Remoção de vírus

Olá Mr. Wolf.... Estou de volta....rsssss

O micro fica fazendo um barulinho de click de mouse e se é um programa de tela cheia, ele volta para a area de trabalho toda hora. Inclusive, toda hora esta fica em 2º plano e preciso usar o mouse p continuar a escrever.
Fui procurar o som referente, o comando é de inciar navegação.

Qual o nome do virus??Rssssss

se puder me ajudar, segue hijack....rssss

abs

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:36:25, on 21/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode

Running processes:
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SoundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [BigDogPath] "C:\Windows\ZSSnp211.exe"
O4 - HKLM\..\Run: [Domino] "C:\Windows\Domino.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Windows\system32\MMTray.exe"
O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe"
O4 - HKLM\..\Run: [avast!] "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files (x86)\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [WindowsWelcomeCenter] "C:\Windows\system32\rundll32.exe" oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] "C:\Windows\ehome\ehTray.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe" -autorun
O4 - HKCU\..\Run: [MSServer] "C:\Windows\system32\rundll32.exe" C:\Users\Thiago\AppData\Local\Temp\iifgGXrR.dll,#1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: is-80GIH.lnk = C:\Program Files (x86)\Virus Removal Tool\is-80GIH\startup.exe
O4 - Startup: is-MEVA6.lnk = C:\Program Files (x86)\Virus Removal Tool\is-MEVA6\startup.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_03\bin\npjpi150_03.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files (x86)\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: WMPNetworkSvc - Unknown owner - (no file)

--
End of file - 7506 bytes
 
Última edição:
Tenho notado meu pc meio lento nos ultimos dias, não sei se é normal, poderia olhar pra mim, Mr Wolf?

Valeu :p

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:47:21, on 9/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\uTorrent\uTorrent.exe
C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe
C:\Arquivos de programas\nHancer\nHancer.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
C:\Arquivos de programas\Orbitdownloader\orbitnet.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe
C:\Arquivos de programas\nHancer\nHancerService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Skype\Toolbars\Shared\SkypeNames.exe
C:\Arquivos de programas\Java\jre6\bin\jucheck.exe
C:\Arquivos de programas\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.compartilhando.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [nHancer] "C:\Arquivos de programas\nHancer\nHancer.exe" /tray
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI" TRANSFORMS="C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST" WISE_SETUP_EXE_PATH="f:\drivers\xp\PhysX_9.09.0203_SystemSoftware.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PES2010_widget3315442796.lnk = ?
O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Arquivos de programas\nHancer\nHancerService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9218 bytes
 
Olá pessoal, boa tarde à todos!



simer, siga abaixo:

Selecione e copie o texto abaixo. Cole-o no Bloco de Notas de seu computador e salve-o no desktop como CFScript.txt

Código: 
File::
c:\users\Lilian\AppData\Roaming\wklnhst.dat

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:

CFScript.gif


● Se for solicitado à você, pressione Enter para iniciar o processo de remoção;
Não use o mouse nem o teclado quando o ComboFix estiver rodando;
● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt;
● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

Pergunta: Como está o computador amigo simer?
_______________________________


cassianosmi, aparentemente, nada de anormal no log.

Travamento no computador pode ser inúmeros motivos. Na maioria dos caso, é causado por hardware ou sistema desatualizado. Entretanto, o seu está bem desatualizado! Recomendo que atualize-o para o SP3 e Internet Explorer 8.

Porém, vamos verificar isso melhor. Siga abaixo:

- Faça o download do AVZ4 e salve-o no desktop;

- Extraia os arquivos do WinZip para o desktop, onde será criada uma pasta chamada avz4 no mesmo local;
- Entre nesta pasta e dê um duplo clique sobre o arquivo AVZ.exe para rodar a ferramenta;
- Ao abrir a janela do programa, clique no menu File > Database Update. Ou clique no botão
AVZupdate.jpg
no canto direito do painel da ferramenta, e clique no botão Start para atualizar a ferramenta;
- Clique no menu File > Standard scripts e marque a opção "2. Advanced System Analysis";
- Clique então no botão Execute selected scripts e clique em Yes na próxima mensagem. Aguarde a análise;
- Quando a análise terminar, clique em OK na mensagem. Voltando à janela Standard scripts, clique em Close para fechá-la. E feche também a janela do AVZ4;
- Vá até a pasta avz4 no desktop, e abra a pasta LOG que está dentro dela;
- Nesta estará os logs e uma pasta zipada denominada: virusinfo_syscheck.zip.

Anexe esta pasta em sua próxima resposta.
_______________________________


palma, siga abaixo:

Selecione e copie o texto abaixo. Cole-o no Bloco de Notas de seu computador e salve-o no desktop como CFScript.txt

Código: 
KILLALL::

Folder::
c:\arquivos de programas\Eazel-PR

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}"=-
[-HKEY_CLASSES_ROOT\clsid\{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}"=-
[-HKEY_CLASSES_ROOT\clsid\{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8FB2FD83-A0A3-4269-A50D-7E40E3D45F7B}"=- 
[-HKEY_CLASSES_ROOT\clsid\{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}]
Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:

CFScript.gif


● Se for solicitado à você, pressione Enter para iniciar o processo de remoção;
Não use o mouse nem o teclado quando o ComboFix estiver rodando;
● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt;
● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.
_______________________________


Opa meu grande amigo GVSPFC, tudo bem e você?

O PremierOpinion é um adware que vem carregado de trojans. Geralmente, o Malwarebytes tem sucesso na remoção deste adware. Mas os trojans são um pouco resistentes, então creio que ele não os limpou.
Quanto às screensavers, tome cuidado GVSPFC. Muitas possuem vírus e malwares, que se instalados no PC, rodam em background. O que dificulta mais a detecção e remoção deles.

Siga as instruções abaixo amigo GVSPFC:

1ª Etapa

- Faça o download do Win32kDiag e salve no desktop.

- Vá em Iniciar > Executar, digite este comando abaixo e dê um OK:

"%userprofile%\desktop\win32kdiag.exe" -f -r

- Abrirá uma janela do prompt. Quando aparecer a mensagem: "Finished! Press any key to exit..." tecle Enter para fechar a janela.
- O log Win32kDiag.txt será criado no desktop. Mantenha-o salvo.


2ª Etapa

- Faça o download do ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Duplo clique no ícone combofix.exe para iniciar o scan;
● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.

Cole os logs do Win32kDiag e do ComboFix em sua próxima resposta.
_______________________________


tfarina, por que seu log foi feito em Modo de Segurança? Peço que da próxima vez faça-o em Modo Normal.

Temos um grande problema em seu log tfarina. É um malware bem complicado de remover.

Siga as instruções abaixo:

Sugiro que salve ou imprima as duas instruções, após baixar as ferramentas, pois os procedimentos terão que ser feitos em Modo de Segurança sem rede!

1ª Etapa

Baixe as três ferramentas abaixo e salve-as no desktop:

EliStarA -> Para baixar, no final da página clique no botão Descargar EliStarA.

EliTriip -> Para baixar, no final da página clique no botão Descargar EliTriip.

Malwarebytes Anti-Malware -> Instale-o e atualize-o.


Reinicie o computador em Modo de Segurança sem rede.

2ª Etapa


● Execute o EliStarA.exe. Clique em Sim/OK em todas as mensagens que forem aparecendo;
● Quando a ferramenta abrir definitivamente, clique no botão Explorar e aguarde o scan. Pode demorar um pouco, ou pode ser bem rápido, dependendo do caso!
● Depois execute o EliTriip.exe e faça o mesmo procedimento do EliStarA.exe;
● Ao término do scan, um log estará em C:\InfoSat.txt. Cole-o em sua próxima resposta.

OBS: As ferramentas modificarão sua página inicial do Internet Explorer colocando o about:blank, isso é normal. Basta configurá-lo conforme deseja depois.


3ª Etapa

● Dê dois cliques no programa para iniciar a instalação. Selecione o idioma Português (Brasil);
● Ao final da instalação, marque as opções "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em Concluir;
● Após a instalação execute o programa;
● Marque a opção Verificação Completa e depois clique em Verificar. Selecione sua unidade C: e clique no botão Iniciar Verificação;
● Quando o scan terminar, clique em OK e o log será automaticamente aberto para você;
● Se algo for detectado, verifique se todos os itens estão marcados e clique no botão Remover.
OBS: Caso apareça uma mensagem pedindo para que você reinicie o computador para completar o processo de remoção, reinicie-o imediatamente;
● O log pode ser consultado clicando em Logs do menu principal também;

Cole os logs de todas as ferramentas em sua próxima resposta, juntamente com um novo log do HijackThis.
_______________________________


tarcisinho, seu log está limpo.

Tente fazer uma limpeza, desfragmentar o disco e etc. Lentidão no computador pode ser diversos fatores.
 
Olá mr wolf...

bom, fico + aliviado...agora o combofix nao fez um txt de 1mega e meio HAHAHAH

Bom, ai vai o log dele...

ComboFix 09-10-07.05 - Lilian 09/10/2009 17:39.3.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.55.1046.18.3573.2240 [GMT -3:00]
Executando de: c:\users\Lilian\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\Lilian\Desktop\CFScript.txt
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* AV residente está ativo


FILE ::
"c:\users\Lilian\AppData\Roaming\wklnhst.dat"
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Lilian\AppData\Roaming\wklnhst.dat

.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-09-09 to 2009-10-09 ))))))))))))))))))))))))))))
.

2009-10-09 20:44 . 2009-10-09 20:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-09 20:44 . 2009-10-09 20:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-02 18:58 . 2005-01-03 06:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2009-10-02 18:57 . 2009-10-02 18:57 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-10-02 17:57 . 2009-10-01 13:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-24 20:25 . 2009-09-24 20:25 -------- d-----w- c:\program files\Softnyx
2009-09-11 10:26 . 2009-09-11 10:26 38240 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2009-09-11 10:26 . 2009-09-11 10:26 135048 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-09-11 10:23 . 2009-09-11 10:23 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-09-11 10:17 . 2009-09-11 10:17 116008 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-09-11 06:15 . 2009-09-11 06:15 -------- d-----w- c:\program files\Paint.NET
2009-09-11 06:15 . 2009-09-11 22:26 -------- d-----w- c:\users\Lilian\AppData\Local\Paint.NET

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-08 23:58 . 2009-06-19 02:22 -------- d-----w- c:\users\Lilian\AppData\Roaming\foobar2000
2009-10-08 18:16 . 2009-03-19 20:44 -------- d-----w- c:\program files\sXe Injected
2009-10-07 19:25 . 2009-04-20 22:19 -------- d-----w- c:\program files\ESET
2009-10-07 19:11 . 2009-03-04 12:07 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-07 18:53 . 2009-05-17 20:05 -------- d-----w- c:\programdata\eMule
2009-10-07 18:52 . 2009-09-02 04:36 -------- d-----w- c:\program files\Eudemons_Pt
2009-10-07 18:52 . 2009-03-04 15:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-07 18:46 . 2009-04-04 15:41 -------- d-----w- c:\programdata\Lavasoft
2009-10-07 18:46 . 2009-04-04 15:41 -------- d-----w- c:\program files\Lavasoft
2009-10-07 18:16 . 2009-03-18 05:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-06 23:40 . 2009-04-14 02:28 659164 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-06 23:40 . 2009-04-14 02:28 122976 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-06 23:40 . 2008-01-21 06:08 629012 ----a-w- c:\windows\system32\prfh0416.dat
2009-10-06 23:40 . 2008-01-21 06:08 120664 ----a-w- c:\windows\system32\prfc0416.dat
2009-09-26 22:11 . 2009-04-20 17:12 -------- d-----w- c:\users\Lilian\AppData\Roaming\LimeWire
2009-09-22 21:20 . 2009-04-05 03:14 -------- d-----w- c:\users\Lilian\AppData\Roaming\Winamp
2009-09-15 02:22 . 2009-04-05 03:14 -------- d-----w- c:\program files\Winamp
2009-09-10 17:54 . 2009-03-18 05:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 17:53 . 2009-03-18 05:52 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 06:10 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-10 06:01 . 2009-04-18 16:48 -------- d-----w- c:\programdata\Microsoft Help
2009-09-08 06:43 . 2009-09-08 06:43 -------- d-----w- c:\users\Lilian\AppData\Roaming\Apple Computer
2009-09-08 06:42 . 2009-09-08 06:42 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-09-08 06:42 . 2009-09-08 06:42 -------- d-----w- c:\program files\iTunes
2009-09-08 06:42 . 2009-09-08 06:42 -------- d-----w- c:\program files\iPod
2009-09-08 06:42 . 2009-09-08 06:38 -------- d-----w- c:\program files\Common Files\Apple
2009-09-08 06:42 . 2009-09-08 06:40 -------- d-----w- c:\programdata\Apple Computer
2009-09-08 06:41 . 2009-09-08 06:41 -------- d-----w- c:\program files\Bonjour
2009-09-08 06:41 . 2009-09-08 06:40 -------- d-----w- c:\program files\QuickTime
2009-09-08 06:40 . 2009-09-08 06:40 -------- d-----w- c:\program files\Apple Software Update
2009-09-08 06:38 . 2009-09-08 06:38 -------- d-----w- c:\programdata\Apple
2009-09-02 05:37 . 2009-09-02 04:43 -------- d-----w- c:\users\Lilian\AppData\Roaming\Audacity
2009-09-02 04:43 . 2009-09-02 04:42 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-08-31 00:43 . 2009-08-31 00:42 -------- d-----w- c:\program files\Google
2009-08-30 22:33 . 2009-03-06 21:40 101856 ----a-w- c:\users\Lilian\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-30 21:04 . 2009-08-08 17:00 -------- d-----w- c:\program files\VstPlugins
2009-08-28 12:39 . 2009-09-03 00:15 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-03 00:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-23 18:34 . 2009-08-23 17:28 -------- d-----w- c:\users\Lilian\AppData\Roaming\uTorrent
2009-08-23 17:29 . 2009-08-23 17:29 -------- d-----w- c:\program files\uTorrent
2009-08-23 02:38 . 2009-04-05 03:22 -------- d-----w- c:\users\Lilian\AppData\Roaming\Azureus
2009-08-23 02:29 . 2009-08-23 02:29 -------- d-----w- c:\program files\Nexus
2009-08-18 17:03 . 2009-08-18 17:03 680 ----a-w- c:\users\Lilian\AppData\Local\d3d9caps.dat
2009-08-14 17:07 . 2009-09-09 22:18 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-09 22:18 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:29 . 2009-09-09 22:18 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:16 . 2009-09-09 22:18 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-09 22:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-09 22:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-09 22:18 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-09 22:18 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-09 22:18 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-09 22:18 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-10 21:36 . 2009-08-10 21:33 -------- d-----w- c:\program files\Valve
2009-08-05 19:44 . 2009-08-04 17:05 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-03 23:52 . 2009-07-23 17:57 8270752 ----a-w- c:\users\Lilian\AppData\Roaming\DataSafeDotNet.exe
2009-07-18 16:06 . 2009-07-29 16:56 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-29 16:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-29 16:56 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-13 07:48 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-13 07:48 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-13 07:48 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-13 07:48 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-13 07:48 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-03-04 15:25 . 2009-03-04 15:25 75 --sh--r- c:\windows\CT4CET.bin
2009-03-04 19:38 . 2009-03-04 19:33 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot_2009-10-08_18.24.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 01:56 . 2009-10-08 18:08 56868 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-01-21 01:56 . 2009-10-09 20:31 56868 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:03 . 2009-10-08 18:09 95678 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:03 . 2009-10-09 20:31 95678 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-06 21:41 . 2009-10-09 20:31 10242 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3227899836-1394515616-522145767-1000_UserData.bin
+ 2008-04-15 00:58 . 2009-10-09 20:31 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-15 00:58 . 2009-10-08 18:09 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-15 00:58 . 2009-10-08 18:09 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-15 00:58 . 2009-10-09 20:31 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-15 00:58 . 2009-10-09 20:31 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-15 00:58 . 2009-10-08 18:09 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-08 18:07 . 2009-10-08 18:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-10-09 20:28 . 2009-10-09 20:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-10-09 20:28 . 2009-10-09 20:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-10-08 18:07 . 2009-10-08 18:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-03-06 23:41 . 2009-10-09 00:35 407652 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-03-06 23:41 . 2009-10-08 01:37 407652 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-18 3810304]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-02-15 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-09-11 2054360]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Atualizador de licen‡as ESET.lnk - c:\program files\ESET\MiNODLogin\MiNODLogin.exe [2009-10-3 125952]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-03-04 15:43 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{62998286-7A3F-4320-923A-0C892255EE2C}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{AD33C444-D411-4459-8464-8D209BC7097A}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{C24958E7-6F46-4760-AF4E-456EA95DA6EB}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{CA3E3848-DAAC-4C10-8285-0256FCE37574}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{C0D73811-3989-4734-BE8A-DC7BA1B599B8}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{4930F164-A7E0-4BE3-A4FB-F9254494C0E1}"= UDP:c:\program files\sXe Injected\sXe Injected.exe:sXe Injected
"{F20723ED-1AE4-40F6-A39E-5EFF8DDEF4E3}"= TCP:c:\program files\sXe Injected\sXe Injected.exe:sXe Injected
"TCP Query User{BB0AC42B-1A89-4DF2-8DE5-44DA9A38BA86}c:\\program files\\valve\\hl.exe"= UDP:c:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{1338191B-2C15-4CAA-962D-84365D22DF59}c:\\program files\\valve\\hl.exe"= TCP:c:\program files\valve\hl.exe:Half-Life Launcher
"TCP Query User{D2FB4BB7-C137-4604-A7A9-61E4DC6A31F4}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{A054FBB4-8CE4-448E-9226-29DC4CACD9FF}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{522AC004-4901-4F28-8A14-1028D76F8A26}c:\\program files\\valve\\hlds.exe"= UDP:c:\program files\valve\hlds.exe:HLDS Launcher
"UDP Query User{F3BEFAF8-EC06-48E6-9595-EDF256950F33}c:\\program files\\valve\\hlds.exe"= TCP:c:\program files\valve\hlds.exe:HLDS Launcher
"{130D05F7-6F4C-4437-B21E-7A3221B1F4B0}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{6599024F-A455-40DE-926F-F612B4020ECD}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{986B13FE-4287-45B9-9CE6-00EC1E262BB0}c:\\program files\\valve\\hl.exe"= UDP:c:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{19CB2C55-0696-442D-B6E2-2821C0A35CED}c:\\program files\\valve\\hl.exe"= TCP:c:\program files\valve\hl.exe:Half-Life Launcher
"{092D4E87-F59A-4961-A18B-456755DA08F1}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{3C9C73E4-F975-440F-B82C-B37807CA40C7}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{DC3AA2C6-05BD-4A7C-98E4-1EEA9F611D5A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{77B978FC-012B-4B02-8587-8377C68A982C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{95039AEF-AC46-402A-82F8-A49D5F0BA709}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{4840D3B9-4764-4312-90CB-A0CC305A6C37}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{C7E26ABE-F4E5-4C8B-919E-83302F9843E5}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{F5636C02-EFAD-4D09-8E12-4A585E818785}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{A0FC22A2-F365-4BBA-B68E-203165632537}c:\\program files\\softnyx\\wolfteam\\wolfteam.bin"= UDP:c:\program files\softnyx\wolfteam\wolfteam.bin:WolfTeam
"UDP Query User{A4408484-1603-4546-9804-000253D90564}c:\\program files\\softnyx\\wolfteam\\wolfteam.bin"= TCP:c:\program files\softnyx\wolfteam\wolfteam.bin:WolfTeam
"TCP Query User{8E6F13F0-684B-414C-B589-37FC2FFA4B2E}c:\\program files\\softnyx\\wolfteam\\wolfteam.bin"= UDP:c:\program files\softnyx\wolfteam\wolfteam.bin:WolfTeam
"UDP Query User{E67D3E1D-523F-439E-B00B-70D580969A61}c:\\program files\\softnyx\\wolfteam\\wolfteam.bin"= TCP:c:\program files\softnyx\wolfteam\wolfteam.bin:WolfTeam

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [11/09/2009 07:23 108792]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [02/09/2009 03:12 73728]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [11/09/2009 07:24 735960]
R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [11/09/2009 07:26 38240]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [04/03/2009 16:59 111616]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [04/03/2009 16:59 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [04/03/2009 16:59 7424]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30/08/2009 21:42 133104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Conteúdo da pasta 'Tarefas Agendadas'

2009-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-31 00:41]

2009-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-31 00:41]
.
.
------- Scan Suplementar -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Lilian\AppData\Roaming\Mozilla\Firefox\Profiles\rk1r5kow.default\
FF - prefs.js: browser.startup.homepage - Google
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-10-09 17:44
Windows 6.0.6001 Service Pack 1 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Tempo para conclusão: 2009-10-09 17:46
ComboFix-quarantined-files.txt 2009-10-09 20:46
ComboFix2.txt 2009-10-08 18:25
ComboFix3.txt 2009-08-05 03:02

Pré-execução: 142.912.585.728 bytes disponíveis
Pós execução: 142.925.922.304 bytes disponíveis

248 --- E O F --- 2009-10-08 23:11

e aqui o log do hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50:59, on 09/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Users\Lilian\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/5
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - Global Startup: Atualizador de licenças ESET.lnk = C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8585 bytes

Bom, vou ir usando aqiu e testando, mas já fico aliviado em relação ao combofix iAHiahiaHAIHIAHa

Acho que vou desfragmentar tb pra ajudar né....

Bom, se quiser dar uma olhada ai nos logs acima, eu agradeceria MUITO!!!
abraços!!
 
Amigo simer, os logs estão limpos :)

Vá em Iniciar > Executar, digite ComboFix /u e dê um OK para remover a ferramenta. Delete o Win32kDiag também (caso esteja aí ainda).

Vírus esta máquina não tem mais.

