Remoção de vírus

Olá Falero

Sim, sua infecção é por Trojans Bankers. Este tipo de malware possui a única finalidade de furtar as senhas que foram digitadas no computador, independente do tipo. Seja de Orkut, MSN, internet banking, Twitter, etc, e as enviar ao criador da praga.

Por isso, após a limpeza de sua máquina, é extremamente importante que você troque todas as senhas que foram digitadas nesta máquina. E caso acesse internet banking, contate o gerente de seu banco informado-o sobre o ocorrido.

- Faça o download do HostsXpert e salve-o no desktop;
- Extraia o arquivo para seu desktop e execute o HostsXpert.exe;
- Clique no botão Restore MS Hosts Files e feche o programa.


- Faça o download do BankerFix e salve-o no desktop;

● Desabilite o seu antivírus temporariamente para não detectar a ferramenta como vírus;
● Dê um duplo clique em bankerfix.exe;
● Surgirá uma mensagem dizendo que o mesmo será baixado via internet;
● Clique em OK > OK. Tecle Enter e aguarde o término do scan;
● Terminado o scan, leia a mensagem na tela e tecle Enter novamente.
● Será gerado um log em C:\LinhaDefensiva\relatorio.txt.

Cole este log em sua próxima resposta, juntamente com um novo log do HijackThis.

Delete a pasta C:\LinhaDefensiva após colar seu log aqui.
 
Olá Mr. Wolf....

A mensagem de erro que estava dando eu anexei junto à ultima resposta...
Agora fui tentar acessar o regedit e já consegui.... Não entendi nada...
Obrigada pela atenção e pela ajuda...
Problema Resolvido!!!!
bjs
 
Cara, Boa Noite,

Estou com um Problema aq... =\

hj eu acho q fui vitima de um Hacker, roubaram minha Senha do jogo (WoW) e trocaram-na juntamente ao meu password, agora fika dificil recuperar, passei o anti-virus, Malware-Ban, e detectou 379 Infecções (o_O).... ok, vi q tinha feito *****, ai eu lendo aq o seu topico, eu lembrei do HijackThis... qnd Scaniei o Pc, detectou uma entrada Perigosa (de acordo com o site): "O4 - Startup: ctfmon.exe - Kind - Nasty - Nasty - Unknown application. This entry was classified from our visitors as bad."
Mostrou isto com o X vermelho, mas quando tento Fix esse registro diz q ele esta sendo usado, tentei finaliza-lo (velho Crtl Alt Del) e mesmo assim diz q ele continua aberto....=\

Como posso resolver meu problema?? sabe??

Obrigado!!!
 
Olá Mr. Wolf!

conferi o "Firewall do Windows/Compartilhamento de Conexão com a Internet (ICS)" e lá estava como automático. Havia outras opções, mas não alterei.

Aguardo seus comentários.

Mais uma vez, obrigado pela atenção.
Artur
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:00:19, on 14/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Luciano\AppData\Local\Temp\Temp1_HiJackThis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5429 bytes
 
Mr. Wolf eu acho q tem alguma coisa de errada pq meu computado n ta ligada a nenhuma rede... De qualquer forma taí os logs! :yes:

ComboFix
ComboFix 09-09-13.05 - Nóis Todos 14/09/2009 9:28.5.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.223.65 [GMT -3:00]
Executando de: c:\documents and settings\Nóis Todos\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Nóis Todos\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Criado um novo ponto de restauração

FILE ::
"c:\windows\system32\msvfw64.dll"
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\msvfw64.dll

.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-08-14 to 2009-09-14 ))))))))))))))))))))))))))))
.

