Remoção de vírus

[Mr.Wolf]

Boa tarde à todos!



lta075, log limpo.

_______________________________


brunobyof, siga abaixo:

Spoiler

- Faça o download do RSIT e salve no seu desktop;

● Dê dois cliques em RSIT.exe para executar o programa;
● Na janela que abrir clique no botão Continue para que a ferramenta comece a rodar;
● Quando a ferramenta terminar de rodar, abrirá um log automaticamente no bloco de notas contendo o resultado do scan. Cole o resultado desse log (log.txt) na sua próxima resposta;
● Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt.

_______________________________


Talles TE3, coloque o mouse sob processo svchost.exe no ProcessExplorer. Aparecerá uma pop-up informando-o sobre os serviços carregados pelo arquivo.

_______________________________


didifpg, conectou o pen drive no computador antes de usar a ferramenta?

_______________________________


diegops, renomeie o HijackThis para smss.exe e tente executá-lo novamente.

Se ainda assim não conseguir, siga abaixo:

Spoiler

Baixe o SysProt Anti-Rootkit e salve no desktop.

Extraia o arquivo no desktop e execute o arquivo SysProt.exe.
Clique na aba "Log", e em Write to log, marque todos os itens conforme a imagem abaixo:

No canto inferior direito, clique no botão

Quando aparecer uma outra janela, marque a opção "Scan all drives" e clique em Start. Aguarde o scan!
Ao término, clique em OK na mensagem final.
O log SysProtLog.txt se encontrará dentro da pasta da ferramenta.

Copie e cole este log em sua próxima resposta.

_______________________________


karolz, instale, atualize e rode uma verificação completa com o MBAM. Quando ele encontrar as infecções, remova todas.

Ao término, siga abaixo:

Spoiler

Faça o download do OTL e salve-o no desktop;

● Dê um duplo clique em OTL.exe para executá-lo;
● Marque as opções: Scan All Users e Minimal Output. No item "File Age" coloque a opção 90 Days;
● Clique no botão

e aguarde o scan;
● Dois logs serão abertos no Bloco de Notas:

- OTL.Txt <- este será aberto
- Extras.Txt <- este estará minimizado

Eles também estão salvos no desktop. Cole-os em sua próxima resposta, juntamente com o log do Malwarebytes.

_______________________________


GuiVermelho, desinstale o DAEMON Tools Toolbar pelo Adicionar ou Remover programas.

No mais, nada errado no log.

_______________________________


Johnn Y, siga abaixo:

Spoiler

- Faça o download do ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Duplo clique no ícone combofix.exe para iniciar o scan;
● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.

Cole este log em sua próxima resposta.

_______________________________


qeuzinha, o log está ok.

Verifique se o problema não é físico: memória, cooler (olhe a temperatura da máquina), fonte, etc...

Quanto ao computador estar demorando para carregar... você possui muitos itens desnecessários inicializando com o sistema. Vá em Iniciar > Executar > msconfig > Inicializar e desmarque todos os itens, menos seu antivirus (Avast!) e o firewall (Outpost). Veja se continuará demorando para carregar.

_______________________________


Rukasu94, logs limpos. Não entendi o motivo do uso do ComboFix. Ele não deve ser utiliado como um programa qualquer de segurança. Somente em casos específicos.

_______________________________


danielfreitas, log limpo.

 

[Mr.Wolf]

Alguém que usa o Kaspersky 2010 sabe como limpa esses dados ?

Tudo que for .exe e é executado, ele manda para essa lista, sendo ou não vírus. Eu liberei os programas que eu sei que são confiáveis, como o MSN hehe. Agora eu quero limpar, deixar em 0 para ter mais controle dos dados que aparecem sem eu ver.

Opa amigo sonny, estou no computador do serviço, que é Linux, então não poderei lhe dizer com certeza! Mas tente o seguinte:

Abra o Kaspersky e clique em Settings > Reports and Storages. Clique no botão "Clear", marque as opções presentes na janela e clique em OK > OK.

Veja se é realmente isso. Caso não for, quando chegar em casa, instalo o KAS 2010 na máquina virtual, verifico corretamente a amanhã lhe dou uma posição mais concreta. :thumbs_up

 

[sonny]

Opa amigo sonny, estou no computador do serviço, que é Linux, então não poderei lhe dizer com certeza! Mas tente o seguinte:

Abra o Kaspersky e clique em Settings > Reports and Storages. Clique no botão "Clear", marque as opções presentes na janela e clique em OK > OK.

Veja se é realmente isso. Caso não for, quando chegar em casa, instalo o KAS 2010 na máquina virtual, verifico corretamente a amanhã lhe dou uma posição mais concreta. :thumbs_up

Opa, e aí Mr.Wolf... como vai ?

Então... eu fiz isso, alias... eu tentei de tudo e não zerou. Engraçado que nas versões anteriores tinha como zerar esses dados, que na verdade é o correto.

Eu tentei achar alguma coisa na internet também e nada. Muito estranho os dados ficarem fixos lá e não poder tirar.

 

[didifpg]

Olá Mr. Wolf.

Sim, conectei o pendrive no computador antes de usar o programa...

Além disso, descobri que o problema nao está no pendrive, e sim no computador.

ele nao esta deixando que seja gravado nada nos pendrives, que abrem normalmente em outra máquina... o que fazer?

 

[brunobyof]

brunobyof, siga abaixo:

Spoiler

- Faça o download do RSIT e salve no seu desktop;

● Dê dois cliques em RSIT.exe para executar o programa;
● Na janela que abrir clique no botão Continue para que a ferramenta comece a rodar;
● Quando a ferramenta terminar de rodar, abrirá um log automaticamente no bloco de notas contendo o resultado do scan. Cole o resultado desse log (log.txt) na sua próxima resposta;
● Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt.

_______________________________

Aqui tá o Log do RSIT:

Spoiler

Logfile of random's system information tool 1.06 (written by random/random)
Run by bruno at 2009-10-27 20:21:50
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 10 GB (25%) free of 38 GB
Total RAM: 4094 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:21:51, on 27/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAP\DAP.exe
E:\Samsung2233RZ\NaturalColor\NCProTray.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
E:\Avast\ashDisp.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
E:\Fraps\fraps.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\bruno\Desktop\RSIT.exe
E:\Hijackthis\bruno.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Windows\SysWow64\scpsssh2.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"
O4 - HKLM\..\Run: [avast!] E:\Avast\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "E:\Malwarebytes\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Serviço de estado do ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Avast\ashWebSv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - E:\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files (x86)\Scpad\scpVista.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8095 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Crysis Wars(R) Updates.job
C:\Windows\tasks\User_Feed_Synchronization-{F0E25F70-33AB-4B53-AC10-5E1370D333C7}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E3C3651-B19C-4DD9-A979-901EC3E930AF}]
ssh2 Class - C:\Windows\SysWow64\scpsssh2.dll [2007-12-12 214272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Auxiliar de Conexão do Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [2007-08-28 1282048]
"SoundTray"=C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe [2007-08-02 53248]
"avast!"=E:\Avast\ashDisp.exe [2009-09-15 81000]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"=E:\Malwarebytes\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 138240]
"DownloadAccelerator"=C:\Program Files (x86)\DAP\DAP.EXE [2009-09-17 3061248]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
NCProTray.lnk - E:\Samsung2233RZ\NaturalColor\NCProTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll [2009-08-22 202032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll [2009-08-22 202032]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"ForceActiveDesktopOn"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"E:\BitTorrent\bittorrent.exe"="E:\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7a982e7-b0e8-11de-971a-001fc6e9614f}]
shell\AutoRun\command - H:\HONEY\MOON\DRG.exe
shell\open\command - H:\HONEY\MOON\DRG.exe


