Remoção de vírus

Etdet · 05/09/2009

fala grande wolf... foi mal aquele dia e ainda nao resolveu e porque tava ocupado... mas queria saber como ta no pc

HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:36:08, on 5/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe
C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe
C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\DU Meter\DUMeter.exe
C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\cFosSpeed\spd.exe
C:\Arquivos de programas\Cobian Backup 9\cbService.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\DU Meter\DUMeterSvc.exe
C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\OpenDNS Updater\OpenDNS Updater.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Arquivos de programas\OpenDNS Updater\OpenDNS Updater.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
E:\Downloads mozilla\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.search.yahoo.com/search?fr=mcafee&p=%s
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Arquivos de programas\OpenDNS Updater\OpenDNS Updater.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [cFosSpeed] C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CyberMania] C:\Arquivos de programas\ESET\CyberMania.exe
O4 - HKLM\..\Run: [NodEnabler] C:\Arquivos de programas\ESET\ESET Smart Security\NodEnabler\NodEnabler.exe /s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DU Meter] C:\Arquivos de programas\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B2BBB7C-B750-4555-BF72-08A2AE7FF353}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B2BBB7C-B750-4555-BF72-08A2AE7FF353}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{0B2BBB7C-B750-4555-BF72-08A2AE7FF353}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Arquivos de programas\cFosSpeed\spd.exe
O23 - Service: Cobian Backup 9 serviço (CobianBackupAmanita) - Luis Cobian - C:\Arquivos de programas\Cobian Backup 9\cbService.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Arquivos de programas\DU Meter\DUMeterSvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenDNS Updater (OpenDNS Updater.exe) - OpenDNS - C:\Arquivos de programas\OpenDNS Updater\OpenDNS Updater.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 8301 bytes

lta075 · 05/09/2009

opa wolf

O firewall do vista é melhor que o outpost firewall(esse é bom também?)?

meu log esta bom?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:52:08, on 05/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Fraps\fraps.exe
C:\Program Files (x86)\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Users\Luciano\DGMShoter.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files (x86)\ColarIsto\ColarIsto.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\BitComet\BitComet.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Luciano\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ColarIsto] "C:\Program Files (x86)\ColarIsto\ColarIsto.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [DGM Screenshoter] C:\Users\Luciano\DGMShoter.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus CX5600 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAL.EXE /FU "C:\Windows\TEMP\E_S1766.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE4FEF35-1BB5-435E-937C-4385CF8A328E}: NameServer = 201.6.0.112,201.6.0.108
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files (x86)\Scpad\scpVista.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 8907 bytes

lta075 · 05/09/2009

d novo

opa
Agora o notebook:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:33, on 5/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\csrcs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe
C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Arquivos de programas\QuickTime\qttask.exe
C:\Arquivos de programas\HPQ\Quick Launch Buttons\EabServr.exe
C:\Arquivos de programas\Java\jre1.5.0\bin\jusched.exe
C:\Arquivos de programas\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\vsnppro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Software WIDCOMM\Bluetooth\BTTray.exe
C:\ARQUIV~1\SOFTWA~1\BLUETO~1\BTSTAC~1.EXE
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Arquivos de programas\HPQ\shared\hpqwmi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\Angelica\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Arquivos de programas\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Arquivos de programas\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [OutpostMonitor] C:\ARQUIV~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Arquivos de programas\Agnitum\Outpost Firewall\feedback.exe" /dump

s_startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [snppro] C:\WINDOWS\vsnppro.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [\\LTAKA\EPSON Stylus CX5600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE /FU "C:\DOCUME~1\Angelica\CONFIG~1\Temp\E_S3C.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar para &Bluetooth - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2670A3D-7F22-4878-8C8D-E92B94CF121C}: NameServer = 201.6.0.112,201.6.0.108
O20 - AppInit_DLLs: c:\arquiv~1\agnitum\outpos~1\wl_hook.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\ARQUIV~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Arquivos de programas\HPQ\shared\hpqwmi.exe

--
End of file - 7787 bytes

lukox · 07/09/2009

Mr.Wolf, meu pc de uns dias pra ca anda travando mto, hoje eu usando a internet aqui do nada ele abriu 8 paginas do Mozila do nada, ele fexa os programas sozinho também, meu msn aonde tem os icones de Emoticons etc os icones mudaro tudo e ao clicar neles abre sites

, se puder me ajuda eu agradeço, abraços.

Logfile of HijackThis v1.99.1
Scan saved at 20:37:22, on 7/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\All Users\Dados de aplicativos\Sukoku\sukoku117.exe
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Arquivos de programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe
C:\Arquivos de programas\Messenger\Msmsgs.exe
c:\Arquivos de programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\DoubleD\JuicyAccess Toolbar\4.2.4.23050\stbapp.exe
C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mad.exe
C:\Arquivos de programas\Sukoku\sukoku.exe
C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\ARQUIV~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\ARQUIV~1\WI1F86~1\MESSEN~1\msnmsgr.exe
C:\Arquivos de programas\DoubleD\JuicyAccess Toolbar\4.2.4.23050\stbappHelper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\mspaint.exe
C:\Arquivos de programas\Opera\opera.exe
C:\Arquivos de programas\Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Arquivos de programas\Opera\opera.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\mspaint.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\mspaint.exe
C:\Arquivos de programas\Teamspeak2_RC2\TeamSpeak.exe
C:\Arquivos de programas\Windows Media Player\wmplayer.exe
C:\Arquivos de programas\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Arquivos de programas\Internet Saving Optimizer\3.7.1.4630\NPIEAddOn.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Arquivos de programas\System Search Dispatcher\1.4.1.1010\ssd.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: JuicyAccess Toolbar - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - C:\Arquivos de programas\DoubleD\JuicyAccess Toolbar\4.2.4.23050\stb0.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Arquivos de programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SmileyApp] C:\Arquivos de programas\DoubleD\JuicyAccess Toolbar\4.2.4.23050\stbapp.exe
O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{44BC92C3-4150-409E-B047-0FA0491523CB}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{49900B58-C59B-4F42-B7C7-75E2D1051CD1}: NameServer = 200.204.0.10,200.204.0.138
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: c:\windows\elf_key.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sukoku Service - Unknown owner - C:\Documents and Settings\All Users\Dados de aplicativos\Sukoku\sukoku117.exe" "C:\Arquivos de programas\Sukoku\sukoku.dll" Service (file missing)

luisednardo · 08/09/2009

Olá Mr Wolf,
Tudo bem contigo amigo?
Mais uma vez te perturbando para analisar um log aqui.
Muito Obrigado de antemão!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:56:40, on 8/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe
C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
C:\Arquivos de programas\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe
C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe
C:\Arquivos de programas\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe
C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Hijackthis\HijackThis.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [LtMoh] C:\Arquivos de programas\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-117609710-842925246-524930387-1004\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart17.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{A24BDB08-5A3B-429A-9E76-63372FA49E67}: NameServer = 192.168.0.1
O20 - AppInit_DLLs: acaptuser32.dll,c:\progra~1\Manson\liser.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: WinPolicy AutoLock (AutoLock) - Unknown owner - \WPService.exe (file missing)
O23 - Service: Serviço de transferência inteligente de plano de fundo (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: EvtEng - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Atualizações Automáticas (wuauserv) - Unknown owner - C:\WINDOWS\
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Airton/CONFIG~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 10021 bytes

Malwarebytes' Anti-Malware 1.40
Versão do banco de dados: 2759
Windows 5.1.2600 Service Pack 3

8/9/2009 17:48:35
mbam-log-2009-09-08 (17-48-35).txt

Tipo de Verificação: Rápida
Objetos verificados: 95303
Tempo decorrido: 3 minute(s), 47 second(s)

Processos da Memória infectados: 2
Módulos de Memória Infectados: 0
Chaves do Registro infectadas: 1
Valores do Registro infectados: 4
Ítens do Registro infectados: 3
Pastas infectadas: 0
Arquivos infectados: 9

Processos da Memória infectados:
C:\WINDOWS\system32\csrcs.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\sysmgr.exe (Trojan.Agent) -> Unloaded process successfully.

Módulos de Memória Infectados:
(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\xfgjxrtisrrs45y3heszgraw80 (Trojan.Downloader) -> Quarantined and deleted successfully.

Valores do Registro infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\csrcs (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft(r) system manager (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.

Ítens do Registro infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe csrcs.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Pastas infectadas:
(Nenhum ítem malicioso foi detectado)

Arquivos infectados:
C:\WINDOWS\system32\Iasv32.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\426db49b.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\54610c0d.sys (Rootkit.Rustock) -> Delete on reboot.
C:\WINDOWS\system32\drivers\86f93bae.sys (Rootkit.Rustock) -> Delete on reboot.
C:\WINDOWS\system32\drivers\90a33360.sys (Rootkit.Rustock) -> Delete on reboot.
C:\WINDOWS\system32\drivers\c2c5ef87.sys (Rootkit.Rustock) -> Delete on reboot.
C:\WINDOWS\system32\csrcs.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvcrt2.dll (Trojan.Donbot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysmgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.

karolz · 09/09/2009

Olá Mr. Wolf passando só pra trazer os logs.
Pergunta: Já ta tudo certo ou ainda falta alguma coisa? É pq meu pc tá meio lento...
Mas ele sempre foi desse jeito então n sei se ainda tem alguma coisa nele... :huh:
Até mais! :wave:

ComboFix:

ComboFix 09-09-08.06 - Nóis Todos 09/09/2009 9:04.4.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.223.88 [GMT -3:00]
Executando de: c:\documents and settings\Nóis Todos\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Nóis Todos\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\windows\system32\gbiehcef.dll"
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\arquivos de programas\Yahoo!
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_anstip.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_anstipg.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_as.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_atb.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_auttip.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_auttipg.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_bootip.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_catb.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_clutip.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_clutipg.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_cnf.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_cotb.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_ctb.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_fantip.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_fantipg.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_fintip.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_fintipg.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_flktip.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_flktipg.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_grptip.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_grptipg.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_loctip.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_loctipg.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_logtip.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_mailatip.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_mailtip.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_map.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_mlbtip.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_mlbtipg.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_movtip.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_movtipg.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_msgratip.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_msgrtip.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_mustip.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_mustipg.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_nbatip.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_nbatipg.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_newstip.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_newstipg.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_newtip.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_newtipg.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_nfltip.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_nfltipg.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_opt.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_pub.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_shotip.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_shotipg.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_srchtip.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_tratip.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_tratipg.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_upg.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_weatip.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_weatipg.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_wp.html
c:\arquivos de programas\Yahoo!\Companion\Data\dlg_wp2.html
c:\documents and settings\All Users\Dados de aplicativos\GbPlugin
c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion
c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion\Cache\filelist
c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion\Icons\bkm_add_2_s0.gif
c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion\Icons\cob_cclean.bmp
c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion\Icons\flk2.gif
c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion\Icons\llama2.gif
c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion\Icons\srch_ans_1.gif
c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion\Icons\srch_hi_1.gif
c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion\Icons\srch_img_1.gif
c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion\Icons\srch_nws_1.gif
c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion\Icons\srch_sh_1.gif
c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion\Icons\srch_site_1.gif
c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion\Icons\srch_vid_1.gif
c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion\Icons\st_web2.bmp
c:\windows\Installer\16b7973.msp
c:\windows\system32\gbiehcef.dll

.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-08-09 to 2009-09-09 ))))))))))))))))))))))))))))
.

2009-09-04 14:21 . 2009-09-04 14:23 2582016 ----a-w- c:\windows\system32\msvfw64.dll
2009-09-03 12:31 . 2009-09-03 12:31 -------- d-----w- c:\arquivos de programas\Trend Micro
2009-08-27 20:34 . 2007-04-09 16:23 28040 ----a-w- c:\windows\system32\mdimon.dll
2009-08-27 20:32 . 2009-08-27 20:32 -------- d-----w- c:\arquivos de programas\Microsoft.NET
2009-08-27 20:27 . 2009-08-27 20:27 -------- d-----r- C:\MSOCache
2009-08-27 14:48 . 2009-08-27 14:48 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-27 14:48 . 2009-08-27 20:32 -------- d-----w- c:\windows\ShellNew
2009-08-27 12:17 . 2009-08-27 14:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-31 12:46 . 2008-04-14 12:00 48846 ----a-w- c:\windows\system32\perfc016.dat
2009-08-31 12:46 . 2008-04-14 12:00 344734 ----a-w- c:\windows\system32\perfh016.dat
2009-08-27 19:15 . 2009-06-30 23:40 -------- d-----w- c:\arquivos de programas\eMule
2009-08-27 16:24 . 2009-07-01 14:36 -------- d-----w- c:\arquivos de programas\Total Video Converter
2009-08-05 15:47 . 2009-06-30 14:49 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:00 . 2008-04-14 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 13:09 . 2009-08-03 15:44 -------- d-----w- c:\arquivos de programas\Oi Velox
2009-07-30 17:02 . 2009-07-30 17:01 -------- d-----w- c:\arquivos de programas\Philips
2009-07-30 17:02 . 2009-07-30 17:01 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-07-20 17:32 . 2009-06-30 14:53 -------- d-----w- c:\arquivos de programas\The KMPlayer
2009-07-17 19:03 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 15:21 . 2008-04-14 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-12 15:12 . 2009-06-30 16:19 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2009-07-09 22:59 . 2009-07-09 21:24 167986 ----a-w- c:\windows\hpoins28.dat
2009-07-08 16:56 . 2009-07-08 16:56 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-03 16:59 . 2008-04-14 12:00 915456 ------w- c:\windows\system32\wininet.dll
2009-06-30 15:20 . 2009-06-30 14:49 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-30 14:21 . 2009-06-30 14:21 21844 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-25 08:27 . 2008-04-14 12:00 732672 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:27 . 2008-04-14 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:27 . 2008-04-14 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:27 . 2008-04-14 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:27 . 2008-04-14 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:27 . 2008-04-14 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2008-04-14 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-23 09:22 . 2009-07-01 13:37 24893616 ----a-w- C:\AdbeRdr910_pt_BR.exe
2009-06-16 14:39 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:39 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:44 . 2008-04-14 12:00 77824 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:44 . 2008-04-14 12:00 81408 ----a-w- c:\windows\system32\tlntsess.exe
.

((((((((((((((((((((((((((((( SnapShot_2009-09-03_11.42.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-09 12:12 . 2009-09-09 12:12 16384 c:\windows\temp\Perflib_Perfdata_284.dat
+ 2009-08-27 20:33 . 2009-09-05 12:47 23040 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-08-27 20:33 . 2009-09-03 11:28 23040 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-08-27 20:33 . 2009-09-03 11:28 61440 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-08-27 20:33 . 2009-09-05 12:47 61440 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-08-27 20:33 . 2009-09-03 11:28 27136 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-08-27 20:33 . 2009-09-05 12:47 27136 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-08-27 20:33 . 2009-09-03 11:28 11264 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-08-27 20:33 . 2009-09-05 12:47 11264 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-08-27 20:33 . 2009-09-03 11:28 86016 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-08-27 20:33 . 2009-09-05 12:47 86016 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-08-27 20:33 . 2009-09-05 12:47 12288 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-08-27 20:33 . 2009-09-03 11:28 12288 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-03-22 22:07 . 2007-03-22 22:07 78168 c:\windows\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.8173\RM.DLL
+ 2007-03-22 22:07 . 2007-03-22 22:07 41824 c:\windows\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.8173\RECALL.DLL
+ 2007-03-22 22:05 . 2007-03-22 22:05 97632 c:\windows\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.8173\PP7X32.DLL
+ 2007-04-19 16:53 . 2007-04-19 16:53 69984 c:\windows\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.8173\OUTLRPC.DLL
+ 2007-03-22 22:07 . 2007-03-22 22:07 80224 c:\windows\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.8173\DLGSETP.DLL
+ 2007-03-22 22:07 . 2007-03-22 22:07 91488 c:\windows\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL
- 2009-08-27 20:33 . 2009-09-03 11:28 4096 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-08-27 20:33 . 2009-09-05 12:47 4096 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-06-30 11:12 . 2009-09-03 12:10 194568 c:\windows\system32\FNTCACHE.DAT
- 2009-06-30 11:12 . 2009-08-28 11:33 194568 c:\windows\system32\FNTCACHE.DAT
+ 2007-10-06 11:46 . 2007-10-06 11:46 205312 c:\windows\Installer\157740e.msp
+ 2008-01-23 20:10 . 2008-01-23 20:10 817152 c:\windows\Installer\15773dc.msp
+ 2008-07-28 17:47 . 2008-07-28 17:47 162304 c:\windows\Installer\15773c7.msp
- 2009-08-27 20:33 . 2009-09-03 11:27 409600 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-08-27 20:33 . 2009-09-05 12:47 409600 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-08-27 20:33 . 2009-09-03 11:28 286720 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-08-27 20:33 . 2009-09-05 12:47 286720 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-08-27 20:33 . 2009-09-03 11:28 249856 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-08-27 20:33 . 2009-09-05 12:47 249856 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-08-27 20:33 . 2009-09-05 12:47 794624 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-08-27 20:33 . 2009-09-03 11:28 794624 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-08-27 20:33 . 2009-09-05 12:47 135168 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-08-27 20:33 . 2009-09-03 11:28 135168 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-08-27 20:33 . 2009-09-03 11:28 593920 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-08-27 20:33 . 2009-09-05 12:47 593920 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-03-22 22:22 . 2007-03-22 22:22 103264 c:\windows\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL
+ 2007-05-10 16:34 . 2007-05-10 16:34 562528 c:\windows\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.8173\PUBCONV.DLL
+ 2007-05-31 16:36 . 2007-05-31 16:36 612184 c:\windows\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.8173\PTXT9.DLL
+ 2007-05-31 16:35 . 2007-05-31 16:35 133976 c:\windows\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.8173\PRTF9.DLL
+ 2007-04-19 16:53 . 2007-04-19 16:53 149856 c:\windows\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.8173\OUTLPH.DLL
+ 2007-05-31 16:42 . 2007-05-31 16:42 200032 c:\windows\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.8173\OUTLOOK.EXE
+ 2007-04-19 16:53 . 2007-04-19 16:53 106336 c:\windows\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL
+ 2007-04-19 16:54 . 2007-04-19 16:54 183136 c:\windows\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.8173\MIMEDIR.DLL
+ 2007-04-19 16:53 . 2007-04-19 16:53 127328 c:\windows\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL
+ 2007-04-19 17:09 . 2007-04-19 17:09 167256 c:\windows\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
+ 2007-04-19 16:53 . 2007-04-19 16:53 137568 c:\windows\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.8173\ENVELOPE.DLL
+ 2003-07-15 14:18 . 2003-07-15 14:18 141360 c:\windows\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\ATP.DLL
+ 2008-06-11 18:05 . 2008-06-11 18:05 9994240 c:\windows\Installer\b52a3.msp
+ 2009-05-01 18:49 . 2009-05-01 18:49 4328960 c:\windows\Installer\b5289.msp
+ 2009-07-01 16:21 . 2009-07-01 16:21 8891904 c:\windows\Installer\b5271.msp
+ 2009-05-12 16:01 . 2009-05-12 16:01 6818816 c:\windows\Installer\b5243.msp
+ 2008-04-01 17:33 . 2008-04-01 17:33 5479936 c:\windows\Installer\b522d.msp
+ 2008-01-31 13:30 . 2008-01-31 13:30 9947648 c:\windows\Installer\b51fe.msp
+ 2009-04-23 20:57 . 2009-04-23 20:57 7672832 c:\windows\Installer\16b7971.msp
+ 2007-11-15 16:31 . 2007-11-15 16:31 4120064 c:\windows\Installer\16b795b.msp
+ 2008-01-14 19:53 . 2008-01-14 19:53 5213696 c:\windows\Installer\1577423.msp
+ 2008-10-25 12:15 . 2008-10-25 12:15 6227456 c:\windows\Installer\1577407.msp
+ 2007-05-31 16:35 . 2007-05-31 16:35 6420320 c:\windows\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE
+ 2007-05-10 16:45 . 2007-05-10 16:45 8069464 c:\windows\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.8173\OWC11.DLL
+ 2007-05-31 16:43 . 2007-05-31 16:43 7613280 c:\windows\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.8173\OUTLLIB.DLL
+ 2007-05-10 16:35 . 2007-05-10 16:35 6747480 c:\windows\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.8173\MSPUB.EXE
+ 2009-07-01 16:19 . 2009-07-01 16:19 10607104 c:\windows\Installer\b5272.msp
+ 2008-07-30 11:50 . 2008-07-30 11:50 12506112 c:\windows\Installer\b5259.msp
+ 2008-06-04 16:29 . 2008-06-04 16:29 16905728 c:\windows\Installer\b5214.msp
+ 2008-01-14 18:24 . 2008-01-14 18:24 10721280 c:\windows\Installer\15773f1.msp
+ 2007-05-31 16:37 . 2007-05-31 16:37 12310368 c:\windows\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE
+ 2007-06-18 20:16 . 2007-06-18 20:16 12259160 c:\windows\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.8173\MSO.DLL
+ 2007-05-31 16:41 . 2007-05-31 16:41 10352472 c:\windows\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE
.
-- Snapshot resetado para data atual --
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"desp2k"="c:\arquivos de programas\Oi Velox\Manager\desp2k.exe" [2006-08-03 65536]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Philips SA30XX Device Manager.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Philips SA30XX Device Manager.lnk
backup=c:\windows\pss\Philips SA30XX Device Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\WINDOWS\\system32\\NeroCheck.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [2009-06-30 108289]
S2 cmpe;Context Manager Process Extension;c:\windows\system32\cmpe.exe [2007-02-26 61440]
S3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 31232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.ceara.gov.br/
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {296EF59E-B6E5-41FB-95E7-7542B2586E78} = 200.165.132.155 200.149.55.140
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-09-09 09:14
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]
"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(1968)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-09-09 9:20 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-09-09 12:20
ComboFix2.txt 2009-09-03 12:17
ComboFix3.txt 2009-09-03 11:45
ComboFix4.txt 2009-08-31 13:14

Pré-execução: 6 pasta(s) 41.669.591.040 bytes disponíveis
Pós execução: 9 pasta(s) 41.887.182.848 bytes disponíveis

302 --- E O F --- 2009-09-05 12:47

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:21:42, on 09/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\cmpe.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ceara.gov.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\WINDOWS\system32\gbiehcef.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1246401445375
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{296EF59E-B6E5-41FB-95E7-7542B2586E78}: NameServer = 200.165.132.155 200.149.55.140
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

--
End of file - 5159 bytes

Maximillian · 09/09/2009

Mr.Wolf, voce ja me ajudou com um conficker, agora formatei meu pc e nao abro o regedit nem o gerenciador de tarefas, creio que seja o festa exe,porem as ferramentas que me indicaram nao funcionam... vou te mandar meu log do hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53:23, on 9/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\NiwradSoft Shell Pack\Software\Styler\Styler.exe
C:\WINDOWS\NiwradSoft Shell Pack\Software\ViOrb\ViOrbv2.exe
C:\Arquivos de programas\NitroPC\crack\NitroPC.exe
C:\Documents and Settings\Paulista\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Paulista\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Paulista\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Paulista\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Paulista\Meus documentos\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\WINDOWS\NiwradSoft Shell Pack\Software\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Reloader] C:\WINDOWS\NiwradSoft Shell Pack\Tools\Reloader.exe /S
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Styler] C:\WINDOWS\NiwradSoft Shell Pack\Software\Styler\Styler.exe
O4 - HKCU\..\Run: [ViStart] C:\WINDOWS\NiwradSoft Shell Pack\Software\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\WINDOWS\NiwradSoft Shell Pack\Software\ViOrb\ViOrbv2.exe
O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\crack\NitroPC.exe" -minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Estatísticas de proteção de tráfego da web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O20 - AppInit_DLLs: C:\ARQUIV~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4241 bytes

Mr.Wolf · 10/09/2009

Olá pessoal, boa tarde! Desculpe-me a demora em responder. O tempo está corrido por aqui.

