009/07/11 03:28:02 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\discache.sys -- (discache [System | Running])
DRV:64bit: - [2009/02/06 18:19:56 | 00,141,728 | ---- | M] (ESET) -- C:\Windows\SysNative\DRIVERS\eamon.sys -- (eamon [Auto | Running])
DRV:64bit: - [2009/06/10 17:34:33 | 03,286,016 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\DRIVERS\evbda.sys -- (ebdrv [On_Demand | Stopped])
DRV:64bit: - [2009/02/06 18:23:20 | 00,132,464 | ---- | M] (ESET) -- C:\Windows\SysNative\DRIVERS\ehdrv.sys -- (ehdrv [System | Running])
DRV:64bit: - [2009/02/06 18:24:50 | 00,120,128 | ---- | M] (ESET) -- C:\Windows\SysNative\DRIVERS\epfwwfpr.sys -- (epfwwfpr [Auto | Running])
DRV:64bit: - [2009/07/11 05:42:14 | 00,055,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FsDepends.sys -- (FsDepends [On_Demand | Stopped])
DRV:64bit: - [2009/07/11 05:40:07 | 00,223,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\fvevol.sys -- (fvevol [Boot | Running])
DRV:64bit: - [2009/06/10 17:31:59 | 00,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir [On_Demand | Stopped])
DRV:64bit: - [2009/07/11 03:57:46 | 00,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV:64bit: - [2009/07/11 03:20:08 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\HidBatt.sys -- (HidBatt [On_Demand | Stopped])
DRV:64bit: - [2009/07/11 05:42:14 | 00,077,904 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\SysNative\DRIVERS\HpSAMD.sys -- (HpSAMD [On_Demand | Stopped])
DRV:64bit: - [2009/07/11 05:42:24 | 00,014,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy [Boot | Running])
DRV:64bit: - [2009/07/11 05:42:24 | 00,153,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Drivers\ksecpkg.sys -- (KSecPkg [Boot | Running])
DRV:64bit: - [2009/07/28 23:25:27 | 00,043,680 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])
DRV:64bit: - [2009/07/11 05:42:25 | 00,065,600 | ---- | M] (LSI Corporation) -- C:\Windows\SysNative\DRIVERS\lsi_sas2.sys -- (LSI_SAS2 [On_Demand | Stopped])
DRV:64bit: - [2007/05/10 01:46:36 | 00,016,032 | ---- | M] (Logitech Inc.) -- C:\Windows\SysNative\DRIVERS\lv302a64.sys -- (lvpepf64 [On_Demand | Running])
DRV:64bit: - [2007/05/10 01:50:48 | 00,050,208 | ---- | M] (Logitech Inc.) -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64 [On_Demand | Running])
DRV:64bit: - [2009/01/21 16:00:14 | 00,022,568 | ---- | M] (Marvell Semiconductor, Inc.) -- C:\Windows\SysNative\DRIVERS\mrdd.sys -- (mrdd [Boot | Running])
DRV:64bit: - [2009/07/11 03:57:12 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf [On_Demand | Stopped])
DRV:64bit: - [2009/07/11 03:53:08 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\MTConfig.sys -- (MTConfig [On_Demand | Stopped])
DRV:64bit: - [2009/05/14 09:26:24 | 00,015,416 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])
DRV:64bit: - [2009/05/11 19:49:10 | 00,178,728 | ---- | M] (Marvell Semiconductor, Inc.) -- C:\Windows\SysNative\DRIVERS\mv61xx.sys -- (mv61xx [Boot | Running])
DRV:64bit: - [2009/07/11 03:58:53 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\ndiscap.sys -- (NdisCap [On_Demand | Stopped])
DRV:64bit: - [2009/07/11 05:40:35 | 00,050,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw [Boot | Running])
DRV:64bit: - [2007/05/10 01:46:48 | 01,127,328 | ---- | M] (Logitech Inc.) -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS -- (PID_PEPI [On_Demand | Running])
DRV:64bit: - [2009/04/28 17:20:06 | 00,055,024 | ---- | M] (Sonic Solutions) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64 [Boot | Running])
DRV:64bit: - [2009/07/11 04:01:14 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\AgileVpn.sys -- (RasAgileVpn [On_Demand | Running])
DRV:64bit: - [2009/07/11 04:08:05 | 00,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\rdpbus.sys -- (rdpbus [On_Demand | Running])
DRV:64bit: - [2009/07/11 04:06:50 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdprefmp.sys -- (RDPREFMP [System | Running])
DRV:64bit: - [2009/07/11 05:40:35 | 00,214,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost [Boot | Running])
DRV:64bit: - [2009/07/11 03:34:27 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\vms3cap.sys -- (s3cap [On_Demand | Stopped])
DRV:64bit: - [2009/07/11 03:40:53 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\scfilter.sys -- (scfilter [Unknown | Stopped])
DRV:64bit: - [2009/07/14 01:07:59 | 00,871,408 | ---- | M] () -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV:64bit: - [2009/07/11 05:40:58 | 00,024,640 | ---- | M] (Promise Technology) -- C:\Windows\SysNative\DRIVERS\stexstor.sys -- (stexstor [On_Demand | Stopped])
DRV:64bit: - [2009/07/11 05:40:58 | 00,046,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\vmstorfl.sys -- (storflt [Boot | Running])
DRV:64bit: - [2009/07/11 05:40:58 | 00,034,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\storvsc.sys -- (storvsc [On_Demand | Stopped])
DRV:64bit: - [2009/07/11 03:57:36 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\umpass.sys -- (UmPass [On_Demand | Stopped])
DRV:64bit: - [2009/07/11 03:57:18 | 00,109,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV:64bit: - [2009/07/11 05:40:58 | 00,036,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\vdrvroot.sys -- (vdrvroot [Boot | Running])
DRV:64bit: - [2009/07/11 05:40:57 | 00,217,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\vhdmp.sys -- (vhdmp [On_Demand | Stopped])
DRV:64bit: - [2009/07/11 05:40:58 | 00,200,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\vmbus.sys -- (vmbus [On_Demand | Stopped])
DRV:64bit: - [2009/07/11 03:34:07 | 00,021,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\VMBusHID.sys -- (VMBusHID [On_Demand | Stopped])
DRV:64bit: - [2009/07/11 03:58:01 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus [On_Demand | Stopped])
DRV:64bit: - [2009/07/11 04:00:20 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\wfplwf.sys -- (WfpLwf [System | Running])
DRV:64bit: - [2009/07/11 05:40:58 | 00,022,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount [On_Demand | Stopped])
DRV:64bit: - [2009/07/11 03:56:31 | 00,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WudfPf.sys -- (WudfPf [On_Demand | Running])
DRV:64bit: - [2009/04/08 14:28:46 | 00,068,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21 [On_Demand | Stopped])
DRV:64bit: - [2009/06/10 17:35:33 | 00,389,120 | ---- | M] (Marvell) -- C:\Windows\SysNative\DRIVERS\yk62x64.sys -- (yukonw7 [On_Demand | Running])