Somente um alerta simer: não sei se é você, sua irmâ, ou ambos, que utilizam o software GoToAssist. Muitos atacantes mal-intencionados usufruem do serviço remoto que o GoToAssist oferece, para comprometer a máquina do usuário, instalando malwares, hackeando o sistema, enfim...
Recomendo que, quando não estiverem utilizando este programa, mantenha o serviço dele desativado no Windows para evitar qualquer problema do gênero. Para isto basta ir em services.msc, encontrar o serviço dele e desativá-lo. Quando forem usá-lo, basta ativá-lo lá novamente.
 
Mr.Wolf disse:
Olá pessoal, boa tarde à todos!

tfarina, por que seu log foi feito em Modo de Segurança? Peço que da próxima vez faça-o em Modo Normal.

Temos um grande problema em seu log tfarina. É um malware bem complicado de remover.

Siga as instruções abaixo:

Sugiro que salve ou imprima as duas instruções, após baixar as ferramentas, pois os procedimentos terão que ser feitos em Modo de Segurança sem rede!

1ª Etapa

Baixe as três ferramentas abaixo e salve-as no desktop:

EliStarA -> Para baixar, no final da página clique no botão Descargar EliStarA.

EliTriip -> Para baixar, no final da página clique no botão Descargar EliTriip.

Malwarebytes Anti-Malware -> Instale-o e atualize-o.


Reinicie o computador em Modo de Segurança sem rede.

2ª Etapa


● Execute o EliStarA.exe. Clique em Sim/OK em todas as mensagens que forem aparecendo;
● Quando a ferramenta abrir definitivamente, clique no botão Explorar e aguarde o scan. Pode demorar um pouco, ou pode ser bem rápido, dependendo do caso!
● Depois execute o EliTriip.exe e faça o mesmo procedimento do EliStarA.exe;
● Ao término do scan, um log estará em C:\InfoSat.txt. Cole-o em sua próxima resposta.

OBS: As ferramentas modificarão sua página inicial do Internet Explorer colocando o about:blank, isso é normal. Basta configurá-lo conforme deseja depois.


3ª Etapa

● Dê dois cliques no programa para iniciar a instalação. Selecione o idioma Português (Brasil);
● Ao final da instalação, marque as opções "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em Concluir;
● Após a instalação execute o programa;
● Marque a opção Verificação Completa e depois clique em Verificar. Selecione sua unidade C: e clique no botão Iniciar Verificação;
● Quando o scan terminar, clique em OK e o log será automaticamente aberto para você;
● Se algo for detectado, verifique se todos os itens estão marcados e clique no botão Remover.
OBS: Caso apareça uma mensagem pedindo para que você reinicie o computador para completar o processo de remoção, reinicie-o imediatamente;
● O log pode ser consultado clicando em Logs do menu principal também;

Cole os logs de todas as ferramentas em sua próxima resposta, juntamente com um novo log do HijackThis.
_______________________________
Clique para expandir...


Ixi... deve ser grave, pois eu não estava em Modo de segurança....
O Malwarebytes eu já tinha, apenas atualizei e depois fui ao modo de segurança, mas não achou nenhum infectado

De qualquer forma, antes de realizar as estapas abaixo, limpei registros com o Marcos Velasco e um que vc me recomendou de limpar a maquina, não lembro o nome aqui, mas acho que é AT Cleaner....

Antes, ao iniciar, ele abria uma tela de erro de script java, depois de ter limpado o sistema e executado seus procedimentos, esse aviso parou.

Segue resultados:

EliStartPage v19.43
(9-10-2009 22:13:16 (GMT))
EliStartPage v19.43 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 9 de Octubre del 2009)
--------------------------------------------------
Lista de Acciones (por Acción Directa):
Eliminado , Installed Components "{08B0E5C0-4FCB-11CF-AAA5-00401C608500}"
No ha sido posible abrir IERESET.INF
Eliminadas las Paginas de Inicio y de Busqueda del IE
Eliminados Ficheros Temporales del IE

(9-10-2009 22:13:59 (GMT))
EliStartPage v19.43 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 9 de Octubre del 2009)
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"
C:\Users\Thiago\AppData\Roaming\_00f80997661465c30f6a349e1df2be99\down\CEEFOUR000.EXE --> Eliminado, Autoit

Nº Total de Directorios: 26193
Nº Total de Ficheros: 123426
Nº de Ficheros Analizados: 27971
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

(9-10-2009 22:22:37) (GMT)
EliTriIP v6.17 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 7 de Octubre del 2009)
---------------------------------------------
Lista de Acciones (por Acción Directa):
Eliminado Servicio, "Monitor"
Eliminado Servicio, "SCardSvr"

(9-10-2009 22:22:44) (GMT)
EliTriIP v6.17 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 7 de Octubre del 2009)
---------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 26193
Nº Total de Ficheros: 123425
Nº de Ficheros Analizados: 24039
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0


Malwarebytes' Anti-Malware 1.41
Malwarebytes' Anti-Malware 1.41
Versão do banco de dados: 2932
Windows 6.0.6001 Service Pack 3 (Safe Mode)

09/10/2009 19:55:32
mbam-log-2009-10-09 (19-55-32).txt

Tipo de Verificação: Completa (C:\|D:\|)
Objetos verificados: 299519
Tempo decorrido: 30 minute(s), 31 second(s)

Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registro infectadas: 0
Valores do Registro infectados: 0
Ítens do Registro infectados: 0
Pastas infectadas: 0
Arquivos infectados: 0

Processos da Memória infectados:
(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:
(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:
(Nenhum ítem malicioso foi detectado)

Valores do Registro infectados:
(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:
(Nenhum ítem malicioso foi detectado)

Pastas infectadas:
(Nenhum ítem malicioso foi detectado)

Arquivos infectados:
(Nenhum ítem malicioso foi detectado)


Hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:36:25, on 21/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode

Running processes:
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SoundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [BigDogPath] "C:\Windows\ZSSnp211.exe"
O4 - HKLM\..\Run: [Domino] "C:\Windows\Domino.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Windows\system32\MMTray.exe"
O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe"
O4 - HKLM\..\Run: [avast!] "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files (x86)\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [WindowsWelcomeCenter] "C:\Windows\system32\rundll32.exe" oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] "C:\Windows\ehome\ehTray.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe" -autorun
O4 - HKCU\..\Run: [MSServer] "C:\Windows\system32\rundll32.exe" C:\Users\Thiago\AppData\Local\Temp\iifgGXrR.dll,#1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: is-80GIH.lnk = C:\Program Files (x86)\Virus Removal Tool\is-80GIH\startup.exe
O4 - Startup: is-MEVA6.lnk = C:\Program Files (x86)\Virus Removal Tool\is-MEVA6\startup.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_03\bin\npjpi150_03.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files (x86)\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: WMPNetworkSvc - Unknown owner - (no file)

--
End of file - 7506 bytes
 
Última edição:
galera preciso do apoio de vc's

é o seguinte ja tive diversos anti virus como: Avast pro , Avg , e agora posuo o NOD32 4.0 ! e... algo muito estranho tá aconteçendo:

todos esses anti virus detectaram esse virus no meu PC:"Win32/Agent.NAG virus" só que os arquivos que o "anti virus" dis estar infectado são sempre programas importantes tais como: firefox , photoshop,daemon tools...sempre arquivos executaveis (.EXE)!

está um inferno de dez em dez minutos o NOD32 ta aviso q tem virus e pah.... e eu sei que esses arquivos n estao com virus...

mas o q devo fazer p/ corrigir esse erro? Será q é um virus q ta fazendo tudo isso?

agradeço desd já ... ;D
 
Shadowsx, pule a 1ª Etapa do RootRepeal e prossiga com a 2ª Etapa somente. Depois voltaremos com o RootRepeal.

Por se tratar de rootkits, os mesmos podem estar impedindo a execução desta ferramenta.
Clique para expandir...

Blz ...segue ai u log do combofix...

ComboFix 09-10-06.04 - Cassio X 08/10/2009 0:13.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.699 [GMT -3:00]
Executando de: c:\documents and settings\Cassio X\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Criado um novo ponto de restauração
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Cassio X\haigaep.exe
c:\documents and settings\Cassio X\haihaep.exe
c:\windows\Installer\b08327.msi

A cópia de c:\windows\system32\drivers\nvatabus.sys foi encontrada e desinfectada
Kitty ate it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ILVMONEYDRIVER53
-------\Service_IlvMoneyDRIVER53


(((((((((((((((( Arquivos/Ficheiros criados de 2009-09-08 to 2009-10-08 ))))))))))))))))))))))))))))
.

2009-10-03 23:24 . 2009-10-03 23:35 -------- d-----w- c:\documents and settings\Cassio X\Dados de aplicativos\Tibia
2009-10-03 23:13 . 2009-10-03 23:13 -------- d-----w- c:\arquivos de programas\Asprate
2009-10-03 23:11 . 2009-10-03 23:11 -------- d-----w- c:\arquivos de programas\Tibia
2009-10-03 22:02 . 2009-10-03 22:02 -------- d-----r- c:\documents and settings\LocalService\Favoritos
2009-10-03 22:01 . 2009-10-03 22:01 2855 ----a-w- c:\windows\msa.PIF
2009-10-03 21:59 . 2009-10-03 21:59 -------- d--h--w- c:\windows\PIF
2009-10-03 00:24 . 2009-10-03 22:33 -------- d-----w- c:\documents and settings\Cassio X\Tracing
2009-10-02 22:55 . 2009-10-02 22:55 -------- d-----w- c:\windows\Options
2009-10-02 21:11 . 2009-07-28 19:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-02 21:11 . 2009-03-30 13:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-10-02 21:11 . 2009-02-13 15:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-10-02 21:11 . 2009-02-13 15:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-10-02 21:11 . 2009-10-02 21:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira
2009-10-02 21:11 . 2009-10-02 21:11 -------- d-----w- c:\arquivos de programas\Avira
2009-10-02 04:02 . 2009-10-02 20:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy
2009-10-02 04:02 . 2009-10-02 04:02 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy
2009-09-30 02:44 . 2009-09-30 02:44 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-30 01:45 . 2009-09-30 01:45 4096 ----a-w- c:\windows\system32\drivers\nocashio.sys
2009-09-30 01:40 . 2009-09-30 01:40 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-30 01:39 . 2009-09-30 01:38 148480 ----a-w- c:\windows\msa.VIR
2009-09-22 01:56 . 2009-09-22 01:56 -------- d-----w- c:\arquivos de programas\Projeto Ambap VBeta 0.2
2009-09-22 01:56 . 2001-01-05 12:57 69632 ----a-w- c:\windows\system32\GkSui18.EXE

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 23:32 . 2008-12-10 02:35 -------- d-----w- c:\documents and settings\Cassio X\Dados de aplicativos\Skype
2009-10-04 23:23 . 2008-12-10 02:36 -------- d-----w- c:\documents and settings\Cassio X\Dados de aplicativos\skypePM
2009-09-11 21:52 . 2009-06-01 03:22 -------- d-----w- c:\arquivos de programas\Gravity
2009-09-05 03:16 . 2009-09-05 03:15 -------- d-----w- c:\arquivos de programas\CoolSMS
2009-08-30 05:42 . 2008-09-16 20:46 -------- d-----w- c:\documents and settings\Cassio X\Dados de aplicativos\uTorrent
2009-08-29 14:43 . 2009-03-09 23:01 -------- d-----w- c:\arquivos de programas\Java
2009-08-16 06:29 . 2008-04-14 07:00 79022 ----a-w- c:\windows\system32\perfc016.dat
2009-08-16 06:29 . 2008-04-14 07:00 468108 ----a-w- c:\windows\system32\perfh016.dat
2009-08-09 16:21 . 2009-08-09 16:21 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Blizzard Entertainment
2009-08-06 22:24 . 2008-09-02 16:34 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 22:24 . 2008-09-02 16:34 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 22:24 . 2008-09-02 16:34 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 22:24 . 2007-07-30 22:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 22:24 . 2008-09-02 16:34 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 22:24 . 2008-04-14 07:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 22:23 . 2008-09-02 16:34 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 22:23 . 2008-09-03 15:07 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 22:23 . 2008-09-02 16:34 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 22:23 . 2008-07-19 01:07 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:00 . 2008-04-14 07:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 21:21 . 2008-10-26 17:38 230454 ----a-w- C:\StiImg.dat
2009-07-25 08:23 . 2009-03-09 23:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:03 . 2008-04-14 07:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 02:43 . 2008-04-14 07:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.

------- Sigcheck -------

[-] 2008-08-16 . 1D01C384F3BA123EB6F09769DEA005AC . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\arquivos de programas\free-downloads.net\tbfree.dll" [2008-02-14 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 17:54 1555480 ----a-w- c:\arquivos de programas\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\arquivos de programas\free-downloads.net\tbfree.dll" [2008-02-14 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\arquivos de programas\free-downloads.net\tbfree.dll" [2008-02-14 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"WMPNSCFG"="c:\arquivos de programas\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"LTWinModem1"="ltmsg.exe" - c:\windows\system32\ltmsg.exe [2001-04-03 38912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Arquivos de programas\\Shareaza\\Shareaza.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\Valve\\hlds.exe"=
"c:\\Arquivos de programas\\Valve\\hl.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Arquivos de programas\\Word Of Warcraft\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [2/10/2009 18:11 108289]
S2 gktaejqzr;Shell Windows;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 04:00 14336]
S3 npkycryp;npkycryp;\??\c:\arquivos de programas\Gravity\Ragnarok Online\npkycryp.sys --> c:\arquivos de programas\Gravity\Ragnarok Online\npkycryp.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
gktaejqzr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Conteúdo da pasta 'Tarefas Agendadas'
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.terra.com.br/
uInternet Connection Wizard,ShellNext = hxxp://www.avast.com/go.php?verb=register-home&lang=por
uInternet Settings,ProxyOverride = *.local
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Cassio X\Dados de aplicativos\Mozilla\Firefox\Profiles\c6tv57lw.default\
FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.
- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-ares - c:\arquivos de programas\Ares\Ares.exe
HKCU-Run-AlcoholAutomount - c:\arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe
HKCU-Run-nutoq - c:\documents and settings\Cassio X\nutoq.exe
HKCU-Run-CoolSMS - (no file)
AddRemove-Half-Life Dedicated Server Update Tool - c:\arquiv~1\Valve\HLServer\UNWISE.EXE
AddRemove-World of Warcraft - c:\arquivos de programas\Arquivos comuns\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
AddRemove-zdjcwdesidmtqzia - c:\windows\system32\zdjcwdesidmtqzia.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-10-08 00:22
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gktaejqzr]
"ServiceDll"="c:\windows\system32\hmegz.dll"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(1164)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe
c:\arquivos de programas\Bonjour\mDNSResponder.exe
c:\arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\arquivos de programas\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-10-08 0:30 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-10-08 03:30

Pré-execução: 11 pasta(s) 25.143.918.592 bytes disponíveis
Pós execução: 13 pasta(s) 25.471.320.064 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

202 --- E O F --- 2009-09-11 04:02

*************************************************

E agora wolf...faço o que?...abraço!!
 
sera que pode me ajuda??

sempre que vou desligar o pc na hr que ta desligando aparece uma mensagem de que algum arquivo é inválido e foi interrompido. Eu não consigo tirar uma screen porque é na hr que ele ta sendo desligado, e os botões, mouse e tudo mais já foram desativados.

dai quando ligo o pc denovo aparece uma outra mensagem de que ta faltando alguma dll, mais tambem não consigo tirar uma screen.

eu não to conseguindo baixar nada no pc. sempre que começa a baixar o down trava no começo já e o navegador reinicia sozinho.

por isso não to conseguindo baixar o hijackthis p/ posta um log aqui.

o que posso fazer??

grato andrei

qualquer coisa é só me contactar por e mail

andreigustavo82@hotmail.com

flw
 
Fiz o que você aconselhou.

O programa foi desinstalado e não há mais problemas!

Muito obrigado pela sua ajuda, Mr.Wolf! :)


Mr.Wolf disse:
Olá pessoal, boa tarde! Como de costume, responderei neste mesmo post ok.



luizfsq, vá em Iniciar > Executar, digite ComboFix /u e dê um OK para remover a ferramenta.

O log está limpo, amigo luizfsq

Troque todas as senhas que foram digitadas na máquina.

Algum problema ainda?
Clique para expandir...
 
Olá Mr. Wolf ja faz um tempinho né?
Vim pra pedir que, por favor, você analisasse esse log aqui \/. É do pc de uma amiga minha. Brigadinha de antemão! :yes:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:23:28, on 12/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\ARQUIV~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\ARQUIV~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\ARQUIV~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
C:\Arquivos de programas\AVG\AVG8\avgui.exe
C:\Arquivos de programas\AVG\AVG8\avgupd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Arquivos de programas\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Arquivos de programas\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [msn_livers] C:\Arquivos de programas\msn_livers.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\ARQUIV~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Voipwise] "C:\Arquivos de programas\Voipwise.com\Voipwise\Voipwise.exe" -nosplash -minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk570YYBR
O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/no...ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07ACA5EC-8729-467C-AFC0-BA3026BDD392}: NameServer = 200.223.0.84 200.222.0.34
O17 - HKLM\System\CCS\Services\Tcpip\..\{550E639F-276F-4975-837B-7745C087DC36}: NameServer = 200.165.132.154,200.165.132.147
O17 - HKLM\System\CS2\Services\Tcpip\..\{07ACA5EC-8729-467C-AFC0-BA3026BDD392}: NameServer = 200.223.0.84 200.222.0.34
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 7377 bytes
 
Mr.Wolf disse:
palma, siga abaixo:

Selecione e copie o texto abaixo. Cole-o no Bloco de Notas de seu computador e salve-o no desktop como CFScript.txt

Código: 
KILLALL::

Folder::
c:\arquivos de programas\Eazel-PR

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}"=-
[-HKEY_CLASSES_ROOT\clsid\{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}"=-
[-HKEY_CLASSES_ROOT\clsid\{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8FB2FD83-A0A3-4269-A50D-7E40E3D45F7B}"=- 
[-HKEY_CLASSES_ROOT\clsid\{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}]
Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:

CFScript.gif


● Se for solicitado à você, pressione Enter para iniciar o processo de remoção;
Não use o mouse nem o teclado quando o ComboFix estiver rodando;
● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt;
● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.
Clique para expandir...

Mr Wolf, segue os logs:

ComboFix
ComboFix 09-10-12.03 - palma 13/10/2009 9:53.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.959.457 [GMT -3:00]
Executando de: c:\documents and settings\palma\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\palma\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Criado um novo ponto de restauração
.
ADS - drivers: deleted 208 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\arquivos de programas\Eazel-PR
c:\arquivos de programas\Eazel-PR\Eazel-PRToolbarHelper.exe
c:\arquivos de programas\Eazel-PR\INSTALL.LOG
c:\arquivos de programas\Eazel-PR\tbEaz1.dll
c:\arquivos de programas\Eazel-PR\tbEaze.dll
c:\arquivos de programas\Eazel-PR\toolbar.cfg
c:\arquivos de programas\Eazel-PR\UNWISE.EXE

.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-09-13 to 2009-10-13 ))))))))))))))))))))))))))))
.

