Remoção de vírus

Mr.Wolf · 12/04/2010

Ok, Fred.

Aquelas entradas eram realmente maliciosas. Tirando elas, o log está limpo.

Estou com um mero pressentimento de que as mesmas foram adicionadas ao seu DNS pelo SpyHunter. Mas como já o desinstalou, sem problemas.

Como está o computador?

FredDarrell · 12/04/2010

Está tudo tranquilo, nenhuma mensagem de alerta, lerdeza ou coisas do gênero.

Mr.Wolf · 12/04/2010

FredDarrell disse:
Não sei se são esses os endereços que você pediu, se não forem é só avisar que eu olho de novo.

IPV6 : 10.1.1.2

IPV4 : 255.0.0.0

São estes, sim. :thumbs_up

FredDarrell disse:
Está tudo tranquilo, nenhuma mensagem de alerta, lerdeza ou coisas do gênero.

Ótimo!

Sendo assim, pode trocar as suas senhas sem problema algum, amigo.

Não há nenhum keylogger, banker, ou algo do gênero, que possa comprometer suas contas.

FredDarrell · 12/04/2010

Muito obrigado pela grande ajuda Mr. Wolf, trocarei as senhas ainda hoje.

Agradecido e parabéns pelo excelente trabalho.

Mr.Wolf · 12/04/2010

FredDarrell disse:
Muito obrigado pela grande ajuda Mr. Wolf, trocarei as senhas ainda hoje.

Agradecido e parabéns pelo excelente trabalho.

Obrigado, Fred

Disponha sempre que precisar.

Só para finalizar, pode deletar o DDS e a pasta backups localizada na pasta do HijackThis.

Apenas uma pergunta: A versão do seu Malwarebytes é a paga?

FredDarrell · 12/04/2010

De nada, se precisar virei aqui rapidamente ^^

Eu acho que é, faz um tempo que instalei, por que ?

Mr.Wolf · 12/04/2010

FredDarrell disse:
De nada, se precisar virei aqui rapidamente ^^

Eu acho que é, por que ?

Com o Malwarebytes e o Spybot (TeaTimer) monitorando em tempo real, pode haver conflitos futuramente.

O residente do Malwarebytes é excelente, muito melhor que o do Spybot. Sugiro que deixe apenas um deles monitorando.

Agora, isso é só um conselho. Se preferir deixar como está, a decisão é sua.

FredDarrell · 12/04/2010

Conselhos são sempre bem vindos Mr. Wolf, instalei o SpyBot ontem pra fazer um scan, vou desativa-lo.

Valeu novamente :]

Jonathan · 12/04/2010

Mr.Wolf disse:
Opa Jonathan, tudo bem.

Seu computador permanece infectado, por backdoors. Recomendo a instalação de um firewall na máquina.

Siga abaixo, Jonathan:

- Faça o download do ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Duplo clique no ícone combofix.exe para iniciar o scan;
● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Não;
● Se o ComboFix algum tipo de emulador de CD (como o DAEMON Tools, Alcohol, etc) aparecerá uma mensagem dizendo que precisa ser desabilitado. Clique em OK e aguarde o PC reiniciar.

● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.

Cole este log em sua próxima resposta.

Mr.Wolf, obrigado pela ajuda. Segue o log do ComboFIX e um novo log do HijackThis. Eu descobri que a fonte destes virus foi o pen drive da minha irma, ela conectou o mesmo na faculdade e trouxe para casa, contaminando o meu pc e o note dela. Percebi tambem que varias pastas minhas se transformaram em "aplicativo", agora nao consigo abri-las.

ComboFix 10-04-19.05 - Jonathan 20/04/2010 10:17:02.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1033.18.3326.2193 [GMT -3:00]
Executando de: c:\users\Jonathan\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\¡¡¡¡¡¡.lnk
c:\windows\system32\~.inf
c:\windows\system32\com.run
c:\windows\system32\dp1.fne
c:\windows\system32\eAPI.fne
c:\windows\system32\internet.fne
c:\windows\system32\krnln.fnr
c:\windows\system32\og.dll
c:\windows\system32\og.edt
c:\windows\system32\RegEx.fnr
c:\windows\system32\shell.fne
c:\windows\system32\spec.fne
c:\windows\system32\ul.dll
c:\windows\system32\XP-EDE20155.EXE

.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-03-20 to 2010-04-20 ))))))))))))))))))))))))))))
.

2010-04-20 13:24 . 2010-04-20 13:24 -------- d-----w- c:\users\Jonathan\AppData\Local\temp
2010-04-20 13:24 . 2010-04-20 13:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-20 13:24 . 2010-04-20 13:24 -------- d-----w- c:\users\Jeniffer\AppData\Local\temp
2010-04-20 13:24 . 2010-04-20 13:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-20 13:23 . 2010-04-20 13:23 -------- d-----w- c:\users\Clarety\AppData\Local\temp
2010-04-20 03:07 . 2010-04-20 12:59 13824 ----a-w- c:\windows\system32\Q68C3E4B.EXE
2010-04-20 03:07 . 2010-04-20 03:07 13824 --sh--w- c:\windows\system32\TC-WZ5.EXE
2010-04-20 03:07 . 2010-04-20 12:59 23552 ----a-w- c:\windows\system32\W571637B.EXE
2010-04-20 03:07 . 2010-04-20 03:07 23552 --sh--w- c:\windows\system32\GC-WZ6.EXE
2010-04-16 21:34 . 2010-04-06 08:12 114360 ----a-w- c:\users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\0u334xjn.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
2010-04-14 15:26 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 15:26 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 15:26 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 15:26 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 15:26 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 15:26 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 15:22 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 15:22 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-12 02:20 . 2010-04-12 02:20 -------- d-----w- c:\program files\Trend Micro
2010-04-11 19:02 . 2010-04-11 19:01 -------- d---a-w- c:\program files\IncaBall Screen Saver
2010-04-11 19:02 . 2010-04-11 19:01 237568 ----a-w- c:\windows\IncaBallCave.scr
2010-04-06 23:26 . 2010-04-06 23:26 160328 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{03C58966-B3A7-1914-00D2-D77CC09031E0}-AdminTool.exe
2010-04-03 03:05 . 2010-04-03 03:05 -------- d-----w- c:\program files\GameTop.com
2010-04-03 03:01 . 2010-04-03 03:01 10 ----a-w- c:\windows\popcinfo.dat
2010-04-03 02:51 . 2010-04-03 02:51 -------- d-----w- c:\users\Jonathan\AppData\Roaming\Zylom
2010-04-03 02:51 . 2010-04-03 02:51 -------- d-----w- c:\programdata\Zylom
2010-04-03 02:51 . 2009-10-26 18:45 102400 ----a-w- c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
2010-04-03 02:51 . 2006-09-26 15:03 161976 ----a-w- c:\programdata\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
2010-04-03 02:51 . 2010-04-03 02:51 -------- d-----w- c:\program files\Zylom Games
2010-03-31 12:10 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll
2010-03-30 11:07 . 2010-03-30 11:07 -------- d-----w- c:\program files\Common Files\Skype
2010-03-27 16:58 . 2009-08-17 17:56 462848 ------w- c:\programdata\HP\Installer\Temp\hpzswp01.exe
2010-03-27 16:58 . 2009-07-31 22:02 1639224 ------w- c:\programdata\HP\Installer\Temp\hpzscr01.EXE
2010-03-27 16:58 . 2009-07-31 22:02 1710392 ------w- c:\programdata\HP\Installer\Temp\hpzmsi01.exe
2010-03-26 13:55 . 2010-03-26 13:55 -------- d-----w- c:\users\Jonathan\AppData\Local\HP
2010-03-26 13:54 . 2010-03-26 13:55 -------- d-----w- c:\users\Jonathan\AppData\Roaming\HP
2010-03-26 13:54 . 2010-03-26 13:54 -------- d-----w- c:\programdata\WEBREG
2010-03-26 13:51 . 2010-03-26 13:51 -------- d-----w- c:\programdata\HP Product Assistant
2010-03-26 13:50 . 2010-03-26 13:50 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-03-26 13:50 . 2010-03-26 13:50 -------- d-----w- c:\program files\Common Files\HP
2010-03-26 13:49 . 2010-03-26 13:52 -------- d-----w- c:\program files\HP
2010-03-26 13:48 . 2010-03-26 13:54 229484 ----a-w- c:\windows\hpoins19.dat
2010-03-26 13:48 . 2009-10-20 04:30 13898 ------w- c:\windows\hpomdl19.dat
2010-03-26 13:48 . 2010-03-26 13:54 -------- d-----w- c:\programdata\HP
2010-03-26 13:48 . 2009-07-08 10:51 452408 ----a-w- c:\windows\system32\hpzids01.dll
2010-03-24 14:56 . 2010-03-24 14:59 -------- d-----w- c:\users\Jonathan\AppData\Roaming\Crispy Plotter
2010-03-24 14:56 . 2010-03-24 14:56 -------- d-----w- c:\program files\Crispy Plotter
2010-03-22 22:34 . 2010-03-22 22:34 -------- d-----w- c:\program files\Archim

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-20 13:24 . 2009-12-29 01:04 -------- d-----w- c:\users\Jonathan\AppData\Roaming\Skype
2010-04-20 13:14 . 2010-01-05 18:59 -------- d-----w- c:\program files\Common Files\Akamai
2010-04-20 13:13 . 2009-12-02 14:01 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-04-20 12:59 . 2009-12-29 01:06 -------- d-----w- c:\users\Jonathan\AppData\Roaming\skypePM
2010-04-20 03:07 . 2009-12-02 12:41 654272 ----a-w- c:\windows\system32\prfh0416.dat
2010-04-20 03:07 . 2009-12-02 12:41 124724 ----a-w- c:\windows\system32\prfc0416.dat
2010-04-19 22:58 . 2009-12-20 22:23 -------- d-----w- c:\users\Jonathan\AppData\Roaming\Winamp
2010-04-19 18:42 . 2010-04-19 18:42 427519 ----a-w- c:\windows\system32\~.tmp
2010-04-18 23:51 . 2009-12-07 20:37 -------- d-----w- c:\users\Jonathan\AppData\Roaming\U3
2010-04-14 21:15 . 2009-12-04 00:55 -------- d-----w- c:\programdata\Microsoft Help
2010-04-14 15:17 . 2010-02-05 22:11 -------- d-----w- c:\program files\Shareaza
2010-04-14 01:42 . 2009-12-19 19:23 85280 ----a-w- c:\users\Jeniffer\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-13 17:56 . 2010-02-05 22:11 -------- d-----w- c:\users\Jeniffer\AppData\Roaming\Shareaza
2010-03-28 20:51 . 2009-12-12 13:08 85280 ----a-w- c:\users\Clarety\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-28 02:31 . 2009-12-02 12:46 85280 ----a-w- c:\users\Jonathan\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-28 02:28 . 2009-12-04 15:05 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-24 14:40 . 2009-12-12 20:53 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-24 14:40 . 2009-12-12 20:53 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-20 00:50 . 2010-03-10 00:25 -------- d-----w- c:\users\Clarety\AppData\Roaming\Winamp
2010-03-18 14:25 . 2010-03-18 14:25 -------- d-----w- c:\users\Jonathan\AppData\Roaming\Shareaza
2010-03-17 13:23 . 2010-03-17 13:23 -------- d-----w- c:\program files\EmissaoRecibo
2010-03-16 12:53 . 2010-03-16 12:53 -------- d-----w- c:\users\Jonathan\AppData\Roaming\Vono
2010-03-16 12:52 . 2010-03-16 12:52 -------- d-----w- c:\program files\Vono
2010-03-05 14:52 . 2010-03-05 14:52 -------- d-----w- c:\program files\voip
2010-03-05 14:52 . 2009-12-02 12:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-26 13:39 . 2010-02-26 13:39 -------- d-----w- c:\users\Jonathan\AppData\Roaming\SmarThru4
2010-02-26 13:39 . 2010-02-26 13:38 -------- d-----w- c:\program files\SmarThru 4
2010-02-26 13:38 . 2010-02-26 13:38 -------- d-----w- c:\program files\Common Files\SRC Shared
2010-02-26 13:38 . 2010-02-26 13:38 -------- d-----w- c:\program files\Readiris10
2010-02-26 13:38 . 2009-12-02 12:33 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-24 13:16 . 2009-12-02 12:32 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 02:36 . 2009-12-02 12:32 -------- d-----w- c:\programdata\Creative
2010-02-20 13:53 . 2010-01-18 15:19 -------- d-----w- c:\users\Jonathan\AppData\Roaming\uTorrent
2010-02-03 02:19 . 2010-02-03 02:19 270336 ----a-w- c:\programdata\UOL\lib\plugins\g729.dll
2010-02-03 02:05 . 2010-02-03 02:05 167936 ----a-w- c:\programdata\UOL\lib\fotoblog-1.0.0.3.dll
2010-02-02 07:45 . 2010-02-23 20:11 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-22 17:18 . 2010-01-22 17:18 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-04-12_20.35.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-14 15:26 . 2010-02-27 07:33 95744 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7600.20655_none_8b5b5c1a041ebcac\mrxsmb20.sys
+ 2010-04-14 15:26 . 2010-02-27 07:32 95744 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7600.16539_none_8aeb604eeaed4a5c\mrxsmb20.sys
+ 2009-12-02 12:43 . 2010-04-20 13:15 31456 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-04-20 12:59 39260 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-02 12:16 . 2010-04-18 15:41 10154 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1200526638-4209332710-2338039383-1001_UserData.bin
+ 2009-12-02 12:08 . 2010-04-20 13:00 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-02 12:08 . 2010-04-12 19:16 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-02 12:08 . 2010-04-20 13:00 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-02 12:08 . 2010-04-12 19:16 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2010-04-20 13:00 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2010-04-12 19:16 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-02 12:16 . 2010-04-12 15:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-02 12:16 . 2010-04-20 13:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:34 . 2010-04-05 13:08 72456 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:34 . 2010-04-19 17:18 72456 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-12-02 12:16 . 2010-04-12 15:18 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-02 12:16 . 2010-04-20 13:13 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-02 12:16 . 2010-04-12 15:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-02 12:16 . 2010-04-20 13:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-02 12:16 . 2010-04-20 13:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-02 12:16 . 2010-04-12 15:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-02 15:14 . 2010-04-12 20:06 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-02 15:14 . 2010-04-20 13:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-02 15:14 . 2010-04-12 20:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2009-12-02 15:14 . 2010-04-20 13:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2009-12-02 15:14 . 2010-04-20 13:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2009-12-02 15:14 . 2010-04-12 20:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2009-12-02 12:16 . 2010-04-12 20:06 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-02 12:16 . 2010-04-20 13:14 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-02 12:16 . 2010-04-12 15:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-02 12:16 . 2010-04-20 13:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-04 00:58 . 2010-03-11 03:35 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-12-04 00:58 . 2010-04-14 21:15 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-12-04 00:58 . 2010-03-11 03:35 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-12-04 00:58 . 2010-04-14 21:15 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-12-04 00:58 . 2010-03-11 03:35 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-12-04 00:58 . 2010-04-14 21:15 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-12-21 22:09 . 2009-12-21 22:09 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76401B7449A0300000010\9.3.0\ViewerPS.dll
+ 2009-12-22 03:57 . 2009-12-22 03:57 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76401B7449A0300000010\9.3.0\reader_sl.exe
+ 2009-12-21 22:02 . 2009-12-21 22:02 79280 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76401B7449A0300000010\9.3.0\PDFPrevHndlr.dll
+ 2009-12-22 01:21 . 2009-12-22 01:21 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76401B7449A0300000010\9.3.0\eula.exe
+ 2009-12-22 01:37 . 2009-12-22 01:37 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76401B7449A0300000010\9.3.0\acrotextextractor.exe
+ 2009-12-21 20:39 . 2009-12-21 20:39 15288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76401B7449A0300000010\9.3.0\AcroRd32Info.exe
+ 2009-12-21 20:27 . 2009-12-21 20:27 75200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76401B7449A0300000010\9.3.0\acroiehelpershim.dll
+ 2009-12-21 20:27 . 2009-12-21 20:27 61888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76401B7449A0300000010\9.3.0\AcroIEHelper.dll
+ 2010-01-10 13:27 . 2010-04-18 12:20 4304 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1200526638-4209332710-2338039383-1004_UserData.bin
+ 2010-04-20 13:13 . 2010-04-20 13:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-04-12 15:16 . 2010-04-12 15:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-04-20 13:13 . 2010-04-20 13:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-04-12 15:16 . 2010-04-12 15:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-14 15:22 . 2009-12-29 07:11 172032 c:\windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.1.7600.20605_none_f064afe014413504\wintrust.dll
+ 2010-04-14 15:22 . 2009-12-29 06:55 172032 c:\windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.1.7600.16493_none_ef77c14efb6e60de\wintrust.dll
+ 2010-04-14 15:26 . 2010-02-27 07:33 123392 c:\windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.20655_none_8011d3b3cb764ad9\mrxsmb.sys
+ 2010-04-14 15:26 . 2010-02-27 07:32 123392 c:\windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16539_none_7fa1d7e8b244d889\mrxsmb.sys
+ 2010-04-14 15:26 . 2010-02-27 07:33 221696 c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.20655_none_8924f207c5c7893b\mrxsmb10.sys
+ 2010-04-14 15:26 . 2010-02-27 07:32 221696 c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.16539_none_88b4f63cac9616eb\mrxsmb10.sys
+ 2010-04-14 15:26 . 2010-03-08 21:39 427520 c:\windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_6.1.7600.20662_none_48cc9903a84aaeeb\vbscript.dll
+ 2010-04-14 15:26 . 2010-03-08 21:33 427520 c:\windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_6.1.7600.16546_none_485c9d388f193c9b\vbscript.dll
+ 2010-04-14 15:22 . 2010-01-09 06:49 132608 c:\windows\winsxs\x86_microsoft-windows-cabview_31bf3856ad364e35_6.1.7600.20613_none_38abfbd35bb8e7a9\cabview.dll
+ 2010-04-14 15:22 . 2010-01-09 06:52 132608 c:\windows\winsxs\x86_microsoft-windows-cabview_31bf3856ad364e35_6.1.7600.16500_none_382a2e164295dfe9\cabview.dll
- 2009-07-14 02:05 . 2010-04-12 17:30 606992 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-04-20 03:07 606992 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-04-20 03:07 103370 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2010-04-12 17:30 103370 c:\windows\System32\perfc009.dat
+ 2009-12-02 12:18 . 2010-04-19 16:40 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-12-02 12:18 . 2010-04-12 15:21 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-02-22 01:47 . 2010-03-24 19:39 245760 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-02-22 01:47 . 2010-04-17 13:39 245760 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:47 . 2010-04-13 02:23 403252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-04-13 02:23 . 2010-04-13 02:23 403252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1200526638-4209332710-2338039383-1001-12288.dat
- 2009-12-04 00:58 . 2010-03-11 03:35 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-12-04 00:58 . 2010-04-14 21:15 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-12-04 00:58 . 2010-03-11 03:35 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-12-04 00:58 . 2010-04-14 21:15 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-12-04 00:58 . 2010-04-14 21:15 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-12-04 00:58 . 2010-03-11 03:35 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-12-04 00:58 . 2010-04-14 21:15 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-12-04 00:58 . 2010-03-11 03:35 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-12-04 00:58 . 2010-03-11 03:35 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-12-04 00:58 . 2010-04-14 21:15 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-12-04 00:58 . 2010-04-14 21:15 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-12-04 00:58 . 2010-03-11 03:35 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-12-04 00:58 . 2010-03-11 03:35 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-12-04 00:58 . 2010-04-14 21:15 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-12-21 20:35 . 2009-12-21 20:35 378264 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76401B7449A0300000010\9.3.0\pdfshell.dll
+ 2009-12-21 20:34 . 2009-12-21 20:34 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76401B7449A0300000010\9.3.0\nppdf32.dll
+ 2009-11-09 21:18 . 2009-11-09 21:18 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76401B7449A0300000010\9.3.0\JP2KLib.dll
+ 2009-12-21 22:02 . 2009-12-21 22:02 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76401B7449A0300000010\9.3.0\AdobeCollabSync.exe
+ 2009-12-21 20:43 . 2009-12-21 20:43 120240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76401B7449A0300000010\9.3.0\AcroRdIF.dll
+ 2009-12-22 03:57 . 2009-12-22 03:57 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76401B7449A0300000010\9.3.0\AcroRd32.exe
+ 2009-12-21 20:15 . 2009-12-21 20:15 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76401B7449A0300000010\9.3.0\AcroPDF.dll
+ 2009-12-21 21:32 . 2009-12-21 21:32 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76401B7449A0300000010\9.3.0\acrobroker.exe
+ 2009-12-21 21:15 . 2009-12-21 21:15 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76401B7449A0300000010\9.3.0\a3dutility.exe
+ 2010-04-14 15:26 . 2010-02-27 11:46 3899784 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20655_none_6cb0c81f2e7bee1e\ntoskrnl.exe
+ 2010-04-14 15:26 . 2010-02-27 11:46 3954568 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20655_none_6cb0c81f2e7bee1e\ntkrnlpa.exe
+ 2010-04-14 15:26 . 2010-02-27 12:07 3899280 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16539_none_6c40cc54154a7bce\ntoskrnl.exe
+ 2010-04-14 15:26 . 2010-02-27 12:07 3954568 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16539_none_6c40cc54154a7bce\ntkrnlpa.exe
+ 2009-07-14 07:18 . 2010-04-14 15:23 8587423 c:\windows\winsxs\ManifestCache\e4e8be02b8fae2a7_blobs.bin
- 2009-07-14 02:03 . 2010-04-12 19:45 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:03 . 2010-04-19 17:49 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 04:34 . 2010-04-01 02:09 3606945 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:34 . 2010-04-15 00:32 3606945 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-02-21 04:03 . 2010-02-21 04:03 4472832 c:\windows\Installer\1459b7c.msp
+ 2010-02-21 04:02 . 2010-02-21 04:02 4195840 c:\windows\Installer\1459b66.msp
+ 2010-03-12 02:59 . 2010-03-12 02:59 5031424 c:\windows\Installer\1459b50.msp
+ 2009-12-04 00:58 . 2010-04-14 21:15 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-12-04 00:58 . 2010-03-11 03:35 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-12-04 00:58 . 2010-03-11 03:35 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-12-04 00:58 . 2010-04-14 21:15 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-12-21 20:29 . 2009-12-21 20:29 2409880 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76401B7449A0300000010\9.3.0\rt3d.dll
+ 2009-12-22 01:31 . 2009-12-22 01:31 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76401B7449A0300000010\9.3.0\AGM.dll
+ 2009-12-02 12:36 . 2010-04-06 17:52 31971272 c:\windows\System32\MRT.exe
+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\e32fb0.msp
+ 2010-03-22 19:03 . 2010-03-22 19:03 11732992 c:\windows\Installer\1459b93.msp
+ 2009-12-22 01:21 . 2009-12-22 01:21 20436408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76401B7449A0300000010\9.3.0\AcroRd32.dll
+ 2009-04-03 20:46 . 2009-04-03 20:46 17314688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSO.DLL
.
-- Snapshot resetado para data atual --
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-01-25 3883840]
"7 Taskbar Tweaker"="c:\users\Jonathan\Downloads\7_Taskbar_Tweaker\7 Taskbar Tweaker.exe" [2009-10-28 68608]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
".IAP{0000.0000.0000.0001}"="c:\program files\Vono\Softfone Vono\System\Vono.exe" [2010-03-16 2135713]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-24 282792]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-10-10 614400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-22 149280]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-12-18 39424]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