DRV - [2008/08/14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs [Auto | Running])
DRV - [2009/04/06 15:24:30 | 00,013,368 | ---- | M] () -- C:\Windows\SysWow64\drivers\AsIO.sys -- (AsIO [System | Running])
DRV - [2008/09/08 14:32:26 | 00,024,224 | ---- | M] () -- C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray64.sys -- (atitray [System | Stopped])
DRV - [2007/09/25 11:59:52 | 00,018,128 | ---- | M] () -- C:\Program Files (x86)\MediaCoder\SysInfoX64.sys -- (CrystalSysInfo [On_Demand | Stopped])
DRV - [2009/07/14 00:16:57 | 00,000,000 | ---D | M] -- C:\Windows\CSC -- (CSC [System | Running])
DRV - [2009/06/10 18:28:14 | 00,001,088 | ---- | M] () -- C:\Windows\SysWow64\Wbem\mpsdrv.mof -- (mpsdrv [On_Demand | Running])
DRV - [2009/07/11 05:04:09 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netbios.dll -- (NetBIOS [System | Running])
DRV - [2009/06/10 18:15:18 | 00,003,066 | ---- | M] () -- C:\Windows\SysWow64\Wbem\tcpip.mof -- (Tcpip [Boot | Running])
DRV - [2009/07/11 05:07:18 | 00,019,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\wimmount.sys -- (WIMMount [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 0C 5D C1 29 25 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.adrenaline.com.br/forum"
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: pbupload@photobucket.com:1.3
FF - prefs.js..extensions.enabledItems: pt-BR@dictionaries.addons.mozilla.org:1.0.0.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..keyword.URL: "http://br.search.yahoo.com/search?ei=ISO-8859-1&fr=megaup&p="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/08/25 00:08:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/08/25 00:08:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2009/07/15 16:43:41 | 00,000,000 | ---D | M] -- C:\Users\mLm\AppData\Roaming\mozilla\Extensions
[2009/07/14 00:41:21 | 00,000,000 | ---D | M] -- C:\Users\mLm\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/15 16:43:41 | 00,000,000 | ---D | M] -- C:\Users\mLm\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2009/08/26 10:34:03 | 00,000,000 | ---D | M] -- C:\Users\mLm\AppData\Roaming\mozilla\Firefox\Profiles\0k4yjlq1.merlim\extensions
[2009/08/24 23:59:36 | 00,000,000 | ---D | M] -- C:\Users\mLm\AppData\Roaming\mozilla\Firefox\Profiles\0k4yjlq1.merlim\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/08/24 23:59:36 | 00,000,000 | ---D | M] -- C:\Users\mLm\AppData\Roaming\mozilla\Firefox\Profiles\0k4yjlq1.merlim\extensions\pt-BR@dictionaries.addons.mozilla.org
[2009/08/24 23:40:12 | 00,000,000 | ---D | M] -- C:\Users\mLm\AppData\Roaming\mozilla\Firefox\Profiles\21hvwywq.default\extensions
[2009/08/19 19:25:35 | 00,000,000 | ---D | M] -- C:\Users\mLm\AppData\Roaming\mozilla\Firefox\Profiles\21hvwywq.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/08/24 23:37:07 | 00,000,000 | ---D | M] -- C:\Users\mLm\AppData\Roaming\mozilla\Firefox\Profiles\21hvwywq.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
[2009/08/10 20:17:41 | 00,000,000 | ---D | M] -- C:\Users\mLm\AppData\Roaming\mozilla\Firefox\Profiles\21hvwywq.default\extensions\pbupload@photobucket.com
[2009/07/14 01:31:54 | 00,000,000 | ---D | M] -- C:\Users\mLm\AppData\Roaming\mozilla\Firefox\Profiles\21hvwywq.default\extensions\pt-BR@dellalibera.sf.net
[2009/08/22 10:12:27 | 00,000,000 | ---D | M] -- C:\Users\mLm\AppData\Roaming\mozilla\Firefox\Profiles\21hvwywq.default\extensions\pt-BR@dictionaries.addons.mozilla.org
[2009/08/26 10:34:03 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009/08/19 19:37:30 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/15 16:43:22 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/08/19 19:37:24 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009/08/19 19:37:24 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll
[2009/07/15 16:43:19 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll
[2009/08/19 19:37:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL
[2009/08/15 22:57:36 | 00,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
[2008/06/11 22:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2009/08/19 19:37:27 | 00,001,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\buscape.xml
[2009/08/19 19:37:27 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2009/08/19 19:37:27 | 00,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mercadolivre.xml
[2009/08/19 19:37:27 | 00,001,168 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-br.xml
[2009/08/19 19:37:27 | 00,000,648 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: (857 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS4\contributeieplugin.dll (Adobe Systems Incorporated.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS4\contributeieplugin.dll (Adobe Systems Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [AtiTrayTools] C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray.exe (Ray Adams)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: Anexar a PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Anexar destino do link a PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Converter destino do link em Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Converter em Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Anexar a PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Anexar destino do link a PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converter destino do link em Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converter em Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{17520337-702c-11de-b8ea-00248c3250ac}\Shell - "" = AutoRun
O33 - MountPoints2\{17520337-702c-11de-b8ea-00248c3250ac}\Shell\AutoRun\command - "" = G:\setup\rsrc\Autorun.exe -- File not found
O33 - MountPoints2\{17520337-702c-11de-b8ea-00248c3250ac}\Shell\dinstall\command - "" = G:\Directx\dxsetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/27 10:20:29 | 00,206,256 | ---- | C] (Tonec Inc.) -- C:\Windows\SysWow64\idmmbc.dll
[2009/08/25 10:43:31 | 00,000,000 | ---D | C] -- C:\Users\mLm\AppData\Roaming\GRETECH
[2009/08/25 09:59:23 | 00,000,000 | ---D | C] -- C:\Users\mLm\Documents\Meus Downloads
[2009/08/25 00:14:16 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Combined Community Codec Pack
[2009/08/24 23:37:05 | 00,000,000 | ---D | C] -- C:\ProgramData\Megaupload
[2009/08/24 23:37:05 | 00,000,000 | ---D | C] -- C:\ProgramData\EmailNotifier
[2009/08/24 23:08:07 | 00,000,000 | ---D | C] -- C:\Users\mLm\Documents\My Downloads