2009-10-10 13:00 . 2009-10-10 13:00 -------- d-----w- C:\05104089
2009-10-10 13:00 . 2009-10-10 13:00 -------- d-----w- C:\04135374
2009-10-10 13:00 . 2009-10-10 13:00 -------- d-----w- C:\02674201
2009-10-09 16:44 . 2009-10-09 16:44 -------- d-----w- c:\windows\system32\Lang
2009-10-09 14:23 . 2009-10-09 14:23 579072 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-10-09 14:23 . 2009-10-09 14:23 -------- d-----w- c:\windows\ERUNT
2009-10-09 14:18 . 2009-10-09 14:31 -------- d-----w- C:\SDFix
2009-10-08 22:29 . 2009-10-08 22:29 -------- d-----w- C:\09412492
2009-10-08 13:04 . 2009-10-08 13:04 -------- d-----w- c:\arquivos de programas\Safeweb
2009-10-08 13:03 . 2008-09-02 17:22 1822520 ----a-w- c:\temp\instmsiw.exe
2009-10-08 13:03 . 2008-11-05 15:17 -------- d-----w- c:\temp\System32
2009-10-08 13:03 . 2008-11-05 15:17 -------- d-----w- c:\temp\program files
2009-10-08 13:03 . 2008-09-02 17:22 4551272 ----a-w- c:\temp\SSI 4.7 - user edition.msi
2009-10-08 13:03 . 2008-09-02 17:22 364544 ----a-w- c:\temp\setup.exe
2009-10-08 12:53 . 2009-10-08 12:53 -------- d-----w- c:\arquivos de programas\SCM Microsystems
2009-10-08 12:52 . 2009-10-08 13:03 -------- d-----w- C:\Temp
2009-10-08 12:52 . 2009-10-08 12:52 -------- d-----w- c:\temp\SCR3310
2009-10-08 12:32 . 2009-10-08 12:32 -------- d-----w- c:\arquivos de programas\Trend Micro
2009-10-07 00:44 . 2009-10-08 13:10 -------- d-----w- C:\89422331
2009-09-22 12:52 . 2009-09-22 12:52 -------- d-----w- c:\arquivos de programas\A.E.T. Europe B.V
2009-09-22 12:51 . 2009-09-22 12:51 -------- d-----w- c:\arquivos de programas\PertoSmart USB Smartcard Reader
2009-09-16 12:49 . 2009-10-13 11:46 -------- d-----w- c:\documents and settings\palma\Tracing
2009-09-16 12:42 . 2009-09-16 12:42 -------- d-----w- c:\arquivos de programas\Microsoft
2009-09-16 12:42 . 2009-09-16 12:42 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive
2009-09-16 12:42 . 2009-09-16 12:42 -------- d-----w- c:\arquivos de programas\Windows Live
2009-09-16 12:40 . 2009-09-16 12:40 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-13 11:57 . 2009-04-29 14:14 -------- d-----w- c:\arquivos de programas\Mozilla Thunderbird
2009-10-09 20:11 . 2009-05-06 14:58 -------- d-----w- c:\arquivos de programas\GIA7
2009-09-21 19:49 . 2009-04-27 14:31 -------- d-----w- c:\arquivos de programas\Programas RFB
2009-09-18 20:01 . 2009-06-18 13:11 27136 ----a-w- c:\windows\system32\WiseDLL.dll
2009-09-18 20:01 . 2009-04-28 13:56 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2009-09-18 20:01 . 2009-06-18 13:11 249856 ----a-w- c:\windows\system32\Todgub7.dll
2009-09-18 20:01 . 2009-06-18 13:11 133296 ----a-w- c:\windows\system32\tishare6.dll
2009-09-18 20:01 . 2009-06-18 13:11 527024 ----a-w- c:\windows\system32\tibase6.dll
2009-09-18 20:01 . 2009-06-18 13:11 489128 ----a-w- c:\windows\system32\tdbgpp7.dll
2009-09-18 20:00 . 2009-04-28 13:56 415504 ----a-w- c:\windows\system32\MsRepl35.dll
2009-09-18 20:00 . 2009-04-28 13:56 252176 ----a-w- c:\windows\system32\msrd2x35.dll
2009-09-18 20:00 . 2009-04-28 13:56 24848 ----a-w- c:\windows\system32\MSJtEr35.dll
2009-09-18 20:00 . 2009-04-28 13:56 123664 ----a-w- c:\windows\system32\MSJInt35.dll
2009-09-18 20:00 . 2009-04-28 13:56 1046288 ----a-w- c:\windows\system32\Msjet35.dll
2009-09-18 19:59 . 2009-06-18 13:11 20480 ----a-w- c:\windows\system32\TransCripto.dll
2009-09-18 19:59 . 2009-04-28 13:56 57344 ----a-w- c:\windows\system32\Signet32.dll
2009-08-05 12:30 . 2009-04-28 13:04 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-26 19:44 . 2009-07-26 19:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-09_14.41.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-13 12:57 . 2009-10-13 12:57 16384 c:\windows\temp\Perflib_Perfdata_508.dat
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-30 7634944]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"OrderReminder"="c:\arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-30 1622016]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-10-30 86016]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-06-15 1826816]
"CertificateRegistration"="aetcrss1.exe" - c:\windows\system32\aetcrss1.exe [2008-03-12 208896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Safeweb security registration status.lnk - c:\arquivos de programas\Safeweb\security interface 4.7\CSPregtool.exe [2008-8-29 5025792]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\arquiv~1\GbPlugin\gbiehUni.dll" [2009-03-25 414624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
2009-03-25 12:08 414624 ----a-w- c:\arquiv~1\GbPlugin\gbiehUni.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\SoulseekNS\\slsk.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Arquivos de programas\\UltraVNC\\vncviewer.exe"=
"c:\\Arquivos de programas\\GIA7\\GIA.EXE"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [30/04/2009 09:32 26368]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [30/06/2009 09:31 108289]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_2_0\bin\fbguard.exe -s --> c:\arquivos de programas\Firebird\Firebird_2_0\bin\fbguard.exe -s [?]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [30/04/2009 09:32 52608]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_2_0\bin\fbserver.exe -s --> c:\arquivos de programas\Firebird\Firebird_2_0\bin\fbserver.exe -s [?]
S2 gupdate1c9f8eff44706dc;Google Update Service (gupdate1c9f8eff44706dc);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [29/06/2009 16:29 133104]
S3 PERTO38U;PertoSmart EMV - Leitor USB de Cartoes Inteligentes;c:\windows\system32\drivers\perto38u.sys [12/10/2005 15:40 33408]
S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [21/05/2009 08:30 47488]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [21/05/2009 08:30 47488]
S3 STC2DFU;STCII DFU Adapter;c:\windows\system32\drivers\Stc2Dfu.sys [25/10/2004 00:04 7796]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\aetsprov]
c:\windows\system32\regsvr32.exe /s c:\windows\system32\aetsprov.dll
.
Conteúdo da pasta 'Tarefas Agendadas'

2009-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-06-29 19:29]

2009-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-06-29 19:29]

2009-10-13 c:\windows\Tasks\User_Feed_Synchronization-{C6224508-D0E4-4F9B-8183-2202E89FCD03}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

2009-10-13 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-11 01:18]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2097962
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {423713C3-1CD4-45B7-B80A-77F6700D0950} = 192.168.254.19,201.10.1.2
DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab
FF - ProfilePath - c:\documents and settings\palma\Dados de aplicativos\Mozilla\Firefox\Profiles\75ly74k9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2097962&SearchSource=3&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2097962&SearchSource=2&q=
FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}\components\FFAlert.dll
FF - component: c:\documents and settings\palma\Dados de aplicativos\Mozilla\Firefox\Profiles\75ly74k9.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}\components\GbMzhUni.dll
FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.
- - - - ORFÃOS REMOVIDOS - - - -

AddRemove-Eazel-PR Toolbar - c:\arquiv~1\Eazel-PR\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-10-13 09:57
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\arquiv~1\GbPlugin\gbiehUni.dll

- - - - - - - > 'explorer.exe'(2148)
c:\windows\system32\WININET.dll
c:\arquiv~1\GbPlugin\gbiehUni.dll
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSPTB.DLL
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\system32\scardsvr.exe
c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe
c:\arquivos de programas\Firebird\Firebird_2_0\bin\fbguard.exe
c:\arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wdfmgr.exe
c:\arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\arquivos de programas\Firebird\Firebird_2_0\bin\fbserver.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-10-13 10:00 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-10-13 13:00
ComboFix2.txt 2009-10-09 14:42

Pré-execução: 17 pasta(s) 121.194.790.912 bytes disponíveis
Pós execução: 18 pasta(s) 121.185.804.288 bytes disponíveis

208 --- E O F --- 2009-06-15 11:39

HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:02, on 13/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbguard.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbserver.exe
C:\WINDOWS\system32\aetcrss1.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Arquivos de programas\Java\jre6\bin\jucheck.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2097962
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehUni.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [OrderReminder] C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Safeweb security registration status.lnk = C:\Arquivos de programas\Safeweb\security interface 4.7\CSPregtool.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://certificacao.unibanco.com.br/VSApps/vspta3.cab
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - http://publicacao.certificadodigital.com.br/instroot/instrooticprenovacao/capicom.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{423713C3-1CD4-45B7-B80A-77F6700D0950}: NameServer = 192.168.254.19,201.10.1.2
O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbserver.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate1c9f8eff44706dc) (gupdate1c9f8eff44706dc) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7813 bytes
 
Mr.Wolf disse:
Olá pessoal, boa tarde à todos!


cassianosmi, aparentemente, nada de anormal no log.

Travamento no computador pode ser inúmeros motivos. Na maioria dos caso, é causado por hardware ou sistema desatualizado. Entretanto, o seu está bem desatualizado! Recomendo que atualize-o para o SP3 e Internet Explorer 8.

Porém, vamos verificar isso melhor. Siga abaixo:

- Faça o download do AVZ4 e salve-o no desktop;

- Extraia os arquivos do WinZip para o desktop, onde será criada uma pasta chamada avz4 no mesmo local;
- Entre nesta pasta e dê um duplo clique sobre o arquivo AVZ.exe para rodar a ferramenta;
- Ao abrir a janela do programa, clique no menu File > Database Update. Ou clique no botão
AVZupdate.jpg
no canto direito do painel da ferramenta, e clique no botão Start para atualizar a ferramenta;
- Clique no menu File > Standard scripts e marque a opção "2. Advanced System Analysis";
- Clique então no botão Execute selected scripts e clique em Yes na próxima mensagem. Aguarde a análise;
- Quando a análise terminar, clique em OK na mensagem. Voltando à janela Standard scripts, clique em Close para fechá-la. E feche também a janela do AVZ4;
- Vá até a pasta avz4 no desktop, e abra a pasta LOG que está dentro dela;
- Nesta estará os logs e uma pasta zipada denominada: virusinfo_syscheck.zip.

Anexe esta pasta em sua próxima resposta.
_______________________________
Clique para expandir...

Bom Dia...
vlw pela ajuda..
fiz os passos que vc disse, vou instalar o sp3 e o explorer 8 e fazer as atualizações necessárias também.
 

Attachments

  • virusinfo_syscheck.zip
    187.8 KB · Visitas: 53
Mr.Wolf disse:
brunobyof, alguns adwares constam nos logs.

Siga as instruções abaixo amigo Bruno:

- Faça o download do Malwarebytes Anti-Malware e salve-o no desktop;

● Dê dois cliques no programa para iniciar a instalação. Selecione o idioma Português (Brasil);
● Ao final da instalação, marque as opções "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em Concluir;
● Após a instalação, reinicie o PC em Modo de Segurança e então execute o programa;
● Marque a opção Verificação Completa e depois clique em Verificar. Selecione sua unidade C: e clique no botão Iniciar Verificação;
● Quando o scan terminar, clique em OK e o log será automaticamente aberto para você;
● Se algo for detectado, verifique se todos os itens estão marcados e clique no botão Remover.
OBS: Caso apareça uma mensagem pedindo para que você reinicie o computador para completar o processo de remoção, reinicie-o imediatamente;
● O log pode ser consultado clicando em Logs do menu principal também;

Copie e cole o conteúdo desse log na sua próxima resposta, juntamente com um novo log do HijackThis.
_____________________________________________
Clique para expandir...

Mr. Wolf, fiz o que vc pediu: passei o malwarebytes e denovo o hijackthis. O malwarebytes detectou 24 objetos infectados e eu os removi. Será que tá 100% limpo agora:

Log Hijackthis novo:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:39:07, on 13/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrador\Desktop\Hiajackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Arquivos de programas\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

--
End of file - 6539 bytes

Log Malwarebytes:
Malwarebytes' Anti-Malware 1.41
Versão do banco de dados: 2955
Windows 5.1.2600 Service Pack 3 (Safe Mode)

13/10/2009 21:36:08
mbam-log-2009-10-13 (21-36-06).txt

Tipo de Verificação: Completa (C:\|)
Objetos verificados: 144482
Tempo decorrido: 54 minute(s), 19 second(s)

Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registro infectadas: 26
Valores do Registro infectados: 3
Ítens do Registro infectados: 3
Pastas infectadas: 16
Arquivos infectados: 29

Processos da Memória infectados:
(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:
(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> No action taken.

Valores do Registro infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> No action taken.

Ítens do Registro infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Pastas infectadas:
C:\Arquivos de programas\DoubleD (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\DoubleD\JuicyAccess Toolbar (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Internet Saving Optimizer\3.8.1.4690 (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Internet Saving Optimizer\3.8.1.4690\Data (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Internet Saving Optimizer\3.8.1.4690\FF (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Internet Saving Optimizer\3.8.1.4690\FF\chrome (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Internet Saving Optimizer\3.8.1.4690\FF\chrome\content (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Internet Saving Optimizer\3.8.1.4690\FF\components (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Media Access Startup (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Media Access Startup\2.0.0.1050 (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Media Access Startup\2.0.0.1050\Data (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Media Access Startup\2.0.0.1050\FF (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Media Access Startup\2.0.0.1050\FF\chrome (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Media Access Startup\2.0.0.1050\FF\chrome\content (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Media Access Startup\2.0.0.1050\FF\components (Adware.DoubleD) -> No action taken.

Arquivos infectados:
C:\Arquivos de programas\Media Access Startup\2.0.0.1050\HPIEAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Internet Saving Optimizer\3.8.1.4690\NPIEAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Internet Saving Optimizer\3.8.1.4690\adwpx.exe (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Internet Saving Optimizer\3.8.1.4690\NPCommon.dll (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Internet Saving Optimizer\3.8.1.4690\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Internet Saving Optimizer\3.8.1.4690\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Internet Saving Optimizer\3.8.1.4690\Data\config.md (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Internet Saving Optimizer\3.8.1.4690\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Internet Saving Optimizer\3.8.1.4690\FF\install.rdf (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Internet Saving Optimizer\3.8.1.4690\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Internet Saving Optimizer\3.8.1.4690\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Internet Saving Optimizer\3.8.1.4690\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Internet Saving Optimizer\3.8.1.4690\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Internet Saving Optimizer\3.8.1.4690\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Internet Saving Optimizer\3.8.1.4690\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Media Access Startup\2.0.0.1050\HPCommon.dll (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Media Access Startup\2.0.0.1050\hppx.exe (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Media Access Startup\2.0.0.1050\MAHelper.exe (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Media Access Startup\2.0.0.1050\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Media Access Startup\2.0.0.1050\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Media Access Startup\2.0.0.1050\Data\config.md (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Media Access Startup\2.0.0.1050\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Media Access Startup\2.0.0.1050\FF\install.rdf (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Media Access Startup\2.0.0.1050\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Media Access Startup\2.0.0.1050\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Media Access Startup\2.0.0.1050\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Media Access Startup\2.0.0.1050\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Media Access Startup\2.0.0.1050\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
C:\Arquivos de programas\Media Access Startup\2.0.0.1050\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> No action taken.

Valew!!
 
Mr.Wolf disse:
Olá pessoal, boa tarde à todos!

Opa meu grande amigo GVSPFC, tudo bem e você?

O PremierOpinion é um adware que vem carregado de trojans. Geralmente, o Malwarebytes tem sucesso na remoção deste adware. Mas os trojans são um pouco resistentes, então creio que ele não os limpou.
Quanto às screensavers, tome cuidado GVSPFC. Muitas possuem vírus e malwares, que se instalados no PC, rodam em background. O que dificulta mais a detecção e remoção deles.

Siga as instruções abaixo amigo GVSPFC:

1ª Etapa

- Faça o download do Win32kDiag e salve no desktop.

- Vá em Iniciar > Executar, digite este comando abaixo e dê um OK:

"%userprofile%\desktop\win32kdiag.exe" -f -r

- Abrirá uma janela do prompt. Quando aparecer a mensagem: "Finished! Press any key to exit..." tecle Enter para fechar a janela.
- O log Win32kDiag.txt será criado no desktop. Mantenha-o salvo.


2ª Etapa

- Faça o download do ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Duplo clique no ícone combofix.exe para iniciar o scan;
● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.

Cole os logs do Win32kDiag e do ComboFix em sua próxima resposta.
Clique para expandir...

Mestre Wolf, perdão pela demora em postar a resposta, mas feriadão, Oktoberfest e tal!!! hehehe.

Obrigado pelas valiosas dicas, sempre é bom aprender.

Colando abaixo os logs.

Win32kDiag.txt
Running from: C:\Documents and Settings\Gabriel Voigt\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\Gabriel Voigt\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!

ComboFix.txt
ComboFix 09-10-13.03 - Gabriel Voigt 14/10/2009 11:14.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3327.2849 [GMT -3:00]
Executando de: c:\documents and settings\Gabriel Voigt\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091013-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\1c486ca.msp
c:\windows\Installer\1c486d4.msp
c:\windows\Installer\1c486df.msp
c:\windows\Installer\2aa11.msp
c:\windows\Installer\4a5348.msp
C:\winlog.txt

.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-09-14 to 2009-10-14 ))))))))))))))))))))))))))))
.

2009-10-09 15:38 . 2009-10-09 15:38 -------- d-----w- c:\arquivos de programas\Trend Micro
2009-10-08 11:02 . 2009-10-08 11:02 -------- d-----w- c:\arquivos de programas\SeaStorm 3D Screensaver
2009-10-08 11:01 . 2009-10-08 11:02 -------- d-----w- c:\arquivos de programas\www_screensavers_com
2009-10-02 19:27 . 2009-10-08 21:45 -------- d-----w- c:\arquivos de programas\DreaMule
2009-10-01 20:34 . 2009-10-01 20:34 -------- d-----w- c:\arquivos de programas\Correios
2009-09-23 12:46 . 2009-09-23 12:46 -------- d-----w- c:\arquivos de programas\SopCast
2009-09-23 12:46 . 2009-09-23 12:46 -------- d-----w- c:\arquivos de programas\Orban
2009-09-23 12:46 . 2009-09-23 12:46 -------- d-----w- c:\arquivos de programas\Megacubo
2009-09-18 14:55 . 2009-09-18 14:55 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FLEXnet
2009-09-18 14:50 . 2009-09-18 14:50 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Macrovision Shared
2009-09-18 14:49 . 2008-04-07 08:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-09-18 14:49 . 2008-04-07 08:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2009-09-17 13:18 . 2009-10-07 20:07 -------- d-----w- c:\arquivos de programas\abgx360

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 13:27 . 2001-10-28 17:07 99122 ----a-w- c:\windows\system32\perfc016.dat
2009-10-14 13:27 . 2001-10-28 17:07 513186 ----a-w- c:\windows\system32\perfh016.dat
2009-10-09 22:20 . 2009-03-11 17:22 -------- d-----w- c:\documents and settings\Gabriel Voigt\Dados de aplicativos\uTorrent
2009-10-07 03:06 . 2009-03-25 14:52 -------- d-----w- c:\documents and settings\Gabriel Voigt\Dados de aplicativos\Orbit
2009-09-25 19:09 . 2009-06-25 14:48 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2009-09-23 12:51 . 2009-09-12 14:41 -------- d-----w- c:\arquivos de programas\BitComet
2009-09-18 14:50 . 2009-06-03 19:10 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2009-09-15 10:59 . 2009-03-26 20:00 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 10:56 . 2009-03-26 20:01 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-15 10:56 . 2009-03-26 20:01 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 10:55 . 2009-03-26 20:01 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 10:55 . 2009-03-26 20:01 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 10:54 . 2009-03-26 20:01 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 10:54 . 2009-03-26 20:01 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 10:53 . 2009-03-26 20:01 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-15 10:53 . 2009-03-26 20:01 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-11 20:41 . 2009-04-22 15:26 -------- d-----w- c:\arquivos de programas\SpeedFan
2009-09-10 17:54 . 2009-06-25 14:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 17:53 . 2009-06-25 14:48 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 13:45 . 2009-03-17 16:04 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight
2009-08-28 14:36 . 2009-08-28 14:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\ATI
2009-08-28 14:36 . 2009-02-27 04:18 -------- d-----w- c:\documents and settings\Gabriel Voigt\Dados de aplicativos\ATI
2009-08-28 14:34 . 2009-02-27 02:57 -------- d-----w- c:\arquivos de programas\ATI Technologies
2009-08-28 14:33 . 2009-02-27 02:26 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-08-28 14:28 . 2009-08-28 14:11 -------- d-----w- c:\arquivos de programas\DriverCleanerDotNET
2009-08-28 14:13 . 2009-08-28 14:13 103424 ----a-w- c:\windows\system32\DCLibrary_nat.dll
2009-08-27 15:02 . 2009-04-13 17:05 -------- d-----w- c:\arquivos de programas\Java
2009-08-27 13:47 . 2009-08-25 13:39 -------- d-----w- c:\arquivos de programas\Driver Sweeper
2009-08-27 13:37 . 2009-08-25 22:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\ATI(2)
2009-08-06 22:24 . 2009-02-27 01:46 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 22:24 . 2009-02-27 01:46 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 22:24 . 2009-02-27 01:46 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 22:24 . 2008-10-16 17:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 22:24 . 2009-02-27 01:46 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 22:24 . 2008-04-13 21:20 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 22:23 . 2009-02-27 01:46 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 22:23 . 2009-03-01 11:09 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 22:23 . 2009-03-01 11:09 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 22:23 . 2009-02-27 01:46 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:00 . 2008-04-13 21:20 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 08:23 . 2009-04-13 17:06 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:03 . 2008-04-13 21:20 58880 ----a-w- c:\windows\system32\atl.dll
.

------- Sigcheck -------

[-] 2008-06-10 . 1F2AA1B3D35E7ACFC3ECA27FFA9DA90A . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"SSBkgdUpdate"="c:\arquivos de programas\Arquivos comuns\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\arquivos de programas\ScanSoft\PaperPort\pptd40nt.exe" [2007-11-13 29984]
"IndexSearch"="c:\arquivos de programas\ScanSoft\PaperPort\IndexSearch.exe" [2007-11-13 46368]
"PPort11reminder"="c:\arquivos de programas\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"boincmgr"="c:\arquivos de programas\BOINC\boincmgr.exe" [2009-05-29 4182784]
"boinctray"="c:\arquivos de programas\BOINC\boinctray.exe" [2009-05-29 58112]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"StartCCC"="c:\arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-15 98304]
"Adobe Acrobat Speed Launcher"="c:\arquivos de programas\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\arquivos de programas\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2008-10-08 23552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\Gabriel Voigt\Menu Iniciar\Programas\Inicializar\
MagicDisc.lnk - c:\arquivos de programas\MagicDisc\MagicDisc.exe [2009-3-17 576000]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Emote\\Launcher\\launcher.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=
"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=
"c:\\Arquivos de programas\\ADPHONE3\\ADPHONE.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Arquivos de programas\\BitComet\\BitComet.exe"=
"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=
"c:\\Arquivos de programas\\DreaMule\\emule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20957:TCP"= 20957:TCP:Utorrent
"20957:UDP"= 20957:UDP:Utorrent
"17469:TCP"= 17469:TCP:BitComet 17469 TCP
"17469:UDP"= 17469:UDP:BitComet 17469 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [23/6/2008 19:21 150568]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [26/3/2009 17:01 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26/3/2009 17:01 20560]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2/3/2009 15:40 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2/3/2009 15:40 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2/3/2009 15:40 72728]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [26/2/2009 23:27 36864]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [10/6/2002 00:09 31232]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys --> c:\windows\system32\DRIVERS\EAPPkt.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\arquivos de programas\Arquivos comuns\Creative Labs Shared\Service\CTAELicensing.exe [2/3/2009 15:41 79360]
S3 Creative Dolby Digital Live Pack Licensing Service;Creative Dolby Digital Live Pack Licensing Service;c:\arquivos de programas\Arquivos comuns\Creative Labs Shared\Service\DDLLicensing.exe [2/3/2009 15:42 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2/3/2009 15:40 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2/3/2009 15:40 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2/3/2009 15:40 72728]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys --> c:\windows\system32\DRIVERS\RTL8187B.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Scan Suplementar -------
.
IE: &B&aixar &com o BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddLink.htm
IE: &B&aixar todos os vídeos com o BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddVideo.htm
IE: &B&aixar tudo usando o BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm
IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204
IE: Append Link Target to Existing PDF - c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Converter destino de link em Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converter destino de link em PDF existente - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converter em PDF existente - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converter links selecionados em PDF existente - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {80F6107E-C9EB-4DF2-9313-8577A920056F} = 208.67.222.222,208.67.220.220
TCP: {EF2CCA6F-33AF-478D-B11F-077990963C34} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\Gabriel Voigt\Dados de aplicativos\Mozilla\Firefox\Profiles\r50ogmr1.default\
FF - component: c:\documents and settings\Gabriel Voigt\Dados de aplicativos\Mozilla\Firefox\Profiles\r50ogmr1.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\documents and settings\Gabriel Voigt\Dados de aplicativos\Mozilla\Firefox\Profiles\r50ogmr1.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-10-14 11:16
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\Ati2evxx.dll
.
Tempo para conclusão: 2009-10-14 11:16
ComboFix-quarantined-files.txt 2009-10-14 14:16

Pré-execução: 14 pasta(s) 61.200.359.424 bytes disponíveis
Pós execução: 16 pasta(s) 61.248.528.384 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

198 --- E O F --- 2009-10-05 22:42

Ps.: Mr. Wolf, o ComboFix não reiniciou após terminar o scan, colocou o log na tela imediatamente.

