Remoção de vírus

[Mr.Wolf]

Boa tarde!


defante, você acabou de cair em um golpe confiando naquele código Javascript... será que vai querer cair em outro? rsrs

Nunca confie nessas "tools" para o Orkut. Esta rede social não requer recursos a partir de ferramentas.

Todavia, nunca ouvi falar deste site que postou, tampouco o conheço para julgá-lo. No entanto, só pelas ferramentas presentes no site, percebe-se claramente que é suspeito. Dei uma analisada 'por cima' no código-fonte do site, e pelo que vi não há códigos maléficos no mesmo. Mas isso não quer dizer que ele ou as ferramentas sejam confiáveis ao ponto de arriscar seu próprio profile e suas informações pessoais.

Se eu fosse você, não confiaria!

_________________________________


juniorain, bem-vindo ao fórum!

Seu log está mostrando várias infecções por vermes e alguns trojans bankers.

Siga abaixo:

Spoiler

- Faça o download do BankerFix e salve-o no desktop;

● Desabilite o seu antivírus temporariamente para não detectar a ferramenta como vírus;
● Dê um duplo clique em bankerfix.exe;
● Surgirá uma mensagem dizendo que o mesmo será baixado via internet;
● Clique em OK > OK. Tecle Enter e aguarde o término do scan;
● Terminado o scan, leia a mensagem na tela e tecle Enter novamente.
● Será gerado um log em C:\LinhaDefensiva\relatorio.txt.

Cole este log em sua próxima resposta, juntamente com um novo log do HijackThis.

Delete a pasta C:\LinhaDefensiva após colar seu log aqui.



- Faça o download do Malwarebytes Anti-Malware e salve-o no desktop;

● Dê dois cliques no programa para iniciar a instalação. Selecione o idioma Português (Brasil);
● Ao final da instalação, marque as opções "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em Concluir;
● Após a instalação execute o programa;
● Marque a opção Verificação Completa e depois clique em Verificar. Selecione sua unidade C: e clique no botão Iniciar Verificação;
● Quando o scan terminar, clique em OK e o log será automaticamente aberto para você;
● Se algo for detectado, verifique se todos os itens estão marcados e clique no botão Remover.
OBS: Caso apareça uma mensagem pedindo para que você reinicie o computador para completar o processo de remoção, reinicie-o imediatamente;
● O log pode ser consultado clicando em Logs do menu principal também;

Copie e cole o conteúdo desse log na sua próxima resposta, juntamente com um novo log do HijackThis e o log do BankerFix.

_________________________________


Ferps, siga abaixo:

Spoiler

Baixe o CCSkeys e salve no desktop.

Dê um duplo clique no arquivo. Clique em OK na mensagem inicial.
Uma pasta CCSKeys será criada em seu desktop. Acesse-a e execute o arquivo CCScheck.exe.
Um log será aberto no Bloco de Notas. O mesmo estará salvo em C:\export.txt.

Copie-o e cole aqui.



- Faça o download do SDFix e salve no desktop;

● Dê um duplo clique no SDFix.exe e a ferramenta será instalada em C:\SDFix. Mas não o execute ainda;
● Reinicie seu computador em Modo de Segurança (segurando a tecla F8 durante a inicialização do sistema e escolhendo a opção Modo Seguro);
● Entre na pasta do SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat;
● Tecle Y para que a ferramenta inicie o processo de remoção;
● Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Faça isso. Seu computador será reiniciado automaticamente;
● Após reiniciar, a ferramenta ainda será executada novamente, irá terminar o seu trabalho e a palavra Finished irá aparecer. Pressione qualquer tecla novamente;
● Uma janela com o relatório do SDFix irá aparecer;
● O log abrirá automaticamente para você. Estará salvo na pasta do SDFix com o nome Report.txt;

Faça um novo log do HijackThis e cole na sua próxima resposta, juntamente com o log do SDFix e o do CCSkeys.

_________________________________


didifpg, embora esta não seja a área apropriada para este tipo de dúvida, vou tentar um pitaco. O ideal seria abrir um tópico na área Windows.

Primeiramente, faça o que o nosso amigo thi@go lhe instruiu poque é exatamente isso.

Ou então, aperte as teclas Ctrl + Alt + Delete duas vezes na tela de logon do Windows. Assim, será solicitado um nome de usuário e senha. Coloque seu nome e senha de administrador e faça o login.

_________________________________


Gustavo L, os logs estão limpos

Vá em Iniciar > Executar, cole o comando ComboFix /uninstall e dê um OK para removê-lo.

Ainda na caixa Executar, digite sysdm.cpl e dê um OK. Clique na aba Restauração do Sistema, marque "Desativar restauração do sistema" e dê um OK. Após isto, volte ao mesmo local e desmarque a opção. Isso evitará que a infecção retorne à máquina futuramente.

Algum problema ainda, amigo Gustavo?

 

[Antyon]

Gustavo L, os logs estão limpos

Vá em Iniciar > Executar, cole o comando ComboFix /uninstall e dê um OK para removê-lo.

Ainda na caixa Executar, digite sysdm.cpl e dê um OK. Clique na aba Restauração do Sistema, marque "Desativar restauração do sistema" e dê um OK. Após isto, volte ao mesmo local e desmarque a opção. Isso evitará que a infecção retorne à máquina futuramente.

Algum problema ainda, amigo Gustavo?

Muito obrigado pela ajuda Mr.Wolf

Sem mais problemas

abraço :yes:

 

[jvictorpaiva]

Prezado Mr.Wolf

Moro em Fortaleza mas estou tirando férias em SP, estou nesse momento usando o computador do meu tio, que por sinal está péssimo. Acredito que cheio de virus. Eu gostaria bastante de deixar esse computador pelo menos "usável", até como uma forma de agradecimento. Por favor me ajude. Segue abaixo relatório do Hijackthis 2.0.4

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:13:11, on 13/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Arquivos de programas\Clarus\Samsung SecretZone\MSSvc.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\Yuri\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [S60 PC Suite Tray] "C:\Arquivos de programas\Samsung\Samsung PC Studio 7\PCSuite.exe" -onlytray (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [S60 PC Suite Tray] "C:\Arquivos de programas\Samsung\Samsung PC Studio 7\PCSuite.exe" -onlytray (User 'Default user')
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Virtual Disk Service Manager (MSR Service) - Unknown owner - C:\Arquivos de programas\Clarus\Samsung SecretZone\MSSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

--
End of file - 3141 bytes

 

[juniorain]

juniorain, bem-vindo ao fórum!

Seu log está mostrando várias infecções por vermes e alguns trojans bankers.

Siga abaixo:

Spoiler

- Faça o download do BankerFix e salve-o no desktop;

● Desabilite o seu antivírus temporariamente para não detectar a ferramenta como vírus;
● Dê um duplo clique em bankerfix.exe;
● Surgirá uma mensagem dizendo que o mesmo será baixado via internet;
● Clique em OK > OK. Tecle Enter e aguarde o término do scan;
● Terminado o scan, leia a mensagem na tela e tecle Enter novamente.
● Será gerado um log em C:\LinhaDefensiva\relatorio.txt.

Cole este log em sua próxima resposta, juntamente com um novo log do HijackThis.

Delete a pasta C:\LinhaDefensiva após colar seu log aqui.



- Faça o download do Malwarebytes Anti-Malware e salve-o no desktop;

● Dê dois cliques no programa para iniciar a instalação. Selecione o idioma Português (Brasil);
● Ao final da instalação, marque as opções "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em Concluir;
● Após a instalação execute o programa;
● Marque a opção Verificação Completa e depois clique em Verificar. Selecione sua unidade C: e clique no botão Iniciar Verificação;
● Quando o scan terminar, clique em OK e o log será automaticamente aberto para você;
● Se algo for detectado, verifique se todos os itens estão marcados e clique no botão Remover.
OBS: Caso apareça uma mensagem pedindo para que você reinicie o computador para completar o processo de remoção, reinicie-o imediatamente;
● O log pode ser consultado clicando em Logs do menu principal também;

Copie e cole o conteúdo desse log na sua próxima resposta, juntamente com um novo log do HijackThis e o log do BankerFix.

Obrigado Mr.Wolf pela ajuda, eu fiz como você disse, aqui estão os logs:

BankerFix:

Spoiler

BankerFix 3.1 VALKYRIE - Removedor de Bankers
Linha Defensiva | http://www.linhadefensiva.org
http://www.linhadefensiva.org/bankerfix/
-------------------------------------------------------
Data: 2010-05-13 - 19:31
-------------------------------------------------------
Lista de Definição: 2010-03-28-1 | CORE: 2010-01-14-1
=======================================================



----- Fim -------------------------

Malwarebytes:

Spoiler

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versão da Base de Dados: 4097

Windows 6.0.6000
Internet Explorer 7.0.6000.16386

13/05/2010 19:24:20
mbam-log-2010-05-13 (19-24-20).txt

Tipo de Verificação: Verificação Completa (C:\|)
Objetos escaneados: 349816
Tempo decorrido: 1 hora(s), 17 minuto(s), 5 segundo(s)

Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 1
Valores de Registro Infectados: 1
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 0
Arquivos Infectados: 3

Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valores de Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft updates (Backdoor.Bot) -> Quarantined and deleted successfully.

Itens de Dados no Registro Infectados:
(Não foram detectados ítens maliciosos)

Pastas Infectadas:
(Não foram detectados ítens maliciosos)

Arquivos Infectados:
C:\Program Files\ClonySoft\Vista x86 OneClick Activator\VistaActivationCrackSetup.exe (Worm.VB) -> Quarantined and deleted successfully.
C:\Users\ADM\AppData\Roaming\AD ON Multimedia\eBay Shortcuts\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\Windows\System32\snapapi32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

HijackThis:

Spoiler

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:59:33, on 13/05/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HooTech\NetMeter\HooNetMeter.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Microsoft Manager 1] C:\Windows\KlD.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" resetprofile
O4 - HKCU\..\Run: [NetMeter] C:\Program Files\HooTech\NetMeter\HooNetMeter.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O4 - Global Startup: Folding@home.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F19F8EC-9AA4-4E96-B491-7E712296B266}: NameServer = 200.204.0.10 200.204.0.138
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

--
End of file - 8682 bytes

 

[didifpg]

Muuuuito obrigado Thi@ago e Mr. Wolf...
uma coisa simples que deu muito trabalhoo....

Valeu mesmoo..
ajudou demais!!!
=D

 

[Rodrimack]

Grande Mr. Wolf o anjo da guarda nosso, mais uma vez preciso de sua ajuda.

Meu antivirus avira acusou um trojan trscript7333. Não sei se é um falso positivo. O que eu não entendo é como pego esses vírus já que tomo todo cuidado possível e uso firewall do proprio avira. Tem outra coisa sempre aparece uma entrada estranha no meu hijack "O17 - HKLM\System\CCS\Services\Tcpip\..\{39D15094-879D-49CE-A334-4D86DA1A659A}: NameServer = 189.1.1.10 189.1.1.249" Não sei que server é esse, se é um trojan ou meu provedor, uso um tal de hotlink.

Log do avira:

Premium Security Suite
Report file date: 2010-05-13 19:19

Scanning for 2114382 virus strains and unwanted programs.

The program is running as a full version.
Online services are available:

Licensee : avira keyfinder 2010
Serial number : 2206548511-ISECE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : NOME-195A66C457