[2009/08/24 23:04:10 | 00,000,000 | ---D | C] -- C:\Users\mLm\AppData\Roaming\Megaupload
[2009/08/24 23:03:55 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Megaupload
[2009/08/24 14:31:56 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/08/23 21:55:10 | 00,152,855 | ---- | C] () -- C:\Users\mLm\Documents\hl2 2009-07-20 15-30-46-24.jpg
[2009/08/23 21:53:34 | 00,181,585 | ---- | C] () -- C:\Users\mLm\Documents\hl2 2009-08-23 11-32-25-30.jpg
[2009/08/23 19:08:51 | 00,115,600 | ---- | C] () -- C:\Users\mLm\Documents\mesapc02.jpg
[2009/08/23 16:36:33 | 00,022,040 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/08/23 16:36:18 | 00,000,000 | ---D | C] -- C:\Users\mLm\AppData\Roaming\Malwarebytes
[2009/08/23 16:36:17 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbam.sys
[2009/08/23 16:36:15 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/08/23 16:36:14 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/08/23 16:36:14 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/08/23 01:57:46 | 00,000,000 | ---D | C] -- C:\Users\mLm\AppData\Local\ElevatedDiagnostics
[2009/08/22 22:16:03 | 00,000,000 | ---D | C] -- C:\Users\mLm\AppData\Roaming\teamspeak2
[2009/08/21 14:35:57 | 00,000,000 | ---D | C] -- C:\Users\mLm\AppData\Local\id Software
[2009/08/21 14:11:36 | 00,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2009/08/17 20:16:35 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2009/08/17 11:51:13 | 00,000,000 | ---D | C] -- C:\Users\mLm\Documents\Adobe
[2009/08/16 00:30:41 | 00,000,000 | ---D | C] -- C:\Level Up! Games
[2009/08/16 00:17:54 | 00,057,309 | ---- | C] () -- C:\Users\mLm\Documents\Pato baba.png
[2009/08/15 22:57:44 | 00,000,000 | ---D | C] -- C:\Users\mLm\AppData\Local\PMB Files
[2009/08/15 22:57:42 | 00,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2009/08/15 22:57:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2009/08/15 17:13:57 | 00,000,000 | ---D | C] -- C:\Program Files\Perfect World Entertainment
[2009/08/15 17:12:14 | 00,258,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unicows.dll
[2009/08/15 15:11:49 | 00,000,000 | ---D | C] -- C:\Users\mLm\AppData\Roaming\GrabPro
[2009/08/15 15:11:49 | 00,000,000 | ---D | C] -- C:\downloads
[2009/08/15 15:11:47 | 00,000,000 | ---D | C] -- C:\Users\mLm\AppData\Roaming\Orbit
[2009/08/15 11:16:27 | 00,361,980 | ---- | C] () -- C:\Users\mLm\Documents\desktop2.jpg
[2009/08/15 10:57:16 | 00,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2009/08/15 10:57:16 | 00,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2009/08/15 10:57:12 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2009/08/15 10:53:55 | 00,015,416 | ---- | C] () -- C:\Windows\SysNative\drivers\ASACPI.sys
[2009/08/13 13:21:18 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MP3Gain
[2009/08/12 19:25:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MediaCoder
[2009/08/11 19:55:29 | 00,000,000 | ---D | C] -- C:\Users\mLm\AppData\Local\www.doom9.net
[2009/08/11 19:51:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2009/08/11 19:50:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\megui
[2009/08/11 16:53:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MKVtoolnix
[2009/08/10 20:01:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Haali
[2009/08/10 15:29:53 | 00,203,528 | ---- | C] () -- C:\Users\mLm\Documents\cc_20090810_152949.reg
[2009/08/10 15:27:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2009/08/10 14:33:29 | 00,000,000 | ---D | C] -- C:\Program Files\MediaInfo
[2009/08/09 17:18:35 | 00,000,000 | ---D | C] -- C:\Users\mLm\AppData\Roaming\Broad Intelligence
[2009/08/09 16:34:27 | 00,015,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2009/08/09 16:34:27 | 00,014,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2009/08/09 16:34:25 | 01,986,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2009/08/09 16:34:25 | 01,083,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2009/08/09 16:34:25 | 00,431,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2009/08/09 16:34:25 | 00,430,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscoree.dll
[2009/08/09 16:34:25 | 00,404,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2009/08/09 16:34:25 | 00,291,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscoree.dll
[2009/08/09 16:34:25 | 00,090,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2009/08/09 16:34:25 | 00,076,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2009/08/09 15:58:39 | 00,886,474 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/08/09 15:57:33 | 00,000,000 | ---D | C] -- C:\inetpub
[2009/08/09 15:52:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\CleanDoD
[2009/08/09 00:31:57 | 00,000,000 | ---D | C] -- C:\Users\mLm\AppData\Local\ESET
[2009/08/07 19:16:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\No-IP
[2009/08/05 20:44:33 | 00,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/07/31 23:41:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2009/07/28 19:51:41 | 00,000,000 | ---D | C] -- C:\Users\mLm\AppData\Local\PunkBuster
[2009/07/27 22:10:31 | 00,174,592 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFProc64.dll
[2009/07/27 22:10:31 | 00,163,840 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFCTPL64.dll
[2009/07/27 22:10:31 | 00,122,880 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFFXCPStr.dll
[2009/07/27 22:10:31 | 00,078,848 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFSAPO64.dll
[2009/07/27 22:10:31 | 00,078,336 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFHAPO64.dll
[2009/07/27 22:10:31 | 00,078,336 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFDAPO64.dll
[2009/07/27 22:10:31 | 00,069,120 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFComm64.dll
[2009/07/27 22:10:31 | 00,059,392 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFMAPO64.dll
[2009/07/26 00:22:40 | 00,000,000 | ---- | C] () -- C:\Windows\lgfwup.ini
[2009/07/25 15:21:45 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/07/16 21:00:28 | 00,000,122 | ---- | C] () -- C:\Windows\WA.INI
[2009/07/14 17:15:00 | 00,178,432 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/11 06:58:34 | 00,000,403 | ---- | C] () -- C:\Windows\win.ini
[2009/07/11 06:58:34 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2009/07/11 03:29:35 | 00,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/11 00:54:01 | 00,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== Files - Modified Within 30 Days ==========