Muito obrigado mestre.
 
Uma dica para quem tem irmã/o, tio, cunhado ou visita usando a máquina:

Vá no Painel de Controle -> Contas de Usuário e cria um segundo usuário para as crianças ou para outra pessoa mais descuidada, mas coloca o usuário não administrador, assim mesmo se abrir um anexo de e-mail sem querer ou tentar instalar alguma coisa sem pedir o sistema não vai deixar alterar o sistema todo.

Ainda é possível pegar vírus, mas pelo menos as modificações que ele pode fazer no seu computador vão ficar bem mais restritas e a remoção muito mais fácil.

dica.jpg


No Windows Vista ou Seven este controle está bem melhor que no XP.
 
Última edição:
Boa tarde Mr. Wolf.

Vi que vc tem grande conhecimento em remoção de vírus e afins.
Gostaria que vc me ajudasse, se possível.

Este é o log do Hijackthis:

HTML: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:03:05, on 14/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe
C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\Cable e ADSL Speed\NtwCA.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\NitroPC\NitroPC.exe
C:\Arquivos de programas\DAP\DAP.EXE
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\Gui\Meus documentos\My Completed Downloads\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.terra.com.br/portal/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url]http://go.microsoft.com/fwlink/?LinkId=74005[/url]
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (file missing)
O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll (file missing)
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\DAP\DAPIEL~1.DLL
O4 - HKLM\..\Run: [Smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CASpeed] "C:\Arquivos de programas\Cable e ADSL Speed\NtwCA.exe" /HIDE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [win] C:\Documents and Settings\All Users\Dados de aplicativos\OrkThreat.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&[url]http://home.microsoft.com/intl/br/access/allinone.asp[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - [url]https://www14.bancobrasil.com.br/plugin/GbpDist.cab[/url]
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - [url]https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab[/url]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify:  GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll (file missing)
O20 - Winlogon Notify:  GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll (file missing)
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (file missing)
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (file missing)
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8535 bytes

E este é o log do Malwarebytes:

HTML: 
Malwarebytes' Anti-Malware 1.41
Versão do banco de dados: 2951
Windows 5.1.2600 Service Pack 3

14/10/2009 13:11:59
mbam-log-2009-10-14 (13-11-59).txt

Tipo de Verificação: Completa (C:\|)
Objetos verificados: 187746
Tempo decorrido: 9 hour(s), 48 minute(s), 8 second(s)

Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registro infectadas: 0
Valores do Registro infectados: 0
Ítens do Registro infectados: 0
Pastas infectadas: 0
Arquivos infectados: 6

Processos da Memória infectados:
(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:
(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:
(Nenhum ítem malicioso foi detectado)

Valores do Registro infectados:
(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:
(Nenhum ítem malicioso foi detectado)

Pastas infectadas:
(Nenhum ítem malicioso foi detectado)

Arquivos infectados:
C:\System Volume Information\_restore{68588185-BCE0-4D7E-8312-D2E0B57C7505}\RP182\A0045089.exe (Trojan.Banker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{68588185-BCE0-4D7E-8312-D2E0B57C7505}\RP182\A0045113.exe (Trojan.Banker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{68588185-BCE0-4D7E-8312-D2E0B57C7505}\RP184\A0048106.exe (Trojan.Banker) -> Quarantined and deleted successfully.
C:\WINDOWS\KB923121.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB964421.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KB967865.log (Trojan.Agent) -> Quarantined and deleted successfully.

Desde já agradeço.
 
"O Generic Host Process for Win32 Services encontrou um problema e precisa ser fechad

Opa!

Estou com um problema que com algum tempo de uso, meu note apresenta o erro "O Generic Host Process for Win32 Services encontrou um problema e precisa ser fechado", tipo, depois aparece um outro erro mas, desmarquei tudo da inicialização, fiz apenas os serviços padroes carregarem e o outro sumiu, esse que permanece, quando ele aparece, não tenho mais acesso a barra de tarefas, ela trava e o msn tb. Vc q eh o caba bom dos virus, me der uma mão pra eu não formatar...

Abraços.
 
Olá pessoal, boa tarde à todos! Responderei neste mesmo post ok.



tfarina, estranho não estar em Modo de Segurança! Pois veja no cabeçalho do log (o texto destacado em vermelho):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:36:25, on 21/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode
Clique para expandir...
Nunca vi malwares que alteram o tipo de boot do log. Alguns até alteram a data e hora do cabeçalho -- como certos bagles fazem. Mas o modo de boot e as demais informações não.

Enfim... voltando à análise, creio que será um tanto complicado remover esta infecção tfarina. Trata-se de um Rootkit Vundo.

Porém, vamos tentar, siga abaixo:

1ª Etapa

Utilize novamente o ATF-Cleaner que você relatou que utilizou.


2ª Etapa

Baixe o TFC e salve-o no desktop

Salve tudo que estiver fazendo e feche todos os programas abertos
Clique no botão Start e aguarde a rápida verificação. Dê um OK na mensagem e aguarde o PC reiniciar.


3ª Etapa

Faça o download do OTS e salve-o no desktop;

Dê um duplo clique em OTS.exe para executar a ferramenta.
Marque a opção Scan All Users. Em "File Age" coloque 90 Days;
Clique no botão Run Scan e aguarde o scan da ferramenta;
Será aberto um log chamado OTS.Txt, que também estará salvo no desltop.

Copie e cole este log em sua próxima resposta.
______________________________


pedro_kampos, poste um log do HijackThis, por gentileza.

No começo do tópico (primeira página e primeiro post), há instruções de uso do programa.

______________________________


Shadowsx, siga abaixo:

Selecione e copie o texto abaixo. Salve-o no Bloco de Notas do PC e salve-o no desktop como CFScript.txt

Código: 
KillAll::
Snapshot::
File::
c:\windows\msa.PIF
c:\windows\msa.VIR

Folder::
c:\arquivos de programas\free-downloads.net

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gktaejqzr]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"=- 
[-HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"=- 
[-HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

Driver::
gktaejqzr

NetSvc::
gktaejqzr
Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:

CFScript.gif


● Se for solicitado à você, pressione Enter para iniciar o processo de remoção;
Não use o mouse nem o teclado quando o ComboFix estiver rodando;
● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt;
● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.
______________________________


andrei_gustavo82, seja bem-vindo ao fórum!

Crítica a situação de seu computador amigo. Caso não tenha formatado ainda, tente o seguinte:

Vá a um outro computador e baixe o Kaspersky Rescue Disk e Puppy Linux. À princípio, utilizaremos apenas o Kaspersky, ok. Mas recomendo que já baixe o Puppy caso o Kaspersky não solucione.

Arranje um CD ou DVD virgem e grave o Kaspersky (imagem .ISO) na mídia. Após isto, dê o boot no PC e faça um scan com o antivirus seguindo este tutorial.

Ao término, entre no computador e veja se houve melhoras e se já consegue fazer download sem interrupções. Em caso positivo, baixe o HijackThis e poste um log.

______________________________


karolz, siga abaixo:

- Faça o download do BankerFix e salve-o no desktop;

● Desabilite o seu antivírus temporariamente para não detectar a ferramenta como vírus;
● Dê um duplo clique em bankerfix.exe;
● Surgirá uma mensagem dizendo que o mesmo será baixado via internet;
● Clique em OK > OK. Tecle Enter e aguarde o término do scan;
● Terminado o scan, leia a mensagem na tela e tecle Enter novamente.
● Será gerado um log em C:\LinhaDefensiva\relatorio.txt.

Cole este log em sua próxima resposta, juntamente com um novo log do HijackThis.

Delete a pasta C:\LinhaDefensiva após colar seu log aqui.
______________________________


palma, os logs estão limpos :)

Algum problema ainda amigo?

Vá em Iniciar > Executar, digite ComboFix /u e dê um OK para remover a ferramenta e suas pastas.

______________________________


cassianosmi, não há nada de errado com o log.

O problema não é vírus.

______________________________


brunobyof, você removeu mesmo os itens que o Malwarebytes encontrou? Porque consta nos logs, que nenhuma ação foi tomada, vide confirmação:

HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> No action taken.
Clique para expandir...
Abra o programa, clique em Quarentena e verifique se os arquivos encontrados estão lá.

______________________________


Amigo GVSPFC, não há porque se desculpar. Eu também viajei no feriado. A vida é tão corrida que quando suge um feriado assim, a gente não perde a chance de descansar, rs.

Bem, o log está limpo amigo GVSPFC.

Vá em Iniciar > Executar, digite ComboFix /u e dê um OK para remover a ferramenta e suas pastas.

Delete também o Win32kDiag.

Como está o computador?

______________________________


Guigapc, seja bem-vindo ao fórum!

Siga as instruções do spoiler abaixo (basta clicar em Mostrar):

- Faça o download do ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Duplo clique no ícone combofix.exe para iniciar o scan;
● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.

Cole este log em sua próxima resposta.
______________________________


diecelio, problemas com o Generic Host podem ser causados por vírus ou não. Em ambos os casos, geralmente, não há necessidade alguma de formatar a máquina.

Mas para que eu possa lhe dizer se trata-se de vírus ou não, preciso que poste um log diecelio para confirmação. Siga as instruções do spoiler abaixo:

- Faça o download do RSIT e salve no seu desktop;

● Dê dois cliques em RSIT.exe para executar o programa;
● Na janela que abrir clique no botão Continue para que a ferramenta comece a rodar;
● Quando a ferramenta terminar de rodar, abrirá um log automaticamente no bloco de notas contendo o resultado do scan. Cole o resultado desse log (log.txt) na sua próxima resposta;
● Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt.
 
Mr.Wolf disse:
Olá pessoal, boa tarde à todos! Responderei neste mesmo post ok.
tfarina, estranho não estar em Modo de Segurança! Pois veja no cabeçalho do log (o texto destacado em vermelho):

Nunca vi malwares que alteram o tipo de boot do log. Alguns até alteram a data e hora do cabeçalho -- como certos bagles fazem. Mas o modo de boot e as demais informações não.

Enfim... voltando à análise, creio que será um tanto complicado remover esta infecção tfarina. Trata-se de um Rootkit Vundo.

Porém, vamos tentar, siga abaixo:

1ª Etapa

Utilize novamente o ATF-Cleaner que você relatou que utilizou.


2ª Etapa

Baixe o TFC e salve-o no desktop

Salve tudo que estiver fazendo e feche todos os programas abertos
Clique no botão Start e aguarde a rápida verificação. Dê um OK na mensagem e aguarde o PC reiniciar.


3ª Etapa

Faça o download do OTS e salve-o no desktop;

Dê um duplo clique em OTS.exe para executar a ferramenta.
Marque a opção Scan All Users. Em "File Age" coloque 90 Days;
Clique no botão Run Scan e aguarde o scan da ferramenta;
Será aberto um log chamado OTS.Txt, que também estará salvo no desltop.

Copie e cole este log em sua próxima resposta.
______________________________
Clique para expandir...

Bom Mr. Wolf, tudo feito conforme você pediu.... Até você fazer com que o sistema fique sem o Vundo, que tipo de operação seria melhor eu evitar fazer?
O que esse Vundo faz??

Segue o resultado do OTS:
Código: 
OTS logfile created on: 15/10/2009 23:00:43 - Run 1
OTS by OldTimer - Version 3.0.22.0     Folder = C:\Users\Thiago\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 3 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
4,00 Gb Total Physical Memory | 2,92 Gb Available Physical Memory | 73,04% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 172,78 Gb Total Space | 84,06 Gb Free Space | 48,65% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 232,02 Gb Free Space | 79,19% Space Free | Partition Type: NTFS
Drive E: | 1,79 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: THIAGO-PC
Current User Name: Thiago
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 90 Days
 
[Processes - Safe List]
aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009/09/23 23:52:24 | 01,028,432 | ---- | M] (Lavasoft)
aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009/09/23 23:52:24 | 01,028,432 | ---- | M] (Lavasoft)
aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009/09/23 23:52:24 | 01,028,432 | ---- | M] (Lavasoft)
aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009/09/23 23:52:24 | 01,028,432 | ---- | M] (Lavasoft)
aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009/09/23 23:52:24 | 01,028,432 | ---- | M] (Lavasoft)
aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009/09/23 23:52:24 | 01,028,432 | ---- | M] (Lavasoft)
aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009/09/23 23:52:24 | 01,028,432 | ---- | M] (Lavasoft)
aawtray.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe -> [2009/09/23 23:52:26 | 00,520,024 | ---- | M] (Lavasoft)
aawtray.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe -> [2009/09/23 23:52:26 | 00,520,024 | ---- | M] (Lavasoft)
daemon.exe -> C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe -> [2009/04/23 10:51:38 | 00,691,656 | ---- | M] (DT Soft Ltd)
fraps.exe -> C:\fraps\fraps.exe -> [2008/01/14 09:18:20 | 03,182,248 | ---- | M] (Beepa P/L)
fraps.exe -> C:\fraps\fraps.exe -> [2008/01/14 09:18:20 | 03,182,248 | ---- | M] (Beepa P/L)
fraps.exe -> C:\fraps\fraps.exe -> [2008/01/14 09:18:20 | 03,182,248 | ---- | M] (Beepa P/L)
ieuser.exe -> C:\Program Files (x86)\Internet Explorer\ieuser.exe -> [2008/01/20 23:49:41 | 00,299,520 | ---- | M] (Microsoft Corporation)
jusched.exe -> C:\Program Files (x86)\Java\jre6\bin\jusched.exe -> [2009/09/13 22:18:09 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2009/08/17 01:32:00 | 00,239,648 | ---- | M] (NVIDIA Corporation)
nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2009/08/17 01:32:00 | 00,239,648 | ---- | M] (NVIDIA Corporation)
nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2009/08/17 01:32:00 | 00,239,648 | ---- | M] (NVIDIA Corporation)
ots.exe -> C:\Users\Thiago\Desktop\OTS.exe -> [2009/10/15 22:53:29 | 00,519,168 | ---- | M] (OldTimer Tools)
reader_sl.exe -> C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe -> [2008/10/15 01:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
scpvista.exe -> C:\Program Files (x86)\Scpad\scpVista.exe -> [2009/07/10 10:54:14 | 00,136,496 | ---- | M] (Scopus Tecnologia Ltda)
smax4pnp.exe -> C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe -> [2008/03/17 06:40:44 | 01,302,528 | ---- | M] (Analog Devices, Inc.)
smax4pnp.exe -> C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe -> [2008/03/17 06:40:44 | 01,302,528 | ---- | M] (Analog Devices, Inc.)
smax4pnp.exe -> C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe -> [2008/03/17 06:40:44 | 01,302,528 | ---- | M] (Analog Devices, Inc.)
smax4pnp.exe -> C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe -> [2008/03/17 06:40:44 | 01,302,528 | ---- | M] (Analog Devices, Inc.)
spysweeper.exe -> C:\Program Files (x86)\Webroot\Spy Sweeper\SpySweeper.exe -> [2008/08/09 14:42:02 | 03,585,384 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
spysweeper.exe -> C:\Program Files (x86)\Webroot\Spy Sweeper\SpySweeper.exe -> [2008/08/09 14:42:02 | 03,585,384 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
spysweeper.exe -> C:\Program Files (x86)\Webroot\Spy Sweeper\SpySweeper.exe -> [2008/08/09 14:42:02 | 03,585,384 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
spysweeper.exe -> C:\Program Files (x86)\Webroot\Spy Sweeper\SpySweeper.exe -> [2008/08/09 14:42:02 | 03,585,384 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
spysweeper.exe -> C:\Program Files (x86)\Webroot\Spy Sweeper\SpySweeper.exe -> [2008/08/09 14:42:02 | 03,585,384 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
spysweeperui.exe -> C:\Program Files (x86)\Webroot\Spy Sweeper\SpySweeperUI.exe -> [2008/08/09 16:04:58 | 05,418,864 | ---- | M] (Webroot Software, Inc.)
ssu.exe -> C:\Program Files (x86)\Webroot\Spy Sweeper\SSU.EXE -> [2008/08/09 14:42:02 | 00,181,608 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
ssu.exe -> C:\Program Files (x86)\Webroot\Spy Sweeper\SSU.EXE -> [2008/08/09 14:42:02 | 00,181,608 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
utorrent.exe -> C:\Program Files (x86)\uTorrent\uTorrent.exe -> [2008/08/21 22:35:30 | 00,268,592 | ---- | M] (BitTorrent, Inc.)
 