Não sei se os amigos ainda estão necessitando de ajuda. Mas responderei de qualquer forma - postarei todas as respostas apenas neste post ok.

palma, ative a opção de ver pastas e arquivos ocultos e delete a pasta em destaque abaixo:

C:\Documents and Settings\palma\Dados de aplicativos\S03-7323-GEYNAWT-2623-TGAW

Vá em Iniciar > Executar, digite ComboFix /u e dê um OK.

No mais, o log está limpo, palma. Algum problema?

_______________________________________________

Flea, siga as instruções do spoiler abaixo:

- Faça o download do RSIT e salve no seu desktop;

● Dê dois cliques em RSIT.exe para executar o programa;
● Na janela que abrir clique no botão Continue para que a ferramenta comece a rodar;
● Quando a ferramenta terminar de rodar, abrirá um log automaticamente no bloco de notas contendo o resultado do scan. Cole o resultado desse log (log.txt) na sua próxima resposta;
● Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt.

_______________________________________________

didifpg, siga abaixo:

Reinicie o computador em Modo de Segurança.

Vá em Iniciar > Executar, cole o comando "%userprofile%\desktop\combofix.exe" /killall na caixa e dê um OK, como na imagem abaixo:

O ComboFix irá rodar novamente, e poderá demorar mais do que o normal.

Ao término, poste o novo log que será gerado.

_______________________________________________

LuiZz``, siga abaixo:

- Faça o download do Malwarebytes Anti-Malware e salve-o no desktop;

● Dê dois cliques no programa para iniciar a instalação. Selecione o idioma Português (Brasil);
● Ao final da instalação, marque as opções "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em Concluir;
● Após a instalação execute o programa;
● Marque a opção Verificação Completa e depois clique em Verificar. Selecione sua unidade C: e clique no botão Iniciar Verificação;
● Quando o scan terminar, clique em OK e o log será automaticamente aberto para você;
● Se algo for detectado, verifique se todos os itens estão marcados e clique no botão Remover.
OBS: Caso apareça uma mensagem pedindo para que você reinicie o computador para completar o processo de remoção, reinicie-o imediatamente;
● O log pode ser consultado clicando em Logs do menu principal também;

Copie e cole o conteúdo desse log na sua próxima resposta, juntamente com um novo log do HijackThis.

_______________________________________________

Artsimoes, vá em Iniciar > Executar, digite services.msc e dê um OK. Procure no painel pelo serviço "Firewall do Windows/Compartilhamento de Conexão com a Internet (ICS)" e veja se o mesmo está iniciado e em automático.

_______________________________________________

Etdet, seu log contém entradas indeterminadas. Terei que verificar se as mesmas ainda existem.

Portanto, poste um novo log aqui (atual) amigo Etdet.

_______________________________________________

lta075, o mesmo ocorre com seus logs - possuem entradas indeterminadas.

Poste novos logs lta075.

_______________________________________________

lukox, foi você quem instalou o programa Sukoku? Trata-se de um keystroke (leia-se keylogger) - programa que possui a finalidade de monitorar e gravar tudo que foi digitado em seu computador.

Se não foi você, desinstale este programa pelo Adicionar ou Remover Programas, gere um novo log do HijackThis e poste-o aqui.

OBS: Vá em um computador limpo e troque todas as suas senhas.

_______________________________________________

luisednardo, siga abaixo:

Baixe o TFC e salve-o no desktop

Salve tudo que estiver fazendo e feche todos os programas abertos
Clique no botão Start e aguarde a rápida verificação. Dê um OK na mensagem e aguarde o PC reiniciar.

Rode o ComboFix e poste o log dele.

OBS: Diga ao dono da máquina que troque as senhas luisednardo. Pois o Rootkit Rustock (malware constado no computador) rouba senhas.

_______________________________________________

karolz, este computador está conectado em uma rede? Se estiver, desconecte-o. Pois ele foi reinfectado.

Siga abaixo:

Cole este texto no Bloco de Notas e salve como CFScript.txt no desktop

Código:

KILLALL::

Folder::

File::
c:\windows\system32\msvfw64.dll

Driver::

Reboot::

Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:

● Se for solicitado à você, pressione Enter para iniciar o processo de remoção;
● Não use o mouse nem o teclado quando o ComboFix estiver rodando;
● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt;
● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

_______________________________________________

Maximillian, está recebendo algum erro no arquivo Isass.exe? Verifique se o prompt de comando, msconfig e o gpedit.msc também se encontram bloqueados.

Agora, um detalhe tanto quanto duvidoso Maximillian:

C:\Arquivos de programas\NitroPC\crack\NitroPC.exe

Este pode ser um dos motivos da infecção.

Siga abaixo no spoiler:

Abra o HijackThis, clique em Do a system scan only, marque a entrada abaixo e dê um Fix checked:

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1

Clique em Sim na mensagem e feche o programa.

Faça o download do OTL e salve-o no desktop;

● Dê um duplo clique em OTL.exe para executá-lo;
● Marque as opções: Scan All Users e Minimal Output. No item "File Age" coloque a opção 90 Days;
● Clique no botão

e aguarde o scan;
● Dois logs serão abertos no Bloco de Notas:

- OTL.Txt <- este será aberto
- Extras.Txt <- este estará minimizado

Eles também estão salvos no desktop. Cole-os em sua próxima resposta.

lukox · 10/09/2009

Mr.Wolf, desistalei o programa e mudei minhas senhas ah e não foi eu que istalei esse programa.

Corre algum risco deu estar com Keylogger ?O Log segue logo abaixo, vlw pela sua ajuda denovo MR.Wolf

Logfile of HijackThis v1.99.1
Scan saved at 17:28:57, on 10/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Arquivos de programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe
C:\Arquivos de programas\Messenger\Msmsgs.exe
c:\Arquivos de programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mad.exe
C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe
C:\ARQUIV~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Teamspeak2_RC2\TeamSpeak.exe
C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe
C:\Arquivos de programas\Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe
C:\Arquivos de programas\Opera\opera.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Arquivos de programas\Tibia 8.50\Tibia\Tibia.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\update.exe
C:\Arquivos de programas\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Arquivos de programas\Internet Saving Optimizer\3.7.1.4630\NPIEAddOn.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Arquivos de programas\System Search Dispatcher\1.4.1.1010\ssd.dll (file missing)
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Arquivos de programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{44BC92C3-4150-409E-B047-0FA0491523CB}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{49900B58-C59B-4F42-B7C7-75E2D1051CD1}: NameServer = 200.204.0.10,200.204.0.138
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\elf_key.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

didifpg · 10/09/2009

tah aí o log...

ComboFix 09-09-03.02 - Administrador 10/09/2009 18:41.4.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.703 [GMT -3:00]
Executando de: c:\documents and settings\Administrador\desktop\combofix.exe
Comandos utilizados :: /killall
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-08-10 to 2009-09-10 ))))))))))))))))))))))))))))
.

2009-09-10 03:20 . 2009-09-10 03:23 -------- d-----w- c:\documents and settings\Administrador\.LocalCooling
2009-09-09 19:47 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-05 23:45 . 2009-09-05 23:45 230432 ----a-w- C:\PA207.DAT
2009-09-01 23:12 . 2009-09-01 23:12 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes
2009-09-01 23:11 . 2009-08-03 16:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-01 23:11 . 2009-09-01 23:11 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2009-09-01 23:11 . 2009-09-01 23:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2009-09-01 23:11 . 2009-08-03 16:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-27 01:31 . 2009-08-27 01:31 12 ----a-w- c:\windows\Emcmm.dat
2009-08-25 01:42 . 2009-08-25 01:47 -------- d-----w- c:\documents and settings\Administrador\.rainlendar2
2009-08-25 01:41 . 2009-08-25 01:47 -------- d-----w- c:\arquivos de programas\Rainlendar2
2009-08-22 00:50 . 2009-09-10 00:19 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Ulead Systems
2009-08-22 00:48 . 2009-08-22 00:49 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\DivX
2009-08-22 00:38 . 2009-08-22 00:38 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InterVideo
2009-08-22 00:37 . 2007-01-03 21:58 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-08-22 00:37 . 2007-01-03 21:58 116472 ------w- c:\windows\system32\pxcpyi64.exe
2009-08-22 00:37 . 2009-09-10 00:05 -------- d-----w- c:\arquivos de programas\DivX
2009-08-22 00:37 . 2009-08-22 00:37 -------- d-----w- c:\arquivos de programas\Arquivos comuns\LightScribe
2009-08-22 00:35 . 2009-09-10 00:19 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Ulead Systems
2009-08-22 00:34 . 2005-05-26 18:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-10 04:36 . 2008-04-04 11:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help
2009-09-10 03:27 . 2008-04-14 23:48 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\CyberLink
2009-09-10 03:27 . 2008-10-28 22:49 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Sony Setup
2009-09-10 00:19 . 2008-04-04 11:39 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-09-02 01:47 . 2008-04-23 01:53 -------- d-----w- c:\arquivos de programas\Circle Developement
2009-08-28 19:43 . 2008-09-30 17:59 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP
2009-08-21 02:46 . 2008-08-28 17:44 -------- d-----w- c:\arquivos de programas\Alldj_DVD_To_AVI
2009-08-05 09:00 . 2004-08-04 01:45 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-22 20:27 . 2009-03-05 18:09 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink
2009-07-20 21:46 . 2008-04-23 01:53 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live
2009-07-17 19:03 . 2004-08-04 01:45 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 02:43 . 2004-08-04 01:45 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:59 . 2004-08-04 01:45 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 08:27 . 2004-08-04 01:45 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:27 . 2004-08-04 01:45 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:27 . 2004-08-04 01:45 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:27 . 2004-08-04 01:45 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:27 . 2004-08-04 01:45 732672 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:27 . 2004-08-04 01:45 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-03 23:59 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:39 . 2004-08-04 01:45 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:39 . 2001-10-28 15:06 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 10:44 . 2004-08-04 01:45 77824 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:44 . 2004-08-04 01:45 81408 ----a-w- c:\windows\system32\tlntsess.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-09-03_22.33.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-04 11:50 . 2009-08-12 03:09 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-04-04 11:50 . 2009-09-10 04:36 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-04-04 11:50 . 2009-09-10 04:36 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-04-04 11:50 . 2009-08-12 03:09 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-04-04 11:50 . 2009-08-12 03:09 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-04-04 11:50 . 2009-09-10 04:36 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2004-08-04 01:45 . 2009-03-08 07:33 726528 c:\windows\system32\jscript.dll
+ 2004-08-04 01:45 . 2009-06-22 06:48 726528 c:\windows\system32\jscript.dll
+ 2008-10-03 16:56 . 2009-06-22 06:48 726528 c:\windows\system32\dllcache\jscript.dll
- 2008-10-03 16:56 . 2009-03-08 07:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2008-04-04 11:50 . 2009-09-10 04:36 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-04-04 11:50 . 2009-08-12 03:09 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-04-04 11:50 . 2009-09-10 04:36 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-04-04 11:50 . 2009-08-12 03:09 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-04-04 11:50 . 2009-08-12 03:09 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-04-04 11:50 . 2009-09-10 04:36 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-04-04 11:50 . 2009-08-12 03:09 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-04-04 11:50 . 2009-09-10 04:36 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-04-04 11:50 . 2009-09-10 04:36 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-04-04 11:50 . 2009-08-12 03:09 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-04-04 11:50 . 2009-09-10 04:36 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-04-04 11:50 . 2009-08-12 03:09 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-04-04 11:50 . 2009-09-10 04:36 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-04-04 11:50 . 2009-08-12 03:09 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-09-10 04:36 . 2008-07-08 12:58 395128 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2009-09-10 04:36 . 2008-07-08 12:58 233336 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2009-09-10 04:36 . 2009-03-08 07:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2004-08-04 01:45 . 2009-05-20 07:56 2458112 c:\windows\system32\WMVCore.dll
- 2004-08-04 01:45 . 2008-06-18 07:03 2458112 c:\windows\system32\WMVCore.dll
- 2008-04-03 16:44 . 2009-08-28 03:00 1563504 c:\windows\system32\FNTCACHE.DAT
+ 2008-04-03 16:44 . 2009-09-10 11:54 1563504 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-04 01:45 . 2009-05-20 07:56 2458112 c:\windows\system32\dllcache\WMVCore.dll
- 2004-08-04 01:45 . 2008-06-18 07:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-08-18 15:56 . 2009-08-18 15:56 5020672 c:\windows\Installer\f5297e.msp
+ 2009-09-10 03:20 . 2009-09-10 03:20 4109824 c:\windows\Installer\aff452.msi
+ 2008-04-04 11:50 . 2009-09-10 04:36 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-04-04 11:50 . 2009-08-12 03:09 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-04-04 11:50 . 2009-09-10 04:36 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-04-04 11:50 . 2009-08-12 03:09 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-04-23 09:29 . 2009-08-28 21:38 24689600 c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 94208]
"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ares"="c:\arquivos de programas\Ares\Ares.exe" [2008-02-20 963072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-08 30208]
"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avgnt"="c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-21 266497]
"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2008-09-06 413696]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-06-15 1826816]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\
Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"c:\\Arquivos de programas\\Ares\\Ares.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\eMule\\emule.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

R3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [29/5/2007 13:30 508160]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Conteúdo da pasta 'Tarefas Agendadas'

2009-09-26 c:\windows\Tasks\User_Feed_Synchronization-{B5B75B04-9D3F-4EC5-89D1-00F64AD34F8D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 07:31]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {31CB2F01-72C2-4CF4-B265-450E8817B039} - hxxp://idownload.br.toontown.com/sv1.4.14.8/ttinst-portuguese.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-09-10 18:45
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-1390067357-842925246-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5a,9b,c9,1c,c3,4f,0d,45,a3,92,c0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5a,9b,c9,1c,c3,4f,0d,45,a3,92,c0,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,5f,4e,ce,03,43,
03,3d,b0,2e,e8,e1,00,eb,16,2b,de,eb,81,b1,2d,26,63,54,81,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,b2,3e,12,48,36,
fb,7d,f7,46,47,15,b0,92,4b,c7,ef,f8,4c,75,ab,af,6c,44,e7,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,f0,be,bc,5c,de,
9d,2a,f3,7a,45,05,fd,91,e8,6f,31,f6,1f,4e,18,25,df,97,3e,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,c0,5e,53,a5,ed,
45,78,c4,6b,65,49,6a,7e,99,74,f7,0c,64,a9,89,48,99,49,d0,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,56,16,9d,4d,85,
f8,cc,9c,e9,02,6c,fa,fb,1d,47,57,ec,86,40,d5,2e,ae,ab,81,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,2a,3f,13,d4,ac,
0b,59,85,50,93,e5,ab,ec,6a,4e,ab,85,f8,21,33,f4,e8,40,d9,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,c8,aa,39,23,a2,
b3,f7,52,97,20,4e,9a,c7,f1,35,ee,63,f5,37,18,e7,30,21,c9,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,44,b8,ce,c6,70,
f5,37,1d,aa,52,c6,00,84,3c,26,64,2e,6c,f0,0e,83,fd,e8,21,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,ea,4b,a0,22,11,
12,bc,2f,b2,46,9a,e2,1b,fe,1b,94,96,25,79,db,b2,72,57,da,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,e5,50,a6,a1,e0,
68,d8,92,37,a4,aa,c3,a6,15,56,0a,1d,25,02,05,3c,c2,dd,c1,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,66,2e,85,84,9d,
1e,8c,26,f8,31,0f,a9,5f,a0,ec,fb,08,ad,5a,1b,da,a7,7b,32,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,6f,ee,29,30,d0,
28,83,84,05,73,21,dd,54,d8,4a,c5,74,25,74,9f,36,05,7a,9a,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(124)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\windows\system32\rundll32.exe
c:\arquivos de programas\Arquivos comuns\InterVideo\DeviceService\DevSvc.exe
c:\arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
c:\arquivos de programas\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-09-10 18:48 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-09-10 21:48
ComboFix2.txt 2009-09-03 22:34
ComboFix3.txt 2008-11-24 08:54

Pré-execução: 9 pasta(s) 23.408.185.344 bytes disponíveis
Pós execução: 9 pasta(s) 23.939.723.264 bytes disponíveis

264 --- E O F --- 2009-09-10 04:38

Maximillian · 10/09/2009

Grande Mr.Wolf. esse crack,é o serial pirata do Npc,kkkk,ahh eu aproveitei que o meu computador estava recem formatado e formatei denovo, acho que o virus esta no meu pen drive porem resolvi arriscar conecta-lo novamente, ate agora nada de estranho aconteceu, mas lhe agradeço pela sua analise,pretendo usar deep freeze no meu Hd, ja que minha namorada nao tem noçao de onde clicar, acha uma boa forma de prevençao? ou devo continuar usando o karpesky?

carolgsn · 10/09/2009

Olá Mr. Wolf...

Olha eu aqui de novo... E o problema dessa vez é pior ainda (quer dizer, eu acho...)
Nós compramos um outro computador e bloqueamos aaaaquele irmão meu que tinha instalado o Cabal, ele tinha horario, e mais um monte de coisa.... Só que não sei como o bonito entrou como administrador e instalou um keylogger na máquina... o Refog e não é o gratuito, porém tá em periodo de experiencia...
Nós descobrimos que ele tinha arrumado, porém agora nós não conseguimos desinstalar....
Ele não aparece no computador em lugar nenhum, muito menos no adicionar ou remover programas e nem deixa acessar o regedit...
Tem alguma forma de desinstalá-lo ou só formatando? Por ele ser versão de teste, tem a probabilidade dele 'sair sozinho?'

Galzidc · 11/09/2009

E aii Wolf!!! Tem um tempão que nao entro aqui...
Entrei pois a situaçao ta critica mesmoo foi um custo chegar ate aqui pra mandar essas mensagem tive q reiniciar 2 veses pra ver se anadava mais rapido um pouco sem contar q travo 9 vezes q eu contei Aff!!

Mais então... To aqui pra vc ver como ta meu PC se ele ainda presta pra alguma coisa
huahua..
POR ONDE COMEÇAR???

Valeus!! Abraçoo t+

=)

dimiguda · 11/09/2009

Help

Tipo tem uns processo aqui no pc que nao da pra remove eu tiro eles volta eles se chama IEXPLORE.EXE

aqui o o log do hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:57, on 11/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\mscomdlg.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe
C:\ARQUIV~1\Crawler\Toolbar\CToolbar.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Java\jre6\bin\java.exe
C:\Arquivos de programas\Teamspeak2_RC2\TeamSpeak.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrador\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R3 - URLSearchHook: LocalStrike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Arquivos de programas\Local_Strike\tbLoc1.dll
R3 - URLSearchHook: LocalStrike_English Toolbar - {41fe951c-2aaf-4f08-ab67-aebd1ed636f2} - C:\Arquivos de programas\LocalStrike_English\tbLoca.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\\userinit.exe,C:\WINDOWS\system32\drivers\svchost.exe
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: LocalStrike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Arquivos de programas\Local_Strike\tbLoc1.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: LocalStrike_English Toolbar - {41fe951c-2aaf-4f08-ab67-aebd1ed636f2} - C:\Arquivos de programas\LocalStrike_English\tbLoca.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: LocalStrike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Arquivos de programas\Local_Strike\tbLoc1.dll
O3 - Toolbar: LocalStrike_English Toolbar - {41fe951c-2aaf-4f08-ab67-aebd1ed636f2} - C:\Arquivos de programas\LocalStrike_English\tbLoca.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Barra de Ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [sXe Injected] C:\Arquivos de programas\sXe Injected\sXe Injected.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft App] C:\WINDOWS\mscomdlg.exe
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [warn default inter for] C:\Documents and Settings\All Users\Dados de aplicativos\Time Dead Warn Default\Wait hole.exe
O4 - HKLM\..\Run: [XP-5E7BD3AF] C:\WINDOWS\system32\XP-5E7BD3AF.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [lockssoap] C:\DOCUME~1\ADMINI~1\DADOSD~1\grideq\love poll axis.exe
O4 - HKCU\..\Run: [View face] C:\DOCUME~1\ADMINI~1\DADOSD~1\CASTSA~1\Bash Blah.exe
O4 - HKCU\..\Run: [hold mode] C:\DOCUME~1\ADMINI~1\DADOSD~1\ACTIVE~1\debugtime.exe
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\herss.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BDD4D9D-56B6-4FC5-9F4E-AC275A000479}: NameServer = 200.149.55.140 200.165.132.147
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BDD4D9D-56B6-4FC5-9F4E-AC275A000479}: NameServer = 200.149.55.140 200.165.132.147
O17 - HKLM\System\CS2\Services\Tcpip\..\{0BDD4D9D-56B6-4FC5-9F4E-AC275A000479}: NameServer = 200.149.55.140 200.165.132.147
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: c:\windows\elf_key.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate1c9ad11ea736490) (gupdate1c9ad11ea736490) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9114 bytes

guerreirofjv · 11/09/2009

Vírus servidor

Fala Mr. Wolf, me ajuda num vírus que ta enxendo o meu saco aqui na empresa. Os servidores estão gerando alguns arquivos .exe nas pastas compartilhadas com nomes diferentes. Deleto eles e eles voltam a aparecer. Não sei explicar direito, segue a imagem em anexo, derrepente vc entende melhor.
Desde já agradeço a ajuda!