Version information:
BUILD.DAT : 10.0.0.542 43194 Bytes 2010-04-19 15:06:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 2010-04-19 13:30:50
AVSCAN.DLL : 10.0.3.0 46440 Bytes 2010-04-19 13:30:50
LUKE.DLL : 10.0.2.3 104296 Bytes 2010-03-07 21:32:09
LUKERES.DLL : 10.0.0.1 12648 Bytes 2010-02-11 02:40:44
VBASE000.VDF : 7.10.0.0 19875328 Bytes 2009-11-06 12:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 2009-11-19 22:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 2010-01-20 20:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 2010-01-26 19:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 2010-03-05 14:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 2010-04-15 13:30:30
VBASE006.VDF : 7.10.6.83 2048 Bytes 2010-04-15 13:30:30
VBASE007.VDF : 7.10.6.84 2048 Bytes 2010-04-15 13:30:31
VBASE008.VDF : 7.10.6.85 2048 Bytes 2010-04-15 13:30:31
VBASE009.VDF : 7.10.6.86 2048 Bytes 2010-04-15 13:30:31
VBASE010.VDF : 7.10.6.87 2048 Bytes 2010-04-15 13:30:31
VBASE011.VDF : 7.10.6.88 2048 Bytes 2010-04-15 13:30:32
VBASE012.VDF : 7.10.6.89 2048 Bytes 2010-04-15 13:30:32
VBASE013.VDF : 7.10.6.90 2048 Bytes 2010-04-15 13:30:32
VBASE014.VDF : 7.10.6.123 126464 Bytes 2010-04-19 17:34:50
VBASE015.VDF : 7.10.6.152 123392 Bytes 2010-04-21 14:59:36
VBASE016.VDF : 7.10.6.178 122880 Bytes 2010-04-22 14:15:35
VBASE017.VDF : 7.10.6.206 120320 Bytes 2010-04-26 17:44:09
VBASE018.VDF : 7.10.6.232 99328 Bytes 2010-04-28 13:42:33
VBASE019.VDF : 7.10.7.2 155648 Bytes 2010-04-30 13:25:24
VBASE020.VDF : 7.10.7.26 119808 Bytes 2010-05-04 12:03:37
VBASE021.VDF : 7.10.7.51 118272 Bytes 2010-05-06 12:41:42
VBASE022.VDF : 7.10.7.75 404992 Bytes 2010-05-10 17:40:15
VBASE023.VDF : 7.10.7.76 2048 Bytes 2010-05-10 17:40:16
VBASE024.VDF : 7.10.7.77 2048 Bytes 2010-05-10 17:40:16
VBASE025.VDF : 7.10.7.78 2048 Bytes 2010-05-10 17:40:16
VBASE026.VDF : 7.10.7.79 2048 Bytes 2010-05-10 17:40:16
VBASE027.VDF : 7.10.7.80 2048 Bytes 2010-05-10 17:40:17
VBASE028.VDF : 7.10.7.81 2048 Bytes 2010-05-10 17:40:17
VBASE029.VDF : 7.10.7.82 2048 Bytes 2010-05-10 17:40:17
VBASE030.VDF : 7.10.7.83 2048 Bytes 2010-05-10 17:40:18
VBASE031.VDF : 7.10.7.97 125440 Bytes 2010-05-13 16:35:07
Engineversion : 8.2.1.242
AEVDF.DLL : 8.1.2.0 106868 Bytes 2010-04-23 14:15:43
AESCRIPT.DLL : 8.1.3.29 1343866 Bytes 2010-05-12 18:13:52
AESCN.DLL : 8.1.6.1 127347 Bytes 2010-05-12 18:13:45
AESBX.DLL : 8.1.3.1 254324 Bytes 2010-04-23 14:15:43
AERDL.DLL : 8.1.4.6 541043 Bytes 2010-04-15 15:30:15
AEPACK.DLL : 8.2.1.1 426358 Bytes 2010-03-27 13:35:04
AEOFFICE.DLL : 8.1.1.0 201081 Bytes 2010-05-12 18:13:44
AEHEUR.DLL : 8.1.1.27 2670967 Bytes 2010-05-05 10:44:03
AEHELP.DLL : 8.1.11.3 242039 Bytes 2010-04-01 21:48:00
AEGEN.DLL : 8.1.3.9 377203 Bytes 2010-05-12 18:13:43
AEEMU.DLL : 8.1.2.0 393588 Bytes 2010-04-23 14:15:40
AECORE.DLL : 8.1.15.3 192886 Bytes 2010-05-12 18:13:39
AEBB.DLL : 8.1.1.0 53618 Bytes 2010-04-23 14:15:40
AVWINLL.DLL : 10.0.0.0 19304 Bytes 2010-01-14 15:02:28
AVPREF.DLL : 10.0.0.0 44904 Bytes 2010-01-14 15:02:23
AVREP.DLL : 10.0.0.8 62209 Bytes 2010-02-18 19:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 2010-04-19 13:30:52
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 2010-04-19 13:30:52
AVARKT.DLL : 10.0.0.14 227176 Bytes 2010-04-19 13:30:49
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 2010-01-26 12:52:23
SQLITE3.DLL : 3.6.19.0 355688 Bytes 2010-01-28 15:57:05
AVSMTP.DLL : 10.0.0.17 63848 Bytes 2010-03-16 18:38:38
NETNT.DLL : 10.0.0.0 11624 Bytes 2010-02-19 17:40:04
RCIMAGE.DLL : 10.0.0.32 2899304 Bytes 2010-04-19 13:30:49
RCTEXT.DLL : 10.0.53.0 97128 Bytes 2010-04-19 13:30:49

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\arquivos de programas\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 2010-05-13 19:19

Starting search for hidden objects.
HKEY_USERS\S-1-5-21-4294710607-957213101-1005835743-1005\Software\SecuROM\License information\datasecu
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-4294710607-957213101-1005835743-1005\Software\SecuROM\License information\rkeysecu
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NtmsSvc\Config\Standalone\drivelist
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'LogonUI.EXE' - '37' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '61' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '70' Module(s) have been scanned
Scan process 'avcenter.exe' - '84' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'avgnt.exe' - '67' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '37' Module(s) have been scanned
Scan process 'alg.exe' - '35' Module(s) have been scanned
Scan process 'Explorer.EXE' - '115' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '19' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '45' Module(s) have been scanned
Scan process 'AVWEBGRD.EXE' - '36' Module(s) have been scanned
Scan process 'avmailc.exe' - '30' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'StartManSvc.exe' - '24' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'MDM.EXE' - '22' Module(s) have been scanned
Scan process 'jqs.exe' - '78' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'ASO3DefragSrv.exe' - '15' Module(s) have been scanned
Scan process 'avguard.exe' - '75' Module(s) have been scanned
Scan process 'avfwsvc.exe' - '54' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'sched.exe' - '46' Module(s) have been scanned
Scan process 'spoolsv.exe' - '59' Module(s) have been scanned
Scan process 'svchost.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '156' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'svchost.exe' - '51' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '15' Module(s) have been scanned
Scan process 'lsass.exe' - '59' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '66' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1734' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\User\Desktop\nokia programas e aplicativos\jogos\129 Jogos Nokia 5530 Full Screen.zip
[0] Archive type: ZIP
[DETECTION] Is the TR/Script.7133 Trojan
--> 129 Jogos Nokia 5530 Full Screen/Pes 2009 Nokia 5530.jar
[1] Archive type: ZIP
--> _
[DETECTION] Is the TR/Script.7133 Trojan

Beginning disinfection:
C:\Documents and Settings\User\Desktop\nokia programas e aplicativos\jogos\129 Jogos Nokia 5530 Full Screen.zip
[DETECTION] Is the TR/Script.7133 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4aa334f7.qua'.


End of the scan: 2010-05-13 20:50
Used time: 1:17:10 Hour(s)

The scan has been done completely.

7076 Scanned directories
311864 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
311863 Files not concerned
2486 Archives were scanned
0 Warnings
1 Notes
603441 Objects were scanned with rootkit scan
3 Hidden objects were found


Hijack:

Logfile of HijackThis v1.99.1
Scan saved at 20:19:32, on 13/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avfwsvc.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avmailc.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
c:\arquivos de programas\avira\antivir desktop\avcenter.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\User\Desktop\Nova pasta\hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O10 - Unknown file in Winsock LSP: c:\arquivos de programas\avira\antivir desktop\avsda.dll
O10 - Unknown file in Winsock LSP: c:\arquivos de programas\avira\antivir desktop\avsda.dll
O10 - Unknown file in Winsock LSP: c:\arquivos de programas\avira\antivir desktop\avsda.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{39D15094-879D-49CE-A334-4D86DA1A659A}: NameServer = 189.1.1.10 189.1.1.249
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Avira FireWall (AntiVirFirewallService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Arquivos de programas\Arquivos comuns\PC Tools\sMonitor\StartManSvc.exe

 

[thi@go]

Muuuuito obrigado Thi@ago e Mr. Wolf...
uma coisa simples que deu muito trabalhoo....

Valeu mesmoo..
ajudou demais!!!
=D

Deu certo? resolveu o problema?

 

[Mr.Wolf]

jvictorpaiva, gostaria que me esclarecesse quais são, exatamente, os problemas enfrentados na máquina que o levou a considerá-la "péssima". Pois, dependendo, nem é algo associado a vírus.

Vamos fazer uma avaliação mais minuciosa. Siga abaixo.

Spoiler

Faça o download do OTL e salve-o no desktop;

● Dê um duplo clique em OTL.exe para executá-lo;
● Marque as opções: Verificar All Users, Verificar Lop e Verificar Purity;
● Clique no botão Verificar e aguarde o scan;
● Dois logs serão abertos no Bloco de Notas:

- OTL.Txt <- este será aberto
- Extras.Txt <- este estará minimizado

Eles também estarão salvos no desktop. Cole-os em sua próxima resposta.

________________________


juniorain, siga abaixo.

Spoiler

- Faça o download do ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Vá em Iniciar > Executar, digite: "%userprofile%\desktop\combofix.exe" /killall e clique em OK como na imagem:

● Se o ComboFix encontrar algum tipo de emulador de CD (como o DAEMON Tools, Alcohol, etc) aparecerá uma mensagem dizendo que precisa ser desabilitado. Clique em OK e aguarde o PC reiniciar.

● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Não;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.

Cole este log em sua próxima resposta.

________________________


Rodrimack, o Avira acusou contaminação, e já moveu-a para a quarentena, dentro de uma pasta zipada, lozalizada em:

C:\Documents and Settings\User\Desktop\nokia programas e aplicativos\jogos\129 Jogos Nokia 5530 Full Screen.zip

E como arquivo infectado o Pes 2009 Nokia 5530.jar.

Conhece-o? Antes de tê-lo movido para a quarentena, você poderia ter submetido-o à uma análise no VirusTotal.

Quanto à entrada O17, é do seu provedor HOTlink. Jamais remova esta entrada senão perderá a conexão com a Internet. Dê uma olhada neste link para obter mais detalhes - leia as informações contidas em HOTLINK.COM.BR - DNS Information.

Seu log do HijackThis está limpo, Rodrimack. Acredito que a detecção do Avira foi um legítimo falso positivo.

 

[Rodrimack]

jvictorpaiva, gostaria que me esclarecesse quais são, exatamente, os problemas enfrentados na máquina que o levou a considerá-la "péssima". Pois, dependendo, nem é algo associado a vírus.

Vamos fazer uma avaliação mais minuciosa. Siga abaixo.

Spoiler

Faça o download do OTL e salve-o no desktop;

● Dê um duplo clique em OTL.exe para executá-lo;
● Marque as opções: Verificar All Users, Verificar Lop e Verificar Purity;
● Clique no botão Verificar e aguarde o scan;
● Dois logs serão abertos no Bloco de Notas:

- OTL.Txt <- este será aberto
- Extras.Txt <- este estará minimizado

Eles também estarão salvos no desktop. Cole-os em sua próxima resposta.

________________________


juniorain, siga abaixo.

Spoiler

- Faça o download do ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Vá em Iniciar > Executar, digite: "%userprofile%\desktop\combofix.exe" /killall e clique em OK como na imagem:

● Se o ComboFix encontrar algum tipo de emulador de CD (como o DAEMON Tools, Alcohol, etc) aparecerá uma mensagem dizendo que precisa ser desabilitado. Clique em OK e aguarde o PC reiniciar.

● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Não;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.

Cole este log em sua próxima resposta.

________________________


Rodrimack, o Avira acusou contaminação, e já moveu-a para a quarentena, dentro de uma pasta zipada, lozalizada em:

C:\Documents and Settings\User\Desktop\nokia programas e aplicativos\jogos\129 Jogos Nokia 5530 Full Screen.zip

E como arquivo infectado o Pes 2009 Nokia 5530.jar.

Conhece-o? Antes de tê-lo movido para a quarentena, você poderia ter submetido-o à uma análise no VirusTotal.

Quanto à entrada O17, é do seu provedor HOTlink. Jamais remova esta entrada senão perderá a conexão com a Internet. Dê uma olhada neste link para obter mais detalhes - leia as informações contidas em HOTLINK.COM.BR - DNS Information.

Seu log do HijackThis está limpo, Rodrimack. Acredito que a detecção do Avira foi um legítimo falso positivo.

Sim vc tem razão, o avira detectou errado e a entrada é do server hotlink, obrigado!

 

[jvictorpaiva]

Caro Mr.Wolf,

O computadior está muito lento, travando bastante além de um visual diferente, ex: os botões de minimizar, maximinizar e fechar estão menores do que o comum, etc.

Segue abaixo os logs que você pediu:

Extras e OTL:

OTL Extras logfile created on: 14/05/2010 18:25:25 - Run 1
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Documents and Settings\Odete.HOME-2214F491DC\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
495,00 Mb Total Physical Memory | 146,00 Mb Available Physical Memory | 29,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 61,00% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 74,52 Gb Total Space | 36,51 Gb Free Space | 49,00% Space Free | Partition Type: NTFS
Drive D: | 4,28 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
Drive F: | 149,05 Gb Total Space | 71,19 Gb Free Space | 47,76% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HOME-2214F491DC
Current User Name: Odete
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_USERS\S-1-5-21-1454471165-1035525444-1417001333-1005\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Arquivos de programas\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Arquivos de programas\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"57472:TCP" = 57472:TCP:*:Enabled:Pando Media Booster
"57472:UDP" = 57472:UDP:*:Enabled:Pando Media Booster
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Arquivos de programas\Microsoft ActiveSync\rapimgr.exe" = C:\Arquivos de programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe" = C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Arquivos de programas\Microsoft ActiveSync\WCESMgr.exe" = C:\Arquivos de programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe" = C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\HP Software Update\HPWUCli.exe" = C:\Arquivos de programas\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Arquivos de programas\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Arquivos de programas\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Arquivos de programas\Ares\Ares.exe" = C:\Arquivos de programas\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- File not found
"C:\Arquivos de programas\NetMeeting\conf.exe" = C:\Arquivos de programas\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Console de gerenciamento Microsoft -- (Microsoft Corporation)
"C:\Arquivos de programas\eMule\emule.exe" = C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule -- File not found
"C:\Arquivos de programas\Sony Ericsson\Update Service\Update Service.exe" = C:\Arquivos de programas\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- File not found
"C:\Arquivos de programas\Messenger\msmsgs.exe" = C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- File not found
"C:\Arquivos de programas\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Arquivos de programas\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Arquivos de programas\Arquivos comuns\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Arquivos de programas\Arquivos comuns\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process  -- (Nokia Corporation)
"C:\Arquivos de programas\SimpleCenter\Home Media Server.exe" = C:\Arquivos de programas\SimpleCenter\Home Media Server.exe:*:Enabled:Home Media Server -- (Universal Electronics, Inc.)
"C:\Arquivos de programas\Microsoft ActiveSync\rapimgr.exe" = C:\Arquivos de programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe" = C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Arquivos de programas\Microsoft ActiveSync\WCESMgr.exe" = C:\Arquivos de programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe" = C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe" = C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\HP Software Update\HPWUCli.exe" = C:\Arquivos de programas\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Arquivos de programas\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Arquivos de programas\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Documents and Settings\Renato\Configurações locais\Dados de aplicativos\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Renato\Configurações locais\Dados de aplicativos\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Arquivos de programas\iTunes\iTunes.exe" = C:\Arquivos de programas\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00405945-70C1-4B1D-9A3C-45A2883366AF}" = PS_AIO_05_C4600_Software_Min
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0C405D1F-359E-41C5-A1A9-383A04BBD5E2}" = Windows Live Galeria de Fotos
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4186FEBC-F0CC-4185-A406-24292BC9877A}" = Nokia Software Updater
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44C81D1A-0520-49BB-B510-98B8DD414EA1}" = HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5
"{47A0A80F-8DC0-43EB-B9B4-36FD86979DF7}" = Nokia Connectivity Cable Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{624DEAA0-B27D-444B-8BFE-70622B318A4A}" = Windows Live Toolbar
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66491E5A-7899-4863-A2E9-057E10BCB578}" = Samsung SecretZone
"{6BB42024-D62A-33F5-B883-52069E2C9668}" = Google Talk Plugin
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{7CDD7C4C-5224-40E4-951F-51C12FEAB8AB}" = C4600
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{81B2907E-0F93-4217-8840-A217EF59A244}" = PC Connectivity Solution
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{95120000-0122-0416-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9555B4ED-09A3-4722-8E8C-57A49401D059}" = Windows Live Writer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BCF5122-3E65-4FCA-81B2-57D903DC6E98}" = samsungi8510
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9E2EE2F7-33BD-4D30-9E5D-8469A9F32009}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{AB6F6C80-1C35-4672-BDEF-F26FF214C409}" = Samsung PC Studio 7
"{AC76BA86-7AD7-1046-7B44-A91000000001}" = Adobe Reader 9.1 - Português
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader  1.0
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials
"504244733D18C8F63FF584AEB290E3904E791693" = Pacote de Driver do Windows - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 3.7.9
"Disney Toontown Online BR" = Disney Toontown Online BR
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"ie8" = Windows Internet Explorer 8
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"Revo Uninstaller" = Revo Uninstaller 1.87
"Samsung PC Studio 7" = Samsung PC Studio 7
"SeekService" = SeekService 1.0 build 129
"Uploader" = Uploader
"WinLiveSuite_Wave3" = Windows Live Essentials
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-1454471165-1035525444-1417001333-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Midnight Racing" = Midnight Racing
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 19/04/2010 08:55:31 | Computer Name = HOME-2214F491DC | Source = MsiInstaller | ID = 1024
Description = Produto: Microsoft Office Enterprise 2007 - A atualização 'Security
 Update for Microsoft Office Outlook 2007 (KB972363)' não pôde ser instalada. Código
 de erro 1603. O Windows Installer pode criar logs para ajudar a solucionar problemas
 na instalação de pacotes de software. Use o link a seguir para obter informações
 sobre ativação do suporte a registro em log: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error - 19/04/2010 08:56:33 | Computer Name = HOME-2214F491DC | Source = MsiInstaller | ID = 1024
Description = Produto: Microsoft Office Enterprise 2007 - A atualização 'Security
 Update for Microsoft Office system 2007 (KB974234)' não pôde ser instalada. Código
 de erro 1603. O Windows Installer pode criar logs para ajudar a solucionar problemas
 na instalação de pacotes de software. Use o link a seguir para obter informações
 sobre ativação do suporte a registro em log: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error - 19/04/2010 08:57:04 | Computer Name = HOME-2214F491DC | Source = MsiInstaller | ID = 1024
Description = Produto: Microsoft Office Enterprise 2007 - A atualização 'Security
 Update for Microsoft Office Publisher 2007 (KB980470)' não pôde ser instalada. 
Código de erro 1603. O Windows Installer pode criar logs para ajudar a solucionar
 problemas na instalação de pacotes de software. Use o link a seguir para obter 
informações sobre ativação do suporte a registro em log: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error - 19/04/2010 08:57:35 | Computer Name = HOME-2214F491DC | Source = MsiInstaller | ID = 1024
Description = Produto: Microsoft Office Enterprise 2007 - A atualização 'Security
 Update for 2007 Microsoft Office System (KB978380)' não pôde ser instalada. Código
 de erro 1603. O Windows Installer pode criar logs para ajudar a solucionar problemas
 na instalação de pacotes de software. Use o link a seguir para obter informações
 sobre ativação do suporte a registro em log: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error - 19/04/2010 08:58:50 | Computer Name = HOME-2214F491DC | Source = MsiInstaller | ID = 1024
Description = Produto: Microsoft Office Enterprise 2007 - A atualização 'Update 
for Microsoft Office InfoPath 2007 (KB976416)' não pôde ser instalada. Código de
 erro 1603. O Windows Installer pode criar logs para ajudar a solucionar problemas
 na instalação de pacotes de software. Use o link a seguir para obter informações
 sobre ativação do suporte a registro em log: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error - 19/04/2010 09:00:09 | Computer Name = HOME-2214F491DC | Source = MsiInstaller | ID = 1024
Description = Produto: Microsoft Office Enterprise 2007 - A atualização 'Security
 Update for Microsoft Office Excel 2007 (KB978382)' não pôde ser instalada. Código
 de erro 1603. O Windows Installer pode criar logs para ajudar a solucionar problemas
 na instalação de pacotes de software. Use o link a seguir para obter informações
 sobre ativação do suporte a registro em log: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error - 19/04/2010 09:01:51 | Computer Name = HOME-2214F491DC | Source = MsiInstaller | ID = 1024
Description = Produto: Microsoft Office Enterprise 2007 - A atualização 'Security
 Update for Microsoft Office system 2007 (972581)' não pôde ser instalada. Código
 de erro 1603. O Windows Installer pode criar logs para ajudar a solucionar problemas
 na instalação de pacotes de software. Use o link a seguir para obter informações
 sobre ativação do suporte a registro em log: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error - 19/04/2010 09:02:32 | Computer Name = HOME-2214F491DC | Source = MsiInstaller | ID = 1024
Description = Produto: Microsoft Office Enterprise 2007 - A atualização 'Security
 Update for Microsoft Office Visio Viewer 2007 (KB973709)' não pôde ser instalada.
 Código de erro 1603. O Windows Installer pode criar logs para ajudar a solucionar
 problemas na instalação de pacotes de software. Use o link a seguir para obter 
informações sobre ativação do suporte a registro em log: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error - 19/04/2010 09:03:14 | Computer Name = HOME-2214F491DC | Source = MsiInstaller | ID = 1024
Description = Produto: Microsoft Office Enterprise 2007 - A atualização 'Update 
for Microsoft Office OneNote 2007 (KB980729)' não pôde ser instalada. Código de 
erro 1603. O Windows Installer pode criar logs para ajudar a solucionar problemas
 na instalação de pacotes de software. Use o link a seguir para obter informações
 sobre ativação do suporte a registro em log: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error - 19/04/2010 09:04:24 | Computer Name = HOME-2214F491DC | Source = MsiInstaller | ID = 1024
Description = Produto: Microsoft Office Enterprise 2007 - A atualização 'Update 
for 2007 Microsoft Office System (KB981715)' não pôde ser instalada. Código de erro
 1603. O Windows Installer pode criar logs para ajudar a solucionar problemas na
 instalação de pacotes de software. Use o link a seguir para obter informações sobre
 ativação do suporte a registro em log: http://go.microsoft.com/fwlink/?LinkId=23127
 
[ System Events ]
Error - 14/05/2010 16:42:32 | Computer Name = HOME-2214F491DC | Source = DCOM | ID = 10005
Description = Erro "%1058" no DCOM na tentativa de iniciar o serviço ServiceLayer
 com argumentos ""  para iniciar o servidor:  {ACF50018-41F8-476D-85FD-CD953DAE4A49}
 
Error - 14/05/2010 16:42:35 | Computer Name = HOME-2214F491DC | Source = DCOM | ID = 10005
Description = Erro "%1058" no DCOM na tentativa de iniciar o serviço ServiceLayer
 com argumentos ""  para iniciar o servidor:  {ACF50018-41F8-476D-85FD-CD953DAE4A49}
 
Error - 14/05/2010 16:43:23 | Computer Name = HOME-2214F491DC | Source = DCOM | ID = 10005
Description = Erro "%1058" no DCOM na tentativa de iniciar o serviço ServiceLayer
 com argumentos ""  para iniciar o servidor:  {ACF50018-41F8-476D-85FD-CD953DAE4A49}
 
Error - 14/05/2010 16:43:26 | Computer Name = HOME-2214F491DC | Source = DCOM | ID = 10005
Description = Erro "%1058" no DCOM na tentativa de iniciar o serviço ServiceLayer
 com argumentos ""  para iniciar o servidor:  {ACF50018-41F8-476D-85FD-CD953DAE4A49}
 
Error - 14/05/2010 16:43:29 | Computer Name = HOME-2214F491DC | Source = DCOM | ID = 10005
Description = Erro "%1058" no DCOM na tentativa de iniciar o serviço ServiceLayer
 com argumentos ""  para iniciar o servidor:  {ACF50018-41F8-476D-85FD-CD953DAE4A49}
 
Error - 14/05/2010 16:43:36 | Computer Name = HOME-2214F491DC | Source = DCOM | ID = 10005
Description = Erro "%1058" no DCOM na tentativa de iniciar o serviço ServiceLayer
 com argumentos ""  para iniciar o servidor:  {D05D5AC0-CBDC-43B7-AADB-E3AC4E98CCE9}
 
Error - 14/05/2010 16:43:36 | Computer Name = HOME-2214F491DC | Source = DCOM | ID = 10005
Description = Erro "%1058" no DCOM na tentativa de iniciar o serviço ServiceLayer
 com argumentos ""  para iniciar o servidor:  {D05D5AC0-CBDC-43B7-AADB-E3AC4E98CCE9}
 
Error - 14/05/2010 16:43:36 | Computer Name = HOME-2214F491DC | Source = DCOM | ID = 10005
Description = Erro "%1058" no DCOM na tentativa de iniciar o serviço ServiceLayer
 com argumentos ""  para iniciar o servidor:  {ACF50018-41F8-476D-85FD-CD953DAE4A49}
 
Error - 14/05/2010 16:43:39 | Computer Name = HOME-2214F491DC | Source = DCOM | ID = 10005
Description = Erro "%1058" no DCOM na tentativa de iniciar o serviço ServiceLayer
 com argumentos ""  para iniciar o servidor:  {ACF50018-41F8-476D-85FD-CD953DAE4A49}
 
Error - 14/05/2010 16:43:42 | Computer Name = HOME-2214F491DC | Source = DCOM | ID = 10005
Description = Erro "%1058" no DCOM na tentativa de iniciar o serviço ServiceLayer
 com argumentos ""  para iniciar o servidor:  {ACF50018-41F8-476D-85FD-CD953DAE4A49}
 
 
< End of report >

OTL logfile created on: 14/05/2010 18:25:25 - Run 1
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Documents and Settings\Odete.HOME-2214F491DC\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
495,00 Mb Total Physical Memory | 146,00 Mb Available Physical Memory | 29,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 61,00% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 74,52 Gb Total Space | 36,51 Gb Free Space | 49,00% Space Free | Partition Type: NTFS
Drive D: | 4,28 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
Drive F: | 149,05 Gb Total Space | 71,19 Gb Free Space | 47,76% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HOME-2214F491DC
Current User Name: Odete
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/05/14 18:24:35 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Odete.HOME-2214F491DC\Desktop\OTL.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/29 08:52:14 | 000,350,704 | ---- | M] (NOS Microsystems Ltd.) -- C:\Arquivos de programas\NOS\bin\getPlusPlus_Adobe.exe
PRC - [2009/10/20 19:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) -- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/05/12 20:00:48 | 000,102,400 | ---- | M] () -- C:\Arquivos de programas\Clarus\Samsung SecretZone\MSSvc.exe
PRC - [2009/03/20 14:32:32 | 001,312,256 | ---- | M] (Nokia) -- C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2008/12/06 00:48:08 | 000,699,392 | ---- | M] () -- C:\Arquivos de programas\Samsung\Samsung PC Studio 7\PCSuite.exe
PRC - [2008/04/13 19:21:00 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/26 12:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe
PRC - [2006/06/26 23:38:46 | 001,211,176 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/06/26 23:38:18 | 000,187,176 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft ActiveSync\rapimgr.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/05/14 18:24:35 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Odete.HOME-2214F491DC\Desktop\OTL.exe
MOD - [2008/04/13 19:19:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Running] -- C:\Arquivos de programas\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/02/26 15:14:04 | 000,652,800 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/10/20 19:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2009/09/22 18:26:00 | 000,054,784 | ---- | M] () [Disabled | Stopped] -- C:\Documents and Settings\All Users\Dados de aplicativos\SeekService\seekservice129.exe -- (SeekService Service)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/12 20:00:48 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Arquivos de programas\Clarus\Samsung SecretZone\MSSvc.exe -- (MSR Service)
SRV - [2007/08/24 02:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 12:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
SRV - [2006/10/26 12:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/03/03 12:33:40 | 000,143,360 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2010/05/01 21:08:14 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/10/14 20:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 18:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 13:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/09/01 14:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2009/05/23 20:38:50 | 000,024,616 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009/05/23 20:38:50 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/04/21 12:25:30 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- C:\Arquivos de programas\Clarus\Samsung SecretZone\mdf15.sys -- (mdf15)
DRV - [2009/04/21 12:25:26 | 000,043,008 | ---- | M] () [Kernel | System | Running] -- C:\Arquivos de programas\Clarus\Samsung SecretZone\mvd20.sys -- (mvd20)
DRV - [2009/01/27 15:12:16 | 000,039,680 | ---- | M] (Gbridge LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gbridge.sys -- (gbridge)
DRV - [2008/11/04 08:45:46 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2008/11/04 08:45:46 | 000,108,200 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2008/11/04 08:45:46 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2008/11/04 08:45:44 | 000,114,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2008/11/04 08:45:44 | 000,086,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2008/11/04 08:45:44 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2008/11/04 08:45:44 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/10/17 05:50:00 | 000,131,072 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt)
DRV - [2008/10/17 05:50:00 | 000,079,104 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/12 05:02:04 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2007/05/02 16:32:34 | 000,135,680 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdsa.sys -- (nmwcdsa)
DRV - [2007/05/02 16:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdsacm.sys -- (nmwcdsacm)
DRV - [2007/05/02 16:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdsacj.sys -- (nmwcdsacj)
DRV - [2007/05/02 16:31:54 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdsac.sys -- (nmwcdsac)
DRV - [2006/02/06 20:19:54 | 008,410,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2005/12/16 12:50:30 | 003,842,560 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/03/17 16:39:12 | 000,020,352 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC 61 AF 84 A6 F3 CA 01  [binary data]
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC 61 AF 84 A6 F3 CA 01  [binary data]
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1454471165-1035525444-1417001333-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1454471165-1035525444-1417001333-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1454471165-1035525444-1417001333-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Arquivos de programas\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/06/20 16:01:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/09 21:14:41 | 000,000,000 | ---D | M]
 