2009-09-09 13:49 . 2008-04-14 12:00 1677824 -c--a-w- c:\windows\system32\dllcache\chsbrkr.dll
2009-09-09 13:49 . 2008-04-14 12:00 1677824 ----a-w- c:\windows\system32\chsbrkr.dll
2009-09-09 13:49 . 2008-04-14 12:00 838144 -c--a-w- c:\windows\system32\dllcache\chtbrkr.dll
2009-09-09 13:49 . 2008-04-14 12:00 838144 ----a-w- c:\windows\system32\chtbrkr.dll
2009-09-09 13:49 . 2008-04-14 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2009-09-09 13:49 . 2008-04-14 12:00 98304 ----a-w- c:\windows\system32\msir3jp.dll
2009-09-09 13:49 . 2008-04-14 12:00 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll
2009-09-09 13:49 . 2008-04-14 12:00 70656 ----a-w- c:\windows\system32\korwbrkr.dll
2009-09-09 13:47 . 2008-04-14 12:00 57398 -c--a-w- c:\windows\system32\dllcache\imjpdadm.exe
2009-09-09 13:47 . 2008-04-14 12:00 45109 -c--a-w- c:\windows\system32\dllcache\imjpuex.exe
2009-09-09 13:47 . 2008-04-14 12:00 6656 -c--a-w- c:\windows\system32\dllcache\c_is2022.dll
2009-09-09 13:47 . 2008-04-14 12:00 6656 ----a-w- c:\windows\system32\c_is2022.dll
2009-09-09 13:22 . 2001-08-18 09:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-09-09 13:22 . 2001-08-18 09:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-09-09 13:22 . 2001-08-18 09:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-09-09 13:22 . 2001-08-18 09:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-09-09 13:22 . 2001-08-18 01:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-09-09 13:22 . 2001-08-18 01:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-09-09 13:22 . 2001-08-18 01:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2009-09-09 13:22 . 2001-08-18 01:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-09-09 13:22 . 2001-08-18 01:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-09-09 13:22 . 2001-08-18 01:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-09-09 13:22 . 2008-04-13 22:18 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-09-09 13:22 . 2008-04-13 22:18 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-09-03 12:31 . 2009-09-03 12:31 -------- d-----w- c:\arquivos de programas\Trend Micro
2009-08-27 20:34 . 2007-04-09 16:23 28040 ----a-w- c:\windows\system32\mdimon.dll
2009-08-27 20:32 . 2009-08-27 20:32 -------- d-----w- c:\arquivos de programas\Microsoft.NET
2009-08-27 20:27 . 2009-08-27 20:27 -------- d-----r- C:\MSOCache
2009-08-27 14:48 . 2009-08-27 14:48 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-27 14:48 . 2009-08-27 20:32 -------- d-----w- c:\windows\ShellNew
2009-08-27 12:17 . 2009-08-27 14:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-31 12:46 . 2008-04-14 12:00 48846 ----a-w- c:\windows\system32\perfc016.dat
2009-08-31 12:46 . 2008-04-14 12:00 344734 ----a-w- c:\windows\system32\perfh016.dat
2009-08-27 19:15 . 2009-06-30 23:40 -------- d-----w- c:\arquivos de programas\eMule
2009-08-27 16:24 . 2009-07-01 14:36 -------- d-----w- c:\arquivos de programas\Total Video Converter
2009-08-05 15:47 . 2009-06-30 14:49 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:00 . 2008-04-14 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 13:09 . 2009-08-03 15:44 -------- d-----w- c:\arquivos de programas\Oi Velox
2009-07-30 17:02 . 2009-07-30 17:01 -------- d-----w- c:\arquivos de programas\Philips
2009-07-30 17:02 . 2009-07-30 17:01 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-07-20 17:32 . 2009-06-30 14:53 -------- d-----w- c:\arquivos de programas\The KMPlayer
2009-07-17 19:03 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 15:21 . 2008-04-14 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 22:59 . 2009-07-09 21:24 167986 ----a-w- c:\windows\hpoins28.dat
2009-07-08 16:56 . 2009-07-08 16:56 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-03 16:59 . 2008-04-14 12:00 915456 ------w- c:\windows\system32\wininet.dll
2009-06-30 15:20 . 2009-06-30 14:49 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-30 14:21 . 2009-06-30 14:21 21844 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-25 08:27 . 2008-04-14 12:00 732672 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:27 . 2008-04-14 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:27 . 2008-04-14 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:27 . 2008-04-14 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:27 . 2008-04-14 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:27 . 2008-04-14 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2008-04-14 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-23 09:22 . 2009-07-01 13:37 24893616 ----a-w- C:\AdbeRdr910_pt_BR.exe
2009-06-16 14:39 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:39 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-09-09_12.14.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-14 12:35 . 2009-09-14 12:35 16384 c:\windows\temp\Perflib_Perfdata_298.dat
+ 2009-06-30 15:02 . 2008-04-13 22:19 76288 c:\windows\system32\uniime.dll
+ 2009-06-30 15:02 . 2008-04-13 22:19 10240 c:\windows\system32\IME\TINTLGNT\TMIGRATE.DLL
+ 2009-06-30 15:02 . 2008-04-13 12:43 44032 c:\windows\system32\IME\TINTLGNT\TINTLPHR.EXE
+ 2009-06-30 15:02 . 2008-04-13 22:19 67584 c:\windows\system32\IME\PINTLGNT\PMIGRATE.DLL
+ 2009-06-30 15:02 . 2008-04-13 12:43 70144 c:\windows\system32\IME\PINTLGNT\PINTLPHR.EXE
+ 2009-06-30 15:02 . 2008-04-13 12:43 59392 c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
- 2009-06-30 14:28 . 2008-04-14 12:00 86073 c:\windows\system32\dllcache\voicesub.dll
+ 2009-06-30 15:02 . 2008-04-13 22:19 86073 c:\windows\system32\dllcache\voicesub.dll
- 2009-06-30 14:28 . 2008-04-14 12:00 76288 c:\windows\system32\dllcache\uniime.dll
+ 2009-06-30 15:02 . 2008-04-13 22:19 76288 c:\windows\system32\dllcache\uniime.dll
+ 2009-06-30 15:02 . 2008-04-13 22:19 10240 c:\windows\system32\dllcache\tmigrate.dll
- 2009-06-30 14:28 . 2008-04-14 12:00 10240 c:\windows\system32\dllcache\tmigrate.dll
+ 2009-06-30 15:02 . 2008-04-13 12:43 44032 c:\windows\system32\dllcache\tintlphr.exe
- 2009-06-30 14:28 . 2008-04-14 12:00 44032 c:\windows\system32\dllcache\tintlphr.exe
- 2009-06-30 14:28 . 2008-04-14 12:00 67584 c:\windows\system32\dllcache\pmigrate.dll
+ 2009-06-30 15:02 . 2008-04-13 22:19 67584 c:\windows\system32\dllcache\pmigrate.dll
+ 2009-06-30 15:02 . 2008-04-13 12:43 70144 c:\windows\system32\dllcache\pintlphr.exe
- 2009-06-30 14:28 . 2008-04-14 12:00 70144 c:\windows\system32\dllcache\pintlphr.exe
- 2009-06-30 14:28 . 2008-04-14 12:00 53760 c:\windows\system32\dllcache\pintlcsd.dll
+ 2009-06-30 15:02 . 2008-04-13 22:19 53760 c:\windows\system32\dllcache\pintlcsd.dll
+ 2009-06-30 15:02 . 2008-04-13 22:19 15360 c:\windows\system32\dllcache\padrs804.dll
- 2009-06-30 14:28 . 2008-04-14 12:00 15360 c:\windows\system32\dllcache\padrs804.dll
+ 2009-09-09 13:48 . 2008-04-14 12:00 14336 c:\windows\system32\dllcache\padrs412.dll
- 2009-06-30 14:28 . 2008-04-14 12:00 14336 c:\windows\system32\dllcache\padrs412.dll
- 2009-06-30 14:28 . 2008-04-14 12:00 36927 c:\windows\system32\dllcache\padrs411.dll
+ 2009-09-09 13:48 . 2008-04-14 12:00 36927 c:\windows\system32\dllcache\padrs411.dll
- 2009-06-30 14:28 . 2008-04-14 12:00 15872 c:\windows\system32\dllcache\padrs404.dll
+ 2009-06-30 15:02 . 2008-04-13 22:19 15872 c:\windows\system32\dllcache\padrs404.dll
+ 2009-06-30 15:02 . 2008-04-13 12:43 59392 c:\windows\system32\dllcache\imscinst.exe
- 2009-06-30 14:27 . 2008-04-14 12:00 59392 c:\windows\system32\dllcache\imscinst.exe
- 2009-06-30 14:27 . 2008-04-14 12:00 59904 c:\windows\system32\dllcache\imkrinst.exe
+ 2009-09-09 13:48 . 2008-04-14 12:00 59904 c:\windows\system32\dllcache\imkrinst.exe
+ 2009-06-30 15:02 . 2008-04-13 22:18 81976 c:\windows\system32\dllcache\imjpdct.dll
- 2009-06-30 14:27 . 2008-04-14 12:00 81976 c:\windows\system32\dllcache\imjpdct.dll
- 2009-06-30 14:27 . 2008-04-14 12:00 44032 c:\windows\system32\dllcache\imekrmig.exe
+ 2009-09-09 13:48 . 2008-04-14 12:00 44032 c:\windows\system32\dllcache\imekrmig.exe
- 2009-06-30 14:27 . 2008-04-14 12:00 86016 c:\windows\system32\dllcache\imekrmbx.dll
+ 2009-06-30 15:02 . 2008-04-13 22:18 86016 c:\windows\system32\dllcache\imekrmbx.dll
+ 2009-09-09 13:48 . 2008-04-14 12:00 36864 c:\windows\system32\dllcache\hanjadic.dll
- 2009-06-30 14:27 . 2008-04-14 12:00 36864 c:\windows\system32\dllcache\hanjadic.dll
+ 2009-06-30 15:02 . 2008-04-13 12:43 57399 c:\windows\system32\dllcache\cplexe.exe
- 2009-06-30 14:27 . 2008-04-14 12:00 57399 c:\windows\system32\dllcache\cplexe.exe
- 2009-06-30 14:27 . 2008-04-14 12:00 56320 c:\windows\system32\dllcache\chtskdic.dll
+ 2009-06-30 15:02 . 2008-04-13 22:18 56320 c:\windows\system32\dllcache\chtskdic.dll
- 2009-06-30 14:27 . 2008-04-14 12:00 97792 c:\windows\system32\dllcache\chtmbx.dll
+ 2009-06-30 15:02 . 2008-04-13 22:18 97792 c:\windows\system32\dllcache\chtmbx.dll
+ 2009-06-30 15:01 . 2007-04-02 14:26 19456 c:\windows\system32\dllcache\agt0804.dll
- 2009-06-30 14:26 . 2008-04-14 12:00 19456 c:\windows\system32\dllcache\agt0804.dll
+ 2009-06-30 15:00 . 2007-04-02 14:26 19456 c:\windows\system32\dllcache\agt0412.dll
- 2009-06-30 14:26 . 2008-04-14 12:00 19456 c:\windows\system32\dllcache\agt0412.dll
- 2009-06-30 14:26 . 2008-04-14 12:00 19456 c:\windows\system32\dllcache\agt0411.dll
+ 2009-06-30 15:01 . 2007-04-02 14:26 19456 c:\windows\system32\dllcache\agt0411.dll
- 2009-06-30 14:26 . 2008-04-14 12:00 19456 c:\windows\system32\dllcache\agt0404.dll
+ 2009-06-30 15:01 . 2007-04-02 14:26 19456 c:\windows\system32\dllcache\agt0404.dll
+ 2009-06-30 15:01 . 2007-04-02 14:26 19456 c:\windows\msagent\intl\agt0804.dll
+ 2009-06-30 15:00 . 2007-04-02 14:26 19456 c:\windows\msagent\intl\agt0412.dll
+ 2009-06-30 15:01 . 2007-04-02 14:26 19456 c:\windows\msagent\intl\agt0411.dll
+ 2009-06-30 15:01 . 2007-04-02 14:26 19456 c:\windows\msagent\intl\agt0404.dll
+ 2009-08-27 20:33 . 2009-09-09 18:29 23040 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-08-27 20:33 . 2009-09-05 12:47 23040 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-08-27 20:33 . 2009-09-05 12:47 61440 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-08-27 20:33 . 2009-09-09 18:29 61440 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-08-27 20:33 . 2009-09-09 18:29 27136 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-08-27 20:33 . 2009-09-05 12:47 27136 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-08-27 20:33 . 2009-09-05 12:47 11264 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-08-27 20:33 . 2009-09-09 18:29 11264 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-08-27 20:33 . 2009-09-05 12:47 86016 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-08-27 20:33 . 2009-09-09 18:29 86016 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-08-27 20:33 . 2009-09-09 18:29 12288 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-08-27 20:33 . 2009-09-05 12:47 12288 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-06-30 15:02 . 2008-04-13 22:19 15360 c:\windows\ime\shared\res\padrs804.dll
+ 2009-09-09 13:48 . 2008-04-14 12:00 14336 c:\windows\ime\shared\res\padrs412.dll
+ 2009-09-09 13:48 . 2008-04-14 12:00 36927 c:\windows\ime\shared\res\padrs411.dll
+ 2009-06-30 15:02 . 2008-04-13 22:19 15872 c:\windows\ime\shared\res\PADRS404.DLL
+ 2009-09-09 13:48 . 2008-04-14 12:00 59904 c:\windows\ime\imkr6_1\imkrinst.exe
+ 2009-09-09 13:48 . 2008-04-14 12:00 44032 c:\windows\ime\imkr6_1\imekrmig.exe
+ 2009-09-09 13:48 . 2008-04-14 12:00 36864 c:\windows\ime\imkr6_1\dicts\hanjadic.dll
+ 2009-06-30 15:02 . 2008-04-13 22:18 86016 c:\windows\ime\imkr6_1\applets\imekrmbx.dll
+ 2009-09-09 13:47 . 2008-04-14 12:00 45109 c:\windows\ime\imjp8_1\imjpuex.exe
+ 2009-06-30 15:02 . 2008-04-13 22:18 81976 c:\windows\ime\imjp8_1\imjpdct.dll
+ 2009-09-09 13:47 . 2008-04-14 12:00 57398 c:\windows\ime\imjp8_1\imjpdadm.exe
+ 2009-06-30 15:02 . 2008-04-13 12:43 57399 c:\windows\ime\imjp8_1\cplexe.exe
+ 2009-06-30 15:02 . 2008-04-13 22:19 86073 c:\windows\ime\imjp8_1\applets\voicesub.dll
+ 2009-06-30 15:02 . 2008-04-13 22:18 56320 c:\windows\ime\CHTIME\Applets\CHTSKDIC.DLL
+ 2009-06-30 15:02 . 2008-04-13 22:18 97792 c:\windows\ime\CHTIME\Applets\CHTMBX.DLL
+ 2009-06-30 15:02 . 2008-04-13 22:19 53760 c:\windows\ime\chsime\applets\PINTLCSD.DLL
+ 2009-09-09 13:48 . 2008-04-14 12:00 7680 c:\windows\system32\kbdnecNT.dll
+ 2009-09-09 13:48 . 2008-04-14 12:00 9216 c:\windows\system32\kbdnecAT.dll
+ 2009-09-09 13:48 . 2008-04-14 12:00 7168 c:\windows\system32\kbdnec95.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 7168 c:\windows\system32\kbdnec.dll
+ 2008-04-14 12:00 . 2008-04-13 22:18 7168 c:\windows\system32\kbdnec.dll
+ 2009-06-30 15:00 . 2008-04-13 22:18 6144 c:\windows\system32\kbdlk41j.dll
+ 2009-06-30 15:00 . 2008-04-13 22:18 6656 c:\windows\system32\kbdlk41a.dll
+ 2009-06-30 15:00 . 2008-04-13 22:18 7168 c:\windows\system32\kbdibm02.dll
+ 2009-06-30 14:59 . 2008-04-13 22:18 6144 c:\windows\system32\kbdax2.dll
+ 2009-06-30 15:01 . 2008-04-13 22:18 6144 c:\windows\system32\kbd106n.dll
+ 2009-09-09 13:48 . 2008-04-14 12:00 6144 c:\windows\system32\kbd101a.dll
+ 2009-06-30 15:01 . 2008-04-13 22:18 6144 c:\windows\system32\kbd101.dll
+ 2009-06-30 15:01 . 2008-04-13 22:18 7168 c:\windows\system32\f3ahvoas.dll
- 2009-06-30 14:27 . 2008-04-14 12:00 7680 c:\windows\system32\dllcache\kbdnecnt.dll
+ 2009-09-09 13:48 . 2008-04-14 12:00 7680 c:\windows\system32\dllcache\kbdnecnt.dll
- 2009-06-30 14:27 . 2008-04-14 12:00 9216 c:\windows\system32\dllcache\kbdnecat.dll
+ 2009-09-09 13:48 . 2008-04-14 12:00 9216 c:\windows\system32\dllcache\kbdnecat.dll
+ 2009-09-09 13:48 . 2008-04-14 12:00 7168 c:\windows\system32\dllcache\kbdnec95.dll
- 2009-06-30 14:27 . 2008-04-14 12:00 7168 c:\windows\system32\dllcache\kbdnec95.dll
+ 2008-04-14 12:00 . 2008-04-13 22:18 7168 c:\windows\system32\dllcache\kbdnec.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 7168 c:\windows\system32\dllcache\kbdnec.dll
+ 2009-06-30 15:00 . 2008-04-13 22:18 6144 c:\windows\system32\dllcache\kbdlk41j.dll
- 2009-06-30 14:27 . 2008-04-14 12:00 6144 c:\windows\system32\dllcache\kbdlk41j.dll
+ 2009-06-30 15:00 . 2008-04-13 22:18 6656 c:\windows\system32\dllcache\kbdlk41a.dll
- 2009-06-30 14:27 . 2008-04-14 12:00 6656 c:\windows\system32\dllcache\kbdlk41a.dll
- 2009-06-30 14:27 . 2008-04-14 12:00 7168 c:\windows\system32\dllcache\kbdibm02.dll
+ 2009-06-30 15:00 . 2008-04-13 22:18 7168 c:\windows\system32\dllcache\kbdibm02.dll
- 2009-06-30 14:27 . 2008-04-14 12:00 6144 c:\windows\system32\dllcache\kbdax2.dll
+ 2009-06-30 14:59 . 2008-04-13 22:18 6144 c:\windows\system32\dllcache\kbdax2.dll
- 2009-06-30 14:27 . 2008-04-14 12:00 6144 c:\windows\system32\dllcache\kbd106n.dll
+ 2009-06-30 15:01 . 2008-04-13 22:18 6144 c:\windows\system32\dllcache\kbd106n.dll
- 2009-06-30 14:27 . 2008-04-14 12:00 6144 c:\windows\system32\dllcache\kbd101a.dll
+ 2009-09-09 13:48 . 2008-04-14 12:00 6144 c:\windows\system32\dllcache\kbd101a.dll
+ 2009-06-30 15:01 . 2008-04-13 22:18 6144 c:\windows\system32\dllcache\kbd101.dll
- 2009-06-30 14:27 . 2008-04-14 12:00 6144 c:\windows\system32\dllcache\kbd101.dll
+ 2009-06-30 15:01 . 2008-04-13 22:18 7168 c:\windows\system32\dllcache\f3ahvoas.dll
- 2009-06-30 14:27 . 2008-04-14 12:00 7168 c:\windows\system32\dllcache\f3ahvoas.dll
- 2009-08-27 20:33 . 2009-09-05 12:47 4096 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-08-27 20:33 . 2009-09-09 18:29 4096 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-04-14 12:00 . 2009-06-22 06:48 726528 c:\windows\system32\jscript.dll
- 2008-04-14 12:00 . 2009-03-08 07:33 726528 c:\windows\system32\jscript.dll
+ 2009-06-30 15:02 . 2008-04-13 22:18 811064 c:\windows\system32\imjp81k.dll
+ 2009-06-30 15:02 . 2008-04-13 12:43 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
+ 2009-06-30 15:02 . 2008-04-13 12:43 480256 c:\windows\system32\IME\CINTLGNT\CINTSETP.EXE
+ 2009-06-30 15:02 . 2008-04-13 22:18 198656 c:\windows\system32\IME\CINTLGNT\CINTIME.DLL
+ 2009-06-30 11:12 . 2009-09-10 12:59 200144 c:\windows\system32\FNTCACHE.DAT
- 2009-06-30 14:28 . 2008-04-14 12:00 426041 c:\windows\system32\dllcache\voicepad.dll
+ 2009-06-30 15:02 . 2008-04-13 22:19 426041 c:\windows\system32\dllcache\voicepad.dll
+ 2009-06-30 14:22 . 2009-06-21 21:48 153088 c:\windows\system32\dllcache\triedit.dll
- 2009-06-30 14:22 . 2008-04-14 12:00 153088 c:\windows\system32\dllcache\triedit.dll
+ 2009-06-30 15:02 . 2008-04-13 12:43 455168 c:\windows\system32\dllcache\tintsetp.exe
- 2009-06-30 14:28 . 2008-04-14 12:00 455168 c:\windows\system32\dllcache\tintsetp.exe
- 2009-06-30 14:28 . 2008-04-14 12:00 143422 c:\windows\system32\dllcache\softkey.dll
+ 2009-09-09 13:48 . 2008-04-14 12:00 143422 c:\windows\system32\dllcache\softkey.dll
- 2009-06-30 14:28 . 2008-04-14 12:00 175104 c:\windows\system32\dllcache\pintlcsa.dll
+ 2009-06-30 15:02 . 2008-04-13 22:19 175104 c:\windows\system32\dllcache\pintlcsa.dll
- 2009-06-30 14:28 . 2008-04-14 12:00 229439 c:\windows\system32\dllcache\multibox.dll
+ 2009-09-09 13:48 . 2008-04-14 12:00 229439 c:\windows\system32\dllcache\multibox.dll
- 2008-04-14 12:00 . 2009-03-08 07:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2008-04-14 12:00 . 2009-06-22 06:48 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-06-30 15:02 . 2008-04-13 22:18 315455 c:\windows\system32\dllcache\imskf.dll
- 2009-06-30 14:27 . 2008-04-14 12:00 315455 c:\windows\system32\dllcache\imskf.dll
+ 2009-09-09 13:48 . 2008-04-14 12:00 471102 c:\windows\system32\dllcache\imskdic.dll
- 2009-06-30 14:27 . 2008-04-14 12:00 471102 c:\windows\system32\dllcache\imskdic.dll
- 2009-06-30 14:27 . 2008-04-14 12:00 102456 c:\windows\system32\dllcache\imlang.dll
+ 2009-06-30 15:02 . 2008-04-13 22:18 102456 c:\windows\system32\dllcache\imlang.dll
- 2009-06-30 14:27 . 2008-04-14 12:00 274489 c:\windows\system32\dllcache\imjputyc.dll
+ 2009-06-30 15:02 . 2008-04-13 22:18 274489 c:\windows\system32\dllcache\imjputyc.dll
- 2009-06-30 14:27 . 2008-04-14 12:00 262200 c:\windows\system32\dllcache\imjputy.exe
+ 2009-06-30 15:02 . 2008-04-13 12:44 262200 c:\windows\system32\dllcache\imjputy.exe
+ 2009-06-30 15:02 . 2008-04-13 12:44 233527 c:\windows\system32\dllcache\imjprw.exe
- 2009-06-30 14:27 . 2008-04-14 12:00 233527 c:\windows\system32\dllcache\imjprw.exe
+ 2009-06-30 15:02 . 2008-04-13 12:43 208952 c:\windows\system32\dllcache\imjpmig.exe
- 2009-06-30 14:27 . 2008-04-14 12:00 208952 c:\windows\system32\dllcache\imjpmig.exe
- 2009-06-30 14:27 . 2008-04-14 12:00 196665 c:\windows\system32\dllcache\imjpinst.exe
+ 2009-06-30 15:02 . 2008-04-13 12:43 196665 c:\windows\system32\dllcache\imjpinst.exe
+ 2009-06-30 15:02 . 2008-04-13 12:43 155705 c:\windows\system32\dllcache\imjpdsvr.exe
- 2009-06-30 14:27 . 2008-04-14 12:00 155705 c:\windows\system32\dllcache\imjpdsvr.exe
+ 2009-06-30 15:02 . 2008-04-13 12:43 307257 c:\windows\system32\dllcache\imjpdct.exe
- 2009-06-30 14:27 . 2008-04-14 12:00 307257 c:\windows\system32\dllcache\imjpdct.exe
- 2009-06-30 14:27 . 2008-04-14 12:00 716856 c:\windows\system32\dllcache\imjpcus.dll
+ 2009-06-30 15:02 . 2008-04-13 22:18 716856 c:\windows\system32\dllcache\imjpcus.dll
+ 2009-06-30 15:02 . 2008-04-13 22:18 368696 c:\windows\system32\dllcache\imjpcic.dll
- 2009-06-30 14:27 . 2008-04-14 12:00 368696 c:\windows\system32\dllcache\imjpcic.dll
- 2009-06-30 14:27 . 2008-04-14 12:00 811064 c:\windows\system32\dllcache\imjp81k.dll
+ 2009-06-30 15:02 . 2008-04-13 22:18 811064 c:\windows\system32\dllcache\imjp81k.dll
- 2009-06-30 14:27 . 2008-04-14 12:00 311359 c:\windows\system32\dllcache\imepadsv.exe
+ 2009-09-09 13:48 . 2008-04-14 12:00 311359 c:\windows\system32\dllcache\imepadsv.exe
- 2009-06-30 14:27 . 2008-04-14 12:00 102463 c:\windows\system32\dllcache\imepadsm.dll
+ 2009-09-09 13:48 . 2008-04-14 12:00 102463 c:\windows\system32\dllcache\imepadsm.dll
- 2009-06-30 14:27 . 2008-04-14 12:00 106496 c:\windows\system32\dllcache\imekrcic.dll
+ 2009-06-30 15:02 . 2008-04-13 22:18 106496 c:\windows\system32\dllcache\imekrcic.dll
+ 2009-06-30 15:02 . 2008-04-13 12:43 480256 c:\windows\system32\dllcache\cintsetp.exe
- 2009-06-30 14:27 . 2008-04-14 12:00 480256 c:\windows\system32\dllcache\cintsetp.exe
- 2009-06-30 14:27 . 2008-04-14 12:00 198656 c:\windows\system32\dllcache\cintime.dll
+ 2009-06-30 15:02 . 2008-04-13 22:18 198656 c:\windows\system32\dllcache\cintime.dll
- 2009-06-30 14:27 . 2008-04-14 12:00 173568 c:\windows\system32\dllcache\chtskf.dll
+ 2009-06-30 15:02 . 2008-04-13 22:18 173568 c:\windows\system32\dllcache\chtskf.dll
- 2009-06-30 14:27 . 2008-04-14 12:00 218112 c:\windows\system32\dllcache\c_g18030.dll
+ 2009-06-30 15:00 . 2008-04-13 22:20 218112 c:\windows\system32\dllcache\c_g18030.dll
+ 2009-06-30 15:00 . 2008-04-13 22:20 218112 c:\windows\system32\c_g18030.dll
- 2009-08-27 20:33 . 2009-09-05 12:47 409600 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-08-27 20:33 . 2009-09-09 18:29 409600 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-08-27 20:33 . 2009-09-05 12:47 286720 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-08-27 20:33 . 2009-09-09 18:29 286720 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-08-27 20:33 . 2009-09-09 18:29 249856 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-08-27 20:33 . 2009-09-05 12:47 249856 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-08-27 20:33 . 2009-09-05 12:47 794624 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-08-27 20:33 . 2009-09-09 18:29 794624 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-08-27 20:33 . 2009-09-09 18:29 135168 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-08-27 20:33 . 2009-09-05 12:47 135168 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-08-27 20:33 . 2009-09-09 18:29 593920 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2009-08-27 20:33 . 2009-09-05 12:47 593920 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-06-30 15:02 . 2008-04-13 22:18 102456 c:\windows\ime\shared\imlang.dll
+ 2009-09-09 13:48 . 2008-04-14 12:00 311359 c:\windows\ime\shared\imepadsv.exe
+ 2009-09-09 13:48 . 2008-04-14 12:00 102463 c:\windows\ime\shared\imepadsm.dll
+ 2009-06-30 15:02 . 2008-04-13 22:18 106496 c:\windows\ime\imkr6_1\imekrcic.dll
+ 2009-06-30 15:02 . 2008-04-13 22:18 274489 c:\windows\ime\imjp8_1\imjputyc.dll
+ 2009-06-30 15:02 . 2008-04-13 12:44 262200 c:\windows\ime\imjp8_1\imjputy.exe
+ 2009-06-30 15:02 . 2008-04-13 12:44 233527 c:\windows\ime\imjp8_1\imjprw.exe
+ 2009-06-30 15:02 . 2008-04-13 12:43 208952 c:\windows\ime\imjp8_1\imjpmig.exe
+ 2009-06-30 15:02 . 2008-04-13 12:43 196665 c:\windows\ime\imjp8_1\imjpinst.exe
+ 2009-06-30 15:02 . 2008-04-13 12:43 155705 c:\windows\ime\imjp8_1\imjpdsvr.exe
+ 2009-06-30 15:02 . 2008-04-13 12:43 307257 c:\windows\ime\imjp8_1\imjpdct.exe
+ 2009-06-30 15:02 . 2008-04-13 22:18 716856 c:\windows\ime\imjp8_1\imjpcus.dll
+ 2009-06-30 15:02 . 2008-04-13 22:18 368696 c:\windows\ime\imjp8_1\imjpcic.dll
+ 2009-06-30 15:02 . 2008-04-13 22:19 426041 c:\windows\ime\imjp8_1\applets\voicepad.dll
+ 2009-09-09 13:48 . 2008-04-14 12:00 143422 c:\windows\ime\imjp8_1\applets\softkey.dll
+ 2009-09-09 13:48 . 2008-04-14 12:00 229439 c:\windows\ime\imjp8_1\applets\multibox.dll
+ 2009-06-30 15:02 . 2008-04-13 22:18 315455 c:\windows\ime\imjp8_1\applets\imskf.dll
+ 2009-09-09 13:48 . 2008-04-14 12:00 471102 c:\windows\ime\imjp8_1\applets\imskdic.dll
+ 2009-06-30 15:02 . 2008-04-13 22:18 173568 c:\windows\ime\CHTIME\Applets\CHTSKF.DLL
+ 2009-06-30 15:02 . 2008-04-13 22:19 175104 c:\windows\ime\chsime\applets\PINTLCSA.DLL
+ 2009-09-09 18:28 . 2008-07-08 12:58 395128 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2009-09-09 18:28 . 2008-07-08 12:58 233336 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2009-09-09 18:28 . 2009-03-08 07:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2008-04-14 12:00 . 2009-05-26 19:53 2174976 c:\windows\system32\WMVCore.dll
- 2008-04-14 12:00 . 2008-11-07 19:45 2174976 c:\windows\system32\WMVCore.dll
+ 2008-04-14 12:00 . 2009-05-26 19:53 2174976 c:\windows\system32\dllcache\WMVCore.dll
- 2008-04-14 12:00 . 2008-11-07 19:45 2174976 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-08-25 17:57 . 2009-08-25 17:57 5518336 c:\windows\Installer\159142a.msp
+ 2009-06-30 15:30 . 2009-08-28 21:38 24689600 c:\windows\system32\MRT.exe
+ 2009-09-09 13:48 . 2008-04-14 12:00 10129408 c:\windows\system32\dllcache\hwxkor.dll
- 2009-06-30 14:27 . 2008-04-14 12:00 10129408 c:\windows\system32\dllcache\hwxkor.dll
+ 2009-06-30 15:02 . 2008-04-13 22:18 13463552 c:\windows\system32\dllcache\hwxjpn.dll
- 2009-06-30 14:27 . 2008-04-14 12:00 13463552 c:\windows\system32\dllcache\hwxjpn.dll
+ 2009-09-09 13:48 . 2008-04-14 12:00 10096640 c:\windows\system32\dllcache\hwxcht.dll
- 2009-06-30 14:27 . 2008-04-14 12:00 10096640 c:\windows\system32\dllcache\hwxcht.dll
+ 2009-09-09 13:48 . 2008-04-14 12:00 10129408 c:\windows\ime\imkr6_1\applets\hwxkor.dll
+ 2009-06-30 15:02 . 2008-04-13 22:18 13463552 c:\windows\ime\imjp8_1\applets\hwxjpn.dll
+ 2009-09-09 13:48 . 2008-04-14 12:00 10096640 c:\windows\ime\CHTIME\Applets\HWXCHT.DLL
.
-- Snapshot resetado para data atual --
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"desp2k"="c:\arquivos de programas\Oi Velox\Manager\desp2k.exe" [2006-08-03 65536]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Philips SA30XX Device Manager.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Philips SA30XX Device Manager.lnk
backup=c:\windows\pss\Philips SA30XX Device Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\WINDOWS\\system32\\NeroCheck.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [30/06/2009 11:49 108289]
R2 cmpe;Context Manager Process Extension;c:\windows\system32\cmpe.exe [26/02/2007 10:11 61440]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [10/06/2002 00:09 31232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.ceara.gov.br/
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-09-14 09:35
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]
"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(2600)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-09-14 9:41 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-09-14 12:41
ComboFix2.txt 2009-09-09 12:20
ComboFix3.txt 2009-09-03 12:17
ComboFix4.txt 2009-09-03 11:45
ComboFix5.txt 2009-09-14 12:27

Pré-execução: 8 pasta(s) 40.357.416.960 bytes disponíveis
Pós execução: 9 pasta(s) 40.502.431.744 bytes disponíveis

419 --- E O F --- 2009-09-09 18:30


HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:43:12, on 14/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\cmpe.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ceara.gov.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\WINDOWS\system32\gbiehcef.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1246401445375
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{296EF59E-B6E5-41FB-95E7-7542B2586E78}: NameServer = 200.165.132.155 200.149.55.140
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

--
End of file - 5159 bytes

Mas agora ta tudo bem ou falta alguma coisa?
 