======File associations======

.js - edit - C:\Windows\SysWOW64\Notepad.exe %1
.js - open - C:\Windows\SysWOW64\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2009-10-27 20:21:50 ----D---- C:\rsit
2009-10-23 19:06:12 ----D---- C:\Users\bruno\AppData\Roaming\Malwarebytes
2009-10-23 19:06:07 ----D---- C:\ProgramData\Malwarebytes
2009-10-23 19:01:54 ----D---- C:\32788R22FWJFW
2009-10-23 19:00:35 ----A---- C:\Bug.txt
2009-10-15 20:36:43 ----A---- C:\Windows\system32\mshtml.dll
2009-10-15 20:36:41 ----A---- C:\Windows\system32\ieframe.dll
2009-10-15 20:36:40 ----A---- C:\Windows\system32\wininet.dll
2009-10-15 20:36:40 ----A---- C:\Windows\system32\urlmon.dll
2009-10-15 20:36:40 ----A---- C:\Windows\system32\iertutil.dll
2009-10-15 20:36:39 ----A---- C:\Windows\system32\occache.dll
2009-10-15 20:36:38 ----A---- C:\Windows\system32\msfeedssync.exe
2009-10-15 20:36:38 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-10-15 20:36:38 ----A---- C:\Windows\system32\msfeeds.dll
2009-10-15 20:36:38 ----A---- C:\Windows\system32\jsproxy.dll
2009-10-15 20:36:38 ----A---- C:\Windows\system32\ieUnatt.exe
2009-10-15 20:36:38 ----A---- C:\Windows\system32\ieui.dll
2009-10-15 20:36:38 ----A---- C:\Windows\system32\iesysprep.dll
2009-10-15 20:36:38 ----A---- C:\Windows\system32\iepeers.dll
2009-10-15 20:36:38 ----A---- C:\Windows\system32\iedkcs32.dll
2009-10-15 20:36:38 ----A---- C:\Windows\system32\ie4uinit.exe
2009-10-15 20:36:37 ----A---- C:\Windows\system32\iesetup.dll
2009-10-15 20:36:37 ----A---- C:\Windows\system32\iernonce.dll
2009-10-15 20:35:48 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2009-10-15 20:35:47 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-15 20:34:01 ----A---- C:\Windows\system32\msasn1.dll
2009-10-14 19:23:01 ----D---- C:\Program Files (x86)\Dragon Age Origins Character Creator
2009-10-03 19:33:22 ----A---- C:\Windows\system32\wups.dll
2009-10-03 19:33:22 ----A---- C:\Windows\system32\wudriver.dll
2009-10-03 19:33:22 ----A---- C:\Windows\system32\wuapi.dll
2009-10-03 19:33:12 ----A---- C:\Windows\system32\wuwebv.dll
2009-10-03 19:33:12 ----A---- C:\Windows\system32\wuapp.exe
2009-09-28 00:12:22 ----A---- C:\Windows\system32\nvwgf2um.dll
2009-09-28 00:12:22 ----A---- C:\Windows\system32\nvoglv32.dll
2009-09-28 00:12:22 ----A---- C:\Windows\system32\nvcuvid.dll
2009-09-28 00:12:22 ----A---- C:\Windows\system32\nvcuvenc.dll
2009-09-28 00:12:22 ----A---- C:\Windows\system32\nvcuda.dll
2009-09-26 15:12:48 ----D---- C:\Windows\system32\AGEIA
2009-09-26 15:12:48 ----D---- C:\Program Files (x86)\AGEIA Technologies
2009-09-26 01:02:14 ----D---- C:\ProgramData\EA Logs
2009-09-26 00:40:46 ----D---- C:\Users\bruno\AppData\Roaming\Stereoscopic Player
2009-09-25 22:21:58 ----A---- C:\Windows\system32\icardres.dll
2009-09-25 22:21:57 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-09-25 22:21:56 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-09-25 22:21:56 ----A---- C:\Windows\system32\infocardapi.dll
2009-09-25 22:21:56 ----A---- C:\Windows\system32\icardagt.exe
2009-09-25 22:21:44 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-09-25 22:21:38 ----A---- C:\Windows\system32\PresentationHost.exe
2009-09-25 22:14:15 ----A---- C:\Windows\system32\netfxperf.dll
2009-09-25 22:13:57 ----A---- C:\Windows\system32\dfshim.dll
2009-09-25 22:13:44 ----A---- C:\Windows\system32\mscoree.dll
2009-09-25 22:13:25 ----A---- C:\Windows\system32\mscorier.dll
2009-09-25 22:13:18 ----A---- C:\Windows\system32\mscories.dll
2009-09-25 22:11:15 ----D---- C:\Windows\6833245EDD86479A882A8360D62C8194.TMP
2009-09-25 19:49:57 ----D---- C:\ProgramData\NVIDIA
2009-09-25 00:04:03 ----D---- C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
2009-09-24 23:32:16 ----D---- C:\Windows\A7E07C2B2220441587E3784D5814BC93.TMP
2009-09-24 22:52:40 ----D---- C:\Users\bruno\AppData\Roaming\NVIDIA Stereoscopic 3D Video Player
2009-09-24 22:25:13 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2009-09-19 04:01:36 ----A---- C:\Windows\system32\nvd3dum.dll
2009-09-19 04:01:36 ----A---- C:\Windows\system32\nvapi.dll
2009-09-19 00:29:57 ----D---- C:\Users\bruno\AppData\Roaming\Bioshock
2009-09-17 21:47:08 ----A---- C:\Windows\system32\wbhelp2.dll
2009-09-17 21:47:06 ----D---- C:\Program Files (x86)\DAP
2009-09-17 20:02:38 ----D---- C:\Users\bruno\AppData\Roaming\DMCache
2009-09-16 00:05:39 ----A---- C:\Windows\system32\XAudio2_5.dll
2009-09-16 00:05:39 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2009-09-16 00:05:38 ----A---- C:\Windows\system32\xactengine3_5.dll
2009-09-16 00:05:36 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2009-09-16 00:05:35 ----A---- C:\Windows\system32\d3dcsx_42.dll
2009-09-16 00:05:34 ----A---- C:\Windows\system32\d3dx11_42.dll
2009-09-16 00:05:34 ----A---- C:\Windows\system32\d3dx10_42.dll
2009-09-16 00:05:33 ----A---- C:\Windows\system32\D3DX9_42.dll
2009-09-16 00:05:28 ----A---- C:\Windows\system32\XAudio2_2.dll
2009-09-16 00:05:28 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2009-09-16 00:05:26 ----A---- C:\Windows\system32\xactengine3_2.dll
2009-09-16 00:04:24 ----D---- C:\Windows\system32\directx
2009-09-15 21:01:46 ----D---- C:\Users\bruno\AppData\Roaming\skypePM
2009-09-15 20:39:24 ----D---- C:\Users\bruno\AppData\Roaming\Skype
2009-09-15 20:36:42 ----D---- C:\Program Files (x86)\Common Files\Skype
2009-09-15 20:36:41 ----RD---- C:\Program Files (x86)\Skype
2009-09-15 20:36:37 ----D---- C:\ProgramData\Skype
2009-09-14 20:49:13 ----D---- C:\Program Files (x86)\SystemRequirementsLab
2009-09-14 20:41:24 ----A---- C:\Windows\system32\tzres.dll
2009-09-14 20:36:54 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-14 20:36:54 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-14 20:36:54 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-14 20:36:54 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-14 20:36:54 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-14 20:36:54 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-14 20:36:54 ----A---- C:\Windows\system32\finger.exe
2009-09-14 20:36:54 ----A---- C:\Windows\system32\ARP.EXE
2009-09-14 20:36:53 ----A---- C:\Windows\system32\netevent.dll
2009-09-14 20:36:26 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-14 20:36:25 ----A---- C:\Windows\system32\mf.dll
2009-09-14 20:35:17 ----A---- C:\Windows\system32\jscript.dll
2009-09-14 20:35:02 ----A---- C:\Windows\system32\wlansec.dll
2009-09-14 20:35:02 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-14 20:35:02 ----A---- C:\Windows\system32\L2SecHC.dll
2009-08-31 21:00:22 ----A---- C:\Windows\system32\javaws.exe
2009-08-31 21:00:22 ----A---- C:\Windows\system32\javaw.exe
2009-08-31 21:00:22 ----A---- C:\Windows\system32\java.exe
2009-08-22 15:43:47 ----D---- C:\Program Files (x86)\Programas SRF
2009-08-22 15:35:59 ----D---- C:\Program Files (x86)\Programas RFB
2009-08-15 17:43:51 ----HDC---- C:\ProgramData\{5794CDCB-FAB7-4C15-9069-4D8AC02592DE}
2009-08-14 23:34:26 ----HDC---- C:\ProgramData\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
2009-08-14 23:24:50 ----A---- C:\Windows\system32\kerberos.dll
2009-08-14 23:24:49 ----A---- C:\Windows\system32\wdigest.dll
2009-08-14 23:24:48 ----A---- C:\Windows\system32\schannel.dll
2009-08-14 23:24:47 ----A---- C:\Windows\system32\secur32.dll
2009-08-14 23:24:26 ----A---- C:\Windows\system32\atl.dll
2009-08-14 23:24:23 ----A---- C:\Windows\system32\mstscax.dll
2009-08-14 23:24:06 ----A---- C:\Windows\system32\avifil32.dll
2009-08-14 23:23:35 ----A---- C:\Windows\system32\wmp.dll
2009-08-14 23:23:34 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-14 23:23:34 ----A---- C:\Windows\system32\spwmp.dll
2009-08-14 23:23:33 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-14 23:23:32 ----A---- C:\Windows\system32\wmploc.DLL
2009-08-08 14:02:04 ----A---- C:\Windows\system32\t2embed.dll
2009-08-08 14:02:04 ----A---- C:\Windows\system32\fontsub.dll
2009-08-08 14:02:04 ----A---- C:\Windows\system32\atmfd.dll
2009-08-08 14:02:03 ----A---- C:\Windows\system32\dciman32.dll
2009-08-07 20:51:54 ----A---- C:\Windows\system32\xlivefnt.dll
2009-08-07 20:51:54 ----A---- C:\Windows\system32\xlive.dll
2009-08-07 20:51:34 ----A---- C:\Windows\system32\xlive.dll.cat

======List of files/folders modified in the last 3 months======

2009-10-27 20:21:52 ----D---- C:\Windows\Prefetch
2009-10-27 19:56:10 ----D---- C:\Windows\System32
2009-10-27 19:56:10 ----D---- C:\Windows\inf
2009-10-27 19:52:47 ----D---- C:\Windows\Temp
2009-10-27 19:51:33 ----AD---- C:\ProgramData\TEMP
2009-10-25 22:23:38 ----D---- C:\Windows\system32\drivers
2009-10-25 22:23:28 ----D---- C:\Windows\SysWOW64
2009-10-25 15:17:09 ----SHD---- C:\System Volume Information
2009-10-24 01:03:52 ----D---- C:\Program Files (x86)\Scpad
2009-10-23 20:59:51 ----D---- C:\Windows\Microsoft.NET
2009-10-23 20:59:48 ----RSD---- C:\Windows\assembly
2009-10-23 19:06:07 ----HD---- C:\ProgramData
2009-10-23 18:51:42 ----D---- C:\Windows\winsxs
2009-10-23 18:51:42 ----D---- C:\Windows\system32\XPSViewer
2009-10-23 18:51:39 ----D---- C:\Windows
2009-10-23 18:51:37 ----SHD---- C:\Windows\Installer
2009-10-23 18:47:00 ----D---- C:\Windows\Debug
2009-10-22 21:12:21 ----D---- C:\Windows\Minidump
2009-10-22 21:12:17 ----SD---- C:\Windows\Downloaded Program Files
2009-10-15 20:51:31 ----D---- C:\Windows\system32\migration
2009-10-15 20:51:31 ----D---- C:\Program Files (x86)\Internet Explorer
2009-10-14 22:00:38 ----A---- C:\Windows\NeroDigital.ini
2009-10-14 19:25:55 ----D---- C:\Program Files (x86)\Common Files\BioWare
2009-10-14 19:24:49 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2009-10-14 19:23:01 ----RD---- C:\Program Files (x86)
2009-10-04 11:39:25 ----D---- C:\Windows\rescache
2009-10-04 11:22:45 ----D---- C:\Windows\system32\pt-BR
2009-10-03 19:34:12 ----D---- C:\Windows\PolicyDefinitions
2009-10-02 22:05:06 ----D---- C:\Users\bruno\AppData\Roaming\DNA
2009-10-02 20:34:56 ----D---- C:\Program Files (x86)\DNA
2009-09-26 15:12:23 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2009-09-26 01:02:22 ----D---- C:\ProgramData\Media Center Programs
2009-09-26 01:01:28 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2009-09-26 00:20:13 ----SD---- C:\Users\bruno\AppData\Roaming\Microsoft
2009-09-25 22:31:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-09-25 22:29:07 ----D---- C:\Windows\system32\wbem
2009-09-25 22:29:07 ----D---- C:\Windows\system32\en-US
2009-09-25 22:12:45 ----D---- C:\Windows\SoftwareDistribution
2009-09-25 18:57:46 ----A---- C:\Windows\system32\PnkBstrB.exe
2009-09-24 21:52:55 ----D---- C:\Program Files (x86)\Common Files\InstallShield
2009-09-19 21:31:55 ----D---- C:\Users\bruno\AppData\Roaming\BitTorrent
2009-09-17 21:47:10 ----D---- C:\ProgramData\SpeedBit
2009-09-17 00:40:11 ----D---- C:\ProgramData\Microsoft Help
2009-09-15 20:36:42 ----D---- C:\Program Files (x86)\Common Files
2009-09-15 07:59:36 ----A---- C:\Windows\system32\aswBoot.exe
2009-09-14 21:27:27 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2009-09-14 21:26:35 ----D---- C:\Windows\ehome
2009-08-31 21:00:20 ----D---- C:\Program Files (x86)\Java
2009-08-15 00:40:00 ----D---- C:\Program Files (x86)\Windows Media Player
2009-08-14 23:36:10 ----D---- C:\Windows\Tasks
2009-08-14 23:34:38 ----A---- C:\Windows\system32\PnkBstrA.exe
2009-08-14 23:34:37 ----A---- C:\Windows\system32\pbsvc.exe
2009-08-08 13:55:46 ----A---- C:\Users\bruno\AppData\Roaming\PStrip.ini
2009-08-08 13:37:59 ----A---- C:\Users\bruno\AppData\Roaming\PStrip.bak

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys []
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys []
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys []
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys []
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys []
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys []
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver; C:\Windows\system32\DRIVERS\nvstusb.sys []
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x64.sys []
S1 NCPro;NCPro; C:\Windows\system32\drivers\MTictwl.sys [2006-08-28 13312]
S3 cpuz132;cpuz132; \??\C:\Windows\system32\drivers\cpuz132_x64.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 ENTECH64;ENTECH64; \??\C:\Windows\system32\DRIVERS\ENTECH64.sys []
S3 HdAudAddService;Driver de Função Microsoft 1.1 UAA para Serviço de High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys []
S3 MagicTune;MagicTune; C:\Windows\system32\drivers\MTiCtwl.sys [2006-08-28 13312]
S3 MSKSSRV;Proxy de serviço de streaming Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Proxy do relógio de streaming Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Proxy de gerenciador de qualidade de streaming Microsoft; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Conversor em T entre Coletores de streaming Microsoft; C:\Windows\system32\drivers\MSTEE.sys []
S3 RivaTuner64;RivaTuner64; \??\E:\RivaTuner\RivaTuner64.sys [2009-10-06 19952]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE []
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agr64svc.exe []
R2 aswUpdSv;avast! iAVS4 Control Service; E:\Avast\aswUpdSv.exe [2009-09-15 18752]
R2 avast! Antivirus;avast! Antivirus; E:\Avast\ashServ.exe [2009-09-15 138680]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-08-14 66872]
R2 scpVista;scpVista; C:\Program Files (x86)\Scpad\scpVista.exe [2007-12-12 136448]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-19 240232]
R3 avast! Mail Scanner;avast! Mail Scanner; E:\Avast\ashMaiSv.exe [2009-09-15 254040]
R3 avast! Web Scanner;avast! Web Scanner; E:\Avast\ashWebSv.exe [2009-09-15 352920]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 aspnet_state;Serviço de estado do ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-27 93184]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NBService;NBService; E:\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-08 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-19 19968]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