c:\users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Mozilla Thunderbird.lnk - c:\program files\Mozilla Thunderbird\thunderbird.exe [2009-12-2 8319560]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
PhoneMidServerUI.lnk - c:\program files\voip\voip platform\Bin\PhoneMIdServerUI.exe [2010-3-5 315497]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-04-19 337064]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-04-19 405672]
R2 Vono_Manager;Vono Manager;c:\program files\Vono\Softfone Vono\System\Vono Manager.exe [2010-03-16 102400]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-02 79360]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1343400]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-03-24 135336]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2008-01-24 5120]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Scan Suplementar -------
.
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: SmarThru4 Capturar seleção - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Salvar como HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Salvar texto selecionado - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\0u334xjn.default\
FF - prefs.js: browser.startup.homepage - www.uol.com.br
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\0u334xjn.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D}\components\GbMzhCef.dll
FF - component: c:\users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\0u334xjn.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}\components\GbMzhAbn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Run-XP-EDE20155 - c:\windows\system32\XP-EDE20155.EXE

.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2010-04-20 10:26:41
ComboFix-quarantined-files.txt 2010-04-20 13:26
ComboFix2.txt 2010-04-12 20:37

Pré-execução: 102.934.405.120 bytes disponíveis
Pós execução: 102.943.543.296 bytes disponíveis

- - End Of File - - DE6C237CB43DCE7E983B708C179B0F10

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:58, on 20/04/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Jonathan\Downloads\7_Taskbar_Tweaker\7 Taskbar Tweaker.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Vono\Softfone Vono\System\Vono.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\voip\voip platform\Bin\PhoneMIdServerUI.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [7 Taskbar Tweaker] "C:\Users\Jonathan\Downloads\7_Taskbar_Tweaker\7 Taskbar Tweaker.exe" -hidewnd -hidetray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [.IAP{0000.0000.0000.0001}] "C:\Program Files\Vono\Softfone Vono\System\Vono.exe" /quiet
O4 - Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PhoneMidServerUI.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: SmarThru4 Capturar seleção - C:\Program Files\SmarThru 4\WebCapture.dll2.htm
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm
O8 - Extra context menu item: SmarThru4 Salvar como HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm
O8 - Extra context menu item: SmarThru4 Salvar texto selecionado - C:\Program Files\SmarThru 4\WebCapture.dll.htm
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Capturar seleção - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Capturar seleção - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Salvar como HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Salvar como HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Salvar texto selecionado - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Salvar texto selecionado - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15110/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\Windows\SYSTEM32\slserv.exe
O23 - Service: Vono Manager (Vono_Manager) - - C:\Program Files\Vono\Softfone Vono\System\Vono Manager.exe

--
End of file - 8566 bytes

Abraço

Bla$ter · 12/04/2010

TEm alguma coisa de errado no meu? Vou postar a analise no pc da minha mae que nem conectar na internet conecta mais!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:14:51, on 12/04/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Bruno\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Bruno\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{297D3CFE-0BAC-47DF-A520-3B233A7F333C}: NameServer = 201.10.120.2,201.10.120.128
O17 - HKLM\System\CS1\Services\Tcpip\..\{297D3CFE-0BAC-47DF-A520-3B233A7F333C}: NameServer = 201.10.120.2,201.10.120.128
O17 - HKLM\System\CS2\Services\Tcpip\..\{297D3CFE-0BAC-47DF-A520-3B233A7F333C}: NameServer = 201.10.120.2,201.10.120.128
O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5387 bytes

Spartacus · 12/04/2010

Mr. Wolf
Fala ai cara, beleza?

Deu tudo certo, segue ai os reports.

OTM

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\Program Files (x86)\Microsoft Office\acpi.vxd moved successfully.
========== REGISTRY ==========
========== SERVICES/DRIVERS ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Eduardo
->Temp folder emptied: 328799 bytes
->Temporary Internet Files folder emptied: 48465084 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 986 bytes

User: Public

User: Todos os Usuários

User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2934 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 47,00 mb

OTM by OldTimer - Version 3.1.10.1 log created on 04122010_222033

Files moved on Reboot...
C:\Users\Eduardo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

System Look

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 22:26 on 12/04/2010 by Eduardo (Administrator - Elevation successful)

========== filefind ==========

Searching for "acpi.*"
C:\Windows\inf\acpi.inf --a--- 7146 bytes [05:31 14/07/2009] [05:31 14/07/2009] 93462F8D41409FB4FB967B46B7558AF5
C:\Windows\inf\acpi.PNF --a--- 14116 bytes [04:50 14/07/2009] [02:35 20/12/2009] AF85AC3D8A71C82332B0B9A6AB148C76
C:\Windows\System32\DriverStore\en-US\acpi.inf_loc --a--- 1740 bytes [05:35 14/07/2009] [02:28 14/07/2009] 471B2EC3AF18EB609FED84A4759C6E6C
C:\Windows\System32\DriverStore\FileRepository\acpi.inf_amd64_neutral_2a841284c9de8962\acpi.inf --a--- 7146 bytes [20:18 13/07/2009] [20:18 13/07/2009] 93462F8D41409FB4FB967B46B7558AF5
C:\Windows\System32\DriverStore\FileRepository\acpi.inf_amd64_neutral_2a841284c9de8962\acpi.PNF --a--- 14116 bytes [05:31 14/07/2009] [02:35 20/12/2009] D5A60B27BAA99ACE741D51D99857C05A
C:\Windows\System32\DriverStore\FileRepository\acpi.inf_amd64_neutral_2a841284c9de8962\acpi.sys --a--- 334416 bytes [23:19 13/07/2009] [01:52 14/07/2009] 6F11E88748CDEFD2F76AA215F97DDFE5
C:\Windows\System32\DriverStore\pt-BR\acpi.inf_loc --a--- 1798 bytes [16:06 29/07/2009] [16:06 29/07/2009] 61F2E6C70ADDC101FAB144E046707D2F
C:\Windows\winsxs\amd64_acpi.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0fa7d070e2960b75\acpi.inf_loc --a--- 1740 bytes [05:35 14/07/2009] [02:28 14/07/2009] 471B2EC3AF18EB609FED84A4759C6E6C
C:\Windows\winsxs\amd64_acpi.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0fa7d070e2960b75\acpi.sys.mui --a--- 9216 bytes [05:35 14/07/2009] [02:23 14/07/2009] 32022C811A44B86FF45D20ACAB6D9BF6
C:\Windows\winsxs\amd64_acpi.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_114406f54f4a0914\acpi.inf_loc --a--- 1798 bytes [16:06 29/07/2009] [16:06 29/07/2009] 61F2E6C70ADDC101FAB144E046707D2F
C:\Windows\winsxs\amd64_acpi.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_114406f54f4a0914\acpi.sys.mui --a--- 10240 bytes [16:06 29/07/2009] [16:06 29/07/2009] 6D78CE5F7143E4B86FAF63DFDCCB0882
C:\Windows\winsxs\amd64_acpi.inf_31bf3856ad364e35_6.1.7600.16385_none_7e7db5aae7b8d5ef\acpi.inf --a--- 7146 bytes [20:18 13/07/2009] [20:18 13/07/2009] 93462F8D41409FB4FB967B46B7558AF5
C:\Windows\winsxs\amd64_acpi.inf_31bf3856ad364e35_6.1.7600.16385_none_7e7db5aae7b8d5ef\acpi.sys --a--- 334416 bytes [23:19 13/07/2009] [01:52 14/07/2009] 6F11E88748CDEFD2F76AA215F97DDFE5
C:\_OTM\MovedFiles\04122010_222033\C_Program Files (x86)\Microsoft Office\acpi.vxd --a--- 1888 bytes [02:01 26/03/2010] [19:40 01/04/2010] D9F98F00185049203C96EDE358C57A81

Searching for "ntkrnlp.*"
No files found.

Searching for "infosapi.*"
No files found.

Searching for "YinthkilU.*"
No files found.

Searching for "MsnSys.*"
No files found.

Searching for "qeqp8289.*"
No files found.

Searching for "script.html"
No files found.

========== regfind ==========

Searching for "acpi.vxd"
No data found.

========== service ==========

srvwinupd - Unable to open Service Handle.

DAC970NT - Unable to open Service Handle.

-=End Of File=-

PS: desculpe estar mandado o OTS assim, não consegui anexar tanto na extensão atual (ultrapassa o limite de tamanho) dele quanto em .rar e aqui ultrapassa o limite de caracteres.

OTS - Megaupload
http://www.megaupload.com/?d=FP0EYT3L

OTS - Rapidshare
http://rapidshare.com/files/375223932/OTS.Txt.html

Se tiver algum problema com esses servidores, me avise.
Obrigado mesmo cara, tanto pela ajuda quanto pela paciência e atenção no meu caso.

Aguardo ansiosamente notícias.

Bla$ter · 12/04/2010

Este aki e o principal o pc so acessa a internet em modo de seguranca modo normal nem abre site fica uma eternidade carregando. Eu ia formatar mais tem muita coisa no pc dela e to meio sem tempo ultimamente pra fazer backup e tals.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:43:20, on 12/04/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\OEM02Mon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bb0e6831\AESTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bb0e6831\STacSV64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6232 bytes

Tiagoquiroga · 19/04/2010

Ola Mr Wolf estou com o win 7 aqui e uma internet melhor com isso vieram os virus,queria dar uma limpada uso o eset e ja catei alguns,n tenho mais as ferramentas entao peço q mee mande denovo obrigado

lukox · 19/04/2010

MR.Wolf, desculpe a minha ignorancia, meu pc fico MARAVILHOSO depois que você me ajudo, mais que nem eu disse la não so só eu que to usando, ja puis ate senha agora aqui e tals, sera que tem como vc me ajuda denovo?acho que ta com o mesmo virus que você removeou, vo manda o log aqui.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:58:47, on 19/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\Teamspeak2_RC2\TeamSpeak.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Arquivos de programas\DVDVideoSoft\tbDVDV.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7FE393D6-2A55-4BCF-9588-78A89F9A49FF} - c:\windows\system32\lbycdxv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Arquivos de programas\DVDVideoSoft\tbDVDV.dll
O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Arquivos de programas\DVDVideoSoft\tbDVDV.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ccleaner] "C:\Arquivos de programas\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CBE0016-319E-45D1-BF51-CDB4AFB448F8}: NameServer = 200.204.0.10 200.204.0.138
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: c:\windows\elf_key.dll
O20 - Winlogon Notify: LogonInit - logonInit.dll (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 6227 bytes

Mr.Wolf · 20/04/2010

Bla$ter, peço que poste os logs novamente.

______________________________

Jonathan, siga abaixo:

- Baixe o RootRepeal e salve no desktop.

- Feche todos os programas abertos. Desative o antivirus e qualquer outro programa de segurança com residente ligado.
- Dê um duplo clique em RootRepeal.exe.
- No canto inferior direito, clique na guia Report e depois clique no botão Scan.
- Selecione todos os itens como mostra na imagem abaixo e clique em OK:

- Selecione sua unidade C: e dê um OK para prosseguir. Aguarde o scan e procure não ficar mexendo muito no sistema durante o scan.
- Quando o scan terminar, um log será aberto no Bloco de Notas. O mesmo estará em C:\RootRepeal report xxxxxx-xxxxxxx.txt (onde os "x" representam a data e hora em que o relatório foi salvo).
- Feche a ferramenta.