Olá Mr Wolf,
Estou com uma máquina infectada com várias categorias de vírus. Vou postar os logs do malwarebytes e do combofix, bem como um último log do hiajckthis
Abraçs.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:12, on 14/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\VIA Technologies, INC\Audio Deck\ADeck.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\internet explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIA Technologies, INC\Audio Deck\ADeck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\j2re1.4.1\bin\npjpi141.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\j2re1.4.1\bin\npjpi141.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{D215198E-5078-4242-8CC3-AE8B64724549}: NameServer = 200.165.132.155,200.149.55.140
O20 - Winlogon Notify: aGBPluginAdm - C:\WINDOWS\SYSTEM32\asteca.dll
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll (file missing)
O23 - Service: Serviço de transferência inteligente de plano de fundo (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Atualizações Automáticas (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 3778 bytes

ComboFix 09-09-13.05 - Dr Carlos Renato 14/09/2009 12:25.1.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1015.841 [GMT -3:00]
Executando de: c:\documents and settings\Dr Carlos Renato\Desktop\ComboFix.exe

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!
.
ADS - drivers: deleted 262 bytes in 2 streams.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-1127673606
C:\MessengerPlus
c:\messengerplus\adalia_teixeira@hotmail.com1.log
c:\messengerplus\adelaide-dea@hotmail.com1.log
c:\messengerplus\aderbalbezerra@hotmail.com1.log
c:\messengerplus\adonesvip@hotmail.com1.log
c:\messengerplus\adri-viera@hotmail.com1.log
c:\messengerplus\adriana_ttt@hotmail.com1.log
c:\messengerplus\adriano-viana@hotmail.com1.log
c:\messengerplus\adriioliveira@hotmail.com1.log
c:\messengerplus\agleilson_987@hotmail.com1.log
c:\messengerplus\airtonjunior_1@hotmail.com1.log
c:\messengerplus\alanroger22@hotmail.com1.log
c:\messengerplus\alencar1234@hotmail.com1.log
c:\messengerplus\amanda.alice@hotmail.com1.log
c:\messengerplus\amandha_ingridy@hotmail.com1.log
c:\messengerplus\amandinha_pilantrinha@hotmail.com1.log
c:\messengerplus\amauryjunior88@hotmail.com1.log
c:\messengerplus\amilo20@hotmail.com1.log
c:\messengerplus\amtj_junior1@hotmail.com1.log
c:\messengerplus\ana_klaudia_9@hotmail.com1.log
c:\messengerplus\ana_paulalr@hotmail.com1.log
c:\messengerplus\anajuliavianna@hotmail.com1.log
c:\messengerplus\analyceamaia@hotmail.com1.log
c:\messengerplus\anamarinaoliveira@hotmail.com1.log
c:\messengerplus\andre_dvd.com@hotmail.com1.log
c:\messengerplus\andre_edfis@hotmail.com1.log
c:\messengerplus\andrebarreira22@hotmail.com1.log
c:\messengerplus\angela_neurimar@hotmail.com1.log
c:\messengerplus\angelapatily@hotmail.com1.log
c:\messengerplus\angelicastelo@hotmail.com1.log
c:\messengerplus\anne_dalynne84@hotmail.com1.log
c:\messengerplus\antonio_dedeus@hotmail.com1.log
c:\messengerplus\anusiapp@hotmail.com1.log
c:\messengerplus\aridenio@hotmail.com1.log
c:\messengerplus\aridianarabelo@hotmail.com1.log
c:\messengerplus\assisdantas52@hotmail.com1.log
c:\messengerplus\atila_medeiros@hotmail.com1.log
c:\messengerplus\ativa_academia@hotmail.com1.log
c:\messengerplus\audapcrazzy@hotmail.com1.log
c:\messengerplus\b1n_l4d3n@hotmail.com1.log
c:\messengerplus\badaladinha@hotmail.com1.log
c:\messengerplus\bairroantoniobezerra.com2@hotmail.com1.log
c:\messengerplus\barattace@hotmail.com1.log
c:\messengerplus\belinha_sombra@hotmail.com1.log
c:\messengerplus\bequinha_tuf@hotmail.com1.log
c:\messengerplus\bjodoce18@hotmail.com1.log
c:\messengerplus\brow_nascimento@hotmail.com1.log
c:\messengerplus\brunabraga-odontologia@hotmail.com1.log
c:\messengerplus\brunarakelef@hotmail.com1.log
c:\messengerplus\bruno_serejo11@hotmail.com1.log
c:\messengerplus\bruno20gaiato@hotmail.com1.log
c:\messengerplus\calema9791@hotmail.com1.log
c:\messengerplus\camila_guerra51@hotmail.com1.log
c:\messengerplus\camila_lavor@hotmail.com1.log
c:\messengerplus\carente_3@hotmail.com1.log
c:\messengerplus\carioca_ailton@hotmail.com1.log
c:\messengerplus\carloshenrique175@hotmail.com1.log
c:\messengerplus\caroldias_@hotmail.com1.log
c:\messengerplus\carolinepleite@yahoo.com.br1.log
c:\messengerplus\carolzinhamendes3@hotmail.com1.log
c:\messengerplus\cecilinha_@hotmail.com1.log
c:\messengerplus\cesarpaulasofia@hotmail.com1.log
c:\messengerplus\chatdosbirutas@hotmail.com1.log
c:\messengerplus\chirleymara@hotmail.com1.log
c:\messengerplus\claudiany_cavalcante@hotmail.com1.log
c:\messengerplus\claytonsbrito@hotmail.com1.log
c:\messengerplus\cleidinha_032006@hotmail.com1.log
c:\messengerplus\cleofeitosa@hotmail.com1.log
c:\messengerplus\cleunylima@hotmail.com1.log
c:\messengerplus\clinicasaopedro@hotmail.com1.log
c:\messengerplus\clinicasaopedroqxda@hotmail.com1.log
c:\messengerplus\comp_fortal@hotmail.com1.log
c:\messengerplus\contramestremadona@hotmail.com1.log
c:\messengerplus\creusafla@hotmail.com1.log
c:\messengerplus\cris.alecar@gmail.com.br1.log
c:\messengerplus\cris_tianasampaio@hotmail.com1.log
c:\messengerplus\crislimasoares@hotmail.com1.log
c:\messengerplus\cristiano.gil@hotmail.com1.log
c:\messengerplus\cristianofeijao@hotmail.com1.log
c:\messengerplus\cristyna_sousa@hotmail.com1.log
c:\messengerplus\crizomarbezerra@hotmail.com1.log
c:\messengerplus\daniel_bmarley@hotmail.com1.log
c:\messengerplus\daniela-barreira@hotmail.com1.log
c:\messengerplus\danielasb14@hotmail.com1.log
c:\messengerplus\danilove9@hotmail.com1.log
c:\messengerplus\darlene_fm@hotmail.com1.log
c:\messengerplus\davi_bomba@hotmail.com1.log
c:\messengerplus\daviobarbosa@hotmail.com1.log
c:\messengerplus\dayanecindy@hotmail.com1.log
c:\messengerplus\daysekerlla@hotmail.com1.log
c:\messengerplus\delgadorenata@hotmail.com1.log
c:\messengerplus\delmira-barreira@hotmail.com1.log
c:\messengerplus\denhinha@hotmail.com1.log
c:\messengerplus\deninhar@hotmail.com1.log
c:\messengerplus\deniseksc@hotmail.com1.log
c:\messengerplus\diguimsouza@hotmail.com1.log
c:\messengerplus\disraele@hotmail.com1.log
c:\messengerplus\dr.jorgianobarbosa@hotmail.com1.log
c:\messengerplus\dra_andreiamendes@hotmail.com1.log
c:\messengerplus\drifloripa2006@hotmail.com1.log
c:\messengerplus\drpedroadriano@hotmail.com1.log
c:\messengerplus\dudurastafari_4@hotmail.com1.log
c:\messengerplus\dulcigehringk@hotmail.com1.log
c:\messengerplus\e.elainegnatus@hotmail.com1.log
c:\messengerplus\eco-ceara@hotmail.com1.log
c:\messengerplus\ederbenetton@hotmail.com1.log
c:\messengerplus\edilson_work@hotmail.com1.log
c:\messengerplus\edinete_farias@hotmail.com1.log
c:\messengerplus\edir-xavier@hotmail.com1.log
c:\messengerplus\edmiila@hotmail.com1.log
c:\messengerplus\edneuma_mendes@hotmail.com1.log
c:\messengerplus\eduenfermeiro@hotmail.com1.log
c:\messengerplus\edukosta2@hotmail.com1.log
c:\messengerplus\edvar.higgs@hotmail.com1.log
c:\messengerplus\elaineodebrecht@hotmail.com1.log
c:\messengerplus\eleinegal@hotmail.com1.log
c:\messengerplus\elibs17@hotmail.com1.log
c:\messengerplus\elodia.holanda@hotmail.com1.log
c:\messengerplus\emanuele_viana@hotmail.com1.log
c:\messengerplus\emanuelesous@hotmail.com1.log
c:\messengerplus\emanuellemoreno@hotmail.com1.log
c:\messengerplus\emanuellered@hotmail.com1.log
c:\messengerplus\eodebrecht@msn.com1.log
c:\messengerplus\erico.m.adm@hotmail.com1.log
c:\messengerplus\ericulino@hotmail.com1.log
c:\messengerplus\erreni@hotmail.com1.log
c:\messengerplus\eryka.almeida@hotmail.com1.log
c:\messengerplus\escolhepoisavida@hotmail.com1.log
c:\messengerplus\estevamoura@hotmail.com1.log
c:\messengerplus\everttonragazzo@hotmail.com1.log
c:\messengerplus\ewertontete@hotmail.com1.log
c:\messengerplus\expediente@uniodonto-ce.com.br.auditoria1.log
c:\messengerplus\extremeboygatinhu@hotmail.com1.log
c:\messengerplus\fcoalvesduarte@hotmail.com1.log
c:\messengerplus\fechinefisio@hotmail.com1.log
c:\messengerplus\fellipehugomp@hotmail.com1.log
c:\messengerplus\fellipevania@hotmail.com1.log
c:\messengerplus\fernanda.543@hotmail.com1.log
c:\messengerplus\fernanda_rodrrigues@hotmail.com1.log
c:\messengerplus\fernandesvaldirene@hotmail.com1.log
c:\messengerplus\ferrreira_fea@hotmail.com1.log
c:\messengerplus\fiadsl@hotmail.com1.log
c:\messengerplus\francardoso123@hotmail.com1.log
c:\messengerplus\franklimsolano@hotmail.com1.log
c:\messengerplus\freudo88@hotmail.com1.log
c:\messengerplus\fudencyo@hotmail.com1.log
c:\messengerplus\fussura@hotmail.com1.log
c:\messengerplus\garota_quete@hotmail.com1.log
c:\messengerplus\gatinho100dona_@hotmail.com1.log
c:\messengerplus\genilsontamega@hotmail.com1.log
c:\messengerplus\geovanne16@hotmail.com1.log
c:\messengerplus\giovanemiranda@hotmail.com1.log
c:\messengerplus\girleidefreitas@hotmail.com1.log
c:\messengerplus\glaubia_b@hotmail.com1.log
c:\messengerplus\gleidsonv@hotmail.com1.log
c:\messengerplus\gleidynho@hotmail.com1.log
c:\messengerplus\glorinhamarilia@hotmail.com1.log
c:\messengerplus\gmartins18@hotmail.com1.log
c:\messengerplus\graca_26_amor@hotmail.com1.log
c:\messengerplus\guitarramentalize@hotmail.com1.log
c:\messengerplus\hanna_roque7@hotmail.com1.log
c:\messengerplus\harunorodrigo@hotmail.com1.log
c:\messengerplus\hellokittypaula@hotmail.com1.log
c:\messengerplus\henarace12@hotmail.com1.log
c:\messengerplus\henrique_at13@hotmail.com1.log
c:\messengerplus\henriqui-thebest@hotmail.com1.log
c:\messengerplus\herlaniafreire15@hotmail.com1.log
c:\messengerplus\hosaias_vieira@hotmail.com1.log
c:\messengerplus\hyazinha.lima@hotmail.com1.log
c:\messengerplus\hynglinha@hotmail.com1.log
c:\messengerplus\ingridmbaratta@hotmail.com1.log
c:\messengerplus\ismeniapoderosa@hotmail.com1.log
c:\messengerplus\itacysmoura@hotmail.com1.log
c:\messengerplus\itaedi@hotmail.com1.log
c:\messengerplus\italo_gols@hotmail.com1.log
c:\messengerplus\ivaneidefoliveira@hotmail.com1.log
c:\messengerplus\j-ana-hta@hotmail.com1.log
c:\messengerplus\j.caju@hotmail.com1.log
c:\messengerplus\jacksoncostalima@hotmail.com1.log
c:\messengerplus\jackvibracaopositiva@hotmail.com1.log
c:\messengerplus\jahsayes@hotmail.com1.log
c:\messengerplus\janainaamanda6@hotmail.com1.log
c:\messengerplus\jandybr@hotmail.com1.log
c:\messengerplus\janecbo@hotmail.com1.log
c:\messengerplus\janeth_marystar@hotmail.com1.log
c:\messengerplus\janicelucena@hotmail.com1.log
c:\messengerplus\janss100@hotmail.com1.log
c:\messengerplus\jbosco2008@hotmail.com1.log
c:\messengerplus\jcarvalho49@hotmail.com1.log
c:\messengerplus\jclaudio11@hotmail.com1.log
c:\messengerplus\jessica2007santiago@hotmail.com1.log
c:\messengerplus\jhonzinho_ce@hotmail.com1.log
c:\messengerplus\jhosepinheiro@hotmail.com1.log
c:\messengerplus\joana-amanda@hotmail.com1.log
c:\messengerplus\joaobvneto@yahoo.com.br1.log
c:\messengerplus\joaozinho_prosurf@hotmail.com1.log
c:\messengerplus\johnlennon.flamor@hotmail.com1.log
c:\messengerplus\jonypinto@hotmail.com1.log
c:\messengerplus\jordanadarlly@hotmail.com1.log
c:\messengerplus\jordannadarlly@hotmail.com1.log
c:\messengerplus\jornalistace_25@hotmail.com1.log
c:\messengerplus\jose104349@hotmail.com1.log
c:\messengerplus\josebezerra200@hotmail.com1.log
c:\messengerplus\joseilacs@hotmail.com1.log
c:\messengerplus\jriccbr@hotmail.com1.log
c:\messengerplus\julianegaby@hotmail.com1.log
c:\messengerplus\julio_cs_costa@hotmail.com1.log
c:\messengerplus\jully_gsilva@hotmail.com1.log
c:\messengerplus\july-pop@hotmail.com1.log
c:\messengerplus\july_gsilva@hotmail.com1.log
c:\messengerplus\julyslater@hotmail.com1.log
c:\messengerplus\juniorabaju@hotmail.com1.log
c:\messengerplus\juniorlife@gmail.com1.log
c:\messengerplus\juniornobregace@hotmail.com1.log
c:\messengerplus\juzinha_pm@msn.com1.log
c:\messengerplus\k-elinha@hotmail.com1.log
c:\messengerplus\karinealves_27@hotmail.com1.log
c:\messengerplus\karinyzerada@hotmail.com1.log
c:\messengerplus\karlacilene@hotmail.com1.log
c:\messengerplus\karolzinha_sapeka@hotmail.com1.log
c:\messengerplus\katiagarrido@hotmail.com1.log
c:\messengerplus\katya_18@hotmail.com1.log
c:\messengerplus\kelaneleite@hotmail.com1.log
c:\messengerplus\key-oliveira@hotmail.com1.log
c:\messengerplus\kika467@hotmail.com1.log
c:\messengerplus\kildarylouchard@hotmail.com1.log
c:\messengerplus\kinha_55@hotmail.com1.log
c:\messengerplus\kininim_@hotmail.com1.log
c:\messengerplus\klerky@hotmail.com1.log
c:\messengerplus\lahzinhapereira@hotmail.com1.log
c:\messengerplus\laineodebrecht@hotmail.com1.log
c:\messengerplus\lalah_kitty@hotmail.com1.log
c:\messengerplus\larissa_lima_rbd@hotmail.com1.log
c:\messengerplus\larissinha.fv@hotmail.com1.log
c:\messengerplus\larissinha_fisio@hotmail.com1.log
c:\messengerplus\lazarusmetal@hotmail.com1.log
c:\messengerplus\lcarlosdh@hotmail.com1.log
c:\messengerplus\lcdias_89@hotmail.com1.log
c:\messengerplus\leilianelala@hotmail.com1.log
c:\messengerplus\lenaslima2006@hotmail.com1.log
c:\messengerplus\lene_hiury@exemplo.com.br1.log
c:\messengerplus\leudifeitosa@hotmail.com1.log
c:\messengerplus\lex_keller_senna@hotmail.com1.log
c:\messengerplus\lianycosta@hotmail.com1.log
c:\messengerplus\lidiagaleno@hotmail.com1.log
c:\messengerplus\lidiamaia1@hotmail.com1.log
c:\messengerplus\lidinhapeixoto@hotmail.com1.log
c:\messengerplus\ligiagomes1984@hotmail.com1.log
c:\messengerplus\lilianemoura84@hotmail.com1.log
c:\messengerplus\linoef@hotmail.com1.log
c:\messengerplus\lluciana.olliveira@hotmail.com1.log