[Win32 Services - Safe List]
64bit-(AEADIFilters) Andrea ADI Filters Service [Win32_Own | Auto | Running] -> C:\Windows\SysNative\AEADISRV.EXE -> [2008/05/20 07:05:12 | 00,092,672 | ---- | M] ()
64bit-(AppMgmt) Application Management [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysNative\appmgmts.dll -> [2008/01/20 23:50:23 | 00,195,584 | ---- | M] ()
64bit-(CscService) Offline Files [Win32_Shared | Auto | Running] -> C:\Windows\SysNative\cscsvc.dll -> [2008/01/20 23:51:03 | 00,598,016 | ---- | M] ()
64bit-(nHancer) nHancer Support [Win32_Own | Auto | Running] -> C:\Program Files\nHancer\nHancerService.exe -> [2009/10/03 21:48:02 | 00,039,424 | ---- | M] (KSE - Korndörfer Software Engineering)
64bit-(UmRdpService) Terminal Services UserMode Port Redirector [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysNative\umrdp.dll -> [2008/01/20 23:51:22 | 00,252,928 | ---- | M] ()
64bit-(wbengine) Block Level Backup Engine Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysNative\wbengine.exe -> [2008/01/20 23:46:36 | 01,147,904 | ---- | M] ()
64bit-(WinDefend) Windows Defender [Win32_Shared | Auto | Running] -> C:\Program Files\Windows Defender\mpsvc.dll -> [2008/01/20 23:46:39 | 00,383,544 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/27 15:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2008/07/27 15:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation)
(ehRecvr) Windows Media Center Receiver Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehRecvr.exe -> [2008/01/20 23:50:39 | 00,344,064 | ---- | M] (Microsoft Corporation)
(ehSched) Windows Media Center Scheduler Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehsched.exe -> [2008/01/20 23:50:39 | 00,153,600 | ---- | M] (Microsoft Corporation)
(ehstart) Windows Media Center Service Launcher [Win32_Shared | Auto | Stopped] -> C:\Windows\ehome\ehstart.dll -> [2006/11/02 12:03:44 | 00,015,360 | ---- | M] (Microsoft Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -> [2008/06/19 22:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -> [2008/06/19 22:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation)
(KeyIso) CNG Key Isolation [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysWow64\keyiso.dll -> [2006/11/02 06:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation)
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009/09/23 23:52:24 | 01,028,432 | ---- | M] (Lavasoft)
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> C:\Windows\SysWow64\Msdtc -> [2006/11/02 10:34:14 | 00,000,000 | ---D | M]
(Netlogon) Netlogon [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysWow64\netlogon.dll -> [2008/01/20 23:47:35 | 00,592,384 | ---- | M] (Microsoft Corporation)
(NMIndexingService) NMIndexingService [Win32_Own | Disabled | Stopped] -> C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe -> [2007/05/08 19:47:22 | 00,271,920 | ---- | M] (Nero AG)
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Stopped] -> C:\Windows\SysWow64\PnkBstrA.exe -> [2009/07/13 22:55:25 | 00,075,064 | ---- | M] ()
(scpVista) scpVista [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Scpad\scpVista.exe -> [2009/07/10 10:54:14 | 00,136,496 | ---- | M] (Scopus Tecnologia Ltda)
(Steam Client Service) Steam Client Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Steam\SteamService.exe -> [2009/10/14 22:59:34 | 00,316,664 | ---- | M] (Valve Corporation)
(Stereo Service) NVIDIA Stereoscopic 3D Driver Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2009/08/17 01:32:00 | 00,239,648 | ---- | M] (NVIDIA Corporation)
(vds) Virtual Disk [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysWow64\Wbem\vds.mof -> [2006/11/02 03:35:15 | 00,060,994 | ---- | M] ()
(VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysWow64\Wbem\vss.mof -> [2006/11/02 03:35:15 | 00,055,846 | ---- | M] ()
(WebrootSpySweeperService) Webroot Spy Sweeper Engine [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Webroot\Spy Sweeper\SpySweeper.exe -> [2008/08/09 14:42:02 | 03,585,384 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
(WLSetupSvc) Windows Live Setup Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe -> [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
64bit-(ADIHdAudAddService) ADI UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\ADIHdAud.sys -> [2008/03/20 08:44:34 | 00,467,456 | ---- | M] ()
64bit-(atksgt) atksgt [Kernel | Auto | Running] -> C:\Windows\SysNative\DRIVERS\atksgt.sys -> [2009/07/27 19:50:29 | 00,314,016 | ---- | M] ()
64bit-(CSC) Offline Files Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\csc.sys -> [2008/01/20 23:51:03 | 00,460,800 | ---- | M] ()
64bit-(ElRawDisk) ElRawDisk [Kernel | System | Running] -> C:\Windows\SysNative\drivers\elrawdsk.sys -> [2008/12/09 13:26:50 | 00,023,464 | ---- | M] ()
64bit-(fvevol) BitLocker Drive Encryption Filter Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\DRIVERS\fvevol.sys -> [2008/01/20 23:51:10 | 00,161,848 | ---- | M] ()
64bit-(hamachi) Hamachi Network Interface [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\hamachi.sys -> [2008/07/31 20:56:40 | 00,033,344 | ---- | M] ()
64bit-(HdAudAddService) Microsoft 1.1 UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HdAudio.sys -> [2006/11/02 02:28:10 | 00,273,920 | ---- | M] ()
64bit-(Lbd) Lbd [File_System | Boot | Running] -> C:\Windows\SysNative\DRIVERS\Lbd.sys -> [2009/04/22 23:53:18 | 00,068,640 | ---- | M] ()
64bit-(lirsgt) lirsgt [Kernel | Auto | Running] -> C:\Windows\SysNative\DRIVERS\lirsgt.sys -> [2009/07/27 19:50:27 | 00,043,680 | ---- | M] ()
64bit-(MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\ASACPI.sys -> [2006/10/31 12:23:42 | 00,015,680 | ---- | M] ()
64bit-(SCDEmu) SCDEmu [Kernel | System | Running] -> C:\Windows\SysNative\drivers\scdemu.sys -> [2007/08/06 21:21:32 | 00,057,776 | ---- | M] ()
64bit-(sptd) sptd [Kernel | Boot | Running] -> C:\Windows\SysNative\Drivers\sptd.sys -> [2009/09/29 00:01:24 | 00,871,408 | ---- | M] ()
64bit-(ssfs0bbc) ssfs0bbc [Kernel | Boot | Running] -> C:\Windows\SysNative\DRIVERS\ssfs0bbc.sys -> [2008/08/09 14:42:14 | 00,036,976 | ---- | M] ()
64bit-(ssidrv) ssidrv [Kernel | Boot | Running] -> C:\Windows\SysNative\DRIVERS\ssidrv.sys -> [2008/08/09 14:42:16 | 00,124,528 | ---- | M] ()
64bit-(WpdUsb) WpdUsb [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\wpdusb.sys -> [2008/01/20 23:46:34 | 00,046,080 | ---- | M] ()
64bit-(yukonx64) NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\yk60x64.sys -> [2007/12/06 09:51:00 | 00,391,680 | ---- | M] ()
64bit-(ZSMC211) ZSMC USB PC Camera (ZS211) [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\ZS211.sys -> [2007/06/08 15:53:28 | 01,553,920 | ---- | M] ()
(CSC) Offline Files Driver [Kernel | System | Running] -> C:\Windows\CSC -> [2008/07/17 21:36:43 | 00,000,000 | ---D | M]
(is-80GIHdrv) is-80GIHdrv [File_System | System | Stopped] -> C:\Windows\SysWow64\DRIVERS\13983899.sys -> [2008/07/08 14:54:06 | 00,200,720 | ---- | M] (Kaspersky Lab)
(is-MEVA6drv) is-MEVA6drv [File_System | System | Stopped] -> C:\Windows\SysWow64\DRIVERS\81517996.sys -> [2008/07/08 14:54:06 | 00,200,720 | ---- | M] (Kaspersky Lab)
(mpsdrv) Windows Firewall Authorization Driver [Kernel | On_Demand | Running] -> C:\Windows\SysWow64\Wbem\mpsdrv.mof -> [2006/09/18 18:35:23 | 00,001,088 | ---- | M] ()
(Tcpip) TCP/IP Protocol Driver [Kernel | Boot | Running] -> C:\Windows\SysWow64\Wbem\tcpip.mof -> [2006/09/18 18:36:40 | 00,003,066 | ---- | M] ()
 
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\"" ->  -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
HKEY_LOCAL_MACHINE\: SearchURL\\"" ->  -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3986062757-159762674-2660532132-1000\] > -> -> 
HKEY_USERS\S-1-5-21-3986062757-159762674-2660532132-1000\: Main\\"Local Page" -> C:\Windows\system32\blank.htm -> 
HKEY_USERS\S-1-5-21-3986062757-159762674-2660532132-1000\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_USERS\S-1-5-21-3986062757-159762674-2660532132-1000\: Main\\"Start Page" -> about:blank -> 
HKEY_USERS\S-1-5-21-3986062757-159762674-2660532132-1000\: Main\\"StartPageCache" -> 1 -> 
HKEY_USERS\S-1-5-21-3986062757-159762674-2660532132-1000\: Search\\"" ->  -> 
HKEY_USERS\S-1-5-21-3986062757-159762674-2660532132-1000\: SearchURL\\"" ->  -> 
HKEY_USERS\S-1-5-21-3986062757-159762674-2660532132-1000\: URLSearchHooks\\"{E312764E-7706-43F1-8DAB-FCDD2B1E416D}" [HKLM] -> C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll [Reg Error: Value error.] -> [2009/07/29 15:39:38 | 01,153,024 | ---- | M] (Spigot, Inc.)
HKEY_USERS\S-1-5-21-3986062757-159762674-2660532132-1000\: "ProxyEnable" -> 0 -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/09/11 13:47:21 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
< HOSTS File > (1108 bytes and 27 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 
First 25 entries...
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Facilitador de Leitor de Link Adobe PDF] -> [2006/10/22 23:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)
{2E3C3651-B19C-4DD9-A979-901EC3E930AF} [HKLM] -> C:\Program Files (x86)\Scpad\scpsssh2.dll [ssh2 Class] -> [2009/07/10 10:50:46 | 00,214,320 | ---- | M] (Scopus Tecnologia Ltda)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Auxiliar de Conexão do Windows Live] -> [2009/01/22 15:41:30 | 00,408,448 | ---- | M] (Microsoft Corporation)
{B922D405-6D13-4A2B-AE89-08A030DA4402} [HKLM] -> C:\Program Files (x86)\pdfforge Toolbar\pdfforgeToolbarIE.dll [pdfforge Toolbar] -> [2009/07/31 02:00:24 | 00,698,880 | ---- | M] (Spigot, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/09/13 22:18:09 | 00,041,760 | ---- | M] (Sun Microsystems, Inc.)
{E312764E-7706-43F1-8DAB-FCDD2B1E416D} [HKLM] -> C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll [Reg Error: Value error.] -> [2009/07/29 15:39:38 | 01,153,024 | ---- | M] (Spigot, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{B922D405-6D13-4A2B-AE89-08A030DA4402}" [HKLM] -> C:\Program Files (x86)\pdfforge Toolbar\pdfforgeToolbarIE.dll [pdfforge Toolbar] -> [2009/07/31 02:00:24 | 00,698,880 | ---- | M] (Spigot, Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Adobe Reader Speed Launcher" -> C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe ["C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2008/10/15 01:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"Ad-Watch" -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe ["C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe"] -> [2009/09/23 23:52:26 | 00,520,024 | ---- | M] (Lavasoft)
"MMTray" -> C:\Windows\SysWow64\MMTray.exe ["C:\Windows\system32\MMTray.exe"] -> File not found
"QuickTime Task" -> C:\Program Files (x86)\QuickTime\QTTask.exe ["C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime] -> [2009/09/05 01:54:42 | 00,417,792 | ---- | M] (Apple Inc.)
"SearchSettings" -> C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe ["C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe"] -> [2009/07/29 15:52:10 | 01,024,512 | ---- | M] (Spigot, Inc.)
"SoundMAXPnP" -> C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe ["C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe"] -> [2008/03/17 06:40:44 | 01,302,528 | ---- | M] (Analog Devices, Inc.)
"SpySweeper" -> C:\Program Files (x86)\Webroot\Spy Sweeper\SpySweeperUI.exe ["C:\Program Files (x86)\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray] -> [2008/08/09 16:04:58 | 05,418,864 | ---- | M] (Webroot Software, Inc.)
"SunJavaUpdateSched" -> C:\Program Files (x86)\Java\jre6\bin\jusched.exe ["C:\Program Files (x86)\Java\jre6\bin\jusched.exe"] -> [2009/09/13 22:18:09 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2008/01/20 23:46:39 | 01,233,920 | ---- | M] (Microsoft Corporation)
"WindowsWelcomeCenter" -> C:\Windows\SysWow64\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2008/01/20 23:46:58 | 02,153,472 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2008/01/20 23:46:39 | 01,233,920 | ---- | M] (Microsoft Corporation)
"WindowsWelcomeCenter" -> C:\Windows\SysWow64\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2008/01/20 23:46:58 | 02,153,472 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-21-3986062757-159762674-2660532132-1000\] > -> HKEY_USERS\S-1-5-21-3986062757-159762674-2660532132-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"DAEMON Tools Lite" -> C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe ["C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun] -> [2009/04/23 10:51:38 | 00,691,656 | ---- | M] (DT Soft Ltd)
"ehTray.exe" -> C:\Windows\ehome\ehTray.exe ["C:\Windows\ehome\ehTray.exe"] -> [2008/01/20 23:50:36 | 00,138,240 | ---- | M] (Microsoft Corporation)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" ->  [1] -> File not found
\\"ForceActiveDesktopOn" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [2] -> File not found
\\"ConsentPromptBehaviorUser" ->  [1] -> File not found
\\"EnableInstallerDetection" ->  [1] -> File not found
\\"EnableLUA" ->  [1] -> File not found
\\"EnableSecureUIAPaths" ->  [1] -> File not found
\\"EnableVirtualization" ->  [1] -> File not found
\\"PromptOnSecureDesktop" ->  [1] -> File not found
\\"ValidateAdminCodeSignatures" ->  [0] -> File not found
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"scforceoption" ->  [0] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
\\"FilterAdministratorToken" ->  [0] -> File not found
\\"EnableUIADesktopToggle" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
\UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" ->  [1] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" ->  [2] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" ->  [7] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIB" ->  [8] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" ->  [9] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" ->  [13] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" ->  [17] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3986062757-159762674-2660532132-1000] > -> HKEY_USERS\S-1-5-21-3986062757-159762674-2660532132-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}:Exec [HKLM] -> C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe [Button: PokerStars] -> [2009/09/03 21:16:57 | 00,562,968 | ---- | M] (PokerStars)
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-3986062757-159762674-2660532132-1000\] > -> HKEY_USERS\S-1-5-21-3986062757-159762674-2660532132-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-3986062757-159762674-2660532132-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3986062757-159762674-2660532132-1000\] > -> HKEY_USERS\S-1-5-21-3986062757-159762674-2660532132-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-3986062757-159762674-2660532132-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab [QuickTime Object] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] -> 
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab [Java Plug-in 1.5.0_03] -> 
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab [Shockwave Flash Object] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 201.6.0.112 192.168.0.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{299928BF-AE4C-468C-9D47-77A4BA23F0DA}\\DhcpNameServer -> 201.6.0.112 192.168.0.1   (Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller) -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\explorer.exe -> [2008/10/29 03:49:22 | 03,080,704 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2008/10/29 03:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{A3717295-941D-416F-9384-ED1736729F1C}" [HKLM] -> C:\Program Files (x86)\Scpad\scpLIB.dll [CompIBBrd] -> [2009/07/10 10:52:50 | 00,202,032 | ---- | M] (Scopus Tecnologia Ltda)
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> 
"{A3717295-941D-416F-9384-ED1736729F1C}" [HKLM] -> C:\Program Files (x86)\Scpad\scpLIB.dll [scpLIB] -> [2009/07/10 10:52:50 | 00,202,032 | ---- | M] (Scopus Tecnologia Ltda)
< Vista Public Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications -> 
< Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications -> 
64bit-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
\List\\"C:\Users\Thiago\AppData\Local\Temp\Ace.Selfextractor.exe" -> C:\Users\Thiago\AppData\Local\Temp\Ace.Selfextractor.exe [C:\Users\Thiago\AppData\Local\Temp\Ace.Selfextractor.exe:*:Enabled:Windows Messanger] -> File not found
\List\\"C:\\ar1uh2Ts.exe" -> C:\ar1uh2Ts.exe [C:\\ar1uh2Ts.exe:*:Enabled:Windows Messanger] -> File not found
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{238AF254-1C9A-45A7-BE6A-96B112B8E6BF} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system | 
{9B605A1B-9F20-4C33-AB61-E32567FA1C4E} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv | 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{0FA3767F-E096-4097-8819-AFF0C8609135} -> profile=private | protocol=6 | dir=in | action=allow | name=batman: arkham asylum | app=d:\jogos\batman arkham asylum\binaries\shippingpc-bmgame.exe | 
{10EACC76-D692-4690-A7B6-99A268E846E1} -> profile=private | protocol=17 | dir=in | action=allow | name=sid meier's civilization 4 | app=d:\jogos\sid meier's civilization 4\civilization4.exe | 
{21AA64FF-16C5-48C4-B6AB-2A3055D337C9} -> profile=private | protocol=17 | dir=in | action=allow | name=sid meier's civilization 4 warlords | app=d:\jogos\sid meier's civilization 4\warlords\civ4warlords.exe | 
{243E4D49-5D1E-420E-8A44-469461BE81EE} -> profile=private | protocol=17 | dir=in | action=allow | name=far cry 2 updater | app=d:\jogos\far cry 2\bin\fc2launcher.exe | 
{29C8AB65-B3AB-4D75-91F4-AB556DFACE4F} -> profile=private | protocol=17 | dir=in | action=allow | name=μtorrent (udp-in) | app=c:\program files (x86)\utorrent\utorrent.exe | 
{31EBC37B-9CE9-4939-BCE0-B3D6230C4FDA} -> profile=private | protocol=17 | dir=in | action=allow | name=football manager 2010 demo | app=d:\jogos\steam\steamapps\common\football manager 2010 demo\fm.exe | 
{419D104F-76DF-4F37-AB93-22AC1F6ACD3D} -> profile=private | protocol=17 | dir=in | action=allow | name=anno 1404 | app=d:\jogos\anno 1404\anno4.exe | 
{43D26F4E-42F5-46C0-A8EF-8280FB2C74A0} -> profile=private | protocol=17 | dir=in | action=allow | name=sid meier's civilization 4 pitboss | app=d:\jogos\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe | 
{46B46765-CEA0-4969-A376-58EE9FB9AF9E} -> profile=private | protocol=17 | dir=in | action=allow | name=race 07 | app=d:\jogos\steam\steamapps\tfarina\race 07\steamproxy.exe | 
{488FAE75-19D7-4E7C-A5A8-7116E1D990FA} -> profile=private | protocol=6 | dir=in | action=allow | name=football manager 2010 demo | app=d:\jogos\steam\steamapps\common\football manager 2010 demo\fm.exe | 
{54E11176-020B-4F10-B3AD-2CA397E87737} -> profile=private | protocol=17 | dir=in | action=allow | name=sid meier's civilization 4 beyond the sword | app=d:\jogos\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe | 
{562F7698-0091-4867-93DB-04AC6219A450} -> profile=private | protocol=6 | dir=in | action=allow | name=race 07 | app=d:\jogos\steam\steamapps\tfarina\race 07\steamproxy.exe | 
{66FB6547-DAAC-48F9-B908-54D729C7D1E9} -> profile=private | protocol=17 | dir=in | action=allow | name=pnkbstra | app=c:\windows\syswow64\pnkbstra.exe | 
{77D9B4D9-4271-40A8-9A01-7E604F196A86} -> profile=private | protocol=6 | dir=in | action=allow | name=sid meier's civilization 4 warlords | app=d:\jogos\sid meier's civilization 4\warlords\civ4warlords.exe | 
{7AF224A3-BE7B-49DF-A897-B3287DBAC443} -> profile=private | protocol=6 | dir=in | action=allow | name=anno 1404 | app=d:\jogos\anno 1404\anno4.exe | 
{81F7405B-B47E-4BD1-8EC9-1A964DD8380E} -> profile=private | protocol=17 | dir=in | action=allow | name=editor | app=d:\jogos\far cry 2\bin\fc2editor.exe | 
{87E3751A-589C-47D4-BD19-7085D155FD1F} -> profile=private | protocol=6 | dir=in | action=allow | name=sid meier's civilization 4 pitboss | app=d:\jogos\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe | 
{8A94D57A-1023-462D-A43B-4CE97E949FA9} -> profile=private | protocol=6 | dir=in | action=allow | name=pnkbstra | app=c:\windows\syswow64\pnkbstra.exe | 
{8B28F64D-9FB1-4F46-A479-B488BDDC724A} -> profile=private | protocol=6 | dir=in | action=allow | name=editor | app=d:\jogos\far cry 2\bin\fc2editor.exe | 
{8FAD4750-9E63-4B97-B2BC-429360CE5A9F} -> profile=private | protocol=17 | dir=in | action=allow | name=anno 1404 web | app=d:\jogos\anno 1404\tools\anno4web.exe | 
{93FEBA8A-FCC8-48B8-B916-F894670073E0} -> profile=private | protocol=6 | dir=in | action=allow | name=anno 1404 web | app=d:\jogos\anno 1404\tools\anno4web.exe | 
{9AA7E03C-0903-42C8-B2BA-6A1990E1F69A} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
{A465FFE1-88BD-44A6-B6CE-0D04DABD44AD} -> dir=in | action=allow | name=windows live call | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
{B1C10607-BFEA-4186-8102-7D8EF987086F} -> profile=private | protocol=6 | dir=in | action=allow | name=far cry 2 updater | app=d:\jogos\far cry 2\bin\fc2launcher.exe | 
{B22D7856-D05D-40E3-A25A-E05AFE284EB5} -> profile=private | protocol=17 | dir=in | action=allow | name=race 07 | app=d:\jogos\steam\steamapps\tfarina\race 07\config.exe | 
{B48835C4-93B7-48B0-994F-483E90EE07AC} -> profile=private | protocol=6 | dir=in | action=allow | name=μtorrent (tcp-in) | app=c:\program files (x86)\utorrent\utorrent.exe | 
{B6586728-DFF0-4B98-81E9-1B713D574043} -> profile=private | protocol=6 | dir=in | action=allow | name=far cry 2 | app=d:\jogos\far cry 2\bin\farcry2.exe | 
{C3D3F8B4-368F-4869-899A-4F342C7B9624} -> profile=private | protocol=6 | dir=in | action=allow | name=pnkbstrb | app=c:\windows\syswow64\pnkbstrb.exe | 
{C4AC555E-1B0E-4C63-9641-57ABC6173980} -> profile=private | protocol=6 | dir=in | action=allow | name=sid meier's civilization 4 | app=d:\jogos\sid meier's civilization 4\civilization4.exe | 
{CCBC38F1-7807-4D2C-AAD3-593F594C2B56} -> profile=private | protocol=17 | dir=in | action=allow | name=sid meier's civilization 4 beyond the sword pitboss | app=d:\jogos\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe | 
{D6F3C6EB-0182-46ED-AEBD-1C2B3BB08779} -> profile=private | protocol=17 | dir=in | action=allow | name=far cry 2 | app=d:\jogos\far cry 2\bin\farcry2.exe | 
{E2012A51-B0AB-4C6D-A944-849A33601FF2} -> profile=private | protocol=6 | dir=in | action=allow | name=sid meier's civilization 4 beyond the sword | app=d:\jogos\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe | 
{E364309E-7DA5-46EC-BB14-2B1E678DD823} -> profile=private | protocol=17 | dir=in | action=allow | name=pnkbstrb | app=c:\windows\syswow64\pnkbstrb.exe | 
{E3FA42B0-FA7B-42F1-8C28-BF617196669F} -> profile=private | protocol=6 | dir=in | action=allow | name=sid meier's civilization 4 beyond the sword pitboss | app=d:\jogos\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe | 
{EFA483DA-1ECA-4938-BBCF-4AA461AA9CAC} -> profile=private | protocol=17 | dir=in | action=allow | name=batman: arkham asylum | app=d:\jogos\batman arkham asylum\binaries\shippingpc-bmgame.exe | 
{F4F2C665-BF26-45CF-9155-2ACC5577A08D} -> profile=private | protocol=6 | dir=in | action=allow | name=race 07 | app=d:\jogos\steam\steamapps\tfarina\race 07\config.exe | 
TCP Query User{0DAA6D6A-AD25-43A5-B066-2350FCE65252}C:\program files (x86)\internet explorer\iexplore.exe -> profile=private | protocol=6 | dir=in | action=allow | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe | 
TCP Query User{465B6304-8E34-4D87-96C9-6ABB1CFB21C3}C:\program files (x86)\electronic arts\eadm\core.exe -> profile=public | protocol=6 | dir=in | action=block | name=ea download manager | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
TCP Query User{553ABAB9-D0AC-40B8-B142-DFE2D9AFE7DF}D:\jogos\batman.arkham.asylum-kaos\binaries\shippingpc-bmgame.exe -> profile=private | protocol=6 | dir=in | action=allow | name=bmgame | app=d:\jogos\batman.arkham.asylum-kaos\binaries\shippingpc-bmgame.exe | 
TCP Query User{5AA47E88-0A77-482D-AA76-CD4EBE391314}D:\jogos\steam\steamapps\tfarina\race 07\race_steam.exe -> profile=private | protocol=6 | dir=in | action=allow | name=race 07 | app=d:\jogos\steam\steamapps\tfarina\race 07\race_steam.exe | 
TCP Query User{A3962BC9-34E1-4883-95D0-E4468F7A808C}C:\program files (x86)\java\jre6\bin\javaw.exe -> profile=public | protocol=6 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
TCP Query User{A735DEDF-EC96-4B87-A8E9-806B86C297A3}D:\jogos\batman.arkham.asylum-kaos\binaries\shippingpc-bmgame.exe -> profile=public | protocol=6 | dir=in | action=block | name=bmgame | app=d:\jogos\batman.arkham.asylum-kaos\binaries\shippingpc-bmgame.exe | 
TCP Query User{BEE807F6-7721-4348-8B17-0E0EE580DD00}C:\program files (x86)\electronic arts\eadm\core.exe -> profile=private | protocol=6 | dir=in | action=allow | name=ea download manager | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
TCP Query User{BFDBE6BF-9F59-4301-A619-10B64B65E56F}D:\jogos\steam\steamapps\tfarina\race 07\race_steam.exe -> profile=public | protocol=6 | dir=in | action=allow | name=race 07 | app=d:\jogos\steam\steamapps\tfarina\race 07\race_steam.exe | 
TCP Query User{DAD9D1EA-2368-43D9-8052-48FF2F3E4A42}C:\program files (x86)\utorrent\utorrent.exe -> profile=public | protocol=6 | dir=in | action=allow | name=utorrent | app=c:\program files (x86)\utorrent\utorrent.exe | 
TCP Query User{EDC89393-516E-4448-8E03-25BF5F12AA5C}C:\program files (x86)\internet explorer\iexplore.exe -> profile=public | protocol=6 | dir=in | action=allow | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe | 
TCP Query User{FED4227A-26CA-44A0-AD7D-1CE0CFA95270}C:\program files (x86)\utorrent\utorrent.exe -> profile=private | protocol=6 | dir=in | action=allow | name=utorrent | app=c:\program files (x86)\utorrent\utorrent.exe | 
UDP Query User{0099196F-A76F-44BC-8821-D8F88A712C5B}C:\program files (x86)\java\jre6\bin\javaw.exe -> profile=public | protocol=17 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
UDP Query User{2D33495C-B894-44B0-8D65-6ACC2B3F5BE8}C:\program files (x86)\utorrent\utorrent.exe -> profile=private | protocol=17 | dir=in | action=allow | name=utorrent | app=c:\program files (x86)\utorrent\utorrent.exe | 
UDP Query User{30F1602A-64C9-4FB0-8D3A-C452D3F297BD}D:\jogos\steam\steamapps\tfarina\race 07\race_steam.exe -> profile=public | protocol=17 | dir=in | action=allow | name=race 07 | app=d:\jogos\steam\steamapps\tfarina\race 07\race_steam.exe | 
UDP Query User{34D96BB4-5AD3-4DC1-86E5-F4F688AF0809}C:\program files (x86)\internet explorer\iexplore.exe -> profile=public | protocol=17 | dir=in | action=allow | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe | 
UDP Query User{647F9780-EE6D-463D-B077-C0C989B3BDB1}C:\program files (x86)\internet explorer\iexplore.exe -> profile=private | protocol=17 | dir=in | action=allow | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe | 
UDP Query User{A8DCE47D-804A-4FCB-8FE7-C365AA09A71A}C:\program files (x86)\electronic arts\eadm\core.exe -> profile=private | protocol=17 | dir=in | action=allow | name=ea download manager | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
UDP Query User{B0AA2F59-7ED5-4E83-9301-0DA51BAB3095}D:\jogos\steam\steamapps\tfarina\race 07\race_steam.exe -> profile=private | protocol=17 | dir=in | action=allow | name=race 07 | app=d:\jogos\steam\steamapps\tfarina\race 07\race_steam.exe | 
UDP Query User{BD6CCB12-7140-4A8D-8865-5BDE42A1F207}D:\jogos\batman.arkham.asylum-kaos\binaries\shippingpc-bmgame.exe -> profile=private | protocol=17 | dir=in | action=allow | name=bmgame | app=d:\jogos\batman.arkham.asylum-kaos\binaries\shippingpc-bmgame.exe | 
UDP Query User{C8419720-F5D9-440A-9219-3E71A2C51D63}C:\program files (x86)\utorrent\utorrent.exe -> profile=public | protocol=17 | dir=in | action=allow | name=utorrent | app=c:\program files (x86)\utorrent\utorrent.exe | 
UDP Query User{DA9705B6-4104-43BC-8B6A-1864109A7B00}D:\jogos\batman.arkham.asylum-kaos\binaries\shippingpc-bmgame.exe -> profile=public | protocol=17 | dir=in | action=block | name=bmgame | app=d:\jogos\batman.arkham.asylum-kaos\binaries\shippingpc-bmgame.exe | 
UDP Query User{F6708E8F-89B0-4849-AD15-3324DE35952D}C:\program files (x86)\electronic arts\eadm\core.exe -> profile=public | protocol=17 | dir=in | action=block | name=ea download manager | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\\ar1uh2Ts.exe" -> C:\ar1uh2Ts.exe [C:\\ar1uh2Ts.exe:*:Enabled:Windows Messanger] -> File not found
"C:\Users\Thiago\AppData\Local\Temp\Ace.Selfextractor.exe" -> C:\Users\Thiago\AppData\Local\Temp\Ace.Selfextractor.exe [C:\Users\Thiago\AppData\Local\Temp\Ace.Selfextractor.exe:*:Enabled:Windows Messanger] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> C:\Windows\SysNative\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/01/20 23:46:02 | 00,079,872 | ---- | M] ()
< Drives with AutoRun files > ->  -> 
E:\autorun.inf [[autorun] | OPEN=USLaunch.exe | ICON=USLaunch.exe,0 | label=GTR 2 | ] -> E:\autorun.inf [ CDFS ] -> [2006/08/16 23:23:37 | 00,000,062 | R--- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\F
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\shell
\F\shell\\"" ->  [AutoRun] -> File not found
\{6016e4b2-5461-11dd-8c21-806e6f6e6963}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6016e4b2-5461-11dd-8c21-806e6f6e6963}\shell
\{6016e4b2-5461-11dd-8c21-806e6f6e6963}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6016e4b2-5461-11dd-8c21-806e6f6e6963}\shell\AutoRun\command
\{6016e4b2-5461-11dd-8c21-806e6f6e6963}\shell\AutoRun\command\\"" -> E:\USLaunch.exe [E:\USLaunch.exe] -> [2006/08/16 23:23:37 | 00,831,488 | R--- | M] ()
\{80b38ebb-6b0c-11de-a6f7-001e8c0049bd}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80b38ebb-6b0c-11de-a6f7-001e8c0049bd}\shell
\{80b38ebb-6b0c-11de-a6f7-001e8c0049bd}\shell\\"" ->  [AutoRun] -> File not found
\{830defee-aca4-11de-ac4f-001e8c0049bd}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{830defee-aca4-11de-ac4f-001e8c0049bd}\shell
\{830defee-aca4-11de-ac4f-001e8c0049bd}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{830defee-aca4-11de-ac4f-001e8c0049bd}\shell\AutoRun\command
\{830defee-aca4-11de-ac4f-001e8c0049bd}\shell\AutoRun\command\\"" -> F:\AUTOSTARTER.EXE [F:\AUTOSTARTER.EXE] -> File not found
\{ea8803ce-1d79-11de-ad4e-001e8c0049bd}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea8803ce-1d79-11de-ad4e-001e8c0049bd}\shell
\{ea8803ce-1d79-11de-ad4e-001e8c0049bd}\shell\\"" ->  [AutoRun] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-comfile [open] -> "%1" %* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
comfile [open] -> "%1" %* -> File not found
exefile [open] -> "%1" %* -> File not found
 