Poste o log do RooRepeal em sua próxima resposta.

______________________________

Eduardo, finalmente, tenho o prazer em comunicá-lo que seus logs estão limpos

Delete as ferramentas OTM, OTS, SystemLook, DeFogger, e qualquer outra ferramenta que tenhamos utilizado. Delete a pasta C:\_OTM e os logs que estiverem presentes no sistema. Se preferir fazer a limpeza das ferramentas e suas pastas automaticamente (sem precisar deletá-las manualmente), baixe o OTC e clique em CleanUp. Sugiro uma limpeza dos arquivos temporários também.

Quando você postou aqui no tópico pela primeira vez, salientou que gostaria de assegurar que, ao término da remoção dos malwares, o computador estaria realmente limpo antes de usá-lo para acessos bancários e tarefas do gênero. Nada mais justo e coerente.

A melhor maneira de fazer uma varredura completa na máquina para certficar-se de que ela está devidamente limpa, é utilizando um antivirus. Contudo, geralmente, aconselhamos que, em casos como este, a varredura seja feita por um antivirus diferente do instalado no PC e, posteriormente, se for da decisão do usuário, com o antivirus já instalado. Assim, terás uma confirmação mais garantida. Você já está a utilizar um ótimo antivirus, o NOD32 (da suite ESET Smart Security). Porém, há também o Kaspersky Online Scanner (pode ser até mesmo o Removal Tool da Kaspersky que lhe passei anteriormente), que são ótimos, dentre outros. Sinta-se a vontade para escolher. Neste link você pode obter uma lista de scanners online.

Como está o computador, amigo Eduardo?

______________________________

Tiagoquiroga, HijackThis. :thumbs_up

______________________________

lukox, assim fica difícil amigo. Converse e aconselhe as demais pessoas que usufruem do PC para uma navegação mais adequada. Afinal, são os seus dados pessoais que estão em jogo.

Não é hostilidade da minha parte, apenas um conselho amigável e sincero.

Siga abaixo:

1ª Etapa

Faça o download desta ferramenta abaixo e salve em sua unidade C:
http://www.gmer.net/download.php

Desconecte-se da Internet e feche todos os programas abertos.
Desative temporariamente seus programas de proteção.
Dê um duplo clique no arquivo que acabou de baixar para executar a ferramenta.
Clique na guia "Rootkit/Malware" e veja se, ao lado direito do painel, todos os itens estão marcados. Conforme a imagem abaixo:

Selecione sua unidade C: e clique no botão Scan para iniciar a varredura. Seja paciente, pois pode levar alguns minutos!
Quando o scan terminar, clique no botão Save para salvar o relatório em seu desktop. Salve como Resultado.log.
Feche a ferramenta e reative todos os seus programas de proteção que foram desativados.

Copie e cole este relatório em sua próxima resposta.

2ª Etapa

- Faça o download do RSIT e salve no seu desktop;

● Dê dois cliques em RSIT.exe para executar o programa;
● Na janela que abrir clique no botão Continue para que a ferramenta comece a rodar;
● Quando a ferramenta terminar de rodar, abrirá um log automaticamente no bloco de notas contendo o resultado do scan. Cole o resultado desse log (log.txt) na sua próxima resposta;
● Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt.

Jonathan · 20/04/2010

Mr.Wolf disse:
Jonathan, siga abaixo:

- Baixe o RootRepeal e salve no desktop.

- Feche todos os programas abertos. Desative o antivirus e qualquer outro programa de segurança com residente ligado.
- Dê um duplo clique em RootRepeal.exe.
- No canto inferior direito, clique na guia Report e depois clique no botão Scan.
- Selecione todos os itens como mostra na imagem abaixo e clique em OK:

- Selecione sua unidade C: e dê um OK para prosseguir. Aguarde o scan e procure não ficar mexendo muito no sistema durante o scan.
- Quando o scan terminar, um log será aberto no Bloco de Notas. O mesmo estará em C:\RootRepeal report xxxxxx-xxxxxxx.txt (onde os "x" representam a data e hora em que o relatório foi salvo).
- Feche a ferramenta.

Poste o log do RooRepeal em sua próxima resposta.

Mr.Wolf, tesntei rodar este programa aqui, fechei todos os programas e tal, mas deu diversos erros e o unico log que gerou foi este:

ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows Vista SP0
Exception Code: 0xc0000005
Exception Address: 0x00422bf2
Attempt to read from address: 0x00000004

Os erros foram:

root repeal error: FOPS - DeviceIoControl Error!

could not initialize driver!

attempt to read from address

Obrigado

Mr.Wolf · 20/04/2010

Isso não é bom, amigo Jonathan.

Vamos ver se esta ferramenta abaixo roda.

- Baixe o WinDatFind

● Extraia o arquivo windatfind.bat para o desktop;
● Desative temporariamente o seu antivírus;
● Duplo clique em windatfind.bat;
● Cole o relatório criado em C:\dirdat.txt.

Jonathan · 20/04/2010

Mr.Wolf disse:
Isso não é bom, amigo Jonathan.

Vamos ver se esta ferramenta abaixo roda.

- Baixe o WinDatFind

● Extraia o arquivo windatfind.bat para o desktop;
● Desative temporariamente o seu antivírus;
● Duplo clique em windatfind.bat;
● Cole o relatório criado em C:\dirdat.txt.

Olá, este deu certo, segue o log:

O volume na unidade C nÆo tem nome.
O N£mero de S‚rie do Volume ‚ E037-779F

Pasta de C:\

20/04/2010 15:25 0 dirdat.txt
20/04/2010 15:23 3.488.079.872 pagefile.sys
20/04/2010 15:23 2.616.057.856 hiberfil.sys
20/04/2010 10:26 36.387 ComboFix.txt
22/01/2010 21:23 2.590 CONFIG.SYS
27/10/2009 23:18 68.608 7 Taskbar Tweaker.exe
10/06/2009 18:42 10 CONFIG.001
10/06/2009 18:42 24 autoexec.bat
8 arquivo(s) 6.104.245.347 bytes
0 pasta(s) 98.974.093.312 bytes dispon¡veis
O volume na unidade C nÆo tem nome.
O N£mero de S‚rie do Volume ‚ E037-779F

Pasta de C:\Windows\system

13/07/2009 18:41 24.064 OLESVR.DLL
13/07/2009 18:41 12.704 WFWNET.DRV
13/07/2009 18:41 32.816 COMMDLG.DLL
13/07/2009 18:41 4.048 TIMER.DRV
13/07/2009 18:41 68.992 MMSYSTEM.DLL
13/07/2009 18:41 1.152 mmtask.tsk
13/07/2009 18:41 2.032 mouse.drv
13/07/2009 18:41 2.176 vga.drv
13/07/2009 18:41 1.744 sound.drv
13/07/2009 18:41 2.000 keyboard.drv
13/07/2009 18:41 5.120 SHELL.DLL
13/07/2009 18:41 3.360 system.drv
10/06/2009 18:42 9.008 ver.dll
10/06/2009 18:42 82.944 olecli.dll
10/06/2009 18:42 9.936 lzexpand.dll
10/06/2009 18:25 5.532 stdole.tlb
10/06/2009 18:21 126.912 msvideo.dll
10/06/2009 18:21 28.160 mciwave.drv
10/06/2009 18:21 25.264 mciseq.drv
10/06/2009 18:21 73.376 mciavi.drv
10/06/2009 18:21 109.456 avifile.dll
10/06/2009 18:21 69.584 avicap.dll
22 arquivo(s) 700.380 bytes
0 pasta(s) 98.974.089.216 bytes dispon¡veis
O volume na unidade C nÆo tem nome.
O N£mero de S‚rie do Volume ‚ E037-779F

Pasta de C:\Windows

20/04/2010 15:23 14.058 setupact.log
20/04/2010 15:23 67.584 bootstat.dat
20/04/2010 15:22 1.658.812 WindowsUpdate.log
20/04/2010 10:28 3.048 PFRO.log
20/04/2010 10:24 215 system.ini
11/04/2010 16:01 237.568 IncaBallCave.scr
03/04/2010 00:01 10 popcinfo.dat
26/03/2010 10:54 229.484 hpoins19.dat
26/03/2010 10:53 438 win.ini
26/03/2010 10:08 19 wp.ini
26/03/2010 10:08 2.303 wp2.ini
22/03/2010 19:13 2.303 ran2.ini
22/03/2010 18:45 2.303 dom2.ini
22/03/2010 12:02 2.303 wp3.ini
12/03/2010 18:02 261.632 PEV.exe
26/02/2010 10:38 163 setup.log
26/02/2010 10:38 125 Readiris.ini
22/01/2010 21:23 39 cnpj010.INI
09/01/2010 15:02 2.179 diagwrn.xml
09/01/2010 15:02 46.379 diagerr.xml
09/01/2010 15:02 276 setuperr.log
09/01/2010 01:06 284.524 msxml4-KB954430-enu.LOG
09/01/2010 01:06 290.964 msxml4-KB973688-enu.LOG
02/12/2009 11:01 0 nsreg.dat
02/12/2009 09:32 87 ctfile.rfc
02/12/2009 09:00 1.313 TSSysprep.log
02/12/2009 08:58 1.774 DtcInstall.log
09/11/2009 15:00 38 avisplitter.ini
31/10/2009 02:45 2.614.272 explorer.exe
25/10/2009 06:11 77.312 MBR.exe
20/10/2009 01:30 13.898 hpomdl19.dat
28/09/2009 18:51 113.768 Wiainst.exe
28/09/2009 18:51 482.408 ssndii.exe
28/09/2009 18:51 133.757 SmartCMS2.ico
28/09/2009 18:51 5.430 AnyWeb Print.ico
24/08/2009 10:22 57.344 signet32.dll
14/07/2009 01:41 749 WindowsShell.Manifest
13/07/2009 22:16 51.200 twain_32.dll
13/07/2009 22:14 9.216 write.exe
13/07/2009 22:14 9.728 winhlp32.exe
13/07/2009 22:14 31.232 twunk_32.exe
13/07/2009 22:14 398.336 regedit.exe
13/07/2009 22:14 179.712 notepad.exe
13/07/2009 22:14 15.360 hh.exe
13/07/2009 22:14 497.152 HelpPane.exe
13/07/2009 22:14 13.824 fveupdate.exe
13/07/2009 22:14 65.024 bfsvc.exe
13/07/2009 19:58 43.131 mib.bin
10/06/2009 18:42 707 _default.pif
10/06/2009 18:42 256.192 winhelp.exe
10/06/2009 18:41 49.680 twunk_16.exe
10/06/2009 18:41 94.784 twain.dll
10/06/2009 18:34 316.640 WMSysPr9.prx
10/06/2009 18:19 1.405 msdfmap.ini
10/06/2009 18:14 51.867 Ultimate.xml
10/06/2009 18:14 48.201 Starter.xml
20/04/2009 12:56 31.232 NIRCMD.exe
13/11/2008 05:07 2.177 P17EP.ini
26/08/2008 07:30 8.704 ResDefE.exe
04/12/2007 04:20 1.489 P17EP51.ini
07/08/2007 23:08 36.864 slrundll.exe
07/06/2007 04:25 1.578 P17EPLS.ini
16/08/2006 19:56 11.502 Dr. Printer Icon.ico
31/08/2000 08:00 80.412 grep.exe
31/08/2000 08:00 136.704 SWSC.exe
31/08/2000 08:00 212.480 SWXCACLS.exe
31/08/2000 08:00 68.096 zip.exe
31/08/2000 08:00 161.792 SWREG.exe
31/08/2000 08:00 98.816 sed.exe
69 arquivo(s) 9.594.116 bytes
0 pasta(s) 98.974.085.120 bytes dispon¡veis
O volume na unidade C nÆo tem nome.
O N£mero de S‚rie do Volume ‚ E037-779F

Pasta de C:\Users\Jonathan\AppData\Local\Temp

20/04/2010 15:24 8.456 RedboxLog.txt
20/04/2010 15:24 1.124 hpqddusr.log
20/04/2010 15:23 1.285 MARB857.tmp
20/04/2010 15:23 1.313 MARB846.tmp
20/04/2010 15:23 4.998 stt6C68.tmp
20/04/2010 15:23 2.883 AdobeARM.log
20/04/2010 14:53 1.234 StructuredQuery.log
20/04/2010 12:13 802 jusched.log
20/04/2010 12:09 1.285 MARB413.tmp
20/04/2010 12:09 1.313 MARB183.tmp
20/04/2010 10:29 1.285 MARA6DA.tmp
20/04/2010 10:29 1.313 MARA60E.tmp
20/04/2010 10:26 0 FXSAPIDebugLogFile.txt
13 arquivo(s) 27.291 bytes
0 pasta(s) 98.974.085.120 bytes dispon¡veis

Abraço

Mr.Wolf · 20/04/2010

Jonathan, você executou o ComboFix hoje novamente?

Acesse o site VirusTotal. Copie este caminho em destaque e cole ao lado do botão

. Clique em Enviar Arquivo e aguarde.

C:\windows\system32\Q68C3E4B.EXE

Ao término, clique em Mostrar último relatório, copie a URL da página e cole aqui.

Faça o mesmo, com mais estes três arquivos:

C:\windows\system32\TC-WZ5.EXE
C:\windows\system32\W571637B.EXE
C:\windows\system32\GC-WZ6.EXE

Brenow-Kenpachi · 20/04/2010

Pessoal estou com o problema de virus no meu msn,o virus manda mensagens para meus contatos e em seguida meu msn trava e é fechado.Já tentei inúmeros programas como o Clean virus,msn photo virus remover,msn cleaner,malware bytes,segm

mais estranho que esses programas me informar que foi localizado o problema e que o arquivo foi deletado,mas é só eu inicializar para o problema voltar novamente.
Já não sei mais o que fazer,minha ultima esperança e mandar esse LOG para que vocês possam analizar e me indicarem qual(is) procedimentos devo tomar,muito obrigado pela ajuda.

PS:O antivirus esta atualizado,junto com o windows defender

Segue o LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33:13, on 20/04/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\msnmls.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Iminent\IMBooster\imbooster.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\Windows Defender\MSASCui.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\AceLogix\Free Ram Optimizer\fro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\dllhost.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\AxBx\Clean Virus MSN\CleanVirusMSN.exe
C:\Documents and Settings\Administrador\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\msnmls.exe,
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE \rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: CHelperBHO - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - C:\Arquivos de programas\Iminent\SearchTheWeb\Iminent.BHO.Navigat ionError.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Arquivos de programas\Iminent\IMBooster4Web\Iminent.WebBooster .dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.d ll
O4 - HKLM\..\Run: [Runonce] C:\WINDOWS\system32\runouce.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [IMBooster] C:\Arquivos de programas\Iminent\IMBooster\imbooster.exe /warmup
O4 - HKLM\..\Run: [Iminent.Notifier] C:\Arquivos de programas\Iminent\SearchTheWeb\Iminent.Notifier.ex e
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Free Ram Optimizer] C:\Arquivos de programas\AceLogix\Free Ram Optimizer\fro.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1060284298-57989841-725345543-1005\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background (User 'Reinaldo')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1270962619609
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28E1F51C-6C23-4C21-89E8-65670378A312}: NameServer = 200.165.132.147 200.165.132.155
O17 - HKLM\System\CS1\Services\Tcpip\..\{28E1F51C-6C23-4C21-89E8-65670378A312}: NameServer = 200.165.132.147 200.165.132.155
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7404 byte

Formatei meu pc tem 1 dia mais ou menos e estou atualizando ele,mas minha irmã usando o msn,clicou naqueles links q são virus e agora nao consigo resolver

Muito obrigado a todos!

Edit:Ja solicitei para apagarem o topico que criei aki nessa área,nao tinha visto esse tópico,falta de atenção minha.:slap:

Jonathan · 20/04/2010

Mr.Wolf disse:
Jonathan, você executou o ComboFix hoje novamente?

Acesse o site VirusTotal. Copie este caminho em destaque e cole ao lado do botão

. Clique em Enviar Arquivo e aguarde.

C:\windows\system32\Q68C3E4B.EXE

Ao término, clique em Mostrar último relatório, copie a URL da página e cole aqui.

Faça o mesmo, com mais estes três arquivos:

C:\windows\system32\TC-WZ5.EXE
C:\windows\system32\W571637B.EXE
C:\windows\system32\GC-WZ6.EXE

Olá,

Bom, os arquivos TC-WZ5.EXE e GC-WZ6.EXE eu nao encontrei no pc. Segue os outros dois:

http://www.virustotal.com/pt/analis...b773dc9560d3ad7ce930074e58877442c5-1271691539

http://www.virustotal.com/pt/analis...0f61360d7da839418a80e3cf3d0a48218f-1271669000

Abraço

Mr.Wolf · 20/04/2010

BrenoxD, você está infectado por um worm. É aconselhável que troque suas senhas do MSN após remover o malware e, por enquanto, evite acessar o messenger.

Siga abaixo:

- Faça o download do RSIT e salve no seu desktop;

● Dê dois cliques em RSIT.exe para executar o programa;
● Na janela que abrir clique no botão Continue para que a ferramenta comece a rodar;
● Quando a ferramenta terminar de rodar, abrirá um log automaticamente no bloco de notas contendo o resultado do scan. Cole o resultado desse log (log.txt) na sua próxima resposta;
● Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt.