c:\messengerplus\lokinha_smile@hotmail.com1.log
c:\messengerplus\lorakreggae@hotmail.com1.log
c:\messengerplus\lorenacanuton@yahoo.com.br1.log
c:\messengerplus\lu.celia.gomes@hotmail.com1.log
c:\messengerplus\luanaalisboa@hotmail.com1.log
c:\messengerplus\luananascimento_99@hotmail.com1.log
c:\messengerplus\lucas_boleiro10@hotmail.com1.log
c:\messengerplus\lucelhinha-gomes@hotmail.com1.log
c:\messengerplus\ludyazevedo@hotmail.com1.log
c:\messengerplus\luis2004_34@hotmail.com1.log
c:\messengerplus\luisednardo@hotmail.com1.log
c:\messengerplus\luisedu@hotmail.com1.log
c:\messengerplus\luisedu_@hotmail.com1.log
c:\messengerplus\luiz_du@hotmail.com1.log
c:\messengerplus\luizgustavo1234@hotmail.com1.log
c:\messengerplus\lydianne_lima@hotmail.com1.log
c:\messengerplus\lysiane_lyly@hotmail.com1.log
c:\messengerplus\macarranzinho@hotmail.com1.log
c:\messengerplus\maiksonalves@hotmail.com1.log
c:\messengerplus\maizaneta@hotmail.com1.log
c:\messengerplus\malcon7_@hotmail.com1.log
c:\messengerplus\mamullengo@hotmail.com1.log
c:\messengerplus\marcel_gurgel@hotmail.com1.log
c:\messengerplus\marcelabailarina@hotmail.com1.log
c:\messengerplus\marcelloozeus@hotmail.com1.log
c:\messengerplus\marcellosurf31@hotmail.com1.log
c:\messengerplus\marcelochicletero@hotmail.com1.log
c:\messengerplus\marciamaia56@hotmail.com1.log
c:\messengerplus\marciareginaaguiar@hotmail.com1.log
c:\messengerplus\marciomartinshandler@hotmail.com1.log
c:\messengerplus\marcos_kim21@hotmail.com1.log
c:\messengerplus\marcusjose@email.com1.log
c:\messengerplus\marcusjose@hotmail.com1.log
c:\messengerplus\mariaduina@hotmail.com1.log
c:\messengerplus\marilusmoura@hotmail.com1.log
c:\messengerplus\marisejoga@hotmail.com1.log
c:\messengerplus\marjorie_martinez@hotmail.com1.log
c:\messengerplus\martinson_lima@hotmail.com1.log
c:\messengerplus\marvindelapaz@hotmail.com1.log
c:\messengerplus\maumau_tdb_das_gatas@hotmail.com1.log
c:\messengerplus\mc_fafa@hotmail.com1.log
c:\messengerplus\mcjrbacana@hotmail.com1.log
c:\messengerplus\mcsluana@hotmail.com1.log
c:\messengerplus\meddonto@hotmail.com1.log
c:\messengerplus\melina.cf@hotmail.com1.log
c:\messengerplus\melky_cobain@hotmail.com1.log
c:\messengerplus\mgroup49213@hotmail.com1.log
c:\messengerplus\michaelgomes.castro@hotmail.com1.log
c:\messengerplus\mila_lb@msn.com1.log
c:\messengerplus\mime_abreu@hotmail.com1.log
c:\messengerplus\mjoseila@hotmail.com1.log
c:\messengerplus\monalisa_sales@hotmail.com1.log
c:\messengerplus\monaliza.sa@hotmail.com1.log
c:\messengerplus\monicaagfisio@hotmail.com1.log
c:\messengerplus\montaceara@hotmail.com1.log
c:\messengerplus\mrswhitecat@hotmail.com1.log
c:\messengerplus\mucuripefortaleza@hotmail.com1.log
c:\messengerplus\mukifomusical@hotmail.com1.log
c:\messengerplus\mul3k1@hotmail.com1.log
c:\messengerplus\mwanjos@hotmail.com1.log
c:\messengerplus\myllasafadona@hotmail.com1.log
c:\messengerplus\nadsonjamaica@hotmail.com1.log
c:\messengerplus\nana-caroline@hotmail.com1.log
c:\messengerplus\nandinhaqx@hotmail.com1.log
c:\messengerplus\nataliaizar@hotmail.com1.log
c:\messengerplus\nathaly_ponte@hotmail.com1.log
c:\messengerplus\nathy_prins@hotmail.com1.log
c:\messengerplus\nay_amalia@hotmail.com1.log
c:\messengerplus\ncmf_chan@hotmail.com1.log
c:\messengerplus\nego.rafa@hotmail.com1.log
c:\messengerplus\neguim_rebel@hotmail.com1.log
c:\messengerplus\neia_pecem@hotmail.com1.log
c:\messengerplus\neidinha_fisio@hotmail.com1.log
c:\messengerplus\neile21@hotmail.com1.log
c:\messengerplus\neneoarrais@hotmail.com1.log
c:\messengerplus\nenzacosta@hotmail.com1.log
c:\messengerplus\nessinha_leandra@hotmail.com1.log
c:\messengerplus\netiinfuleero@hotmail.com1.log
c:\messengerplus\netinho.maluco@hotmail.com1.log
c:\messengerplus\nierton@oumais.com1.log
c:\messengerplus\niertonsn@hotmail.com1.log
c:\messengerplus\nina3083@hotmail.com1.log
c:\messengerplus\ninebelacruz@hotmail.com1.log
c:\messengerplus\normandoandre@hotmail.com1.log
c:\messengerplus\novopequeno3.log
c:\messengerplus\npcfreitas1@hotmail.com1.log
c:\messengerplus\oceliamylla@hotmail.com1.log
c:\messengerplus\oivelma15@hotmail.com1.log
c:\messengerplus\otaciliorochajunior@hotmail.com1.log
c:\messengerplus\oumais@oumais.com1.log
c:\messengerplus\ozieliakf@hotmail.com1.log
c:\messengerplus\p_willame@hotmail.com1.log
c:\messengerplus\pamilinha_04@hotmail.com1.log
c:\messengerplus\papo_dinho28@hotmail.com1.log
c:\messengerplus\patricia_paty_i@hotmail.com1.log
c:\messengerplus\patrickktur@hotmail.com1.log
c:\messengerplus\paula_laziquinha@hotmail.com1.log
c:\messengerplus\paulalimoeiro@hotmail.com1.log
c:\messengerplus\paularlira@hotmail.com1.log
c:\messengerplus\paulinho.deolino@hotmail.com1.log
c:\messengerplus\paullo_germano@hotmail.com1.log
c:\messengerplus\paulozouza@hotmail.com1.log
c:\messengerplus\pedroleitejr@hotmail.com1.log
c:\messengerplus\pedrothiaguinho@hotmail.com1.log
c:\messengerplus\pireshandebol@hotmail.com1.log
c:\messengerplus\pjtreinamentos@hotmail.com1.log
c:\messengerplus\polly0711@hotmail.com1.log
c:\messengerplus\portalraves@hotmail.com1.log
c:\messengerplus\portalreggae@hotmail.com1.log
c:\messengerplus\potenciallivros@hotmail.com1.log
c:\messengerplus\preventoscarol@hotmail.com1.log
c:\messengerplus\pricillamarias@hotmail.com1.log
c:\messengerplus\priscila_escossio@hotmail.com1.log
c:\messengerplus\prisllay@hotmail.com1.log
c:\messengerplus\quelzinha_torres@hotmail.com1.log
c:\messengerplus\r-afaelzinh-u@hotmail.com1.log
c:\messengerplus\raciria@hotmail.com1.log
c:\messengerplus\rafaeltnt@hotmail.com1.log
c:\messengerplus\rafalokinho@hotmail.com1.log
c:\messengerplus\railsonalves@hotmail.com1.log
c:\messengerplus\rannilelle@hotmail.com1.log
c:\messengerplus\raphael_orappa@hotmail.com1.log
c:\messengerplus\raphaelpsycho@hotmail.com1.log
c:\messengerplus\raquel_catunda@hotmail.com1.log
c:\messengerplus\raquelmaezinha@hotmail.com1.log
c:\messengerplus\rasilva_ba@hotmail.com1.log
c:\messengerplus\rc-r@hotmail.com1.log
c:\messengerplus\rebecapeixoto_21@hotmail.com1.log
c:\messengerplus\rebelca@hotmail.com1.log
c:\messengerplus\rejanejeri@hotmail.com1.log
c:\messengerplus\rejanemcarvalho@yahoo.com.br1.log
c:\messengerplus\renata.abigail@hotmail.com1.log
c:\messengerplus\renatab_r@hotmail.com1.log
c:\messengerplus\renatoclinica@hotmail.com1.log
c:\messengerplus\reniermeneses@hotmail.com1.log
c:\messengerplus\renildinho_da_bahia@hotmail.com1.log
c:\messengerplus\renyllgnatus@hotmail.com1.log
c:\messengerplus\revianagila@hotmail.com1.log
c:\messengerplus\rezinha_brigida@hotmail.com1.log
c:\messengerplus\risoneide_ms@hotmail.com1.log
c:\messengerplus\risoneidems@hotmail.com1.log
c:\messengerplus\rita.advogada@hotmail.com1.log
c:\messengerplus\robertosilvio2002@hotmail.com1.log
c:\messengerplus\rodrigo.l.mota@hotmail.com1.log
c:\messengerplus\rodrigos.s@hotmail.com1.log
c:\messengerplus\romcidrack@hotmail.com1.log
c:\messengerplus\rosadosventosjeri@hotmail.com1.log
c:\messengerplus\rosadosventospousada@hotmail.com1.log
c:\messengerplus\rosaliareggae@hotmail.com1.log
c:\messengerplus\rosaliriss@hotmail.com1.log
c:\messengerplus\roselane.lopes@hotmail.com1.log
c:\messengerplus\rosileneedf22@hotmail.com1.log
c:\messengerplus\rot-meio@hotmail.com1.log
c:\messengerplus\ruan_pablo_rpc@hotmail.com1.log
c:\messengerplus\russasnet@hotmail.com1.log
c:\messengerplus\sacolapersonalizada@hotmail.com1.log
c:\messengerplus\samarinhabob@hotmail.com1.log
c:\messengerplus\samialeandra@hotmail.com1.log
c:\messengerplus\santospt@hotmail.com1.log
c:\messengerplus\sarahribeiromatos@hotmail.com1.log
c:\messengerplus\saviojunior_89@hotmail.com1.log
c:\messengerplus\savyamousy@hotmail.com1.log
c:\messengerplus\semconvite@hotmail.com1.log
c:\messengerplus\sergioluismagalhaes@msn.com1.log
c:\messengerplus\sergiophd@hotmail.com1.log
c:\messengerplus\sergiopingo@hotmail.com1.log
c:\messengerplus\shir.carp@hotmail.com1.log
c:\messengerplus\shirleyparente@hotmail.com1.log
c:\messengerplus\showfortaleza@hotmail.com1.log
c:\messengerplus\sidroots@gmail.com1.log
c:\messengerplus\silva.gracilene@hotmail.com1.log
c:\messengerplus\silva_pes@hotmail.com1.log
c:\messengerplus\silvana_lackismi@hotmail.com1.log
c:\messengerplus\smennya@hotmail.com1.log
c:\messengerplus\solon_sousa@hotmail.com1.log
c:\messengerplus\spice.boy.10@hotmail.com1.log
c:\messengerplus\srl_bh@hotmail.com1.log
c:\messengerplus\stephanie_ce@hotmail.com1.log
c:\messengerplus\su_somb_ra@hotmail.com1.log
c:\messengerplus\suporte@lssistemas.com1.log
c:\messengerplus\suporte01@lssistemas.com1.log
c:\messengerplus\surfe_ce@hotmail.com1.log
c:\messengerplus\sussegadosp@hotmail.com1.log
c:\messengerplus\t.hayse.dantas@hotmail.com1.log
c:\messengerplus\taciana_crl@hotmail.com1.log
c:\messengerplus\tacy_crl@hotmail.com1.log
c:\messengerplus\talesrenan@hotmail.com1.log
c:\messengerplus\talytinhace@hotmail.com1.log
c:\messengerplus\tarcito_mendes@hotmail.com1.log
c:\messengerplus\tarsila_peixoto@hotmail.com1.log
c:\messengerplus\tathales2@hotmail.com1.log
c:\messengerplus\tatiana_sales_@hotmail.com1.log
c:\messengerplus\tatujc@hotmail.com1.log
c:\messengerplus\taveirad2@hotmail.com1.log
c:\messengerplus\taykeully22@hotmail.com1.log
c:\messengerplus\teinha_23@hotmail.com1.log
c:\messengerplus\telessantiago_@hotmail.com1.log
c:\messengerplus\thaliita_alves@hotmail.com1.log
c:\messengerplus\thalita_simplistion@hotmail.com1.log
c:\messengerplus\thelafontay@hotmail.com1.log
c:\messengerplus\thiago.costa84@hotmail.com1.log
c:\messengerplus\thiago_fulano@hotmail.com1.log
c:\messengerplus\thiagolourenco.com@hotmail.com1.log
c:\messengerplus\tianevaz@hotmail.com1.log
c:\messengerplus\tim_nojoza@hotmail.com1.log
c:\messengerplus\torrone_@hotmail.com1.log
c:\messengerplus\tudallynda@hotmail.com1.log
c:\messengerplus\tuliodleon@hotmail.com1.log
c:\messengerplus\ujcs_84@hotmail.com1.log
c:\messengerplus\ulissesmotaodonto@hotmail.com1.log
c:\messengerplus\valdisiofilho@hotmail.com1.log
c:\messengerplus\valdiziasempre@hotmail.com1.log
c:\messengerplus\valeria.weiss@live.com1.log
c:\messengerplus\valfrancysales@hotmail.com1.log
c:\messengerplus\valnicepires@hotmail.com1.log
c:\messengerplus\vanessinha_fisio@hotmail.com1.log
c:\messengerplus\vanybrito@yahoo.com.br1.log
c:\messengerplus\vera.lcosta@hotmail.com1.log
c:\messengerplus\veralimoeiro@hotmail.com1.log
c:\messengerplus\victormendes_@hotmail.com1.log
c:\messengerplus\vinicius_clauber@hotmail.com1.log
c:\messengerplus\vivianelh@hotmail.com1.log
c:\messengerplus\voceconheceomario@hotmail.com1.log
c:\messengerplus\vulcanibr@hotmail.com1.log
c:\messengerplus\wagnerfilho25@hotmail.com1.log
c:\messengerplus\waleria_amor@hotmail.com1.log
c:\messengerplus\walterfernando@oumais.com1.log
c:\messengerplus\wilderbruno@hotmail.com1.log
c:\messengerplus\winnierc@hotmail.com1.log
c:\messengerplus\xokitu@hotmail.com1.log
c:\messengerplus\yahoo
c:\messengerplus\zenfiel33@hotmail.com1.log
c:\messengerplus\zilvielydiogenes@hotmail.com1.log
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1077
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1858
c:\recycler\S-1-5-21-0978078049-3248202922-295739027-7354
c:\recycler\S-1-5-21-1140588855-8337397256-086882994-5560
c:\recycler\S-1-5-21-1443944852-0703999558-204715351-7662
c:\recycler\S-1-5-21-3035193499-4127871887-136376700-3496
c:\recycler\S-1-5-21-3082335638-4739769477-908906065-8056
c:\recycler\S-1-5-21-3459323976-3720390560-541611044-9723
c:\recycler\S-1-5-21-3916546616-0185070970-063681094-6396
c:\recycler\S-1-5-21-3939136892-5735453041-283257833-0918
c:\recycler\S-1-5-21-4382047279-6725269073-197441187-6086
c:\recycler\S-1-5-21-4520925888-9712240383-953961613-8436
c:\recycler\S-1-5-21-4777252926-6686838724-043971808-3565
c:\recycler\S-1-5-21-5233095736-8747937004-148597388-0166
c:\recycler\S-1-5-21-5357829509-6227480171-859032534-5054
c:\recycler\S-1-5-21-5988796753-6378196596-204019332-1626
c:\recycler\S-1-5-21-6393386796-9704076872-576300363-6753
c:\recycler\S-1-5-21-6831842476-9549074852-609374030-6712
c:\recycler\S-1-5-21-7135657626-0184820060-137754567-8621
c:\recycler\S-1-5-21-7411674438-5659034047-410012292-2881
c:\recycler\S-1-5-21-7829268359-3433775584-682404122-2918
c:\recycler\S-1-5-21-7829268359-3433775584-682404122-2918\Desktop.ini
c:\recycler\S-1-5-21-7829268359-3433775584-682404122-2918\yv8g67.exe
c:\recycler\S-1-5-21-8547042094-9063463911-703822971-0139
c:\recycler\S-1-5-21-8701028731-5472554258-908501797-7773
c:\recycler\S-1-5-21-8719211112-6994535491-831486163-0706
c:\recycler\S-1-5-21-8806088420-2277305415-293920336-9192
c:\recycler\S-1-5-21-8994833412-5250207671-641225866-3984
c:\recycler\S-1-5-21-9411900880-0890602215-123120738-2998
c:\recycler\S-1-5-21-9493085540-4084954840-316540046-7570
c:\recycler\S-1-5-21-9496139243-8621017859-415382036-9239
C:\svchost1.exe
c:\windows\system32\drivers\11d41880.sys
c:\windows\system32\drivers\3f28ef12.sys
c:\windows\system32\drivers\c53b8414.sys
c:\windows\system32\drivers\f7e1424f.sys
c:\windows\system32\Ijl11.dll
c:\windows\system32\kust00.exe
c:\windows\system32\redsky.exe
c:\windows\system32\wfaqbze.dll
c:\windows\system32\zeyffrb.dll

c:\windows\system32\drivers\beep.sys . . . está infectado!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_icf
-------\Legacy_xkgvuusd
-------\Service_xkgvuusd
-------\Service_11d41880
-------\Service_3f28ef12
-------\Service_c53b8414
-------\Service_f7e1424f


(((((((((((((((( Arquivos/Ficheiros criados de 2009-08-14 to 2009-09-14 ))))))))))))))))))))))))))))
.