[2009/08/26 19:12:39 | 00,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/26 19:12:39 | 00,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/26 19:04:41 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/26 19:04:40 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/26 19:04:32 | 52,988,3135 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/26 15:52:44 | 06,729,851 | -H-- | M] () -- C:\Users\mLm\AppData\Local\IconCache.db
[2009/08/25 19:30:50 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2009/08/25 00:13:00 | 00,109,824 | ---- | M] () -- C:\Users\mLm\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/08/25 00:12:19 | 03,272,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/08/23 19:08:52 | 00,115,600 | ---- | M] () -- C:\Users\mLm\Documents\mesapc02.jpg
[2009/08/23 16:44:41 | 00,881,140 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/08/23 16:44:41 | 00,730,060 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/08/23 16:44:41 | 00,142,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/08/23 11:32:26 | 00,181,585 | ---- | M] () -- C:\Users\mLm\Documents\hl2 2009-08-23 11-32-25-30.jpg
[2009/08/21 14:23:56 | 00,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/08/21 14:23:49 | 00,794,408 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2009/08/21 14:23:49 | 00,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/08/16 00:17:55 | 00,057,309 | ---- | M] () -- C:\Users\mLm\Documents\Pato baba.png
[2009/08/15 11:16:27 | 00,361,980 | ---- | M] () -- C:\Users\mLm\Documents\desktop2.jpg
[2009/08/15 10:49:45 | 00,000,000 | ---- | M] () -- C:\Windows\lgfwup.ini
[2009/08/11 16:55:34 | 00,013,312 | ---- | M] () -- C:\Users\mLm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/10 15:30:01 | 00,203,528 | ---- | M] () -- C:\Users\mLm\Documents\cc_20090810_152949.reg
[2009/08/09 16:39:13 | 00,886,474 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/08/05 20:44:33 | 00,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2009/08/05 20:44:10 | 00,419,840 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2009/08/05 20:44:10 | 00,133,632 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2009/08/05 20:44:09 | 00,413,696 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2009/08/05 20:44:09 | 00,110,592 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/08/03 13:36:08 | 00,022,040 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/07/28 23:25:28 | 00,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2009/07/28 23:25:27 | 00,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
< End of report >