 
[Files/Folders - Created Within 90 Days]
ProgramData -> C:\ProgramData -> [2009/10/06 22:26:29 | 00,000,000 | ---D | M]
Apple Computer -> C:\ProgramData\Apple Computer -> [2009/09/27 14:16:52 | 00,000,000 | ---D | M]
Cloanto -> C:\ProgramData\Cloanto -> [2009/08/23 12:24:22 | 00,000,000 | ---D | M]
DAEMON Tools Lite -> C:\ProgramData\DAEMON Tools Lite -> [2009/09/29 00:04:53 | 00,000,000 | ---D | M]
Electronic Arts -> C:\ProgramData\Electronic Arts -> [2009/09/23 12:20:04 | 00,000,000 | ---D | M]
Media Center Programs -> C:\ProgramData\Media Center Programs -> [2009/10/14 21:19:30 | 00,000,000 | ---D | M]
nHancer -> C:\ProgramData\nHancer -> [2009/10/06 22:28:00 | 00,000,000 | ---D | M]
NVIDIA -> C:\ProgramData\NVIDIA -> [2009/10/15 22:57:54 | 00,000,000 | ---D | M]
Sports Interactive -> C:\ProgramData\Sports Interactive -> [2009/10/14 23:02:41 | 00,000,000 | ---D | M]
Tages -> C:\ProgramData\Tages -> [2009/07/27 22:00:23 | 00,000,000 | ---D | M]
TEMP -> C:\ProgramData\TEMP -> [2009/10/15 22:57:36 | 00,000,000 | ---D | M]
Roaming -> C:\Users\Thiago\AppData\Roaming -> [2009/10/06 22:27:07 | 00,000,000 | ---D | M]
Cloanto -> C:\Users\Thiago\AppData\Roaming\Cloanto -> [2009/08/20 18:39:00 | 00,000,000 | ---D | M]
DAEMON Tools Lite -> C:\Users\Thiago\AppData\Roaming\DAEMON Tools Lite -> [2009/09/29 00:06:31 | 00,000,000 | ---D | M]
GetRightToGo -> C:\Users\Thiago\AppData\Roaming\GetRightToGo -> [2009/09/11 13:38:48 | 00,000,000 | ---D | M]
Microsoft -> C:\Users\Thiago\AppData\Roaming\Microsoft -> [2009/09/14 13:02:17 | 00,000,000 | --SD | M]
nHancer -> C:\Users\Thiago\AppData\Roaming\nHancer -> [2009/10/06 22:27:07 | 00,000,000 | ---D | M]
Sports Interactive -> C:\Users\Thiago\AppData\Roaming\Sports Interactive -> [2009/10/14 23:01:45 | 00,000,000 | ---D | M]
Ubisoft -> C:\Users\Thiago\AppData\Roaming\Ubisoft -> [2009/07/27 22:33:46 | 00,000,000 | ---D | M]
uTorrent -> C:\Users\Thiago\AppData\Roaming\uTorrent -> [2009/10/15 23:00:42 | 00,000,000 | ---D | M]
Local -> C:\Users\Thiago\AppData\Local -> [2009/10/15 22:52:13 | 00,000,000 | ---D | M]
Microsoft -> C:\Users\Thiago\AppData\Local\Microsoft -> [2009/09/25 20:43:25 | 00,000,000 | ---D | M]
Microsoft Games -> C:\Users\Thiago\AppData\Local\Microsoft Games -> [2009/10/04 14:12:28 | 00,000,000 | ---D | M]
PokerStars -> C:\Users\Thiago\AppData\Local\PokerStars -> [2009/10/04 13:00:20 | 00,000,000 | ---D | M]
PowerChallenge -> C:\Users\Thiago\AppData\Local\PowerChallenge -> [2009/08/26 21:30:28 | 00,000,000 | ---D | M]
Risen -> C:\Users\Thiago\AppData\Local\Risen -> [2009/09/29 00:18:27 | 00,000,000 | ---D | M]
Temp -> C:\Users\Thiago\AppData\Local\Temp -> [2009/10/15 22:59:29 | 00,000,000 | ---D | M]
Unity -> C:\Users\Thiago\AppData\Local\Unity -> [2009/08/18 01:01:34 | 00,000,000 | ---D | M]
Common Files -> C:\Program Files (x86)\Common Files -> [2009/10/15 09:01:08 | 00,000,000 | ---D | M]
Apple -> C:\Program Files (x86)\Common Files\Apple -> [2009/09/27 14:18:15 | 00,000,000 | ---D | M]
Cloanto -> C:\Program Files (x86)\Common Files\Cloanto -> [2009/08/23 12:24:22 | 00,000,000 | ---D | M]
microsoft shared -> C:\Program Files (x86)\Common Files\microsoft shared -> [2009/10/13 23:43:32 | 00,000,000 | ---D | M]
Steam -> C:\Program Files (x86)\Common Files\Steam -> [2009/10/15 22:48:24 | 00,000,000 | ---D | M]
Wise Installation Wizard -> C:\Program Files (x86)\Common Files\Wise Installation Wizard -> [2009/10/10 11:09:48 | 00,000,000 | ---D | M]
Program Files (x86) -> C:\Program Files (x86) -> [2009/10/06 13:14:52 | 00,000,000 | R--D | M]
7-Zip -> C:\Program Files (x86)\7-Zip -> [2009/09/29 22:03:52 | 00,000,000 | ---D | M]
AGEIA Technologies -> C:\Program Files (x86)\AGEIA Technologies -> [2009/09/22 13:25:56 | 00,000,000 | ---D | M]
Common Files -> C:\Program Files (x86)\Common Files -> [2009/10/15 09:01:08 | 00,000,000 | ---D | M]
DAEMON Tools Lite -> C:\Program Files (x86)\DAEMON Tools Lite -> [2009/09/29 00:04:50 | 00,000,000 | ---D | M]
DAEMON Tools Toolbar -> C:\Program Files (x86)\DAEMON Tools Toolbar -> [2009/09/29 00:04:50 | 00,000,000 | ---D | M]
GameVicio -> C:\Program Files (x86)\GameVicio -> [2009/10/10 11:38:23 | 00,000,000 | ---D | M]
InstallShield Installation Information -> C:\Program Files (x86)\InstallShield Installation Information -> [2009/10/10 10:53:31 | 00,000,000 | -H-D | M]
Java -> C:\Program Files (x86)\Java -> [2009/09/13 22:17:58 | 00,000,000 | ---D | M]
Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2009/10/09 19:07:33 | 00,000,000 | ---D | M]
NVIDIA Corporation -> C:\Program Files (x86)\NVIDIA Corporation -> [2009/09/15 21:26:57 | 00,000,000 | ---D | M]
PDFCreator -> C:\Program Files (x86)\PDFCreator -> [2009/09/07 20:24:57 | 00,000,000 | ---D | M]
pdfforge Toolbar -> C:\Program Files (x86)\pdfforge Toolbar -> [2009/09/07 20:23:26 | 00,000,000 | ---D | M]
PokerStars -> C:\Program Files (x86)\PokerStars -> [2009/09/14 21:35:08 | 00,000,000 | ---D | M]
QuickTime -> C:\Program Files (x86)\QuickTime -> [2009/09/27 14:17:03 | 00,000,000 | ---D | M]
Scpad -> C:\Program Files (x86)\Scpad -> [2009/10/06 13:14:52 | 00,000,000 | ---D | M]
Common Files -> C:\Program Files\Common Files -> [2009/08/20 18:19:28 | 00,000,000 | ---D | M]
Cloanto -> C:\Program Files\Common Files\Cloanto -> [2009/08/20 18:19:28 | 00,000,000 | ---D | M]
Program Files -> C:\Program Files -> [2009/10/06 22:26:29 | 00,000,000 | R--D | M]
activePDF -> C:\Program Files\activePDF -> [2009/09/07 20:10:25 | 00,000,000 | ---D | M]
Common Files -> C:\Program Files\Common Files -> [2009/08/20 18:19:28 | 00,000,000 | ---D | M]
nHancer -> C:\Program Files\nHancer -> [2009/10/06 22:26:29 | 00,000,000 | ---D | M]
OTS.exe -> C:\Users\Thiago\Desktop\OTS.exe -> [2009/10/15 22:53:27 | 00,519,168 | ---- | C] (OldTimer Tools)
TFC.exe -> C:\Users\Thiago\Desktop\TFC.exe -> [2009/10/15 22:52:32 | 00,271,872 | ---- | C] (OldTimer Tools)
Sports Interactive -> C:\Users\Thiago\Documents\Sports Interactive -> [2009/10/14 23:01:46 | 00,000,000 | ---D | C]
BioWare -> C:\Users\Thiago\Documents\BioWare -> [2009/10/13 23:46:23 | 00,000,000 | ---D | C]
EliTriIP.exe -> C:\Users\Thiago\Desktop\EliTriIP.exe -> [2009/10/09 19:06:16 | 00,101,899 | ---- | C] (Satinfo S L)
EliStarA.exe -> C:\Users\Thiago\Desktop\EliStarA.exe -> [2009/10/09 19:05:54 | 00,615,435 | ---- | C] (Satinfo S L)
nHancer -> C:\ProgramData\nHancer -> [2009/10/06 22:26:29 | 00,000,000 | ---D | C]
DAEMON Tools Lite -> C:\ProgramData\DAEMON Tools Lite -> [2009/09/29 00:04:53 | 00,000,000 | ---D | C]
Apple Computer -> C:\ProgramData\Apple Computer -> [2009/09/27 14:16:52 | 00,000,000 | ---D | C]
btmaa_br[www.gamevicio.com.br].exe -> C:\Users\Thiago\Desktop\btmaa_br[www.gamevicio.com.br].exe -> [2009/09/24 00:28:01 | 00,713,591 | ---- | C] (GameVicio Brasil®)
NFS SHIFT -> C:\Users\Thiago\Documents\NFS SHIFT -> [2009/09/22 21:21:04 | 00,000,000 | ---D | C]
RECYCLER -> C:\RECYCLER -> [2009/09/22 14:05:27 | 00,000,000 | RHSD | C]
serdit.exe -> C:\Windows\SysWow64\serdit.exe -> [2009/09/22 13:51:05 | 00,090,112 | ---- | C] (Microsoft Corporation)
MegaJogos -> C:\Users\Thiago\MegaJogos -> [2009/09/13 22:20:37 | 00,000,000 | ---D | C]
Sun -> C:\Windows\Sun -> [2009/09/13 22:20:28 | 00,000,000 | ---D | C]
infocardcpl.cpl -> C:\Windows\SysWow64\infocardcpl.cpl -> [2009/09/11 13:44:01 | 00,037,384 | ---- | C] (Microsoft Corporation)
icardres.dll -> C:\Windows\SysWow64\icardres.dll -> [2009/09/11 13:43:53 | 00,011,264 | ---- | C] (Microsoft Corporation)
PresentationNative_v0300.dll -> C:\Windows\SysWow64\PresentationNative_v0300.dll -> [2009/09/11 13:43:52 | 00,781,344 | ---- | C] (Microsoft Corporation)
PresentationHostProxy.dll -> C:\Windows\SysWow64\PresentationHostProxy.dll -> [2009/09/11 13:43:52 | 00,043,544 | ---- | C] (Microsoft Corporation)
icardagt.exe -> C:\Windows\SysWow64\icardagt.exe -> [2009/09/11 13:43:51 | 00,622,080 | ---- | C] (Microsoft Corporation)
infocardapi.dll -> C:\Windows\SysWow64\infocardapi.dll -> [2009/09/11 13:43:51 | 00,097,800 | ---- | C] (Microsoft Corporation)
PresentationCFFRasterizerNative_v0300.dll -> C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll -> [2009/09/11 13:43:45 | 00,105,016 | ---- | C] (Microsoft Corporation)
PresentationHost.exe -> C:\Windows\SysWow64\PresentationHost.exe -> [2009/09/11 13:43:43 | 00,326,160 | ---- | C] (Microsoft Corporation)
netfxperf.dll -> C:\Windows\SysWow64\netfxperf.dll -> [2009/09/11 13:37:07 | 00,041,984 | ---- | C] (Microsoft Corporation)
dfshim.dll -> C:\Windows\SysWow64\dfshim.dll -> [2009/09/11 13:36:55 | 00,096,760 | ---- | C] (Microsoft Corporation)
mscoree.dll -> C:\Windows\SysWow64\mscoree.dll -> [2009/09/11 13:36:44 | 00,282,112 | ---- | C] (Microsoft Corporation)
mscorier.dll -> C:\Windows\SysWow64\mscorier.dll -> [2009/09/11 13:36:36 | 00,158,720 | ---- | C] (Microsoft Corporation)
mscories.dll -> C:\Windows\SysWow64\mscories.dll -> [2009/09/11 13:36:32 | 00,083,968 | ---- | C] (Microsoft Corporation)
eidos_dlm_WMN3G-MYA7L-JW7T7-XX6WR.exe -> C:\Users\Thiago\Desktop\eidos_dlm_WMN3G-MYA7L-JW7T7-XX6WR.exe -> [2009/09/11 12:12:53 | 00,347,277 | ---- | C] (Eidos Interactive Limited)
Eidos -> C:\Users\Thiago\Documents\Eidos -> [2009/09/10 19:36:17 | 00,000,000 | ---D | C]
MSCOMCTL.OCX -> C:\Windows\SysWow64\MSCOMCTL.OCX -> [2009/09/07 20:22:45 | 01,071,088 | ---- | C] (Microsoft Corporation)
MSCOMCT2.OCX -> C:\Windows\SysWow64\MSCOMCT2.OCX -> [2009/09/07 20:22:45 | 00,662,288 | ---- | C] (Microsoft Corporation)
MSMAPI32.OCX -> C:\Windows\SysWow64\MSMAPI32.OCX -> [2009/09/07 20:22:45 | 00,137,000 | ---- | C] (Microsoft Corporation)
MSMPIDE.DLL -> C:\Windows\SysWow64\MSMPIDE.DLL -> [2009/09/07 20:22:43 | 00,023,552 | ---- | C] (Microsoft Corporation)
PrimoPDF4 -> C:\Windows\PrimoPDF4 -> [2009/09/07 20:10:25 | 00,000,000 | ---D | C]
Cloanto -> C:\ProgramData\Cloanto -> [2009/08/20 18:18:31 | 00,000,000 | ---D | C]
Amiga Files -> C:\Users\Public\Documents\Amiga Files -> [2009/08/20 18:18:31 | 00,000,000 | ---D | C]
Anno 1404 -> C:\Users\Thiago\Documents\Anno 1404 -> [2009/07/27 23:08:19 | 00,000,000 | ---D | C]
Tages -> C:\ProgramData\Tages -> [2009/07/27 22:00:23 | 00,000,000 | ---D | C]
 