_________________________________

Jonathan, vamos lá.

Siga abaixo:

Seu ComboFix não está salvo no desktop. É trivial que ele esteja salvo neste local. Então, delete o ComboFix que está aí, baixe-o aqui novamente salvando no desktop desta vez, para que possamos prosseguir com as instruções.

Selecione e copie este texto abaixo (a partir de File). Cole no Bloco de Notas do PC e salve no desktop como CFScript.txt

Código:

File::
c:\windows\system32\Q68C3E4B.EXE
c:\windows\system32\TC-WZ5.EXE
c:\windows\system32\W571637B.EXE
c:\windows\system32\GC-WZ6.EXE
c:\windows\system32\~.tmp
SysRst::

Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:

● Se for solicitado à você, pressione Enter para iniciar o processo de remoção;
● Não use o mouse nem o teclado quando o ComboFix estiver rodando;
● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt;
● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

Jonathan · 20/04/2010

Mr.Wolf, segue novamente o combo fix e o log do HijackThis.

ComboFix 10-04-19.08 - Jonathan 20/04/2010 16:35:10.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1033.18.3326.2253 [GMT -3:00]
Executando de: c:\users\Jonathan\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\Jonathan\Desktop\CFScript.txt

FILE ::
"c:\windows\system32\~.tmp"
"c:\windows\system32\GC-WZ6.EXE"
"c:\windows\system32\Q68C3E4B.EXE"
"c:\windows\system32\TC-WZ5.EXE"
"c:\windows\system32\W571637B.EXE"
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\¡¡¡¡¡¡.lnk
c:\windows\system32\~.tmp
c:\windows\system32\com.run
c:\windows\system32\dp1.fne
c:\windows\system32\eAPI.fne
c:\windows\system32\GC-WZ6.EXE
c:\windows\system32\internet.fne
c:\windows\system32\krnln.fnr
c:\windows\system32\og.dll
c:\windows\system32\og.edt
c:\windows\system32\Q68C3E4B.EXE
c:\windows\system32\RegEx.fnr
c:\windows\system32\shell.fne
c:\windows\system32\spec.fne
c:\windows\system32\TC-WZ5.EXE
c:\windows\system32\ul.dll
c:\windows\system32\W571637B.EXE
c:\windows\system32\XP-EDE20155.EXE

.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-03-20 to 2010-04-20 ))))))))))))))))))))))))))))
.

2010-04-20 19:41 . 2010-04-20 19:41 -------- d-----w- c:\users\Jonathan\AppData\Local\temp
2010-04-20 19:41 . 2010-04-20 19:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-20 19:41 . 2010-04-20 19:41 -------- d-----w- c:\users\Jeniffer\AppData\Local\temp
2010-04-20 19:41 . 2010-04-20 19:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-20 19:41 . 2010-04-20 19:41 -------- d-----w- c:\users\Clarety\AppData\Local\temp
2010-04-16 21:34 . 2010-04-06 08:12 114360 ----a-w- c:\users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\0u334xjn.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
2010-04-14 15:26 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 15:26 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 15:26 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 15:26 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 15:26 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 15:26 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 15:22 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 15:22 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-12 02:20 . 2010-04-12 02:20 -------- d-----w- c:\program files\Trend Micro
2010-04-11 19:02 . 2010-04-11 19:01 -------- d---a-w- c:\program files\IncaBall Screen Saver
2010-04-11 19:02 . 2010-04-11 19:01 237568 ----a-w- c:\windows\IncaBallCave.scr
2010-04-06 23:26 . 2010-04-06 23:26 160328 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{03C58966-B3A7-1914-00D2-D77CC09031E0}-AdminTool.exe
2010-04-03 03:05 . 2010-04-03 03:05 -------- d-----w- c:\program files\GameTop.com
2010-04-03 03:01 . 2010-04-03 03:01 10 ----a-w- c:\windows\popcinfo.dat
2010-04-03 02:51 . 2010-04-03 02:51 -------- d-----w- c:\users\Jonathan\AppData\Roaming\Zylom
2010-04-03 02:51 . 2010-04-03 02:51 -------- d-----w- c:\programdata\Zylom
2010-04-03 02:51 . 2009-10-26 18:45 102400 ----a-w- c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
2010-04-03 02:51 . 2006-09-26 15:03 161976 ----a-w- c:\programdata\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
2010-04-03 02:51 . 2010-04-03 02:51 -------- d-----w- c:\program files\Zylom Games
2010-03-31 12:10 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll
2010-03-30 11:07 . 2010-03-30 11:07 -------- d-----w- c:\program files\Common Files\Skype
2010-03-27 16:58 . 2009-08-17 17:56 462848 ------w- c:\programdata\HP\Installer\Temp\hpzswp01.exe
2010-03-27 16:58 . 2009-07-31 22:02 1639224 ------w- c:\programdata\HP\Installer\Temp\hpzscr01.EXE
2010-03-27 16:58 . 2009-07-31 22:02 1710392 ------w- c:\programdata\HP\Installer\Temp\hpzmsi01.exe
2010-03-26 13:55 . 2010-03-26 13:55 -------- d-----w- c:\users\Jonathan\AppData\Local\HP
2010-03-26 13:54 . 2010-03-26 13:55 -------- d-----w- c:\users\Jonathan\AppData\Roaming\HP
2010-03-26 13:54 . 2010-03-26 13:54 -------- d-----w- c:\programdata\WEBREG
2010-03-26 13:51 . 2010-03-26 13:51 -------- d-----w- c:\programdata\HP Product Assistant
2010-03-26 13:50 . 2010-03-26 13:50 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-03-26 13:50 . 2010-03-26 13:50 -------- d-----w- c:\program files\Common Files\HP
2010-03-26 13:49 . 2010-03-26 13:52 -------- d-----w- c:\program files\HP
2010-03-26 13:48 . 2010-03-26 13:54 229484 ----a-w- c:\windows\hpoins19.dat
2010-03-26 13:48 . 2009-10-20 04:30 13898 ------w- c:\windows\hpomdl19.dat
2010-03-26 13:48 . 2010-03-26 13:54 -------- d-----w- c:\programdata\HP
2010-03-26 13:48 . 2009-07-08 10:51 452408 ----a-w- c:\windows\system32\hpzids01.dll
2010-03-24 14:56 . 2010-03-24 14:59 -------- d-----w- c:\users\Jonathan\AppData\Roaming\Crispy Plotter
2010-03-24 14:56 . 2010-03-24 14:56 -------- d-----w- c:\program files\Crispy Plotter
2010-03-22 22:34 . 2010-03-22 22:34 -------- d-----w- c:\program files\Archim

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-20 19:42 . 2009-12-29 01:04 -------- d-----w- c:\users\Jonathan\AppData\Roaming\Skype
2010-04-20 19:23 . 2010-01-05 18:59 -------- d-----w- c:\program files\Common Files\Akamai
2010-04-20 19:04 . 2009-12-29 01:06 -------- d-----w- c:\users\Jonathan\AppData\Roaming\skypePM
2010-04-20 18:23 . 2009-12-02 14:01 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-04-20 03:07 . 2009-12-02 12:41 654272 ----a-w- c:\windows\system32\prfh0416.dat
2010-04-20 03:07 . 2009-12-02 12:41 124724 ----a-w- c:\windows\system32\prfc0416.dat
2010-04-19 22:58 . 2009-12-20 22:23 -------- d-----w- c:\users\Jonathan\AppData\Roaming\Winamp
2010-04-18 23:51 . 2009-12-07 20:37 -------- d-----w- c:\users\Jonathan\AppData\Roaming\U3
2010-04-14 21:15 . 2009-12-04 00:55 -------- d-----w- c:\programdata\Microsoft Help
2010-04-14 15:17 . 2010-02-05 22:11 -------- d-----w- c:\program files\Shareaza
2010-04-14 01:42 . 2009-12-19 19:23 85280 ----a-w- c:\users\Jeniffer\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-13 17:56 . 2010-02-05 22:11 -------- d-----w- c:\users\Jeniffer\AppData\Roaming\Shareaza
2010-03-28 20:51 . 2009-12-12 13:08 85280 ----a-w- c:\users\Clarety\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-28 02:31 . 2009-12-02 12:46 85280 ----a-w- c:\users\Jonathan\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-28 02:28 . 2009-12-04 15:05 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-24 14:40 . 2009-12-12 20:53 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-24 14:40 . 2009-12-12 20:53 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-20 00:50 . 2010-03-10 00:25 -------- d-----w- c:\users\Clarety\AppData\Roaming\Winamp
2010-03-18 14:25 . 2010-03-18 14:25 -------- d-----w- c:\users\Jonathan\AppData\Roaming\Shareaza
2010-03-17 13:23 . 2010-03-17 13:23 -------- d-----w- c:\program files\EmissaoRecibo
2010-03-16 12:53 . 2010-03-16 12:53 -------- d-----w- c:\users\Jonathan\AppData\Roaming\Vono
2010-03-16 12:52 . 2010-03-16 12:52 -------- d-----w- c:\program files\Vono
2010-03-05 14:52 . 2010-03-05 14:52 -------- d-----w- c:\program files\voip
2010-03-05 14:52 . 2009-12-02 12:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-26 13:39 . 2010-02-26 13:39 -------- d-----w- c:\users\Jonathan\AppData\Roaming\SmarThru4
2010-02-26 13:39 . 2010-02-26 13:38 -------- d-----w- c:\program files\SmarThru 4
2010-02-26 13:38 . 2010-02-26 13:38 -------- d-----w- c:\program files\Common Files\SRC Shared
2010-02-26 13:38 . 2010-02-26 13:38 -------- d-----w- c:\program files\Readiris10
2010-02-26 13:38 . 2009-12-02 12:33 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-24 13:16 . 2009-12-02 12:32 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 02:36 . 2009-12-02 12:32 -------- d-----w- c:\programdata\Creative
2010-02-20 13:53 . 2010-01-18 15:19 -------- d-----w- c:\users\Jonathan\AppData\Roaming\uTorrent
2010-02-03 02:19 . 2010-02-03 02:19 270336 ----a-w- c:\programdata\UOL\lib\plugins\g729.dll
2010-02-03 02:05 . 2010-02-03 02:05 167936 ----a-w- c:\programdata\UOL\lib\fotoblog-1.0.0.3.dll
2010-02-02 07:45 . 2010-02-23 20:11 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-22 17:18 . 2010-01-22 17:18 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot_2010-04-20_13.24.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-02 12:43 . 2010-04-20 13:30 31472 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 04:55 . 2010-04-20 12:59 39260 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-04-20 18:25 39260 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-02 12:08 . 2010-04-20 17:51 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-02 12:08 . 2010-04-20 13:00 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-02 12:08 . 2010-04-20 13:00 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-02 12:08 . 2010-04-20 17:51 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2010-04-20 13:00 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2010-04-20 17:51 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-02 12:16 . 2010-04-20 18:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-02 12:16 . 2010-04-20 13:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-02 12:16 . 2010-04-20 13:13 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-02 12:16 . 2010-04-20 18:24 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-02 12:16 . 2010-04-20 13:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-02 12:16 . 2010-04-20 18:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-02 12:16 . 2010-04-20 13:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-02 12:16 . 2010-04-20 18:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-02 15:14 . 2010-04-20 19:02 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-02 15:14 . 2010-04-20 13:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-02 15:14 . 2010-04-20 13:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2009-12-02 15:14 . 2010-04-20 19:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2009-12-02 15:14 . 2010-04-20 19:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2009-12-02 15:14 . 2010-04-20 13:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2009-12-02 12:16 . 2010-04-20 13:14 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-02 12:16 . 2010-04-20 19:02 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-02 12:16 . 2010-04-20 13:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-02 12:16 . 2010-04-20 18:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-04-20 13:13 . 2010-04-20 13:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-04-20 18:23 . 2010-04-20 18:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-04-20 13:13 . 2010-04-20 13:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-20 18:23 . 2010-04-20 18:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-12-02 12:18 . 2010-04-19 16:40 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-12-02 12:18 . 2010-04-20 17:51 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 02:03 . 2010-04-20 18:33 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:03 . 2010-04-19 17:49 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-01-25 3883840]
"7 Taskbar Tweaker"="c:\users\Jonathan\Downloads\7_Taskbar_Tweaker\7 Taskbar Tweaker.exe" [2009-10-28 68608]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
".IAP{0000.0000.0000.0001}"="c:\program files\Vono\Softfone Vono\System\Vono.exe" [2010-03-16 2135713]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-24 282792]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-10-10 614400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-22 149280]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-12-18 39424]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"XP-EDE20155"="c:\windows\system32\XP-EDE20155.EXE" [BU]

c:\users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Mozilla Thunderbird.lnk - c:\program files\Mozilla Thunderbird\thunderbird.exe [2009-12-2 8319560]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
PhoneMidServerUI.lnk - c:\program files\voip\voip platform\Bin\PhoneMIdServerUI.exe [2010-3-5 315497]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-04-19 337064]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-04-19 405672]
R2 Vono_Manager;Vono Manager;c:\program files\Vono\Softfone Vono\System\Vono Manager.exe [2010-03-16 102400]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-02 79360]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1343400]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-03-24 135336]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2008-01-24 5120]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Scan Suplementar -------
.
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: SmarThru4 Capturar seleção - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Salvar como HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Salvar texto selecionado - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\0u334xjn.default\
FF - prefs.js: browser.startup.homepage - www.uol.com.br
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\0u334xjn.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D}\components\GbMzhCef.dll
FF - component: c:\users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\0u334xjn.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}\components\GbMzhAbn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2010-04-20 16:44:32
ComboFix-quarantined-files.txt 2010-04-20 19:44
ComboFix2.txt 2010-04-20 13:26
ComboFix3.txt 2010-04-12 20:37

Pré-execução: 99.060.596.736 bytes disponíveis
Pós execução: 98.772.246.528 bytes disponíveis

- - End Of File - - B22142629E7D85597B6BBF92B05601B7

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:47:19, on 20/04/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Jonathan\Downloads\7_Taskbar_Tweaker\7 Taskbar Tweaker.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Vono\Softfone Vono\System\Vono.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\voip\voip platform\Bin\PhoneMIdServerUI.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [XP-EDE20155] C:\Windows\system32\XP-EDE20155.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [7 Taskbar Tweaker] "C:\Users\Jonathan\Downloads\7_Taskbar_Tweaker\7 Taskbar Tweaker.exe" -hidewnd -hidetray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [.IAP{0000.0000.0000.0001}] "C:\Program Files\Vono\Softfone Vono\System\Vono.exe" /quiet
O4 - Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PhoneMidServerUI.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: SmarThru4 Capturar seleção - C:\Program Files\SmarThru 4\WebCapture.dll2.htm
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm
O8 - Extra context menu item: SmarThru4 Salvar como HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm
O8 - Extra context menu item: SmarThru4 Salvar texto selecionado - C:\Program Files\SmarThru 4\WebCapture.dll.htm
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Capturar seleção - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Capturar seleção - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Salvar como HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Salvar como HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Salvar texto selecionado - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Salvar texto selecionado - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15110/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\Windows\SYSTEM32\slserv.exe
O23 - Service: Vono Manager (Vono_Manager) - - C:\Program Files\Vono\Softfone Vono\System\Vono Manager.exe

--
End of file - 8534 bytes

Abraço

Brenow-Kenpachi · 20/04/2010

Mr Wolf segue em spoiler os Logs:

LOG

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrador at 2010-04-20 17:15:18
Microsoft Windows XP Professional Service Pack 2
System drive C: has 134 GB (88%) free of 153 GB
Total RAM: 2046 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:15:19, on 20/04/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\msnmls.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Iminent\IMBooster\imbooster.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\Windows Defender\MSASCui.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\AceLogix\Free Ram Optimizer\fro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrador\Desktop\62531_msn_photo_virus_remover_426.exe
C:\Arquivos de programas\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Administrador\Desktop\RSIT.exe
C:\Documents and Settings\Administrador\Desktop\Administrador.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\msnmls.exe,
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: CHelperBHO - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - C:\Arquivos de programas\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Arquivos de programas\Iminent\IMBooster4Web\Iminent.WebBooster.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Runonce] C:\WINDOWS\system32\runouce.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [IMBooster] C:\Arquivos de programas\Iminent\IMBooster\imbooster.exe /warmup
O4 - HKLM\..\Run: [Iminent.Notifier] C:\Arquivos de programas\Iminent\SearchTheWeb\Iminent.Notifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Free Ram Optimizer] C:\Arquivos de programas\AceLogix\Free Ram Optimizer\fro.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1060284298-57989841-725345543-1005\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background (User 'Reinaldo')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1270962619609
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28E1F51C-6C23-4C21-89E8-65670378A312}: NameServer = 200.165.132.147 200.165.132.155
O17 - HKLM\System\CS1\Services\Tcpip\..\{28E1F51C-6C23-4C21-89E8-65670378A312}: NameServer = 200.165.132.147 200.165.132.155
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7504 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-57989841-725345543-1004.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-57989841-725345543-1005.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-57989841-725345543-500.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-57989841-725345543-1004.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-57989841-725345543-1005.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-57989841-725345543-500.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{E42AEAB5-70EF-4242-8A1C-D90BA1276DD7}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-04-16 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Iminent.BHO.NavigationError - C:\Arquivos de programas\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll [2010-02-22 44280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]
IMinent WebBooster (BHO) - C:\Arquivos de programas\Iminent\IMBooster4Web\Iminent.WebBooster.dll [2010-02-11 232184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Runonce"=C:\WINDOWS\system32\runouce.exe []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\JMRaidSetup.exe [2007-02-06 1953792]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-10-25 8527872]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-10-25 81920]
"avgnt"=C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"IMBooster"=C:\Arquivos de programas\Iminent\IMBooster\imbooster.exe [2010-02-11 1262080]
"Iminent.Notifier"=C:\Arquivos de programas\Iminent\SearchTheWeb\Iminent.Notifier.exe [2010-02-22 528896]
"SunJavaUpdateSched"=C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe [2010-01-11 246504]
"TkBellExe"=C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [2010-04-16 202256]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Free Ram Optimizer"=C:\Arquivos de programas\AceLogix\Free Ram Optimizer\fro.exe [2003-08-22 57344]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"msnmsgr"=C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\ARQUIV~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled

xpsp2res.dll,-22019"
"C:\Documents and Settings\Ingrid\Configurações locais\Temporary Internet Files\Content.IE5\JCZ34W7E\photo180410-jpg-www-facebook-com[2].scr"="C:\Documents and Settings\Ingrid\Configurações locais\Temporary Internet Files\Content.IE5\JCZ34W7E\photo180410-jpg-www-facebook-com[2].scr:*:Enabled:Userinit"
"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled

xpsp2res.dll,-22019"
"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\auto\command - D:\explorer.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explorer.exe