Mr.Wolf · 11/09/2009

Olá pessoal, boa noite! Vou responder à todos neste mesmo post, como sempre faço ok.

lukox, você não corre mais riscos de estar com o keylogger. Por sorte, o Sukoku é fácil de remover, tanto que apenas lhe instruí à removê-lo de forma básica, pelo adicionar ou remover programas. Se já trocou as senhas não há mais com que se preocupar. Aliás, não só você, mas todos que usam este seu computador devem trocar as senhas, caso outras pessoas de sua casa utilize-o também.

Siga as instruções abaixo lukox:

● Baixe e instale o SUPERAntiSpyware em seu computador;

● Ao término da instalação, quando lhe perguntar se deseja atualizar o programa, confirme e deixe-o atualizar. Caso não apareça a mensagem para esta atualização, após a instalação, execute o programa e clique no botão Check for Updates. Aguarde-o atualizar;
● Clique no botão Preferences e vá na aba General and Startup e desmarque a opção "Start SUPERAntiSpyware when Windows start". Clique no botão Close para fechar esta janela;
● Voltando à janela inicial do programa, clique no botão Scan Your Computer, marque sua unidade C: à esquerda, e marque a opção Perform Complete Scan. Clique no botão Next para avançar e aguarde o término do scan;
● Ao término do scan, caso o programa encontre infecções, irá aparecer uma mensagem de que os arquivos infectados foram movidos para a quarentena, clique em OK e Finish para fechar esta janela. Caso pergunte se deseja reiniciar o computador, clique em Yes e reinicie-o;
● Voltando à tela inicial do programa, clique em Preferences e vá na aba Statistics/Logs. Dê um duplo clique no arquivo "SUPERAntiSpyware Scan Log" e copie todo o conteúdo apresentado.

Em sua próxima resposta, cole o log do SUPERAntiSpyware e um novo log do HijackThis.

_________________________________________

didifpg, siga abaixo no spoiler:

Delete os arquivos em destaque abaixo:

C:\PA207.DAT
C:\WINDOWS\Emcmm.dat

Faça um scan em Kaspersky Online Scanner seguindo o tutorial abaixo e poste o relatório final ao término do scan:

http://www.linhadefensiva.org/forum/index.php?showtopic=74159

_________________________________________

Amigo Maximillian, eu sei que o crack é o software que pirateia seu NitroPC. É por isso mesmo que eu o citei - o mesmo pode estar infectado. Recomendo que formate o pen drive ainda assim, somente por garantia. E qualquer outro dispositivo removível que possua.

O DeepFreeze não deve ser utilizado como um antivirus Maximillian, não há como decidir entre Kaspersky e DeepFreeze, pois ambos possuem funções completamente diferentes. O DF (DeepFreeze) serve apenas como uma ferramenta de recuperação do sistema, como a restauração do Windows, porém, mais robusto. Você pode deixar o DF em conjunto com o Kaspersky. Mas não no lugar deste.

Agora uma observação: Esteja ciente de que ao instalar o DF, não irá mais instalar/salvar novos arquivos no sistema, pois o programa fará uma restauração completa do computador sempre quando reiniciar/desligar a máquina. Isto é, tudo o que foi salvo, instalado, mantido no computador antes do reinicio, não existirá mais após reiniciar.

Portanto, pense bem antes de instalar o DF. Se aceitar uma sugestão: Utilize o SandBoxie ou uma máquina virtual.

_________________________________________

Amiga carolgsn, keyloggers instalados pelo próprio usuário dificilmente ficam presentes em adicionar ou remover programas, porque o usuário pode escolher em qual diretório deseja que o software crie suas pastas, e, obviamente, um esperto usuário, nunca o deixará no local mais óbvio existente (em Arquivos de Programas). Seu irmão foi inteligente. Geralmente, os 'espertinhos de plantão', escolhem diretórios incomuns como: Dados de Aplicativos, WINDOWS, All Users e etc, para a criação das pastas e arquivos do keylogger. Faça o seguinte primeiramente Carol:

Vá em Iniciar > Executar, digite runrefog e dê um OK. Veja se abrirá uma janela requisitando uma senha. Me diga!

OBS: É necessário estar logado como administrador!

Também siga as instruções do spoiler abaixo:

- Faça o download do RSIT e salve no seu desktop;

● Dê dois cliques em RSIT.exe para executar o programa;
● Na janela que abrir clique no botão Continue para que a ferramenta comece a rodar;
● Quando a ferramenta terminar de rodar, abrirá um log automaticamente no bloco de notas contendo o resultado do scan. Cole o resultado desse log (log.txt) na sua próxima resposta;
● Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt.

______________________________________________

Galzidc, crítica a situação de sua máquina! Nesses casos extremos a forma mais rápida e recomendada é realmente formatar o PC, infelizmente!

Porém, aqui no tópico utilizamos um lema que é o seguinte: "Formatação apenas em último caso..."

Portanto, antes de "largarmos a toalha", vamos averiguar a situação de seu computador. Siga abaixo no spoiler Galzidc:

OBS: Para seguir os procedimentos abaixo, é necessário que você possua um CD/DVD virgem em mãos!

Baixe o Kaspersky Rescue Disk e salve no desktop. De preferência, tente baixá-lo de um outro computador.

Para fazer o scan, siga o tutorial do Baboo abaixo:
http://www.baboo.com.br/absolutenm/templates/content.asp?articleid=32310&zoneid=300&resumo=

Só esclarecendo: O Rescue Disk fará um scan no boot de seu computador, ou seja, antes de inicializá-lo. Isso para que seu computador não fique reiniciando, como relatou. Lembrando também que, a BIOS deverá estar setada para CD/DVD ROM, para qie o antivirus faça o scan.

______________________________________________

dimiguda, o processo iexplore.exe é legítmo, pertence ao navegador Internet Explorer. Não há como e não pode removê-lo.

Siga as instruções abaixo no spoiler (basta clicar no botão Mostrar):

1ª Etapa

- Faça download do Lop SD e salve-o no desktop;

● Feche todos os programas e janelas abertas;
● Dê um duplo clique em Lop SD.exe. Na janela que abrir pressione a tecla P e tecle Enter;
● Na próxima tela pressione o numero 2 e tecle Enter. Aguarde a verificação da ferramenta;
● Ao término, um log será aberto automaticamente no Bloco de Notas, feche-o. O mesmo estará em C:\lopR.txt

2ª Etapa

- Faça o download do BankerFix e salve-o no desktop;

● Desabilite o seu antivírus temporariamente para não detectar a ferramenta como vírus;
● Dê um duplo clique em bankerfix.exe;
● Surgirá uma mensagem dizendo que o mesmo será baixado via internet;
● Clique em OK > OK. Tecle Enter e aguarde o término do scan;
● Terminado o scan, leia a mensagem na tela e tecle Enter novamente.
● Será gerado um log em C:\LinhaDefensiva\relatorio.txt.

3ª Etapa

- Faça o download do ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Duplo clique no ícone combofix.exe para iniciar o scan;
● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.

Cole este log em sua próxima resposta, os logs do Lop SD, BankerFix e ComboFix.

______________________________________________

guerreirofjv, temos um grande problema aí. Seu computador está infectado por um worm. Este malware se replica e ataca computadores ligados em rede, contaminando desde o computador em que está até o servidor - se não foi disseminado do próprio servidor. É por este motivo que não consegue limpar permanente a infecção da máquina, pois de nada adianta, limpar esta máquina sendo que todas as outras encontram-se infectadas, então, consequentemente, ficará reinfectando sua máquina sempre após a limpeza. Definitivamente, um worm é o malware mais danoso para uma empresa.

Peço que, por gentileza, poste um log do HijackThis aqui amigo guerreirofjv. Já lhe adianto que, como os outros computadores e, principalmente, os servidores (como você relatou) estão infectados, terá que desconectar a máquina para que a limpeza seja efetuada com sucesso, e sem chance de retorno da infecção.

LuiZz`` · 11/09/2009

Fale Mr Wolf.

Segue o log do Malwarebytes

Malwarebytes' Anti-Malware 1.41
Versão do banco de dados: 2782
Windows 6.0.6002 Service Pack 2

11/09/2009 19:14:26
mbam-log-2009-09-11 (19-14-26).txt

Tipo de Verificação: Completa (C:\|E:\|F:\|)
Objetos verificados: 373910
Tempo decorrido: 53 minute(s), 25 second(s)

Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registro infectadas: 0
Valores do Registro infectados: 0
Ítens do Registro infectados: 0
Pastas infectadas: 0
Arquivos infectados: 0

Processos da Memória infectados:
(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:
(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:
(Nenhum ítem malicioso foi detectado)

Valores do Registro infectados:
(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:
(Nenhum ítem malicioso foi detectado)

Pastas infectadas:
(Nenhum ítem malicioso foi detectado)

Arquivos infectados:
(Nenhum ítem malicioso foi detectado)

e do Hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:27:15, on 25/08/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7509 bytes

Desde ja agradeço a ajuda!

abraço

palma · 12/09/2009

Mr.Wolf disse:
palma, ative a opção de ver pastas e arquivos ocultos e delete a pasta em destaque abaixo:

C:\Documents and Settings\palma\Dados de aplicativos\S03-7323-GEYNAWT-2623-TGAW

Vá em Iniciar > Executar, digite ComboFix /u e dê um OK.

No mais, o log está limpo, palma. Algum problema?

tudo certo a principio Mr. Wolf!
obrigado pela ajuda mais uma vez! :yes:

carolgsn · 12/09/2009

Bom dia Mr. Wolf....
Segundo ele, ele nem sabe onde instalou....
Ele disse que ontem conseguiu desinstalar mass eu não consegui acessar o refog, e tb não consigo acessar o regedit...
Printei a mensgem... Segue abaixo
Obrigada pela ajuda....