[Files/Folders - Modified Within 90 Days]
NTUSER.DAT -> C:\Users\Thiago\NTUSER.DAT -> [2009/10/15 23:01:36 | 04,718,592 | -HS- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2009/10/15 22:57:49 | 00,003,792 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2009/10/15 22:57:49 | 00,003,792 | -H-- | M] ()
nvModes.dat -> C:\ProgramData\nvModes.dat -> [2009/10/15 22:57:45 | 00,032,974 | ---- | M] ()
nvModes.001 -> C:\ProgramData\nvModes.001 -> [2009/10/15 22:57:44 | 00,032,974 | ---- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2009/10/15 22:57:31 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2009/10/15 22:57:19 | 00,067,584 | --S- | M] ()
NTUSER.DAT{e1cb11e6-4555-11de-9b03-001e8c0049bd}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Thiago\NTUSER.DAT{e1cb11e6-4555-11de-9b03-001e8c0049bd}.TMContainer00000000000000000001.regtrans-ms -> [2009/10/15 22:55:50 | 00,524,288 | -HS- | M] ()
NTUSER.DAT{e1cb11e6-4555-11de-9b03-001e8c0049bd}.TM.blf -> C:\Users\Thiago\NTUSER.DAT{e1cb11e6-4555-11de-9b03-001e8c0049bd}.TM.blf -> [2009/10/15 22:55:50 | 00,065,536 | -HS- | M] ()
IconCache.db -> C:\Users\Thiago\AppData\Local\IconCache.db -> [2009/10/15 22:55:48 | 03,303,328 | -H-- | M] ()
OTS.exe -> C:\Users\Thiago\Desktop\OTS.exe -> [2009/10/15 22:53:29 | 00,519,168 | ---- | M] (OldTimer Tools)
TFC.exe -> C:\Users\Thiago\Desktop\TFC.exe -> [2009/10/15 22:52:34 | 00,271,872 | ---- | M] (OldTimer Tools)
fm.exe - Atalho.lnk -> C:\Users\Thiago\Desktop\fm.exe - Atalho.lnk -> [2009/10/15 00:26:11 | 00,000,953 | ---- | M] ()
Ad-Aware Update (Weekly).job -> C:\Windows\tasks\Ad-Aware Update (Weekly).job -> [2009/10/14 23:52:15 | 00,000,514 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Thiago\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/10/14 21:37:00 | 00,091,648 | ---- | M] ()
BmLauncher.exe - Atalho.lnk -> C:\Users\Thiago\Desktop\BmLauncher.exe - Atalho.lnk -> [2009/10/14 21:36:26 | 00,000,761 | ---- | M] ()
btmaa_br[www.gamevicio.com.br].exe -> C:\Users\Thiago\Desktop\btmaa_br[www.gamevicio.com.br].exe -> [2009/10/10 11:37:33 | 00,713,591 | ---- | M] (GameVicio Brasil®)
content.rar -> C:\Users\Thiago\Desktop\content.rar -> [2009/10/10 11:22:27 | 27,927,8639 | ---- | M] ()
EliTriIP.exe -> C:\Users\Thiago\Desktop\EliTriIP.exe -> [2009/10/09 19:06:16 | 00,101,899 | ---- | M] (Satinfo S L)
EliStarA.exe -> C:\Users\Thiago\Desktop\EliStarA.exe -> [2009/10/09 19:05:57 | 00,615,435 | ---- | M] (Satinfo S L)
Thrustmaster_RGT_controller_setup_v1_0_by_radillion_snake.rar -> C:\Users\Thiago\Desktop\Thrustmaster_RGT_controller_setup_v1_0_by_radillion_snake.rar -> [2009/10/05 23:10:24 | 00,004,340 | ---- | M] ()
Thrustmaster_RGT_Pro_Setup_Andzl_v22_0_by_zlatinand.zip -> C:\Users\Thiago\Desktop\Thrustmaster_RGT_Pro_Setup_Andzl_v22_0_by_zlatinand.zip -> [2009/10/05 23:05:57 | 00,217,985 | ---- | M] ()
NewStrategyF1Time.xls -> C:\Users\Thiago\Desktop\NewStrategyF1Time.xls -> [2009/10/05 19:29:37 | 00,061,952 | ---- | M] ()
PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2009/10/04 15:45:11 | 01,444,766 | ---- | M] ()
prfh0416.dat -> C:\Windows\SysNative\prfh0416.dat -> [2009/10/04 15:45:11 | 00,634,024 | ---- | M] ()
perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2009/10/04 15:45:11 | 00,586,980 | ---- | M] ()
prfc0416.dat -> C:\Windows\SysNative\prfc0416.dat -> [2009/10/04 15:45:11 | 00,121,690 | ---- | M] ()
perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2009/10/04 15:45:11 | 00,101,052 | ---- | M] ()
MpSigStub.exe -> C:\Windows\SysNative\MpSigStub.exe -> [2009/10/01 10:29:14 | 00,238,960 | ---- | M] ()
shift.lnk -> C:\Users\Thiago\Desktop\shift.lnk -> [2009/09/29 14:21:49 | 00,000,633 | ---- | M] ()
Risen.lnk -> C:\Users\Thiago\Desktop\Risen.lnk -> [2009/09/29 14:21:37 | 00,000,632 | ---- | M] ()
d3d9caps64.dat -> C:\Users\Thiago\AppData\Local\d3d9caps64.dat -> [2009/09/29 00:03:40 | 00,000,732 | ---- | M] ()
sptd.sys -> C:\Windows\SysNative\drivers\sptd.sys -> [2009/09/29 00:01:24 | 00,871,408 | ---- | M] ()
d3d9caps.dat -> C:\Users\Thiago\AppData\Local\d3d9caps.dat -> [2009/09/28 23:49:06 | 00,000,680 | ---- | M] ()
B.A.A.Version.1.1.rar -> C:\Users\Thiago\Desktop\B.A.A.Version.1.1.rar -> [2009/09/28 21:50:41 | 00,324,270 | ---- | M] ()
Batman_Arkham_Asylum_-_Tutorial_Definitivo_(V.1.2).pdf -> C:\Users\Thiago\Desktop\Batman_Arkham_Asylum_-_Tutorial_Definitivo_(V.1.2).pdf -> [2009/09/28 21:46:18 | 00,589,578 | ---- | M] ()
d3d8caps.dat -> C:\Users\Thiago\AppData\Local\d3d8caps.dat -> [2009/09/23 12:22:16 | 00,000,552 | ---- | M] ()
serdit.exe -> C:\Windows\SysWow64\serdit.exe -> [2009/09/22 05:29:10 | 00,090,112 | ---- | M] (Microsoft Corporation)
GTR 2.lnk -> C:\Users\Thiago\Desktop\GTR 2.lnk -> [2009/09/18 20:01:13 | 00,000,553 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Users\Thiago\AppData\Local\GDIPFONTCACHEV1.DAT -> [2009/09/18 19:17:15 | 00,052,776 | ---- | M] ()
FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2009/09/18 19:10:50 | 00,245,040 | ---- | M] ()
.mjsync_pt_BR -> C:\Users\Thiago\.mjsync_pt_BR -> [2009/09/13 22:20:49 | 00,000,033 | ---- | M] ()
Championship Manager 2010.lnk -> C:\Users\Thiago\Desktop\Championship Manager 2010.lnk -> [2009/09/11 20:43:33 | 00,000,786 | ---- | M] ()
eidos_dlm_WMN3G-MYA7L-JW7T7-XX6WR.exe -> C:\Users\Thiago\Desktop\eidos_dlm_WMN3G-MYA7L-JW7T7-XX6WR.exe -> [2009/09/11 12:12:56 | 00,347,277 | ---- | M] (Eidos Interactive Limited)
mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2009/09/10 14:53:52 | 00,022,104 | ---- | M] ()
Apresentação.pdf -> C:\Users\Thiago\Desktop\Apresentação.pdf -> [2009/09/07 20:33:14 | 02,951,235 | ---- | M] ()
PrimoPDFSet.xml -> C:\Users\Thiago\AppData\Roaming\PrimoPDFSet.xml -> [2009/09/07 20:19:36 | 00,005,644 | ---- | M] ()
APUSet.xml -> C:\Users\Thiago\AppData\Roaming\APUSet.xml -> [2009/09/07 20:13:50 | 00,000,310 | ---- | M] ()
Patrocinio.pps -> C:\Users\Thiago\Desktop\Patrocinio.pps -> [2009/09/07 17:29:06 | 12,522,496 | ---- | M] ()
wrSpySweeperFullSweep.job -> C:\Windows\tasks\wrSpySweeperFullSweep.job -> [2009/09/04 12:19:43 | 00,001,542 | ---- | M] ()
material-de-apoio-schadek-radiex.pdf -> C:\Users\Thiago\Desktop\material-de-apoio-schadek-radiex.pdf -> [2009/08/25 21:54:16 | 02,374,827 | ---- | M] ()
baldur.exe - Atalho.lnk -> C:\Users\Thiago\Desktop\baldur.exe - Atalho.lnk -> [2009/08/17 18:58:17 | 00,000,588 | ---- | M] ()
nvcplui.exe -> C:\Windows\SysNative\nvcplui.exe -> [2009/08/17 02:39:50 | 03,778,080 | ---- | M] ()
nvcpl.cpl -> C:\Windows\SysNative\nvcpl.cpl -> [2009/08/17 02:39:50 | 00,410,656 | ---- | M] ()
nvsvs.dll -> C:\Windows\SysNative\nvsvs.dll -> [2009/08/17 02:39:46 | 01,685,024 | ---- | M] ()
nvvitvs.dll -> C:\Windows\SysNative\nvvitvs.dll -> [2009/08/17 02:39:34 | 04,548,128 | ---- | M] ()
nvwss.dll -> C:\Windows\SysNative\nvwss.dll -> [2009/08/17 02:39:34 | 03,747,360 | ---- | M] ()
nvmobls.dll -> C:\Windows\SysNative\nvmobls.dll -> [2009/08/17 02:39:34 | 01,649,184 | ---- | M] ()
nvcpl.dll -> C:\Windows\SysNative\nvcpl.dll -> [2009/08/17 02:39:32 | 16,561,184 | ---- | M] ()
nvdisps.dll -> C:\Windows\SysNative\nvdisps.dll -> [2009/08/17 02:39:32 | 05,412,384 | ---- | M] ()
nvgames.dll -> C:\Windows\SysNative\nvgames.dll -> [2009/08/17 02:39:32 | 05,209,632 | ---- | M] ()
nvsvc64.dll -> C:\Windows\SysNative\nvsvc64.dll -> [2009/08/17 02:39:32 | 00,882,208 | ---- | M] ()
nvvsvc.exe -> C:\Windows\SysNative\nvvsvc.exe -> [2009/08/17 02:39:32 | 00,383,008 | ---- | M] ()
nvmccss.dll -> C:\Windows\SysNative\nvmccss.dll -> [2009/08/17 02:39:32 | 00,289,824 | ---- | M] ()
NvApps.xml -> C:\Windows\SysNative\NvApps.xml -> [2009/08/17 02:39:32 | 00,249,312 | ---- | M] ()
nvshext.dll -> C:\Windows\SysNative\nvshext.dll -> [2009/08/17 02:39:32 | 00,238,080 | ---- | M] ()
nvmctray.dll -> C:\Windows\SysNative\nvmctray.dll -> [2009/08/17 02:39:32 | 00,082,464 | ---- | M] ()
NvwsApps.xml -> C:\Windows\SysNative\NvwsApps.xml -> [2009/08/17 02:39:32 | 00,066,834 | ---- | M] ()
nvoglv64.dll -> C:\Windows\SysNative\nvoglv64.dll -> [2009/08/17 00:57:00 | 15,007,744 | ---- | M] ()
nvlddmkm.sys -> C:\Windows\SysNative\drivers\nvlddmkm.sys -> [2009/08/17 00:57:00 | 11,313,312 | ---- | M] ()
nvd3dumx.dll -> C:\Windows\SysNative\nvd3dumx.dll -> [2009/08/17 00:57:00 | 09,380,352 | ---- | M] ()
nvwgf2umx.dll -> C:\Windows\SysNative\nvwgf2umx.dll -> [2009/08/17 00:57:00 | 04,583,936 | ---- | M] ()
nvcuda.dll -> C:\Windows\SysNative\nvcuda.dll -> [2009/08/17 00:57:00 | 02,619,392 | ---- | M] ()
nvcuvid.dll -> C:\Windows\SysNative\nvcuvid.dll -> [2009/08/17 00:57:00 | 02,258,976 | ---- | M] ()
nvcuvenc.dll -> C:\Windows\SysNative\nvcuvenc.dll -> [2009/08/17 00:57:00 | 01,723,424 | ---- | M] ()
nvapi64.dll -> C:\Windows\SysNative\nvapi64.dll -> [2009/08/17 00:57:00 | 01,292,800 | ---- | M] ()
nvudisp.exe -> C:\Windows\SysNative\nvudisp.exe -> [2009/08/17 00:57:00 | 00,541,216 | ---- | M] ()
nvcod162.dll -> C:\Windows\SysNative\nvcod162.dll -> [2009/08/17 00:57:00 | 00,173,568 | ---- | M] ()
nvcod.dll -> C:\Windows\SysNative\nvcod.dll -> [2009/08/17 00:57:00 | 00,173,568 | ---- | M] ()
nvBridge.kmd -> C:\Windows\SysNative\drivers\nvBridge.kmd -> [2009/08/17 00:57:00 | 00,011,168 | ---- | M] ()
nvdisp.nvu -> C:\Windows\SysNative\nvdisp.nvu -> [2009/08/17 00:57:00 | 00,010,744 | ---- | M] ()
traducaoBG2ToB.zip -> C:\Users\Thiago\Desktop\traducaoBG2ToB.zip -> [2009/08/15 12:45:53 | 05,603,477 | ---- | M] ()
NVUNINST.EXE -> C:\Windows\SysNative\NVUNINST.EXE -> [2009/08/11 12:35:14 | 00,541,216 | ---- | M] ()
PnkBstrB.xtr -> C:\Windows\SysWow64\PnkBstrB.xtr -> [2009/08/05 23:03:08 | 00,189,480 | ---- | M] ()
PnkBstrB.exe -> C:\Windows\SysWow64\PnkBstrB.exe -> [2009/08/05 23:03:08 | 00,189,480 | ---- | M] ()
Anno 1404.lnk -> C:\Users\Thiago\Desktop\Anno 1404.lnk -> [2009/07/27 22:00:15 | 00,000,578 | ---- | M] ()
atksgt.sys -> C:\Windows\SysNative\drivers\atksgt.sys -> [2009/07/27 19:50:29 | 00,314,016 | ---- | M] ()
lirsgt.sys -> C:\Windows\SysNative\drivers\lirsgt.sys -> [2009/07/27 19:50:27 | 00,043,680 | ---- | M] ()
f1time.xls -> C:\Users\Thiago\Desktop\f1time.xls -> [2009/07/17 23:05:04 | 00,107,520 | ---- | M] ()
 