2009-09-14 14:49 . 2009-09-14 14:49 -------- d-----w- c:\documents and settings\Dr Carlos Renato\Dados de aplicativos\Malwarebytes
2009-09-14 14:48 . 2009-09-10 17:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-14 14:48 . 2009-09-14 14:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2009-09-14 14:48 . 2009-09-10 17:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-14 14:48 . 2009-09-14 14:48 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2009-09-14 14:48 . 2009-09-14 14:48 4045528 ----a-w- C:\mbam-setup.exe
2009-09-14 14:41 . 2009-09-14 14:41 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avg8
2009-09-14 14:25 . 2009-09-14 14:25 -------- d-----w- c:\windows\system32\log
2009-09-12 19:51 . 2009-09-12 19:52 1036741 ----a-w- C:\OdontoWay.zip
2009-09-12 11:06 . 2009-09-12 11:06 81920 --sh--r- c:\windows\osdrive32.exe
2009-09-12 00:19 . 2009-09-12 11:07 132096 ----a-w- C:\yukbea.exe
2009-09-10 11:25 . 2009-09-12 11:07 87552 ----a-w- C:\ejslggiq.exe
2009-09-04 17:13 . 2009-09-04 17:13 116224 ----a-w- c:\windows\system32\kut00.exe
2009-09-04 17:13 . 2009-09-04 17:13 75264 --sh--r- c:\windows\usdrive32.exe
2009-09-01 13:07 . 2009-09-11 10:49 0 ----a-w- c:\windows\system32\drivers\28a67337.sys
2009-08-29 11:29 . 2009-09-14 15:35 87884 ----a-w- c:\windows\system32\drivers\82ea4fe6.sys
2009-08-29 10:26 . 2009-09-01 13:06 214613 ----a-w- C:\mtyfncck.exe
2009-08-28 10:38 . 2009-09-11 10:49 0 ----a-w- c:\windows\system32\drivers\2ecde64c.sys
2009-08-28 10:35 . 2009-08-28 10:35 565248 ----a-w- c:\windows\system32\bluesky.exe
2009-08-28 10:35 . 2009-08-28 10:35 880128 ----a-w- c:\windows\system32\ban002.exe

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-14 15:35 . 2001-10-28 18:06 78976 ----a-w- c:\windows\system32\drivers\Beep.SYS
2009-09-14 14:43 . 2008-08-29 23:15 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security
2009-09-12 19:54 . 2008-09-22 18:28 -------- d-----w- c:\documents and settings\Dr Carlos Renato\Dados de aplicativos\U3
2009-09-12 19:54 . 2008-09-13 11:15 -------- d-----w- c:\arquivos de programas\OdontoWay
2009-09-12 11:08 . 2004-08-04 03:45 14336 ----a-w- c:\windows\system32\svchost.exe
2009-09-10 15:14 . 2008-12-19 20:49 -------- d-----w- c:\arquivos de programas\GbPlugin
2009-08-28 10:42 . 2004-08-04 02:14 182912 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-08-22 10:32 . 2008-12-19 20:49 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin
2009-08-17 17:43 . 2009-07-04 18:31 26632 ----a-w- c:\windows\system32\drivers\gbpkm.sys
2009-08-10 12:41 . 2009-08-10 12:41 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2009-02-09 14:24 . 2008-08-29 23:08 67688 ----a-w- c:\arquivos de programas\mozilla firefox\components\jar50.dll
2009-02-09 14:24 . 2008-08-29 23:08 54368 ----a-w- c:\arquivos de programas\mozilla firefox\components\jsd3250.dll
2009-02-09 14:24 . 2008-08-29 23:08 34944 ----a-w- c:\arquivos de programas\mozilla firefox\components\myspell.dll
2009-02-09 14:24 . 2008-08-29 23:08 46712 ----a-w- c:\arquivos de programas\mozilla firefox\components\spellchk.dll
2009-02-09 14:24 . 2008-08-29 23:08 172136 ----a-w- c:\arquivos de programas\mozilla firefox\components\xpinstal.dll
2008-10-31 22:50 . 2008-11-01 12:15 2640 --sh--r- c:\windows\system32\oobe\dialmgr.dat
.

------- Sigcheck -------

[-] 2009-09-14 15:36 . 349CCD7366944A2F4E3F697A96E556CB . 78976 . . [------] . . c:\windows\system32\drivers\Beep.SYS

[-] 2009-08-28 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys
[-] 2009-08-28 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys

[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-04 . 7399D854596BFEFEED6B60879F28CE07 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="c:\arquivos de programas\VIA Technologies" [X]
"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ aGBPluginAdm]
2009-02-04 16:31 88064 ----a-w- c:\windows\system32\asteca.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [04/07/2009 15:31 26632]
S1 28a67337;28a67337;c:\windows\system32\drivers\28a67337.sys [01/09/2009 10:07 0]
S1 2ecde64c;2ecde64c;c:\windows\system32\drivers\2ecde64c.sys [28/08/2009 07:38 0]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {D215198E-5078-4242-8CC3-AE8B64724549} = 200.165.132.155,200.149.55.140
FF - ProfilePath - c:\documents and settings\Dr Carlos Renato\Dados de aplicativos\Mozilla\Firefox\Profiles\3sf1iy5a.default\
FF - component: c:\arquivos de programas\Mozilla Firefox\components\xpinstal.dll
.
- - - - ORFÃOS REMOVIDOS - - - -

Notify- GbPluginBb - c:\arquivos de programas\GbPlugin\gbieh.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-09-14 12:35
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\controlset004\Services\82ea4fe6]
"ImagePath"="\SystemRoot\System32\drivers\82ea4fe6.sys"
--

[HKEY_LOCAL_MACHINE\System\controlset004\Services\Beep]

.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\asteca.dll

- - - - - - - > 'explorer.exe'(3656)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\arquivos de programas\VIA Technologies, INC\Audio Deck\ADeck.exe
c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
c:\windows\system32\wscntfy.exe
c:\arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe
c:\arquivos de programas\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Tempo para conclusão: 2009-09-14 12:37 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-09-14 15:37

Pré-execução: 6 pasta(s) 70.404.419.584 bytes disponíveis
Pós execução: 9 pasta(s) 69.302.075.392 bytes disponíveis

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
688

Malwarebytes' Anti-Malware 1.41
Versão do banco de dados: 2795
Windows 5.1.2600 Service Pack 2

14/09/2009 12:17:38
mbam-log-2009-09-14 (12-17-37).txt

Tipo de Verificação: Rápida
Objetos verificados: 87829
Tempo decorrido: 14 minute(s), 8 second(s)

Processos da Memória infectados: 14
Módulos de Memória Infectados: 4
Chaves do Registro infectadas: 39
Valores do Registro infectados: 25
Ítens do Registro infectados: 4
Pastas infectadas: 0
Arquivos infectados: 132

Processos da Memória infectados:
C:\WINDOWS\system32\servises.exe (Packed.Krap) -> Unloaded process successfully.
C:\WINDOWS\system32\servises.exe (Packed.Krap) -> Unloaded process successfully.
C:\WINDOWS\system32\servises.exe (Packed.Krap) -> Unloaded process successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\b.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\ondrive32.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\WINDOWS\msa.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\servises.exe (Packed.Krap) -> Unloaded process successfully.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1077\vslmq.exe (Trojan.Proxy) -> Unloaded process successfully.
C:\MessengerPlus\wmplayer.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\system32\csrcs.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\Dr Carlos Renato\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\pldmcx.exe (Trojan.Downloader) -> Unloaded process successfully.

Módulos de Memória Infectados:
C:\WINDOWS\system32\hiyokovu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hrqjjhda.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hozutoza.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\zeyffrb.dll (Trojan.Vundo.H) -> Delete on reboot.

Chaves do Registro infectadas:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e8e82c41-96f9-4b80-bd22-dee6ba5120b5} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuzzmwjq (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{e8e82c41-96f9-4b80-bd22-dee6ba5120b5} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00c3e775-0864-485f-87f4-6b443826b942} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00c3e775-0864-485f-87f4-6b443826b942} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00c3e775-0864-485f-87f4-6b443826b942} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2e1ef54c-b71e-41ba-9733-556c3d696ad9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2e1ef54c-b71e-41ba-9733-556c3d696ad9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{37b7ee1a-bbe2-4a03-9795-da954f324b73} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c3dea99-b71e-41ba-9733-556c3d696ad9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5c3dea99-b71e-41ba-9733-556c3d696ad9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{546d0bb7-6894-48d2-89eb-dfabf5e4ec7d} (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9bc847bd-e090-48b5-9aaa-6f6daed24142} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{546d0bb7-6894-48d2-89eb-dfabf5e4ec7d} (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xkgvuusd (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\xkgvuusd (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\xkgvuusd (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\xkgvuusd (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xkgvuusd (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e8e82c41-96f9-4b80-bd22-dee6ba5120b5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\df30b5d0 (Rootkit.Rustock) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mglpewgn (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mglpewgn (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mglpewgn (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\mglpewgn (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mglpewgn (Trojan.Agent) -> Delete on reboot.

Valores do Registro infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\servises (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\servises (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\servises (Packed.Krap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\servises (Packed.Krap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft driver setup (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\microsoft driver setup (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg214-k641-12sf-n85p (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg214-k641-11sf-n33p (Trojan.Proxy) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msnmsgr (Trojan.PWS) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\czwmgr (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wmplayer (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\csrcs (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg214-k641-24sf-n84p (Worm.AutoRun) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Advanced DHTML Enable (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jfxdghs (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Services\del (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\poprock (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winscpl (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\clrtss (Trojan.Downloader) -> Quarantined and deleted successfully.

Ítens do Registro infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe csrcs.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Pastas infectadas:
(Nenhum ítem malicioso foi detectado)

Arquivos infectados:
c:\WINDOWS\system32\zeyffrb.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hrqjjhda.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\servises.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hiyokovu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hozutoza.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\r56y7u.exe (Trojan.Dropper) -> Delete on reboot.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\b.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\ondrive32.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1077\vslmq.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\m002.exe (Trojan.PWS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msxml71.dll (Worm.Allaple) -> Quarantined and deleted successfully.
C:\dlwin.exe (Worm.P2P) -> Quarantined and deleted successfully.
C:\enurmyv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\fgfngd.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\otcw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\pjuyda.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\qbuf.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\qseoqy.exe (Trojan.Boaxxe) -> Quarantined and deleted successfully.
C:\ybdvlwme.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-3082335638-4739769477-908906065-8056\wnzip32.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awynuqj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zanelupo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\11d41880.sys (Rootkit.Rustock) -> Delete on reboot.
C:\WINDOWS\system32\drivers\3f28ef12.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\86485290.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\9e294c41.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Rootkit.Rustock) -> Delete on reboot.
C:\WINDOWS\system32\drivers\c53b8414.sys (Rootkit.Rustock) -> Delete on reboot.
C:\WINDOWS\system32\drivers\df30b5d0.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\f7e1424f.sys (Rootkit.Rustock) -> Delete on reboot.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\007.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\010.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\013.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\036.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\040.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\043.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\129.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\145.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\146.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\190.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\229.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\247.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\i.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\253.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\475.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\810.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\c.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\d.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\507.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\512.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\527.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\538.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\542.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\550.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\594.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\595.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\6072,917.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\619.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\637.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\669.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\695.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\725.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\283.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\299.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\306.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\326.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\328.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\357.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\372.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\375.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\393.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\394.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\395.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\402.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\447.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\464.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\468.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\473.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\813.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\824.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\826.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\860.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\88.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\8A.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\925.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\935.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\937.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\952.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\k.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\l.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\e.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\eraseme_32848.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\eraseme_85631.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\h.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\msdrive32.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wnddsl.exe (Trojan.Downloader) -> Delete on reboot.
C:\MessengerPlus\explore.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\MessengerPlus\wmplayer.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_id.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\csrcs.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svchost.exe:exe.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\785.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN89.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN8B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN8C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN8E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN8F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN97.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BNA0.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BNA2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BNA4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\BN88.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr Carlos Renato\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1858\port88.exe (Worm.AutoRun) -> Delete on reboot.
C:\Documents and Settings\Dr Carlos Renato\Configurações locais\Temp\960.exe (Trojan.Agent) -> Delete on reboot.
C:\svfp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pldmcx.exe (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\bcllps.exe (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\drivers\mglpewgn.sys (Trojan.Agent) -> Delete on reboot.
 
Mr. Wolf

Obrigado pela atenção, segue log conforme solicitado:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:57:15, on 14/09/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ismserv.exe
C:\Arquivos de programas\No-IP\DUC20.exe
C:\WINDOWS\system32\ntfrs.exe
C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe
C:\Arquivos de programas\HP\Data Protector Express\v3.50-sp1\win\x86\dpwinsdr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\HP\Data Protector Express\v3.50-sp1\win\x86\dpwingqa.exe
C:\Arquivos de programas\No-IP\DUC20.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.47.12:8080
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVIO DE REDE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: No-IP DUC.lnk = C:\Arquivos de programas\No-IP\DUC20.exe
O4 - Global Startup: Atalho para redeip.bat.lnk = G:\redeip.bat
O4 - Global Startup: Data Protector Express Quick Access.lnk = C:\Arquivos de programas\HP\Data Protector Express\v3.50-sp1\win\x86\dpwingqa.exe
O15 - ESC Trusted Zone: http://www.editora-andrei.com.br
O15 - ESC Trusted Zone: http://www.gloogle.com.br
O15 - ESC Trusted Zone: http://search.live.com
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1212090409306
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = EMPRESA.LOCAL
O17 - HKLM\Software\..\Telephony: DomainName = EMPRESA.LOCAL
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FBF3F72-650B-409B-8D96-4B5A31AEB99B}: NameServer = 200.222.0.34,200.222.0.35
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = EMPRESA.LOCAL
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = EMPRESA.LOCAL
O23 - Service: Data Protector Express (DPXpress) - HP - C:\Arquivos de programas\HP\Data Protector Express\v3.50-sp1\win\x86\dpwinsdr.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Arquivos de programas\No-IP\DUC20.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

--
End of file - 4343 bytes
 
Pow gente, tow querendo jogar Gunbound WC Season 2 (Server Oficial) e o GameGuard (anti-cheat) nao deixa eu jogar,
foi o maior sacrifício criar a conta pra jogar e qndo chego lá, dá uma BSoD... [#frescura comum de anti-cheats]

To usando o PC 02 da assinatura, e ele é mt velho, o S.O tá limpinho da silva, formatei e instalei tudo ontem.
e olha q tava no Windows 2000 e mudei pro XP Sp2

Anexos >>>

Log do HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:02:06, on 14/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Opera\opera.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Opera\opera.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [msnmsgr] C:\WINDOWS\system32:msnmsgr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Configurações locais\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Configurações locais\Temp" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{18ED2AF4-6EDC-4CB7-9CEC-585D800F489B}: NameServer = 192.168.254.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{18ED2AF4-6EDC-4CB7-9CEC-585D800F489B}: NameServer = 192.168.254.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{18ED2AF4-6EDC-4CB7-9CEC-585D800F489B}: NameServer = 192.168.254.254
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

--
End of file - 3510 bytes

Obs: Fui no Google e e até agora nao resolveu...
Será q é pq o Windows XP SP2 q tenho aqui é modificado? >.< (por favor, nao me punam, pq minha Key eh original, veio com o Notebook de meu pai...mas tow usando tbm no PC)
Ele vem com temas e qndo terminei de instalar os drivers, ele pede o CD de instalaçao dizendo q arquivos essenciais do S.O foram modificados.

Flw galera !
 

Attachments

  • BSoD GG GB WC SS2.jpg
    BSoD GG GB WC SS2.jpg
    101.2 KB · Visitas: 144
Última edição:
Olá Mr.Wolf

Segui passo a passo as instruções e estou enviando um novo log.

Obrigado!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:31:22, on 14/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\WinLogT.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\vsnpstd2.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe
C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Toca do Game\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfre0.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfre0.dll
O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfre0.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [snpstd2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.13\MediaManager\grab.html
O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra 'Tools' menuitem: Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 9518 bytes

BankerFix 3.1 VALKYRIE - Removedor de Bankers
Linha Defensiva | http://www.linhadefensiva.org
http://www.linhadefensiva.org/bankerfix/
-------------------------------------------------------
Data: 2009-09-14 - 19:22
-------------------------------------------------------
Lista de Definição: 2009-07-24-2 | CORE: 2009-07-24-1
=======================================================



----- Fim -------------------------
 
Olá pessoal, boa tarde! Como de costume, responderei à todos neste post ok.


Olá HeadHunterrrr, primeiramente, nunca confie nesses sites de análise automática, como o que você postou seu log. Pois esses sites funcionam à base de dados, e como surgem infecções praticamente todo dia, o site será inútil, pois pode apontar entradas legítmas como vírus, e vice-versa. No seu caso, por exemplo, foi o que ocorreu. O ctfmon.exe é legítmo, e o site apontou como "Natsy", ou seja, perigoso. Por aí já percebe-se que sites como esses não são confiáveis ao ponto de se postar um log do seu computador, o que pode prejudicar ao invés de ajudar.

Quanto ao roubo de sua senha, e as 379 infecções encontradas, é de se preocupar realmente.

Peço que, por gentileza, poste um log do HijackThis aqui HeadHunterrrr.

____________________________________


Artsimoes, por que não instala um firewall alternativo ao do Windows?! É melhor e dará menos trabalho para você. Recomendo um desses dois abaixo, ambos são free e não necessitam de configuração manual:

Outpost Firewall
Online Armor

Instale apenas um deles, e me diga se deu certo. Se preferir, ambos também possuem versões pagas.

____________________________________


lta075, siga as instruções do spoiler abaixo (basta clicar em Mostrar):

1ª Etapa

- Baixe o RootRepeal e extraia o arquivo no desktop.

- Feche todos os programas abertos. Desative o antivirus e qualquer outro programa de segurança com residente ligado.
- Acesse a pasta da ferramenta e dê um duplo clique em RootRepeal.exe.
- No canto inferior direito, clique na guia Report e depois clique no botão Scan.
- Selecione todos os itens como mostra na imagem abaixo e clique em OK:

wjhu84.gif


- Selecione sua unidade C: e dê um OK para prosseguir. Aguarde o scan e procure não ficar mexendo muito no sistema durante o scan.
- Quando o scan terminar, um log será aberto no Bloco de Notas. O mesmo estará em C:\RootRepeal report xxxxxx-xxxxxxx.txt (onde os "x" representam a data e hora em que o relatório foi salvo).
- Feche a ferramenta.