E aqui o info.txt:

Spoiler

info.txt logfile of random's system information tool 1.06 2009-10-27 20:21:52

======Uninstall list======

-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->E:\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->MsiExec /X{81C42533-F5A8-46CE-9013-ECF783A4CBD4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0416-0000-0000000FF1CE} /uninstall {669EB263-0AFE-4FCB-A068-DB082CA6273C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {00C5525B-3CB3-467D-8100-2E6FB306CD86}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-002A-0416-1000-0000000FF1CE} /uninstall {98003BDC-1B68-4970-B28E-ACC8000D2F3E}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0416-0000-0000000FF1CE} /uninstall {98003BDC-1B68-4970-B28E-ACC8000D2F3E}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
3DMark Vantage-->C:\Program Files (x86)\InstallShield Installation Information\{C40C3C3D-97CF-44B5-836C-766E374464B3}\setup.exe -runfromtemp -l0x0009 -removeonly
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1.3 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A91000000001}
Arquivo do WinRAR-->C:\Program Files (x86)\WinRAR\uninstall.exe
Assistente de Conexão do Windows Live-->MsiExec.exe /I{381C70F0-FC2C-4BEF-B16C-B88FA67A6B7B}
avast! Antivirus-->E:\Avast\aswRunDll.exe "E:\Avast\Setup\setiface.dll",RunSetup
Batman: Arkham Asylum-->"C:\Program Files (x86)\InstallShield Installation Information\{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}\setup.exe" -runfromtemp -l0x0009 -removeonly
CCleaner (remove only)-->"E:\Ccleaner\uninst.exe"
Crysis Wars(R) Patch-->"C:\ProgramData\{5794CDCB-FAB7-4C15-9069-4D8AC02592DE}\CrysisWars_patch5.exe" REMOVE=TRUE MODIFY=FALSE
Crysis Wars(R) Patch-->C:\ProgramData\{5794CDCB-FAB7-4C15-9069-4D8AC02592DE}\CrysisWars_patch5.exe
Crysis Wars(R)-->"C:\ProgramData\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}\setup.exe" REMOVE=TRUE MODIFY=FALSE
Crysis Wars(R)-->C:\ProgramData\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}\setup.exe
Download Accelerator Plus (DAP)-->C:\PROGRA~2\DAP\DAPREMOVE.EXE
Dragon Age: Origins Character Creator-->"C:\Program Files (x86)\Common Files\BioWare\Uninstall Dragon Age Character Creator.exe"
Driver Sweeper 2.0.5-->"E:\Driver Sweeper\unins000.exe"
eMule-->"E:\Emule\Uninstall.exe"
Fraps-->"E:\Fraps\uninstall.exe"
Futuremark SystemInfo-->C:\Program Files (x86)\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe -runfromtemp -l0x0009 -removeonly
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
HijackThis 2.0.2-->"E:\Hijackthis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
IRPF2009 - Declaração de Ajuste Anual e Final de Espólio-->E:\Bruno\DOCUME~1\IRPF\IRPF2009\UNWISE.EXE E:\Bruno\DOCUME~1\IRPF\IRPF2009\INSTALL.LOG
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Malwarebytes' Anti-Malware-->"E:\Malwarebytes\unins000.exe"
Marvell Miniport Driver-->C:\Program Files (x86)\Marvell\Miniport Driver\Uninst.exe
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{F112F66E-25CA-42DD-983C-6118EB38F606}
Microsoft Office Access MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0015-0416-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0016-0416-0000-0000000FF1CE}
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00BA-0416-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0044-0416-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00A1-0416-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001A-0416-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0018-0416-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-002C-0416-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0019-0416-0000-0000000FF1CE}
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-006E-0416-0000-0000000FF1CE}
Microsoft Office Word MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001B-0416-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Natural Color Pro-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FC2C7405-BC58-4E11-8F51-29671BEAC06B}\setup.exe" -l0x9
Nero 7 Essentials-->MsiExec.exe /X{8046A32C-88A7-45DA-B6D7-B6191E261046}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA PhysX-->MsiExec.exe /X{81C42533-F5A8-46CE-9013-ECF783A4CBD4}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
NVIDIA Stereoscopic 3D Video Player-->MsiExec.exe /I{7719F449-7CD5-4DEA-AD32-2EE192FA9C1E}
PowerISO-->"E:\PowerIso\uninstall.exe"
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
Real Alternative 1.9.0-->"E:\Real Alternative\unins000.exe"
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\Setup.exe -runfromtemp -l0x0416 -removeonly
RESIDENT EVIL 5-->MsiExec.exe /X{AC08BBA0-96B9-431A-A7D0-D8598E493775}
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition-->"E:\RivaTuner\uninstall.exe"
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SoundMAX-->C:\Program Files (x86)\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x0416 -removeonly
SpeedOptimizer-->E:\SPEEDO~1\UNWISE.EXE E:\SPEEDO~1\INSTALL.LOG
System Requirements Lab-->C:\Program Files (x86)\SystemRequirementsLab\Uninstall.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Vista Codec Package-->MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
Windows Live installer-->MsiExec.exe /X{3A417047-2E30-4D05-8977-F706D40BFF39}
Windows Live Messenger-->MsiExec.exe /X{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}

=====HijackThis Backups=====

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2009-04-29]
F2 - REG:system.ini: UserInit=userinit.exe [2009-04-29]

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 081208-0]
AS: Windows Defender
AS: avast! antivirus 4.8.1229 [VPS 081208-0]

======System event log======

Computer Name: bruno-PC
Event Code: 10029
Message: O DCOM iniciou o serviço netman com argumentos "" para executar o servidor:
{BA126AD1-2166-11D1-B1D0-00805FC1270E}
Record Number: 59208
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090724231052.000000-000
Event Type: Informações
User:

Computer Name: bruno-PC
Event Code: 10029
Message: O DCOM iniciou o serviço fdPHost com argumentos "" para executar o servidor:
{145B4335-FE2A-4927-A040-7C35AD3180EF}
Record Number: 59209
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090724231052.000000-000
Event Type: Informações
User:

Computer Name: bruno-PC
Event Code: 104
Message: O serviço está publicando na rede.
Record Number: 59210
Source Name: Microsoft-Windows-ResourcePublication
Time Written: 20090724231052.611926-000
Event Type: Informações
User: AUTORIDADE NT\LOCAL SERVICE

Computer Name: bruno-PC
Event Code: 537
Message: Um Dispositivo de Segurança de Trusted Platform Module (TPM) compatível não foi encontrado neste computador. TBS não pôde ser iniciada.
Record Number: 59211
Source Name: Microsoft-Windows-TBS
Time Written: 20090724231252.249526-000
Event Type: Informações
User: AUTORIDADE NT\LOCAL SERVICE

Computer Name: bruno-PC
Event Code: 24576
Message: Os drivers do dispositivo foram instalados com êxito.
Record Number: 59212
Source Name: Microsoft-Windows-WPDClassInstaller
Time Written: 20090724234526.000000-000
Event Type: Informações
User:

=====Application event log=====

Computer Name: bruno-PC
Event Code: 1
Message: Cliente de Serviços de Certificados iniciado com êxito.
Record Number: 17370
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20091027215230.352717-000
Event Type: Informações
User: bruno-PC\bruno

Computer Name: bruno-PC
Event Code: 1
Message: Cliente de Serviços de Certificados iniciado com êxito.
Record Number: 17371
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20091027215239.307117-000
Event Type: Informações
User: AUTORIDADE NT\SYSTEM

Computer Name: bruno-PC
Event Code: 1
Message: O Serviço da Central de Segurança do Windows foi iniciado.
Record Number: 17372
Source Name: SecurityCenter
Time Written: 20091027215341.000000-000
Event Type: Informações
User:

Computer Name: bruno-PC
Event Code: 1001
Message: Os contadores de desempenho para o serviço WmiApRpl (WmiApRpl) foram removidos com êxito. A página Registrar Dados contém os novos valores das entradas Último Contador e Última Ajuda do Registro do sistema.
Record Number: 17373
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20091027215610.000000-000
Event Type: Informações
User:

Computer Name: bruno-PC
Event Code: 1000
Message: Os contadores de desempenho do serviço WmiApRpl (WmiApRpl) foram carregados com êxito. A página Registrar Dados da seção de dados contém os novos valores de índice atribuídos ao serviço.
Record Number: 17374
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20091027215611.000000-000
Event Type: Informações
User:

=====Security event log=====

Computer Name: bruno-PC
Event Code: 4624
Message: O logon de uma conta foi efetuado com sucesso.

Requerente:
Identificação de segurança: S-1-5-18
Nome da conta: BRUNO-PC$
Domínio da conta: WORKGROUP
Identificação de logon: 0x3e7

Tipo de logon: 5

Novo logon:
Identificação de segurança: S-1-5-18
Nome da conta: SYSTEM
Domínio da conta: AUTORIDADE NT
Identificação de logon: 0x3e7
GUID de logon: {00000000-0000-0000-0000-000000000000}

Informações do processo:
Identificação do processo: 0x2b4
Nome do processo: C:\Windows\System32\services.exe

Informações da rede:
Nome da estação de trabalho:
Endereço da rede de origem: -
Porta de origem: -

Informações detalhadas da autenticação:
Processo de logon: Advapi
Pacote de autenticação: Negotiate
Serviços transitados: -
Nome do pacote (somente NTLM): -
Comprimento da chave: 0

Este evento é gerado quando uma sessão de logon é criada. Ele é gerado no computador acessado.

Os campos do assunto indicam a conta do sistema local que solicitou o logon. Comumente, isto é um serviço como o de servidor ou um processo local como Winlogon.exe ou Services.exe.

O campo tipo de logon indica o tipo de logon ocorrido. Os tipos mais comuns são 2 (interativo) e 3 (em rede).

Os campos Novo logon indicam as contas para a qual o novo logon foi criada, isto é, a conta na qual o logon foi efetuado.

Os campos de rede indicam onde a solicitação de logon remoto se originou. O nome da estação de trabalho nem sempre está disponível e pode ser deixado em branco em alguns casos.

Os campos de informações de autenticação fornecem informações detalhadas sobre esta solicitação específica de logon.
-O GUID de logon é um identificador exclusivo que pode ser usado para correlacionar este evento com um evento de KDC.
- Serviços transitados indicam qual serviço intermediário participou desta solicitação de logon.
- Nome de pacote indica qual subprotocolo foi usado, entre os protocolos NTLM.
- Comprimento da chave indica o comprimento da chave da sessão gerada. Ele será 0 se nenhuma chave de sessão foi solicitada.
Record Number: 32861
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091027215139.746317-000
Event Type: Sucesso da Auditoria
User:

Computer Name: bruno-PC
Event Code: 4672
Message: Privilégios especiais atribuídos a um novo logon.

Requerente:
Identificação de segurança: S-1-5-18
Nome da conta: SYSTEM
Domínio da conta: AUTORIDADE NT
Identificação de logon: 0x3e7

Privilégios: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 32862
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091027215139.746317-000
Event Type: Sucesso da Auditoria
User:

Computer Name: bruno-PC
Event Code: 4648
Message: Tentativa de logon com uso de credenciais explícitas.