[Files - No Company Name]
fm.exe - Atalho.lnk -> C:\Users\Thiago\Desktop\fm.exe - Atalho.lnk -> [2009/10/15 00:26:11 | 00,000,953 | ---- | C] ()
BmLauncher.exe - Atalho.lnk -> C:\Users\Thiago\Desktop\BmLauncher.exe - Atalho.lnk -> [2009/10/14 21:36:26 | 00,000,761 | ---- | C] ()
content.rar -> C:\Users\Thiago\Desktop\content.rar -> [2009/10/10 11:22:23 | 27,927,8639 | ---- | C] ()
IconCache.db -> C:\Users\Thiago\AppData\Local\IconCache.db -> [2009/10/10 00:48:59 | 03,303,328 | -H-- | C] ()
Thrustmaster_RGT_controller_setup_v1_0_by_radillion_snake.rar -> C:\Users\Thiago\Desktop\Thrustmaster_RGT_controller_setup_v1_0_by_radillion_snake.rar -> [2009/10/05 23:10:24 | 00,004,340 | ---- | C] ()
Thrustmaster_RGT_Pro_Setup_Andzl_v22_0_by_zlatinand.zip -> C:\Users\Thiago\Desktop\Thrustmaster_RGT_Pro_Setup_Andzl_v22_0_by_zlatinand.zip -> [2009/10/05 23:05:54 | 00,217,985 | ---- | C] ()
MpSigStub.exe -> C:\Windows\SysNative\MpSigStub.exe -> [2009/10/02 18:53:54 | 00,238,960 | ---- | C] ()
shift.lnk -> C:\Users\Thiago\Desktop\shift.lnk -> [2009/09/29 14:21:49 | 00,000,633 | ---- | C] ()
Risen.lnk -> C:\Users\Thiago\Desktop\Risen.lnk -> [2009/09/29 14:21:37 | 00,000,632 | ---- | C] ()
B.A.A.Version.1.1.rar -> C:\Users\Thiago\Desktop\B.A.A.Version.1.1.rar -> [2009/09/28 21:50:37 | 00,324,270 | ---- | C] ()
Batman_Arkham_Asylum_-_Tutorial_Definitivo_(V.1.2).pdf -> C:\Users\Thiago\Desktop\Batman_Arkham_Asylum_-_Tutorial_Definitivo_(V.1.2).pdf -> [2009/09/28 21:46:10 | 00,589,578 | ---- | C] ()
GTR 2.lnk -> C:\Users\Thiago\Desktop\GTR 2.lnk -> [2009/09/18 20:01:13 | 00,000,553 | ---- | C] ()
nvModes.001 -> C:\ProgramData\nvModes.001 -> [2009/09/15 21:28:45 | 00,032,974 | ---- | C] ()
nvModes.dat -> C:\ProgramData\nvModes.dat -> [2009/09/15 21:28:43 | 00,032,974 | ---- | C] ()
.mjsync_pt_BR -> C:\Users\Thiago\.mjsync_pt_BR -> [2009/09/13 22:20:49 | 00,000,033 | ---- | C] ()
Championship Manager 2010.lnk -> C:\Users\Thiago\Desktop\Championship Manager 2010.lnk -> [2009/09/11 20:43:33 | 00,000,786 | ---- | C] ()
dd_NET_Framework35_LangPack_MSI6C24.txt -> C:\Users\Thiago\AppData\Local\dd_NET_Framework35_LangPack_MSI6C24.txt -> [2009/09/11 13:53:48 | 01,236,578 | ---- | C] ()
dd_NET_Framework35_x64_MSI66C5.txt -> C:\Users\Thiago\AppData\Local\dd_NET_Framework35_x64_MSI66C5.txt -> [2009/09/11 13:46:47 | 03,065,148 | ---- | C] ()
infocardcpl.cpl -> C:\Windows\SysNative\infocardcpl.cpl -> [2009/09/11 13:44:01 | 00,049,160 | ---- | C] ()
icardres.dll -> C:\Windows\SysNative\icardres.dll -> [2009/09/11 13:43:53 | 00,011,264 | ---- | C] ()
PresentationHostProxy.dll -> C:\Windows\SysNative\PresentationHostProxy.dll -> [2009/09/11 13:43:52 | 00,052,760 | ---- | C] ()
icardagt.exe -> C:\Windows\SysNative\icardagt.exe -> [2009/09/11 13:43:51 | 01,383,936 | ---- | C] ()
PresentationNative_v0300.dll -> C:\Windows\SysNative\PresentationNative_v0300.dll -> [2009/09/11 13:43:51 | 01,168,928 | ---- | C] ()
infocardapi.dll -> C:\Windows\SysNative\infocardapi.dll -> [2009/09/11 13:43:51 | 00,167,432 | ---- | C] ()
PresentationCFFRasterizerNative_v0300.dll -> C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll -> [2009/09/11 13:43:45 | 00,126,520 | ---- | C] ()
PresentationHost.exe -> C:\Windows\SysNative\PresentationHost.exe -> [2009/09/11 13:43:43 | 00,357,904 | ---- | C] ()
netfxperf.dll -> C:\Windows\SysNative\netfxperf.dll -> [2009/09/11 13:37:08 | 00,013,824 | ---- | C] ()
dfshim.dll -> C:\Windows\SysNative\dfshim.dll -> [2009/09/11 13:36:55 | 00,112,120 | ---- | C] ()
mscoree.dll -> C:\Windows\SysNative\mscoree.dll -> [2009/09/11 13:36:44 | 00,406,528 | ---- | C] ()
mscorier.dll -> C:\Windows\SysNative\mscorier.dll -> [2009/09/11 13:36:36 | 00,158,208 | ---- | C] ()
mscories.dll -> C:\Windows\SysNative\mscories.dll -> [2009/09/11 13:36:33 | 00,076,288 | ---- | C] ()
Apresentação.pdf -> C:\Users\Thiago\Desktop\Apresentação.pdf -> [2009/09/07 20:33:05 | 02,951,235 | ---- | C] ()
pdfcmnnt.dll -> C:\Windows\SysNative\pdfcmnnt.dll -> [2009/09/07 20:22:45 | 00,087,040 | ---- | C] ()
APUSet.xml -> C:\Users\Thiago\AppData\Roaming\APUSet.xml -> [2009/09/07 20:11:58 | 00,000,310 | ---- | C] ()
PrimoPDFSet.xml -> C:\Users\Thiago\AppData\Roaming\PrimoPDFSet.xml -> [2009/09/07 20:11:54 | 00,005,644 | ---- | C] ()
Primomonnt.dll -> C:\Windows\SysNative\Primomonnt.dll -> [2009/09/07 20:10:32 | 00,090,624 | ---- | C] ()
material-de-apoio-schadek-radiex.pdf -> C:\Users\Thiago\Desktop\material-de-apoio-schadek-radiex.pdf -> [2009/08/25 21:54:16 | 02,374,827 | ---- | C] ()
baldur.exe - Atalho.lnk -> C:\Users\Thiago\Desktop\baldur.exe - Atalho.lnk -> [2009/08/17 18:58:17 | 00,000,588 | ---- | C] ()
nvcplui.exe -> C:\Windows\SysNative\nvcplui.exe -> [2009/08/17 02:39:50 | 03,778,080 | ---- | C] ()
nvcpl.cpl -> C:\Windows\SysNative\nvcpl.cpl -> [2009/08/17 02:39:50 | 00,410,656 | ---- | C] ()
nvsvs.dll -> C:\Windows\SysNative\nvsvs.dll -> [2009/08/17 02:39:46 | 01,685,024 | ---- | C] ()
nvvitvs.dll -> C:\Windows\SysNative\nvvitvs.dll -> [2009/08/17 02:39:34 | 04,548,128 | ---- | C] ()
nvwss.dll -> C:\Windows\SysNative\nvwss.dll -> [2009/08/17 02:39:34 | 03,747,360 | ---- | C] ()
nvmobls.dll -> C:\Windows\SysNative\nvmobls.dll -> [2009/08/17 02:39:34 | 01,649,184 | ---- | C] ()
nvcpl.dll -> C:\Windows\SysNative\nvcpl.dll -> [2009/08/17 02:39:32 | 16,561,184 | ---- | C] ()
nvdisps.dll -> C:\Windows\SysNative\nvdisps.dll -> [2009/08/17 02:39:32 | 05,412,384 | ---- | C] ()
nvgames.dll -> C:\Windows\SysNative\nvgames.dll -> [2009/08/17 02:39:32 | 05,209,632 | ---- | C] ()
nvsvc64.dll -> C:\Windows\SysNative\nvsvc64.dll -> [2009/08/17 02:39:32 | 00,882,208 | ---- | C] ()
nvvsvc.exe -> C:\Windows\SysNative\nvvsvc.exe -> [2009/08/17 02:39:32 | 00,383,008 | ---- | C] ()
nvmccss.dll -> C:\Windows\SysNative\nvmccss.dll -> [2009/08/17 02:39:32 | 00,289,824 | ---- | C] ()
NvApps.xml -> C:\Windows\SysNative\NvApps.xml -> [2009/08/17 02:39:32 | 00,249,312 | ---- | C] ()
nvshext.dll -> C:\Windows\SysNative\nvshext.dll -> [2009/08/17 02:39:32 | 00,238,080 | ---- | C] ()
nvmctray.dll -> C:\Windows\SysNative\nvmctray.dll -> [2009/08/17 02:39:32 | 00,082,464 | ---- | C] ()
NvwsApps.xml -> C:\Windows\SysNative\NvwsApps.xml -> [2009/08/17 02:39:32 | 00,066,834 | ---- | C] ()
nvoglv64.dll -> C:\Windows\SysNative\nvoglv64.dll -> [2009/08/17 00:57:00 | 15,007,744 | ---- | C] ()
nvlddmkm.sys -> C:\Windows\SysNative\drivers\nvlddmkm.sys -> [2009/08/17 00:57:00 | 11,313,312 | ---- | C] ()
nvd3dumx.dll -> C:\Windows\SysNative\nvd3dumx.dll -> [2009/08/17 00:57:00 | 09,380,352 | ---- | C] ()
nvwgf2umx.dll -> C:\Windows\SysNative\nvwgf2umx.dll -> [2009/08/17 00:57:00 | 04,583,936 | ---- | C] ()
nvcuda.dll -> C:\Windows\SysNative\nvcuda.dll -> [2009/08/17 00:57:00 | 02,619,392 | ---- | C] ()
nvcuvid.dll -> C:\Windows\SysNative\nvcuvid.dll -> [2009/08/17 00:57:00 | 02,258,976 | ---- | C] ()
nvcuvenc.dll -> C:\Windows\SysNative\nvcuvenc.dll -> [2009/08/17 00:57:00 | 01,723,424 | ---- | C] ()
nvudisp.exe -> C:\Windows\SysNative\nvudisp.exe -> [2009/08/17 00:57:00 | 00,541,216 | ---- | C] ()
nvcod162.dll -> C:\Windows\SysNative\nvcod162.dll -> [2009/08/17 00:57:00 | 00,173,568 | ---- | C] ()
nvcod.dll -> C:\Windows\SysNative\nvcod.dll -> [2009/08/17 00:57:00 | 00,173,568 | ---- | C] ()
nvBridge.kmd -> C:\Windows\SysNative\drivers\nvBridge.kmd -> [2009/08/17 00:57:00 | 00,011,168 | ---- | C] ()
nvdisp.nvu -> C:\Windows\SysNative\nvdisp.nvu -> [2009/08/17 00:57:00 | 00,010,744 | ---- | C] ()
traducaoBG2ToB.zip -> C:\Users\Thiago\Desktop\traducaoBG2ToB.zip -> [2009/08/15 12:45:53 | 05,603,477 | ---- | C] ()
NewStrategyF1Time.xls -> C:\Users\Thiago\Desktop\NewStrategyF1Time.xls -> [2009/07/28 21:23:48 | 00,061,952 | ---- | C] ()
Anno 1404.lnk -> C:\Users\Thiago\Desktop\Anno 1404.lnk -> [2009/07/27 22:00:15 | 00,000,578 | ---- | C] ()
atksgt.sys -> C:\Windows\SysNative\drivers\atksgt.sys -> [2009/07/27 19:50:29 | 00,314,016 | ---- | C] ()
lirsgt.sys -> C:\Windows\SysNative\drivers\lirsgt.sys -> [2009/07/27 19:50:27 | 00,043,680 | ---- | C] ()
mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2009/07/21 19:51:35 | 00,022,104 | ---- | C] ()
xlive.dll.cat -> C:\Windows\SysWow64\xlive.dll.cat -> [2009/07/14 17:15:00 | 00,178,432 | ---- | C] ()
dd_NET_Framework35_LangPack_MSI702B.txt -> C:\Users\Thiago\AppData\Local\dd_NET_Framework35_LangPack_MSI702B.txt -> [2009/04/20 10:55:02 | 00,612,008 | ---- | C] ()
dd_dotnetfx35install_lp.txt -> C:\Users\Thiago\AppData\Local\dd_dotnetfx35install_lp.txt -> [2009/04/20 10:54:41 | 00,170,202 | ---- | C] ()
dd_dotnetfx35error_lp.txt -> C:\Users\Thiago\AppData\Local\dd_dotnetfx35error_lp.txt -> [2009/04/20 10:54:41 | 00,000,002 | ---- | C] ()
dd_NET_Framework35_x64_MSI6EF8.txt -> C:\Users\Thiago\AppData\Local\dd_NET_Framework35_x64_MSI6EF8.txt -> [2009/04/20 10:53:29 | 01,864,692 | ---- | C] ()
dd_depcheck_NETFX_EXP_35.txt -> C:\Users\Thiago\AppData\Local\dd_depcheck_NETFX_EXP_35.txt -> [2009/04/20 10:52:00 | 00,447,345 | ---- | C] ()
dd_dotnetfx35install.txt -> C:\Users\Thiago\AppData\Local\dd_dotnetfx35install.txt -> [2009/04/20 10:51:48 | 00,366,034 | ---- | C] ()
dd_dotnetfx35error.txt -> C:\Users\Thiago\AppData\Local\dd_dotnetfx35error.txt -> [2009/04/20 10:51:48 | 00,000,002 | ---- | C] ()
dd_depcheckdotnetfx30.txt -> C:\Users\Thiago\AppData\Local\dd_depcheckdotnetfx30.txt -> [2009/03/07 10:58:10 | 00,028,137 | ---- | C] ()
uxeventlog.txt -> C:\Users\Thiago\AppData\Local\uxeventlog.txt -> [2009/03/07 10:58:06 | 00,006,496 | ---- | C] ()
dd_dotnetfx3error.txt -> C:\Users\Thiago\AppData\Local\dd_dotnetfx3error.txt -> [2009/03/07 10:58:06 | 00,000,632 | ---- | C] ()
dd_dotnetfx3install.txt -> C:\Users\Thiago\AppData\Local\dd_dotnetfx3install.txt -> [2009/03/07 10:58:05 | 00,031,918 | ---- | C] ()
mfc45.dll -> C:\Windows\SysWow64\mfc45.dll -> [2009/02/06 19:07:21 | 00,000,000 | ---- | C] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Thiago\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/01/08 11:45:56 | 00,091,648 | ---- | C] ()
unleashed.nfo -> C:\Users\Thiago\AppData\Local\unleashed.nfo -> [2008/11/24 20:29:20 | 00,002,485 | ---- | C] ()
disney.ini -> C:\Windows\disney.ini -> [2008/10/07 19:29:54 | 00,000,109 | ---- | C] ()
physxcudart_20.dll -> C:\Windows\SysWow64\physxcudart_20.dll -> [2008/10/07 08:13:30 | 00,197,912 | ---- | C] ()
AgCPanelTraditionalChinese.dll -> C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll -> [2008/10/07 08:13:22 | 00,058,648 | ---- | C] ()
AgCPanelSwedish.dll -> C:\Windows\SysWow64\AgCPanelSwedish.dll -> [2008/10/07 08:13:20 | 00,058,648 | ---- | C] ()
AgCPanelSpanish.dll -> C:\Windows\SysWow64\AgCPanelSpanish.dll -> [2008/10/07 08:13:20 | 00,058,648 | ---- | C] ()
AgCPanelSimplifiedChinese.dll -> C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll -> [2008/10/07 08:13:20 | 00,058,648 | ---- | C] ()
AgCPanelPortugese.dll -> C:\Windows\SysWow64\AgCPanelPortugese.dll -> [2008/10/07 08:13:20 | 00,058,648 | ---- | C] ()
AgCPanelKorean.dll -> C:\Windows\SysWow64\AgCPanelKorean.dll -> [2008/10/07 08:13:20 | 00,058,648 | ---- | C] ()
AgCPanelJapanese.dll -> C:\Windows\SysWow64\AgCPanelJapanese.dll -> [2008/10/07 08:13:20 | 00,058,648 | ---- | C] ()
AgCPanelGerman.dll -> C:\Windows\SysWow64\AgCPanelGerman.dll -> [2008/10/07 08:13:20 | 00,058,648 | ---- | C] ()
AgCPanelFrench.dll -> C:\Windows\SysWow64\AgCPanelFrench.dll -> [2008/10/07 08:13:20 | 00,058,648 | ---- | C] ()
BASSMOD.dll -> C:\Windows\SysWow64\BASSMOD.dll -> [2008/10/05 17:30:47 | 00,009,728 | ---- | C] ()
d3d9caps.dat -> C:\Users\Thiago\AppData\Local\d3d9caps.dat -> [2008/08/13 19:11:52 | 00,000,680 | ---- | C] ()
d3d8caps.dat -> C:\Users\Thiago\AppData\Local\d3d8caps.dat -> [2008/08/12 12:30:59 | 00,000,552 | ---- | C] ()
wrLZMA.dll -> C:\Windows\SysWow64\wrLZMA.dll -> [2008/08/09 14:42:08 | 00,031,080 | ---- | C] ()
Ascd_log.ini -> C:\Windows\Ascd_log.ini -> [2008/07/17 21:56:24 | 00,023,380 | ---- | C] ()
Ascd_tmp.ini -> C:\Windows\Ascd_tmp.ini -> [2008/07/17 21:55:42 | 00,023,070 | ---- | C] ()
GDIPFONTCACHEV1.DAT -> C:\Users\Thiago\AppData\Local\GDIPFONTCACHEV1.DAT -> [2008/07/17 21:44:30 | 00,052,776 | ---- | C] ()
d3d9caps64.dat -> C:\Users\Thiago\AppData\Local\d3d9caps64.dat -> [2008/07/17 21:44:08 | 00,000,732 | ---- | C] ()
tcpmon.ini -> C:\Windows\SysWow64\tcpmon.ini -> [2008/01/20 23:49:10 | 00,060,124 | ---- | C] ()
msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2008/01/20 23:48:56 | 00,368,640 | ---- | C] ()
ASUSHWIO.SYS -> C:\Windows\SysWow64\drivers\ASUSHWIO.SYS -> [2007/08/01 00:39:28 | 00,012,536 | ---- | C] ()
desktop.ini -> C:\Program Files\desktop.ini -> [2006/11/02 12:24:55 | 00,000,174 | -HS- | C] ()
desktop.ini -> C:\Program Files (x86)\desktop.ini -> [2006/11/02 12:24:55 | 00,000,174 | -HS- | C] ()
win.ini -> C:\Windows\win.ini -> [2006/11/02 09:34:27 | 00,000,256 | ---- | C] ()
system.ini -> C:\Windows\system.ini -> [2006/11/02 09:34:27 | 00,000,219 | ---- | C] ()
xvidvfw.dll -> C:\Windows\SysWow64\xvidvfw.dll -> [2006/02/25 08:12:34 | 00,180,224 | ---- | C] ()
xvidcore.dll -> C:\Windows\SysWow64\xvidcore.dll -> [2006/02/25 08:09:38 | 00,774,144 | ---- | C] ()
MMSwitch.dll -> C:\Windows\SysWow64\MMSwitch.dll -> [2002/11/15 10:11:28 | 00,077,824 | ---- | C] ()
OggDS.dll -> C:\Windows\SysWow64\OggDS.dll -> [2002/10/06 16:42:58 | 00,237,568 | ---- | C] ()
vorbisenc.dll -> C:\Windows\SysWow64\vorbisenc.dll -> [2002/10/04 21:04:26 | 00,921,600 | ---- | C] ()
VORBIS.DLL -> C:\Windows\SysWow64\VORBIS.DLL -> [2002/10/04 21:04:26 | 00,188,416 | ---- | C] ()
OGG.DLL -> C:\Windows\SysWow64\OGG.DLL -> [2002/10/04 21:04:18 | 00,045,056 | ---- | C] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF
< End of report >
 
caraksssss

obrigado mano

baixei o kaspersky rescue disco do pc da minha irma e gravei num cd, rodei ele aqui e removeu 48 virus oO

agora to conseguindo baixar tudo novamente mas o pc ta bem lento ainda

vlw msm

sera que pode continuar me ajudando???

esse é meu log do hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:36:20, on 16/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\cFosSpeed\spd.exe
C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe
C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Arquivos de programas\Microsoft Security Essentials\msseces.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\gustavo\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\g.exe.sys
C:\uh.exe.sys
C:\o.exe.sys
C:\Arquivos de programas\Microsoft Office\OFFICE11\OISS.EXE
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Windows.exe.sys
C:\WINDOWS\system32\svchost.exe.f
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\gustavo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\gustavo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.semptoshiba.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)
O4 - HKLM\..\Run: [cFosSpeed] "C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe"
O4 - HKLM\..\Run: [DFFF] "C:\WINDOWS\SYSTEM\GnSpeed.DRV"
O4 - HKLM\..\Run: [HForTeen] "C:\WINDOWS\SYSTEM\OLE.DRV"
O4 - HKLM\..\Run: [AboutSystem] "C:\WINDOWS\SYSTEM\OLA.DRV"
O4 - HKLM\..\Run: [g.exe] "C:\WINDOWS\SYSTEM\LLLLL.DLL"
O4 - HKLM\..\Run: [Bubbles] "C:\Arquivos de programas\Bubbles\Bubbles.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSSE] "C:\Arquivos de programas\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\gustavo\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.semptoshiba.com.br
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.Microsoft.com/windowsupd...b?1235961766753
O17 - HKLM\System\CCS\Services\Tcpip\..\{583B7BB4-D3F5-4863-A96A-35C6C8C091EB}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{583B7BB4-D3F5-4863-A96A-35C6C8C091EB}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{583B7BB4-D3F5-4863-A96A-35C6C8C091EB}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS3\Services\Tcpip\..\{583B7BB4-D3F5-4863-A96A-35C6C8C091EB}: NameServer = 208.67.222.222,208.67.220.220
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: Avira AntiVir Personal - Free antivírus Scheduler (AntiVirScheduler) - Unknown owner - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Arquivos de programas\cFosSpeed\spd.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 7331 bytes
 
Olá pessoal, boa tarde!


tfarina disse:
Até você fazer com que o sistema fique sem o Vundo, que tipo de operação seria melhor eu evitar fazer? O que esse Vundo faz??
Clique para expandir...
Na verdade não há muito o que evitar, tfarina. Rootkits possuem o controle total do sistema, isto é, podem fazer qualquer tipo de operação maléfica na máquina. Não precisa nem mesmo ter um acesso à Internet para tal. Já o Vundo, quando está como variante de um Rootkit, possui a principal função de criar/recriar DLLs maliciosas a cada reboot do computador.

Poste um log do HijackThis tfarina.

_____________________________________


andrei_gustavo82, abra o HijackThis. Clique em Open The Misc Tools Section > Open ADS Spy e clique em Scan.
Ao término do scan, selecione todos os itens que possuem a seguinte extensão: .exe.sys e .exe.f. Por exemplo: arquivo.exe.sys | arquivo.exe.f.
Clique no botão Remove Selected. Feche o HijackThis.

Baixe o arquivo que anexei ao final do meu post (SUS_Fix) e extraia-o em C:\.
Dê um duplo clique em SUS_Fix.exe e aguarde.
Ao término da execução, pressione as teclas: R + Enter + Enter.

Reinicie o computador e poste um novo log do HijackThis.
 

Attachments

  • SUS_Fix.zip
    197.5 KB · Visitas: 49
certo

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:21:43, on 16/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\cFosSpeed\spd.exe
C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe
C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Microsoft Security Essentials\msseces.exe
C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Microsoft Office\OFFICE11\OISS.EXE
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\gustavo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\gustavo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.semptoshiba.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.d ll
O3 - Toolbar: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)
O4 - HKLM\..\Run: [cFosSpeed] "C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe"
O4 - HKLM\..\Run: [DFFF] "C:\WINDOWS\SYSTEM\GnSpeed.DRV"
O4 - HKLM\..\Run: [HForTeen] "C:\WINDOWS\SYSTEM\OLE.DRV"
O4 - HKLM\..\Run: [AboutSystem] "C:\WINDOWS\SYSTEM\OLA.DRV"
O4 - HKLM\..\Run: [g.exe] "C:\WINDOWS\SYSTEM\LLLLL.DLL"
O4 - HKLM\..\Run: [Bubbles] "C:\Arquivos de programas\Bubbles\Bubbles.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSSE] "C:\Arquivos de programas\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\gustavo\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.semptoshiba.com.br
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.Microsoft.com/wind...?1235961766753
O17 - HKLM\System\CCS\Services\Tcpip\..\{583B7BB4-D3F5-4863-A96A-35C6C8C091EB}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{583B7BB4-D3F5-4863-A96A-35C6C8C091EB}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{583B7BB4-D3F5-4863-A96A-35C6C8C091EB}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS3\Services\Tcpip\..\{583B7BB4-D3F5-4863-A96A-35C6C8C091EB}: NameServer = 208.67.222.222,208.67.220.220
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: Avira AntiVir Personal - Free antivírus Scheduler (AntiVirScheduler) - Unknown owner - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Arquivos de programas\cFosSpeed\spd.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 7010 bytes
 
- Baixe o FileASSASSIN e instale o programa normalmente.

- Execute o programa e selecione a opção "Delete file".
- Na caixa em branco, cole este caminho: C:\Arquivos de programas\Microsoft Office\OFFICE11\OISS.EXE
- Clique no botão Execute e clique em OK na mensagem.
- Veja abaixo no spoiler uma imagem de demonstração:

wsvgw4.jpg
- Baixe o AdminFix e salve no desktop.
- Dê um duplo clique no arquivo e aguarde a execução da ferramenta.
- Ao término, clique em OK para fechar a janela.

Reinicie o computador e poste um novo log do HijackThis.
 
quando cliquei em execute com o fileassassin deu uma mensagem de imagem incorreta ou algo do tipo, dai clique em continue fiz mal?? só depois que apareceu a mensagem de ok.

o adminfix executou de boa

e esse é o novo log segue ae

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:24:39, on 16/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\cFosSpeed\spd.exe
C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe
C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Clip2Net\clip2net.exe
C:\Arquivos de programas\Microsoft Security Essentials\msseces.exe
C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
C:\Arquivos de programas\Windows Media Player\wmplayer.exe
C:\Documents and Settings\gustavo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\gustavo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.semptoshiba.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.d ll
O3 - Toolbar: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)
O4 - HKLM\..\Run: [cFosSpeed] "C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe"
O4 - HKLM\..\Run: [DFFF] "C:\WINDOWS\SYSTEM\GnSpeed.DRV"
O4 - HKLM\..\Run: [Bubbles] "C:\Arquivos de programas\Bubbles\Bubbles.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSSE] "C:\Arquivos de programas\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\gustavo\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.semptoshiba.com.br
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.Microsoft.com/wind...?1235961766753
O17 - HKLM\System\CCS\Services\Tcpip\..\{583B7BB4-D3F5-4863-A96A-35C6C8C091EB}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{583B7BB4-D3F5-4863-A96A-35C6C8C091EB}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{583B7BB4-D3F5-4863-A96A-35C6C8C091EB}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS3\Services\Tcpip\..\{583B7BB4-D3F5-4863-A96A-35C6C8C091EB}: NameServer = 208.67.222.222,208.67.220.220
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: Avira AntiVir Personal - Free antivírus Scheduler (AntiVirScheduler) - Unknown owner - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Arquivos de programas\cFosSpeed\spd.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6947 bytes
 
Você deve fazer login ou se registrar para responder aqui.

Users who are viewing this thread

Total: 2 (membros: 0, visitantes: 2)
Voltar
Topo