Log Rsit

Logfile of random's system information tool 1.06 (written by random/random)
Run by Carol at 2009-09-12 11:11:15
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 117 GB (77%) free of 152 GB
Total RAM: 3316 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:49, on 12/09/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\vVX1000.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Eset\nod32kui.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Users\Carol\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carol\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carol\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carol\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carol\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carol\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Carol\Desktop\RSIT.exe
C:\Program Files\trend micro\Carol.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.ask.com?o=14672&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~1\GbPlugin\gbiehUni.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~1\GbPlugin\gbiehUni.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 8319 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1111674606-3974286541-3460441312-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1111674606-3974286541-3460441312-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1111674606-3974286541-3460441312-1002Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1111674606-3974286541-3460441312-1002UA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1111674606-3974286541-3460441312-1004Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1111674606-3974286541-3460441312-1004UA.job
C:\Windows\tasks\User_Feed_Synchronization-{A068DCC0-06DF-4AB6-8774-78EE5307E29F}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-09-07 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Auxiliar de Conexão do Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]
GbIehObj Class - C:\Program Files\GbPlugin\gbieh.dll [2009-06-18 302368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540003}]
GbIehObj Class - C:\Program Files\GbPlugin\gbiehcef.dll [2009-07-01 293928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540008}]
GbIehObj Class - C:\PROGRA~1\GbPlugin\gbiehUni.dll [2009-07-02 297376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-01 41368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-03-11 16384]
"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2009-08-02 949376]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-01-02 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-01-02 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-01-02 133656]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2008-06-10 1442888]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 1406024]
"dellsupportcenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-14 206064]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-09-07 185896]
"VX1000"=C:\Windows\vVX1000.exe [2009-06-26 757248]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]
C:\Program Files\GbPlugin\gbieh.dll [2009-06-18 302368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef]
C:\Program Files\GbPlugin\gbiehCef.dll [2009-07-01 293928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginUni]
C:\PROGRA~1\GbPlugin\gbiehUni.dll [2009-07-02 297376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-01-02 200704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=C:\Program Files\GbPlugin\gbieh.dll [2009-06-18 302368]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"=C:\PROGRA~1\GbPlugin\gbiehUni.dll [2009-07-02 297376]
"{E37CB5F0-51F5-4395-A808-5FA49E399003}"=C:\Program Files\GbPlugin\gbiehcef.dll [2009-07-01 293928]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-09-12 11:11:15 ----D---- C:\rsit
2009-09-12 11:11:15 ----D---- C:\Program Files\trend micro
2009-09-11 12:26:23 ----D---- C:\Program Files\Microsoft Silverlight
2009-09-11 12:26:07 ----SHD---- C:\Config.Msi
2009-09-10 19:30:59 ----D---- C:\Windows\system32\eu-ES
2009-09-10 19:30:59 ----D---- C:\Windows\system32\ca-ES
2009-09-10 19:30:56 ----D---- C:\Windows\system32\vi-VN
2009-09-09 16:45:08 ----D---- C:\Windows\system32\EventProviders
2009-09-09 16:38:02 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-09-09 16:37:59 ----A---- C:\Windows\system32\SLCExt.dll
2009-09-09 16:37:58 ----A---- C:\Windows\system32\SLsvc.exe
2009-09-09 16:37:57 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-09-09 16:37:57 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-09-09 16:37:56 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-09-09 16:37:55 ----A---- C:\Windows\system32\mssrch.dll
2009-09-09 16:37:54 ----A---- C:\Windows\system32\tquery.dll
2009-09-09 16:37:53 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-09-09 16:37:53 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-09-09 16:37:52 ----A---- C:\Windows\system32\scavenge.dll
2009-09-09 16:37:52 ----A---- C:\Windows\system32\RMActivate.exe
2009-09-09 16:37:52 ----A---- C:\Windows\system32\msi.dll
2009-09-09 16:37:51 ----A---- C:\Windows\system32\secproc_isv.dll
2009-09-09 16:37:51 ----A---- C:\Windows\system32\imapi2fs.dll
2009-09-09 16:37:50 ----A---- C:\Windows\system32\WscEapPr.dll
2009-09-09 16:37:50 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-09-09 16:37:50 ----A---- C:\Windows\system32\sysmain.dll
2009-09-09 16:37:50 ----A---- C:\Windows\system32\icardagt.exe
2009-09-09 16:37:49 ----A---- C:\Windows\system32\EhStorShell.dll
2009-09-09 16:37:48 ----A---- C:\Windows\system32\spreview.exe
2009-09-09 16:37:48 ----A---- C:\Windows\system32\spinstall.exe
2009-09-09 16:37:48 ----A---- C:\Windows\system32\drmv2clt.dll
2009-09-09 16:37:47 ----A---- C:\Windows\system32\spwizui.dll
2009-09-09 16:37:47 ----A---- C:\Windows\system32\shell32.dll
2009-09-09 16:37:47 ----A---- C:\Windows\system32\secproc.dll
2009-09-09 16:37:47 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-09-09 16:37:47 ----A---- C:\Windows\system32\p2psvc.dll
2009-09-09 16:37:47 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-09-09 16:37:46 ----A---- C:\Windows\system32\sdohlp.dll
2009-09-09 16:37:46 ----A---- C:\Windows\system32\mssvp.dll
2009-09-09 16:37:46 ----A---- C:\Windows\system32\mssphtb.dll
2009-09-09 16:37:46 ----A---- C:\Windows\system32\mssph.dll
2009-09-09 16:37:46 ----A---- C:\Windows\system32\mscoree.dll
2009-09-09 16:37:46 ----A---- C:\Windows\system32\imapi2.dll
2009-09-09 16:37:45 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-09-09 16:37:45 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-09-09 16:37:45 ----A---- C:\Windows\system32\esent.dll
2009-09-09 16:37:45 ----A---- C:\Windows\system32\DevicePairing.dll
2009-09-09 16:37:44 ----A---- C:\Windows\system32\wevtsvc.dll
2009-09-09 16:37:44 ----A---- C:\Windows\system32\sperror.dll
2009-09-09 16:37:44 ----A---- C:\Windows\system32\SLC.dll
2009-09-09 16:37:44 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-09-09 16:37:44 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-09-09 16:37:44 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-09-09 16:37:44 ----A---- C:\Windows\system32\msshsq.dll
2009-09-09 16:37:44 ----A---- C:\Windows\system32\korwbrkr.dll
2009-09-09 16:37:43 ----A---- C:\Windows\system32\msjet40.dll
2009-09-09 16:37:42 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-09-09 16:37:42 ----A---- C:\Windows\system32\msxml6.dll
2009-09-09 16:37:42 ----A---- C:\Windows\system32\MPSSVC.dll
2009-09-09 16:37:41 ----A---- C:\Windows\system32\Query.dll
2009-09-09 16:37:41 ----A---- C:\Windows\system32\qmgr.dll
2009-09-09 16:37:41 ----A---- C:\Windows\system32\P2PGraph.dll
2009-09-09 16:37:41 ----A---- C:\Windows\system32\msexch40.dll
2009-09-09 16:37:41 ----A---- C:\Windows\system32\diagperf.dll
2009-09-09 16:37:40 ----A---- C:\Windows\system32\winload.exe
2009-09-09 16:37:40 ----A---- C:\Windows\system32\srchadmin.dll
2009-09-09 16:37:40 ----A---- C:\Windows\system32\ole32.dll
2009-09-09 16:37:40 ----A---- C:\Windows\system32\ntdll.dll
2009-09-09 16:37:40 ----A---- C:\Windows\system32\msxml3.dll
2009-09-09 16:37:40 ----A---- C:\Windows\system32\IasMigReader.exe
2009-09-09 16:37:39 ----A---- C:\Windows\system32\uDWM.dll
2009-09-09 16:37:39 ----A---- C:\Windows\system32\mmc.exe
2009-09-09 16:37:39 ----A---- C:\Windows\system32\mblctr.exe
2009-09-09 16:37:39 ----A---- C:\Windows\system32\EncDec.dll
2009-09-09 16:37:38 ----A---- C:\Windows\system32\riched20.dll
2009-09-09 16:37:38 ----A---- C:\Windows\system32\RacEngn.dll
2009-09-09 16:37:38 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-09-09 16:37:38 ----A---- C:\Windows\system32\fdBth.dll
2009-09-09 16:37:38 ----A---- C:\Windows\system32\dfsr.exe
2009-09-09 16:37:37 ----A---- C:\Windows\system32\spoolss.dll
2009-09-09 16:37:37 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-09-09 16:37:37 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-09-09 16:37:37 ----A---- C:\Windows\system32\milcore.dll
2009-09-09 16:37:37 ----A---- C:\Windows\system32\kernel32.dll
2009-09-09 16:37:37 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-09-09 16:37:37 ----A---- C:\Windows\system32\CertEnroll.dll
2009-09-09 16:37:36 ----A---- C:\Windows\system32\schedsvc.dll
2009-09-09 16:37:36 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-09-09 16:37:36 ----A---- C:\Windows\system32\msvcp60.dll
2009-09-09 16:37:36 ----A---- C:\Windows\system32\msjtes40.dll
2009-09-09 16:37:36 ----A---- C:\Windows\system32\infocardapi.dll
2009-09-09 16:37:36 ----A---- C:\Windows\system32\gpedit.dll
2009-09-09 16:37:35 ----A---- C:\Windows\system32\WinSAT.exe
2009-09-09 16:37:35 ----A---- C:\Windows\system32\mstext40.dll
2009-09-09 16:37:35 ----A---- C:\Windows\system32\Magnify.exe
2009-09-09 16:37:35 ----A---- C:\Windows\system32\es.dll
2009-09-09 16:37:35 ----A---- C:\Windows\system32\advapi32.dll
2009-09-09 16:37:34 ----A---- C:\Windows\system32\WMPhoto.dll
2009-09-09 16:37:34 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2009-09-09 16:37:34 ----A---- C:\Windows\system32\WebClnt.dll
2009-09-09 16:37:34 ----A---- C:\Windows\system32\vssapi.dll
2009-09-09 16:37:34 ----A---- C:\Windows\system32\slwmi.dll
2009-09-09 16:37:34 ----A---- C:\Windows\system32\msxbde40.dll
2009-09-09 16:37:34 ----A---- C:\Windows\system32\msexcl40.dll
2009-09-09 16:37:34 ----A---- C:\Windows\system32\comsvcs.dll
2009-09-09 16:37:34 ----A---- C:\Windows\system32\authui.dll
2009-09-09 16:37:33 ----A---- C:\Windows\system32\PresentationHost.exe
2009-09-09 16:37:33 ----A---- C:\Windows\system32\msrepl40.dll
2009-09-09 16:37:32 ----A---- C:\Windows\system32\propsys.dll
2009-09-09 16:37:32 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-09-09 16:37:32 ----A---- C:\Windows\system32\newdev.dll
2009-09-09 16:37:32 ----A---- C:\Windows\system32\iasrecst.dll
2009-09-09 16:37:32 ----A---- C:\Windows\system32\gpsvc.dll
2009-09-09 16:37:32 ----A---- C:\Windows\system32\eudcedit.exe
2009-09-09 16:37:32 ----A---- C:\Windows\system32\crypt32.dll
2009-09-09 16:37:32 ----A---- C:\Windows\explorer.exe
2009-09-09 16:37:31 ----A---- C:\Windows\system32\setupapi.dll
2009-09-09 16:37:31 ----A---- C:\Windows\system32\rpcss.dll
2009-09-09 16:37:31 ----A---- C:\Windows\system32\mspbde40.dll
2009-09-09 16:37:31 ----A---- C:\Windows\system32\d3d9.dll
2009-09-09 16:37:30 ----A---- C:\Windows\system32\wevtapi.dll
2009-09-09 16:37:30 ----A---- C:\Windows\system32\shlwapi.dll
2009-09-09 16:37:30 ----A---- C:\Windows\system32\msrd3x40.dll
2009-09-09 16:37:30 ----A---- C:\Windows\system32\msltus40.dll
2009-09-09 16:37:30 ----A---- C:\Windows\system32\msdtctm.dll
2009-09-09 16:37:30 ----A---- C:\Windows\system32\mfc42.dll
2009-09-09 16:37:30 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-09-09 16:37:30 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-09-09 16:37:30 ----A---- C:\Windows\system32\davclnt.dll
2009-09-09 16:37:30 ----A---- C:\Windows\system32\browseui.dll
2009-09-09 16:37:29 ----A---- C:\Windows\system32\user32.dll
2009-09-09 16:37:29 ----A---- C:\Windows\system32\samsrv.dll
2009-09-09 16:37:29 ----A---- C:\Windows\system32\quartz.dll
2009-09-09 16:37:29 ----A---- C:\Windows\system32\photowiz.dll
2009-09-09 16:37:29 ----A---- C:\Windows\system32\nlhtml.dll
2009-09-09 16:37:29 ----A---- C:\Windows\system32\ci.dll
2009-09-09 16:37:28 ----A---- C:\Windows\system32\win32spl.dll
2009-09-09 16:37:28 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-09-09 16:37:28 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-09-09 16:37:28 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-09-09 16:37:28 ----A---- C:\Windows\system32\oleaut32.dll
2009-09-09 16:37:28 ----A---- C:\Windows\system32\netshell.dll
2009-09-09 16:37:28 ----A---- C:\Windows\system32\IKEEXT.DLL
2009-09-09 16:37:28 ----A---- C:\Windows\system32\compcln.exe
2009-09-09 16:37:27 ----A---- C:\Windows\system32\xmlfilter.dll
2009-09-09 16:37:27 ----A---- C:\Windows\system32\winhttp.dll
2009-09-09 16:37:27 ----A---- C:\Windows\system32\mswstr10.dll
2009-09-09 16:37:27 ----A---- C:\Windows\system32\msctf.dll
2009-09-09 16:37:27 ----A---- C:\Windows\system32\emdmgmt.dll
2009-09-09 16:37:27 ----A---- C:\Windows\system32\audiosrv.dll
2009-09-09 16:37:27 ----A---- C:\Windows\system32\apds.dll
2009-09-09 16:37:26 ----A---- C:\Windows\system32\VSSVC.exe
2009-09-09 16:37:26 ----A---- C:\Windows\system32\SLUI.exe
2009-09-09 16:37:26 ----A---- C:\Windows\system32\QAGENTRT.DLL
2009-09-09 16:37:26 ----A---- C:\Windows\system32\msvcrt.dll
2009-09-09 16:37:26 ----A---- C:\Windows\system32\mfc42u.dll
2009-09-09 16:37:26 ----A---- C:\Windows\system32\iphlpsvc.dll
2009-09-09 16:37:26 ----A---- C:\Windows\system32\gdi32.dll
2009-09-09 16:37:26 ----A---- C:\Windows\system32\eapphost.dll
2009-09-09 16:37:25 ----A---- C:\Windows\system32\winresume.exe
2009-09-09 16:37:25 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-09-09 16:37:25 ----A---- C:\Windows\system32\propdefs.dll
2009-09-09 16:37:25 ----A---- C:\Windows\system32\odbc32.dll
2009-09-09 16:37:25 ----A---- C:\Windows\system32\msrd2x40.dll
2009-09-09 16:37:24 ----A---- C:\Windows\system32\wevtutil.exe
2009-09-09 16:37:24 ----A---- C:\Windows\system32\shdocvw.dll
2009-09-09 16:37:24 ----A---- C:\Windows\system32\mssitlb.dll
2009-09-09 16:37:24 ----A---- C:\Windows\system32\dbgeng.dll
2009-09-09 16:37:23 ----A---- C:\Windows\system32\WsmSvc.dll
2009-09-09 16:37:23 ----A---- C:\Windows\system32\swprv.dll
2009-09-09 16:37:23 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-09-09 16:37:22 ----A---- C:\Windows\system32\vds.exe
2009-09-09 16:37:22 ----A---- C:\Windows\system32\usp10.dll
2009-09-09 16:37:22 ----A---- C:\Windows\system32\netlogon.dll
2009-09-09 16:37:22 ----A---- C:\Windows\system32\msctfp.dll
2009-09-09 16:37:22 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-09-09 16:37:22 ----A---- C:\Windows\system32\drvinst.exe
2009-09-09 16:37:22 ----A---- C:\Windows\system32\devmgr.dll
2009-09-09 16:37:21 ----A---- C:\Windows\system32\WSDApi.dll
2009-09-09 16:37:21 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-09-09 16:37:21 ----A---- C:\Windows\system32\Wldap32.dll
2009-09-09 16:37:21 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-09-09 16:37:21 ----A---- C:\Windows\system32\wcnwiz.dll
2009-09-09 16:37:21 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-09-09 16:37:21 ----A---- C:\Windows\system32\msscb.dll
2009-09-09 16:37:21 ----A---- C:\Windows\system32\evr.dll
2009-09-09 16:37:21 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-09-09 16:37:21 ----A---- C:\Windows\system32\BFE.DLL
2009-09-09 16:37:21 ----A---- C:\Windows\system32\adsldpc.dll
2009-09-09 16:37:20 ----A---- C:\Windows\system32\wercon.exe
2009-09-09 16:37:20 ----A---- C:\Windows\system32\wcncsvc.dll
2009-09-09 16:37:20 ----A---- C:\Windows\system32\services.exe
2009-09-09 16:37:20 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-09-09 16:37:20 ----A---- C:\Windows\system32\mimefilt.dll
2009-09-09 16:37:20 ----A---- C:\Windows\system32\comdlg32.dll
2009-09-09 16:37:20 ----A---- C:\Windows\system32\adtschema.dll
2009-09-09 16:37:19 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-09-09 16:37:19 ----A---- C:\Windows\system32\taskeng.exe
2009-09-09 16:37:19 ----A---- C:\Windows\system32\rtffilt.dll
2009-09-09 16:37:19 ----A---- C:\Windows\system32\reg.exe
2009-09-09 16:37:19 ----A---- C:\Windows\system32\mswdat10.dll
2009-09-09 16:37:19 ----A---- C:\Windows\system32\msjter40.dll
2009-09-09 16:37:19 ----A---- C:\Windows\system32\msdtcprx.dll
2009-09-09 16:37:19 ----A---- C:\Windows\system32\msdrm.dll
2009-09-09 16:37:19 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-09-09 16:37:19 ----A---- C:\Windows\system32\dnsapi.dll
2009-09-09 16:37:19 ----A---- C:\Windows\system32\certutil.exe
2009-09-09 16:37:19 ----A---- C:\Windows\system32\certcli.dll
2009-09-09 16:37:18 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-09-09 16:37:18 ----A---- C:\Windows\system32\w32time.dll
2009-09-09 16:37:18 ----A---- C:\Windows\system32\msshooks.dll
2009-09-09 16:37:18 ----A---- C:\Windows\system32\msscntrs.dll
2009-09-09 16:37:18 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-09-09 16:37:18 ----A---- C:\Windows\system32\bcrypt.dll
2009-09-09 16:37:17 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-09-09 16:37:17 ----A---- C:\Windows\system32\rsaenh.dll
2009-09-09 16:37:17 ----A---- C:\Windows\system32\netapi32.dll
2009-09-09 16:37:17 ----A---- C:\Windows\system32\msstrc.dll
2009-09-09 16:37:17 ----A---- C:\Windows\system32\msihnd.dll
2009-09-09 16:37:17 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-09-09 16:37:17 ----A---- C:\Windows\system32\inetpp.dll
2009-09-09 16:37:17 ----A---- C:\Windows\system32\inetcomm.dll
2009-09-09 16:37:17 ----A---- C:\Windows\system32\dfshim.dll
2009-09-09 16:37:17 ----A---- C:\Windows\system32\bthserv.dll
2009-09-09 16:37:16 ----A---- C:\Windows\system32\wmicmiplugin.dll
2009-09-09 16:37:16 ----A---- C:\Windows\system32\termsrv.dll
2009-09-09 16:37:16 ----A---- C:\Windows\system32\profsvc.dll
2009-09-09 16:37:16 ----A---- C:\Windows\system32\mtxclu.dll
2009-09-09 16:37:16 ----A---- C:\Windows\system32\mscories.dll
2009-09-09 16:37:16 ----A---- C:\Windows\system32\hidserv.dll
2009-09-09 16:37:16 ----A---- C:\Windows\system32\fundisc.dll
2009-09-09 16:37:16 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-09-09 16:37:16 ----A---- C:\Windows\system32\cryptsvc.dll
2009-09-09 16:37:15 ----A---- C:\Windows\system32\wdc.dll
2009-09-09 16:37:15 ----A---- C:\Windows\system32\shsvcs.dll
2009-09-09 16:37:15 ----A---- C:\Windows\system32\msiexec.exe
2009-09-09 16:37:15 ----A---- C:\Windows\system32\imapi.dll
2009-09-09 16:37:14 ----A---- C:\Windows\system32\spoolsv.exe
2009-09-09 16:37:14 ----A---- C:\Windows\system32\rasmans.dll
2009-09-09 16:37:14 ----A---- C:\Windows\system32\pnidui.dll
2009-09-09 16:37:14 ----A---- C:\Windows\system32\icardres.dll
2009-09-09 16:37:14 ----A---- C:\Windows\system32\iassdo.dll
2009-09-09 16:37:14 ----A---- C:\Windows\system32\chsbrkr.dll
2009-09-09 16:37:14 ----A---- C:\Windows\system32\autofmt.exe
2009-09-09 16:37:13 ----A---- C:\Windows\system32\wersvc.dll
2009-09-09 16:37:13 ----A---- C:\Windows\system32\slmgr.vbs
2009-09-09 16:37:13 ----A---- C:\Windows\system32\scrrun.dll
2009-09-09 16:37:13 ----A---- C:\Windows\system32\PSHED.DLL
2009-09-09 16:37:13 ----A---- C:\Windows\system32\pdh.dll
2009-09-09 16:37:13 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-09-09 16:37:13 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-09-09 16:37:13 ----A---- C:\Windows\system32\azroles.dll
2009-09-09 16:37:12 ----A---- C:\Windows\system32\wmpmde.dll
2009-09-09 16:37:12 ----A---- C:\Windows\system32\winlogon.exe
2009-09-09 16:37:12 ----A---- C:\Windows\system32\SyncCenter.dll
2009-09-09 16:37:12 ----A---- C:\Windows\system32\pidgenx.dll
2009-09-09 16:37:11 ----A---- C:\Windows\system32\SLUINotify.dll
2009-09-09 16:37:11 ----A---- C:\Windows\system32\ncrypt.dll
2009-09-09 16:37:11 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-09-09 16:37:11 ----A---- C:\Windows\system32\comuid.dll
2009-09-09 16:37:11 ----A---- C:\Windows\system32\certmgr.dll
2009-09-09 16:37:10 ----A---- C:\Windows\system32\wisptis.exe
2009-09-09 16:37:10 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-09-09 16:37:10 ----A---- C:\Windows\system32\untfs.dll
2009-09-09 16:37:10 ----A---- C:\Windows\system32\taskcomp.dll
2009-09-09 16:37:10 ----A---- C:\Windows\system32\spp.dll
2009-09-09 16:37:10 ----A---- C:\Windows\system32\sethc.exe
2009-09-09 16:37:10 ----A---- C:\Windows\system32\scrobj.dll
2009-09-09 16:37:10 ----A---- C:\Windows\system32\rtutils.dll
2009-09-09 16:37:10 ----A---- C:\Windows\system32\kd1394.dll
2009-09-09 16:37:10 ----A---- C:\Windows\system32\iassam.dll
2009-09-09 16:37:10 ----A---- C:\Windows\system32\dwm.exe
2009-09-09 16:37:09 ----A---- C:\Windows\system32\printui.dll
2009-09-09 16:37:09 ----A---- C:\Windows\system32\iasnap.dll
2009-09-09 16:37:09 ----A---- C:\Windows\system32\autoconv.exe
2009-09-09 16:37:09 ----A---- C:\Windows\system32\autochk.exe
2009-09-09 16:37:08 ----A---- C:\Windows\system32\winsrv.dll
2009-09-09 16:37:08 ----A---- C:\Windows\system32\onex.dll
2009-09-09 16:37:08 ----A---- C:\Windows\system32\kdcom.dll
2009-09-09 16:37:08 ----A---- C:\Windows\system32\cscript.exe
2009-09-09 16:37:08 ----A---- C:\Windows\system32\basecsp.dll
2009-09-09 16:37:07 ----A---- C:\Windows\system32\wow32.dll
2009-09-09 16:37:07 ----A---- C:\Windows\system32\userenv.dll
2009-09-09 16:37:07 ----A---- C:\Windows\system32\osk.exe
2009-09-09 16:37:07 ----A---- C:\Windows\system32\mswsock.dll
2009-09-09 16:37:07 ----A---- C:\Windows\system32\kdusb.dll
2009-09-09 16:37:07 ----A---- C:\Windows\system32\audiodg.exe
2009-09-09 16:37:06 ----A---- C:\Windows\system32\WinSCard.dll
2009-09-09 16:37:06 ----A---- C:\Windows\system32\winmm.dll
2009-09-09 16:37:06 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-09-09 16:37:06 ----A---- C:\Windows\system32\spcmsg.dll
2009-09-09 16:37:06 ----A---- C:\Windows\system32\RelMon.dll
2009-09-09 16:37:06 ----A---- C:\Windows\system32\rdpencom.dll
2009-09-09 16:37:06 ----A---- C:\Windows\system32\offfilt.dll
2009-09-09 16:37:06 ----A---- C:\Windows\system32\msftedit.dll
2009-09-09 16:37:05 ----A---- C:\Windows\system32\Utilman.exe
2009-09-09 16:37:05 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-09-09 16:37:04 ----A---- C:\Windows\system32\wsepno.dll
2009-09-09 16:37:04 ----A---- C:\Windows\system32\WerFault.exe
2009-09-09 16:37:04 ----A---- C:\Windows\system32\sysclass.dll
2009-09-09 16:37:04 ----A---- C:\Windows\system32\stobject.dll
2009-09-09 16:37:04 ----A---- C:\Windows\system32\SndVol.exe
2009-09-09 16:37:04 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-09-09 16:37:04 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-09-09 16:37:04 ----A---- C:\Windows\system32\prnntfy.dll
2009-09-09 16:37:04 ----A---- C:\Windows\system32\msnetobj.dll
2009-09-09 16:37:04 ----A---- C:\Windows\system32\mscms.dll
2009-09-09 16:37:04 ----A---- C:\Windows\system32\mfplat.dll
2009-09-09 16:37:04 ----A---- C:\Windows\system32\diskraid.exe
2009-09-09 16:37:04 ----A---- C:\Windows\system32\apphelp.dll
2009-09-09 16:37:04 ----A---- C:\Windows\system32\adsmsext.dll
2009-09-09 16:37:03 ----A---- C:\Windows\system32\wscript.exe
2009-09-09 16:37:03 ----A---- C:\Windows\system32\wscntfy.dll
2009-09-09 16:37:03 ----A---- C:\Windows\system32\wiaservc.dll
2009-09-09 16:37:03 ----A---- C:\Windows\system32\ulib.dll
2009-09-09 16:37:03 ----A---- C:\Windows\system32\rastapi.dll
2009-09-09 16:37:03 ----A---- C:\Windows\system32\pnpsetup.dll
2009-09-09 16:37:03 ----A---- C:\Windows\system32\odbccp32.dll
2009-09-09 16:37:03 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-09-09 16:37:03 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-09-09 16:37:03 ----A---- C:\Windows\system32\iasdatastore.dll
2009-09-09 16:37:03 ----A---- C:\Windows\system32\fdProxy.dll
2009-09-09 16:37:03 ----A---- C:\Windows\system32\dsound.dll
2009-09-09 16:37:03 ----A---- C:\Windows\system32\cryptui.dll
2009-09-09 16:37:02 ----A---- C:\Windows\system32\wscsvc.dll
2009-09-09 16:37:02 ----A---- C:\Windows\system32\wlangpui.dll
2009-09-09 16:37:02 ----A---- C:\Windows\system32\vdsdyn.dll
2009-09-09 16:37:02 ----A---- C:\Windows\system32\rastls.dll
2009-09-09 16:37:02 ----A---- C:\Windows\system32\logman.exe
2009-09-09 16:37:02 ----A---- C:\Windows\system32\iashlpr.dll
2009-09-09 16:37:02 ----A---- C:\Windows\system32\gpapi.dll
2009-09-09 16:37:02 ----A---- C:\Windows\system32\diskpart.exe
2009-09-09 16:37:02 ----A---- C:\Windows\system32\brcpl.dll
2009-09-09 16:37:01 ----A---- C:\Windows\system32\wusa.exe
2009-09-09 16:37:01 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-09-09 16:37:01 ----A---- C:\Windows\system32\regsvc.dll
2009-09-09 16:37:01 ----A---- C:\Windows\system32\rasapi32.dll
2009-09-09 16:37:01 ----A---- C:\Windows\system32\ntprint.dll
2009-09-09 16:37:01 ----A---- C:\Windows\system32\mscorier.dll
2009-09-09 16:37:01 ----A---- C:\Windows\system32\iasrad.dll
2009-09-09 16:37:00 ----A---- C:\Windows\system32\zipfldr.dll
2009-09-09 16:37:00 ----A---- C:\Windows\system32\wshext.dll
2009-09-09 16:37:00 ----A---- C:\Windows\system32\wpccpl.dll
2009-09-09 16:37:00 ----A---- C:\Windows\system32\rasdlg.dll
2009-09-09 16:37:00 ----A---- C:\Windows\system32\netcenter.dll
2009-09-09 16:37:00 ----A---- C:\Windows\system32\findstr.exe
2009-09-09 16:36:59 ----A---- C:\Windows\system32\wsnmp32.dll
2009-09-09 16:36:59 ----A---- C:\Windows\system32\wer.dll
2009-09-09 16:36:59 ----A---- C:\Windows\system32\uxsms.dll
2009-09-09 16:36:59 ----A---- C:\Windows\system32\themecpl.dll
2009-09-09 16:36:59 ----A---- C:\Windows\system32\srvsvc.dll
2009-09-09 16:36:59 ----A---- C:\Windows\system32\mssprxy.dll
2009-09-09 16:36:59 ----A---- C:\Windows\system32\iassvcs.dll
2009-09-09 16:36:58 ----A---- C:\Windows\system32\tsbyuv.dll
2009-09-09 16:36:58 ----A---- C:\Windows\system32\slcc.dll
2009-09-09 16:36:58 ----A---- C:\Windows\system32\scansetting.dll
2009-09-09 16:36:58 ----A---- C:\Windows\system32\powrprof.dll
2009-09-09 16:36:58 ----A---- C:\Windows\system32\ntmarta.dll
2009-09-09 16:36:58 ----A---- C:\Windows\system32\networkmap.dll
2009-09-09 16:36:58 ----A---- C:\Windows\system32\msutb.dll
2009-09-09 16:36:58 ----A---- C:\Windows\system32\mstsc.exe
2009-09-09 16:36:58 ----A---- C:\Windows\system32\mstlsapi.dll
2009-09-09 16:36:58 ----A---- C:\Windows\system32\iasads.dll
2009-09-09 16:36:58 ----A---- C:\Windows\system32\iasacct.dll
2009-09-09 16:36:57 ----A---- C:\Windows\system32\systemcpl.dll
2009-09-09 16:36:57 ----A---- C:\Windows\system32\sud.dll
2009-09-09 16:36:57 ----A---- C:\Windows\system32\powercpl.dll
2009-09-09 16:36:57 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-09-09 16:36:57 ----A---- C:\Windows\system32\newdev.exe
2009-09-09 16:36:57 ----A---- C:\Windows\system32\dot3svc.dll
2009-09-09 16:36:57 ----A---- C:\Windows\system32\connect.dll
2009-09-09 16:36:57 ----A---- C:\Windows\system32\authz.dll
2009-09-09 16:36:56 ----A---- C:\Windows\system32\wlanpref.dll
2009-09-09 16:36:56 ----A---- C:\Windows\system32\usercpl.dll
2009-09-09 16:36:56 ----A---- C:\Windows\system32\themeui.dll
2009-09-09 16:36:56 ----A---- C:\Windows\system32\samlib.dll
2009-09-09 16:36:56 ----A---- C:\Windows\system32\rpchttp.dll
2009-09-09 16:36:56 ----A---- C:\Windows\system32\qdvd.dll
2009-09-09 16:36:56 ----A---- C:\Windows\system32\pcaui.dll
2009-09-09 16:36:56 ----A---- C:\Windows\system32\mmci.dll
2009-09-09 16:36:56 ----A---- C:\Windows\system32\autoplay.dll
2009-09-09 16:36:56 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-09-09 16:36:55 ----A---- C:\Windows\system32\wpcao.dll
2009-09-09 16:36:55 ----A---- C:\Windows\system32\vdsutil.dll
2009-09-09 16:36:55 ----A---- C:\Windows\system32\tapisrv.dll
2009-09-09 16:36:55 ----A---- C:\Windows\system32\scksp.dll
2009-09-09 16:36:55 ----A---- C:\Windows\system32\scesrv.dll
2009-09-09 16:36:55 ----A---- C:\Windows\system32\regapi.dll
2009-09-09 16:36:55 ----A---- C:\Windows\system32\psisdecd.dll
2009-09-09 16:36:55 ----A---- C:\Windows\system32\msinfo32.exe
2009-09-09 16:36:55 ----A---- C:\Windows\system32\mpr.dll
2009-09-09 16:36:55 ----A---- C:\Windows\system32\feclient.dll
2009-09-09 16:36:54 ----A---- C:\Windows\system32\wscisvif.dll
2009-09-09 16:36:54 ----A---- C:\Windows\system32\sdclt.exe
2009-09-09 16:36:54 ----A---- C:\Windows\system32\rekeywiz.exe
2009-09-09 16:36:54 ----A---- C:\Windows\system32\oleprn.dll
2009-09-09 16:36:54 ----A---- C:\Windows\system32\imm32.dll
2009-09-09 16:36:54 ----A---- C:\Windows\system32\iaspolcy.dll
2009-09-09 16:36:54 ----A---- C:\Windows\system32\Faultrep.dll
2009-09-09 16:36:54 ----A---- C:\Windows\system32\dpapimig.exe
2009-09-09 16:36:54 ----A---- C:\Windows\system32\dot3msm.dll
2009-09-09 16:36:54 ----A---- C:\Windows\system32\DeviceEject.exe
2009-09-09 16:36:54 ----A---- C:\Windows\system32\AudioSes.dll
2009-09-09 16:36:53 ----A---- C:\Windows\system32\TSTheme.exe
2009-09-09 16:36:53 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-09-09 16:36:53 ----A---- C:\Windows\system32\scecli.dll
2009-09-09 16:36:53 ----A---- C:\Windows\system32\rasplap.dll
2009-09-09 16:36:53 ----A---- C:\Windows\system32\rasgcw.dll
2009-09-09 16:36:53 ----A---- C:\Windows\system32\qedit.dll
2009-09-09 16:36:53 ----A---- C:\Windows\system32\pnpui.dll
2009-09-09 16:36:53 ----A---- C:\Windows\system32\perfdisk.dll
2009-09-09 16:36:53 ----A---- C:\Windows\system32\ncryptui.dll
2009-09-09 16:36:53 ----A---- C:\Windows\system32\hdwwiz.exe
2009-09-09 16:36:53 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-09-09 16:36:53 ----A---- C:\Windows\system32\certreq.exe
2009-09-09 16:36:52 ----A---- C:\Windows\system32\spwinsat.dll
2009-09-09 16:36:51 ----A---- C:\Windows\system32\whealogr.dll
2009-09-09 16:36:51 ----A---- C:\Windows\system32\tcpmon.dll
2009-09-09 16:36:51 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-09-09 16:36:51 ----A---- C:\Windows\system32\srcore.dll
2009-09-09 16:36:51 ----A---- C:\Windows\system32\PnPUnattend.exe
2009-09-09 16:36:51 ----A---- C:\Windows\system32\fdWSD.dll
2009-09-09 16:36:51 ----A---- C:\Windows\system32\cmmon32.exe
2009-09-09 16:36:50 ----A---- C:\Windows\system32\wiaaut.dll
2009-09-09 16:36:50 ----A---- C:\Windows\system32\SCardSvr.dll
2009-09-09 16:36:50 ----A---- C:\Windows\system32\raschap.dll
2009-09-09 16:36:50 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-09-09 16:36:50 ----A---- C:\Windows\system32\fontext.dll
2009-09-09 16:36:50 ----A---- C:\Windows\system32\conime.exe
2009-09-09 16:36:50 ----A---- C:\Windows\system32\cmdial32.dll
2009-09-09 16:36:49 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-09-09 16:36:49 ----A---- C:\Windows\system32\wlanui.dll
2009-09-09 16:36:49 ----A---- C:\Windows\system32\shwebsvc.dll
2009-09-09 16:36:49 ----A---- C:\Windows\system32\rasppp.dll
2009-09-09 16:36:49 ----A---- C:\Windows\system32\PnPutil.exe
2009-09-09 16:36:49 ----A---- C:\Windows\system32\oobefldr.dll
2009-09-09 16:36:49 ----A---- C:\Windows\system32\dsprop.dll
2009-09-09 16:36:49 ----A---- C:\Windows\system32\dimsroam.dll
2009-09-09 16:36:48 ----A---- C:\Windows\system32\shsetup.dll
2009-09-09 16:36:48 ----A---- C:\Windows\system32\rasmontr.dll
2009-09-09 16:36:48 ----A---- C:\Windows\system32\mscandui.dll
2009-09-09 16:36:48 ----A---- C:\Windows\system32\modemui.dll
2009-09-09 16:36:48 ----A---- C:\Windows\system32\chtbrkr.dll
2009-09-09 16:36:47 ----A---- C:\Windows\system32\WSDMon.dll
2009-09-09 16:36:47 ----A---- C:\Windows\system32\wmpeffects.dll
2009-09-09 16:36:47 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-09-09 16:36:47 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-09-09 16:36:47 ----A---- C:\Windows\system32\smss.exe
2009-09-09 16:36:47 ----A---- C:\Windows\system32\rdpwsx.dll
2009-09-09 16:36:47 ----A---- C:\Windows\system32\netplwiz.dll
2009-09-09 16:36:47 ----A---- C:\Windows\system32\dataclen.dll
2009-09-09 16:36:47 ----A---- C:\Windows\system32\credui.dll
2009-09-09 16:36:47 ----A---- C:\Windows\system32\certprop.dll
2009-09-09 16:36:47 ----A---- C:\Windows\system32\blackbox.dll
2009-09-09 16:36:46 ----A---- C:\Windows\system32\wscapi.dll
2009-09-09 16:36:46 ----A---- C:\Windows\system32\wpcsvc.dll
2009-09-09 16:36:46 ----A---- C:\Windows\system32\networkexplorer.dll
2009-09-09 16:36:46 ----A---- C:\Windows\system32\msscp.dll
2009-09-09 16:36:46 ----A---- C:\Windows\system32\msimtf.dll
2009-09-09 16:36:46 ----A---- C:\Windows\system32\logagent.exe
2009-09-09 16:36:46 ----A---- C:\Windows\system32\InkEd.dll
2009-09-09 16:36:46 ----A---- C:\Windows\system32\ifmon.dll
2009-09-09 16:36:46 ----A---- C:\Windows\system32\gpresult.exe
2009-09-09 16:36:46 ----A---- C:\Windows\system32\cipher.exe
2009-09-09 16:36:45 ----A---- C:\Windows\system32\thawbrkr.dll
2009-09-09 16:36:45 ----A---- C:\Windows\system32\softkbd.dll
2009-09-09 16:36:45 ----A---- C:\Windows\system32\sendmail.dll
2009-09-09 16:36:45 ----A---- C:\Windows\system32\olepro32.dll
2009-09-09 16:36:45 ----A---- C:\Windows\system32\msctfui.dll
2009-09-09 16:36:45 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-09-09 16:36:45 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-09-09 16:36:45 ----A---- C:\Windows\system32\dmsynth.dll
2009-09-09 16:36:44 ----A---- C:\Windows\system32\wshbth.dll
2009-09-09 16:36:44 ----A---- C:\Windows\system32\version.dll
2009-09-09 16:36:44 ----A---- C:\Windows\system32\SLLUA.exe
2009-09-09 16:36:44 ----A---- C:\Windows\system32\puiapi.dll
2009-09-09 16:36:44 ----A---- C:\Windows\system32\msisip.dll
2009-09-09 16:36:44 ----A---- C:\Windows\system32\mprapi.dll
2009-09-09 16:36:44 ----A---- C:\Windows\system32\input.dll
2009-09-09 16:36:44 ----A---- C:\Windows\system32\fc.exe
2009-09-09 16:36:44 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-09-09 16:36:44 ----A---- C:\Windows\system32\cdd.dll
2009-09-09 16:36:43 ----A---- C:\Windows\system32\wsdchngr.dll
2009-09-09 16:36:43 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-09-09 16:36:43 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-09-09 16:36:43 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-09-09 16:36:43 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-09-09 16:36:43 ----A---- C:\Windows\system32\msjint40.dll
2009-09-09 16:36:43 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-09-09 16:36:43 ----A---- C:\Windows\system32\l2nacp.dll
2009-09-09 16:36:43 ----A---- C:\Windows\system32\ftp.exe
2009-09-09 16:36:43 ----A---- C:\Windows\system32\fdSSDP.dll
2009-09-09 16:36:43 ----A---- C:\Windows\system32\eapp3hst.dll
2009-09-09 16:36:43 ----A---- C:\Windows\system32\dmusic.dll
2009-09-09 16:36:43 ----A---- C:\Windows\system32\cscdll.dll
2009-09-09 16:36:43 ----A---- C:\Windows\system32\cscapi.dll
2009-09-09 16:36:42 ----A---- C:\Windows\system32\tscupgrd.exe
2009-09-09 16:36:42 ----A---- C:\Windows\system32\Storprop.dll
2009-09-09 16:36:42 ----A---- C:\Windows\system32\slcinst.dll
2009-09-09 16:36:42 ----A---- C:\Windows\system32\rasdial.exe
2009-09-09 16:36:42 ----A---- C:\Windows\system32\rasdiag.dll
2009-09-09 16:36:42 ----A---- C:\Windows\system32\nslookup.exe
2009-09-09 16:36:42 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-09-09 16:36:42 ----A---- C:\Windows\system32\ipconfig.exe
2009-09-09 16:36:42 ----A---- C:\Windows\system32\fdWCN.dll
2009-09-09 16:36:42 ----A---- C:\Windows\system32\eappcfg.dll
2009-09-09 16:36:42 ----A---- C:\Windows\system32\dot3cfg.dll
2009-09-09 16:36:42 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2009-09-09 16:36:42 ----A---- C:\Windows\system32\bthudtask.exe
2009-09-09 16:36:42 ----A---- C:\Windows\system32\bthci.dll
2009-09-09 16:36:41 ----A---- C:\Windows\system32\ocsetup.exe
2009-09-09 16:36:41 ----A---- C:\Windows\system32\mmcico.dll
2009-09-09 16:36:41 ----A---- C:\Windows\system32\hbaapi.dll
2009-09-09 16:36:41 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-09-09 16:36:41 ----A---- C:\Windows\system32\fdeploy.dll
2009-09-09 16:36:41 ----A---- C:\Windows\system32\eappgnui.dll
2009-09-09 16:36:40 ----A---- C:\Windows\system32\PNPXAssoc.dll
2009-09-09 16:36:40 ----A---- C:\Windows\system32\gpupdate.exe
2009-09-09 16:36:39 ----A---- C:\Windows\system32\vdmdbg.dll
2009-09-09 16:36:39 ----A---- C:\Windows\system32\odbcconf.dll
2009-09-09 16:36:39 ----A---- C:\Windows\system32\NcdProp.dll
2009-09-09 16:36:39 ----A---- C:\Windows\system32\iscsilog.dll
2009-09-09 16:36:39 ----A---- C:\Windows\system32\csrstub.exe
2009-09-09 16:36:39 ----A---- C:\Windows\system32\cbsra.exe
2009-09-09 16:36:39 ----A---- C:\Windows\system32\bitsigd.dll
2009-09-09 16:36:38 ----A---- C:\Windows\system32\winrnr.dll
2009-09-09 16:36:38 ----A---- C:\Windows\system32\slwga.dll
2009-09-09 16:36:38 ----A---- C:\Windows\system32\midimap.dll
2009-09-09 16:36:38 ----A---- C:\Windows\system32\inetppui.dll
2009-09-09 16:36:36 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-09-09 16:36:35 ----A---- C:\Windows\system32\msimsg.dll
2009-09-09 16:36:17 ----A---- C:\Windows\system32\SmiEngine.dll
2009-09-09 16:36:13 ----A---- C:\Windows\system32\wdscore.dll
2009-09-09 16:36:13 ----A---- C:\Windows\system32\PkgMgr.exe
2009-09-09 16:36:00 ----A---- C:\Windows\system32\drvstore.dll
2009-09-09 14:31:40 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-09 14:31:39 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-09 14:31:39 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-09 14:31:39 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-09 14:31:39 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-09 14:31:39 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-09 14:31:39 ----A---- C:\Windows\system32\finger.exe
2009-09-09 14:31:39 ----A---- C:\Windows\system32\ARP.EXE
2009-09-09 14:31:38 ----A---- C:\Windows\system32\netevent.dll
2009-09-09 14:30:14 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-09 14:30:13 ----A---- C:\Windows\system32\rrinstaller.exe
2009-09-09 14:30:13 ----A---- C:\Windows\system32\mfps.dll
2009-09-09 14:30:13 ----A---- C:\Windows\system32\mfpmp.exe
2009-09-09 14:30:13 ----A---- C:\Windows\system32\mferror.dll
2009-09-09 14:30:13 ----A---- C:\Windows\system32\mf.dll
2009-09-09 14:29:31 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-09 14:29:31 ----A---- C:\Windows\system32\wlansec.dll
2009-09-09 14:29:31 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-09 14:29:31 ----A---- C:\Windows\system32\wlanhlp.dll
2009-09-09 14:29:31 ----A---- C:\Windows\system32\wlanapi.dll
2009-09-09 14:29:31 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-09 14:28:53 ----A---- C:\Windows\system32\jscript.dll
2009-09-07 16:20:03 ----D---- C:\Program Files\Common Files\xing shared
2009-09-07 16:19:58 ----A---- C:\Windows\system32\rmoc3260.dll
2009-09-07 16:19:50 ----A---- C:\Windows\system32\pndx5032.dll
2009-09-07 16:19:50 ----A---- C:\Windows\system32\pndx5016.dll
2009-09-07 16:19:48 ----D---- C:\Program Files\Common Files\Real
2009-09-07 16:19:47 ----D---- C:\Program Files\Real
2009-09-07 16:19:11 ----D---- C:\Users\Carol\AppData\Roaming\Real
2009-09-02 21:55:32 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-09-02 21:55:32 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-08-27 11:22:07 ----A---- C:\Windows\system32\tzres.dll
2009-08-26 11:51:06 ----A---- C:\Windows\system32\gameux.dll
2009-08-23 15:34:49 ----A---- C:\Windows\system32\wdigest.dll
2009-08-23 15:34:49 ----A---- C:\Windows\system32\schannel.dll
2009-08-23 15:34:49 ----A---- C:\Windows\system32\msv1_0.dll
2009-08-23 15:34:49 ----A---- C:\Windows\system32\lsasrv.dll
2009-08-23 15:34:49 ----A---- C:\Windows\system32\kerberos.dll
2009-08-23 15:34:48 ----A---- C:\Windows\system32\secur32.dll
2009-08-23 15:34:48 ----A---- C:\Windows\system32\lsass.exe
2009-08-22 20:06:18 ----D---- C:\Program Files\Windows Live Safety Center
2009-08-15 17:30:49 ----A---- C:\Windows\system32\BASSMOD.dll
2009-08-15 13:10:36 ----A---- C:\Windows\system32\msonpmon.dll
2009-08-15 13:09:30 ----D---- C:\Program Files\Microsoft Works
2009-08-15 13:08:49 ----D---- C:\Program Files\Microsoft Visual Studio
2009-08-15 13:05:57 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-08-15 13:03:21 ----RHD---- C:\MSOCache
2009-08-13 13:46:00 ----A---- C:\Windows\system32\atl.dll
2009-08-13 13:45:59 ----A---- C:\Windows\system32\wkssvc.dll
2009-08-13 13:45:56 ----A---- C:\Windows\system32\tsgqec.dll
2009-08-13 13:45:56 ----A---- C:\Windows\system32\mstscax.dll
2009-08-13 13:45:56 ----A---- C:\Windows\system32\aaclient.dll
2009-08-13 13:45:53 ----A---- C:\Windows\system32\avifil32.dll
2009-08-13 13:45:50 ----A---- C:\Windows\system32\wmp.dll
2009-08-13 13:45:47 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-13 13:45:47 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-13 13:45:46 ----A---- C:\Windows\system32\wmploc.DLL
2009-08-13 13:45:46 ----A---- C:\Windows\system32\spwmp.dll