Requerente:
Identificação de segurança: S-1-5-18
Nome da conta: BRUNO-PC$
Domínio da conta: WORKGROUP
Identificação de logon: 0x3e7
Identificação de logon: {00000000-0000-0000-0000-000000000000}

Conta cujas credenciais foram utilizadas:
Nome da conta: SYSTEM
Domínio da conta: AUTORIDADE NT
GUID de logon: {00000000-0000-0000-0000-000000000000}

Servidor de destino:
Nome do servidor de destino: localhost
Informações adicionais: localhost

Informações do processo:
Identificação do processo: 0x2b4
Nome do processo: C:\Windows\System32\services.exe

Informações da rede:
Endereço da rede: -
Porta: -

Este evento é gerado quando um processo tenta efetuar o logon em uma conta, especificando explicitamente suas credenciais. Comumente, ele ocorre em configurações do tipo lote como em tarefas programadas, ou quando se utiliza o comando RUNAS.
Record Number: 32863
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091027215437.687517-000
Event Type: Sucesso da Auditoria
User:

Computer Name: bruno-PC
Event Code: 4624
Message: O logon de uma conta foi efetuado com sucesso.

Requerente:
Identificação de segurança: S-1-5-18
Nome da conta: BRUNO-PC$
Domínio da conta: WORKGROUP
Identificação de logon: 0x3e7

Tipo de logon: 5

Novo logon:
Identificação de segurança: S-1-5-18
Nome da conta: SYSTEM
Domínio da conta: AUTORIDADE NT
Identificação de logon: 0x3e7
GUID de logon: {00000000-0000-0000-0000-000000000000}

Informações do processo:
Identificação do processo: 0x2b4
Nome do processo: C:\Windows\System32\services.exe

Informações da rede:
Nome da estação de trabalho:
Endereço da rede de origem: -
Porta de origem: -

Informações detalhadas da autenticação:
Processo de logon: Advapi
Pacote de autenticação: Negotiate
Serviços transitados: -
Nome do pacote (somente NTLM): -
Comprimento da chave: 0

Este evento é gerado quando uma sessão de logon é criada. Ele é gerado no computador acessado.

Os campos do assunto indicam a conta do sistema local que solicitou o logon. Comumente, isto é um serviço como o de servidor ou um processo local como Winlogon.exe ou Services.exe.

O campo tipo de logon indica o tipo de logon ocorrido. Os tipos mais comuns são 2 (interativo) e 3 (em rede).

Os campos Novo logon indicam as contas para a qual o novo logon foi criada, isto é, a conta na qual o logon foi efetuado.

Os campos de rede indicam onde a solicitação de logon remoto se originou. O nome da estação de trabalho nem sempre está disponível e pode ser deixado em branco em alguns casos.

Os campos de informações de autenticação fornecem informações detalhadas sobre esta solicitação específica de logon.
-O GUID de logon é um identificador exclusivo que pode ser usado para correlacionar este evento com um evento de KDC.
- Serviços transitados indicam qual serviço intermediário participou desta solicitação de logon.
- Nome de pacote indica qual subprotocolo foi usado, entre os protocolos NTLM.
- Comprimento da chave indica o comprimento da chave da sessão gerada. Ele será 0 se nenhuma chave de sessão foi solicitada.
Record Number: 32864
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091027215437.687517-000
Event Type: Sucesso da Auditoria
User:

Computer Name: bruno-PC
Event Code: 4672
Message: Privilégios especiais atribuídos a um novo logon.

Requerente:
Identificação de segurança: S-1-5-18
Nome da conta: SYSTEM
Domínio da conta: AUTORIDADE NT
Identificação de logon: 0x3e7

Privilégios: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 32865
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091027215437.687517-000
Event Type: Sucesso da Auditoria
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2

-----------------EOF-----------------

Valew!

 

[qeuzinha]

Mr. Wolf, obrigada por ter analisado meu log. Estou passando as informações que o malwarebytes sobre o IP de proteção:

"Malwarebytes´AntiMalware.
Malwarebytes IP de Proteção
Infecções detectadas: 68.180.151.74"

site: WWW.artesanatoaprendaafazer.blogspot.com

Como estou copiando graficos do site, posso navegar sossegada. E ou outros site em que entro para pesquisar, como posso saber s:wave:e não tem perigo? Como devo proceder?
Obg:wave:

 

[luisednardo]

Olá Mr Wolf,
Há tempos não postava aqui! E aí, tudo bem com vc? Espero que sim... olha só, essa máquina foi infectada por um virus do tipo banker, acredito que já o tenha removido, mas não custa checar pra ter certeza.
Muito Obrigado de antemão!
Abração!

Spoiler

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:27:23, on 27/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Arquivos de programas\Apoint2K\Apoint.exe
C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVD.exe
C:\Arquivos de programas\Apoint2K\Apntex.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Hijackthis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:3128
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {3288614A-3424-4F5E-956D-8236CCF695EE}956D-8236CCF695EE} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [Apoint] C:\Arquivos de programas\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus C67 Series em DEPPESSOAL] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE /P42 "Auto EPSON Stylus C67 Series em DEPPESSOAL" /O20 "\\DEPPESSOAL\EPSONDP" /M "Stylus C67"
O4 - HKLM\..\Run: [Auto EPSON Stylus C67 Series em GERALDOXP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE /P41 "Auto EPSON Stylus C67 Series em GERALDOXP" /O19 "\\GERALDOXP\GERALDO" /M "Stylus C67"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL...-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://vipgroup.webex.com/client/T27L/training/ieatgpc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate1c9e533bb44718c) (gupdate1c9e533bb44718c) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

--
End of file - 8520 bytes

 

[karolz]

Olá Mr. Wolf, os procedimentos solicitados só vao poder ser feitos nos finais de semana (é q a minha amiga brigou com a Oi e pediu para reduzirem o plano dela so pra fins de semana, hehe :lol, mas como ela so liga o pc aos fins de semana mesmo entao acho q nao ha nenhum problema, né? :huh:
Mas eu vim aqui mesmo pra perguntar uma coisa: meu pc ta com um problema chato, fica travando direto, sem falar q ta muito lento... Da ultima vez, vc disse ao final de mais uma leva de coisas q talvez o problema seja outro e nao virus... Tambem acho, pq toda semana eu passo o antivirus e nunca tem nada... Entao, na sua opiniao o q deve ser? :no:

 

[afonsovitor]

trayapp.msi

Oi, não sei se é virus, desisntalei a impressora hp3680 e ao reinciar o pc pede o arquivo "trayapp.msi", mas não tenho mais o cd de instalação, por favor me ajudem!

Obrigado.

Claudinei

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:43:03, on 28/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
c:\Arquivos de programas\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Arquivos de programas\Microsoft Security Essentials\msseces.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe
C:\Arquivos de programas\Outlook Express\msimn.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MSSE] "c:\Arquivos de programas\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll
O22 - SharedTaskScheduler: QuangustCew - {98E1DEB2-6573-43B1-A2E3-92ED46FA3A86} - C:\WINDOWS\system32\quangust.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Arquivos de programas\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

--
End of file - 10468 bytes

 

[Mr.Wolf]

Boa tarde pessoal!


didifpg, poste um log aqui.

_______________________________


brunobyof, a infecção que havia anteriormente não existe mais.

Abra o bloco de notas, cole este texto abaixo e salve como Fix.reg. Dê um duplo clique no arquivo.

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7a982e7-b0e8-11de-971a-001fc6e9614f}]

No mais, logs limpos.

OBS: Troque suas senhas.

_______________________________


qeuzinha, acessei ao site (blog) que você postou, onde o MBAM está bloqueando o IP, para uma avaliação. O blog contém alguns conteúdos maliciosos, além de códigos perigosos. Entretanto, não trata-se nada de um falso positivo. Veja a procedência do IP bloqueado:

http://hosts-file.net/?s=68.180.151.74&view=matches

Sugiro que tome muito cuidado com o acesso ao blog! Recomendo que procure por um algum outro blog ou site, mais seguro e, que de preferência, o MBAM não bloqueie o IP, para copiar seus gráficos. Caso utilize o navegador Firefox, instalar o NoScript seria uma boa.

OBS: Não desative a proteção IP do MBAM.

_______________________________


luisednardo, tudo bem.

Nada errado no log. Está limpo.

Abraços

_______________________________


karolz, lentidão e travamento no computador é algo complexo. Podem ocorrer por diversos motivos.

Qual é a configuração de sua máquina? A temperatura está ok?

_______________________________


afonsovitor, seu log está limpo. O arquivo trayapp.msi está relacionado com o software de imagem dos produtos da HP.

Se você estivesse com o CD em mãos, seria mais fácil corrigir o problema. Pois dentro do CD existe uma pasta chamada TrayApp contendo o arquivo em questão. Bastaria localizar a pasta TrayApp no CD da HP e executar o arquivo trayapp.msi que lá existe. Assim, a mensagem iria parar.

Enfim, seu problema não é com vírus.

 

[Mr.Wolf]

Opa, e aí Mr.Wolf... como vai ?

Então... eu fiz isso, alias... eu tentei de tudo e não zerou. Engraçado que nas versões anteriores tinha como zerar esses dados, que na verdade é o correto.

Eu tentei achar alguma coisa na internet também e nada. Muito estranho os dados ficarem fixos lá e não poder tirar.

Opa amigo sonny, tudo bem e você?

Bem, ontem quando cheguei em casa, instalei o KAS 2010 na VM, preenchi o radar de estatísticas do painel de monitoramente (que ficou no total de 21 Threats Detected), e também não obtive sucesso em zerar/limpar o radar. Mesmo mexendo em todas as configurações referentes ao radar. Foi então que fui pesquisar na internet, e, através de um artigo (FAQ) da própria Kaspersky, minha dúvida foi sanada. Vide o link abaixo amigo sonny:

http://support.kaspersky.com/faq/?qid=208280760

De acordo com o artigo, as tais estatísticas do radar (Threats Detected) só podem ser zeradas se as aplicações responsáveis pelos .exe forem desinstaladas/removidas. Foi então que, novamente, fui averiguar esta afirmação e justificativa do artigo, e realmente é o que está sendo explicado no FAQ. Instalei, executei e utilizei (somente para um teste mais apurado) alguns softwares como: MV RegClean; Update Checker; eMule, ATF-Cleaner; dentre alguns outros, para ver se apareciam no radar de monitoramente do Kaspersky. E apareceram!
Pois bem, desinstalei os softwares e o número do radar reduziu, conforme relatado no FAQ.

Isso ocorre também com o G-DATA, sonny. Porém, no G-DATA, nem desinstalando os programas o radar é zerado.

 

[sonny]

Opa amigo sonny, tudo bem e você?

Bem, ontem quando cheguei em casa, instalei o KAS 2010 na VM, preenchi o radar de estatísticas do painel de monitoramente (que ficou no total de 21 Threats Detected), e também não obtive sucesso em zerar/limpar o radar. Mesmo mexendo em todas as configurações referentes ao radar. Foi então que fui pesquisar na internet, e, através de um artigo (FAQ) da própria Kaspersky, minha dúvida foi sanada. Vide o link abaixo amigo sonny:

http://support.kaspersky.com/faq/?qid=208280760

De acordo com o artigo, as tais estatísticas do radar (Threats Detected) só podem ser zeradas se as aplicações responsáveis pelos .exe forem desinstaladas/removidas. Foi então que, novamente, fui averiguar esta afirmação e justificativa do artigo, e realmente é o que está sendo explicado no FAQ. Instalei, executei e utilizei (somente para um teste mais apurado) alguns softwares como: MV RegClean; Update Checker; eMule, ATF-Cleaner; dentre alguns outros, para ver se apareciam no radar de monitoramente do Kaspersky. E apareceram!
Pois bem, desinstalei os softwares e o número do radar reduziu, conforme relatado no FAQ.