======List of files/folders created in the last 1 months======

2010-04-20 17:15:18 ----D---- C:\rsit
2010-04-20 13:50:45 ----D---- C:\LinhaDefensiva
2010-04-20 13:24:50 ----D---- C:\Arquivos de programas\AxBx
2010-04-20 12:27:00 ----D---- C:\MSNCleaner
2010-04-20 00:12:10 ----D---- C:\Arquivos de programas\Microsoft
2010-04-20 00:11:44 ----D---- C:\Arquivos de programas\Windows Live
2010-04-19 23:20:38 ----D---- C:\Arquivos de programas\Marcos Velasco Security
2010-04-19 23:18:44 ----D---- C:\WINDOWS\SxsCaPendDel
2010-04-19 23:02:11 ----A---- C:\MSN Virus Removal Log 19_04_2010 23_02_11.txt
2010-04-19 23:00:15 ----D---- C:\WINDOWS\Sun
2010-04-19 22:42:57 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Malwarebytes
2010-04-19 22:42:42 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes
2010-04-19 22:42:42 ----D---- C:\Arquivos de programas\Malwarebytes' Anti-Malware
2010-04-19 19:32:13 ----AH---- C:\a.txt
2010-04-19 19:32:11 ----RSH---- C:\WINDOWS\msnmls.exe
2010-04-17 21:33:25 ----D---- C:\Arquivos de programas\ShowMyPCService
2010-04-16 20:43:03 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2010-04-16 20:42:58 ----A---- C:\WINDOWS\system32\pndx5032.dll
2010-04-16 20:42:58 ----A---- C:\WINDOWS\system32\pndx5016.dll
2010-04-16 20:42:53 ----D---- C:\Arquivos de programas\Arquivos comuns\xing shared
2010-04-16 20:42:41 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-04-16 20:42:40 ----D---- C:\Arquivos de programas\Real
2010-04-16 20:42:39 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Real
2010-04-16 20:42:39 ----D---- C:\Arquivos de programas\Arquivos comuns\Real
2010-04-16 20:42:38 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Real
2010-04-14 12:25:55 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2010-04-14 12:22:11 ----D---- C:\Arquivos de programas\Windows Defender
2010-04-14 03:02:20 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-14 03:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-14 03:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-14 03:01:02 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 03:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 03:00:30 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-12 23:53:45 ----A---- C:\WINDOWS\ODBC.INI
2010-04-12 23:53:39 ----A---- C:\WINDOWS\system32\mdimon.dll
2010-04-12 23:52:33 ----D---- C:\Arquivos de programas\Arquivos comuns\DESIGNER
2010-04-12 23:52:20 ----D---- C:\WINDOWS\SHELLNEW
2010-04-12 23:52:18 ----D---- C:\Arquivos de programas\Microsoft.NET
2010-04-12 23:52:18 ----D---- C:\Arquivos de programas\Microsoft Office
2010-04-12 17:51:57 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Sun
2010-04-12 17:51:08 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-04-12 17:36:26 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Sun
2010-04-12 01:12:01 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-04-12 01:11:57 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-04-11 23:50:46 ----HD---- C:\Documents and Settings\All Users\Dados de aplicativos\{9A5D8F01-1215-4035-A676-85E05512E297}
2010-04-11 23:48:28 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Iminent
2010-04-11 23:48:24 ----HD---- C:\Documents and Settings\All Users\Dados de aplicativos\{F7C61E88-394D-4CDD-856B-DB14974FE9C8}
2010-04-11 23:47:51 ----D---- C:\Arquivos de programas\Iminent
2010-04-11 14:08:55 ----D---- C:\Arquivos de programas\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2010-04-11 14:02:35 ----D---- C:\Arquivos de programas\RivaTuner
2010-04-11 14:01:06 ----D---- C:\WINDOWS\pss
2010-04-11 13:12:26 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-04-11 13:12:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-04-11 13:12:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-04-11 13:12:13 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-04-11 13:12:08 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-04-11 13:12:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-04-11 13:11:59 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-04-11 13:11:54 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-04-11 13:11:49 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2010-04-11 13:11:45 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-04-11 13:11:41 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-04-11 13:11:37 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-04-11 13:11:20 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-04-11 13:11:15 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-04-11 13:11:10 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2010-04-11 13:10:45 ----D---- C:\WINDOWS\ie8updates
2010-04-11 13:10:35 ----D---- C:\WINDOWS\WBEM
2010-04-11 13:09:44 ----HDC---- C:\WINDOWS\ie8
2010-04-11 13:09:43 ----D---- C:\WINDOWS\system32\pt-BR
2010-04-11 13:09:04 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2010-04-11 13:06:23 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-04-11 13:06:19 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-04-11 13:06:14 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-04-11 13:06:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-04-11 13:06:03 ----HDC---- C:\WINDOWS\$NtUninstallKB977165-v2$
2010-04-11 13:05:57 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-04-11 13:05:53 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-04-11 13:05:49 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-04-11 13:05:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-04-11 13:05:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-04-11 13:05:26 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-04-11 13:05:22 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-04-11 13:05:18 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-04-11 13:05:13 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2010-04-11 13:05:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2010-04-11 13:05:04 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-04-11 13:05:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-04-11 13:04:56 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-04-11 13:04:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2010-04-11 13:04:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-04-11 13:04:39 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-04-11 13:04:34 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-04-11 13:04:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-04-11 13:04:24 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2010-04-11 13:04:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-04-11 13:04:08 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-04-11 13:03:56 ----HDC---- C:\WINDOWS\$NtUninstallKB980182$
2010-04-11 13:03:49 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-04-11 13:03:44 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-04-11 13:03:40 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-04-11 13:03:01 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-11 13:02:52 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-04-11 13:02:47 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2010-04-11 13:02:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2010-04-11 13:02:33 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2010-04-11 13:02:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-04-11 13:02:15 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-04-11 13:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-04-11 13:01:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-04-11 13:01:49 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-04-11 13:01:45 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-04-11 13:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-04-11 13:01:36 ----D---- C:\WINDOWS\ServicePackFiles
2010-04-11 13:01:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2010-04-11 13:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-04-11 13:01:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-04-11 13:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2010-04-11 13:01:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-04-11 13:01:09 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-04-11 13:01:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-04-11 13:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-04-11 13:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2010-04-11 13:00:56 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2010-04-11 13:00:50 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-04-11 13:00:46 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-04-11 13:00:40 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-04-11 13:00:33 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-04-11 12:51:49 ----D---- C:\WINDOWS\system32\custom matrices
2010-04-11 12:51:46 ----D---- C:\WINDOWS\system32\QuickTime
2010-04-11 12:51:46 ----D---- C:\WINDOWS\system32\C2MP
2010-04-11 12:43:49 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Avira
2010-04-11 12:42:47 ----D---- C:\WINDOWS\system32\NtmsData
2010-04-11 12:40:06 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Avira
2010-04-11 12:40:06 ----D---- C:\Arquivos de programas\Avira
2010-04-11 12:28:51 ----D---- C:\Arquivos de programas\AceLogix
2010-04-11 12:09:53 ----D---- C:\WINDOWS\system32\CatRoot_bak
2010-04-11 05:16:55 ----N---- C:\WINDOWS\system32\tzchange.exe
2010-04-11 05:13:56 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-04-11 05:13:56 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-04-11 04:07:38 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\NOS
2010-04-11 02:56:58 ----SHD---- C:\RECYCLER
2010-04-11 02:45:09 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2010-04-11 02:45:05 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-04-11 02:45:02 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2010-04-11 02:44:54 ----D---- C:\Arquivos de programas\Windows Media Connect 2
2010-04-11 02:44:48 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2010-04-11 02:44:28 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-04-11 02:44:14 ----D---- C:\WINDOWS\system32\LogFiles
2010-04-11 02:44:09 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2010-04-11 02:15:25 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Windows Genuine Advantage
2010-04-11 02:04:20 ----D---- C:\Arquivos de programas\Windows Live SkyDrive
2010-04-11 01:51:29 ----D---- C:\Arquivos de programas\Arquivos comuns\Windows Live
2010-04-11 01:43:17 ----D---- C:\WINDOWS\system32\PreInstall
2010-04-11 01:43:15 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2010-04-11 01:43:15 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-11 01:42:57 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2010-04-11 01:16:04 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Adobe
2010-04-11 01:14:12 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla
2010-04-11 01:14:08 ----D---- C:\Arquivos de programas\Mozilla Firefox
2010-04-11 00:15:39 ----A---- C:\WINDOWS\msicpl.ini
2010-04-11 00:14:48 ----D---- C:\WINDOWS\nview
2010-04-11 00:14:48 ----A---- C:\WINDOWS\system32\nvudisp.exe
2010-04-11 00:14:47 ----RA---- C:\WINDOWS\system32\smdll.dll
2010-04-11 00:14:47 ----RA---- C:\WINDOWS\system32\MadCHook.dll
2010-04-11 00:14:46 ----RA---- C:\WINDOWS\system32\d3dx9_28.dll
2010-04-11 00:14:45 ----RA---- C:\WINDOWS\system32\HookShield.dll
2010-04-11 00:14:45 ----RA---- C:\WINDOWS\system32\HookMAp.dll
2010-04-11 00:14:45 ----RA---- C:\WINDOWS\system32\d3dx9_27.dll
2010-04-11 00:14:45 ----RA---- C:\WINDOWS\system32\Auxiliary.dll
2010-04-11 00:14:44 ----RA---- C:\WINDOWS\system32\sw24.exe
2010-04-11 00:14:44 ----RA---- C:\WINDOWS\system32\sw20.exe
2010-04-11 00:14:43 ----RA---- C:\WINDOWS\system32\msicpl.dll
2010-04-11 00:10:35 ----D---- C:\WINDOWS\Minidump
2010-04-11 00:04:04 ----A---- C:\WINDOWS\ntbtlog.txt
2010-04-10 23:47:42 ----A---- C:\WINDOWS\system32\msvcr71.dll
2010-04-10 23:47:42 ----A---- C:\WINDOWS\system32\msvcp71.dll
2010-04-10 23:47:42 ----A---- C:\WINDOWS\system32\MFC71.dll
2010-04-10 23:47:39 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-04-10 23:47:39 ----D---- C:\Arquivos de programas\Alwil Software
2010-04-10 23:46:43 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia
2010-04-10 23:44:11 ----D---- C:\WINDOWS\system32\Lang
2010-04-10 23:42:37 ----R---- C:\WINDOWS\system32\ChCfg.exe
2010-04-10 23:42:30 ----R---- C:\WINDOWS\system32\JMRaidAPI.dll
2010-04-10 23:42:29 ----R---- C:\WINDOWS\system32\JMRaidSetup.exe
2010-04-10 23:42:29 ----D---- C:\JM
2010-04-10 23:42:23 ----D---- C:\WINDOWS\JM
2010-04-10 23:42:16 ----D---- C:\WINDOWS\system32\RTCOM
2010-04-10 23:42:14 ----D---- C:\WINDOWS\OPTIONS
2010-04-10 23:42:14 ----A---- C:\WINDOWS\system32\ksuser.dll
2010-04-10 23:42:10 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\InstallShield
2010-04-10 23:42:09 ----R---- C:\WINDOWS\SoundMan.exe
2010-04-10 23:42:08 ----R---- C:\WINDOWS\SkyTel.exe
2010-04-10 23:42:08 ----R---- C:\WINDOWS\RtlUpd.exe
2010-04-10 23:42:07 ----R---- C:\WINDOWS\RTLCPL.exe
2010-04-10 23:42:04 ----R---- C:\WINDOWS\RTHDCPL.exe
2010-04-10 23:42:03 ----R---- C:\WINDOWS\MicCal.exe
2010-04-10 23:42:02 ----R---- C:\WINDOWS\alcwzrd.exe
2010-04-10 23:42:02 ----R---- C:\WINDOWS\Alcmtr.exe
2010-04-10 23:42:02 ----D---- C:\Arquivos de programas\Realtek
2010-04-10 23:42:01 ----HD---- C:\Arquivos de programas\InstallShield Installation Information
2010-04-10 23:41:59 ----R---- C:\WINDOWS\RtlExUpd.dll
2010-04-10 23:41:59 ----A---- C:\WINDOWS\HideWin.exe
2010-04-10 23:41:56 ----D---- C:\Arquivos de programas\Arquivos comuns\InstallShield
2010-04-10 23:41:41 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2010-04-10 23:41:40 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2010-04-10 23:39:24 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-04-10 23:39:24 ----D---- C:\Arquivos de programas\Intel
2010-04-10 23:39:22 ----D---- C:\Intel
2010-04-10 23:37:27 ----A---- C:\WINDOWS\WinLogT.exe
2010-04-10 23:37:27 ----A---- C:\WINDOWS\system32\ZipDll.dll
2010-04-10 23:37:27 ----A---- C:\WINDOWS\system32\UnzDll.dll
2010-04-10 23:37:27 ----A---- C:\WINDOWS\system32\opencrypto.dll
2010-04-10 23:37:27 ----A---- C:\WINDOWS\system32\cmpe.dll
2010-04-10 23:37:26 ----A---- C:\WINDOWS\system32\GETCPU.DLL
2010-04-10 23:37:17 ----D---- C:\Arquivos de programas\Oi Velox
2010-04-10 23:37:17 ----A---- C:\WINDOWS\system32\LightMsg_oi_velox.dll
2010-04-10 23:37:17 ----A---- C:\WINDOWS\system32\lightLib1.dll
2010-04-10 23:34:40 ----HD---- C:\Arquivos de programas\Uninstall Information
2010-04-10 23:34:40 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Identities
2010-04-10 23:33:49 ----D---- C:\WINDOWS\SoftwareDistribution
2010-04-10 23:33:16 ----D---- C:\WINDOWS\Prefetch
2010-04-10 23:33:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-10 23:29:21 ----A---- C:\WINDOWS\system32\wmpns.dll
2010-04-10 23:29:11 ----A---- C:\WINDOWS\OEWABLog.txt
2010-04-10 23:29:07 ----A---- C:\WINDOWS\system32\mapi32.dll
2010-04-10 23:28:33 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-04-10 23:28:25 ----HD---- C:\Arquivos de programas\WindowsUpdate
2010-04-10 23:28:21 ----D---- C:\Arquivos de programas\Serviços on-line
2010-04-10 23:28:06 ----D---- C:\WINDOWS\system32\DirectX
2010-04-10 23:27:48 ----A---- C:\WINDOWS\system32\atrace.dll
2010-04-10 23:27:45 ----A---- C:\WINDOWS\system32\desktop.ini
2010-04-10 23:27:45 ----A---- C:\WINDOWS\desktop.ini
2010-04-10 23:27:39 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2010-04-10 23:27:37 ----D---- C:\Arquivos de programas\Arquivos comuns\Serviços
2010-04-10 23:27:37 ----A---- C:\WINDOWS\system32\acctres.dll
2010-04-10 23:27:35 ----SD---- C:\WINDOWS\Tasks
2010-04-10 23:27:35 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2010-04-10 23:27:28 ----D---- C:\WINDOWS\system32\Macromed
2010-04-10 23:27:25 ----A---- C:\WINDOWS\system32\wuweb.dll
2010-04-10 23:27:25 ----A---- C:\WINDOWS\system32\wucltui.dll
2010-04-10 23:27:25 ----A---- C:\WINDOWS\system32\wuauserv.dll
2010-04-10 23:27:25 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2010-04-10 23:27:24 ----A---- C:\WINDOWS\system32\wups.dll
2010-04-10 23:27:24 ----A---- C:\WINDOWS\system32\wuaueng.dll
2010-04-10 23:27:24 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2010-04-10 23:27:24 ----A---- C:\WINDOWS\system32\wuauclt.exe
2010-04-10 23:27:24 ----A---- C:\WINDOWS\system32\wuapi.dll
2010-04-10 23:27:24 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2010-04-10 23:27:24 ----A---- C:\WINDOWS\system32\qmgr.dll
2010-04-10 23:27:24 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2010-04-10 23:27:24 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2010-04-10 23:27:15 ----A---- C:\WINDOWS\system32\safrslv.dll
2010-04-10 23:27:15 ----A---- C:\WINDOWS\system32\safrdm.dll
2010-04-10 23:27:15 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2010-04-10 23:27:15 ----A---- C:\WINDOWS\system32\racpldlg.dll
2010-04-10 23:27:10 ----A---- C:\WINDOWS\system32\fltMc.exe
2010-04-10 23:27:10 ----A---- C:\WINDOWS\system32\fltlib.dll
2010-04-10 23:27:09 ----A---- C:\WINDOWS\system32\srsvc.dll
2010-04-10 23:27:09 ----A---- C:\WINDOWS\system32\srrstr.dll
2010-04-10 23:27:09 ----A---- C:\WINDOWS\system32\srclient.dll
2010-04-10 23:27:09 ----A---- C:\WINDOWS\system32\ils.dll
2010-04-10 23:27:08 ----A---- C:\WINDOWS\system32\mnmdd.dll
2010-04-10 23:27:08 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2010-04-10 23:27:07 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2010-04-10 23:27:07 ----A---- C:\WINDOWS\system32\msconf.dll