[2009/02/15 09:21:25 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2007/07/21 18:40:28 | 000,000,776 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O3 - HKU\S-1-5-21-1454471165-1035525444-1417001333-1005\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll File not found
O4 - HKLM..\Run: [AVP] C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKU\.DEFAULT..\Run: [H/PC Connection Agent] C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [PC Suite Tray] C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\.DEFAULT..\Run: [S60 PC Suite Tray] C:\Arquivos de programas\Samsung\Samsung PC Studio 7\PCSuite.exe ()
O4 - HKU\S-1-5-18..\Run: [H/PC Connection Agent] C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [PC Suite Tray] C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-18..\Run: [S60 PC Suite Tray] C:\Arquivos de programas\Samsung\Samsung PC Studio 7\PCSuite.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-1035525444-1417001333-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-1035525444-1417001333-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Arquivos de programas\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Alegria.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Alegria.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/02 18:28:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/05/14 18:24:31 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Odete.HOME-2214F491DC\Desktop\OTL.exe
[2010/05/14 18:20:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Odete.HOME-2214F491DC\Meus documentos\Meus vídeos
[2010/05/14 18:14:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Odete.HOME-2214F491DC\Dados de aplicativos\Macromedia
[2010/05/14 18:14:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Odete.HOME-2214F491DC\Dados de aplicativos\Adobe
[2010/05/14 17:54:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Odete.HOME-2214F491DC\Application Data
[2010/05/14 17:46:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Odete.HOME-2214F491DC\PrivacIE
[2010/05/14 17:43:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Odete.HOME-2214F491DC\Dados de aplicativos\Nokia
[2010/05/08 21:09:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Odete.HOME-2214F491DC\Dados de aplicativos\Sun
[2010/05/08 16:03:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Odete.HOME-2214F491DC\IETldCache
[2010/05/08 16:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Odete.HOME-2214F491DC\Dados de aplicativos\Identities
[2010/05/08 16:00:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Odete.HOME-2214F491DC\Meus documentos\Minhas músicas
[2010/05/08 15:59:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Odete.HOME-2214F491DC\Meus documentos\Minhas imagens
[2010/05/08 15:59:38 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Odete.HOME-2214F491DC\Dados de aplicativos\Microsoft
[2010/05/08 15:59:38 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Odete.HOME-2214F491DC\Configurações locais\Dados de aplicativos\Microsoft
[2010/05/08 15:59:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Odete.HOME-2214F491DC\Dados de aplicativos
[2010/05/08 15:59:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Odete.HOME-2214F491DC\Configurações locais
[2010/05/08 15:59:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Odete.HOME-2214F491DC\Favoritos
[2010/05/08 15:59:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Odete.HOME-2214F491DC\Cookies
[2010/05/08 15:59:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Odete.HOME-2214F491DC\Ambiente de rede
[2010/05/08 15:59:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Odete.HOME-2214F491DC\Ambiente de impressão
[2010/05/08 15:59:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Odete.HOME-2214F491DC\Dados de aplicativos\Samsung
[2010/05/08 15:59:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Odete.HOME-2214F491DC\Configurações locais\Dados de aplicativos\Microsoft Help
[2010/05/08 15:59:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Odete.HOME-2214F491DC\Desktop
[2010/05/08 15:59:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Odete.HOME-2214F491DC\Dados de aplicativos\Apple Computer
[2010/05/08 15:59:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Odete.HOME-2214F491DC\Configurações locais\Dados de aplicativos\Apple Computer
[2010/05/08 15:59:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Odete.HOME-2214F491DC\SendTo
[2010/05/08 15:59:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Odete.HOME-2214F491DC\Recent
[2010/05/08 15:59:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Odete.HOME-2214F491DC\Meus documentos
[2010/05/08 15:59:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Odete.HOME-2214F491DC\Menu Iniciar
[2010/05/08 15:59:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Odete.HOME-2214F491DC\Modelos
[2010/05/05 22:19:53 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\iPod
[2010/05/05 22:16:57 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\iTunes
[2010/05/05 22:00:05 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Bonjour
[2010/05/01 21:09:11 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Kaspersky Lab
[2010/05/01 21:08:14 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/05/01 21:05:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files
[2010/05/01 18:29:17 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/05/01 18:29:07 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\PC Connectivity Solution
[2010/04/24 13:23:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Sun
[2010/04/24 13:23:34 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Java
[2010/04/24 13:20:44 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/24 13:20:44 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/24 13:20:43 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/24 13:20:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/24 13:20:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/24 13:18:33 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Java
[2010/04/24 12:50:49 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas RFB
[2010/04/23 22:24:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/23 22:17:02 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\QuickTime
[2010/04/23 22:15:47 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Apple Software Update
[2010/04/23 22:13:41 | 003,003,680 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2010/04/23 22:10:39 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Apple
[2009/02/14 21:09:06 | 000,147,456 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2009/02/14 21:09:06 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\vsnpstd3.dll
[2009/02/14 21:09:06 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/05/14 18:30:01 | 000,000,456 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4B91C0DE-5298-4DF0-A498-286408B2E66C}.job
[2010/05/14 18:24:35 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Odete.HOME-2214F491DC\Desktop\OTL.exe
[2010/05/14 18:20:20 | 000,002,508 | ---- | M] () -- C:\Documents and Settings\Odete.HOME-2214F491DC\Dados de aplicativos\$_hpcst$.hpc
[2010/05/14 18:15:00 | 000,001,148 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1035525444-1417001333-1003UA.job
[2010/05/14 17:55:00 | 000,001,140 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1035525444-1417001333-1005UA.job
[2010/05/14 17:42:00 | 000,002,169 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/14 17:39:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/14 17:33:00 | 000,001,144 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1035525444-1417001333-1004UA.job
[2010/05/14 17:33:00 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1035525444-1417001333-1004Core.job
[2010/05/14 15:15:00 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1035525444-1417001333-1003Core.job
[2010/05/14 11:49:44 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/05/14 11:49:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/14 11:49:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/13 20:36:10 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{90A5FEE7-A831-4639-8F43-ABA87BCBBA7A}.job
[2010/05/13 19:55:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1035525444-1417001333-1005Core.job
[2010/05/08 16:00:08 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\Odete.HOME-2214F491DC\ntuser.dat
[2010/05/08 15:59:40 | 000,000,020 | -HS- | M] () -- C:\Documents and Settings\Odete.HOME-2214F491DC\ntuser.ini
[2010/05/08 10:23:10 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/05 09:55:39 | 000,113,933 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/05/05 09:55:39 | 000,097,549 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/05/02 12:20:11 | 000,002,479 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Samsung PC Studio 7.lnk
[2010/05/01 21:08:14 | 000,315,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/05/01 18:24:47 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia Software Updater.lnk
[2010/04/24 13:19:54 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/24 13:19:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/24 13:19:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/24 13:19:54 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/24 13:19:53 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/24 09:36:53 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/23 23:10:21 | 000,039,436 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/23 22:18:45 | 000,001,648 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/05/14 18:20:20 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Odete.HOME-2214F491DC\Dados de aplicativos\$_hpcst$.hpc
[2010/05/08 15:59:40 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\Odete.HOME-2214F491DC\ntuser.ini
[2010/05/08 15:59:29 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\Odete.HOME-2214F491DC\ntuser.dat
[2010/05/08 15:59:29 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Odete.HOME-2214F491DC\ntuser.dat.log
[2010/05/05 22:26:01 | 000,002,169 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/01 21:11:07 | 000,113,933 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/05/01 21:11:06 | 000,097,549 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/05/01 18:24:47 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Software Updater.lnk
[2010/04/24 12:49:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\MSJCE.dll
[2010/04/23 22:18:45 | 000,001,648 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/23 22:16:07 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/20 22:15:46 | 000,000,074 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/19 23:06:00 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Abac Karaoke.INI
[2009/04/26 11:56:15 | 000,000,023 | ---- | C] () -- C:\WINDOWS\clofghls.dll
[2009/04/26 11:25:22 | 000,000,036 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2009/04/19 13:59:56 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/04/18 13:15:31 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS
[2009/04/18 13:14:57 | 000,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI
[2009/02/14 21:32:04 | 000,000,107 | ---- | C] () -- C:\WINDOWS\Gbridge.INI
[2009/02/14 21:09:08 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2009/02/14 21:09:06 | 008,410,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd3.sys
[2009/02/08 21:33:52 | 000,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2009/02/08 19:15:22 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2009/01/25 17:46:01 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\auth.dll
[2009/01/25 17:46:00 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\advd.dll
[2009/01/25 16:46:32 | 000,151,040 | ---- | C] () -- C:\WINDOWS\System32\wimadll.dll
[2008/12/02 18:51:41 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2008/12/02 18:51:37 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/12/02 18:50:14 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010/05/01 20:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\avg9
[2009/05/20 20:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software
[2010/05/01 18:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Installations
[2009/04/25 23:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!
[2009/07/19 23:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\NCH Swift Sound
[2009/07/06 16:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Nokia
[2009/07/19 12:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite
[2010/01/21 19:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PMB Files
[2009/09/23 17:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\SeekService
[2010/05/01 12:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP
[2010/04/24 09:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\WinDS PRO
[2010/04/23 22:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/02 12:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dados de aplicativos\Samsung
[2009/10/16 12:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeane\Dados de aplicativos\Nokia
[2010/05/05 10:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeane\Dados de aplicativos\PC Suite
[2010/05/14 17:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Odete.HOME-2214F491DC\Dados de aplicativos\Nokia
[2010/05/02 12:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Odete.HOME-2214F491DC\Dados de aplicativos\Samsung
[2010/05/01 16:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renato\Dados de aplicativos\Any DVD Converter Professional
[2009/11/09 18:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renato\Dados de aplicativos\Any Video Converter
[2009/04/21 15:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renato\Dados de aplicativos\BlackBox
[2009/05/31 00:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renato\Dados de aplicativos\Broad Intelligence
[2009/04/19 15:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renato\Dados de aplicativos\BSplayer Pro
[2009/05/15 22:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renato\Dados de aplicativos\Bump Technologies, Inc
[2008/12/21 14:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renato\Dados de aplicativos\Canneverbe_Limited
[2010/03/31 12:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renato\Dados de aplicativos\Desktopicon
[2010/03/29 07:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renato\Dados de aplicativos\Free Download Manager
[2009/02/14 12:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renato\Dados de aplicativos\Gbridge
[2009/02/08 19:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renato\Dados de aplicativos\GrabPro
[2009/04/21 15:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renato\Dados de aplicativos\HWM BlackBox
[2009/02/15 16:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renato\Dados de aplicativos\Leadertech
[2009/11/07 13:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renato\Dados de aplicativos\Multimedia Player
[2009/07/20 23:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renato\Dados de aplicativos\NCH Swift Sound
[2010/01/23 20:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renato\Dados de aplicativos\Nexon
[2009/12/18 18:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renato\Dados de aplicativos\Nokia
[2009/05/24 07:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renato\Dados de aplicativos\OpenCandy
[2009/03/07 18:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renato\Dados de aplicativos\Orbit
[2009/11/10 20:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renato\Dados de aplicativos\PC Suite
[2009/10/31 18:36:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renato\Dados de aplicativos\Samsung
[2009/02/14 11:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renato\Dados de aplicativos\VoipRaider
[2009/04/18 12:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renato\Dados de aplicativos\VSRevoGroup
[2010/05/02 18:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yuri\Dados de aplicativos\Nokia
[2010/05/07 21:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yuri\Dados de aplicativos\PC Suite
[2009/11/23 20:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yuri\Dados de aplicativos\PokemonPMDInstaller
[2009/11/23 20:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yuri\Dados de aplicativos\PokemonPMDWidget
[2010/05/14 11:49:44 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2010/05/14 18:30:01 | 000,000,456 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{4B91C0DE-5298-4DF0-A498-286408B2E66C}.job
[2010/05/13 20:36:10 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{90A5FEE7-A831-4639-8F43-ABA87BCBBA7A}.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:44A55030
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:FB1B13D8
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:1D78DA28
< End of report >

 

[juniorain]

juniorain, siga abaixo.