Extras.txt

Spoiler

OTL Extras logfile created on: 26/08/2009 07:52:42 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = E:\BKP\Meus documentos\Downloads\Programs
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16384)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 234,38 Gb Total Space | 133,81 Gb Free Space | 57,09% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 15,25 Gb Free Space | 10,23% Space Free | Partition Type: NTFS
Drive E: | 231,38 Gb Total Space | 29,54 Gb Free Space | 12,77% Space Free | Partition Type: NTFS
Drive F: | 4,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: I7
Current User Name: mLm
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = jsfile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = B9 E2 CE 3E 21 02 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{13B27C82-19BA-3494-9420-F932B40673CA}" = Microsoft .NET Framework 4 Client Profile Beta 1
"{175D5555-EE49-3033-99AF-BC1E206223FD}" = Microsoft .NET Framework 4 Extended Beta 1
"{2620C21C-09DF-483F-EA44-6A880700E7CA}" = ATI Catalyst Install Manager
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0416-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9FB6EBE7-9B2A-E482-24CA-50D54B1B0E8F}" = ccc-utility64
"{A23953CB-3147-45D6-A396-992B0666610B}" = ESET NOD32 Antivirus
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E67825BD-2344-37AF-BBB9-A310B64229DC}" = Microsoft Visual C++ 2010 Beta 1 x64 Redistributable - 10.0.20506
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Microsoft .NET Framework 4 Client Profile Beta 1" = Microsoft .NET Framework 4 Client Profile Beta 1
"Microsoft .NET Framework 4 Extended Beta 1" = Microsoft .NET Framework 4 Extended Beta 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05B7B9BA-9EBC-4C5B-933D-49F372EFE7A1}" = Adobe Photoshop CS4
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}" = Adobe ExtendScript Toolkit 2
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1FC433CE-DCBE-6FE3-84C0-B65F2563F769}" = Catalyst Control Center Graphics Full Existing
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3B96F4EA-CD82-4C57-B86A-646A017CAF18}" = Windows Live Essentials
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5DC0DF76-3B2F-4C38-BE34-58627949BC1A}" = Mega Manager
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{608349EA-F46D-08E3-40C2-59DEFC0E4620}" = ccc-core-static
"{60923C21-C038-2396-59C5-CABD06C694F3}" = Catalyst Control Center Graphics Full New
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6685436F-D6DD-47BA-26B9-4C8A3B32B1D8}" = Catalyst Control Center Graphics Previews Common
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{723BCA9C-ED1B-C150-3FAF-AAE1D7364D40}" = CCC Help English
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{805FBA74-274F-C4C7-5A44-F5351EBD71ED}" = Catalyst Control Center Graphics Previews Vista
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007
"{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
"{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
"{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
"{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
"{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007
"{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0416-1000-0000000FF1CE}_ENTERPRISE_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
"{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
"{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
"{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
"{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A126E617-63F0-4E57-BFA4-7190F5845C39}" = Guitar Hero World Tour
"{A1C9D1DA-7803-4586-B509-450009938312}" = Adobe Setup
"{A2770F50-89C7-433E-8E19-7148B21172EB}" = RESIDENT EVIL 5 Benchmark Version
"{A3AF9AA1-F8C3-B549-6752-95F6CB4D1904}" = Catalyst Control Center HydraVision Full
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A99968BE-C155-474C-0089-33239DEE1CE2}" = Need For Speed Underground
"{AA3A2EE3-E1BE-428B-856B-14EF7262C273}" = CleanDoD
"{AC76BA86-1040-7D70-7760-000000000004}" = Adobe Acrobat 9 Pro - Italiano, Español, Nederlands, Português
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{B5C6B3B0-698E-E74F-16B2-B224A92ADBFF}" = Catalyst Control Center Graphics Light
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BF541017-8AE2-CB88-ED13-DA3751A66335}" = Catalyst Control Center InstallProxy
"{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}" = Test Drive Unlimited
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C8DD4EAD-674B-461B-94D5-4C80CCFB8401}" = Windows Live Messenger
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D31D0D42-22E1-5668-85D9-9E202664FEAB}" = Catalyst Control Center Core Implementation
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DE5ECBF6-8A4A-4855-98D0-D6576145EBFF}" = G-Force
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E1071C00-B001-4633-B9C3-164C856D5730}" = Bionic Commando
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F51FF206-2273-4B3E-A90A-4752AE288C12}" = FUEL
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FC8A7918-D65D-440C-9596-C88185E8DCA4}" = Activision(R)
"{FC92E32F-6AD6-38E7-AC11-83B639CEACD8}" = Microsoft Visual C++ 2010 Beta 1 x86 Redistributable - 10.0.20506
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Adobe_b741c3c52d3108664cedeb2b76f6d96" = Adobe Photoshop CS4
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.01
"FAKEFACTORY CM10V10b1" = FAKEFACTORY Cinematic Mod V10
"FastStone Image Viewer" = FastStone Image Viewer 3.9
"Fraps" = Fraps (remove only)
"GOM Player" = GOM Player
"HijackThis" = HijackThis 2.0.2
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"InstallShield_{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"InstallShield_{FC8A7918-D65D-440C-9596-C88185E8DCA4}" = Drum Controller Standard Tuning Kit
"Internet Download Manager" = Internet Download Manager
"IrfanView" = IrfanView (remove only)
"LimeWire" = LimeWire 5.1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.7.1.4490
"MediaInfo" = MediaInfo 0.7.16
"MeGUI modern media encoder" = MeGUI modern media encoder (remove only)
"Messenger Plus! Live" = Messenger Plus! Live
"MKVtoolnix" = MKVtoolnix 2.9.5
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"Mp3tag" = Mp3tag v2.43
"mv61xxDriver" = marvell 61xx
"Nero8Lite_is1" = Nero 8 Lite 8.3.6.0
"No-IP.com DUC" = No-IP.com DUC (remove only)
"OpenAL" = OpenAL
"Perfect World_is1" = Perfect World
"PunkBusterSvc" = PunkBuster Services
"rayatitray" = Ray Adams ATI Tray Tools
"Steam App 380" = Half-Life 2: Episode One
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 500" = Left 4 Dead
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = Arquivo do WinRAR
"WinZip" = WinZip