Isso ocorre também com o G-DATA, sonny. Porém, no G-DATA, nem desinstalando os programas o radar é zerado.

E aí Mr.Wolf, tranquilidade por aqui hehe.

Entendi, mas achei muito estranho mesmo esse sistema que eles colocaram. Porque todos os programas que eu abro, da como "Threats Detected" e daí eu tenho que colocar eles na lista de permissão. Porém, não saem de lá.

Com isso, teria que desinstalar para limpar a lista. Esses caras só podem estar de brincadeira mesmo hahaha.

Mas obrigado pela explicação Mr.Wolf, confesso que nunca vi nada tão bisonho em minha vida, se tratando de Anti-Vírus.

O engraçado que isso só aconteceu no Windows XP, no Windows 7 isso não aconteceu.

 

[brunobyof]

Valew mesmo Wolf!

 

[didifpg]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:39:37, on 28/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Ares\Ares.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Arquivos de programas\Arquivos comuns\InterVideo\DeviceService\DevSvc.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {31CB2F01-72C2-4CF4-B265-450E8817B039} (Toontown IE Helper Portuguese) - http://idownload.br.toontown.com/sv1.4.14.8/ttinst-portuguese.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img4.orkut.com/activex/10036/photouploader.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF32D210-948A-4A63-BD02-8938A15D4750}: NameServer = 200.225.197.37 200.225.197.34
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Arquivos de programas\Arquivos comuns\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 9987 bytes

 

[qeuzinha]

Oi, obg pela informação. Ficou uma duvida: quando entrar em outro site e o malwarebytes acusar infeccções detectadas, devo sair rapido dele e se tem perigo de ter pego algo grave?
Eu uso o IE 8 (o pc e usado por + 3 pessoas que usam o Firefox e vou instalar o recomendado).
Pode me informar como faço para o Outpost não broquear o MSN?
Obg se tiver mais alguma duvida posso perguntar?
Grata
:cry::cry:

 

[Optimus5000]

Boa tarde caro Mr. Wolf.

como funciona isso???

tem algo de estranho no meu??

att, Optimus.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:05:44, on 29/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\IDT\WDM\sttray.exe
C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\IDT\962008171752\STacSV.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Arquivos de programas\SuperChat\SuperChat.exe
C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\SuperSys\SUPER.EXE
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: SuperChat.lnk = C:\Arquivos de programas\SuperChat\SuperChat.exe
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{53E686CE-154B-4CFF-A1FC-5FC9F54FD87D}: NameServer = 201.10.128.2,201.10.1.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{53E686CE-154B-4CFF-A1FC-5FC9F54FD87D}: NameServer = 201.10.128.2,201.10.1.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{53E686CE-154B-4CFF-A1FC-5FC9F54FD87D}: NameServer = 201.10.128.2,201.10.1.2
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Arquivos de programas\IDT\962008171752\STacSV.exe

--
End of file - 9157 bytes

 

[Rukasu94]

Rukasu94, logs limpos. Não entendi o motivo do uso do ComboFix. Ele não deve ser utiliado como um programa qualquer de segurança. Somente em casos específicos.

Obrigado pela ajuda. Eu usei o combofix porque me recomendaram, não sabia que ele não deve ser usado "à vontade". Obrigado por avisar.

 

[Iggor]

nossa olha o autorum.inf de pen driver que apareceu aki

Spoiler

[autorun]
;OEP
;??
:cmp=
;tg
icon=%SystemRoot%\system32\SHELL32.dll,4
:jmp3=
;?g?Ywb??F?]L??CF?m?f=?VT
action=OpenfoldertoviewfilesusingWindowsExplorer
;?d???a?s????Y??;`w??X???L
:jne1=
;?ojBv??|??
;=T???L?A???x
;;;;;;;;;;;;;
useautoplay=1
;`Q??
;(?s??

[autorun]
:gotofuckavg=

meu log HijackThis

Spoiler

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:15, on 30/10/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files\Mouse\Amoumain.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CircleDock0.9.2Alpha8.2\CircleDock0.9.2Alpha8.2\CircleDock.exe
C:\Users\Iggor\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 60.190.218.24 www.kavkiskey.com
O1 - Hosts: 60.190.218.24 www.kavkiskey.com
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [conectar] "F:\conectar.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [dircle dock] "C:\Program Files\CircleDock0.9.2Alpha8.2\CircleDock0.9.2Alpha8.2\CircleDock.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Iggor\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Verificação de U&RLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF231A56-3252-4AC5-95B0-AC49F603B463}: NameServer = 200.165.132.148 200.165.132.155
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files (x86)\Common Files\BinarySense\hlAPP.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HDDlife HDD Access service - Unknown owner - C:\Program Files (x86)\Common Files\BinarySense\hldasvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9356 bytes

 

[Pedrinn]

Mr Wolf, estou de volta aqui no Fórum porque do nada meu PC da uma travada e ja logo após ele Desliga.

Log do HijackThis Abaixo !

Spoiler

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:06:05, on 30/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
R3 - URLSearchHook: Local Strike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Arquivos de programas\Local_Strike\tbLoc1.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Local Strike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Arquivos de programas\Local_Strike\tbLoc1.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Arquivos de programas\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Local Strike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Arquivos de programas\Local_Strike\tbLoc1.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1217540557734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235250919125
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {EB2AB471-8FD8-43CD-BA61-348984013593} (HHD Software Vector Image Control) - mkMSITStore:C:\Arquivos%20de%20programas\Hex%20Editor%203.x\Hex%20Editor.chm::/swfbehavior.cab
O20 - AppInit_DLLs: c:\windows\elf_key.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

--
End of file - 7770 bytes

 

[sonny]

Alguém aí usa o "HWMonitor" ?

Toda vez que eu abro o programa o kaspersky da um aviso de "Ação Suspeita".

Será que tem alguma coisa no programa ou a programação desse programa faz com que o Anti-Vírus ache que é uma ameaça ao sistema ?

 

[nrtn]

Eai galera, preciso de uma análise do HijackThis urgente ! PC da minha namorada ta mto lento, demorando demais o boot e o explorer.exe não inicia quando liga o PC e se inicia demora muito ! Ja passei avast!, Malware's e Spybot e nada !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:11:07, on 31/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SnMgrSvc.exe
C:\Arquivos de programas\IDT\6252009131937\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Ares\Ares.exe
C:\Arquivos de programas\Claro\Claro.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Usuario\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Mobile Partner] "C:\Arquivos de programas\Claro\Claro.exe"
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) - https://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF38358B-B1A2-4DA4-8CED-1D7763B54A68}: NameServer = 200.169.116.23 200.169.117.252
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Arquivos de programas\IDT\6252009131937\STacSV.exe

--
End of file - 6834 bytes

 

[Johnn Y]

Olá, Mr Wolf :wave:

Spoiler

ComboFix 09-10-30.01 - usuario 31/10/2009 20:58.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.493 [GMT -2:00]
Executando de: c:\documents and settings\usuario\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
* Criado um novo ponto de restauração
* AV residente está ativo

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dados de aplicativos\dkwork.ini
c:\documents and settings\usuario\Dados de aplicativos\inst.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\ibestunz.dll
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


(((((((((((((((( Arquivos/Ficheiros criados de 2009-09-28 to 2009-10-31 ))))))))))))))))))))))))))))
.