Spoiler

- Faça o download do ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Vá em Iniciar > Executar, digite: "%userprofile%\desktop\combofix.exe" /killall e clique em OK como na imagem:

● Se o ComboFix encontrar algum tipo de emulador de CD (como o DAEMON Tools, Alcohol, etc) aparecerá uma mensagem dizendo que precisa ser desabilitado. Clique em OK e aguarde o PC reiniciar.

● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Não;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.

Cole este log em sua próxima resposta.

Mr. Wolf, fiz o que disse, tá aqui os logs:

Combo Fix:

Spoiler

ComboFix 10-05-16.01 - ADM 16/05/2010 23:17:47.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.55.1046.18.2046.1373 [GMT -3:00]
Executando de: c:\users\ADM\Desktop\combofix.exe
Comandos utilizados :: /killall
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\ADM\AppData\Roaming\AD ON Multimedia

.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-04-17 to 2010-05-17 ))))))))))))))))))))))))))))
.

2010-05-17 02:22 . 2010-05-17 02:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-15 07:16 . 2010-05-15 07:16 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-15 07:16 . 2010-05-15 07:16 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-05-15 03:00 . 2010-05-15 07:16 38784 ----a-w- c:\users\ADM\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-13 22:59 . 2010-05-13 22:59 -------- d-----w- c:\program files\Trend Micro
2010-05-13 20:41 . 2010-05-13 20:41 -------- d-----w- c:\users\ADM\AppData\Roaming\Malwarebytes
2010-05-13 20:41 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-13 20:41 . 2010-05-13 20:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-13 20:41 . 2010-05-13 20:41 -------- d-----w- c:\programdata\Malwarebytes
2010-05-13 20:41 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-12 20:20 . 2010-05-13 05:49 63488 ----a-w- c:\users\ADM\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-12 20:20 . 2010-05-12 20:20 52224 ----a-w- c:\users\ADM\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-12 20:20 . 2010-05-13 05:49 117760 ----a-w- c:\users\ADM\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-12 20:18 . 2010-05-12 20:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-05-12 20:13 . 2010-05-12 20:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-12 20:13 . 2010-05-12 20:13 -------- d-----w- c:\users\ADM\AppData\Roaming\SUPERAntiSpyware.com
2010-05-08 01:27 . 2010-05-08 01:27 -------- d-----w- c:\users\ADM\AppData\Local\ESET
2010-05-07 19:16 . 2010-05-07 19:16 -------- d-----w- c:\program files\ESET
2010-04-28 04:33 . 2010-04-28 04:33 -------- d-----w- c:\programdata\SonicFocus
2010-04-28 04:33 . 2010-04-28 04:33 -------- d-----w- c:\program files\Analog Devices
2010-04-26 05:36 . 2010-04-26 05:36 -------- d-----w- c:\program files\Creative
2010-04-26 05:36 . 2007-02-26 16:57 1495040 ------w- c:\windows\system32\adi_oal.dll
2010-04-26 02:46 . 2010-04-26 02:46 -------- d-----w- c:\program files\THQ
2010-04-23 21:31 . 2010-04-23 22:45 -------- d-----w- c:\program files\Crysis Warhead

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-17 02:26 . 2009-12-29 06:02 208367 ----a-w- c:\programdata\nvModes.dat
2010-05-17 02:24 . 2008-04-17 02:28 -------- d-----w- c:\programdata\NVIDIA
2010-05-17 02:17 . 2008-09-21 07:21 -------- d-----w- c:\program files\Steam
2010-05-17 02:03 . 2008-04-17 02:17 102832 ----a-w- c:\users\ADM\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-17 02:00 . 2008-08-05 18:21 -------- d-----w- c:\users\ADM\AppData\Roaming\uTorrent
2010-05-15 19:02 . 2008-04-17 07:00 517770 ----a-w- c:\windows\system32\prfh0416.dat
2010-05-15 19:02 . 2008-04-17 07:00 88740 ----a-w- c:\windows\system32\prfc0416.dat
2010-05-15 02:59 . 2008-11-06 20:16 -------- d-----w- c:\program files\JetAudio
2010-05-14 05:11 . 2008-09-21 07:21 -------- d-----w- c:\program files\Common Files\Steam
2010-05-13 22:28 . 2010-03-29 21:08 -------- d-----w- c:\users\ADM\AppData\Roaming\Folding@home-x86
2010-05-12 20:12 . 2008-07-10 04:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-10 07:26 . 2010-01-03 18:17 -------- d-----w- c:\programdata\Kaspersky Lab
2010-05-10 07:24 . 2008-05-01 19:33 -------- d-----w- c:\users\ADM\AppData\Roaming\Winamp
2010-05-10 07:24 . 2008-04-19 18:03 -------- d-----w- c:\users\ADM\AppData\Roaming\DAEMON Tools
2010-05-10 07:24 . 2010-01-03 18:10 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-05-10 07:24 . 2009-10-25 20:58 -------- d-----w- c:\program files\SopCast
2010-05-10 07:24 . 2009-12-24 05:32 -------- d-----w- c:\program files\Megacubo
2010-05-10 07:24 . 2010-01-03 18:17 -------- d-----w- c:\program files\Kaspersky Lab
2010-05-10 07:24 . 2008-12-27 05:53 -------- d-----w- c:\program files\DVDVideoSoft
2010-05-10 07:24 . 2008-12-27 05:53 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-05-10 07:24 . 2008-04-30 19:36 -------- d-----w- c:\program files\Activision
2010-05-06 13:36 . 2009-10-03 05:12 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-05 15:36 . 2008-04-23 03:53 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-02 23:36 . 2008-04-24 04:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-02 23:36 . 2008-04-26 07:25 -------- d-----w- c:\program files\Electronic Arts
2010-04-26 05:36 . 2008-04-24 04:45 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2010-04-26 05:36 . 2008-04-24 04:45 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2010-04-25 17:57 . 2008-10-12 17:36 -------- d-----w- c:\programdata\Electronic Arts
2010-04-24 01:46 . 2008-04-17 02:17 1356 ----a-w- c:\users\ADM\AppData\Local\d3d9caps.dat
2010-04-12 21:04 . 2008-04-17 03:41 -------- d-----w- c:\programdata\DVD Shrink
2010-04-07 23:37 . 2010-04-07 23:37 98477 ----a-r- c:\users\ADM\AppData\Roaming\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_6FEFF9B68218417F98F549.exe
2010-04-07 23:37 . 2010-04-07 23:37 98477 ----a-r- c:\users\ADM\AppData\Roaming\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_2377D972A0372FCB34E3F7.exe
2010-04-07 23:37 . 2010-04-07 23:37 10134 ----a-r- c:\users\ADM\AppData\Roaming\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_D153F602E769D1960CE13B.exe
2010-04-07 23:37 . 2010-04-07 23:37 -------- d-----w- c:\program files\Folding@home
2010-04-04 15:55 . 2010-04-04 15:55 1656832 ----a-w- c:\users\ADM\AppData\Roaming\Folding@home-x86\FahCore_a0.exe
2010-04-04 15:55 . 2010-04-04 15:55 1382280 ----a-w- c:\users\ADM\AppData\Roaming\Folding@home-x86\libfftw3f-3.dll
2010-04-04 02:29 . 2010-04-04 02:29 1683456 ----a-w- c:\users\ADM\AppData\Roaming\Folding@home-x86\FahCore_82.exe
2010-03-29 21:26 . 2010-03-29 21:26 2338816 ----a-w- c:\users\ADM\AppData\Roaming\Folding@home-x86\FahCore_78.exe
2010-02-26 19:16 . 2010-02-26 18:55 29853 ----a-w- c:\program files\trapcodeform.log
.

------- Sigcheck -------

[-] 2008-04-21 . 8828315F2976C705D5A668DE1AA58555 . 802816 . . [6.0.6000.16386] . . c:\windows\System32\drivers\tcpip.sys
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2009-04-08 2814976]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"Steam"="c:\program files\Steam\Steam.exe" [2010-05-10 1238352]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-12-12 106496]
"NetMeter"="c:\program files\HooTech\NetMeter\HooNetMeter.exe" [2008-12-06 577536]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-06 2017280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-02 1004136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Microsoft Manager 1"="c:\windows\KlD.exe" [2008-10-08 3915]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-20 340456]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-06-06 1261568]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Folding@home.lnk - c:\users\ADM\AppData\Roaming\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_2377D972A0372FCB34E3F7.exe [2010-4-7 98477]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 18:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders credssp.dll, snapapi32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\System32\drivers\royal.sys [2008-04-17 240128]
R3 ALSysIO;ALSysIO;c:\users\ADM\AppData\Local\Temp\ALSysIO.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\w300obex.sys [2006-03-13 85696]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-15 36880]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-04-19 717296]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-06 68168]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-11-20 240232]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]

.
Conteúdo da pasta 'Tarefas Agendadas'

2010-05-17 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-08-15 16:48]

2010-05-16 c:\windows\Tasks\User_Feed_Synchronization-{A9956654-5F82-47CB-ABB9-B1E9919A7F50}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
uInternet Settings,ProxyOverride = local
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {1F19F8EC-9AA4-4E96-B491-7E712296B266} = 200.204.0.10 200.204.0.138
FF - ProfilePath - c:\users\ADM\AppData\Roaming\Mozilla\Firefox\Profiles\w6j4vqq4.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORFÃOS REMOVIDOS - - - -

AddRemove-{A9547F93-3477-4057-8BA3-AB85BA5FA4FE} - c:\users\ADM\AppData\Local\{7C24407D-548F-4211-9AD3-2549A100B03D}\Local Cooling Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-16 23:26
Windows 6.0.6000 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0xB0C231F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb49d3d1f
\Driver\ACPI -> acpi.sys @ 0xb40439d6
\Driver\atapi -> 0xb0c221f8
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-4223902304-154095862-2949035598-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:81,0e,d1,67,bc,8a,d7,5f,b9,b9,86,b8,68,d4,cb,7c,d0,36,7c,d5,01,88,84,
42,ed,04,fd,a2,53,4b,1f,e4,9b,98,e3,fe,05,a4,55,a7,01,80,ad,a9,5d,57,82,bb,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-4223902304-154095862-2949035598-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:39,a6,eb,8d,33,25,d6,c9,a4,53,9b,6a,55,70,4c,6e,22,d0,47,e1,bc,
f7,2d,45,bf,c3,9a,24,ea,fa,86,c0,49,4f,74,d2,c8,49,56,ff,44,a3,70,eb,dd,b9,\
"rkeysecu"=hex:b7,da,7d,a2,7d,bd,77,08,8d,06,72,d8,18,b3,bf,2e

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\NVIDIA Corporation\System Update\UpdateCenterService.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Tempo para conclusão: 2010-05-16 23:30:23 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-05-17 02:30

Pré-execução: 15.995.547.648 bytes disponíveis
Pós execução: 15.439.491.072 bytes disponíveis

- - End Of File - - 98317F3893FF35B4B18FECFCD851B92D

HijackThis:

Spoiler

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:41:41, on 16/05/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HooTech\NetMeter\HooNetMeter.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Folding@home\Folding@home-x86\Folding@home.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\ADM\AppData\Roaming\Folding@home-x86\FahCore_78.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Microsoft Manager 1] C:\Windows\KlD.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" resetprofile
O4 - HKCU\..\Run: [NetMeter] C:\Program Files\HooTech\NetMeter\HooNetMeter.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Folding@home.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F19F8EC-9AA4-4E96-B491-7E712296B266}: NameServer = 200.204.0.10 200.204.0.138
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

--
End of file - 8104 bytes

 

[Mr.Wolf]

Boa tarde pessoal!


jvictorpaiva, o log não está tão infectado ao ponto de estar causando todos estes problemas citados por você. São infecções 'bobas', de certo modo.

Siga abaixo:

Spoiler

Execute o OTL.exe e cole este texto abaixo no campo Exames Personalizados/Correções

:OTL
SRV - [2009/09/22 18:26:00 | 000,054,784 | ---- | M] () [Disabled | Stopped] -- C:\Documents and Settings\All Users\Dados de aplicativos\SeekService\seekservice129.exe -- (SeekService Service)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:44A55030
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:FB1B13D8
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:1D78DA28

:Files
C:\Documents and Settings\All Users\Dados de aplicativos\SeekService

:Commands
[purity]
[emptyflash]
[emptytemp]
[Reboot]

Clique no botão Consertar e aguarde a conclusão!
Poste o resultado do exame, que também estará na pasta C:\_OTL\MovedFiles coma extensão .log.

Poste um novo log do HijackThis junto.