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/08/2009 02:01:31 PM | Computer Name = i7 | Source = Software Protection Platform Service | ID = 1017
Description = Falha na instalação do Comprovante da Compra. 0xC004F015 Pkey Parcial=Y8QH3
ACID=bfb30674-7c9a-4624-9309-9914cfd5b05c
Erro
Detalhado[?]

Error - 26/08/2009 02:01:44 PM | Computer Name = i7 | Source = Software Protection Platform Service | ID = 1017
Description = Falha na instalação do Comprovante da Compra. 0xC004F050 Pkey Parcial=3MBMV
ACID=?
Erro
Detalhado[?]

Error - 26/08/2009 02:01:44 PM | Computer Name = i7 | Source = Software Protection Platform Service | ID = 8211
Description = Falha ao atualizar tokens de licença e chave do produto (Product Key)
do Windows com 0xC004F050.

Error - 26/08/2009 02:26:32 PM | Computer Name = i7 | Source = SideBySide | ID = 16842815
Description = Falha na geração de contexto de ativação para "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Erro no arquivo de manifesto ou de
diretiva C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll",
na linha 3. O valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
do atributo version no elemento assemblyIdentity é inválido.

Error - 26/08/2009 02:26:53 PM | Computer Name = i7 | Source = SideBySide | ID = 16842832
Description = Falha na geração de contexto de ativação para "c:\program files (x86)\activision\wolfenstein\MP\serverlauncher.exe".Erro
no arquivo de manifesto ou de diretiva "", na linha. Uma versão de componente exigida
pelo aplicativo está em conflito com outra versão de componente já ativa. Os componentes
conflitantes são:. Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16384_none_4211a0a22b7f925b.manifest.
Componente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16384_none_fa6469cb17036955.manifest.