2010-04-10 23:27:07 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2010-04-10 23:27:04 ----A---- C:\WINDOWS\system32\msoert2.dll
2010-04-10 23:27:03 ----A---- C:\WINDOWS\system32\msoeacct.dll
2010-04-10 23:27:02 ----A---- C:\WINDOWS\system32\inetres.dll
2010-04-10 23:27:02 ----A---- C:\WINDOWS\system32\inetcomm.dll
2010-04-10 23:26:59 ----A---- C:\WINDOWS\system32\schedsvc.dll
2010-04-10 23:26:59 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-04-10 23:26:59 ----A---- C:\WINDOWS\system32\mstask.dll
2010-04-10 23:26:59 ----A---- C:\WINDOWS\system32\icwphbk.dll
2010-04-10 23:26:13 ----D---- C:\Arquivos de programas\Messenger
2010-04-10 23:24:16 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-04-10 23:22:36 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2010-04-10 23:22:36 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2010-04-10 23:22:36 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2010-04-10 23:22:36 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2010-04-10 23:22:36 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2010-04-10 23:22:36 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2010-04-10 23:22:36 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2010-04-10 23:22:36 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2010-04-10 23:22:36 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2010-04-10 23:22:35 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2010-04-10 23:22:35 ----RA---- C:\WINDOWS\system32\kbdur.dll
2010-04-10 23:22:35 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2010-04-10 23:22:35 ----RA---- C:\WINDOWS\system32\kbdru.dll
2010-04-10 23:22:35 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2010-04-10 23:22:35 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2010-04-10 23:22:35 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2010-04-10 23:22:35 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2010-04-10 23:22:35 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2010-04-10 23:22:35 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2010-04-10 23:22:35 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2010-04-10 23:22:35 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2010-04-10 23:22:35 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2010-04-10 23:22:35 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2010-04-10 23:22:35 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2010-04-10 23:22:35 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2010-04-10 23:22:35 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2010-04-10 23:22:34 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2010-04-10 23:22:34 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2010-04-10 23:22:34 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2010-04-10 23:22:34 ----RA---- C:\WINDOWS\system32\kbdro.dll
2010-04-10 23:22:34 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2010-04-10 23:22:34 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2010-04-10 23:22:34 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2010-04-10 23:22:34 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2010-04-10 23:22:34 ----RA---- C:\WINDOWS\system32\kbdest.dll
2010-04-10 23:22:34 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2010-04-10 23:22:34 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2010-04-10 23:22:34 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2010-04-10 23:22:34 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2010-04-10 23:22:34 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2010-04-10 23:22:31 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-04-10 23:22:31 ----A---- C:\WINDOWS\system32\irclass.dll
2010-04-10 23:22:31 ----A---- C:\WINDOWS\system32\dgsetup.dll
2010-04-10 23:22:31 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2010-04-10 23:22:30 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2010-04-10 23:22:29 ----A---- C:\WINDOWS\system32\batt.dll
2010-04-10 23:22:06 ----RA---- C:\WINDOWS\SET2B.tmp
2010-04-10 23:22:03 ----RA---- C:\WINDOWS\SET1F.tmp
2010-04-10 23:22:02 ----RA---- C:\WINDOWS\SET1C.tmp
2010-04-10 23:08:34 ----A---- C:\WINDOWS\UPGRADE.TXT
2010-04-10 23:08:33 ----D---- C:\WINDOWS\setup.pss
2010-04-10 23:03:23 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\WinRAR
2010-04-10 23:02:16 ----SD---- C:\Documents and Settings\Administrador\Dados de aplicativos\Microsoft
2010-04-10 23:02:16 ----ASH---- C:\Documents and Settings\Administrador\Dados de aplicativos\desktop.ini
2010-04-10 22:59:16 ----D---- C:\WINDOWS\system32\xircom
2010-04-10 22:59:16 ----D---- C:\WINDOWS\system32\restore
2010-04-10 22:59:16 ----D---- C:\WINDOWS\srchasst
2010-04-10 22:59:16 ----D---- C:\Arquivos de programas\xerox
2010-04-10 22:59:16 ----D---- C:\Arquivos de programas\outlook express
2010-04-10 22:59:16 ----D---- C:\Arquivos de programas\netmeeting
2010-04-10 22:59:16 ----D---- C:\Arquivos de programas\movie maker
2010-04-10 22:59:16 ----D---- C:\Arquivos de programas\microsoft frontpage
2010-04-10 22:59:16 ----D---- C:\Arquivos de programas\Arquivos comuns\speechengines
2010-04-10 22:59:16 ----D---- C:\Arquivos de programas\Arquivos comuns\mssoap
2010-04-10 22:59:03 ----D---- C:\Arquivos de programas\WinRAR
2010-04-10 22:58:59 ----SD---- C:\WINDOWS\system32\Microsoft
2010-04-10 22:58:59 ----A---- C:\WINDOWS\system32\javaws.exe
2010-04-10 22:58:59 ----A---- C:\WINDOWS\system32\javaw.exe
2010-04-10 22:58:59 ----A---- C:\WINDOWS\system32\java.exe
2010-04-10 22:58:44 ----D---- C:\Arquivos de programas\Java
2010-04-10 22:58:43 ----D---- C:\Arquivos de programas\Arquivos comuns\Java
2010-04-10 22:57:13 ----RSD---- C:\WINDOWS\assembly
2010-04-10 22:57:13 ----D---- C:\WINDOWS\Microsoft.NET
2010-04-10 22:57:12 ----D---- C:\WINDOWS\system32\URTTemp
2010-04-10 22:56:14 ----D---- C:\Temp
2010-04-10 22:56:14 ----A---- C:\WINDOWS\control.ini
2010-04-10 22:56:14 ----A---- C:\AUTOEXEC.BAT
2010-04-10 22:53:30 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-04-10 22:53:30 ----RD---- C:\WINDOWS\Offline Web Pages
2010-04-10 22:53:26 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-04-10 22:53:03 ----A---- C:\WINDOWS\system32\icwdial.dll
2010-04-10 22:53:01 ----A---- C:\WINDOWS\system32\isign32.dll
2010-04-10 22:53:01 ----A---- C:\WINDOWS\system32\inetcfg.dll
2010-04-10 22:48:54 ----D---- C:\Arquivos de programas\Arquivos comuns\System
2010-04-10 22:48:36 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared
2010-04-10 22:48:32 ----D---- C:\Arquivos de programas\Internet Explorer
2010-04-10 22:48:08 ----D---- C:\Arquivos de programas\ComPlus Applications
2010-04-10 22:48:06 ----A---- C:\WINDOWS\vbaddin.ini
2010-04-10 22:48:06 ----A---- C:\WINDOWS\vb.ini
2010-04-10 22:48:02 ----D---- C:\WINDOWS\Registration
2010-04-10 22:47:56 ----D---- C:\Arquivos de programas\Windows Media Player
2010-04-10 22:47:49 ----D---- C:\Arquivos de programas\MSN Gaming Zone
2010-04-10 22:47:49 ----A---- C:\WINDOWS\system32\write.exe
2010-04-10 22:47:42 ----A---- C:\WINDOWS\system32\sndvol32.exe
2010-04-10 22:47:42 ----A---- C:\WINDOWS\system32\hticons.dll
2010-04-10 22:47:42 ----A---- C:\WINDOWS\system32\avwav.dll
2010-04-10 22:47:42 ----A---- C:\WINDOWS\system32\avtapi.dll
2010-04-10 22:47:42 ----A---- C:\WINDOWS\system32\avmeter.dll
2010-04-10 22:47:41 ----A---- C:\WINDOWS\system32\winchat.exe
2010-04-10 22:47:36 ----A---- C:\WINDOWS\system32\sol.exe
2010-04-10 22:47:36 ----A---- C:\WINDOWS\system32\getuname.dll
2010-04-10 22:47:36 ----A---- C:\WINDOWS\system32\charmap.exe
2010-04-10 22:47:36 ----A---- C:\WINDOWS\system32\calc.exe
2010-04-10 22:47:35 ----A---- C:\WINDOWS\system32\winmine.exe
2010-04-10 22:47:35 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2010-04-10 22:47:35 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2010-04-10 22:47:35 ----A---- C:\WINDOWS\system32\tslabels.ini
2010-04-10 22:47:35 ----A---- C:\WINDOWS\system32\tskill.exe
2010-04-10 22:47:35 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2010-04-10 22:47:35 ----A---- C:\WINDOWS\system32\tscon.exe
2010-04-10 22:47:35 ----A---- C:\WINDOWS\system32\shadow.exe
2010-04-10 22:47:35 ----A---- C:\WINDOWS\system32\rwinsta.exe
2010-04-10 22:47:35 ----A---- C:\WINDOWS\system32\reset.exe
2010-04-10 22:47:35 ----A---- C:\WINDOWS\system32\regini.exe
2010-04-10 22:47:35 ----A---- C:\WINDOWS\system32\mshearts.exe
2010-04-10 22:47:35 ----A---- C:\WINDOWS\system32\freecell.exe
2010-04-10 22:47:34 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2010-04-10 22:47:34 ----A---- C:\WINDOWS\system32\qwinsta.exe
2010-04-10 22:47:34 ----A---- C:\WINDOWS\system32\qappsrv.exe
2010-04-10 22:47:34 ----A---- C:\WINDOWS\system32\msg.exe
2010-04-10 22:47:34 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2010-04-10 22:47:34 ----A---- C:\WINDOWS\system32\logoff.exe
2010-04-10 22:47:34 ----A---- C:\WINDOWS\system32\cdmodem.dll
2010-04-10 22:47:33 ----A---- C:\WINDOWS\system32\stclient.dll
2010-04-10 22:47:33 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2010-04-10 22:47:33 ----A---- C:\WINDOWS\system32\mtxex.dll
2010-04-10 22:47:33 ----A---- C:\WINDOWS\system32\mtxdm.dll
2010-04-10 22:47:33 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2010-04-10 22:47:33 ----A---- C:\WINDOWS\system32\comsnap.dll
2010-04-10 22:47:33 ----A---- C:\WINDOWS\system32\comrepl.dll
2010-04-10 22:47:33 ----A---- C:\WINDOWS\system32\comaddin.dll
2010-04-10 22:47:29 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2010-04-10 22:47:28 ----A---- C:\WINDOWS\system32\sndrec32.exe
2010-04-10 22:47:28 ----A---- C:\WINDOWS\system32\mplay32.exe
2010-04-10 22:47:28 ----A---- C:\WINDOWS\system32\hypertrm.dll
2010-04-10 22:47:28 ----A---- C:\WINDOWS\system32\accwiz.exe
2010-04-10 22:47:27 ----D---- C:\Arquivos de programas\Windows NT
2010-04-10 22:47:27 ----A---- C:\WINDOWS\system32\spider.exe
2010-04-10 22:47:27 ----A---- C:\WINDOWS\system32\mspaint.exe
2010-04-10 22:47:27 ----A---- C:\WINDOWS\system32\clipbrd.exe
2010-04-10 22:47:26 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2010-04-10 22:47:26 ----A---- C:\WINDOWS\system32\remotepg.dll
2010-04-10 22:47:26 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2010-04-10 22:47:26 ----A---- C:\WINDOWS\system32\mstscax.dll
2010-04-10 22:47:26 ----A---- C:\WINDOWS\system32\mstsc.exe
2010-04-10 22:47:25 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2010-04-10 22:47:25 ----A---- C:\WINDOWS\system32\termsrv.dll
2010-04-10 22:47:25 ----A---- C:\WINDOWS\system32\sessmgr.exe
2010-04-10 22:47:25 ----A---- C:\WINDOWS\system32\rdshost.exe
2010-04-10 22:47:25 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2010-04-10 22:47:25 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2010-04-10 22:47:25 ----A---- C:\WINDOWS\system32\rdpclip.exe
2010-04-10 22:47:25 ----A---- C:\WINDOWS\system32\rdchost.dll
2010-04-10 22:47:25 ----A---- C:\WINDOWS\system32\qprocess.exe
2010-04-10 22:47:25 ----A---- C:\WINDOWS\system32\icaapi.dll
2010-04-10 22:47:25 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2010-04-10 22:47:24 ----D---- C:\WINDOWS\system32\MsDtc
2010-04-10 22:47:24 ----A---- C:\WINDOWS\system32\xolehlp.dll
2010-04-10 22:47:24 ----A---- C:\WINDOWS\system32\mtxoci.dll
2010-04-10 22:47:24 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2010-04-10 22:47:24 ----A---- C:\WINDOWS\system32\msdtctm.dll
2010-04-10 22:47:24 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2010-04-10 22:47:24 ----A---- C:\WINDOWS\system32\msdtclog.dll
2010-04-10 22:47:24 ----A---- C:\WINDOWS\system32\msdtc.exe
2010-04-10 22:47:23 ----D---- C:\WINDOWS\system32\Com
2010-04-10 22:47:23 ----A---- C:\WINDOWS\system32\colbact.dll
2010-04-10 22:47:23 ----A---- C:\WINDOWS\system32\clbcatex.dll
2010-04-10 22:47:23 ----A---- C:\WINDOWS\system32\catsrvut.dll
2010-04-10 22:47:23 ----A---- C:\WINDOWS\system32\catsrvps.dll
2010-04-10 22:47:22 ----A---- C:\WINDOWS\system32\comuid.dll
2010-04-10 22:47:22 ----A---- C:\WINDOWS\system32\comsvcs.dll
2010-04-10 22:47:22 ----A---- C:\WINDOWS\system32\clbcatq.dll
2010-04-10 22:47:22 ----A---- C:\WINDOWS\system32\catsrv.dll
2010-04-10 22:47:16 ----A---- C:\WINDOWS\system32\servdeps.dll
2010-04-10 22:47:16 ----A---- C:\WINDOWS\system32\mmfutil.dll
2010-04-10 22:47:16 ----A---- C:\WINDOWS\system32\licwmi.dll
2010-04-10 22:47:16 ----A---- C:\WINDOWS\system32\cmprops.dll
2010-04-10 19:46:26 ----A---- C:\WINDOWS\system32\h323log.txt
2010-04-10 19:42:36 ----A---- C:\WINDOWS\imsins.BAK
2010-04-10 19:42:34 ----SHD---- C:\WINDOWS\Installer
2010-04-10 19:42:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-10 19:42:33 ----D---- C:\Arquivos de programas\Arquivos comuns\ODBC
2010-04-10 19:42:33 ----A---- C:\WINDOWS\ODBCINST.INI
2010-04-10 19:42:32 ----RD---- C:\Arquivos de programas
2010-04-10 19:42:32 ----D---- C:\Arquivos de programas\Arquivos comuns
2010-04-10 19:42:31 ----A---- C:\WINDOWS\system32\storprop.dll
2010-04-10 19:42:24 ----ASH---- C:\Documents and Settings\All Users\Dados de aplicativos\desktop.ini
2010-04-10 19:40:41 ----RA---- C:\WINDOWS\SET8.tmp
2010-04-10 19:40:38 ----RA---- C:\WINDOWS\SET4.tmp
2010-04-10 19:40:37 ----RA---- C:\WINDOWS\SET3.tmp
2010-04-10 19:40:32 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-10 19:40:32 ----D---- C:\WINDOWS\system32\CatRoot
2010-04-10 19:40:27 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft
2010-04-10 19:40:04 ----A---- C:\WINDOWS\setuplog.txt
2010-04-10 19:40:02 ----D---- C:\Documents and Settings
2010-04-10 19:40:01 ----SHD---- C:\System Volume Information
2010-04-10 19:39:11 ----SH---- C:\boot.ini
2010-04-10 19:31:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-10 19:31:30 ----RSD---- C:\WINDOWS\Fonts
2010-04-10 19:31:30 ----RD---- C:\WINDOWS\Web
2010-04-10 19:31:30 ----HD---- C:\WINDOWS\inf
2010-04-10 19:31:30 ----D---- C:\WINDOWS\WinSxS
2010-04-10 19:31:30 ----D---- C:\WINDOWS\twain_32
2010-04-10 19:31:30 ----D---- C:\WINDOWS\Temp
2010-04-10 19:31:30 ----D---- C:\WINDOWS\system32\wins
2010-04-10 19:31:30 ----D---- C:\WINDOWS\system32\wbem
2010-04-10 19:31:30 ----D---- C:\WINDOWS\system32\usmt
2010-04-10 19:31:30 ----D---- C:\WINDOWS\system32\spool
2010-04-10 19:31:30 ----D---- C:\WINDOWS\system32\ShellExt
2010-04-10 19:31:30 ----D---- C:\WINDOWS\system32\Setup
2010-04-10 19:31:30 ----D---- C:\WINDOWS\system32\ras
2010-04-10 19:31:30 ----D---- C:\WINDOWS\system32\oobe
2010-04-10 19:31:30 ----D---- C:\WINDOWS\system32\npp
2010-04-10 19:31:30 ----D---- C:\WINDOWS\system32\mui
2010-04-10 19:31:30 ----D---- C:\WINDOWS\system32\inetsrv
2010-04-10 19:31:30 ----D---- C:\WINDOWS\system32\IME
2010-04-10 19:31:30 ----D---- C:\WINDOWS\system32\icsxml
2010-04-10 19:31:30 ----D---- C:\WINDOWS\system32\ias
2010-04-10 19:31:30 ----D---- C:\WINDOWS\system32\export
2010-04-10 19:31:30 ----D---- C:\WINDOWS\system32\drivers
2010-04-10 19:31:30 ----D---- C:\WINDOWS\system32\dhcp
2010-04-10 19:31:30 ----D---- C:\WINDOWS\system32\config
2010-04-10 19:31:30 ----D---- C:\WINDOWS\system32\3com_dmi
2010-04-10 19:31:30 ----D---- C:\WINDOWS\system32\3076
2010-04-10 19:31:30 ----D---- C:\WINDOWS\system32\2052
2010-04-10 19:31:30 ----D---- C:\WINDOWS\system32\1054
2010-04-10 19:31:30 ----D---- C:\WINDOWS\system32\1046
2010-04-10 19:31:30 ----D---- C:\WINDOWS\system32\1042
2010-04-10 19:31:30 ----D---- C:\WINDOWS\system32\1041
2010-04-10 19:31:30 ----D---- C:\WINDOWS\system32\1037
2010-04-10 19:31:30 ----D---- C:\WINDOWS\system32\1033
2010-04-10 19:31:30 ----D---- C:\WINDOWS\system32\1031
2010-04-10 19:31:30 ----D---- C:\WINDOWS\system32\1028
2010-04-10 19:31:30 ----D---- C:\WINDOWS\system32\1025
2010-04-10 19:31:30 ----D---- C:\WINDOWS\system32
2010-04-10 19:31:30 ----D---- C:\WINDOWS\system
2010-04-10 19:31:30 ----D---- C:\WINDOWS\security
2010-04-10 19:31:30 ----D---- C:\WINDOWS\Resources
2010-04-10 19:31:30 ----D---- C:\WINDOWS\repair
2010-04-10 19:31:30 ----D---- C:\WINDOWS\Provisioning
2010-04-10 19:31:30 ----D---- C:\WINDOWS\PeerNet
2010-04-10 19:31:30 ----D---- C:\WINDOWS\pchealth
2010-04-10 19:31:30 ----D---- C:\WINDOWS\NLDRV
2010-04-10 19:31:30 ----D---- C:\WINDOWS\mui
2010-04-10 19:31:30 ----D---- C:\WINDOWS\msapps
2010-04-10 19:31:30 ----D---- C:\WINDOWS\msagent
2010-04-10 19:31:30 ----D---- C:\WINDOWS\Media
2010-04-10 19:31:30 ----D---- C:\WINDOWS\java
2010-04-10 19:31:30 ----D---- C:\WINDOWS\ime
2010-04-10 19:31:30 ----D---- C:\WINDOWS\Help
2010-04-10 19:31:30 ----D---- C:\WINDOWS\ehome
2010-04-10 19:31:30 ----D---- C:\WINDOWS\Driver Cache
2010-04-10 19:31:30 ----D---- C:\WINDOWS\Debug
2010-04-10 19:31:30 ----D---- C:\WINDOWS\Cursors
2010-04-10 19:31:30 ----D---- C:\WINDOWS\Connection Wizard
2010-04-10 19:31:30 ----D---- C:\WINDOWS\Config
2010-04-10 19:31:30 ----D---- C:\WINDOWS\AppPatch
2010-04-10 19:31:30 ----D---- C:\WINDOWS\addins
2010-04-10 19:31:30 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2010-04-20 13:41:17 ----A---- C:\WINDOWS\win.ini
2010-04-20 13:41:17 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40192]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-10-25 7426112]
R3 RivaTuner32;RivaTuner32; \??\C:\Arquivos de programas\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys []
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-03-01 90496]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 MSICPL;MSICPL; \??\E:\install4\MSICPL.sys []
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe [2010-03-16 267432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-10-25 155716]
R2 WinDefend;Windows Defender; C:\Arquivos de programas\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-02 914944]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