____________________________


juniorain, siga abaixo:

Spoiler

Selecione e copie o texto abaixo. Cole no Bloco de Notas e salve-o no desktop como CFScript.txt

KILLALL::

File::
c:\windows\KlD.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Manager 1"=-
Reglock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:

● Se for solicitado à você, pressione Enter para iniciar o processo de remoção;
● Não use o mouse nem o teclado quando o ComboFix estiver rodando;
● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt;
● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

 

[rafaelreis]

Mr.Wolf ,se puder me ajudar agradeço .Estou com problema no PC , alguns jogos não inicia mais, varias veses o media player da erro, SO trava, navegador trava direto tbm uso o firefox, eu uso o WIN 7 64bit , tentei rodar o combofix mas diz que não suporta o SO.
Eu não quero formatar novamente e instalar tudo dinovo .
Rodei o HIJACKTHIS ,olha o LOG

Spoiler

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:50:27, on 17/05/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\RAFA\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files (x86)\Messenger_Plus_Live\tbMess.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files (x86)\Messenger_Plus_Live\tbMess.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files (x86)\Messenger_Plus_Live\tbMess.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [MSIAfterburner] "C:\Program Files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe" /s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/pt-br/wlscctrl2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_537d28af6b71ae43\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7593 bytes

 

[utR]

Mr. Wolf, me ajuda, ultimamente internet tá muito lenta, já liguei no suporte eles falaram que está tudo bem. Achei que talvez seria virus, aqui está o meu log, por favor dê uma olhada para mim?

Spoiler

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:07, on 18/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\WinLogT.exe
C:\Arquivos de programas\Turbo\Manager\desp2k.exe
C:\WINDOWS\winpos.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe
C:\Arquivos de programas\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
c:\arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Arquivos de programas\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Arquivos de programas\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Arquivos de programas\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe
O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Turbo\Manager\desp2k.exe
O4 - HKLM\..\Run: [Winpos] C:\WINDOWS\winpos.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\arquivos de programas\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [RGSC] C:\Arquivos de programas\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Arquivos de programas\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-18 Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Arquivos de programas\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Arquivos de programas\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

[cyn]

Olá, boa tarde.

Tive um problema em relação a um virus chamado FakeAlert, que foi resolvido usando o HijackThis, da TrendMicro. Tudo resolvido, porém a parte de Propriedades de Vídeo, Área de Trabalho está bloqueada.

E também não consigo entrar em sites como o YouTube e o Imageshack.

Qualquer ajuda vai ser muito bem-vinda.

Obrigado.

 

[Mr.Wolf]

Boa tarde


rafaelreis, o ComboFix não é compatível com nenhum sistema 64 bits, e creio que nunca será, pelo que conheço do desenvolvedor.

Vamos ter que dar uma averiguada mais a fundo, pois log's de Windows x64 camuflam muitas entradas.

Siga abaixo:

Spoiler

Faça o download do OTL e salve-o no desktop;

● Dê um duplo clique em OTL.exe para executá-lo;
● Marque as opções: Verificar All Users e Incluir Verificação 64bit. Marque também: Verificar Lop e Verificar Purity;
● Clique no botão Verificar e aguarde o scan;
● Dois logs serão abertos no Bloco de Notas:

- OTL.Txt <- este será aberto
- Extras.Txt <- este estará minimizado

Eles também estarão salvos no desktop. Cole-os em sua próxima resposta.

________________________


Opa utR', aparentemente tudo ok.

Só vamos ver se o winpos.exe está sendo utilizado pelo adware search, ou está limpo. Siga abaixo:

Spoiler

Acesse o site VirusTotal. Copie este caminho em destaque abaixo e cole ao lado do botão

. Clique em Enviar Arquivo e aguarde.

C:\WINDOWS\winpos.exe

Ao término, clique em Mostrar último relatório, copie a URL do resultado e poste aqui.


- Faça o download do RSIT e salve no seu desktop;

● Dê dois cliques em RSIT.exe para executar o programa;
● Na janela que abrir clique no botão Continue para que a ferramenta comece a rodar;
● Quando a ferramenta terminar de rodar, abrirá um log automaticamente no bloco de notas contendo o resultado do scan. Cole o resultado desse log (log.txt) na sua próxima resposta;
● Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt.

________________________


cyn, FakeAlert é um Rogue, isto é, uma aplicação de segurança fraudulenta — falsa. Eles geralmente modificam o desktop e outras partes do sistema mesmo. No entanto, que eu saiba, eles não interferem no funcionamento de sites, como YouTube e ImageShack. Mas, nunca se sabe né...

Logo, adianto que somente o HijackThis não é capaz de resolver 100% o problema, não. Provavelmente não está "tudo resolvido" como afirmou, certamente há outros malwares da família presentes na máquina.

Qual é o seu sistema operacional, cyn?

Bem, como você não postou um log, não poderei lhe dar maiores informações, afinal, não sei de qual rogue se trata.

A princípio, devido à escassez de informação, a única coisa que posso lhe indicar é o uso do MBAM.

 

[cyn]

Mr. Wolf, obrigado pela atenção.

Não consegui postar o log aqui, pois depois de ter postado aqui precisei sair, e quando voltei haviam deletado o txt.

Infelizmente precisei resolver isso da forma mais simplória e "burra": backup e restauração do Windows.

Mais uma vez, obrigado.

 

[Elthon RJ]

Olá Mr.Wolf Como estar? Gostaria de tirar 2 duvidas com vc pq tenho certeza que deve saber. Eu tinha um site no wordpress e por causa de um bando de *** de uns hackers ele foi rackiado. Os visitantes que entram em meu site recebiam um convite pra baixar uma nova versão do java pra windows, e essa porqueira era um danado virus. Consegui tirar isso entrando em contato com o suporte aqui do wordpress. Mas quando ve começou outro problema, os visitantes começaram a me enviar varios emails no correio eletronico que eu disponibilizava no meu site, dizendo que ao entrar no site um virus era instalado sem pedir qualquer instalação. Achei estranho e fui verificar nos códigos do site, como eu não manjo muito de codigos de site, perguntei pro suporte e eles não me responderam. Um belo dia entrei como visitante em meu site só pra ver com o Internet explorer e não é que um vírus foi instalado mesmo?? sozinho sem eu fazer absolutamente ou baixar nada. Por isso pergunto ao colega, isso é possivel? um virus que se autoinstala no pc só de acessar um site? Outra duvida, se isso for possível, teria chances disso ter partido do endereço eletronico do site que eu disponibilizava publicamente? Infelizmente tive que cancelar o cadastro do meu site no wordpress e fechar as portas, o site era bem legal, tinha bastante visitantes, era sobre nutrição e medicina pq sou formado em nutrição e um amigo que me ajudava a escrever no site é medico, fisioterapeuta. A gente tirava duvidas de doenças, alimentação e etc e tal. E acontecer isso foi uma paulada em nós, pq gostavamos bastante do site. Muito obrigado desde já colega Abraço meu querido Elthon Garcia

 

[Elthon RJ]

Desculpa se meu texto ficou tudo grudado, eu pulei linha tudo certinho. Não sei o que houve!

 

[arturmelhor]

Suspeita de instalação maléficas!

Olá, Boa tarde Mr. Wolf, estou com uma suspeita de que instalaram algum programa de monitoramento no meu notebook, poderias dar uma olhada no log? desde ja agradeço.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:54:35, on 19/05/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SiS VGA Utilities\SiSTray.exe
C:\Windows\System32\msystem\services.exe
C:\Program Files\Nokia\Nokia Internet Modem\Wellphone2.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.1.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: everyflv - {9d15be5b-099e-a159-6101-56f143d2ca60} - C:\Windows\system32\EA1g4_FWxH-rN.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [box services] C:\Windows\system32\wmdir\svwhost.exe
O4 - HKLM\..\Run: [msservices] C:\Windows\system32\msystem\services.exe
O4 - HKCU\..\Run: [Nokia Internet Modem] "C:\Program Files\Nokia\Nokia Internet Modem\WellPhone2.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [box services] C:\Windows\system32\wmdir\svwhost.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [msservices] C:\Windows\system32\msystem\services.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{67E64177-5873-4D0A-B8F5-FA8240E5F7A8}: NameServer = 192.168.254.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{67E64177-5873-4D0A-B8F5-FA8240E5F7A8}: NameServer = 192.168.254.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{67E64177-5873-4D0A-B8F5-FA8240E5F7A8}: NameServer = 192.168.254.254
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

--
End of file - 6405 bytes

 

[Mr.Wolf]

Opa Elthon RJ, tudo bem e você?

Complicado a sua situação amigo, mas você não é o primeiro, e nem será o último, a ter um site hackeado. Sinceramente, hoje isso virou moda para os cibercriminosos.

Por isso pergunto ao colega, isso é possivel? um virus que se autoinstala no pc só de acessar um site?

Sim, isso é totalmente possível. É o que chamamos de Autoinfect's. Autoinfect é um código malicioso (geralmente desenhado em Javascript) inserido nos códigos do site, que contamina a máquina dos usuários automaticamente e sorrateiramente, isto é, sem que a vítima perceba que a infecção está ocorrendo. Antivirus dificilmente detectam ou bloqueiam a execução de um Autoinfect no computador, bem como anti-spywares, anti-rootkits, e etc. Você só percebe que um Autoinfect está no sistema, se abrir o gerenciador de tarefas e procurar por processos suspeitos: normalmente possuem nomes como java.exe, exec.exe, runbat.exe; ou se possuir um HIPS monitorando as atividades do sistema em real-time. Talvez, depois de algumas semanas, pode ser que o seu antivirus venha a detectá-lo, porém, será tarde demais, visto que, Autoinfect's comprometem arquivos legítimos do sistema e podem roubar dados pessoais.

Existem os Drive-by-Downloads também, que se encaixam no mesmo contexto dos Autoinfect's, mas não são a mesma coisa.

Os visitantes que entram em meu site recebiam um convite pra baixar uma nova versão do java pra windows, e essa porqueira era um danado virus. Consegui tirar isso entrando em contato com o suporte aqui do wordpress.

Na realidade, isso foi somente um aviso de que algo havia sido alterado. Neste exato momento, você deveria ter tirado o site do ar para corrigir o problema, pois Autoinfect não é removido de um dia para o outro dos códigos do site, pode ser prolongada a sua remoção completa.

No entanto, o WordPress está sendo bastante alvejado por crackers desde o início de 2010. Mais de 120 sites hospedados neste SGC foram atacados, e tudo isso somente em fevereiro.

Outra duvida, se isso for possível, teria chances disso ter partido do endereço eletronico do site que eu disponibilizava publicamente?

Negativo.

No máximo, o e-mail seria alvo de spams.

Para que um Autoinfect seja inserido na página, ela deve, obrigatoriamente, ser hackeada por completo. Do contrário, impossível!

 

[Mr.Wolf]

Olá arturmelhor, seu log está realmente infectado. Há trojans agent e um trojan BHO.

Siga abaixo no spoiler:

Spoiler

- Faça o download do Avenger e salve-o no desktop;

● Extraia o conteúdo do zip para o desktop;
● Selecione e copie o texto aqui abaixo:

Files to delete:
C:\Windows\system32\wmdir\svwhost.exe
C:\Windows\system32\msystem\services.exe
C:\Windows\system32\EA1g4_FWxH-rN.dll

Folders to delete:
C:\Windows\system32\wmdir
C:\Windows\system32\msystem

● Execute o programa Avenger, dando dois cliques em avenger.exe;
● Clique no menu Load Script > Paste from Clipboard;
● Clique no botão Execute > Yes > OK;
● Seu computador será reiniciado;
● Será gerado um log em C:\avenger.txt

Cole este log em sua próxima resposta.


Após reiniciar, abra o HijackThis. Clique no botão Do a system scan only, marque as entradas abaixo (caso existam) e clique no botão Fix checked

O2 - BHO: everyflv - {9d15be5b-099e-a159-6101-56f143d2ca60} - C:\Windows\system32\EA1g4_FWxH-rN.dll
O4 - HKLM\..\Run: [box services] C:\Windows\system32\wmdir\svwhost.exe
O4 - HKLM\..\Run: [msservices] C:\Windows\system32\msystem\services.exe
O4 - HKCU\..\Run: [box services] C:\Windows\system32\wmdir\svwhost.exe
O4 - HKCU\..\Run: [msservices] C:\Windows\system32\msystem\services.exe

- Faça o download do RSIT e salve no seu desktop;

● Dê dois cliques em RSIT.exe para executar o programa;
● Na janela que abrir clique no botão Continue para que a ferramenta comece a rodar;
● Quando a ferramenta terminar de rodar, abrirá um log automaticamente no bloco de notas contendo o resultado do scan. Cole o resultado desse log (log.txt) na sua próxima resposta;
● Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt.

 

[arturmelhor]

Mr. Wolf, tem como saber se alguem instalou ou foi pego em site ou email?

Segue o Log feito pelo avenger

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\Windows\system32\wmdir\svwhost.exe" not found!
Deletion of file "C:\Windows\system32\wmdir\svwhost.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Windows\system32\msystem\services.exe" deleted successfully.
File "C:\Windows\system32\EA1g4_FWxH-rN.dll" deleted successfully.
Folder "C:\Windows\system32\wmdir" deleted successfully.
Folder "C:\Windows\system32\msystem" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

 

[arturmelhor]

Mr. Wolf, tem como saber se alguem instalou ou foi pego em site ou email?