Poste o log do RooRepeal em sua próxima resposta.


2ª Etapa

Faça o download do OTS e salve-o no desktop;

Dê um duplo clique em OTS.exe para executar a ferramenta;
Marque a opção Scan All Users. Em "File Age" coloque 30 Days;
Em "Additional Scans" marque os itens File - Lop Check e File - Purity Scan;
Clique no botão Run Scan e aguarde o scan da ferramenta;
Vide imagem de configuração (configure como tal):

nx00p1.jpg


Será aberto um log chamado OTS.Txt, que também estará salvo no desktop.

Copie e cole este log em sua próxima resposta.
____________________________________


karolz, siga abaixo:

- Faça download do Kaspersky AVP Tool e salve na pasta de C:\Arquivos de programas;

● Instale o programa normalmente seguindo todos os seus passos;
● Não faça scan ainda com a ferramenta;
● Reinicie o computador em Modo de Segurança (segurando a tecla F8 na inicialização do sistema e escolhendo a opção Modo Seguro no menu);
● Já em Modo Seguro, execute então o programa e na tela principal marque todas as caixas disponíveis, como mostra a imagem abaixo:

kasperskyvirusremovaltoak2.png


● Logo abaixo clique sobre a opção Settings (Security Level) e clique no botão Customize. Vá na aba Heuristic analyzer e marque a caixinha “Enable deep rootkit search”. Dê um OK nas duas janelas;
● Voltando a tela inicial, clique no botão Scan e aguarde;
● Seja paciente, o scan pode demorar bastante;
● Se ele encontrar alguma infecção, vá confirmando a solicitação de remoção dos arquivos contaminados;
● Ao término do scan, clique em Reports e salve o relatório com a extensão .txt no desktop;
● Reinicie o computador em Modo Normal novamente e cole o relatório do scan aqui;
● Talvez, ao término da verificação, aparecerá uma janela para que a ferramenta seja desinstalada. Se aparecer confirme a desinstalação;
● Caso não apareça esta janela, feche todos os aplicativos abertos, entre dentro da pasta Kaspersky AVP Tool (estará na mesma pasta onde você salvou o arquivo de instalação - Arquivos de Programas), e dê duplo clique sobre o arquivo unins000.exe;
● Clique em OK duas vezes para completar o processo de remoção.

PS.: O log poderá ficar bem extenso. Caso não consiga anexar aqui no tópico, descarte os Eventos (Events) do log e tente. Se ainda assim não conseguir, upe-o aqui e poste o link para download.
____________________________________


luisednardo, temos um enorme problema aí. Este computador está infectado por rootkits e ransomwares. Caso não saiba o que seja ransomwares, são malwares que sequestram arquivos do sistema da vítima, enviam aos criadores da praga, e estes pedem resgate para recuperar os arquivos roubados. Ou podem simplesmente nem pedir resgate, apenas roubam os arquivos definitivamente, sem chance de recuperação. Mais informações sobre os ransomwares aqui.

Siga abaixo:

Baixe este arquivo abaixo e coloque na pasta C:\WINDOWS\System32\drivers:

http://andymanchesta.com/Files/XP/beep.sys

Surgirá uma mensagem dizendo que já existe um arquivo com este nome e deseja substituir por este novo, clique em Sim para que a substituição seja efetuada.


Baixe este arquivo abaixo, extraia-o no desktop e execute-o:

http://www.kaspersky.com/removaltools?vtopen=154293695#open

Quando a ferramenta terminar, pressione Enter.

OBS: Se surgir uma pop-up alertando que ocorreu um erro Win32 Válido, clique em Ignore. de forma alguma clique em OK ou Yes na mensagem.


Delete o ComboFix e baixe-o novamente.

Vá em Iniciar > Executar, digite "%userprofile%\desktop\combofix.exe" /killall e clique em OK como na imagem:

combofixejr8.gif


Poste o novo log do ComboFix luisednardo.
____________________________________


guerreirofjv, antes de continuarmos, apenas uma pergunta: Este arquivo em destaque à seguir, provavelmente, foi criado por você ou alguém de sua empresa não?! redeip.bat? Com certeza sim. Parece algo referente a uma monitoração da rede, etc. Mas é sempre importante pergunta antes.

Siga as instruções abaixo no spoiler amigo guerreirofjv:

- Faça o download do ComboFix e antes de salvá-lo no desktop, renomeie o executável para 12345.exe <- Isto é importante pois senão o malware irá bloquear a execução da ferramenta!

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Duplo clique no ícone 12345.exe para iniciar o scan;
● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.

Cole este log em sua próxima resposta.
____________________________________


rafaelfrequiao, siga as instruções abaixo:

1ª Etapa

- Faça o download do BankerFix e salve-o no desktop;

● Desabilite o seu antivírus temporariamente para não detectar a ferramenta como vírus;
● Dê um duplo clique em bankerfix.exe;
● Surgirá uma mensagem dizendo que o mesmo será baixado via internet;
● Clique em OK > OK. Tecle Enter e aguarde o término do scan;
● Terminado o scan, leia a mensagem na tela e tecle Enter novamente.
● Será gerado um log em C:\LinhaDefensiva\relatorio.txt.

Cole este log em sua próxima resposta, juntamente com um novo log do HijackThis.

Delete a pasta C:\LinhaDefensiva após colar seu log aqui.


2ª Etapa

- Faça o download do ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Duplo clique no ícone combofix.exe para iniciar o scan;
● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.

Cole este log em sua próxima resposta.
____________________________________


Falero, siga abaixo no spoiler:

- Faça o download do RSIT e salve no seu desktop;

● Dê dois cliques em RSIT.exe para executar o programa;
● Na janela que abrir clique no botão Continue para que a ferramenta comece a rodar;
● Quando a ferramenta terminar de rodar, abrirá um log automaticamente no bloco de notas contendo o resultado do scan. Cole o resultado desse log (log.txt) na sua próxima resposta;
● Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt.
 
Olá Mr.Wolf
Estou enviando um novo log.

info.txt logfile of random's system information tool 1.06 2009-09-15 19:52:48

======Uninstall list======

-->C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec /X{64F67489-76BB-4CDD-A236-F954BE774B35}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
7-Zip 4.65-->"C:\Arquivos de programas\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\Shockwave 11\UNWISE.EXE C:\WINDOWS\system32\Adobe\Shockwave 11\Install.log
Adobe SVG Viewer 3.0-->C:\Arquivos de programas\Arquivos comuns\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Arquivos de programas\Arquivos comuns\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Advanced SystemCare 3-->"C:\Arquivos de programas\IObit\Advanced SystemCare 3\unins000.exe"
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Print Creations - Album Page-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x416 -1AlbumPage
ArcSoft Print Creations - Funhouse-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x416 -1Funhouse
ArcSoft Print Creations - Greeting Card-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x416 -1GreetingCard
ArcSoft Print Creations - Photo Book-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x416 -1PhotoBook
ArcSoft Print Creations - Photo Calendar-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x416 -1Calendar
ArcSoft Print Creations - Scrapbook-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x416 -1ScrapBook
ArcSoft Print Creations - Slimline Card-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x416 -1Slimline
ArcSoft Print Creations-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x416
Ares 2.1.1-->"C:\Arquivos de programas\Ares\uninstall.exe"
Assistente de Conexão do Windows Live-->MsiExec.exe /I{381C70F0-FC2C-4BEF-B16C-B88FA67A6B7B}
Atualização de Segurança para o Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Atualização de Segurança para o Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Atualização de Segurança para o Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Atualização de Segurança para o Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Atualização para Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Atualização para Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Atualização para Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Atualização para Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Atualização para Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Atualização para Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Atualização para Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Atualização para Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Atualização para Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Atualização para Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Atualização para Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Atualização para Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Atualização para Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Atualização para Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Atualização para Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Atualização para Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Atualização para Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Atualização para Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
aTube Catcher 1.0-->"C:\Arquivos de programas\DsNET Corp\aTube Catcher 1.0\unins000.exe"
avast! Antivirus-->C:\Arquivos de programas\Alwil Software\Avast4\aswRunDll.exe "C:\Arquivos de programas\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Barra de Ferramentas do Yahoo! com bloqueador de pop-up-->C:\ARQUIV~1\Yahoo!\Common\unyt.exe
Battlefield 1942-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\Setup.exe" -l0xa
Battlefield Vietnam(TM)-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{E35B3C63-E958-4E31-A178-95D22024109A}\Setup.exe" -l0xa
biohazard 4-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{DFFCDB41-C2DA-47D6-96FF-03C05C0BEA22}\install.exe" -l0x9 -removeonly
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Arquivos de programas\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
ccff7_screensaver-->C:\WINDOWS\system32\ccff7_screensaver.scr /u
CCleaner (remove only)-->"C:\Arquivos de programas\CCleaner\uninst.exe"
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Cine Turbo-->MsiExec.exe /I{D61C5988-BC23-492D-8FD0-5AE822F4F235}
CloneDVD2-->"C:\Arquivos de programas\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Arquivos de programas\Elaborate Bytes\CloneDVD2"
ConvertXtoDVD 3.1.3.40c-->"C:\Arquivos de programas\VSO\ConvertX\3\unins000.exe"
CryEngine(R)2 Sandbox(TM)2-->MsiExec.exe /I{7E4B7FD9-4ECE-4298-A910-3160B7918059}
DAEMON Tools Toolbar-->C:\Arquivos de programas\DAEMON Tools Toolbar\uninst.exe
DVD Decrypter (Remove Only)-->"C:\Arquivos de programas\DVD Decrypter\uninstall.exe"
DVD Solution-->"C:\Arquivos de programas\Uninstall_CDS.exe"
eMule-->"C:\Arquivos de programas\eMule\Uninstall.exe"
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
Extensão do Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{88902514-B65F-4093-AF94-8DA7B41DCCD8}
Foxit Reader-->C:\Arquivos de programas\Foxit Software\Foxit Reader\Uninstall.exe
free-downloads.net Toolbar-->C:\ARQUIV~1\free-downloads.net\UNWISE.EXE /U C:\ARQUIV~1\free-downloads.net\INSTALL.LOG
Game Booster-->"C:\Arquivos de programas\IObit\Game Booster\unins000.exe"
GameSpy Arcade-->C:\ARQUIV~1\GameSpy Arcade\UNWISE.EXE C:\ARQUIV~1\GameSpy Arcade\INSTALL.LOG
Grand Prix 4-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\Intel 32\ctor.dll,LaunchSetup "C:\Arquivos de programas\Infogrames\Grand Prix 4\setup.exe"
GVT Conta Detalhada na Internet-->"C:\Arquivos de programas\GVT\CDI\UNINSTAL.EXE" "C:\Arquivos de programas\GVT\CDI\INSTALL.LOG" "GVT Conta Detalhada na Internet Uninstall"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\Toca do Game\Desktop\HiJackThis\HijackThis.exe" /uninstall
Hotfix para Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"
Hotfix para Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix para Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Customer Participation Program 9.0-->C:\Arquivos de programas\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 9.0-->C:\Arquivos de programas\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 9.0-->C:\Arquivos de programas\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart All-In-One Software 9.0-->C:\Arquivos de programas\HP\Digital Imaging\{B09BCBF6-87EE-4403-A336-3A9510856535}\setup\hpzscr01.exe -datfile hposcr15.dat
HP Photosmart Essential 2.01-->C:\Arquivos de programas\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0-->C:\Arquivos de programas\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL
Indeo® Software-->C:\WINDOWS\IsUninst.exe -f"C:\Arquivos de programas\Ligos\Indeo\Uninst.isu" -c"C:\Arquivos de programas\Ligos\Indeo\Indeo System Files\indounin.dll"
IRPF2008 Windows - Declaração de Ajuste Anual-->C:\ARQUIV~1\Programas RFB\IRPF2008windows\UNWISE.EXE C:\ARQUIV~1\Programas RFB\IRPF2008windows\INSTALL.LOG
IRPF2009 - Declaração de Ajuste Anual e Final de Espólio-->C:\Arquivos de Programas RFB\IRPF2009\UNWISE.EXE C:\Arquivos de Programas RFB\IRPF2009\INSTALL.LOG
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kelly Slater's Pro Surfer(tm)-->MsiExec.exe /X{A4479693-378E-49EB-AD5A-C5A8B2BC097A}
K-Lite Codec Pack 4.7.5 (Full)-->"C:\Arquivos de programas\K-Lite Codec Pack\unins000.exe"
LightDialer 3.0-->"C:\Arquivos de programas\Turbo\Discador Turbo\unins000.exe"
Megacubo 7.0.0-->"C:\Arquivos de programas\Megacubo\unins000.exe"
Menus Inteligentes (Windows Live Toolbar)-->MsiExec.exe /X{9D57C4FB-39C1-4EC3-9386-845FD08453D5}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft Office XP Professional com FrontPage-->MsiExec.exe /I{90280416-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.5.2)-->C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Multimedia Launcher-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Nakido-->C:\Arquivos de programas\Nakido\Uninstall.exe
Nero OEM-->C:\Arquivos de programas\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{64F67489-76BB-4CDD-A236-F954BE774B35}
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OpenAL-->"C:\Arquivos de programas\OpenAL\OalinstGridRelease.exe" /U
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0-->"C:\Arquivos de programas\Orban\AAC-aacPlus Plugin\unins000.exe"
Pacote de Driver do Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\ARQUIV~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_997D018D2E01A9942C06298D6FE2CFA91C42E7EA\amdk8.inf
PowerDVD-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerISO-->"C:\Arquivos de programas\PowerISO\uninstall.exe"
PowerProducer-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
PPP over Ethernet Protocol 0.98-->C:\WINDOWS\system32\RASPPPOE.EXE /remove
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
RealPlayer-->C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x416 -removeonly
Receitanet 2009-->C:\WINDOWS\DesinstRecnet.exe
Receitanet Java 2009.01-->C:\ARQUIV~1\Programas RFB\Receitanet Java\DesinstJ.exe
Retail Virtual EVE-->MsiExec.exe /X{EDA2E9CA-8B7E-4BC0-9B0F-34B299555BF3}
Samsung PC Studio 3-->"C:\Arquivos de programas\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0009 -removeonly
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Smart Defrag 1.20-->"C:\Arquivos de programas\IObit\IObit SmartDefrag\unins000.exe"
Software Kodak EasyShare-->C:\Documents and Settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\$SETUP_1e0001_156fef2\Setup.exe /APR-REMOVE
SSTOL 3.0-->"C:\Arquivos de programas\SSTOL\unins000.exe"
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
Visualizador do Marcador (Windows Live Toolbar)-->MsiExec.exe /X{E0A086ED-969F-469A-86B1-AE90BCC8F3BC}
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Favorites para Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{3A417047-2E30-4D05-8977-F706D40BFF39}
Windows Live Messenger-->MsiExec.exe /X{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}
Windows Live Toolbar-->"C:\Arquivos de programas\Windows Live Toolbar\UnInstall.exe" {6FEE62BC-67E3-4083-BEE2-3C33A487F85C}
Windows Live Toolbar-->MsiExec.exe /X{6FEE62BC-67E3-4083-BEE2-3C33A487F85C}
Windows Media Format 11 runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinZip 12.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\ARQUIV~1\Yahoo!\Common\YINSTH~1.DLL

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: avast! antivirus 4.8.1351 [VPS 090915-0]

======System event log======

Computer Name: TOCA-314C7984AA
Event Code: 7036
Message: O serviço Serviço de descoberta SSDP entrou no estado executando.

Record Number: 42506
Source Name: Service Control Manager
Time Written: 20090815093242.000000-180
Event Type: Informações
User:

Computer Name: TOCA-314C7984AA
Event Code: 7036
Message: O serviço hpqcxs08 entrou no estado executando.

Record Number: 42505
Source Name: Service Control Manager
Time Written: 20090815093242.000000-180
Event Type: Informações
User:

Computer Name: TOCA-314C7984AA
Event Code: 7035
Message: O serviço aswRdr recebeu com êxito um controle Iniciar.

Record Number: 42504
Source Name: Service Control Manager
Time Written: 20090815093242.000000-180
Event Type: Informações
User: AUTORIDADE NT\SYSTEM

Computer Name: TOCA-314C7984AA
Event Code: 7035
Message: O serviço Serviço de descoberta SSDP recebeu com êxito um controle Iniciar.

Record Number: 42503
Source Name: Service Control Manager
Time Written: 20090815093242.000000-180
Event Type: Informações
User: AUTORIDADE NT\SYSTEM

Computer Name: TOCA-314C7984AA
Event Code: 7036
Message: O serviço Reconhecimento de local da rede (NLA) entrou no estado executando.

Record Number: 42502
Source Name: Service Control Manager
Time Written: 20090815093242.000000-180
Event Type: Informações
User:

=====Application event log=====

Computer Name: TOCA-314C7984AA
Event Code: 1002
Message: Starting interactive setup.

Record Number: 1344
Source Name: WgaSetup
Time Written: 20090612094028.000000-180
Event Type: Informações
User:

Computer Name: TOCA-314C7984AA
Event Code: 1006
Message: O Eula foi aceito anteriormente.

Record Number: 1343
Source Name: WgaSetup
Time Written: 20090612094028.000000-180
Event Type: Informações
User:

Computer Name: TOCA-314C7984AA
Event Code: 0
Message:
Record Number: 1342
Source Name: hpqcxs08
Time Written: 20090611104222.000000-180
Event Type: Informações
User:

Computer Name: TOCA-314C7984AA
Event Code: 1800
Message: O Serviço da Central de Segurança do Windows foi iniciado.

Record Number: 1341
Source Name: SecurityCenter
Time Written: 20090611104219.000000-180
Event Type: Informações
User:

Computer Name: TOCA-314C7984AA
Event Code: 1007
Message: O Eula não foi recusado anteriormente.