2009-10-27 00:38 . 2009-10-27 00:37 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-27 00:37 . 2009-10-27 00:51 -------- d-----w- c:\documents and settings\usuario\.housecall6.6
2009-10-26 01:32 . 2009-10-26 01:32 -------- d-----w- c:\temp\installtemped
2009-10-26 01:32 . 2009-10-26 01:32 -------- d-----w- C:\Temp
2009-10-24 23:15 . 2009-10-24 23:16 -------- d-----w- C:\!KillBox
2009-10-20 22:59 . 2008-05-09 10:55 90112 -c----w- c:\windows\system32\dllcache\wshext.dll
2009-10-20 22:59 . 2008-05-09 10:55 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll
2009-10-20 22:59 . 2008-05-09 10:55 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll
2009-10-20 22:59 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe
2009-10-20 22:59 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe
2009-10-20 00:26 . 2009-10-20 00:26 -------- d-----w- c:\windows\l2schemas
2009-10-20 00:26 . 2009-10-20 00:26 -------- d-----w- c:\windows\system32\bits
2009-10-18 21:19 . 2009-10-18 21:19 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-18 21:19 . 2009-10-18 21:19 -------- d-----w- c:\arquivos de programas\MSBuild
2009-10-18 21:19 . 2009-10-18 21:19 -------- d-----w- c:\arquivos de programas\Reference Assemblies
2009-10-18 21:19 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-18 21:19 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-18 21:19 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-18 21:19 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-18 21:19 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-18 21:19 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-18 21:19 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-18 21:19 . 2009-10-18 21:19 -------- d-----w- C:\357990c6e19be66f345fde91b3b5
2009-10-18 21:16 . 2009-10-18 21:16 -------- d-----w- c:\arquivos de programas\MSXML 6.0
2009-10-18 21:12 . 2009-10-18 21:13 -------- d-----w- C:\LinhaDefensiva
2009-10-18 21:04 . 2009-10-18 21:04 -------- d-----w- C:\MSNCleaner
2009-10-18 19:33 . 2004-08-04 01:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2009-10-18 16:14 . 2009-10-18 16:14 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\Malwarebytes
2009-10-18 16:14 . 2009-09-10 16:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-18 16:14 . 2009-10-18 16:14 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2009-10-18 16:14 . 2009-10-18 16:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2009-10-18 16:14 . 2009-09-10 16:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-18 15:57 . 2008-06-19 19:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-10-18 15:53 . 2009-10-18 15:53 -------- d-----w- c:\arquivos de programas\Panda Security
2009-10-18 15:31 . 2009-10-18 15:31 -------- d-----w- c:\arquivos de programas\AxBx
2009-10-18 15:23 . 2009-10-18 15:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-18 15:11 . 2009-10-18 15:13 763 ----a-w- c:\windows\apsou.vbs
2009-10-17 17:16 . 2009-10-17 17:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-17 13:27 . 2009-10-17 13:27 -------- d-sh--w- c:\documents and settings\usuario\IECompatCache
2009-10-17 13:26 . 2009-10-17 13:26 -------- d-sh--w- c:\documents and settings\usuario\PrivacIE
2009-10-17 13:22 . 2009-10-17 13:22 -------- d-sh--w- c:\documents and settings\usuario\IETldCache
2009-10-17 13:18 . 2009-10-18 06:00 -------- d-----w- c:\windows\ie8updates
2009-10-17 13:15 . 2009-10-17 13:16 -------- dc-h--w- c:\windows\ie8
2009-10-15 23:28 . 2009-08-29 07:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-15 23:28 . 2009-08-29 07:57 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-15 23:16 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-15 01:52 . 2009-08-04 17:27 2149376 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-15 01:52 . 2009-08-04 17:27 2070272 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-10-15 01:52 . 2009-08-04 17:27 2028032 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-15 01:39 . 2009-10-15 01:41 -------- d-----w- c:\windows\OCCACHE
2009-10-15 01:39 . 1997-07-11 03:00 31744 ----a-w- c:\windows\system32\HLP95EN.DLL
2009-10-15 01:39 . 1997-07-11 03:00 25872 ----a-w- c:\windows\system32\FM20ENU.DLL
2009-10-15 01:39 . 1999-02-04 13:56 148480 ----a-w- c:\windows\fsivba.dll
2009-10-15 01:38 . 2009-10-15 01:41 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Autodesk Shared
2009-10-15 01:38 . 1999-03-11 09:41 28672 ----a-w- c:\windows\system32\mtlw.dll
2009-10-15 01:38 . 1999-03-11 09:41 495616 ----a-w- c:\windows\system32\heidiw.dll
2009-10-15 01:38 . 1999-04-12 04:56 413696 ----a-w- c:\windows\system32\REGACAD.DLL
2009-10-15 01:38 . 1999-03-11 09:41 237568 ----a-w- c:\windows\system32\whiptkw.dll
2009-10-15 01:38 . 1999-03-11 09:41 24576 ----a-w- c:\windows\system32\texturew.dll
2009-10-15 01:38 . 1999-03-11 09:40 106496 ----a-w- c:\windows\system32\dllongw.dll
2009-10-15 01:38 . 1999-04-12 04:57 303104 ----a-w- c:\windows\system32\ACADFICN.DLL
2009-10-15 01:38 . 1999-04-12 02:48 45056 ----a-w- c:\windows\system32\MTSTACK.EXE
2009-10-15 01:38 . 1999-04-12 02:28 28672 ----a-w- c:\windows\system32\ADRESC.DLL
2009-10-15 01:38 . 1999-04-12 01:53 24576 ----a-w- c:\windows\system32\HDIMON.DLL
2009-10-15 01:37 . 2009-10-15 01:37 -------- d-----w- c:\arquivos de programas\Autodesk
2009-10-13 22:04 . 2009-10-13 22:04 -------- d-----w- c:\arquivos de programas\MSXML 4.0
2009-10-12 15:10 . 2004-08-04 02:45 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-10-12 15:07 . 2009-10-20 00:23 -------- d-----w- c:\windows\ServicePackFiles
2009-10-12 15:00 . 2008-06-14 17:34 272384 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-12 15:00 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\drivers\bthport.sys
2009-10-12 14:26 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-10-12 14:25 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-12 14:24 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-10-12 14:24 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-12 14:22 . 2008-04-11 19:05 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-12 14:18 . 2008-10-15 16:36 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-10-12 14:09 . 2008-04-21 21:15 216064 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-10-12 00:23 . 2008-07-07 20:28 253952 -c----w- c:\windows\system32\dllcache\es.dll
2009-10-12 00:23 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-10-12 00:23 . 2009-03-06 14:20 286208 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-10-12 00:23 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-10-12 00:23 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-10-12 00:23 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-10-12 00:23 . 2009-06-25 08:27 732672 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-10-12 00:23 . 2009-02-09 10:53 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-10-12 00:23 . 2009-02-09 10:53 730624 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-10-12 00:23 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-10-12 00:15 . 2008-10-23 12:37 286720 -c----w- c:\windows\system32\dllcache\gdi32.dll
2009-10-11 02:40 . 2009-09-16 12:22 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-10-11 02:40 . 2009-09-16 12:22 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-10-11 02:40 . 2009-09-16 12:22 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-10-11 02:39 . 2009-07-16 15:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-10-11 02:38 . 2009-10-11 02:39 -------- d-----w- c:\arquivos de programas\Arquivos comuns\McAfee
2009-10-11 02:38 . 2009-10-11 02:39 -------- d-----w- c:\arquivos de programas\McAfee.com
2009-10-11 02:38 . 2009-10-23 21:13 -------- d-----w- c:\arquivos de programas\McAfee
2009-10-11 02:24 . 2009-09-16 12:22 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-10-09 01:36 . 2009-10-15 23:19 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\HPAppData
2009-10-09 01:29 . 2009-10-09 01:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WEBREG
2009-10-09 01:22 . 2009-10-09 01:28 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\HP
2009-10-09 01:21 . 2007-10-30 09:25 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-10-09 01:21 . 2007-10-30 09:25 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-10-09 01:21 . 2009-10-09 01:21 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Hewlett-Packard
2009-10-09 01:21 . 2007-11-08 14:56 271704 ----a-r- c:\windows\system32\hpzids01.dll
2009-10-09 01:21 . 2007-10-20 21:25 118272 ----a-w- c:\windows\system32\hpz3l5mu.dll
2009-10-09 01:21 . 2007-10-30 09:25 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-10-09 01:20 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-09 01:20 . 2007-10-30 09:25 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2009-10-09 01:20 . 2007-10-21 16:45 729088 ----a-r- c:\windows\system32\hpowiax7.dll
2009-10-09 01:20 . 2007-10-21 16:45 581632 ----a-r- c:\windows\system32\hpotscl6.dll
2009-10-09 01:20 . 2007-10-21 16:45 303104 ----a-r- c:\windows\system32\hpovst15.dll
2009-10-09 01:17 . 2009-10-09 01:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP
2009-10-09 01:17 . 2009-10-09 01:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant
2009-10-09 01:17 . 2009-10-09 01:17 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Hewlett-Packard
2009-10-09 01:17 . 2009-10-09 01:17 -------- d-----w- c:\arquivos de programas\Arquivos comuns\HP
2009-10-09 01:15 . 2009-10-09 01:17 -------- d-----w- c:\arquivos de programas\HP
2009-10-09 01:15 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-10-08 23:47 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-10-08 23:45 . 2009-10-09 01:22 168001 ----a-w- c:\windows\hpoins28.dat
2009-10-08 23:45 . 2007-12-13 00:01 932 ------w- c:\windows\hpomdl28.dat
2009-10-05 02:36 . 2009-10-18 20:06 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Symantec Shared
2009-10-04 22:39 . 2009-10-04 22:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Norton
2009-10-04 22:39 . 2009-10-04 22:39 -------- d-----w- c:\windows\system32\drivers\NSS
2009-10-04 22:39 . 2009-10-04 22:39 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Symantec
2009-10-04 22:39 . 2009-10-04 22:39 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NortonInstaller
2009-10-04 19:27 . 2009-10-04 19:30 -------- d-----w- c:\windows\system32\Adobe

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-31 23:04 . 2009-09-27 05:50 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\Free Download Manager
2009-10-31 22:09 . 2007-10-06 00:44 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\BSplayer Pro
2009-10-31 21:57 . 2009-09-27 04:53 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\uTorrent
2009-10-31 21:28 . 2001-10-28 18:07 80198 ----a-w- c:\windows\system32\perfc016.dat
2009-10-31 21:28 . 2001-10-28 18:07 471376 ----a-w- c:\windows\system32\perfh016.dat
2009-10-31 21:18 . 2009-09-26 22:44 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\Skype
2009-10-31 18:01 . 2009-09-26 22:45 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\skypePM
2009-10-23 01:18 . 2009-09-27 05:50 -------- d-----w- c:\arquivos de programas\Free Download Manager
2009-10-18 15:15 . 2009-10-18 15:12 351 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\UpApp32.dll
2009-10-18 15:14 . 2009-10-18 15:13 344576 --sh--w- c:\documents and settings\All Users\Dados de aplicativos\orkuthreat.exe
2009-10-17 13:24 . 2007-09-01 02:36 -------- d-----w- c:\arquivos de programas\iTunes
2009-10-12 16:27 . 2002-02-15 16:13 -------- d-----w- c:\arquivos de programas\Warcraft III
2009-10-12 15:41 . 2008-08-09 18:12 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\Vso
2009-10-12 15:41 . 2007-08-11 14:49 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2
2009-10-12 15:38 . 2009-09-27 02:33 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\IObit
2009-10-11 05:40 . 2009-09-27 02:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee
2009-10-04 00:28 . 2009-09-27 04:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!
2009-09-29 16:27 . 2007-08-11 14:54 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2009-09-27 05:50 . 2009-09-27 05:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FreeDownloadManager.ORG
2009-09-27 04:55 . 2009-09-27 04:55 -------- d-----w- c:\arquivos de programas\uTorrent
2009-09-27 02:37 . 2009-09-27 02:37 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live
2009-09-27 02:33 . 2009-09-27 02:33 -------- d-----w- c:\arquivos de programas\IObit
2009-09-27 02:33 . 2009-09-27 02:33 -------- d-----w- c:\arquivos de programas\CCleaner
2009-09-27 01:42 . 2007-08-11 14:10 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-09-26 22:45 . 2009-09-26 22:45 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-26 22:44 . 2009-09-26 22:42 -------- d-----r- c:\arquivos de programas\Skype
2009-09-26 22:42 . 2009-09-26 22:42 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype
2009-09-26 22:42 . 2009-09-26 22:42 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype
2009-09-26 22:26 . 2009-09-26 22:26 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Last.fm
2009-09-26 22:26 . 2009-09-26 22:26 -------- d-----w- c:\arquivos de programas\Last.fm
2009-09-26 20:14 . 2009-09-26 20:14 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight
2009-09-26 20:13 . 2009-09-26 20:10 -------- d-----w- c:\arquivos de programas\Microsoft
2009-09-26 20:13 . 2009-09-26 20:13 -------- d-----w- c:\arquivos de programas\Microsoft Office Outlook Connector
2009-09-26 20:13 . 2009-09-26 20:09 -------- d-----w- c:\arquivos de programas\Windows Live
2009-09-26 20:13 . 2009-09-26 20:13 -------- d-----w- c:\arquivos de programas\Microsoft Sync Framework
2009-09-26 20:12 . 2009-09-26 20:12 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server Compact Edition
2009-09-26 20:10 . 2009-09-26 20:10 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive
2009-09-26 19:21 . 2009-09-26 19:21 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live
2009-09-26 12:42 . 2009-09-25 21:33 -------- d-----w- c:\arquivos de programas\Oi Velox
2009-09-16 12:22 . 2009-07-08 16:44 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-11 14:19 . 2004-08-04 02:45 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:04 . 2004-08-04 02:45 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:57 . 2004-08-04 02:45 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:15 . 2004-08-04 02:45 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-05 09:00 . 2004-08-04 02:45 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:27 . 2004-08-04 02:40 2149376 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:27 . 2004-08-04 00:40 2028032 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"desp2k"="c:\arquivos de programas\Oi Velox\Manager\desp2k.exe" [2006-08-03 65536]
"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"mcagent_exe"="c:\arquivos de programas\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^usuario^Menu Iniciar^Programas^Inicializar^Reboot.exe]
path=c:\documents and settings\usuario\Menu Iniciar\Programas\Inicializar\Reboot.exe
backup=c:\windows\pss\Reboot.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=
"c:\\Arquivos de programas\\StepMania CVS\\Program\\StepMania.exe"=
"c:\\Arquivos de programas\\Warcraft III\\Warcraft III.exe"=
"c:\\Arquivos de programas\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [18/10/2009 13:57 28544]

--- =Outros Serviços/Drivers Na Memória ---

*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Conteúdo da pasta 'Tarefas Agendadas'

2007-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2007-06-03 16:42]

2009-10-11 c:\windows\Tasks\McDefragTask.job
- c:\arquiv~1\mcafee\mqc\QcConsol.exe [2009-10-11 14:22]

2009-10-11 c:\windows\Tasks\McQcTask.job
- c:\arquiv~1\mcafee\mqc\QcConsol.exe [2009-10-11 14:22]

2009-10-31 c:\windows\Tasks\User_Feed_Synchronization-{549ECE67-9207-4B6E-A3D6-95D0D8D36602}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 07:31]
.
.
------- Scan Suplementar -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm
IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm
IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm
IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\29y57njr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (pt)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/firefox?client=firefox-a&rls=org.mozillat-BRfficial
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\arquivos de programas\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.
- - - - ORFÃOS REMOVIDOS - - - -

AddRemove-Need For Speed II SE - c:\program files\Electronic Arts\Need For Speed II SE\DeIsL1.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-10-31 21:05
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x86F808AC]<<
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover

atapi.sys @ 0x0 0x0 bytes

\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xF7251B40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xF7251B40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xF7251B40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xF7251B40 atapi.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xF7251B40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xF7251B40 atapi.sys
\Driver\atapi IRP hooks detected !