======List of files/folders modified in the last 1 months======

2009-09-12 11:11:37 ----D---- C:\Windows\Prefetch
2009-09-12 11:11:28 ----D---- C:\Windows\Temp
2009-09-12 11:11:15 ----RD---- C:\Program Files
2009-09-12 10:56:46 ----D---- C:\Windows\System32
2009-09-12 10:56:46 ----D---- C:\Windows\inf
2009-09-12 10:56:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-09-11 23:18:44 ----AD---- C:\Windows
2009-09-11 18:34:33 ----SHD---- C:\System Volume Information
2009-09-11 12:59:32 ----D---- C:\Windows\rescache
2009-09-11 12:28:15 ----SHD---- C:\Windows\Installer
2009-09-11 12:26:56 ----D---- C:\Windows\system32\Tasks
2009-09-11 12:26:49 ----D---- C:\Windows\system32\drivers
2009-09-11 12:26:47 ----D---- C:\Windows\system32\catroot2
2009-09-11 12:26:47 ----D---- C:\Windows\system32\catroot
2009-09-11 12:26:10 ----D---- C:\Program Files\Common Files\microsoft shared
2009-09-11 12:25:29 ----D---- C:\Program Files\Microsoft
2009-09-11 12:24:34 ----D---- C:\Windows\winsxs
2009-09-10 19:44:04 ----D---- C:\Windows\Microsoft.NET
2009-09-10 19:43:52 ----RSD---- C:\Windows\assembly
2009-09-10 19:36:23 ----SHD---- C:\Boot
2009-09-10 19:32:08 ----D---- C:\Program Files\Windows Calendar
2009-09-10 19:32:08 ----D---- C:\Program Files\Movie Maker
2009-09-10 19:32:07 ----D---- C:\Program Files\Windows Sidebar
2009-09-10 19:32:06 ----D---- C:\Program Files\Windows Media Player
2009-09-10 19:32:06 ----D---- C:\Program Files\Windows Mail
2009-09-10 19:32:06 ----D---- C:\Program Files\Windows Collaboration
2009-09-10 19:32:06 ----D---- C:\Program Files\Internet Explorer
2009-09-10 19:32:05 ----D---- C:\Program Files\Windows Photo Gallery
2009-09-10 19:32:05 ----D---- C:\Program Files\Common Files\System
2009-09-10 19:31:56 ----D---- C:\Windows\servicing
2009-09-10 19:31:56 ----D---- C:\Program Files\Windows Defender
2009-09-10 19:31:47 ----D---- C:\Windows\IME
2009-09-10 19:31:46 ----D---- C:\Windows\system32\XPSViewer
2009-09-10 19:31:46 ----D---- C:\Windows\system32\sk-SK
2009-09-10 19:31:46 ----D---- C:\Windows\system32\oobe
2009-09-10 19:31:46 ----D---- C:\Windows\system32\lv-LV
2009-09-10 19:31:46 ----D---- C:\Windows\system32\ko-KR
2009-09-10 19:31:46 ----D---- C:\Windows\system32\it-IT
2009-09-10 19:31:46 ----D---- C:\Windows\system32\hr-HR
2009-09-10 19:31:46 ----D---- C:\Windows\system32\et-EE
2009-09-10 19:31:46 ----D---- C:\Windows\system32\en-US
2009-09-10 19:31:46 ----D---- C:\Windows\system32\el-GR
2009-09-10 19:31:46 ----D---- C:\Windows\system32\de-DE
2009-09-10 19:31:46 ----D---- C:\Windows\system32\da-DK
2009-09-10 19:31:45 ----D---- C:\Windows\system32\migration
2009-09-10 19:31:44 ----D---- C:\Windows\system32\sv-SE
2009-09-10 19:31:44 ----D---- C:\Windows\system32\SLUI
2009-09-10 19:31:44 ----D---- C:\Windows\system32\setup
2009-09-10 19:31:44 ----D---- C:\Windows\system32\ru-RU
2009-09-10 19:31:44 ----D---- C:\Windows\system32\pt-PT
2009-09-10 19:31:44 ----D---- C:\Windows\system32\hu-HU
2009-09-10 19:31:44 ----D---- C:\Windows\system32\he-IL
2009-09-10 19:31:44 ----D---- C:\Windows\system32\fr-FR
2009-09-10 19:31:44 ----D---- C:\Windows\system32\fi-FI
2009-09-10 19:31:44 ----D---- C:\Windows\system32\cs-CZ
2009-09-10 19:31:44 ----D---- C:\Windows\system32\AdvancedInstallers
2009-09-10 19:31:43 ----D---- C:\Windows\system32\zh-TW
2009-09-10 19:31:43 ----D---- C:\Windows\system32\zh-CN
2009-09-10 19:31:43 ----D---- C:\Windows\system32\uk-UA
2009-09-10 19:31:43 ----D---- C:\Windows\system32\sr-Latn-CS
2009-09-10 19:31:43 ----D---- C:\Windows\system32\sl-SI
2009-09-10 19:31:43 ----D---- C:\Windows\system32\ro-RO
2009-09-10 19:31:43 ----D---- C:\Windows\system32\pl-PL
2009-09-10 19:31:43 ----D---- C:\Windows\system32\manifeststore
2009-09-10 19:31:43 ----D---- C:\Windows\system32\ja-JP
2009-09-10 19:31:43 ----D---- C:\Windows\system32\es-ES
2009-09-10 19:31:43 ----D---- C:\Windows\system32\bg-BG
2009-09-10 19:31:42 ----D---- C:\Windows\system32\th-TH
2009-09-10 19:31:41 ----D---- C:\Windows\system32\wbem
2009-09-10 19:31:41 ----D---- C:\Windows\system32\tr-TR
2009-09-10 19:31:40 ----D---- C:\Windows\system32\nl-NL
2009-09-10 19:31:40 ----D---- C:\Windows\system32\nb-NO
2009-09-10 19:31:40 ----D---- C:\Windows\system32\lt-LT
2009-09-10 19:31:39 ----D---- C:\Windows\system32\pt-BR
2009-09-10 19:31:39 ----D---- C:\Windows\system32\migwiz
2009-09-10 19:31:39 ----D---- C:\Windows\system32\ar-SA
2009-09-10 19:31:04 ----RSD---- C:\Windows\Fonts
2009-09-10 19:31:04 ----D---- C:\Windows\AppPatch
2009-09-10 19:30:56 ----D---- C:\Windows\system32\Boot
2009-09-10 18:41:31 ----RD---- C:\Users
2009-09-10 18:41:09 ----HD---- C:\Windows\system32\GroupPolicyUsers
2009-09-09 21:49:23 ----SD---- C:\Users\Carol\AppData\Roaming\Microsoft
2009-09-09 15:48:24 ----HD---- C:\ProgramData
2009-09-09 15:33:11 ----D---- C:\Windows\Debug
2009-09-09 15:33:03 ----D---- C:\Windows\system32\zh-HK
2009-09-08 07:12:48 ----D---- C:\Users\Carol\AppData\Roaming\Ahead
2009-09-07 16:20:03 ----D---- C:\Program Files\Common Files
2009-09-07 16:19:49 ----A---- C:\Windows\system32\pncrt.dll
2009-09-07 16:19:49 ----A---- C:\Windows\system32\msvcr71.dll
2009-09-07 16:19:49 ----A---- C:\Windows\system32\msvcp71.dll
2009-09-05 11:02:45 ----D---- C:\Windows\Tasks
2009-08-28 18:38:20 ----A---- C:\Windows\system32\mrt.exe
2009-08-23 23:44:13 ----A---- C:\Windows\win.ini
2009-08-23 12:44:24 ----RD---- C:\Programas
2009-08-21 18:51:56 ----D---- C:\Users\Carol\AppData\Roaming\Adobe
2009-08-15 13:12:25 ----D---- C:\Windows\SHELLNEW
2009-08-15 13:09:19 ----D---- C:\Program Files\MSBuild
2009-08-15 13:09:06 ----D---- C:\Program Files\Microsoft Office
2009-08-13 08:26:51 ----SHD---- C:\$Recycle.Bin