Segue o Log feito pelo avenger

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\Windows\system32\wmdir\svwhost.exe" not found!
Deletion of file "C:\Windows\system32\wmdir\svwhost.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Windows\system32\msystem\services.exe" deleted successfully.
File "C:\Windows\system32\EA1g4_FWxH-rN.dll" deleted successfully.
Folder "C:\Windows\system32\wmdir" deleted successfully.
Folder "C:\Windows\system32\msystem" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

_________________________________________________________________________________

Log criado pelo RSIT:



Logfile of random's system information tool 1.07 (written by random/random)
Run by Fernanda at 2010-05-19 17:43:22
Microsoft Windows 7 Ultimate Service Pack 3
System drive C: has 99 GB (66%) free of 150 GB
Total RAM: 3055 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:43:24, on 19/05/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SiS VGA Utilities\SiSTray.exe
C:\Program Files\Nokia\Nokia Internet Modem\Wellphone2.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Fernanda\Desktop\RSIT.exe
C:\Program Files\trend micro\Fernanda.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.1.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [Nokia Internet Modem] "C:\Program Files\Nokia\Nokia Internet Modem\WellPhone2.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{67E64177-5873-4D0A-B8F5-FA8240E5F7A8}: NameServer = 192.168.254.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{67E64177-5873-4D0A-B8F5-FA8240E5F7A8}: NameServer = 192.168.254.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{67E64177-5873-4D0A-B8F5-FA8240E5F7A8}: NameServer = 192.168.254.254
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

--
End of file - 5767 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - c:\Program Files\Java\jre6\bin\ssv.dll [2009-10-30 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Auxiliar de Conexão do Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]
GbIehObj Class - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll [2010-04-30 328992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - c:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-30 34816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"SunJavaUpdateSched"=c:\Program Files\Java\jre6\bin\jusched.exe [2009-10-30 136600]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"SiSTray"=C:\Program Files\SiS VGA Utilities\SiSTray.exe [2009-03-02 552960]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia Internet Modem"=C:\Program Files\Nokia\Nokia Internet Modem\WellPhone2.exe [2009-07-29 1962648]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2009-11-05 395056]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]

C:\Users\Fernanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]
C:\Program Files\GbPlugin\gbieh.dll [2010-04-30 328992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=C:\PROGRAM FILES\GBPLUGIN\gbieh.dll [2010-04-30 328992]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\application\Setup.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-05-19 17:41:52 ----D---- C:\rsit
2010-05-19 17:41:52 ----D---- C:\Program Files\trend micro
2010-05-19 17:30:30 ----D---- C:\Avenger
2010-05-19 17:30:30 ----A---- C:\avenger.txt
2010-05-19 15:54:01 ----D---- C:\HijackThis
2010-05-13 15:05:21 ----A---- C:\Windows\system32\vbSendMail.dll
2010-05-13 15:05:21 ----A---- C:\Windows\system32\msstdfmt.dll
2010-05-13 15:04:19 ----D---- C:\Windows2
2010-05-13 15:04:10 ----A---- C:\Novo Documento de Texto.txt
2010-05-02 16:07:07 ----A---- C:\Windows\system32\hpVauE6-3Ex_J2q.exe
2010-04-27 18:02:40 ----A---- C:\Windows\system32\UFScanner.dll
2010-04-27 18:02:40 ----A---- C:\Windows\system32\UFMatcher.dll
2010-04-27 18:02:40 ----A---- C:\Windows\system32\UFDatabase.dll
2010-04-27 18:02:40 ----A---- C:\Windows\system32\pthreadVC2.dll
2010-04-27 18:02:40 ----A---- C:\Windows\system32\Id3BiokeyDll.dll
2010-04-27 18:02:40 ----A---- C:\Windows\system32\GrFingerJava.dll
2010-04-27 18:02:40 ----A---- C:\Windows\system32\GrFinger.dll
2010-04-27 18:02:40 ----A---- C:\Windows\system32\CertisExports.dll
2010-04-27 18:02:40 ----A---- C:\Windows\system32\CapPluginHamster.dll
2010-04-27 18:02:40 ----A---- C:\Windows\system32\CapPluginFingercap.dll
2010-04-27 18:02:40 ----A---- C:\Windows\system32\CapPluginCrossMatch.dll
2010-04-27 18:02:39 ----D---- C:\CarbonPd
2010-04-27 18:02:39 ----A---- C:\Windows\system32\NBioBSP.dll
2010-04-27 18:02:39 ----A---- C:\Windows\system32\grfingerX.dll
2010-04-27 18:02:39 ----A---- C:\Windows\system32\CapPluginCertis.dll
2010-04-27 18:02:39 ----A---- C:\Windows\system32\BioNetAcsDll.dll