**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-606747145-1965331169-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:de,19,41,fc,8d,01,94,91,41,57,2c,9e,28,cc,91,5b,91,8e,9b,17,6c,23,df,
1c,1e,be,92,cc,05,2a,91,85,44,a8,aa,de,39,f3,d4,23,df,bc,90,cc,93,1d,72,99,\
"??"=hex:ba,fd,0f,63,1b,2b,94,42,db,fd,dc,03,2e,1d,d9,bc

[HKEY_USERS\S-1-5-21-606747145-1965331169-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:af,17,2b,11,f3,d9,65,97,1e,5d,57,e5,de,1e,91,6f,c0,73,95,da,aa,
9b,28,74,55,53,3e,22,20,8d,f2,10,68,e7,55,d2,15,25,dc,f8,c1,2b,55,c4,ba,6a,\
"rkeysecu"=hex:45,68,f7,54,53,7e,35,5d,30,41,1e,43,d3,9b,8a,d6
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(3336)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.PTB
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\arquiv~1\McAfee\MSC\mcmscsvc.exe
c:\arquiv~1\ARQUIV~1\mcafee\mna\mcnasvc.exe
c:\arquiv~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe
c:\arquiv~1\McAfee\VIRUSS~1\mcshield.exe
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\arquiv~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-10-31 21:09 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-10-31 23:09

Pré-execução: 6.058.590.208 bytes disponíveis
Pós execução: 5.947.838.464 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 0F57336F06A0C351AB75B6375017BE87

Spoiler

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:29:48, on 31/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe
c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe
c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe
C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\usuario\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E6CDC1C-3B90-47D7-B2A8-24438CA96075} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F42911F-1B92-4CB2-9FB7-2210EFC0D097}: NameServer = 200.149.55.140 200.165.132.147
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8248 bytes

 

[karolz]

Olá Mr. Wolf fiz o que pediu e taí os logs, valeu aí!

Malwarebytes

Spoiler

Malwarebytes' Anti-Malware 1.41
Versão do banco de dados: 3080
Windows 5.1.2600 Service Pack 2

1/11/2009 18:01:45
mbam-log-2009-11-01 (18-01-45).txt

Tipo de Verificação: Completa (C:\|)
Objetos verificados: 157843
Tempo decorrido: 29 minute(s), 18 second(s)

Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registro infectadas: 161
Valores do Registro infectados: 8
Ítens do Registro infectados: 0
Pastas infectadas: 21
Arquivos infectados: 94

Processos da Memória infectados:
(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:
(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valores do Registro infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Ítens do Registro infectados:
(Nenhum ítem malicioso foi detectado)

Pastas infectadas:
C:\Documents and Settings\KARINA\Dados de aplicativos\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\KARINA\Dados de aplicativos\FunWebProducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\KARINA\Dados de aplicativos\FunWebProducts\Data\KARINA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.
C:\Arquivos de programas\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot.
C:\Arquivos de programas\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.
C:\Arquivos de programas\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Arquivos infectados:
C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Delete on reboot.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Delete on reboot.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3BROVLY.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3SHLLVW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8CF83D88-6794-4D2D-B03E-064E2A19DB94}\RP129\A0107460.dll (Malware.Packer.T) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8CF83D88-6794-4D2D-B03E-064E2A19DB94}\RP129\A0107461.exe (Trojan.Banker) -> Quarantined and deleted successfully.
C:\Arquivos de programas\FunWebProducts\ScreenSaver\Images\0055C083.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\FunWebProducts\Shared\Cache\AvatarSmallBtn-new.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\FunWebProducts\Shared\Cache\AvatarSmallBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\FunWebProducts\Shared\Cache\MyFunCardsIMBtn-new.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\FunWebProducts\Shared\Cache\res100.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\FunWebProducts\Shared\Cache\SmileyCentralBtn-new.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Cache\0003B75A (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Cache\00083C46.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Cache\00087B14.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Cache\000E6453.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Cache\000E6B96.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Cache\000E7386.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Cache\000E7A0E (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Cache\003FF980 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Cache\0055158E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Cache\005525F9.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Cache\0055377D.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Cache\0055479A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Settings\setting2.htm.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Settings\settings.dat.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.

OTL

Spoiler

OTL logfile created on: 1/11/2009 18:12:13 - Run 1
OTL by OldTimer - Version 3.1.1.8 Folder = C:\Documents and Settings\KARINA\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

447,48 Mb Total Physical Memory | 181,49 Mb Available Physical Memory | 40,56% Memory free
1,03 Gb Paging File | 0,71 Gb Available in Paging File | 68,53% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 74,52 Gb Total Space | 49,56 Gb Free Space | 66,50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CASA
Current User Name: KARINA
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\KARINA\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Arquivos de programas\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Arquivos de programas\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Arquivos de programas\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Arquivos de programas\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Arquivos de programas\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - C:\Arquivos de programas\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation)
SRV - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - C:\WINDOWS\system32\drivers\usbsermpt.sys (Microsoft Corporation)
DRV - C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - C:\WINDOWS\system32\drivers\fetnd5bv.sys (VIA Technologies, Inc. )
DRV - C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - C:\WINDOWS\system32\DRIVERS\ViPrt.sys (VIA Technologies, Inc.)
DRV - C:\WINDOWS\system32\DRIVERS\ViBus.sys (VIA Technologies, Inc.)
DRV - C:\WINDOWS\system32\drivers\S3gIGPm.sys (S3 Graphics Co., Ltd.)
DRV - C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - C:\WINDOWS\system32\drivers\nwrdr.sys (Microsoft Corporation)
DRV - C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - C:\WINDOWS\system32\drivers\usbser.sys (Microsoft Corporation)
DRV - C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)
DRV - C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - C:\WINDOWS\system32\drivers\fetnd5.sys (VIA Technologies, Inc. )


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\KARINA\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\umdmxfrm.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\serwvdrv.dll (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-789336058-1303643608-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-789336058-1303643608-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
IE - HKU\S-1-5-21-789336058-1303643608-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-21-789336058-1303643608-839522115-1003\S-1-5-21-789336058-1303643608-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2009/10/12 14:16:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2009/10/12 14:16:07 | 00,000,000 | ---D | M]

[2009/10/12 14:16:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KARINA\Dados de aplicativos\Mozilla\Firefox\Profiles\y6u0y6pm.default\extensions
[2009/10/12 14:16:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KARINA\Dados de aplicativos\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/12 14:16:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KARINA\Dados de aplicativos\Mozilla\Extensions
[2009/10/12 14:16:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KARINA\Dados de aplicativos\Mozilla\Extensions
[2009/10/12 14:16:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KARINA\Dados de aplicativos\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/12 14:16:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KARINA\Dados de aplicativos\Mozilla\Firefox\Profiles\y6u0y6pm.default\extensions
[2009/10/12 14:16:07 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/12 14:16:07 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions
[2009/10/12 14:16:07 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions
[2009/10/12 14:16:07 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/24 18:23:40 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\Mozilla Firefox\components\browserdirprovider.dll
[2009/08/24 18:23:40 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\Mozilla Firefox\components\brwsrcmp.dll
[2009/08/24 18:23:40 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npnul32.dll
[2009/08/24 17:27:45 | 00,001,027 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\buscape.xml
[2009/08/24 17:27:45 | 00,002,371 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\google.xml
[2009/08/24 17:27:45 | 00,001,135 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\mercadolivre.xml
[2009/08/24 17:27:45 | 00,001,168 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\wikipedia-br.xml
[2009/08/24 17:27:45 | 00,000,648 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: (774 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Arquivos de programas\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Arquivos de programas\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-789336058-1303643608-839522115-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-789336058-1303643608-839522115-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Arquivos de programas\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)
O3 - HKU\S-1-5-21-789336058-1303643608-839522115-1003\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Arquivos de programas\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-789336058-1303643608-839522115-1003..\Run: [MsnMsgr] C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-789336058-1303643608-839522115-1003..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe File not found
O4 - HKU\S-1-5-21-789336058-1303643608-839522115-1003..\Run: [Voipwise] C:\Arquivos de programas\Voipwise.com\Voipwise\Voipwise.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: &Windows Live Search - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - File not found
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Value error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-789336058-1303643608-839522115-1003 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/10 21:03:28 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (MACHINE) - File not found
O34 - HKLM BootExecute: (BootExecut) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 90 Days ==========

[2009/11/01 18:10:55 | 00,528,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\KARINA\Desktop\OTL.exe
[2009/11/01 17:20:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KARINA\Dados de aplicativos\Malwarebytes
[2009/11/01 17:20:09 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/01 17:20:07 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/01 17:20:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes
[2009/11/01 17:20:07 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware
[2009/10/24 17:19:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KARINA\Meus documentos\Downloads
[2009/10/12 14:16:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KARINA\Configurações locais\Dados de aplicativos\Mozilla
[2009/10/12 14:16:06 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Mozilla Firefox
[2009/10/12 14:13:56 | 07,898,768 | ---- | C] (Mozilla) -- C:\Documents and Settings\KARINA\Meus documentos\Firefox Setup 3.5.3.exe
[2009/10/12 12:38:41 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Trend Micro
[2009/10/12 12:13:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2009/11/01 18:11:03 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KARINA\Desktop\OTL.exe
[2009/11/01 18:11:00 | 00,000,272 | ---- | M] () -- C:\WINDOWS\tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job
[2009/11/01 18:04:09 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/01 18:03:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/01 18:03:43 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/01 18:02:27 | 04,456,448 | -H-- | M] () -- C:\Documents and Settings\KARINA\NTUSER.DAT
[2009/11/01 18:02:27 | 00,000,210 | -HS- | M] () -- C:\Documents and Settings\KARINA\ntuser.ini
[2009/11/01 18:02:20 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\KARINA\Configurações locais\Dados de aplicativos\IconCache.db
[2009/11/01 18:02:18 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/11/01 18:02:18 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/11/01 17:20:11 | 00,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/01 13:57:46 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/11/01 13:57:46 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/10/18 16:03:34 | 00,000,143 | ---- | M] () -- C:\Documents and Settings\KARINA\default.pls
[2009/10/18 16:03:30 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/18 13:44:27 | 00,347,294 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
[2009/10/18 13:44:27 | 00,314,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/18 13:44:27 | 00,049,586 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
[2009/10/18 13:44:27 | 00,040,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/18 13:44:24 | 00,759,962 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/12 20:13:56 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/12 14:16:34 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/10/12 14:16:11 | 00,001,674 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/10/12 14:14:01 | 07,898,768 | ---- | M] (Mozilla) -- C:\Documents and Settings\KARINA\Meus documentos\Firefox Setup 3.5.3.exe
[2009/10/12 12:38:43 | 00,001,806 | ---- | M] () -- C:\Documents and Settings\KARINA\Desktop\HijackThis.lnk
[2009/10/12 12:35:42 | 00,024,187 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/12 12:35:41 | 42,718,391 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/11 18:14:51 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/10/11 16:58:46 | 00,000,617 | ---- | M] () -- C:\Documents and Settings\KARINA\Meus documentos\Minhas Pastas de Compartilhamento.lnk
[2009/09/22 11:32:11 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/09/22 11:32:11 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/09/16 19:00:55 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/09/16 19:00:55 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/09/13 14:29:11 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/09/13 14:29:11 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/06 16:55:09 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/09/06 16:55:09 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/09/06 15:03:01 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/09/06 15:03:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/09/01 12:34:58 | 00,282,654 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msaud32.acm
[2009/08/23 22:26:13 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/08/23 22:26:13 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/08/23 21:18:38 | 00,270,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/23 13:28:37 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/08/23 13:28:37 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/08/23 12:48:13 | 00,006,144 | ---- | M] () -- C:\Documents and Settings\KARINA\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/19 17:18:54 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/08/19 17:18:54 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/08/19 15:55:08 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/08/19 15:55:08 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/08/13 13:21:37 | 00,512,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll
[2009/08/13 13:21:37 | 00,512,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2009/08/05 07:06:33 | 00,205,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009/08/05 07:06:33 | 00,205,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/01 17:20:11 | 00,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/12 14:16:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/10/12 14:16:11 | 00,001,674 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/10/12 12:38:43 | 00,001,806 | ---- | C] () -- C:\Documents and Settings\KARINA\Desktop\HijackThis.lnk
[2009/08/23 12:47:10 | 00,006,144 | ---- | C] () -- C:\Documents and Settings\KARINA\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/17 19:57:05 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/04/26 15:35:56 | 00,003,171 | ---- | C] () -- C:\Documents and Settings\KARINA\Dados de aplicativos\dom.temp
[2008/04/10 15:30:39 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\KARINA\Dados de aplicativos\XMLNet.dat
[2008/04/10 15:30:37 | 00,003,171 | ---- | C] () -- C:\Documents and Settings\KARINA\Dados de aplicativos\dominio.xml
[2008/04/10 15:30:37 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\KARINA\Dados de aplicativos\CLSID.dat
[2008/02/11 21:35:24 | 00,000,405 | ---- | C] () -- C:\WINDOWS\System32\msnobj.dll
[2008/02/11 21:34:48 | 00,000,405 | ---- | C] () -- C:\WINDOWS\System32\msnprint.dll
[2008/02/10 23:38:42 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/02/10 21:52:28 | 06,291,456 | -H-- | C] () -- C:\Documents and Settings\KARINA\Configurações locais\Dados de aplicativos\IconCache.db
[2008/02/10 21:35:38 | 00,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/02/10 21:35:37 | 00,071,616 | ---- | C] () -- C:\Documents and Settings\KARINA\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT
[2008/02/10 21:14:25 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2008/02/10 21:08:41 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\KARINA\Dados de aplicativos\desktop.ini
[2008/02/10 17:55:20 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\desktop.ini
[2002/10/16 16:01:56 | 00,176,704 | ---- | C] () -- C:\WINDOWS\System32\mozctl.dll
[2001/10/28 16:07:38 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/10/28 16:07:30 | 00,000,250 | ---- | C] () -- C:\WINDOWS\system.ini
< End of report >