INFO

info.txt logfile of random's system information tool 1.06 2010-04-20 17:15:21

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Arquivo do WinRAR-->C:\Arquivos de programas\WinRAR\uninstall.exe
Assistente de Conexão do Windows Live-->MsiExec.exe /I{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}
Atualização de Segurança para o Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Atualização de Segurança para o Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Atualização de Segurança para o Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Atualização de Segurança para o Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Atualização de Segurança para o Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB977165-v2)-->"C:\WINDOWS\$NtUninstallKB977165-v2$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Atualização para Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Atualização para Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Atualização para Windows Internet Explorer 8 (KB980302)-->"C:\WINDOWS\ie8updates\KB980302-IE8\spuninst\spuninst.exe"
Atualização para Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Atualização para Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Atualização para Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Atualização para Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Atualização para Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Atualização para Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Atualização para Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Atualização para Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Atualização para Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Atualização para Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Atualização para Windows XP (KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst\spuninst.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Arquivos de programas\Avira\AntiVir Desktop\setup.exe /REMOVE
Clean Virus MSN-->"C:\Arquivos de programas\AxBx\Clean Virus MSN\unins000.exe"
Ferramenta de Carregamento do Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Free Ram Optimizer XP 1.0-->"C:\Arquivos de programas\AceLogix\Free Ram Optimizer\unins000.exe"
Gigabyte Raid Configurer-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\SETUP.EXE" -l0x9 -removeonly
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\Administrador\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix para o Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix para Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix para Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix para Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
IMBooster-->"C:\Documents and Settings\All Users\Dados de aplicativos\{F7C61E88-394D-4CDD-856B-DB14974FE9C8}\IMBoosterSetup.exe" REMOVE=TRUE MODIFY=FALSE
IMBooster-->C:\Documents and Settings\All Users\Dados de aplicativos\{F7C61E88-394D-4CDD-856B-DB14974FE9C8}\IMBoosterSetup.exe
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LightComm Start 1.0-->"C:\Arquivos de programas\Oi Velox\Start\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Arquivos de programas\Malwarebytes' Anti-Malware\unins000.exe"
Media Player Codec Pack 3.9.5-->C:\WINDOWS\system32\C2MP\Uninst.exe
Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack-->MsiExec.exe /X{0CBADDF4-2CF6-4CDB-B4F5-29B8FCA7FE07}
Microsoft .NET Framework 2.0 Language Pack - PTB-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - PTB\install.exe
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edição 2003-->MsiExec.exe /I{90110416-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6.3)-->C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MV RegClean 5.9-->"C:\Arquivos de programas\Marcos Velasco Security\MV RegClean 5.9\unins000.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
RealPlayer-->C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Arquivos de programas\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x0416 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x416 -removeonly
RealUpgrade 1.0-->MsiExec.exe /I{F4F4F84E-804F-4E9A-84D7-C34283F0088F}
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition-->"C:\Arquivos de programas\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\uninstall.exe"
SearchTheWeb-->"C:\Documents and Settings\All Users\Dados de aplicativos\{9A5D8F01-1215-4035-A676-85E05512E297}\SearchTheWeb.exe" REMOVE=TRUE MODIFY=FALSE
SearchTheWeb-->C:\Documents and Settings\All Users\Dados de aplicativos\{9A5D8F01-1215-4035-A676-85E05512E297}\SearchTheWeb.exe
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{32BC546A-8AA3-4239-AE92-9CF3291C35A6}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Arquivos de programas\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F2CD4651-F948-467C-B014-71FD981B7F59}
Windows Live Messenger-->MsiExec.exe /X{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}
Windows Media Format 11 runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Arquivos de programas\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: BOPC
Event Code: 7
Message: O dispositivo, \Device\CdRom0, possui um bloco defeituoso.

Record Number: 35
Source Name: Cdrom
Time Written: 20100410225225.000000-180
Event Type: Erro
User:

Computer Name: BOPC
Event Code: 7
Message: O dispositivo, \Device\CdRom0, possui um bloco defeituoso.

Record Number: 34
Source Name: Cdrom
Time Written: 20100410225222.000000-180
Event Type: Erro
User:

Computer Name: BOPC
Event Code: 11
Message: O driver detectou um erro de controlador em \Device\CdRom0.

Record Number: 33
Source Name: Cdrom
Time Written: 20100410225220.000000-180
Event Type: Erro
User:

Computer Name: BOPC
Event Code: 51
Message: Erro detectado no dispositivo \Device\CdRom0 durante uma operação de paginação.

Record Number: 32
Source Name: Cdrom
Time Written: 20100410225210.000000-180
Event Type: aviso
User:

Computer Name: BOPC
Event Code: 51
Message: Erro detectado no dispositivo \Device\CdRom0 durante uma operação de paginação.

Record Number: 31
Source Name: Cdrom
Time Written: 20100410225210.000000-180
Event Type: aviso
User:

=====Application event log=====

Computer Name: BOPC
Event Code: 4113
Message: AntiVir has detected 'W32/Chir.B'
in the file
C:\System Volume Information\_restore{76590CD8-99C8-49E9-B176-A2007EBBB6E1}\RP1\A0000040.exe

Record Number: 282
Source Name: Avira AntiVir
Time Written: 20100413192457.000000-180
Event Type: aviso
User: AUTORIDADE NT\SYSTEM

Computer Name: BOPC
Event Code: 4113
Message: AntiVir has detected 'W32/Chir.B'
in the file
C:\System Volume Information\_restore{76590CD8-99C8-49E9-B176-A2007EBBB6E1}\RP1\A0000040.exe

Record Number: 281
Source Name: Avira AntiVir
Time Written: 20100413182457.000000-180
Event Type: aviso
User: AUTORIDADE NT\SYSTEM

Computer Name: BOPC
Event Code: 4113
Message: AntiVir has detected 'W32/Chir.B'
in the file
C:\System Volume Information\_restore{76590CD8-99C8-49E9-B176-A2007EBBB6E1}\RP1\A0000040.exe

Record Number: 280
Source Name: Avira AntiVir
Time Written: 20100413171257.000000-180
Event Type: aviso
User: AUTORIDADE NT\SYSTEM

Computer Name: BOPC
Event Code: 4113
Message: AntiVir has detected 'W32/Chir.B'
in the file
C:\System Volume Information\_restore{76590CD8-99C8-49E9-B176-A2007EBBB6E1}\RP1\A0000036.exe

Record Number: 279
Source Name: Avira AntiVir
Time Written: 20100413162756.000000-180
Event Type: aviso
User: AUTORIDADE NT\SYSTEM

Computer Name: BOPC
Event Code: 4113
Message: AntiVir has detected 'W32/Chir.B'
in the file
C:\System Volume Information\_restore{76590CD8-99C8-49E9-B176-A2007EBBB6E1}\RP1\A0000008.exe

Record Number: 278
Source Name: Avira AntiVir
Time Written: 20100413154443.000000-180
Event Type: aviso
User: AUTORIDADE NT\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Mr Wolf tenho acessado o MSN,atraves o Meebo devo evitar acessa-lo pelo meebo tambem?pq nao posso de deixar de usar o msn,uso para trabalhar e talz...
Mas obrigado pela ajuda:thumbs_up

Rodrimack · 20/04/2010

Mr.Wolf boa tarde!

Rodei o antivirus avira e não acusou virus mas tem umas "hidden files", olhe meu log abaixo: (Será rootkit de novo no meu pc?) Malwarebytes diz que tá limpo.

"Starting search for hidden objects.
HKEY_USERS\S-1-5-21-4294710607-957213101-1005835743-1005\Software\SecuROM\License information\datasecu
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-4294710607-957213101-1005835743-1005\Software\SecuROM\License information\rkeysecu
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NtmsSvc\Config\Standalone\drivelist
[NOTE] The registry entry is invisible.

Premium Security Suite
Report file date: 2010-04-20 15:20

Scanning for 2021435 virus strains and unwanted programs.

The program is running as a full version.
Online services are available:

Licensee : AntiVir 10 Betatest (Security Suite)
Serial number : 0000149995-ADJIM-0000003
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : NOME-195A66C457

Version information:
BUILD.DAT : 10.0.0.540 43194 Bytes 2010-04-12 16:25:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 2010-04-19 13:30:50
AVSCAN.DLL : 10.0.3.0 46440 Bytes 2010-04-19 13:30:50
LUKE.DLL : 10.0.2.3 104296 Bytes 2010-03-07 21:32:09
LUKERES.DLL : 10.0.0.1 12648 Bytes 2010-02-11 02:40:44
VBASE000.VDF : 7.10.0.0 19875328 Bytes 2009-11-06 12:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 2009-11-19 22:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 2010-01-20 20:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 2010-01-26 19:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 2010-03-05 14:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 2010-04-15 13:30:30
VBASE006.VDF : 7.10.6.83 2048 Bytes 2010-04-15 13:30:30
VBASE007.VDF : 7.10.6.84 2048 Bytes 2010-04-15 13:30:31
VBASE008.VDF : 7.10.6.85 2048 Bytes 2010-04-15 13:30:31
VBASE009.VDF : 7.10.6.86 2048 Bytes 2010-04-15 13:30:31
VBASE010.VDF : 7.10.6.87 2048 Bytes 2010-04-15 13:30:31
VBASE011.VDF : 7.10.6.88 2048 Bytes 2010-04-15 13:30:32
VBASE012.VDF : 7.10.6.89 2048 Bytes 2010-04-15 13:30:32
VBASE013.VDF : 7.10.6.90 2048 Bytes 2010-04-15 13:30:32
VBASE014.VDF : 7.10.6.123 126464 Bytes 2010-04-19 17:34:50
VBASE015.VDF : 7.10.6.124 2048 Bytes 2010-04-19 17:34:50
VBASE016.VDF : 7.10.6.125 2048 Bytes 2010-04-19 17:34:50
VBASE017.VDF : 7.10.6.126 2048 Bytes 2010-04-19 17:34:51
VBASE018.VDF : 7.10.6.127 2048 Bytes 2010-04-19 17:34:51
VBASE019.VDF : 7.10.6.128 2048 Bytes 2010-04-19 17:34:51
VBASE020.VDF : 7.10.6.129 2048 Bytes 2010-04-19 17:34:51
VBASE021.VDF : 7.10.6.130 2048 Bytes 2010-04-19 17:34:52
VBASE022.VDF : 7.10.6.131 2048 Bytes 2010-04-19 17:34:52
VBASE023.VDF : 7.10.6.132 2048 Bytes 2010-04-19 17:34:52
VBASE024.VDF : 7.10.6.133 2048 Bytes 2010-04-19 17:34:52
VBASE025.VDF : 7.10.6.134 2048 Bytes 2010-04-19 17:34:53
VBASE026.VDF : 7.10.6.135 2048 Bytes 2010-04-19 17:34:53
VBASE027.VDF : 7.10.6.136 2048 Bytes 2010-04-19 17:34:53
VBASE028.VDF : 7.10.6.137 2048 Bytes 2010-04-19 17:34:53
VBASE029.VDF : 7.10.6.138 2048 Bytes 2010-04-19 17:34:54
VBASE030.VDF : 7.10.6.139 2048 Bytes 2010-04-19 17:34:54
VBASE031.VDF : 7.10.6.145 98304 Bytes 2010-04-20 18:18:34
Engineversion : 8.2.1.220
AEVDF.DLL : 8.1.1.3 106868 Bytes 2010-02-13 15:16:21
AESCRIPT.DLL : 8.1.3.26 1286521 Bytes 2010-04-15 15:30:17
AESCN.DLL : 8.1.5.0 127347 Bytes 2010-02-25 21:38:41
AESBX.DLL : 8.1.2.1 254323 Bytes 2010-03-17 14:09:47
AERDL.DLL : 8.1.4.6 541043 Bytes 2010-04-15 15:30:15
AEPACK.DLL : 8.2.1.1 426358 Bytes 2010-03-27 13:35:04
AEOFFICE.DLL : 8.1.0.41 201083 Bytes 2010-03-17 14:09:46
AEHEUR.DLL : 8.1.1.24 2613623 Bytes 2010-04-15 15:30:14
AEHELP.DLL : 8.1.11.3 242039 Bytes 2010-04-01 21:48:00
AEGEN.DLL : 8.1.3.7 373106 Bytes 2010-04-15 15:30:10
AEEMU.DLL : 8.1.1.0 393587 Bytes 2009-11-10 12:04:22
AECORE.DLL : 8.1.13.1 188790 Bytes 2010-04-01 21:47:59
AEBB.DLL : 8.1.0.3 53618 Bytes 2009-09-10 15:15:06
AVWINLL.DLL : 10.0.0.0 19304 Bytes 2010-01-14 15:02:28
AVPREF.DLL : 10.0.0.0 44904 Bytes 2010-01-14 15:02:23
AVREP.DLL : 10.0.0.8 62209 Bytes 2010-02-18 19:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 2010-04-19 13:30:52
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 2010-04-19 13:30:52
AVARKT.DLL : 10.0.0.14 227176 Bytes 2010-04-19 13:30:49
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 2010-01-26 12:52:23
SQLITE3.DLL : 3.6.19.0 355688 Bytes 2010-01-28 15:57:05
AVSMTP.DLL : 10.0.0.17 63848 Bytes 2010-03-16 18:38:38
NETNT.DLL : 10.0.0.0 11624 Bytes 2010-02-19 17:40:04
RCIMAGE.DLL : 10.0.0.32 2899304 Bytes 2010-04-19 13:30:49
RCTEXT.DLL : 10.0.53.0 97128 Bytes 2010-04-19 13:30:49

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\arquivos de programas\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 2010-04-20 15:20

Starting search for hidden objects.
HKEY_USERS\S-1-5-21-4294710607-957213101-1005835743-1005\Software\SecuROM\License information\datasecu
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-4294710607-957213101-1005835743-1005\Software\SecuROM\License information\rkeysecu
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NtmsSvc\Config\Standalone\drivelist
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'LogonUI.EXE' - '37' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '61' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '70' Module(s) have been scanned
Scan process 'avcenter.exe' - '84' Module(s) have been scanned
Scan process 'uTorrent.exe' - '62' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'avgnt.exe' - '67' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '37' Module(s) have been scanned
Scan process 'Explorer.EXE' - '110' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '19' Module(s) have been scanned
Scan process 'alg.exe' - '35' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '45' Module(s) have been scanned
Scan process 'AVWEBGRD.EXE' - '36' Module(s) have been scanned
Scan process 'avmailc.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'StartManSvc.exe' - '24' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'MDM.EXE' - '22' Module(s) have been scanned
Scan process 'jqs.exe' - '78' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'avguard.exe' - '75' Module(s) have been scanned
Scan process 'avfwsvc.exe' - '52' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'sched.exe' - '46' Module(s) have been scanned
Scan process 'spoolsv.exe' - '59' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '158' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '15' Module(s) have been scanned
Scan process 'lsass.exe' - '59' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '70' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1726' files ).