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 nod32drv;nod32drv; C:\Windows\system32\drivers\nod32drv.sys [2009-08-02 15424]
R2 AMON;AMON; C:\Windows\system32\drivers\amon.sys [2009-08-02 512096]
R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2008-11-12 103360]
R3 e1express;Driver do Intel(R) PRO/1000 PCI Express Network Connection; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-20 220672]
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-15 34760]
R3 HdAudAddService;Driver de Função Microsoft 1.1 UAA para Serviço de High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-08-01 47360]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2008-06-10 33352]
R3 usbaudio;Driver de áudio USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
R3 VX1000;VX-1000; C:\Windows\system32\DRIVERS\VX1000.sys [2009-06-26 1956096]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 MSKSSRV;Proxy de serviço de streaming Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Proxy do relógio de streaming Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Proxy de gerenciador de qualidade de streaming Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Conversor em T entre Coletores de streaming Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 XDva279;XDva279; \??\C:\Windows\system32\XDva279.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-20 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 GbpSv;Gbp Service; C:\PROGRA~1\GbPlugin\GbpSv.exe [2009-07-01 53288]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2009-08-02 552064]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 ScsiAccess;ScsiAccess; C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe [2009-08-01 181312]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-14 201968]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-08-02 654848]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

info.txt

info.txt logfile of random's system information tool 1.06 2009-09-12 11:11:50

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
32 bit Windows Card Reader Driver-->C:\Program Files\InstallShield Installation Information\{CE6DEE87-1C87-42ED-A108-7369BFE9076F}\setup.exe -runfromtemp -l0x0009 -removeonly
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player 11.5-->C:\Windows\system32\Adobe\uninstaller.exe
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
All Office Converter Platinum 6.0-->"C:\Program Files\All Office Converter Platinum\unins000.exe"
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Arquivo do WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistente de Conexão do Windows Live ID-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
Atualização do produto Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0416-0000-0000000FF1CE} /uninstall {717C9095-8AAE-41CB-B046-BD6E8399F4F3}
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0416-0000-0000000FF1CE} /uninstall {5016CB22-B9A7-44FB-AA72-AF28B27B15EA}
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0416-0000-0000000FF1CE} /uninstall {BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}
Atualização do produto Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0416-0000-0000000FF1CE} /uninstall {7297E3A9-FCD4-4E0E-A306-7A90359E50E3}
aTube Catcher 1.0-->"C:\Program Files\DsNET Corp\aTube Catcher 1.0\unins000.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
ConvertXtoDVD 3.2.9.94c-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
CorelDRAW Graphics Suite X4 - Capture-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF012}
CorelDRAW Graphics Suite X4 - Content-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF016}
CorelDRAW Graphics Suite X4 - Draw-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF013}
CorelDRAW Graphics Suite X4 - Filters-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF017}
CorelDRAW Graphics Suite X4 - FontNav-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF019}
CorelDRAW Graphics SUite X4 - ICA-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF010}
CorelDRAW Graphics Suite X4 - IPM-->MsiExec.exe /I{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}
CorelDRAW Graphics Suite X4 - Lang BR-->MsiExec.exe /I{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}
CorelDRAW Graphics Suite X4 - PP-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF014}
CorelDRAW Graphics Suite X4 - VBA-->MsiExec.exe /I{BF439B41-0252-48DE-8B8B-0430CB26A181}
CorelDRAW Graphics Suite X4-->MsiExec.exe /I{44A27085-0616-4181-A0C3-81C7ECA17F73}
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension-->c:\Program Files\Common Files\Corel\Shared\Shell Extension\Uninst.exe
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension-->MsiExec.exe /X{CE2DA11A-917F-4CF5-AB55-755EC115DD10}
CorelDRAW(R) Graphics Suite X4-->c:\Program Files\Corel\CorelDRAW Graphics Suite X4\Setup\SetupARP.exe /arp
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Ferramenta de Carregamento do Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - ptb-->MsiExec.exe /I{1438B41C-658C-35B7-9253-780F2E0A0B8E}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0416-0000-0000000FF1CE} /uninstall {9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office Access MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0015-0416-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0016-0416-0000-0000000FF1CE}
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00BA-0416-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0044-0416-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00A1-0416-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001A-0416-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0018-0416-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-002C-0416-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0416-0000-0000000FF1CE} /uninstall {75EBE365-7FC5-4720-A7D3-804BF550D1BC}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0019-0416-0000-0000000FF1CE}
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-006E-0416-0000-0000000FF1CE}
Microsoft Office Word MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001B-0416-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MV RegClean 5.9-->"C:\Program Files\Marcos Velasco Security\MV RegClean 5.9\unins000.exe"
Nero 7 Premium-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301046}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NOD32 FiX-->"C:\Program Files\Eset\unins000.exe"
NOD32 sistema antivírus-->C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - ptb\setup.exe
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Photodex Presenter-->C:\Program Files\Photodex Presenter\uninst.exe
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x416 -cluninstall
ProShow Producer-->C:\Program Files\Photodex\ProShowProducer\proshow.exe . -u
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Outlook 2007 Junk Email Filter (kb973514)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {03B11C77-336F-43B4-9B43-79890BA84504}
Windows Live Call-->MsiExec.exe /I{32BC546A-8AA3-4239-AE92-9CF3291C35A6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{3B96F4EA-CD82-4C57-B86A-646A017CAF18}
Windows Live Messenger-->MsiExec.exe /X{C8DD4EAD-674B-461B-94D5-4C80CCFB8401}

======Security center information======

AV: ESET NOD32 sistema antivírus 2.70
AS: Windows Defender

======System event log======

Computer Name: Familia-PC
Event Code: 3004
Message: O agente de Proteção em Tempo Real Windows Defender detectou alterações. A Microsoft recomenda que você examine o software que fez essas alterações em busca de possíveis riscos. Você pode usar as informações sobre como esses programas operam a fim de decidir entre permitir sua execução ou removê-los do computador. Permita alterações somente se confiar no fornecedor do software ou programa. Windows Defender não pode desfazer as alterações que você permitiu.
Para obter mais informações, consulte:
Não Aplicável
ID de Verificação: {F7703CAA-7539-42F8-BBD9-C8EAD2D07B59}
Usuário: Familia-PC\Carol
Nome: Unknown
ID:
ID de Severidade:
ID de Categoria:
Caminho Encontrado: driver

couffin;file:C:\Windows\system32\Drivers\pcouffin.sys
Tipo de Alerta: Software não classificado
Tipo de Detecção:
Record Number: 979
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090801231843.000000-000
Event Type: Aviso
User:

Computer Name: Familia-PC
Event Code: 20003
Message: O Gerenciamento de Drivers concluiu o processo de adição do Serviço pcouffin para a Identificação da Ocorrência do Dispositivo ROOT\PCOUFFIN\0000 com o seguinte status: 0.
Record Number: 978
Source Name: Microsoft-Windows-User-PnP
Time Written: 20090801231841.021800-000
Event Type: Informações
User: AUTORIDADE NT\SYSTEM

Computer Name: Familia-PC
Event Code: 20001
Message: O Gerenciamento de Drivers concluiu o processo de instalação do driver FileRepository\volsnap.inf_7eb8cdb5\volsnap.inf para a Identificação da Ocorrência do Dispositivo STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT28 com o seguinte status: 0.
Record Number: 977
Source Name: Microsoft-Windows-User-PnP
Time Written: 20090801231835.203000-000
Event Type: Informações
User: AUTORIDADE NT\SYSTEM

Computer Name: Familia-PC
Event Code: 3005
Message: O agente de Proteção em Tempo Real Windows Defender executou uma ação para proteger o computador contra spyware ou outro software possivelmente indesejado.
Para obter mais informações, consulte:
Não Aplicável
ID de Verificação: {558FB36C-7A9D-4E5A-8576-A01F28C652DC}
Usuário: Familia-PC\Carol
Nome: Unknown
ID:
ID de Severidade:
ID de Categoria:
Tipo de Alerta: Software não classificado
Ação: Ignorar
Record Number: 976
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090801231716.000000-000
Event Type: Informações
User:

Computer Name: Familia-PC
Event Code: 3004
Message: O agente de Proteção em Tempo Real Windows Defender detectou alterações. A Microsoft recomenda que você examine o software que fez essas alterações em busca de possíveis riscos. Você pode usar as informações sobre como esses programas operam a fim de decidir entre permitir sua execução ou removê-los do computador. Permita alterações somente se confiar no fornecedor do software ou programa. Windows Defender não pode desfazer as alterações que você permitiu.
Para obter mais informações, consulte:
Não Aplicável
ID de Verificação: {558FB36C-7A9D-4E5A-8576-A01F28C652DC}
Usuário: Familia-PC\Carol
Nome: Unknown
ID:
ID de Severidade:
ID de Categoria:
Caminho Encontrado: regkey:HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AnyDVD;file:C:\Windows\system32\Drivers\AnyDVD.sys
Tipo de Alerta: Software não classificado
Tipo de Detecção:
Record Number: 975
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090801231716.000000-000
Event Type: Aviso
User:

=====Application event log=====

Computer Name: 26L2219C8-13
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 5
Source Name: Microsoft-Windows-WMI
Time Written: 20090801205319.000000-000
Event Type: Informações
User:

Computer Name: WIN-8PE6N4QGLGZ
Event Code: 4625
Message: O subsistema EventSystem está suprimindo entradas de log de eventos duplicadas para uma duração de 86400 segundos. O tempo limite de supressão pode ser controlado por um valor REG_DWORD denominado SuppressDuplicateDuration sob esta chave do Registro: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 4
Source Name: Microsoft-Windows-EventSystem
Time Written: 20090801205316.000000-000
Event Type: Informações
User:

Computer Name: WIN-8PE6N4QGLGZ
Event Code: 900
Message: O serviço de Licenciamento de Software está sendo iniciado.

Record Number: 3
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20090801205316.000000-000
Event Type: Informações
User:

Computer Name: WIN-8PE6N4QGLGZ
Event Code: 1531
Message: Serviço de Perfil de Usuário iniciado com êxito.

Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090801205316.000000-000
Event Type: Informações
User: AUTORIDADE NT\SYSTEM

Computer Name: 26L2219C8-13
Event Code: 2
Message: Cliente de Serviços de Certificados interrompido.
Record Number: 1
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20080121031318.640400-000
Event Type: Informações
User: AUTORIDADE NT\SYSTEM

=====Security event log=====

Computer Name: Familia-PC
Event Code: 4624
Message: O logon de uma conta foi efetuado com sucesso.

Requerente:
Identificação de segurança: S-1-5-18
Nome da conta: FAMILIA-PC$
Domínio da conta: WORKGROUP
Identificação de logon: 0x3e7

Tipo de logon: 5

Novo logon:
Identificação de segurança: S-1-5-18
Nome da conta: SYSTEM
Domínio da conta: AUTORIDADE NT
Identificação de logon: 0x3e7
GUID de logon: {00000000-0000-0000-0000-000000000000}

Informações do processo:
Identificação do processo: 0x25c
Nome do processo: C:\Windows\System32\services.exe

Informações da rede:
Nome da estação de trabalho:
Endereço da rede de origem: -
Porta de origem: -

Informações detalhadas da autenticação:
Processo de logon: Advapi
Pacote de autenticação: Negotiate
Serviços transitados: -
Nome do pacote (somente NTLM): -
Comprimento da chave: 0

Este evento é gerado quando uma sessão de logon é criada. Ele é gerado no computador acessado.

Os campos do assunto indicam a conta do sistema local que solicitou o logon. Comumente, isto é um serviço como o de servidor ou um processo local como Winlogon.exe ou Services.exe.

O campo tipo de logon indica o tipo de logon ocorrido. Os tipos mais comuns são 2 (interativo) e 3 (em rede).

Os campos Novo logon indicam as contas para a qual o novo logon foi criada, isto é, a conta na qual o logon foi efetuado.

Os campos de rede indicam onde a solicitação de logon remoto se originou. O nome da estação de trabalho nem sempre está disponível e pode ser deixado em branco em alguns casos.

Os campos de informações de autenticação fornecem informações detalhadas sobre esta solicitação específica de logon.
-O GUID de logon é um identificador exclusivo que pode ser usado para correlacionar este evento com um evento de KDC.
- Serviços transitados indicam qual serviço intermediário participou desta solicitação de logon.
- Nome de pacote indica qual subprotocolo foi usado, entre os protocolos NTLM.
- Comprimento da chave indica o comprimento da chave da sessão gerada. Ele será 0 se nenhuma chave de sessão foi solicitada.
Record Number: 5647
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090805130110.315716-000
Event Type: Sucesso da Auditoria
User:

Computer Name: Familia-PC
Event Code: 4648
Message: Tentativa de logon com uso de credenciais explícitas.

Requerente:
Identificação de segurança: S-1-5-18
Nome da conta: FAMILIA-PC$
Domínio da conta: WORKGROUP
Identificação de logon: 0x3e7
Identificação de logon: {00000000-0000-0000-0000-000000000000}

Conta cujas credenciais foram utilizadas:
Nome da conta: SYSTEM
Domínio da conta: AUTORIDADE NT
GUID de logon: {00000000-0000-0000-0000-000000000000}

Servidor de destino:
Nome do servidor de destino: localhost
Informações adicionais: localhost

Informações do processo:
Identificação do processo: 0x25c
Nome do processo: C:\Windows\System32\services.exe

Informações da rede:
Endereço da rede: -
Porta: -

Este evento é gerado quando um processo tenta efetuar o logon em uma conta, especificando explicitamente suas credenciais. Comumente, ele ocorre em configurações do tipo lote como em tarefas programadas, ou quando se utiliza o comando RUNAS.
Record Number: 5646
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090805130110.315716-000
Event Type: Sucesso da Auditoria
User:

Computer Name: Familia-PC
Event Code: 5032
Message: Firewall do Windows não foi capaz de notificar o usuário que bloqueou o aplicativo para aceitar as conexões recebidas na rede.

Código de erro: 2
Record Number: 5645
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090805130110.050516-000
Event Type: Falha de Auditoria
User:

Computer Name: Familia-PC
Event Code: 4672
Message: Privilégios especiais atribuídos a um novo logon.

Requerente:
Identificação de segurança: S-1-5-21-1111674606-3974286541-3460441312-1000
Nome da conta: Carol
Domínio da conta: Familia-PC
Identificação de logon: 0x22ed4

Privilégios: SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 5644
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090805130109.379716-000
Event Type: Sucesso da Auditoria
User:

Computer Name: Familia-PC
Event Code: 4624
Message: O logon de uma conta foi efetuado com sucesso.

Requerente:
Identificação de segurança: S-1-5-18
Nome da conta: FAMILIA-PC$
Domínio da conta: WORKGROUP
Identificação de logon: 0x3e7

Tipo de logon: 2

Novo logon:
Identificação de segurança: S-1-5-21-1111674606-3974286541-3460441312-1000
Nome da conta: Carol
Domínio da conta: Familia-PC
Identificação de logon: 0x22eed
GUID de logon: {00000000-0000-0000-0000-000000000000}

Informações do processo:
Identificação do processo: 0x29c
Nome do processo: C:\Windows\System32\winlogon.exe

Informações da rede:
Nome da estação de trabalho: FAMILIA-PC
Endereço da rede de origem: 127.0.0.1
Porta de origem: 0

Informações detalhadas da autenticação:
Processo de logon: User32
Pacote de autenticação: Negotiate
Serviços transitados: -
Nome do pacote (somente NTLM): -
Comprimento da chave: 0

Este evento é gerado quando uma sessão de logon é criada. Ele é gerado no computador acessado.

Os campos do assunto indicam a conta do sistema local que solicitou o logon. Comumente, isto é um serviço como o de servidor ou um processo local como Winlogon.exe ou Services.exe.

O campo tipo de logon indica o tipo de logon ocorrido. Os tipos mais comuns são 2 (interativo) e 3 (em rede).

Os campos Novo logon indicam as contas para a qual o novo logon foi criada, isto é, a conta na qual o logon foi efetuado.

Os campos de rede indicam onde a solicitação de logon remoto se originou. O nome da estação de trabalho nem sempre está disponível e pode ser deixado em branco em alguns casos.

Os campos de informações de autenticação fornecem informações detalhadas sobre esta solicitação específica de logon.
-O GUID de logon é um identificador exclusivo que pode ser usado para correlacionar este evento com um evento de KDC.
- Serviços transitados indicam qual serviço intermediário participou desta solicitação de logon.
- Nome de pacote indica qual subprotocolo foi usado, entre os protocolos NTLM.
- Comprimento da chave indica o comprimento da chave da sessão gerada. Ele será 0 se nenhuma chave de sessão foi solicitada.
Record Number: 5643
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090805130109.379716-000
Event Type: Sucesso da Auditoria
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE

-----------------EOF-----------------

Maximillian · 12/09/2009

Mr.wolf, vou instalar os dois entao, mas se nao me engano tenho como nao congelar as minhas pastas do windows, certo? assim as minhas atualizaçoes nao serao perdidas,caso isso nao seja possivel eu pretendo usar um HD auxiliar como D para instalar jogos e tudo mais e nao correr o risco de perder tudo novamente,obrigado pela ajuda, um bom final de semana... ate mais!

lukox · 12/09/2009

Mr.Wolf, ai esta os Logs ' não consegui enviar os log tipo o arquivo do log' então vai esse textão de log ai msm :S

Super Anti Spyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/12/2009 at 07:23 AM

Application Version : 4.28.1010

Core Rules Database Version : 3190
Trace Rules Database Version: 1978

Scan type : Complete Scan
Total Scan Time : 00:53:07

Memory items scanned : 533
Memory threats detected : 0
Registry items scanned : 5919
Registry threats detected : 0
File items scanned : 20591
File threats detected : 502

Adware.Tracking Cookie
C:\Documents and Settings\Dorival\Cookies\dorival@content.yieldmanager[1].txt
C:\Documents and Settings\Dorival\Cookies\dorival@adultfriendfinder[2].txt
C:\Documents and Settings\Dorival\Cookies\dorival@banners.tibiabr[1].txt
C:\Documents and Settings\Dorival\Cookies\dorival@ads.voxelinformatica.com[2].txt
C:\Documents and Settings\Dorival\Cookies\dorival@2o7[1].txt
C:\Documents and Settings\Dorival\Cookies\dorival@ice.112.2o7[1].txt
C:\Documents and Settings\Dorival\Cookies\dorival@www.googleadservices[3].txt
C:\Documents and Settings\Dorival\Cookies\dorival@revsci[1].txt
C:\Documents and Settings\Dorival\Cookies\dorival@serving-sys[2].txt
C:\Documents and Settings\Dorival\Cookies\dorival@msnportal.112.2o7[1].txt
C:\Documents and Settings\Dorival\Cookies\dorival@toplist[1].txt
C:\Documents and Settings\Dorival\Cookies\dorival@www.mktrack[2].txt
C:\Documents and Settings\Dorival\Cookies\dorival@yadro[1].txt
C:\Documents and Settings\Dorival\Cookies\dorival@bs.serving-sys[1].txt
C:\Documents and Settings\Dorival\Cookies\dorival@incentaclick[1].txt
C:\Documents and Settings\Dorival\Cookies\dorival@www.adserver5[1].txt
C:\Documents and Settings\Dorival\Cookies\dorival@ads.minhavida.com[1].txt
C:\Documents and Settings\Dorival\Cookies\dorival@content.yieldmanager[3].txt
C:\Documents and Settings\Dorival\Cookies\dorival@overture[1].txt
C:\Documents and Settings\Dorival\Cookies\dorival@ad.adnetwork.com[2].txt
C:\Documents and Settings\Dorival\Cookies\dorival@ads.glispa[2].txt
C:\Documents and Settings\Dorival\Cookies\dorival@www.googleadservices[2].txt
C:\Documents and Settings\Dorival\Cookies\dorival@ads.abril.com[1].txt
C:\Documents and Settings\Dorival\Cookies\dorival@abril.112.2o7[1].txt
C:\Documents and Settings\Dorival\Cookies\dorival@ads.inviziads[1].txt
C:\Documents and Settings\Dorival\Cookies\dorival@www.incentaclick[1].txt
C:\Documents and Settings\Lucas1\Cookies\lucas@oas.adservingml[1].txt

Adware.MovieLand/MediaPipe
C:\Arquivos de programas\MovieLand Terms.html
C:\Documents and Settings\Dorival\Desktop\MoviePass Terms.lnk
C:\Documents and Settings\Dorival\Desktop\moviepass.url

Adware.AlfaCleaner
C:\WINDOWS\warnhp.html

Adware.Ezula
C:\WINDOWS\system32\ezstub.exe
C:\WINDOWS\Downloaded Program Files\ezstub.INF
C:\WINDOWS\eZinstall.exe
C:\WINDOWS\LastGood\Downloaded Program Files\ezstub.INF

Trojan.Painter
C:\WINDOWS\system32\MSWINUP32.DLL
C:\WINDOWS\system32\MSWINXML.DLL
C:\WINDOWS\system32\WINLFL32.DLL

Adware.ZToolbar
C:\WINDOWS\azesearch.bmp
C:\WINDOWS\system32\azebar.xml
C:\WINDOWS\Downloaded Program Files\azesearch.inf

Adware.Apropos Media
C:\WINDOWS\system32\auto_update_uninstall.log
C:\WINDOWS\system32\auto_update_uninstall.exe