Spoiler

OTL Extras logfile created on: 1/11/2009 18:12:13 - Run 1
OTL by OldTimer - Version 3.1.1.8 Folder = C:\Documents and Settings\KARINA\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

447,48 Mb Total Physical Memory | 181,49 Mb Available Physical Memory | 40,56% Memory free
1,03 Gb Paging File | 0,71 Gb Available in Paging File | 68,53% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 74,52 Gb Total Space | 49,56 Gb Free Space | 66,50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CASA
Current User Name: KARINA
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Arquivos de programas\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Arquivos de programas\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\ARQUIV~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Arquivos de programas\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNetisabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" = C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe" = C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Arquivos de programas\valve\hl.exe" = C:\Arquivos de programas\valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Arquivos de programas\Voipwise.com\Voipwise\Voipwise.exe" = C:\Arquivos de programas\Voipwise.com\Voipwise\Voipwise.exe:*:Enabled:Voipwise -- File not found
"C:\Arquivos de programas\JustVoip.com\JustVoip\JustVoip.exe" = C:\Arquivos de programas\JustVoip.com\JustVoip\JustVoip.exe:*:Enabled:JustVoip -- File not found
"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" = C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe" = C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Arquivos de programas\AVG\AVG8\avgupd.exe" = C:\Arquivos de programas\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Arquivos de programas\AVG\AVG8\avgnsx.exe" = C:\Arquivos de programas\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{381C70F0-FC2C-4BEF-B16C-B88FA67A6B7B}" = Assistente de Conexão do Windows Live
"{3A417047-2E30-4D05-8977-F706D40BFF39}" = Windows Live installer
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Ultra Edition
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{63218538-4A69-497F-8455-904261B0E9E4}" = CorelDRAW Graphics Suite X3
"{6FEE62BC-67E3-4083-BEE2-3C33A487F85C}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites para Windows Live Toolbar
"{88902514-B65F-4093-AF94-8DA7B41DCCD8}" = Extensão do Windows Live Toolbar (Windows Live Toolbar)
"{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}" = Windows Live Messenger
"{90120000-0010-0416-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12
"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007
"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
"{9D57C4FB-39C1-4EC3-9386-845FD08453D5}" = Menus Inteligentes (Windows Live Toolbar)
"{AC76BA86-7AD7-1046-7B44-A81200000003}" = Adobe Reader 8.1.2 - Português
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{C57CD366-C6BE-45B5-B5C6-0424E506F1D0}" = BR
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{E0A086ED-969F-469A-86B1-AE90BCC8F3BC}" = Visualizador do Marcador (Windows Live Toolbar)
"{E8870D92-54F6-4AC7-82D0-7DCDFB1F00AE}" = Cs Non Steam
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG8Uninstall" = AVG Free 8.5
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F50&SUBSYS_205F14F1" = PCI SoftV92 Modem
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Gerenciador de dispositivo de plataforma
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.0
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Net Express Vs. Residência" = Net Express Vs. Residência 2.2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"VIA Chrome9 HC IGP Display" = VIA/S3G Display Driver 6.14.10.0086
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = Arquivo do WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ OSession Events ]
Error - 23/4/2008 20:12:38 | Computer Name = HOME | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 37
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/9/2009 11:50:11 | Computer Name = CASA | Source = Cdrom | ID = 262151
Description = O dispositivo, \Device\CdRom0, possui um bloco defeituoso.

Error - 6/9/2009 11:50:18 | Computer Name = CASA | Source = Cdrom | ID = 262151
Description = O dispositivo, \Device\CdRom0, possui um bloco defeituoso.

Error - 7/9/2009 21:51:39 | Computer Name = CASA | Source = Cdrom | ID = 262151
Description = O dispositivo, \Device\CdRom0, possui um bloco defeituoso.

Error - 13/9/2009 11:43:38 | Computer Name = CASA | Source = Windows Update Agent | ID = 16
Description = Não é Possível Conectar: o Windows não pode se conectar ao serviço
de atualizações automáticas e, portanto, não consegue baixar e instalar as atualizações
de acordo com a agenda estabelecida. O Windows continuará tentando estabelecer
uma conexão.

Error - 16/9/2009 16:43:07 | Computer Name = CASA | Source = Windows Update Agent | ID = 16
Description = Não é Possível Conectar: o Windows não pode se conectar ao serviço
de atualizações automáticas e, portanto, não consegue baixar e instalar as atualizações
de acordo com a agenda estabelecida. O Windows continuará tentando estabelecer
uma conexão.

Error - 22/9/2009 08:51:40 | Computer Name = CASA | Source = Windows Update Agent | ID = 16
Description = Não é Possível Conectar: o Windows não pode se conectar ao serviço
de atualizações automáticas e, portanto, não consegue baixar e instalar as atualizações
de acordo com a agenda estabelecida. O Windows continuará tentando estabelecer
uma conexão.

Error - 11/10/2009 10:40:06 | Computer Name = CASA | Source = Windows Update Agent | ID = 16
Description = Não é Possível Conectar: o Windows não pode se conectar ao serviço
de atualizações automáticas e, portanto, não consegue baixar e instalar as atualizações
de acordo com a agenda estabelecida. O Windows continuará tentando estabelecer
uma conexão.

Error - 11/10/2009 10:56:45 | Computer Name = CASA | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000243'
ao processar o arquivo 'avginet.dll.old' no volume 'HarddiskVolume1'. O monitoramento
do volume foi interrompido.

Error - 11/10/2009 11:01:11 | Computer Name = CASA | Source = DCOM | ID = 10010
Description = O servidor {0002DF01-0000-0000-C000-000000000046} não se registrou
com o DCOM dentro do tempo limite requerido.

Error - 11/10/2009 15:12:00 | Computer Name = CASA | Source = DCOM | ID = 10010
Description = O servidor {0002DF01-0000-0000-C000-000000000046} não se registrou
com o DCOM dentro do tempo limite requerido.


< End of report >

 

[qmzpun]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:08, on 2/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
F:\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
F:\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\AskBarDis\bar\bin\AskService.exe
F:\Itunes\iTunesHelper.exe
F:\Avira\AntiVir Desktop\avgnt.exe
F:\Arquivos de programas\PowerISO\PWRISOVM.EXE
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe
C:\Arquivos de programas\Spyware Doctor\pctsTray.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
F:\Arquivos de programas\DAEMON Tools Lite\daemon.exe
C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
F:\Arquivos de programas\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Documents and Settings\Usuario\Desktop\Nova pasta\Yodm3D.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Arquivos de programas\Orbitdownloader\orbitnet.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe
F:\Safari.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {06913B01-EF8C-B420-BFEE-985B83487AA9} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: bignetdaddy - {9a75e134-56cf-09ac-9c40-af10e28a08a3} - C:\WINDOWS\system32\66335db9-d4dd-d4fc-45ca-ef2ae7edfe7b.dll (file missing)
O2 - BHO: (no name) - {AD18B5E6-CF13-4C98-9A9D-F1D0FA7D74C4} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogonStudio] "C:\Arquivos de programas\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [iTunesHelper] "F:\Itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "F:\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [PWRISOVM.EXE] F:\Arquivos de programas\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ISTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alienware Dock.lnk = F:\Arquivos de programas\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Startup: Atalho para Yodm3D.lnk = C:\Documents and Settings\Usuario\Desktop\Nova pasta\Yodm3D.exe
O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Windows Messenger.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to AMV Convert Tool... - F:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - F:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: wbsys.dll,C:\WINDOWS\System32\drmstor32.dll
O20 - Winlogon Notify: a431470c649 - C:\WINDOWS\System32\drmstor32.dll (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - F:\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - F:\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Arquivos de programas\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Arquivos de programas\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

--
End of file - 11555 bytes

 

[qmzpun]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:08, on 2/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
F:\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
F:\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\AskBarDis\bar\bin\AskService.exe
F:\Itunes\iTunesHelper.exe
F:\Avira\AntiVir Desktop\avgnt.exe
F:\Arquivos de programas\PowerISO\PWRISOVM.EXE
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe
C:\Arquivos de programas\Spyware Doctor\pctsTray.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
F:\Arquivos de programas\DAEMON Tools Lite\daemon.exe
C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
F:\Arquivos de programas\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Documents and Settings\Usuario\Desktop\Nova pasta\Yodm3D.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Arquivos de programas\Orbitdownloader\orbitnet.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe
F:\Safari.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {06913B01-EF8C-B420-BFEE-985B83487AA9} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: bignetdaddy - {9a75e134-56cf-09ac-9c40-af10e28a08a3} - C:\WINDOWS\system32\66335db9-d4dd-d4fc-45ca-ef2ae7edfe7b.dll (file missing)
O2 - BHO: (no name) - {AD18B5E6-CF13-4C98-9A9D-F1D0FA7D74C4} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogonStudio] "C:\Arquivos de programas\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [iTunesHelper] "F:\Itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "F:\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [PWRISOVM.EXE] F:\Arquivos de programas\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ISTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alienware Dock.lnk = F:\Arquivos de programas\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Startup: Atalho para Yodm3D.lnk = C:\Documents and Settings\Usuario\Desktop\Nova pasta\Yodm3D.exe
O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Windows Messenger.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to AMV Convert Tool... - F:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - F:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: wbsys.dll,C:\WINDOWS\System32\drmstor32.dll
O20 - Winlogon Notify: a431470c649 - C:\WINDOWS\System32\drmstor32.dll (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - F:\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - F:\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Arquivos de programas\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Arquivos de programas\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

--
End of file - 11555 bytes