Error - 26/08/2009 02:27:05 PM | Computer Name = i7 | Source = SideBySide | ID = 16842832
Description = Falha na geração de contexto de ativação para "c:\program files (x86)\Nero\nero
toolkit\nero discspeed\DiscSpeed.exe".Erro no arquivo de manifesto ou de diretiva
"", na linha. Uma versão de componente exigida pelo aplicativo está em conflito
com outra versão de componente já ativa. Os componentes conflitantes são:. Componente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16384_none_fa6469cb17036955.manifest.
Componente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16384_none_4211a0a22b7f925b.manifest.

Error - 26/08/2009 06:07:23 PM | Computer Name = i7 | Source = Software Protection Platform Service | ID = 1017
Description = Falha na instalação do Comprovante da Compra. 0xC004F015 Pkey Parcial=Y8QH3
ACID=bfb30674-7c9a-4624-9309-9914cfd5b05c
Erro
Detalhado[?]

Error - 26/08/2009 06:07:24 PM | Computer Name = i7 | Source = Software Protection Platform Service | ID = 1017
Description = Falha na instalação do Comprovante da Compra. 0xC004F015 Pkey Parcial=Y8QH3
ACID=bfb30674-7c9a-4624-9309-9914cfd5b05c
Erro
Detalhado[?]

Error - 26/08/2009 06:07:37 PM | Computer Name = i7 | Source = Software Protection Platform Service | ID = 1017
Description = Falha na instalação do Comprovante da Compra. 0xC004F050 Pkey Parcial=3MBMV
ACID=?
Erro
Detalhado[?]

Error - 26/08/2009 06:07:37 PM | Computer Name = i7 | Source = Software Protection Platform Service | ID = 8211
Description = Falha ao atualizar tokens de licença e chave do produto (Product Key)
do Windows com 0xC004F050.

[ System Events ]
Error - 24/08/2009 09:06:49 AM | Computer Name = i7 | Source = Service Control Manager | ID = 7026
Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema
ou de inicialização: atitray

Error - 24/08/2009 01:10:32 PM | Computer Name = i7 | Source = Service Control Manager | ID = 7026
Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema
ou de inicialização: atitray

Error - 24/08/2009 06:02:59 PM | Computer Name = i7 | Source = Service Control Manager | ID = 7026
Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema
ou de inicialização: atitray

Error - 24/08/2009 11:12:30 PM | Computer Name = i7 | Source = Service Control Manager | ID = 7026
Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema
ou de inicialização: atitray

Error - 25/08/2009 08:37:29 AM | Computer Name = i7 | Source = Service Control Manager | ID = 7026
Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema
ou de inicialização: atitray

Error - 25/08/2009 09:00:04 PM | Computer Name = i7 | Source = EventLog | ID = 6008
Description = O desligamento anterior do sistema em 9:58:03 PM às ?8/?25/?2009 não
era esperado.

Error - 25/08/2009 09:00:16 PM | Computer Name = i7 | Source = Service Control Manager | ID = 7026
Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema
ou de inicialização: atitray

Error - 26/08/2009 09:22:16 AM | Computer Name = i7 | Source = Service Control Manager | ID = 7026
Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema
ou de inicialização: atitray

Error - 26/08/2009 01:59:02 PM | Computer Name = i7 | Source = Service Control Manager | ID = 7026
Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema
ou de inicialização: atitray

Error - 26/08/2009 06:04:52 PM | Computer Name = i7 | Source = Service Control Manager | ID = 7026
Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema
ou de inicialização: atitray


< End of report >

 

[Mr.Wolf]

Olá pessoal

Gostaria de pedir desculpas à todos pela demora, principalmente os que não obtiveram mais respostas de minha parte como os amigos: Sonny, GVSPFC, luisednardo, PhOoBoS, Gustavo MPO e Megadeeth.

A demanda do trabalho foi intensa este mês devido a pandemia que está ocorrendo no mundo por causa do vírus H1N1 (gripe suína). Alguns funcionários da empresa filial que eu trabalho em Boston (EUA), infelizmente, vieram à falecer por terem sido infectados pela gripe, e tive que ir às pressas pra lá substituí-los inesperadamente. Não só eu como mais sete funcionários daqui do Brasil de diferentes cidades e da mesma empresa, obviamente.

Entretanto, não tive tempo de acessar fórum algum por causa disto, nem mesmo à Internet.

Graças a Deus as coisas estabilizaram por lá. Mas agora a demanda de serviços está aqui, rs.

Gostaria também de agradecer a preocupação e atenção dos amigos Sonny e luisednardo.