Starting the file scan:

Begin scan in 'C:\'

End of the scan: 2010-04-20 16:45
Used time: 1:25:12 Hour(s)

The scan has been done completely.

7246 Scanned directories
353003 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
353003 Files not concerned
2635 Archives were scanned
0 Warnings
0 Notes
673801 Objects were scanned with rootkit scan
3 Hidden objects were found

Combofix:

ComboFix 10-04-19.08 - User 20/04/2010 21:24:27.10.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1046.18.446.95 [GMT -3:00]
Executando de: c:\documents and settings\User\Desktop\Rodrimack.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira FireWall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\vbzlib1.dll

.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-03-21 to 2010-04-21 ))))))))))))))))))))))))))))
.

2010-04-20 23:38 . 2010-04-20 23:38 -------- d-----w- c:\arquivos de programas\Sophos
2010-04-17 23:13 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-04-17 23:13 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-04-17 23:13 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-04-17 23:13 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2010-04-17 23:13 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2010-04-17 23:13 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\divx.dll
2010-04-17 23:13 . 2010-04-16 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-04-17 23:12 . 2010-04-17 23:14 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack
2010-04-13 01:44 . 2010-04-13 01:44 -------- d-----w- c:\arquivos de programas\PC Connectivity Solution
2010-04-13 01:43 . 2010-02-26 16:21 8320 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2010-04-13 01:43 . 2010-02-26 16:21 137344 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2010-04-13 01:43 . 2010-02-26 16:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-04-13 01:43 . 2010-02-26 16:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-04-13 01:43 . 2010-02-26 16:32 22528 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-04-13 01:43 . 2010-02-26 16:32 662016 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-04-13 01:43 . 2010-02-26 16:32 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-04-13 01:43 . 2010-02-26 16:19 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-04-13 01:40 . 2010-04-13 00:55 35362608 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{4186FEBC-F0CC-4185-A406-24292BC9877A}\NokiaSoftwareUpdaterSetup_en.exe
2010-04-13 01:39 . 2010-04-13 01:39 3351812 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{4186FEBC-F0CC-4185-A406-24292BC9877A}\Installer\CommonCustomActions\msxml6Exec.exe
2010-04-13 01:39 . 2010-04-13 01:39 36864 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{4186FEBC-F0CC-4185-A406-24292BC9877A}\Installer\CommonCustomActions\Sleep.exe
2010-04-13 01:39 . 2010-04-13 01:39 3203453 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{4186FEBC-F0CC-4185-A406-24292BC9877A}\Installer\CommonCustomActions\vcredistExec.exe
2010-04-13 01:16 . 2010-04-13 02:56 -------- d-----w- c:\arquivos de programas\Nokia
2010-04-10 19:36 . 2006-08-29 14:56 32377 ----a-w- c:\windows\system32\drivers\prodigy.sys
2010-04-10 19:35 . 2010-04-20 20:47 -------- d-----w- c:\arquivos de programas\NSS
2010-04-10 15:58 . 2008-04-13 18:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-04-10 15:58 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-04-10 15:52 . 2010-04-10 15:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nokia
2010-04-10 15:36 . 2010-04-10 16:00 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\Nokia
2010-04-10 15:36 . 2010-04-10 16:00 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\PC Suite
2010-04-10 15:36 . 2010-04-10 15:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Suite
2010-04-10 15:33 . 2010-04-13 00:57 34555528 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_por_br_web.exe
2010-04-10 15:32 . 2010-04-10 15:32 95232 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe
2010-04-10 15:32 . 2010-04-10 15:32 61440 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-04-10 15:32 . 2010-04-10 15:32 10240 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe
2010-04-10 15:32 . 2010-04-10 15:32 8192 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe
2010-04-07 04:32 . 2010-04-07 04:32 -------- d-----w- c:\documents and settings\All Users\Modelos
2010-04-07 04:32 . 2010-04-20 14:56 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP
2010-04-07 03:13 . 2010-04-07 14:18 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Systweak
2010-04-06 18:17 . 2010-04-06 18:17 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\Registry Mechanic
2010-04-06 17:56 . 2010-04-06 17:56 -------- d-----w- c:\arquivos de programas\Arquivos comuns\PC Tools
2010-04-03 03:42 . 2010-04-17 17:45 -------- d-----w- c:\arquivos de programas\uTorrent
2010-03-31 23:49 . 2010-03-31 23:51 -------- d-----w- c:\arquivos de programas\Ask.com
2010-03-31 17:42 . 2010-04-20 19:45 -------- d-----w- c:\windows\system32\NtmsData
2010-03-27 14:02 . 2010-03-27 14:02 -------- d-----w- c:\documents and settings\Lopes.NOME-195A66C457\Dados de aplicativos\Avira
2010-03-27 13:33 . 2010-03-27 13:33 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\Avira
2010-03-27 13:23 . 2010-03-01 12:04 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-27 13:23 . 2010-02-16 16:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-27 13:23 . 2009-05-11 14:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-03-27 13:23 . 2009-05-11 14:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-03-27 13:23 . 2010-02-18 12:51 102856 ----a-w- c:\windows\system32\drivers\avfwot.sys
2010-03-27 13:23 . 2010-02-15 17:23 79432 ----a-w- c:\windows\system32\drivers\avfwim.sys
2010-03-27 13:23 . 2010-03-27 13:23 -------- d-----w- c:\arquivos de programas\Avira

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-20 20:36 . 2008-06-05 04:31 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\uTorrent
2010-04-14 11:48 . 2008-07-19 04:41 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help
2010-04-13 01:57 . 2010-04-13 01:57 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-04-13 01:57 . 2010-04-13 01:57 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-04-13 01:44 . 2009-11-08 01:26 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Installations
2010-04-10 15:57 . 2010-04-10 15:57 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-04-10 15:44 . 2010-03-01 02:58 -------- d-----w- c:\arquivos de programas\Microsoft ActiveSync
2010-04-10 15:31 . 2008-12-16 12:20 -------- d-----w- c:\arquivos de programas\DIFX
2010-04-07 14:18 . 2009-07-11 03:08 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\Systweak
2010-04-07 03:58 . 2009-11-08 23:05 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\Sony Setup
2010-04-07 03:58 . 2010-01-18 00:07 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\InstallShield
2010-04-07 03:58 . 2009-11-29 23:17 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\Apple Computer
2010-04-07 03:58 . 2009-08-27 21:01 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\ATI
2010-04-07 03:57 . 2008-12-09 13:02 -------- d-----w- c:\documents and settings\Lopes.NOME-195A66C457\Dados de aplicativos\DivX
2010-04-07 03:57 . 2008-06-05 08:17 -------- d-----w- c:\documents and settings\Lopes.NOME-195A66C457\Dados de aplicativos\ATI
2010-04-07 03:57 . 2008-06-12 10:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Tools
2010-04-07 03:57 . 2009-11-08 23:14 -------- d-----w- c:\arquivos de programas\QuickTime
2010-04-07 03:56 . 2009-03-09 12:56 -------- d-----w- c:\arquivos de programas\LimeWire
2010-04-07 03:56 . 2010-02-13 01:59 -------- d-----w- c:\arquivos de programas\BitComet
2010-04-07 03:56 . 2009-02-11 20:59 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Real
2010-04-07 03:55 . 2009-11-07 23:08 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\HpUpdate
2010-04-06 23:21 . 2009-12-06 11:04 -------- d-----w- c:\documents and settings\Lopes.NOME-195A66C457\Dados de aplicativos\uTorrent
2010-04-03 03:12 . 2010-02-13 01:59 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\BitComet
2010-04-01 00:04 . 2008-12-17 19:31 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2010-04-01 00:01 . 2009-01-16 09:04 5918776 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-31 23:58 . 2008-08-25 14:17 -------- d-----w- c:\arquivos de programas\CCleaner
2010-03-30 03:46 . 2008-12-17 19:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 03:45 . 2008-12-17 19:31 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 12:54 . 2004-08-04 12:00 83618 ----a-w- c:\windows\system32\perfc016.dat
2010-03-29 12:54 . 2004-08-04 12:00 477920 ----a-w- c:\windows\system32\perfh016.dat
2010-03-27 13:23 . 2008-12-16 19:27 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira
2010-03-15 09:31 . 2008-06-05 04:24 165376 ----a-w- c:\windows\system32\unrar.dll
2010-03-10 21:02 . 2009-10-18 23:16 -------- d-----w- c:\arquivos de programas\ATI Technologies
2010-03-10 21:02 . 2008-06-03 20:01 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2010-03-10 06:16 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-01 20:56 . 2010-03-01 20:56 -------- d-----w- c:\arquivos de programas\Machine Works NW
2010-02-26 16:32 . 2009-11-08 01:27 92672 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-02-25 06:17 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 17:07 . 2004-08-04 12:00 2194176 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:07 . 2004-08-04 00:40 2071040 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:34 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

------- Sigcheck -------

[-] 2008-07-13 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[-] 2008-07-13 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-01-19 18790432]
"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPopUpsOnBoot"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Lopes.NOME-195A66C457^Menu Iniciar^Programas^Inicializar^Magnifier.lnk]
backup=c:\windows\pss\Magnifier.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 01:16 39792 ----a-w- c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2008-08-01 14:39 4608 ----a-w- c:\arquivos de programas\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 02:21 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-07 20:07 119296 ------w- c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 17:50 54576 ----a-w- c:\arquivos de programas\HP\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerManager]
2005-09-16 12:38 31744 ----a-w- c:\arquivos de programas\Power Manager\PM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 19:18 413696 ----a-w- c:\arquivos de programas\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2009-11-25 18:42 3176408 ----a-w- c:\arquivos de programas\Registry Mechanic\RegMech.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-07-12 16:47 544768 ----a-r- c:\windows\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindServiceAE"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17352:TCP"= 17352:TCP:BitComet 17352 TCP
"17352:UDP"= 17352:UDP:BitComet 17352 UDP
"50000:TCP"= 50000:TCP:BitComet 50000 TCP
"50000:UDP"= 50000:UDP:BitComet 50000 UDP
"26273:TCP"= 26273:TCP:BitComet 26273 TCP
"26273:UDP"= 26273:UDP:BitComet 26273 UDP
"40000:TCP"= 40000:TCP:BitComet 40000 TCP
"40000:UDP"= 40000:UDP:BitComet 40000 UDP

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [17/6/2009 13:01 20616]
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [27/3/2010 10:23 102856]
R2 AntiVirFirewallService;Avira FireWall;c:\arquivos de programas\Avira\AntiVir Desktop\avfwsvc.exe [27/3/2010 10:23 536232]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\arquivos de programas\Avira\AntiVir Desktop\avmailc.exe [27/3/2010 10:23 337064]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [27/3/2010 10:23 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\arquivos de programas\Avira\AntiVir Desktop\avwebgrd.exe [27/3/2010 10:23 405672]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\arquivos de programas\Arquivos comuns\PC Tools\sMonitor\StartManSvc.exe [6/4/2010 14:56 583640]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [27/3/2010 10:23 79432]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/7/2008 14:27 716272]
S0 TfFsMon;TfFsMon; [x]
S0 TfSysMon;TfSysMon; [x]
S1 SASDIFSV;SASDIFSV; [x]
S1 SASKUTIL;SASKUTIL; [x]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/10/2008 00:39 1691480]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [11/9/2008 11:33 16512]
S3 BTHprint;Microsoft Bluetooth Printer Class;c:\windows\system32\drivers\bthprint.sys [5/6/2008 02:17 36480]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [17/6/2009 13:02 29192]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter; [x]
S3 ggflt;SEMC USB Flash Driver Filter; [x]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [17/6/2009 13:01 26248]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\109.tmp --> c:\windows\system32\109.tmp [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [12/4/2010 22:43 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [12/4/2010 22:43 8320]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [30/5/2009 18:56 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [30/5/2009 18:56 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [30/5/2009 18:56 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [30/5/2009 18:56 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [30/5/2009 18:56 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [30/5/2009 18:56 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [30/5/2009 18:56 109736]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [15/12/2008 18:37 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [15/12/2008 18:38 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [15/12/2008 18:38 110632]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [15/12/2008 18:39 100648]
S3 SASENUM;SASENUM; [x]
S3 SR9USB;SR9600 USB To Fast Ethernet Adapter; [x]
S3 TfNetMon;TfNetMon; [x]
S3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\drivers\ZS211.sys [17/1/2010 21:08 1537024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Conteúdo da pasta 'Tarefas Agendadas'

2010-04-21 c:\windows\Tasks\User_Feed_Synchronization-{296B2BB7-81AE-4AE6-850C-79AB0C908CBA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 07:31]
.
.
------- Scan Suplementar -------
.
uStart Page = about:blank
mStart Page = about:blank
LSP: c:\arquivos de programas\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\kjrdc0n1.default\
FF - prefs.js: browser.startup.homepage - hxxp://pt-BR.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla

t-BR

fficial
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-20 21:36
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\109.tmp"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-4294710607-957213101-1005835743-1005\Software\SecuROM\License information*]
"datasecu"=hex:22,b7,7a,86,ff,9e,78,8b,12,b7,e9,54,7b,a0,27,3c,63,99,ca,24,d7,
c0,29,b7,2a,7c,55,38,d4,a8,45,c7,e6,eb,62,c3,47,fc,6f,22,a2,2b,29,d8,62,45,\
"rkeysecu"=hex:9f,ca,16,75,83,0a,d6,fd,d2,a5,ab,cb,c1,0d,12,f7

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{402278d4-786d-44b1-a200-ba076b69a537}]
@Denied: (Full) (Everyone)
"Model"=dword:000000fd
"Therad"=dword:00000015
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,fe,80,6d,74,d0,aa,c2,2c,51,9e,3b,fc,4e,31,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):5f,87,92,3e,3f,c6,c4,fb,e4,c6,55,65,ed,dd,91,6b,40,6b,c3,85,d2,
f4,ce,92,4e,70,cf,62,1d,16,df,b2,44,1c,a6,c8,ca,db,12,34,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]
"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\hÑ*BNoc]
"DisplayName"="?\11"
"DeviceDesc"="?\11"
"ProviderName"="?\11???\11\08"
"MFG"="??\09"
"ReinstallString"="8.493.0.0000"
"DeviceInstanceIds"=multi:"c:\\ati\\support\\8-5-igp_xp32_dd_ccc_wdm_sb_gart_enu_63030\\driver\\xp_inf\\cx_63030.inf\00"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(984)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1064)
c:\arquivos de programas\Avira\AntiVir Desktop\avsda.dll
.
Tempo para conclusão: 2010-04-20 21:44:29
ComboFix-quarantined-files.txt 2010-04-21 00:44

Pré-execução: 6 pasta(s) 17.535.873.024 bytes disponíveis
Pós execução: 8 pasta(s) 17.528.483.840 bytes disponíveis

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - DA8E638331127CBB89E4FA2C2ABDE901

Remoção de vírus

Malware Removal

Hungry Member

Malware Removal

Hungry Member

Malware Removal

Hungry Member

Malware Removal

Hungry Member

know-it-all Member

know-it-all Member

know-it-all Member

know-it-all Member

Member

Well-Known Member

Malware Removal

know-it-all Member

Malware Removal

know-it-all Member

Malware Removal

Calvinista

know-it-all Member

Malware Removal

know-it-all Member

Calvinista

Banido

Users who are viewing this thread