Trojan.SpySheriff
C:\WINDOWS\secure32.html
c:\secure32.html
C:\SpySheriff.lnk
C:\Documents and Settings\Dorival\Desktop\SpySheriff.lnk
\SpySheriff.lnk

Adware.180solutions/Search Assistant
C:\WINDOWS\Downloaded Program Files\ClientAX.dll
C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll
C:\WINDOWS\MediaGateway.exe.bin

Adware.WebNexus
C:\WINDOWS\LastGood\wupdt.exe
C:\WINDOWS\mynexus.exe
C:\WINDOWS\system32\pbvwb.dat
C:\WINDOWS\system32\vgactl.cpl
C:\WINDOWS\system32\wuauclt.dll
C:\WINDOWS\vlpnlp.dat
C:\WINDOWS\wupdt.exe
C:\installerwebnex.exe

Trojan.SmartFinder
C:\WINDOWS\system32\mfcgy32.dll
C:\WINDOWS\system32\owdwi.dll
C:\WINDOWS\system32\sdkok32.exe
C:\WINDOWS\sysvb.exe
C:\WINDOWS\mfcbh.exe
C:\WINDOWS\sdkhk.exe
C:\WINDOWS\system32\sdkmd32.dll
C:\WINDOWS\zkowf.dll

Trojan.SpyFalcon
C:\Documents and Settings\Dorival\Desktop\SpyFalcon.lnk
C:\WINDOWS\system32\oleext.dll
C:\WINDOWS\system32\oleext32.dll

Trojan.MalwareWipe
C:\Documents and Settings\Dorival\Desktop\MalwareWipe.lnk
C:\Documents and Settings\Dorival\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\MalwareWipe.com 4.2.lnk
\MalwareWipe.com.lnk
C:\Documents and Settings\Dorival\Desktop\MalwareWipe.com.lnk
C:\Documents and Settings\Dorival\Menu Iniciar\MalwareWipe.com 4.2.lnk
C:\Documents and Settings\Dorival\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\MalwareWiped 5.2.lnk
C:\Documents and Settings\Dorival\Menu Iniciar\MalwareWiped 5.2.lnk
C:\Documents and Settings\Dorival\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Malware-Wiped 5.2.lnk
C:\Documents and Settings\Dorival\Desktop\Malware-Wiped.lnk
C:\Documents and Settings\Dorival\Menu Iniciar\Malware-Wiped 5.2.lnk

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
C:\WINDOWS\system32\av.cpl
C:\WINDOWS\system32\drivers\FOPN.sys
C:\WINDOWS\system32\drivers\uwasfsd.sys
C:\WINDOWS\system32\stera.exe
C:\WINDOWS\system32\stera.job
C:\Documents and Settings\Dorival\Desktop\Install WinAntiVirus Pro 2006 .lnk
C:\Documents and Settings\Dorival\Cookies\administrator@www.winsoftware[2].txt
C:\Documents and Settings\Dorival\Desktop\Summary.txt
C:\Documents and Settings\Dorival\Desktop\WinAntiSpyware 2006 Scanner.lnk
C:\Documents and Settings\All Users\Desktop\WinAntiVirus Pro 2006.lnk
C:\Documents and Settings\All Users\Desktop\Look for answers in WinAntiVirus Pro 2007 Knowledge Base.lnk
C:\Documents and Settings\All Users\Desktop\WinAntiVirus Pro 2007.lnk

Adware.SurfSideKick
C:\Documents and Settings\Dorival\Dados de aplicativos\Sskcwrd.dll
C:\Documents and Settings\Dorival\Dados de aplicativos\Sskdmns.dll
C:\Documents and Settings\Dorival\Dados de aplicativos\Sskuknwrd.dll
C:\Documents and Settings\Dorival\Dados de aplicativos\Sskknwrd.dll

Trojan.WinFixer 2006
C:\WINDOWS\Downloaded Program Files\UWFX6_0001_N68M2301NetInstaller.exe
C:\WINDOWS\system32\dfe1.exe
C:\WINDOWS\system32\drivers\d_kmd.sys

Trojan.AdwarePunisher
C:\WINDOWS\adw.htm

Registry Cleaner Trial
C:\Documents and Settings\Dorival\Desktop\Registry Cleaner.lnk

Trojan.Windows Overlay Components/SysMon
C:\WINDOWS\offun.exe

Trojan.ZenoSearch
C:\WINDOWS\system32\msnav32.ax
C:\Documents and Settings\Dorival\Menu Iniciar\Z_Start.lnk
C:\Documents and Settings\Dorival\Menu Iniciar\Programas\Inicializar\Zeno.lnk

Adware.IST/ISTBar (Slotch Bar)
C:\WINDOWS\Downloaded Program Files\ISTactivex.dll

Trojan.Avpe64/32
C:\WINDOWS\system32\klgcptini.dat
C:\WINDOWS\system32\stt82.ini

Adware.Adservs
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._

Trojan.DCOM Server
C:\WINDOWS\system32\dcom_14.dll

Trojan.Malware
C:\WINDOWS\back.gif
C:\WINDOWS\bg.gif
C:\WINDOWS\buy-btn.gif
C:\WINDOWS\download-btn.gif
C:\WINDOWS\security.html
C:\Documents and Settings\Dorival\Desktop\Adware Reviews.url
C:\Documents and Settings\Dorival\Desktop\Play Poker.url
C:\Documents and Settings\Dorival\Desktop\access
C:\Documents and Settings\Dorival\Desktop\domains
C:\Documents and Settings\Dorival\Desktop\map.txt
C:\asdf.txt
D:\asdf.txt

Adware.HotBar (Low Risk)
C:\WINDOWS\Downloaded Program Files\HbInstIE.dll

Adware.HotBar/SpamBlockerUtility (Low Risk)
C:\WINDOWS\Downloaded Program Files\SpamBlockerUtility.inf

Trojan.UnSpyPC Spyware Scanner
C:\Documents and Settings\Dorival\Desktop\UnSpyPC Scanner & Monitor.lnk
C:\Documents and Settings\Dorival\Desktop\SafeAndClean_report.htm

Adware.MediaMediatickets
C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.INF
C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx

Adware.MediaMotor
C:\WINDOWS\Downloaded Program Files\mm83.ocx
C:\WINDOWS\Downloaded Program Files\amm06.inf
C:\WINDOWS\Downloaded Program Files\amm06.ocx
C:\WINDOWS\System32\safe.tlb
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\amm06.inf
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\amm06.ocx
C:\WINDOWS\mm06y.ini
C:\WINDOWS\Downloaded Program Files\motorsix.inf

Trojan.ISA32
C:\WINDOWS\system32\drivers\isa32.sys

Trojan.PestTrap
C:\Documents and Settings\Dorival\Desktop\PestTrap.lnk

Parasite.SpyAxe
C:\Documents and Settings\Dorival\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\SpywareAxe 3.0.lnk
C:\Documents and Settings\Dorival\Desktop\SpywareAxe.lnk

Trojan.RazeSpyware
C:\Documents and Settings\Dorival\Desktop\RazeSpyware.lnk

Trojan.AdwareSheriff
C:\Documents and Settings\Dorival\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\AdwareSheriff.lnk
C:\Documents and Settings\Dorival\Desktop\AdwareSheriff.lnk
C:\Documents and Settings\Dorival\Menu Iniciar\asheriff.lnk

Trojan.RemedyAntiSpy
C:\Documents and Settings\Dorival\Desktop\RemedyAntispy.lnk

Trojan.HitVirus
C:\Documents and Settings\Dorival\Desktop\HitVirus.lnk

Trojan.Anti-Virus Pro
C:\Documents and Settings\Dorival\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Start Anti-Virus-Pro.lnk
C:\Documents and Settings\Dorival\Desktop\Anti-Virus-Pro.lnk
C:\Documents and Settings\Dorival\Desktop\Anti-Virus-Pro.pkg

Trojan.PSGuard
C:\Documents and Settings\Dorival\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\P.S.Guard spyware remover.lnk

Trojan.ADWareBazooka
C:\Documents and Settings\Dorival\Desktop\ADWareBazooka.lnk

Trojan.RegiFast
C:\regifast.log
C:\RFManager.log
C:\RFSilentInstaller.log

Browser Hijacker.Favorites
C:\Documents and Settings\Dorival\Favoritos\Favorites\Cars.url
C:\Documents and Settings\Dorival\Favoritos\Favorites\Domain Names.url
C:\Documents and Settings\Dorival\Favoritos\Favorites\Finance.url
C:\Documents and Settings\Dorival\Favoritos\Favorites\Games.url
C:\Documents and Settings\Dorival\Favoritos\Favorites\Humor.url
C:\Documents and Settings\Dorival\Favoritos\Favorites\Movies.url
C:\Documents and Settings\Dorival\Favoritos\Favorites\Music and Movies
C:\Documents and Settings\Dorival\Favoritos\Favorites\Music and Movies\Albums.url
C:\Documents and Settings\Dorival\Favoritos\Favorites\Music and Movies\Artists.url
C:\Documents and Settings\Dorival\Favoritos\Favorites\Music and Movies\AudioBooks.url
C:\Documents and Settings\Dorival\Favoritos\Favorites\Music and Movies\Collections.url
C:\Documents and Settings\Dorival\Favoritos\Favorites\Music and Movies\Mp3 Search.url
C:\Documents and Settings\Dorival\Favoritos\Favorites\Music and Movies\New releases.url
C:\Documents and Settings\Dorival\Favoritos\Favorites\Music and Movies\Ratings.url
C:\Documents and Settings\Dorival\Favoritos\Favorites\Music and Movies\Soundtracks.url
C:\Documents and Settings\Dorival\Favoritos\Favorites\Online Pharmacy.url
C:\Documents and Settings\Dorival\Favoritos\Favorites\Sex Personals.url
C:\Documents and Settings\Dorival\Favoritos\Favorites\Sports.url
C:\Documents and Settings\Dorival\Favoritos\Favorites\Spyware Removers
C:\Documents and Settings\Dorival\Favoritos\Favorites\Spyware Removers\ADWare Bazooka.url
C:\Documents and Settings\Dorival\Favoritos\Favorites\Spyware Removers\Adware Punisher.url
C:\Documents and Settings\Dorival\Favoritos\Favorites\Spyware Removers\Adware Sheriff.url
C:\Documents and Settings\Dorival\Favoritos\Favorites\Spyware Removers\HIT Virus.url
C:\Documents and Settings\Dorival\Favoritos\Favorites\Spyware Removers\Raze Spyware.url
C:\Documents and Settings\Dorival\Favoritos\Favorites\Spyware Removers\Reg Freeze.url
C:\Documents and Settings\Dorival\Favoritos\Favorites\Spyware Removers\Remedy AntiSpy.url
C:\Documents and Settings\Dorival\Favoritos\Favorites\Spyware Removers\SPY iBlock.url
C:\Documents and Settings\Dorival\Favoritos\Favorites\Spyware Removers\The Spy Guard Site.url
C:\Documents and Settings\Dorival\Favoritos\Favorites\Viagra.url
C:\Documents and Settings\Dorival\Favoritos\Favorites\Weather.url
C:\Documents and Settings\Dorival\Favoritos\Favorites\Web Hosting.url
C:\Documents and Settings\Dorival\Favoritos\Games\Carnival Casino.url
C:\Documents and Settings\Dorival\Favoritos\Games\Club Dice Casino.url
C:\Documents and Settings\Dorival\Favoritos\Games\New York Casino.url
C:\Documents and Settings\Dorival\Favoritos\Games\USA Casino.url
C:\Documents and Settings\Dorival\Favoritos\Games\You Bingo.url
C:\Documents and Settings\Dorival\Favoritos\Games\Gambling\Aces & Faces.url
C:\Documents and Settings\Dorival\Favoritos\Games\Gambling\Baccarat.url
C:\Documents and Settings\Dorival\Favoritos\Games\Gambling\Black Jack.url
C:\Documents and Settings\Dorival\Favoritos\Games\Gambling\Caribbean Poker.url
C:\Documents and Settings\Dorival\Favoritos\Games\Gambling\Casino War.url
C:\Documents and Settings\Dorival\Favoritos\Games\Gambling\Cinerama.url
C:\Documents and Settings\Dorival\Favoritos\Games\Gambling\Craps.url
C:\Documents and Settings\Dorival\Favoritos\Games\Gambling\Deuces Wild.url
C:\Documents and Settings\Dorival\Favoritos\Games\Gambling\Diamond Valley.url
C:\Documents and Settings\Dorival\Favoritos\Games\Gambling\Fruit Mania.url
C:\Documents and Settings\Dorival\Favoritos\Games\Gambling\Gold Rally.url
C:\Documents and Settings\Dorival\Favoritos\Games\Gambling\Jacks or Better.url
C:\Documents and Settings\Dorival\Favoritos\Games\Gambling\Magic Slots.url
C:\Documents and Settings\Dorival\Favoritos\Games\Gambling\Mega Jacks.url
C:\Documents and Settings\Dorival\Favoritos\Games\Gambling\Pai Gow Poker.url
C:\Documents and Settings\Dorival\Favoritos\Games\Gambling\Red Dog Poker.url
C:\Documents and Settings\Dorival\Favoritos\Games\Gambling\Roulette.url
C:\Documents and Settings\Dorival\Favoritos\Games\Gambling\SafeCracer.url
C:\Documents and Settings\Dorival\Favoritos\Games\Gambling\Sic Bo.url
C:\Documents and Settings\Dorival\Favoritos\Games\Gambling\Wall St. Fever.url
C:\Documents and Settings\Dorival\Favoritos\Games\Monaco Gold Casino.url
C:\Documents and Settings\Dorival\Favoritos\Travel\Adventure Travel.url
C:\Documents and Settings\Dorival\Favoritos\Travel\Air Travel.url
C:\Documents and Settings\Dorival\Favoritos\Travel\Business Travel.url
C:\Documents and Settings\Dorival\Favoritos\Travel\Discount Travel.url
C:\Documents and Settings\Dorival\Favoritos\Travel\Food.url
C:\Documents and Settings\Dorival\Favoritos\Travel\Hawaii Travel.url
C:\Documents and Settings\Dorival\Favoritos\Travel\Lodging.url
C:\Documents and Settings\Dorival\Favoritos\Travel\London Travel.url
C:\Documents and Settings\Dorival\Favoritos\Travel\Travel Agent.url
C:\Documents and Settings\Dorival\Favoritos\Travel\Travel Insurance.url
C:\Documents and Settings\Dorival\Favoritos\Travel\Travel package.url
C:\Documents and Settings\Dorival\Favoritos\Travel\Travel Reservation.url
C:\Documents and Settings\Dorival\Favoritos\Travel\Travel Spain.url
C:\Documents and Settings\Dorival\Favoritos\Travel\Travel Web site.url
C:\Documents and Settings\Dorival\Favoritos\Travel\Vacations.url
C:\Documents and Settings\Dorival\Favoritos\Download Free Spyware Remover.url
C:\Documents and Settings\All Users\Favoritos\Download Free Spyware Remover.url
C:\Documents and Settings\Dorival\Favoritos\NEW VIAGRA at Half Price!.url
C:\Documents and Settings\All Users\Favoritos\NEW VIAGRA at Half Price!.url
C:\Documents and Settings\Dorival\Favoritos\Online Chat With Nude Girls.url
C:\Documents and Settings\All Users\Favoritos\Online Chat With Nude Girls.url
C:\Documents and Settings\Dorival\Favoritos\Order CIALIS online without leaving home..url
C:\Documents and Settings\All Users\Favoritos\Order CIALIS online without leaving home..url
C:\Documents and Settings\Dorival\Favoritos\PC protection in under 2 minutes!.url
C:\Documents and Settings\All Users\Favoritos\PC protection in under 2 minutes!.url
C:\Documents and Settings\Dorival\Favoritos\SEX Dating - Real Girls For Real SEX.url
C:\Documents and Settings\All Users\Favoritos\SEX Dating - Real Girls For Real SEX.url
C:\Documents and Settings\Dorival\Favoritos\Stop PopUps On Your Computer.url
C:\Documents and Settings\All Users\Favoritos\Stop PopUps On Your Computer.url
C:\Documents and Settings\Dorival\Favoritos\VIAGRA at incredible low price. Bonus Pills!.url
C:\Documents and Settings\All Users\Favoritos\VIAGRA at incredible low price. Bonus Pills!.url
C:\Documents and Settings\Dorival\Favoritos\View ADULT photos of REAL GIRLS!.url
C:\Documents and Settings\All Users\Favoritos\View ADULT photos of REAL GIRLS!.url
C:\Documents and Settings\Dorival\Favoritos\Dating\Adult Gay Personals.url
C:\Documents and Settings\Dorival\Favoritos\Dating\Adult Personals.url
C:\Documents and Settings\Dorival\Favoritos\Dating\Bondage Personals.url
C:\Documents and Settings\Dorival\Favoritos\Dating\Chinese Personals.url
C:\Documents and Settings\Dorival\Favoritos\Dating\Christian Personals.url
C:\Documents and Settings\Dorival\Favoritos\Dating\Dating & Marriage.url
C:\Documents and Settings\Dorival\Favoritos\Dating\Dating Gay Personals.url
C:\Documents and Settings\Dorival\Favoritos\Dating\Fillipina Personals.url
C:\Documents and Settings\Dorival\Favoritos\Dating\Find Sex Partner.url
C:\Documents and Settings\Dorival\Favoritos\Dating\French Personals.url
C:\Documents and Settings\Dorival\Favoritos\Dating\German Personals.url
C:\Documents and Settings\Dorival\Favoritos\Dating\Indian Personals.url
C:\Documents and Settings\Dorival\Favoritos\Dating\Italian Personals.url
C:\Documents and Settings\Dorival\Favoritos\Dating\Jewish Personals.url
C:\Documents and Settings\Dorival\Favoritos\Dating\Senior Personals.url
C:\Documents and Settings\Dorival\Favoritos\Dating\Sex Personals.url
C:\Documents and Settings\Dorival\Favoritos\Dating\Spanish & Portuguese.url

Adware.Elite Media
C:\WINDOWS\Downloaded Program Files\elite.inf
C:\WINDOWS\Downloaded Program Files\elite.ocx
C:\WINDOWS\elitemediagroup.ini
C:\Arquivos de programas\Arquivos comuns\EliteMediaGroupOinUninstaller.exe
C:\Arquivos de programas\Common Files\EliteMediaGroupOinUninstaller.exe
C:\WINDOWS\em06y.ini

Trojan.Freeprod
C:\Documents and Settings\Dorival\Desktop\freeprodtb.exe

Adware.IEPlugin
C:\Documents and Settings\Dorival\Desktop\Desktop Toolbar
C:\WINDOWS\isp.ico
C:\WINDOWS\lu.dat

Trojan.RieMon
C:\WINDOWS\system32\unirimon.exe

Adware.BookedSpace
C:\WINDOWS\bsx32.ini
C:\WINDOWS\bs2.dll
C:\WINDOWS\bs3.dll
C:\WINDOWS\bsx5.dll
C:\WINDOWS\bxxs5.dll
C:\WINDOWS\oo4.dll
C:\WINDOWS\system32\acd.dll
C:\WINDOWS\system32\anaamon.dll
C:\WINDOWS\system32\bs2.dll
C:\WINDOWS\system32\bs3.dll
C:\WINDOWS\system32\bsx5.dll
C:\WINDOWS\system32\bxsx5.dll
C:\WINDOWS\system32\bxxs5.dll
C:\WINDOWS\system32\oo4.dll
C:\WINDOWS\system32\rem00001.dll

Trojan.Security Toolbar
C:\Documents and Settings\All Users\Menu Iniciar\Online Security Guide.url
C:\Documents and Settings\All Users\Menu Iniciar\Security Troubleshooting.url
C:\Documents and Settings\Dorival\Favoritos\Antivirus Test Online.url
C:\Documents and Settings\All Users\Desktop\Security Troubleshooting.url
C:\Documents and Settings\All Users\Desktop\Online Security Guide.url
C:\Documents and Settings\All Users\Desktop\Find And Fix Errors.lnk

Adware.IST/YourSiteBar
C:\WINDOWS\Downloaded Program Files\ysbactivex.dll
C:\WINDOWS\Downloaded Program Files\ysbactivex.inf

Adware.HotBar/WOWPapers (Low Risk)
C:\Documents and Settings\All Users\Desktop\Free PC Wallpapers.lnk

Adware.Casino Games (Golden Palace Casino)
\Best Casino. $200 signup bonus!.url
C:\Documents and Settings\Dorival\Desktop\Best Casino. $200 signup bonus!.url
C:\Documents and Settings\Dorival\Favoritos\Best Casino. $200 signup bonus!.url

Trojan.BraveSentry
C:\Documents and Settings\Dorival\Desktop\BraveSentry.lnk

Trojan.Spy-Shield/BON
C:\Documents and Settings\Dorival\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Spy-Shield v4.1.lnk
C:\Documents and Settings\Dorival\Desktop\Spy-Shield v4.1.lnk

Adware.Best Offers Network
C:\WINDOWS\tboninst.cfg

Trojan.ZQuest
C:\WINDOWS\dh.ini

Adware.Mirar/NetNucleus
C:\WINDOWS\Downloaded Program Files\WinATS.inf
C:\WINDOWS\Downloaded Program Files\Winwcd.inf

Trojan.PKL/Malware
C:\WINDOWS\system32\bpkwb.dll
C:\WINDOWS\system32\johnwb.dll
C:\WINDOWS\system32\systemwb.dll

Adware.WebHancer
C:\WINDOWS\whAgent.inf
C:\WINDOWS\whInstaller.ini

Malware.SpywareQuake
C:\Documents and Settings\Dorival\Desktop\SpywareQuake.lnk
C:\Documents and Settings\Dorival\Menu Iniciar\SpywareQuake 2.0.lnk
C:\Documents and Settings\Dorival\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\SpywareQuake 2.0.lnk
C:\Documents and Settings\Dorival\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\SpyQuake2.com 2.3.lnk
\SpyQuake2.com.lnk
C:\Documents and Settings\Dorival\Desktop\SpyQuake2.com.lnk