Record Number: 1340
Source Name: WgaSetup
Time Written: 20090611104213.000000-180
Event Type: Informações
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Arquivos de programas\Samsung\Samsung PC Studio 3\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by Toca do Game at 2009-09-15 19:52:36
Microsoft Windows XP Professional Service Pack 3
System drive C: has 26 GB (34%) free of 76 GB
Total RAM: 1023 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:52:46, on 15/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\WinLogT.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\vsnpstd2.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe
C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Toca do Game\Desktop\RSIT.exe
C:\Documents and Settings\Toca do Game\Desktop\HiJackThis\Toca do Game.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfre0.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfre0.dll
O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfre0.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [snpstd2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.13\MediaManager\grab.html
O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra 'Tools' menuitem: Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 9643 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\SmartDefrag.job
C:\WINDOWS\tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E3C3651-B19C-4DD9-A979-901EC3E930AF}]
ssh2 Class - C:\Arquivos de programas\Scpad\scpsssh2.dll [2007-12-12 214272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-04-10 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540003}]
GbIehObj Class - C:\Arquivos de programas\GbPlugin\gbiehcef.dll [2009-07-01 293928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2009-09-06 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-06 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
free-downloads.net Toolbar - C:\Arquivos de programas\free-downloads.net\tbfre0.dll [2009-07-18 2215960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Barra de Ferramentas do Yahoo! com bloqueador de pop-up - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll [2008-12-10 929224]
{ecdee021-0d17-467f-a1ff-c7a115230949} - free-downloads.net Toolbar - C:\Arquivos de programas\free-downloads.net\tbfre0.dll [2009-07-18 2215960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-06-15 1826816]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"WinLogT"=C:\WINDOWS\WinLogT.exe [2006-03-30 500224]
"avast!"=C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
"snpstd2"=C:\WINDOWS\vsnpstd2.exe [2007-04-13 307200]
"TkBellExe"=C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [2009-04-10 198160]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-05-01 86016]
"ArcSoft Connection Service"=C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe [2009-07-10 195072]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-05-01 13750272]
"SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre6\bin\jusched.exe [2009-09-06 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"=C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe [2009-06-30 2329224]
"msnmsgr"=C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"DAEMON Tools Lite"=C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe [2009-06-30 2329224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
C:\Arquivos de programas\Ares\Ares.exe [2009-02-03 1004544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Arquivos de programas\DNA\btdna.exe [2009-04-02 321344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Arquivos de programas\Electronic Arts\EADM\Core.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2009-05-01 13750272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Software Kodak EasyShare.lnk]
C:\ARQUIV~1\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-07-10 323584]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar
Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef]
C:\Arquivos de programas\GbPlugin\gbiehcef.dll [2009-07-01 293928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2009-07-29 202032]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2009-07-29 202032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399003}"=C:\Arquivos de programas\GbPlugin\gbiehcef.dll [2009-07-01 293928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\Arquivos de programas\eMule\emule.exe"="C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule"
"D:\MOHAA\MOHAA.exe"="D:\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)"
"C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE"="C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Arquivos de programas\GameSpy Arcade\Aphex.exe"="C:\Arquivos de programas\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Arquivos de programas\DNA\btdna.exe"="C:\Arquivos de programas\DNA\btdna.exe:*:Enabled:DNA"
"C:\Arquivos de programas\BitTorrent\bittorrent.exe"="C:\Arquivos de programas\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Arquivos de programas\Ares\Ares.exe"="C:\Arquivos de programas\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:pnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:pnkBstrB"
"C:\Arquivos de programas\Megacubo\megacubo.exe"="C:\Arquivos de programas\Megacubo\megacubo.exe:*:Enabled:MegaCubo"
"C:\Arquivos de programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Arquivos de programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\Arquivos de programas\Jogos\Combat Arms\CombatArms.exe"="C:\Arquivos de programas\Jogos\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Arquivos de programas\Jogos\Combat Arms\Engine.exe"="C:\Arquivos de programas\Jogos\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\AutoRun\command - J:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24d49868-6ee0-11dd-9792-001d7dfe5592}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f07cf58-5024-11dd-a093-001d7dfe5592}]
shell\AutoRun\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\service.exe
shell\open\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\service.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{648e3247-fb82-11dd-98ef-001d7dfe5592}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cde236e4-4ddc-11dd-a090-001d7dfe5592}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbb90822-caf0-11dd-985a-001d7dfe5592}]
shell\Auto\command - E:\tel.xls.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f78d56b8-a106-11dd-9807-001d7dfe5592}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs


======List of files/folders created in the last 1 months======

2009-09-15 19:52:36 ----D---- C:\rsit
2009-09-10 07:55:55 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\NOS
2009-09-10 07:55:55 ----D---- C:\Arquivos de programas\NOS
2009-09-06 17:04:44 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-06 17:04:44 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-06 17:04:44 ----A---- C:\WINDOWS\system32\java.exe
2009-09-06 17:04:44 ----A---- C:\WINDOWS\system32\deploytk.dll

======List of files/folders modified in the last 1 months======

2009-09-15 19:52:46 ----D---- C:\WINDOWS\Prefetch
2009-09-15 19:36:16 ----D---- C:\Arquivos de programas\Mozilla Firefox
2009-09-15 19:19:11 ----D---- C:\WINDOWS
2009-09-15 19:00:40 ----D---- C:\WINDOWS\Temp
2009-09-15 18:06:51 ----AD---- C:\WINDOWS\system32\drivers
2009-09-15 15:11:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-13 23:35:05 ----A---- C:\WINDOWS\NeroDigital.ini
2009-09-12 20:02:25 ----D---- C:\Arquivos de programas\Jogos
2009-09-11 21:56:14 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin
2009-09-11 21:56:10 ----D---- C:\Arquivos de programas\GbPlugin
2009-09-11 19:22:49 ----RD---- C:\Arquivos de programas
2009-09-11 14:59:08 ----D---- C:\WINDOWS\system32
2009-09-11 14:46:11 ----D---- C:\Program Files
2009-09-11 07:40:30 ----D---- C:\WINDOWS\Help
2009-09-10 22:02:02 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Google
2009-09-10 22:02:02 ----D---- C:\Arquivos de programas\Google
2009-09-10 22:02:01 ----SHD---- C:\WINDOWS\Installer
2009-09-10 07:48:37 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-06 17:04:48 ----HD---- C:\Config.Msi
2009-09-06 17:04:25 ----D---- C:\Arquivos de programas\Java
2009-09-06 16:24:16 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-06 16:24:11 ----HD---- C:\WINDOWS\inf
2009-09-02 15:24:08 ----D---- C:\Documents and Settings\Toca do Game\Dados de aplicativos\HPAppData
2009-09-01 12:39:35 ----D---- C:\Documents and Settings\Toca do Game\Dados de aplicativos\Vso
2009-09-01 12:39:35 ----D---- C:\Documents and Settings\Toca do Game\Dados de aplicativos\Desktopicon
2009-09-01 12:39:35 ----D---- C:\Arquivos de programas\UltimateShareDownload1.3
2009-08-17 13:10:20 ----A---- C:\WINDOWS\system32\aswBoot.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-06-10 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-06-10 28160]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-04-08 54272]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-11-11 5632]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-04-19 165376]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-04-19 18048]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Protocolo de transporte compatível; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-28 63232]
R2 NwlnkSpx;Protocolo NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-28 55936]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-15 11984]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-18 4547584]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-11-27 58368]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-11-27 19968]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-08-07 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol); C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 31232]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;Usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-06-10 99584]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S2 Ca533av;Icatch(IV) Video Camera Device; C:\WINDOWS\System32\Drivers\Ca533av.sys []
S3 a1ymranm;a1ymranm; C:\WINDOWS\system32\drivers\a1ymranm.sys []
S3 aecjtt4j;aecjtt4j; C:\WINDOWS\system32\drivers\aecjtt4j.sys []
S3 BthEnum;Driver de Bloqueio de Solicitação Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Driver de Porta Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272384]
S3 BTHUSB;Driver USB de Rádio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 hidusb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-28 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-28 12288]
S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 RFCOMM;Dispositivo Bluetooth (TDI do Protocolo RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 snpstd2;USB PC Camera (SN9C103); C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2007-03-29 343680]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;Driver de áudio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 USBCamera;Icatch(IV) Still Camera Device; C:\WINDOWS\System32\Drivers\Bulk533.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe [2009-02-06 109056]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 GbpSv;Gbp Service; C:\ARQUIV~1\GbPlugin\GbpSv.exe [2009-07-01 53288]
R2 hpqddsvc;Serviço de Descoberta de dispositivos CUE HP; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 InCDsrv;InCD Helper; C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe [2005-06-10 869888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2009-09-06 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-05-01 168004]
R2 NwSapAgent;Agente SAP; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-07-08 66872]
R2 StarWindServiceAE;StarWind AE Service; C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S3 Adobe LM Service;Adobe LM Service; C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-07-18 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------
 
Como desejar:

Logfile of HijackThis v1.99.1
Scan saved at 20:30:26, on 15/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\FRAPS\FRAPS.EXE
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe
C:\Arquivos de programas\Windows Media Player\wmplayer.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\MessengerDiscovery 2\MessengerDiscovery 2.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBD76A92-4E88-4DB5-A51D-1609BDD1513C}: NameServer = 200.204.0.10 200.204.0.138
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

PS. segui o passo a passo que vc pediu para o Falero fazer e ele deletou o proprio ctfmon.exe ... nunk confiei neste executavel, ele eh realmente Nasty? ou eh confiavel?
PS2. o Virus "Principal" q ele encontrou eh um tal de Seekmon .... vc conhece?? Oq ele faz??

Obrigado pela ajuda, depois de passar o Avira, o MalwareBytes, o Search and Destroy, o SpywareBlaster e Finalmente o CCleaner, eu alterei minhas senhas de MSN Orkut e-mail, bla bla bla, sera q eu estou Seguro??

Obrigado pela Atençao ^^
Vlw
 
Última edição:
Poxa, tenham bom senso e coloquem esses logs em spoiler, por favor.

É só colocar as tags [!spoiler] [!/spoiler] sobre o texto, sem o !, é claro.
Apesar de tudo não vejo esperança no meu apelo, mais e mais usuários aparecem sem conhecer os comandos básicos do fórum, inclusive usar a tag spoiler.

Não existe coisa pior que ler o tópico cheio de logs, ainda mais logs do RSIT.
 
bom dia a todos, estou passando aquí, só para comprimentar nosso caro colega MR.Wolf, parabenizar pelo seu excelente trabalho voluntário em ajuda-nos.
Fico feliz, quando vejo pessoas que usam de seus bons conhecimentos para ajudar ao próximo na maior da boa vontade.....que Deus o abençõe sempre, vc e toda sua família.
abs
 
Pessoal preciso muito da ajuda dos experts do forum, pela primeira vez peguei um virus que nao estou conseguindo me livrar sozinho..

Ele se chama:

P2P-Worm.Win32.Polip.a



Aqui eu uso o kaspersky 2009 sempre atualizado (winxp sp3), tambem tentei as ferramentas especificas para remoção deste virus da propria kaspersky e da bitdefender...

O que acontece que todas ferramentas detectam e excluem os arquivos infectados....Porem o virus arranja uma maneira de infectar outros arquivos, toda vez que passo os anti virus ele acha arquivos diferentes infectados.....



Alguem saberia me ajudar a me livrar de vez deste virus?


Desde ja agradeco
 
Última edição:
Olá pessoal, boa tarde à todos! Vamos lá:



Falero, siga as instruções abaixo no spoiler:

Você possui um componente problemático em seu computador, amigo Falero. É o DNA BitTorrent. Este complemento possui muitas vulnerabilidades críticas. Atualmente, ele vem sendo implementado como um aplicativo independente, ou seja, tem o poder de agir sem seu consentimento, podendo abrir brechas para crackers na rede P2P.
Mas a decisão de mantê-lo ou removê-lo é somente sua.


- Faça o download do OTM e salve no desktop;

● Dê um duplo clique no ícone do programa (OTM.exe) para executá-lo;
● Selecione e copie todo este conteúdo aqui abaixo:

Código: 
:Processes

:Services
a1ymranm
aecjtt4j

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=-
"{ecdee021-0d17-467f-a1ff-c7a115230949}"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24d49868-6ee0-11dd-9792-001d7dfe5592}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f07cf58-5024-11dd-a093-001d7dfe5592}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{648e3247-fb82-11dd-98ef-001d7dfe5592}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cde236e4-4ddc-11dd-a090-001d7dfe5592}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbb90822-caf0-11dd-985a-001d7dfe5592}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

:Files
C:\Arquivos de programas\free-downloads.net
C:\Arquivos de programas\Yahoo!
C:\Arquivos de programas\DAEMON Tools Toolbar
C:\WINDOWS\system32\drivers\a1ymranm.sys
C:\WINDOWS\system32\drivers\aecjtt4j.sys 

:Commands
[purity]
[emptytemp]
[Reboot]
● Cole o que você copiou no programa (no espaço em branco da janela);
● Clique no botão MoveIt;
● Se aparecer uma mensagem para reiniciar o computador, reinicie-o;
● Na sua proxima resposta, copie e cole o todo o conteúdo que está em Results;
● Se o computador reiniciou, vá na pasta C:\_OTM\MovedFiles e abra o arquivo com a extensão .log presente dentro da pasta.

Copie e cole todo o conteúdo desse arquivo.



Baixe o TFC e salve-o no desktop

Salve tudo que estiver fazendo e feche todos os programas abertos
Clique no botão Start e aguarde a rápida verificação. Dê um OK na mensagem e aguarde o PC reiniciar.
__________________________________________


HeadHunterrrr, nunca copie instruções que passo a um outro amigo. Cada caso é um caso. As infecções de seu computador não estão relacionadas com as infecções do Falero. E como já lhe respondi anteriormente, o ctfmon.exe é seguro. Não confie em sites de análise automática. Ele é um arquivo ligado ao Microsoft Office. Leia sobre este processo aqui.

Bem, como você seguiu instruções não pedidas, por conta própria, e seu log é do dia 15/09 (ontem), poste um novo log para vermos a atual situação do mesmo.

__________________________________________


lta075, o RootRepeal roda perfeitamente em OS 64 bits. Entretanto, os primeiros testes que fizemos com esta ferramenta foram exatamente em sistemas x64.

Não há nada errado em seu log do OTS.

Faça um scan no Kaspersky seguindo este tutorial abaixo e poste o relatório final do scan aqui:

http://www.linhadefensiva.org/forum/index.php?showtopic=74159

_________________________________________


llallau, o Polip é um problema. Um vírus extremamente difícil de remover do sistema. Dependendo de sua variante, torna-se impossível! Você está infectado por uma das piores variantes dele - o Polip.a. Ele se replica a cada reboot do computador, pois contamina o setor de inicialização da máquina.

Vou lhe recomendar as ferramentas que considero mais eficazes, que podem tentar, remover o Polip.a de seu computador. Se estas falharem, infelizmente, talvez a única solução será a formatação.

Ferramentas:

McAfee Avert Stinger (a melhor)
Kaspersky AVP Tool
Dr.Web CureIt

Veja se com uma das três terá sucesso.

Poste o resultado.
 
Última edição:
agorasim™ disse:
bom dia a todos, estou passando aquí, só para comprimentar nosso caro colega MR.Wolf, parabenizar pelo seu excelente trabalho voluntário em ajuda-nos.
Fico feliz, quando vejo pessoas que usam de seus bons conhecimentos para ajudar ao próximo na maior da boa vontade.....que Deus o abençõe sempre, vc e toda sua família.
abs
Clique para expandir...
Opa meu amigo agorasim™, muito obrigado pelos parabéns e pelo apoio. Fico feliz que goste do meu trabalho aqui. É gratificante ouvir isso, pois não é sempre que nos deparamos com usuários com tanta consideração, ao ponto de fazer um post apenas agradecendo e nos incentivando, como este seu. Muitos não dizem nem um "obrigado" quando resolvem seu problema! E isso, apesar de muitos não acreditarem, nos deixa um pouco desmotivados. Alguns inclusive nem retornam ao caso para agradecer a quem o ajudou.

Obrigado novamente agorasim™. E lembre-se: Se precisar estamos aí. Basta postar :)

Que Deus abençoe você e toda sua família também caro amigo.

Abraços
 
Valeu wolf, eu ja imaginava que seria dificil, a unica ferramanta dessas que eu nao tentei ainda eh a Dr.Web CureIt, irei tentar......porem estou com uma duvida:

Eu tenho pelo menos 5 hd´s externos ligados o tempo todo com backups...
Nao scaniei ainda os HDS externos para saber se estao infectados...
Se eles estiverem e eu formatar a unidade do sistema operacional, ela podera ser infectada novamente certo?
Sera que tem como evitar isso?

vlw a ajuda
 
acho que o notebook tem virus

o log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:53:38, on 16/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\csrcs.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe
C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Arquivos de programas\QuickTime\QTTask.exe
C:\Arquivos de programas\HPQ\Quick Launch Buttons\EabServr.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\vsnppro.exe
C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe
C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE
C:\Arquivos de programas\Software WIDCOMM\Bluetooth\BTTray.exe
C:\Arquivos de programas\Arquivos comuns\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\ARQUIV~1\SOFTWA~1\BLUETO~1\BTSTAC~1.EXE
C:\Arquivos de programas\HPQ\shared\hpqwmi.exe
C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe
C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Arquivos de programas\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Arquivos de programas\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [snppro] C:\WINDOWS\vsnppro.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [\\LTAKA\EPSON Stylus CX5600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE /FU "C:\DOCUME~1\Angelica\CONFIG~1\Temp\E_S4.tmp" /EF "HKCU"
O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar para &Bluetooth - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{50AC5620-B9C5-4890-90C0-5374B8232173}: NameServer = 201.6.0.112,201.6.0.108
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Arquivos de programas\HPQ\shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

--
End of file - 8556 bytes
 
Mr. Wolf

OTM results:

All processes killed
Error: Unable to interpret <Código:> in the current context!
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
Service\Driver a1ymranm not found.
Service\Driver a1ymranm not found.
Service\Driver aecjtt4j not found.
Service\Driver aecjtt4j not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecdee021-0d17-467f-a1ff-c7a115230949}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ecdee021-0d17-467f-a1ff-c7a115230949} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecdee021-0d17-467f-a1ff-c7a115230949}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24d49868-6ee0-11dd-9792-001d7dfe5592}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24d49868-6ee0-11dd-9792-001d7dfe5592}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f07cf58-5024-11dd-a093-001d7dfe5592}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f07cf58-5024-11dd-a093-001d7dfe5592}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{648e3247-fb82-11dd-98ef-001d7dfe5592}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{648e3247-fb82-11dd-98ef-001d7dfe5592}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cde236e4-4ddc-11dd-a090-001d7dfe5592}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cde236e4-4ddc-11dd-a090-001d7dfe5592}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbb90822-caf0-11dd-985a-001d7dfe5592}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbb90822-caf0-11dd-985a-001d7dfe5592}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully.
========== FILES ==========
C:\Arquivos de programas\free-downloads.net moved successfully.
C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn moved successfully.
C:\Arquivos de programas\Yahoo!\Companion\Installs moved successfully.
C:\Arquivos de programas\Yahoo!\Companion\Data moved successfully.
C:\Arquivos de programas\Yahoo!\Companion moved successfully.
C:\Arquivos de programas\Yahoo!\Common moved successfully.
C:\Arquivos de programas\Yahoo! moved successfully.
C:\Arquivos de programas\DAEMON Tools Toolbar\Resources moved successfully.
C:\Arquivos de programas\DAEMON Tools Toolbar\FirefoxDTT\components moved successfully.
C:\Arquivos de programas\DAEMON Tools Toolbar\FirefoxDTT\chrome moved successfully.
C:\Arquivos de programas\DAEMON Tools Toolbar\FirefoxDTT moved successfully.
C:\Arquivos de programas\DAEMON Tools Toolbar moved successfully.
File/Folder C:\WINDOWS\system32\drivers\a1ymranm.sys not found.
File/Folder C:\WINDOWS\system32\drivers\aecjtt4j.sys not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrador
->Temp folder emptied: 19598 bytes
->Temporary Internet Files folder emptied: 14959473 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
File delete failed. C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 2568940 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Toca do Game
->Temp folder emptied: 76806 bytes
->Temporary Internet Files folder emptied: 13840246 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 70278858 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\74224F8D4A1748169EDB7BB854DE532C.TMP folder deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\NV30923260.TMP folder deleted successfully.
File delete failed. C:\WINDOWS\S32E88676.tmp scheduled to be deleted on reboot.
%systemroot% .tmp files removed: 2749375 bytes
%systemroot%\System32 .tmp files removed: 1610800 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7a8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 52967 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 101,37 mb


OTM by OldTimer - Version 3.0.0.6 log created on 09162009_192959
 
Opa, Boa Noite ^^

MR.Wolf, mil Perdoes, acabei fazendo como o sugerido pelo falero pois estava desesperado, mas creio q deu certo, como pediu, aq vai o log:

Logfile of HijackThis v1.99.1
Scan saved at 23:27:32, on 16/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\FRAPS\FRAPS.EXE
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\MessengerDiscovery 2\MessengerDiscovery 2.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\update.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Windows Media Player\wmplayer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBD76A92-4E88-4DB5-A51D-1609BDD1513C}: NameServer = 200.204.0.10 200.204.0.138
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

Ahh, o Ctfmon.exe q o Programa apagou não era o q o System executa, e sim um do proprio administrador, creio q seja tipo um virus camuflado com o mesmo nome de um executavel importante, quem sabe, ^^

Obrigado Novamente,
Ja me sinto mais seguro, ^^
 
Mr.Wolf disse:
luisednardo, temos um enorme problema aí. Este computador está infectado por rootkits e ransomwares. Caso não saiba o que seja ransomwares, são malwares que sequestram arquivos do sistema da vítima, enviam aos criadores da praga, e estes pedem resgate para recuperar os arquivos roubados. Ou podem simplesmente nem pedir resgate, apenas roubam os arquivos definitivamente, sem chance de recuperação. Mais informações sobre os ransomwares aqui.

Siga abaixo:

Baixe este arquivo abaixo e coloque na pasta C:\WINDOWS\System32\drivers:

http://andymanchesta.com/Files/XP/beep.sys

Surgirá uma mensagem dizendo que já existe um arquivo com este nome e deseja substituir por este novo, clique em Sim para que a substituição seja efetuada.


Baixe este arquivo abaixo, extraia-o no desktop e execute-o:

http://www.kaspersky.com/removaltools?vtopen=154293695#open

Quando a ferramenta terminar, pressione Enter.

OBS: Se surgir uma pop-up alertando que ocorreu um erro Win32 Válido, clique em Ignore. de forma alguma clique em OK ou Yes na mensagem.


Delete o ComboFix e baixe-o novamente.

Vá em Iniciar > Executar, digite "%userprofile%\desktop\combofix.exe" /killall e clique em OK como na imagem:

combofixejr8.gif


Poste o novo log do ComboFix luisednardo.
____________________________________
Clique para expandir...

Pronto Mr Wolf, será que estamos vencendo essa luta?
Aí está o log do combofix.
ComboFix 09-09-16.02 - Dr Carlos Renato 16/09/2009 23:12.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1015.769 [GMT -3:00]
Executando de: c:\documents and settings\Dr Carlos Renato\desktop\combofix.exe
Comandos utilizados :: /killall
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!
.
ADS - drivers: deleted 12 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_004310_.tmp.dll
c:\windows\system32\_004311_.tmp.dll
c:\windows\system32\_004312_.tmp.dll
c:\windows\system32\_004313_.tmp.dll
c:\windows\system32\_004320_.tmp.dll
c:\windows\system32\_004321_.tmp.dll
c:\windows\system32\_004322_.tmp.dll
c:\windows\system32\_004323_.tmp.dll
c:\windows\system32\_004325_.tmp.dll
c:\windows\system32\_004326_.tmp.dll
c:\windows\system32\_004329_.tmp.dll
c:\windows\system32\_004330_.tmp.dll
c:\windows\system32\_004332_.tmp.dll
c:\windows\system32\_004333_.tmp.dll
c:\windows\system32\_004334_.tmp.dll
c:\windows\system32\_004336_.tmp.dll
c:\windows\system32\_004339_.tmp.dll
c:\windows\system32\_004340_.tmp.dll
c:\windows\system32\_004344_.tmp.dll
c:\windows\system32\_004345_.tmp.dll
c:\windows\system32\_004347_.tmp.dll
c:\windows\system32\_004349_.tmp.dll
c:\windows\system32\_004350_.tmp.dll
c:\windows\system32\_004352_.tmp.dll
c:\windows\system32\_004353_.tmp.dll
c:\windows\system32\_004354_.tmp.dll
c:\windows\system32\_004355_.tmp.dll
c:\windows\system32\_004356_.tmp.dll
c:\windows\system32\_004359_.tmp.dll
c:\windows\system32\_004360_.tmp.dll
c:\windows\system32\_004361_.tmp.dll
c:\windows\system32\_004362_.tmp.dll
c:\windows\system32\_004363_.tmp.dll
c:\windows\system32\_004368_.tmp.dll
c:\windows\system32\drivers\82ea4fe6.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_82ea4fe6


(((((((((((((((( Arquivos/Ficheiros criados de 2009-08-17 to 2009-09-17 ))))))))))))))))))))))))))))
.

2009-09-17 01:40 . 2001-10-28 12:07 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2009-09-17 01:39 . 2004-08-04 03:45 45056 -c--a-w- c:\windows\system32\dllcache\nsepm.dll
2009-09-17 01:38 . 2001-10-28 12:06 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll
2009-09-17 01:37 . 2001-10-28 12:07 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2009-09-17 01:25 . 2009-09-17 01:26 -------- d-----w- c:\windows\LastGood.Tmp
2009-09-17 01:25 . 2001-10-28 12:06 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-09-17 01:25 . 2001-10-28 12:06 13312 ----a-w- c:\windows\system32\irclass.dll
2009-09-17 01:25 . 2001-10-28 12:07 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-09-17 01:25 . 2001-10-28 12:07 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-09-15 05:27 . 2009-09-15 05:27 -------- d-----w- C:\vga
2009-09-15 05:25 . 2009-09-15 05:25 6913062 ----a-w- C:\motherboard_driver_vga_via_km266_2kxp.exe
2009-09-15 05:18 . 2009-09-15 05:18 -------- d-----w- c:\arquivos de programas\Lavalys
2009-09-15 03:48 . 2009-09-15 03:53 -------- d-----w- c:\windows\system32\pt-br
2009-09-15 03:48 . 2009-09-15 03:53 -------- d-----w- c:\windows\l2schemas
2009-09-15 03:48 . 2009-09-15 03:53 -------- d-----w- c:\windows\system32\bits
2009-09-15 03:38 . 2004-08-04 03:55 46464 ----a-w- c:\windows\system32\drivers\gagp30kx.sys
2009-09-15 03:38 . 2004-08-04 03:55 44928 ----a-w- c:\windows\system32\drivers\agpcpq.sys
2009-09-15 03:38 . 2004-08-04 03:55 44672 ----a-w- c:\windows\system32\drivers\uagp35.sys
2009-09-15 03:38 . 2004-08-04 03:55 43008 ----a-w- c:\windows\system32\drivers\amdagp.sys
2009-09-15 03:38 . 2004-08-04 03:55 42752 ----a-w- c:\windows\system32\drivers\alim1541.sys
2009-09-15 03:38 . 2004-08-04 03:55 42368 ----a-w- c:\windows\system32\drivers\agp440.sys
2009-09-15 03:38 . 2004-08-04 03:55 41088 ----a-w- c:\windows\system32\drivers\sisagp.sys
2009-09-15 03:38 . 2004-08-03 23:07 42240 ----a-w- c:\windows\system32\drivers\viaagp.sys
2009-09-15 03:38 . 2004-08-04 02:01 124800 -c--a-w- c:\windows\system32\dllcache\fltmgr.sys
2009-09-15 03:38 . 2004-08-04 02:01 124800 ----a-w- c:\windows\system32\drivers\fltmgr.sys
2009-09-15 03:38 . 2004-08-04 03:45 382464 -c--a-w- c:\windows\system32\dllcache\qmgr.dll
2009-09-15 03:38 . 2004-08-04 03:45 382464 ----a-w- c:\windows\system32\qmgr.dll
2009-09-15 03:37 . 2004-08-04 03:45 142336 -c--a-w- c:\windows\system32\dllcache\sessmgr.exe
2009-09-15 03:37 . 2004-08-04 03:45 142336 ----a-w- c:\windows\system32\sessmgr.exe
2009-09-15 03:37 . 2004-08-04 02:07 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2009-09-15 03:37 . 2004-08-04 02:00 11264 -c--a-w- c:\windows\system32\dllcache\irenum.sys
2009-09-15 03:37 . 2004-08-04 02:00 11264 ----a-w- c:\windows\system32\drivers\irenum.sys
2009-09-15 03:37 . 2004-08-04 03:45 139400 -c--a-w- c:\windows\system32\dllcache\rdpwd.sys
2009-09-15 03:37 . 2004-08-04 03:45 139400 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-09-15 03:37 . 2004-08-04 03:41 73472 -c--a-w- c:\windows\system32\dllcache\sr.sys
2009-09-15 03:37 . 2004-08-04 03:41 73472 ----a-w- c:\windows\system32\drivers\sr.sys
2009-09-15 03:37 . 2004-08-04 02:07 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-09-15 03:37 . 2004-08-04 02:01 196864 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2009-09-15 03:37 . 2004-08-04 00:36 57984 ----a-w- c:\windows\system32\drivers\redbook.sys
2009-09-15 03:36 . 2004-08-04 03:45 21896 -c--a-w- c:\windows\system32\dllcache\tdtcp.sys
2009-09-15 03:36 . 2004-08-04 03:45 21896 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2009-09-15 03:36 . 2004-08-04 03:45 12040 -c--a-w- c:\windows\system32\dllcache\tdpipe.sys
2009-09-15 03:36 . 2004-08-04 03:45 12040 ----a-w- c:\windows\system32\drivers\tdpipe.sys
2009-09-15 03:36 . 2004-08-04 03:45 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2009-09-15 03:36 . 2004-08-04 02:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-09-15 03:36 . 2004-08-04 01:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-09-15 02:15 . 2009-09-15 02:15 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-09-15 02:13 . 2009-03-17 04:48 316973608 ----a-w- C:\WindowsXP-KB936929-SP3-x86-PTB.exe
2009-09-15 01:54 . 2009-07-28 19:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-15 01:54 . 2009-03-30 13:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-15 01:54 . 2009-02-13 15:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-09-15 01:54 . 2009-02-13 15:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-09-15 01:54 . 2009-09-15 01:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira
2009-09-15 01:54 . 2009-09-15 01:54 -------- d-----w- c:\arquivos de programas\Avira
2009-09-15 01:53 . 2009-09-15 01:53 33961728 ----a-w- C:\avira_antivir_personal_en.exe
2009-09-14 23:44 . 2009-09-14 23:44 -------- d-----w- c:\windows\NLDRV
2009-09-14 15:42 . 2009-09-14 15:42 -------- d-----w- c:\arquivos de programas\CCleaner
2009-09-14 15:42 . 2009-09-14 15:42 3293992 ----a-w- C:\ccsetup223.exe
2009-09-14 15:42 . 2009-09-15 05:34 -------- d-----w- C:\HijackThis
2009-09-14 15:41 . 2009-09-14 15:41 812344 ----a-w- C:\HijackThisInstaller.exe
2009-09-14 14:49 . 2009-09-14 14:49 -------- d-----w- c:\documents and settings\Dr Carlos Renato\Dados de aplicativos\Malwarebytes
2009-09-14 14:48 . 2009-09-10 17:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-14 14:48 . 2009-09-14 14:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2009-09-14 14:48 . 2009-09-10 17:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-14 14:48 . 2009-09-14 14:48 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2009-09-14 14:48 . 2009-09-14 14:48 4045528 ----a-w- C:\mbam-setup.exe
2009-09-14 14:41 . 2009-09-14 14:41 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avg8
2009-09-14 14:25 . 2009-09-14 14:25 -------- d-----w- c:\windows\system32\log
2009-09-12 19:51 . 2009-09-12 19:52 1036741 ----a-w- C:\OdontoWay.zip
2009-09-12 00:19 . 2009-09-12 11:07 132096 ----a-w- C:\yukbea.exe
2009-09-04 17:13 . 2009-09-04 17:13 116224 ----a-w- c:\windows\system32\kut00.exe
2009-09-01 13:07 . 2009-09-11 10:49 0 ----a-w- c:\windows\system32\drivers\28a67337.sys
2009-08-28 10:38 . 2009-09-11 10:49 0 ----a-w- c:\windows\system32\drivers\2ecde64c.sys

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-17 02:01 . 2009-09-17 02:01 4224 ----a-w- c:\windows\system32\beep.sys
2009-09-17 01:59 . 2001-10-28 18:07 49586 ----a-w- c:\windows\system32\perfc016.dat
2009-09-17 01:59 . 2001-10-28 18:07 347294 ----a-w- c:\windows\system32\perfh016.dat
2009-09-17 01:34 . 2008-08-29 22:41 23008 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-17 01:27 . 2008-09-06 15:27 -------- d-----w- c:\arquivos de programas\PCI Fax Modem
2009-09-14 14:43 . 2008-08-29 23:15 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security
2009-09-12 19:54 . 2008-09-22 18:28 -------- d-----w- c:\documents and settings\Dr Carlos Renato\Dados de aplicativos\U3
2009-09-12 19:54 . 2008-09-13 11:15 -------- d-----w- c:\arquivos de programas\OdontoWay
2009-09-10 15:14 . 2008-12-19 20:49 -------- d-----w- c:\arquivos de programas\GbPlugin
2009-08-22 10:32 . 2008-12-19 20:49 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin
2009-08-17 17:43 . 2009-07-04 18:31 26632 ----a-w- c:\windows\system32\drivers\gbpkm.sys
2009-08-10 12:41 . 2009-08-10 12:41 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2009-02-09 14:24 . 2008-08-29 23:08 67688 ----a-w- c:\arquivos de programas\mozilla firefox\components\jar50.dll
2009-02-09 14:24 . 2008-08-29 23:08 54368 ----a-w- c:\arquivos de programas\mozilla firefox\components\jsd3250.dll
2009-02-09 14:24 . 2008-08-29 23:08 34944 ----a-w- c:\arquivos de programas\mozilla firefox\components\myspell.dll
2009-02-09 14:24 . 2008-08-29 23:08 46712 ----a-w- c:\arquivos de programas\mozilla firefox\components\spellchk.dll
2009-02-09 14:24 . 2008-08-29 23:08 172136 ----a-w- c:\arquivos de programas\mozilla firefox\components\xpinstal.dll
2008-10-31 22:50 . 2008-11-01 12:15 2640 --sha-r- c:\windows\system32\oobe\dialmgr.dat
.

------- Sigcheck -------

[-] 2008-01-17 . 33F035C825436E820D0AD4161C738F91 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[7] 2004-08-04 . 1DD4FC7EEE3A45257528A34FDF7BC689 . 1548288 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\sfcfiles.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="c:\arquivos de programas\VIA Technologies" [X]
"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2004-06-29 569344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [04/07/2009 15:31 26632]
R2 antivirschedulerservice;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [14/09/2009 22:54 108289]
S1 28a67337;28a67337;c:\windows\system32\drivers\28a67337.sys [01/09/2009 10:07 0]
S1 2ecde64c;2ecde64c;c:\windows\system32\drivers\2ecde64c.sys [28/08/2009 07:38 0]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Dr Carlos Renato\Dados de aplicativos\Mozilla\Firefox\Profiles\3sf1iy5a.default\
.
- - - - ORFÃOS REMOVIDOS - - - -

HKU-Default-Run-msnmsgr - c:\arquivos de programas\MSN Messenger\msnmsgr.exe
Notify- GbPluginBb - c:\arquivos de programas\GbPlugin\gbieh.dll
Notify-dimsntfy - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-09-16 23:18
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(2088)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\arquivos de programas\VIA Technologies, INC\Audio Deck\ADeck.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-09-17 23:21 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-09-17 02:21
ComboFix2.txt 2009-09-14 15:37

Pré-execução: 9 pasta(s) 69.851.262.976 bytes disponíveis
Pós execução: 10 pasta(s) 69.825.589.248 bytes disponíveis

Current=4 Default=4 Failed=0 LastKnownGood=3 Sets=1,2,3,4,5
231

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:50:10, on 17/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\VIA Technologies, INC\Audio Deck\ADeck.exe
C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\sm56hlpr.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIA Technologies, INC\Audio Deck\ADeck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\j2re1.4.1\bin\npjpi141.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\j2re1.4.1\bin\npjpi141.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O11 - Options group: [searching] Pesquisa na barra de endereços
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll (file missing)
O23 - Service: Avira AntiVir Scheduler (antivirschedulerservice) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (antivirservice) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Serviço de transferência inteligente de plano de fundo (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Atualizações Automáticas (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 3812 bytes
 
Última edição:
Você deve fazer login ou se registrar para responder aqui.

Users who are viewing this thread

Total: 4 (membros: 0, visitantes: 4)
Voltar
Topo