Certo da compreensão de todos

Atenciosamente

Abraços

 

[luisednardo]

E aí amigo Gustavo!!!
Blz parceiro?!
Cara o Mr Wolf sumiu do mapa mesmo hein??!! Não tenho a menor idéia do que possa ter acontecido, mas fico feliz de você disponibilizar um pouco do seu tempo pra ajudar a galera aqui do fórum.
Eu vi o seu post para o Mr Wolf perguntando sobre a compra de umas licenças do kaspersky no ML. E aí, vc comprou? Pow tava muito bom o preço mano, valia a pena arriscar. Se tiver comprado me passa o contato do vendedor pro meu e-mail vlw amigo?!
Cara, um forte abraço, bons estudos e obrigado em nome da galera do Adrena.
:yes:

 

[luisednardo]

CARACA!!!!
Putz que coincidência!!!
Estava escrevendo pra falar do Mr Wolf e o "bom filho à casa retorna!!!"
Que bom que voltou amigo!!
Graças a Deus consegui me virar por aqui mesmo, sem problemas.
mas e aí, vc chegou a pegar a gripe tb?
Putz cara, meus pêsames pelos seus amigos que faleceram. Essa gripe tá acabando com o mundo, achei que aqui em Fortaleza não fosse chegar mas já tem uma pá de gente doente tb, até agora ninguém morreu na minha cidade ainda...
Mas que bom que voltou amigo, eu imaginava que fosse algo de trabalho pois vc avisaria no fórum com certeza, mas pensei que pudesse ter acontecido coisa ruim, sei lá tipo sequestro, essas coisas... vixe!!! Bate na madeira!!! hehehe
Abraço amigo, bom trabalho pra vc e saúde que é o mais importante.

 

[Mr.Wolf]

CARACA!!!!
Putz que coincidência!!!
Estava escrevendo pra falar do Mr Wolf e o "bom filho à casa retorna!!!"
Que bom que voltou amigo!!
Graças a Deus consegui me virar por aqui mesmo, sem problemas.
mas e aí, vc chegou a pegar a gripe tb?
Putz cara, meus pêsames pelos seus amigos que faleceram. Essa gripe tá acabando com o mundo, achei que aqui em Fortaleza não fosse chegar mas já tem uma pá de gente doente tb, até agora ninguém morreu na minha cidade ainda...
Mas que bom que voltou amigo, eu imaginava que fosse algo de trabalho pois vc avisaria no fórum com certeza, mas pensei que pudesse ter acontecido coisa ruim, sei lá tipo sequestro, essas coisas... vixe!!! Bate na madeira!!! hehehe
Abraço amigo, bom trabalho pra vc e saúde que é o mais importante.

Olá luisednardo,

Pois é amigo, essa gripe está fora de controle. Pelo que vejo aqui no Brasil ela deu uma "tregua" (em termos). Mas lá nos EUA está pior a cada dia que passa. Graças a Deus não fui infectado não. Aqui em Curitiba morreram mais de cem pessoas, pelo que fiquei sabendo através da minha namorada e pelos jornais. Agora pelo visto deu uma estabilizada também.

Obrigado pelos pêsames. Foram grandes as perdas. Os amigos falecidos eram queridos, dois eram meus amigos de infância e formaram faculdade junto comigo. Tive que largar tudo por aqui e ir para lá substituí-los. Eu estava sem cabeça para acessar à fóruns e os demais sites da Internet que frequento por este infeliz ocorrido.

Abraços amigo, e obrigado.

 

[sonny]

Olá pessoal

Gostaria de pedir desculpas à todos pela demora, principalmente os que não obtiveram mais respostas de minha parte como os amigos: Sonny, GVSPFC, luisednardo, PhOoBoS, Gustavo MPO e Megadeeth.

A demanda do trabalho foi intensa este mês devido a pandemia que está ocorrendo no mundo por causa do vírus H1N1 (gripe suína). Alguns funcionários da empresa filial que eu trabalho em Boston (EUA), infelizmente, vieram à falecer por terem sido infectados pela gripe, e tive que ir às pressas pra lá substituí-los inesperadamente. Não só eu como mais sete funcionários daqui do Brasil de diferentes cidades e da mesma empresa, obviamente.

Entretanto, não tive tempo de acessar fórum algum por causa disto, nem mesmo à Internet.

Graças a Deus as coisas estabilizaram por lá. Mas agora a demanda de serviços está aqui, rs.

Gostaria também de agradecer a preocupação e atenção dos amigos Sonny e luisednardo.

Certo da compreensão de todos

Atenciosamente

Abraços

Grande Mr.Wolf, deu uma sumida mas agora esta de volta.

Essa gripe esta pegando muita gente desprevenido mesmo, mas foi confirmado de que o motivo foi exatamente este ?

Imagino o trabalho que vocês tiveram durante esse tempo, por isso o ideal seria mesmo se afastar do forum por uns dias. Mas, como não avisou (mesmo porque, acredito que nem deu tempo) a gente ficou preocupado.

Agora é bola pra frente e tentar colocar as coisas em ordens. Eu estou com uma gripe também, fazia 1 ano que eu não pegava nada, mas dessa vez não teve jeito. Não sei se é H1N1, creio que não, mas esta bem chata mesmo.

Seja bem-vindo novamente Mr.Wolf, a próxima vez tente avisar antes de sumir, para não deixar a galera doida hehe.

Abração !!!

 

[|St1ng3r|]

Putz, estou sem palavras agora.

Que tragico isso em Mr.Wolf, muito triste mesmo, de uma hora para outra e inesperadamente assim é muito triste.

Muito corajoso de sua parte largar tudo aqui e ir para la no meio de caos (literalmente), para substitui-los.

Meus pêsames pelos seus amigos e boa sorte.