Adware.TrustInCash
C:\WINDOWS\system32\tisa.cnf

Adware.GloboLook
C:\WINDOWS\system32\Air Tickets.ico
C:\WINDOWS\system32\Big Tits.ico
C:\WINDOWS\system32\BlackJack.ico
C:\WINDOWS\system32\Britney Spears.ico
C:\WINDOWS\system32\Car Insurance.ico
C:\WINDOWS\system32\Cheap Cigarettes.ico
C:\WINDOWS\system32\Credit Card.ico
C:\WINDOWS\system32\Cruises.ico
C:\WINDOWS\system32\Currency Trading.ico
C:\WINDOWS\system32\Lesbian Sex.ico
C:\WINDOWS\system32\MP3.ico
C:\WINDOWS\system32\Online Betting.ico
C:\WINDOWS\system32\Online Gambling.ico
C:\WINDOWS\system32\Oral Sex.ico
C:\WINDOWS\system32\Party Poker.ico
C:\WINDOWS\system32\Pharmacy.ico
C:\WINDOWS\system32\Phentermine.ico
C:\WINDOWS\system32\Pornstars.ico
C:\WINDOWS\system32\Remove Spyware.ico
C:\WINDOWS\system32\Viagra.ico

Adware.ClickSpring/Yazzle
C:\WINDOWS\Downloaded Program Files\YazzleActiveX.inf
C:\WINDOWS\Downloaded Program Files\YazzleActiveX.ocx

Trojan.SysProtect
C:\Documents and Settings\Dorival\Desktop\SysProtect.lnk

Trojan.CDSC63R
C:\WINDOWS\system32\cdscsix3.dll
C:\WINDOWS\system32\cdscsix3r.sys

Adware.Tesla Plus
C:\Arquivos de programas\secure32.html

Malware.SpyCut
C:\Documents and Settings\Dorival\Desktop\SpyCut.lnk

Malware.Spyware Soft Stop
C:\Documents and Settings\Dorival\Desktop\Spyware Soft Stop.lnk
C:\Documents and Settings\Dorival\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Spyware Soft Stop.lnk

Malware.SpywareSheriff
C:\Documents and Settings\Dorival\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\SpywareSheriff.lnk
\SpywareSheriff.lnk

Trojan.Hackarmy Variant
C:\WINDOWS\system32\MsnMsr.exe

Trojan.XptpMM
C:\WINDOWS\system32\fux87.ini

Malware.Spyware Vanisher
C:\WINDOWS\Spyware Vanisher Setup Log.txt
\Spyware Vanisher Free Scan.lnk
C:\Documents and Settings\Dorival\Desktop\Spyware Vanisher Free Scan.lnk

Malware.Ultimate Defender
\Ultimate Defender.lnk
\Ultimate Defender.pkg
C:\Documents and Settings\Dorival\Desktop\Ultimate Defender.lnk
C:\Documents and Settings\Dorival\Desktop\Ultimate Defender.pkg

Adware.TV Media
C:\WINDOWS\Downloaded Program Files\APInstall_Tiny.dll

DIaler.Super-Adult
C:\Documents and Settings\Dorival\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Night Club - Foto Annunci Video - VM18.lnk
\Night Club - Foto Annunci Video - VM18.lnk
C:\Documents and Settings\Dorival\Desktop\Night Club - Foto Annunci Video - VM18.lnk
C:\Documents and Settings\Dorival\Menu Iniciar\Programas\Night Club - Foto Annunci Video - VM18.lnk

Malware.SystemDoctor
\SystemDoctor 2006.lnk
C:\Documents and Settings\Dorival\Desktop\SystemDoctor 2006.lnk
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D08M0404NetInstaller.exe

Dialer.VacPro
C:\WINDOWS\Downloaded Program Files\int_ver34.INF
C:\WINDOWS\Downloaded Program Files\int_ver34.ocx

Malware.AlertSpy
\AlertSpy.lnk
C:\Documents and Settings\Dorival\Desktop\AlertSpy.lnk

Malware.Trust Cleaner
\Trust Cleaner.lnk
C:\Documents and Settings\Dorival\Desktop\Trust Cleaner.lnk

Adware.Desktop Hijacker
C:\Arquivos de programas\Google\nicobitop.html

Malware.GreatMemo
C:\Documents and Settings\Dorival\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\GreatMemo.lnk
\GreatMemo.lnk
C:\Documents and Settings\Dorival\Desktop\GreatMemo.lnk
C:\Documents and Settings\Dorival\Menu Iniciar\Programas\Inicializar\GreatMemo.lnk

Malware.TitanShield
C:\Documents and Settings\Dorival\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\TitanShield Antispyware.lnk
\TitanShield Antispyware.lnk
C:\Documents and Settings\Dorival\Desktop\TitanShield Antispyware.lnk

Malware.RegFreeze
C:\Documents and Settings\Dorival\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\RegFreeze.lnk
\RegFreeze.lnk
C:\Documents and Settings\Dorival\Menu Iniciar\Programas\Inicializar\RegFreeze.lnk

Malware.Adware Finder
\AdwareFinder.lnk
C:\Documents and Settings\Dorival\Desktop\AdwareFinder.lnk

Malware.SpyHeal
C:\Documents and Settings\Dorival\Desktop\SpyHeal.lnk
C:\Documents and Settings\Dorival\Menu Iniciar\SpyHeal 2.1.lnk
C:\Documents and Settings\Dorival\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Spy-Heal 2.1.lnk
C:\Documents and Settings\Dorival\Desktop\Spy-Heal.lnk
C:\Documents and Settings\Dorival\Menu Iniciar\Spy-Heal 2.1.lnk
C:\Documents and Settings\Dorival\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\SpyHealer 2.2.lnk
\SpyHealer.lnk
C:\Documents and Settings\Dorival\Menu Iniciar\SpyHealer 2.2.lnk
C:\Documents and Settings\Dorival\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\SpyHeals 2.3.lnk
\SpyHeals.lnk
C:\Documents and Settings\Dorival\Desktop\SpyHeals.lnk
C:\Documents and Settings\Dorival\Menu Iniciar\SpyHeals 2.3.lnk

Trojan.DollarRevenue
C:\WINDOWS\newname.dat
C:\WINDOWS\keyboard1.dat

Spyware.IEToolbar
C:\Arquivos de programas\IEToolbar\inst.bat
C:\Arquivos de programas\IEToolbar\searchbarus.dll
C:\Arquivos de programas\IEToolbar\searchbarus.inf

Malware.AntiVirusGolden
C:\Documents and Settings\Dorival\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\AntivirusGolden 3.3.lnk
\AntivirusGolden.lnk
C:\Documents and Settings\Dorival\Desktop\AntivirusGolden.lnk
C:\Documents and Settings\Dorival\Menu Iniciar\AntivirusGolden 3.3.lnk
C:\Documents and Settings\Dorival\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\AntiviralGolden 3.5.lnk
\AntiviralGolden.lnk
C:\Documents and Settings\Dorival\Desktop\AntiviralGolden.lnk
C:\Documents and Settings\Dorival\Menu Iniciar\AntiviralGolden 3.5.lnk

Malware.VirusBlast
C:\Documents and Settings\Dorival\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\VirusBlast v5.0.lnk
\VirusBlast v5.0.lnk
C:\Documents and Settings\Dorival\Desktop\VirusBlast v5.0.lnk
C:\Documents and Settings\Dorival\Menu Iniciar\VirusBlast v5.0.lnk

Trojan.Media-Codec
\PornMag Pass.lnk
C:\Documents and Settings\Dorival\Desktop\PornMag Pass.lnk
\X Password Generator.lnk
C:\Documents and Settings\Dorival\Desktop\X Password Generator.lnk
\PornPass Manager.lnk
C:\Documents and Settings\Dorival\Desktop\PornPass Manager.lnk
\Key Generator.lnk
C:\Documents and Settings\Dorival\Desktop\Key Generator.lnk

Trojan.ErrorSafe
C:\Documents and Settings\All Users\Menu Iniciar\Programs\ErrorSafe\ErrorSafe on the Web.lnk
C:\Documents and Settings\All Users\Menu Iniciar\Programs\ErrorSafe\Uninstall ErrorSafe.lnk

Malware.Antispyware Soldier
C:\Documents and Settings\Dorival\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Antispyware Soldier.lnk
\Antispyware Soldier.lnk
C:\Documents and Settings\Dorival\Menu Iniciar\Programas\Inicializar\antispysoldier.lnk

Trojan.StoneDrv
C:\WINDOWS\system32\inistone.ini

Malware.VirusBurst
C:\Documents and Settings\Dorival\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\VirusBurst 6.1.lnk
\VirusBurst.lnk
C:\Documents and Settings\Dorival\Desktop\VirusBurst.lnk
C:\Documents and Settings\Dorival\Menu Iniciar\VirusBurst 6.1.lnk
C:\Documents and Settings\Dorival\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Virus-Burst 6.1.lnk
\Virus-Burst.lnk
C:\Documents and Settings\Dorival\Menu Iniciar\Virus-Burst 6.1.lnk
C:\Documents and Settings\Dorival\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\VirusBurster 6.2.lnk
\VirusBurster.lnk
C:\Documents and Settings\Dorival\Desktop\VirusBurster.lnk
C:\Documents and Settings\Dorival\Menu Iniciar\VirusBurster 6.2.lnk

Malware.AdProtect
C:\Documents and Settings\Dorival\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Ad-Protect v6.3.lnk
\Ad-Protect v6.3.lnk
C:\Documents and Settings\Dorival\Desktop\Ad-Protect v6.3.lnk
C:\Documents and Settings\Dorival\Menu Iniciar\Ad-Protect v6.3.lnk

Malware.DriveCleaner
\DriveCleaner 2006 Free.lnk
C:\Documents and Settings\Dorival\Desktop\DriveCleaner 2006 Free.lnk

Malware.VirusRescue
C:\Documents and Settings\Dorival\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\VirusRescue v3.0.1.lnk
\VirusRescue v3.0.1.lnk
C:\Documents and Settings\Dorival\Desktop\VirusRescue v3.0.1.lnk
C:\Documents and Settings\Dorival\Menu Iniciar\VirusRescue v3.0.1.lnk

Malware.RepairRegistryPro
\Repair Registry Pro.lnk
C:\Documents and Settings\Dorival\Desktop\Repair Registry Pro.lnk

Malware.SpywareBot
\SpywareBot.lnk
C:\Documents and Settings\Dorival\Desktop\SpywareBot.lnk
C:\Documents and Settings\Dorival\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\SpywareBot.lnk

Malware.PestCapture
\PestCapture.lnk
C:\Documents and Settings\Dorival\Desktop\PestCapture.lnk

Malware.AntiVermins
C:\Documents and Settings\Dorival\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\AntiVermins 2.1.lnk
C:\Documents and Settings\Dorival\Menu Iniciar\AntiVermins 2.1.lnk
\AntiVermins.lnk
C:\Documents and Settings\Dorival\Desktop\AntiVermins.lnk

Worm.Spam-Strato
C:\WINDOWS\msserrv32.dat
C:\WINDOWS\msserrv32.s
C:\WINDOWS\msserrv32.wax
C:\WINDOWS\msserrv32.z
C:\WINDOWS\msserv32.dat
C:\WINDOWS\msserv32.s
C:\WINDOWS\msserv32.wax
C:\WINDOWS\msserv32.z
C:\WINDOWS\mswiizz32.dat
C:\WINDOWS\mswiizz32.s
C:\WINDOWS\mswiizz32.wax
C:\WINDOWS\mswiizz32.z
C:\WINDOWS\mswiz32.dat
C:\WINDOWS\mswiz32.s
C:\WINDOWS\mswiz32.wax

Trojan.Bagle Variant
C:\WINDOWS\system32\winupd.exeopen
C:\WINDOWS\system32\winupd.exeopenopen
C:\WINDOWS\system32\winupd.exeopenopenopen

Malware.SpyZooka
C:\Documents and Settings\All Users\Desktop\SpyZooka 2.5.lnk

Malware.SpyiBlock
\SpyiBlock.lnk
C:\Documents and Settings\Dorival\Desktop\SpyiBlock.lnk

Malware.BreakSpyware
\BreakSpyware.lnk
C:\Documents and Settings\Dorival\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Break Spyware.lnk

Malware.SpyMarshal
C:\Documents and Settings\Dorival\Desktop\SpyMarshal.lnk

Malware.MrAntiSpy
C:\Documents and Settings\Dorival\Desktop\MrAntispy.lnk
\MrAntispy.lnk

Malware.MalwareAlarm
\MalwareAlarm.lnk
C:\Documents and Settings\Dorival\Desktop\MalwareAlarm.lnk

Malware.SpywareKnight
C:\Documents and Settings\Dorival\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\SpywareKnight.lnk
C:\Documents and Settings\Dorival\Desktop\SpywareKnight.lnk

Malware.SpySoldier
C:\Documents and Settings\Dorival\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\SpySoldier.lnk
\SpySoldier.lnk
C:\Documents and Settings\Dorival\Desktop\SpySoldier.lnk

Malware.ContraVirus
C:\Documents and Settings\Dorival\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\ContraVirus 2.0.lnk
C:\Documents and Settings\Dorival\Desktop\ContraVirus 2.0.lnk
C:\Documents and Settings\Dorival\Menu Iniciar\ContraVirus 2.0.lnk

Trojan.Rustock/LZX32
C:\WINDOWS\system32:lzx32.sys

Trojan.Rustock/HUY32
C:\WINDOWS\system32:huy32.sys

Malware.SpyDawn
C:\Documents and Settings\Dorival\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\SpyDawn 3.1.lnk
C:\Documents and Settings\Dorival\Desktop\SpyDawn.lnk
C:\Documents and Settings\Dorival\Menu Iniciar\SpyDawn 3.1.lnk

HijackThis :

Logfile of HijackThis v1.99.1
Scan saved at 14:55:41, on 12/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Arquivos de programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe
C:\Arquivos de programas\Messenger\Msmsgs.exe
c:\Arquivos de programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mad.exe
C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe
C:\ARQUIV~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\ARQUIV~1\WI1F86~1\MESSEN~1\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe
C:\ARQUIV~1\MICROS~2\OFFICE11\WINWORD.EXE
C:\Arquivos de programas\Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe
C:\Arquivos de programas\Teamspeak2_RC2\TeamSpeak.exe
C:\Arquivos de programas\Opera\opera.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Arquivos de programas\Tibia 8.50\Tibia\Tibia.exe
C:\Arquivos de programas\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Arquivos de programas\Internet Saving Optimizer\3.7.1.4630\NPIEAddOn.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Arquivos de programas\System Search Dispatcher\1.4.1.1010\ssd.dll (file missing)
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Arquivos de programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\ARQUIV~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{44BC92C3-4150-409E-B047-0FA0491523CB}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{49900B58-C59B-4F42-B7C7-75E2D1051CD1}: NameServer = 200.204.0.10,200.204.0.138
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\elf_key.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Mineira-udi · 12/09/2009

Boa noite, Mr. wolf!!!

Estava tendo problemas com o "winsgx", li alguns post e segui as orientações, rodei novamente o kaspersky online e o vírus continua, poderia me ajudar???

KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, September 12, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, September 12, 2009 22:52:52
Records in database: 2786035

Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes

Scan area My Computer
C:\
D:\
E:\

Scan statistics
Objects scanned 78292
Threats found 1
Infected objects found 1
Suspicious objects found 0
Scan duration 01:20:58

File name Threat Threats count
C:\WINDOWS\system32\winsgx.exe Infected: Trojan-Downloader.Win32.Banload.aelf 1

Selected area has been scanned.

didifpg · 13/09/2009

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, September 13, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, September 13, 2009 01:35:36
Records in database: 2795964
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 56203
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 01:12:05

File name / Threat / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\update93828.exe.vir Infected: Packed.Win32.Krap.x 1

Selected area has been scanned.

=)

Mr.Wolf · 13/09/2009

Olá pessoal, boa noite! Vou responder à todos neste mesmo post ok.

LuiZz``, não há nada errado em seu log. Porém, faremos uma verificação mais minuciosa para uma conclusão mais concreta.

Siga abaixo amigo LuiZz``:

Faça o download do OTL e salve-o no desktop;

● Dê um duplo clique em OTL.exe para executá-lo;
● Marque as opções: Scan All Users e Minimal Output. No item "File Age" coloque a opção 90 Days;
● Clique no botão

e aguarde o scan;
● Dois logs serão abertos no Bloco de Notas:

- OTL.Txt <- este será aberto
- Extras.Txt <- este estará minimizado

Eles também estão salvos no desktop. Cole-os em sua próxima resposta.

___________________________________

carolgsn, se seu irmão desinstalou o Refog você não iria conseguir acessá-lo mesmo. Entretanto, não há vestígios do Refog em seus logs. Com certeza o keylogger foi desinstalado da máquina já, como seu irmão a informou.

Também não há vestígios de infecção em seu computador amiga Carol.

Qual é a mensagem de erro que ocorre quando você tenta acessar o registro (regedit) e não tem sucesso? Seria parecida com esta por acaso: "A edição do Registro foi desativada pelo administrador".

Pois é estranho o registro estar desativado! Porque quando o mesmo encontra-se neste estado, aparece uma entrada O7 no log. E em seu log não há indícios desta entrada, ou de qualquer entrada oculta referente à ela.

___________________________________

Maximillian, no DF existem sim opções de configuração para não perder seus dados quando o PC é reiniciado. Porém, na época em que testei o software, mesmo configurado corretamente para isso, os dados eram perdidos após o reboot. Se conseguir configurar e estabilizar a configuração, ótimo! Utilize-o sem problema algum. Mas, antes de tudo, verifique se a configuração irá funcionar devidamente mesmo para não ocorrer com você o que ocorreu comigo.

Porém, ainda acho que o melhor a fazer é colocar um segundo HD, o D: como disse, para instalar seus jogos e outros pertences que queira.

___________________________________

lukox, abra o SUPERAntiSpyware e clique em "Gerenciar a Quarentena". Selecione todos os itens (infecções) presentes no painel e exclua-os da lista.

Siga as instruções abaixo lukox:

1ª Etapa

Baixe as duas ferramentas abaixo e salve-as no desktop:

●EliStarA > Para baixar, no final da página clique no botão Descargar EliStarA.

●EliTriip > Para baixar, no final da página clique no botão Descargar EliTriip.

● Salve tudo o que estiver fazendo e feche todos os programas abertos;

● Execute o EliStarA.exe. Clique em Sim/OK em todas as mensagens que forem aparecendo;

● Quando a ferramenta abrir definitivamente, clique no botão Explorar e aguarde o scan. Pode demorar um pouco, ou pode ser bem rápido, dependendo do caso!

● Depois execute o EliTriip.exe e faça o mesmo procedimento do EliStarA.exe;

Ao término do scan, um log estará em C:\InfoSat.txt. Cole-o em sua próxima resposta.

OBS: As ferramentas modificarão sua página inicial do Internet Explorer colocando o about:blank, isso é normal. Basta configurá-lo conforme deseja depois.

2ª Etapa

- Faça o download do ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Duplo clique no ícone combofix.exe para iniciar o scan;
● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.

Cole este log em sua próxima resposta.

___________________________________

Olá Mineira-udi, seja bem-vinda ao fórum!

O winsgx.exe é um worm amiga Mineira-udi. Este malware se espalha por rede. Portanto, se este computador estiver conectado à alguma rede, é necessário que desconecte-o imediatamente, por gentileza.

Siga as instruções do spoiler abaixo Mineira-udi (basta clicar no botão Mostrar):

- Faça o download do ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Duplo clique no ícone combofix.exe para iniciar o scan;
● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.

Cole este log em sua próxima resposta.

___________________________________

didifpg, o Kaspersky apenas detectou os arquivos em quarentena da pasta do ComboFix, ou seja, falso-positivo. Não há com que se preocupar.

O log está limpo didifpg.

Vá em Iniciar > Executar, digite ComboFix /u e dê um OK para remover a ferramenta e suas pastas.

Algum problema ainda didifpg?

Falero · 13/09/2009

Vírus?

Não consigo entrar no site do bradesco,quando digito o endereço ocorre um erro Google Toolbar Notifier arquivo SWG.DLL.
Estou preocupado, conforme pesquisa na internet se trata de vírus para copiar dados e senhas, peço ajuda.
Obrigado.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:14:10, on 9/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\WinLogT.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\vsnpstd2.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe
C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Toca do Game\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfre0.dll
O1 - Hosts: 69.162.114.180 santander.com.br
O1 - Hosts: 69.162.114.180 www.santander.com.br
O1 - Hosts: 69.162.114.181 itau.com.br
O1 - Hosts: 69.162.114.181 www.itau.com.br
O1 - Hosts: 69.162.114.181 www.itau.com
O1 - Hosts: 69.162.114.181 itau.com
O1 - Hosts: 69.162.114.181 itaupersonnalite.com.br
O1 - Hosts: 69.162.114.181 www.itaupersonnalite.com.br
O1 - Hosts: 69.162.114.182 www.bradesco.com.br
O1 - Hosts: 69.162.114.182 bradesco.com.br
O1 - Hosts: 69.162.114.182 www.bradesco.com
O1 - Hosts: 69.162.114.182 bradesco.com
O1 - Hosts: 69.162.114.182 www.bradescoempresa.com.br
O1 - Hosts: 69.162.114.182 bradescoempresa.com.br
O1 - Hosts: 69.162.114.182 www.bradescoprime.com.br
O1 - Hosts: 69.162.114.182 bradescoprime.com.br
O1 - Hosts: 69.162.114.182 bradescocartoes.com.br
O1 - Hosts: 69.162.114.182 www.bradescocartoes.com.br
O1 - Hosts: 69.162.114.179 www.nossacaixa.com.br
O1 - Hosts: 69.162.114.179 nossacaixa.com.br
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfre0.dll
O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfre0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [snpstd2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.13\MediaManager\grab.html
O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Ò×È¤¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra 'Tools' menuitem: Ò×È¤¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 11482 bytes

Remoção de vírus

Misterioso "D"

Member

Member

Well-Known Member

Spider's

Member

What The Fuck ?

Malware Removal

Well-Known Member

Member

What The Fuck ?

Member

Member

New Member

New Member

Attachments

Malware Removal

know-it-all Member

Old member

Member

Attachments

What The Fuck ?

Well-Known Member

New Member

Member

Malware Removal

New Member

Users who are viewing this thread