======List of files/folders modified in the last 1 months======

2010-05-19 17:43:22 ----D---- C:\Windows\Temp
2010-05-19 17:41:59 ----D---- C:\Windows\Prefetch
2010-05-19 17:41:52 ----RD---- C:\Program Files
2010-05-19 17:41:13 ----D---- C:\Users\Fernanda\AppData\Roaming\uTorrent
2010-05-19 17:35:07 ----AD---- C:\Windows\System32
2010-05-19 17:35:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-05-19 17:35:06 ----D---- C:\Windows\inf
2010-05-19 17:30:30 ----AD---- C:\Windows\system32\drivers
2010-05-19 17:28:00 ----D---- C:\Windows\system32\config
2010-05-19 15:01:46 ----D---- C:\Windows\system32\NDF
2010-05-18 22:03:29 ----D---- C:\Windows
2010-05-16 11:50:07 ----A---- C:\Windows\PhotoSnapViewer.INI
2010-05-15 18:07:37 ----D---- C:\ProgramData\GbPlugin
2010-05-14 13:21:14 ----SHD---- C:\System Volume Information
2010-05-13 21:12:46 ----A---- C:\Windows\pdf2word.INI
2010-05-07 15:50:46 ----D---- C:\Program Files\GbPlugin
2010-05-04 00:46:25 ----D---- C:\Windows\system32\catroot2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-11-11 96104]
R1 blbdrive;blbdrive; C:\Windows\system32\DRIVERS\blbdrive.sys [2009-07-13 35328]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-13 387584]
R1 DfsC;@%systemroot%\system32\drivers\dfsc.sys,-101; C:\Windows\System32\Drivers\dfsc.sys [2009-07-13 78336]
R1 discache;@%systemroot%\system32\drivers\discache.sys,-102; C:\Windows\System32\drivers\discache.sys [2009-07-13 32256]
R1 nsiproxy;@%SystemRoot%\system32\drivers\nsiproxy.sys,-2; C:\Windows\system32\drivers\nsiproxy.sys [2009-07-13 16896]
R1 RDPENCDD;@%systemroot%\system32\drivers\RDPENCDD.sys,-101; C:\Windows\system32\drivers\rdpencdd.sys [2009-07-13 6656]
R1 RDPREFMP;@%systemroot%\system32\drivers\RdpRefMp.sys,-101; C:\Windows\system32\drivers\rdprefmp.sys [2009-07-13 7168]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-11-11 28520]
R1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004; C:\Windows\system32\DRIVERS\tdx.sys [2009-07-13 74240]
R1 Wanarpv6;@%systemroot%\system32\rascfg.dll,-32012; C:\Windows\system32\DRIVERS\wanarp.sys [2009-07-13 63488]
R1 WfpLwf;WFP Lightweight Filter; C:\Windows\system32\DRIVERS\wfplwf.sys [2009-07-13 9728]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-11 56816]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver; C:\Windows\system32\DRIVERS\lltdio.sys [2009-07-13 48128]
R2 luafv;@%systemroot%\system32\drivers\luafv.sys,-100; C:\Windows\system32\drivers\luafv.sys [2009-07-13 86528]
R2 PEAUTH;PEAUTH; C:\Windows\system32\drivers\peauth.sys [2009-07-13 586752]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\Windows\system32\DRIVERS\rspndr.sys [2009-07-13 60928]
R2 tcpipreg;TCP/IP Registry Compatibility; C:\Windows\System32\drivers\tcpipreg.sys [2009-07-13 34816]
R3 bowser;@%systemroot%\system32\browser.dll,-102; C:\Windows\system32\DRIVERS\bowser.sys [2009-07-13 69632]
R3 CmBatt;Driver de Bateria do Método de Controle ACPI da Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2009-07-13 14080]
R3 CompositeBus;Driver Enumerador de Barramento de Composição; C:\Windows\system32\DRIVERS\CompositeBus.sys [2009-07-13 31232]
R3 DXGKrnl;LDDM Graphics Subsystem; C:\Windows\System32\drivers\dxgkrnl.sys [2009-10-02 728648]
R3 HdAudAddService;Driver de Função Microsoft 1.1 UAA para Serviço de High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-07-13 304128]
R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\Windows\system32\DRIVERS\HDAudBus.sys [2009-07-13 108544]
R3 HidUsb;Driver de classe HID da Microsoft; C:\Windows\system32\DRIVERS\hidusb.sys [2009-07-13 24064]
R3 intelppm;Driver de Processador Intel; C:\Windows\system32\DRIVERS\intelppm.sys [2009-07-13 53760]
R3 monitor;Microsoft Monitor Class Function Driver Service; C:\Windows\system32\DRIVERS\monitor.sys [2009-07-13 23552]
R3 mouhid;Mouse HID Driver; C:\Windows\system32\DRIVERS\mouhid.sys [2009-07-13 26112]
R3 mpsdrv;@%SystemRoot%\system32\FirewallAPI.dll,-23092; C:\Windows\System32\drivers\mpsdrv.sys [2009-07-13 60416]
R3 mrxsmb10;@%systemroot%\system32\wkssvc.dll,-1004; C:\Windows\system32\DRIVERS\mrxsmb10.sys [2010-01-08 221184]
R3 mrxsmb20;@%systemroot%\system32\wkssvc.dll,-1006; C:\Windows\system32\DRIVERS\mrxsmb20.sys [2009-07-13 95744]
R3 NativeWifiP;NativeWiFi Filter; C:\Windows\system32\DRIVERS\nwifi.sys [2009-07-13 267264]
R3 RasAgileVpn;WAN Miniport (IKEv2); C:\Windows\system32\DRIVERS\AgileVpn.sys [2009-07-13 49152]
R3 RasSstp;@%systemroot%\system32\sstpsvc.dll,-202; C:\Windows\system32\DRIVERS\rassstp.sys [2009-07-13 75264]
R3 rdpbus;Remote Desktop Device Redirector Bus Driver; C:\Windows\system32\DRIVERS\rdpbus.sys [2009-07-13 18944]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187B.sys [2009-07-13 347136]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-13 84992]
R3 SiS6350;SiS6350; C:\Windows\system32\DRIVERS\SISGRKMD.sys [2009-03-02 463360]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSGB6.sys [2009-07-13 48128]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2009-07-13 1068032]
R3 srv2;@%systemroot%\system32\srvsvc.dll,-104; C:\Windows\System32\DRIVERS\srv2.sys [2009-07-13 306688]
R3 srvnet;srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [2009-12-08 113664]
R3 tunnel;Driver do Adaptador de Miniporta de Túnel da Microsoft; C:\Windows\system32\DRIVERS\tunnel.sys [2009-07-13 108544]
R3 umbus;Driver de Enumerador UMBus; C:\Windows\system32\DRIVERS\umbus.sys [2009-07-13 39936]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\Windows\system32\DRIVERS\usbccgp.sys [2009-07-13 75264]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbehci.sys [2009-07-13 41472]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\Windows\system32\DRIVERS\usbhub.sys [2009-07-13 258560]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbohci.sys [2009-07-13 20480]
R3 usbvideo;Dispositivo de vídeo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2009-07-13 146176]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2009-07-13 11264]
R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys [2009-07-13 92672]
S3 1394ohci;1394 OHCI Compliant Host Controller; C:\Windows\system32\DRIVERS\1394ohci.sys [2009-07-13 163328]
S3 AcpiPmi;ACPI Power Meter Driver; C:\Windows\system32\DRIVERS\acpipmi.sys [2009-07-13 9728]
S3 adp94xx;adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys [2009-07-13 422976]
S3 adpahci;adpahci; C:\Windows\system32\DRIVERS\adpahci.sys [2009-07-13 297552]
S3 adpu320;adpu320; C:\Windows\system32\DRIVERS\adpu320.sys [2009-07-13 146512]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-13 53312]
S3 amdide;amdide; C:\Windows\system32\DRIVERS\amdide.sys [2009-07-13 14912]
S3 AmdK8;AMD K8 Processor Driver; C:\Windows\system32\DRIVERS\amdk8.sys [2009-07-13 55296]
S3 AmdPPM;AMD Processor Driver; C:\Windows\system32\DRIVERS\amdppm.sys [2009-07-13 52736]
S3 amdsata;amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [2009-07-13 79952]
S3 amdsbs;amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [2009-07-13 159312]
S3 AppID;@%systemroot%\system32\appidsvc.dll,-102; C:\Windows\system32\drivers\appid.sys [2009-07-13 50176]
S3 arc;arc; C:\Windows\system32\DRIVERS\arc.sys [2009-07-13 76368]
S3 arcsas;arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [2009-07-13 86608]
S3 b06bdrv;Broadcom NetXtreme II VBD; C:\Windows\system32\DRIVERS\bxvbdx.sys [2009-07-13 430080]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver; C:\Windows\system32\DRIVERS\BrFiltLo.sys [2009-07-13 13568]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver; C:\Windows\system32\DRIVERS\BrFiltUp.sys [2009-07-13 5248]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM); C:\Windows\system32\DRIVERS\BrSerIb.sys [2009-07-13 265088]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM); C:\Windows\System32\Drivers\Brserid.sys [2009-07-13 272128]
S3 BrSerWdm;Brother WDM Serial driver; C:\Windows\System32\Drivers\BrSerWdm.sys [2009-07-13 62336]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem; C:\Windows\System32\Drivers\BrUsbMdm.sys [2009-07-13 12160]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\Windows\System32\Drivers\BrUsbSer.sys [2009-07-13 11904]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM); C:\Windows\system32\DRIVERS\BrUsbSIb.sys [2009-07-13 11904]
S3 BTHMODEM;Bluetooth Serial Communications Driver; C:\Windows\system32\DRIVERS\bthmodem.sys [2009-07-13 56320]
S3 circlass;Consumer IR Devices; C:\Windows\system32\DRIVERS\circlass.sys [2009-07-13 37888]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD; C:\Windows\system32\DRIVERS\evbdx.sys [2009-07-13 3100160]
S3 elxstor;elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [2009-07-13 453712]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\DRIVERS\errdev.sys [2009-07-13 7168]
S3 exfat;exFAT File System Driver; C:\Windows\system32\drivers\exfat.sys [2009-07-13 142336]
S3 Filetrace;@%SystemRoot%\system32\drivers\filetrace.sys,-10001; C:\Windows\system32\drivers\filetrace.sys [2009-07-13 28160]
S3 FsDepends;@%SystemRoot%\system32\drivers\fsdepends.sys,-10001; C:\Windows\System32\drivers\FsDepends.sys [2009-07-13 46160]
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\Windows\system32\DRIVERS\gagp30kx.sys [2009-07-13 57936]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver; C:\Windows\system32\drivers\hcw85cir.sys [2009-07-13 26624]
S3 HidBatt;HID UPS Battery Driver; C:\Windows\system32\DRIVERS\HidBatt.sys [2009-07-13 21504]
S3 HidBth;Microsoft Bluetooth HID Miniport; C:\Windows\system32\DRIVERS\hidbth.sys [2009-07-13 91136]
S3 HidIr;Microsoft Infrared HID Driver; C:\Windows\system32\DRIVERS\hidir.sys [2009-07-13 37888]
S3 HpSAMD;HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys [2009-07-13 67152]
S3 iaStorV;iaStorV; C:\Windows\system32\DRIVERS\iaStorV.sys [2009-07-13 332352]
S3 iirsp;iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [2009-07-13 41040]
S3 intelide;intelide; C:\Windows\system32\DRIVERS\intelide.sys [2009-07-13 15424]
S3 IPMIDRV;IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys [2009-07-13 65536]
S3 isapnp;isapnp; C:\Windows\system32\DRIVERS\isapnp.sys [2009-07-13 46656]
S3 iScsiPrt;iScsiPort Driver; C:\Windows\system32\DRIVERS\msiscsi.sys [2009-07-13 186960]
S3 kbdhid;Keyboard HID Driver; C:\Windows\system32\DRIVERS\kbdhid.sys [2009-07-13 28160]
S3 LSI_FC;LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [2009-07-13 95824]
S3 LSI_SAS;LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [2009-07-13 89168]
S3 LSI_SAS2;LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [2009-07-13 54864]
S3 LSI_SCSI;LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [2009-07-13 96848]
S3 megasas;megasas; C:\Windows\system32\DRIVERS\megasas.sys [2009-07-13 30800]
S3 MegaSR;MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [2009-07-13 235584]
S3 mpio;mpio; C:\Windows\system32\DRIVERS\mpio.sys [2009-07-13 130624]
S3 msahci;msahci; C:\Windows\system32\DRIVERS\msahci.sys [2009-07-13 27712]
S3 msdsm;msdsm; C:\Windows\system32\DRIVERS\msdsm.sys [2009-07-13 115792]
S3 mshidkmdf;@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100; C:\Windows\System32\drivers\mshidkmdf.sys [2009-07-13 4096]
S3 MsRPC;MsRPC; C:\Windows\system32\drivers\MsRPC.sys [2009-07-13 162896]
S3 MSTEE;Conversor em T entre Coletores de streaming Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2009-07-13 6144]
S3 MTConfig;Microsoft Input Configuration Driver; C:\Windows\system32\DRIVERS\MTConfig.sys [2009-07-13 12288]
S3 NdisCap;NDIS Capture LightWeight Filter; C:\Windows\system32\DRIVERS\ndiscap.sys [2009-07-13 27136]
S3 nfrd960;nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [2009-07-13 44624]
S3 nokiacpo;Nokia Internet Stick Wireless Modem Service Install; C:\Windows\system32\DRIVERS\nokiacpo.sys [2009-06-22 19968]
S3 nokiappo;Nokia Internet Stick Wireless Modem Power Policy Service; C:\Windows\system32\DRIVERS\nokiappo.sys [2009-06-22 27648]
S3 nv_agp;NVIDIA nForce AGP Bus Filter; C:\Windows\system32\DRIVERS\nv_agp.sys [2009-07-13 105024]
S3 nvraid;nvraid; C:\Windows\system32\DRIVERS\nvraid.sys [2009-07-13 117312]
S3 nvstor;nvstor; C:\Windows\system32\DRIVERS\nvstor.sys [2009-07-13 142416]
S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy); C:\Windows\system32\DRIVERS\ohci1394.sys [2009-07-13 62464]
S3 ql2300;ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [2009-07-13 1383488]
S3 ql40xx;ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [2009-07-13 106064]
S3 QWAVEdrv;@%SystemRoot%\system32\drivers\qwavedrv.sys,-1; C:\Windows\system32\drivers\qwavedrv.sys [2009-07-13 31744]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-13 5632]
S3 sbp2port;sbp2port; C:\Windows\system32\DRIVERS\sbp2port.sys [2009-07-13 85568]
S3 scfilter;@%SystemRoot%\System32\drivers\scfilter.sys,-11; C:\Windows\System32\DRIVERS\scfilter.sys [2009-07-13 26624]
S3 sermouse;Serial Mouse Driver; C:\Windows\system32\DRIVERS\sermouse.sys [2009-07-13 19968]
S3 sffdisk;SFF Storage Class Driver; C:\Windows\system32\DRIVERS\sffdisk.sys [2009-07-13 11264]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC; C:\Windows\system32\DRIVERS\sffp_mmc.sys [2009-07-13 12288]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\Windows\system32\DRIVERS\sffp_sd.sys [2009-07-13 12800]
S3 SiSRaid2;SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [2009-07-13 40016]
S3 SiSRaid4;SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [2009-07-13 77888]
S3 Smb;@%SystemRoot%\system32\tcpipcfg.dll,-50005; C:\Windows\system32\DRIVERS\smb.sys [2009-07-13 71168]
S3 stexstor;stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [2009-07-13 21072]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-13 28224]
S3 TCPIP6;Microsoft IPv6 Protocol Driver; C:\Windows\system32\DRIVERS\tcpip.sys [2009-07-13 1285712]
S3 tssecsrv;@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101; C:\Windows\System32\DRIVERS\tssecsrv.sys [2009-07-13 30208]
S3 uliagpkx;Uli AGP Bus Filter; C:\Windows\system32\DRIVERS\uliagpkx.sys [2009-07-13 57424]
S3 UmPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2009-07-13 8192]
S3 usbcir;eHome Infrared Receiver (USBCIR); C:\Windows\system32\DRIVERS\usbcir.sys [2009-07-13 86016]
S3 usbprint;Microsoft USB PRINTER Class; C:\Windows\system32\DRIVERS\usbprint.sys [2009-07-13 19968]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-13 35840]
S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2009-07-13 27648]
S3 USBSTOR;USB Mass Storage Driver; C:\Windows\system32\DRIVERS\USBSTOR.SYS [2009-07-13 74752]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbuhci.sys [2009-07-13 24064]
S3 vga;vga; C:\Windows\system32\DRIVERS\vgapnp.sys [2009-07-13 26112]
S3 vhdmp;vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [2009-07-13 159824]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-13 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-13 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-13 17920]
S3 vsmraid;vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [2009-07-13 141904]
S3 vwifibus;@%SystemRoot%\System32\drivers\vwifibus.sys,-257; C:\Windows\System32\drivers\vwifibus.sys [2009-07-13 19968]
S3 WacomPen;Wacom Serial Pen HID Driver; C:\Windows\system32\DRIVERS\wacompen.sys [2009-07-13 21632]
S3 Wd;Wd; C:\Windows\system32\DRIVERS\wd.sys [2009-07-13 19024]
S3 WIMMount;WIMMount; C:\Windows\system32\drivers\wimmount.sys [2009-07-13 19008]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-13 34944]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2009-07-13 132224]
S4 crcdisk;Crcdisk Filter Driver; C:\Windows\system32\DRIVERS\crcdisk.sys [2009-07-13 22096]
S4 ws2ifsl;@%systemroot%\System32\drivers\ws2ifsl.sys,-1000; C:\Windows\system32\drivers\ws2ifsl.sys [2009-07-13 16384]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-11-11 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-11-11 185089]
R2 AudioEndpointBuilder;@%SystemRoot%\system32\audiosrv.dll,-204; C:\Windows\System32\svchost.exe [2009-07-13 20992]
R2 BFE;@%SystemRoot%\system32\bfe.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-13 20992]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-13 20992]
R2 DPS;@%systemroot%\system32\dps.dll,-500; C:\Windows\System32\svchost.exe [2009-07-13 20992]
R2 GbpSv;Gbp Service; C:\PROGRA~1\GbPlugin\GbpSv.exe [2010-04-30 55072]
R2 gpsvc;@gpapi.dll,-112; C:\Windows\system32\svchost.exe [2009-07-13 20992]
R2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-500; C:\Windows\System32\svchost.exe [2009-07-13 20992]
R2 MMCSS;@%systemroot%\system32\mmcss.dll,-100; C:\Windows\system32\svchost.exe [2009-07-13 20992]
R2 MpsSvc;@%SystemRoot%\system32\FirewallAPI.dll,-23090; C:\Windows\system32\svchost.exe [2009-07-13 20992]
R2 NlaSvc;@%SystemRoot%\System32\nlasvc.dll,-1; C:\Windows\System32\svchost.exe [2009-07-13 20992]
R2 nsi;@%SystemRoot%\system32\nsisvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-13 20992]
R2 Power;@%SystemRoot%\system32\umpo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-13 20992]
R2 ProfSvc;@%systemroot%\system32\profsvc.dll,-300; C:\Windows\system32\svchost.exe [2009-07-13 20992]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 RpcEptMapper;@%windir%\system32\RpcEpMap.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-13 20992]
R2 sppsvc;@%SystemRoot%\system32\sppsvc.exe,-101; C:\Windows\system32\sppsvc.exe [2009-07-13 3179520]
R2 SysMain;@%SystemRoot%\system32\sysmain.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-13 20992]
R2 UxSms;@%SystemRoot%\system32\dwm.exe,-2000; C:\Windows\System32\svchost.exe [2009-07-13 20992]
R2 WinDefend;@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103; C:\Windows\System32\svchost.exe [2009-07-13 20992]
R2 Wlansvc;@%SystemRoot%\System32\wlansvc.dll,-257; C:\Windows\system32\svchost.exe [2009-07-13 20992]
R2 WSearch;@%systemroot%\system32\SearchIndexer.exe,-103; C:\Windows\system32\SearchIndexer.exe [2009-07-13 428032]
R2 wudfsvc;@%SystemRoot%\system32\wudfsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-13 20992]
R3 AeLookupSvc;@%SystemRoot%\system32\aelupsvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-13 20992]
R3 KeyIso;@keyiso.dll,-100; C:\Windows\system32\lsass.exe [2009-07-13 22528]
R3 netprofm;@%SystemRoot%\system32\netprofm.dll,-202; C:\Windows\System32\svchost.exe [2009-07-13 20992]
R3 PcaSvc;@%SystemRoot%\system32\pcasvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-13 20992]
R3 WdiServiceHost;@%systemroot%\system32\wdi.dll,-502; C:\Windows\System32\svchost.exe [2009-07-13 20992]
R3 WdiSystemHost;@%systemroot%\system32\wdi.dll,-500; C:\Windows\System32\svchost.exe [2009-07-13 20992]
R3 WinHttpAutoProxySvc;@%SystemRoot%\system32\winhttp.dll,-100; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 AppIDSvc;@%systemroot%\system32\appidsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 Appinfo;@%systemroot%\system32\appinfo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 AxInstSV;@%SystemRoot%\system32\AxInstSV.dll,-103; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 BDESVC;@%SystemRoot%\system32\bdesvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 bthserv;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 CertPropSvc;@%SystemRoot%\System32\certprop.dll,-11; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-06-10 66384]
S3 defragsvc;@%SystemRoot%\system32\defragsvc.dll,-101; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 EFS;@%SystemRoot%\system32\efssvc.dll,-100; C:\Windows\System32\lsass.exe [2009-07-13 22528]
S3 ehRecvr;@%SystemRoot%\ehome\ehrecvr.exe,-101; C:\Windows\ehome\ehRecvr.exe [2009-07-13 557056]
S3 ehSched;@%SystemRoot%\ehome\ehsched.exe,-101; C:\Windows\ehome\ehsched.exe [2009-07-13 94720]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2009-07-13 522752]
S3 fdPHost;@%systemroot%\system32\fdPHost.dll,-100; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 FDResPub;@%systemroot%\system32\fdrespub.dll,-100; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2009-06-10 42856]
S3 HomeGroupListener;@%SystemRoot%\System32\ListSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 HomeGroupProvider;@%SystemRoot%\System32\provsvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 idsvc;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2009-06-10 878416]
S3 IKEEXT;@%SystemRoot%\system32\ikeext.dll,-501; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 IPBusEnum;@%systemroot%\system32\IPBusEnum.dll,-102; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 KtmRm;@comres.dll,-2946; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 lltdsvc;@%SystemRoot%\system32\lltdres.dll,-1; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 MSiSCSI;@%SystemRoot%\system32\iscsidsc.dll,-5000; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 p2pimsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8004; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 p2psvc;@%SystemRoot%\system32\p2psvc.dll,-8006; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 pla;@%systemroot%\system32\pla.dll,-500; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 PNRPAutoReg;@%SystemRoot%\system32\pnrpauto.dll,-8002; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 PNRPsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8000; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 QWAVE;@%SystemRoot%\system32\qwave.dll,-1; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 SCPolicySvc;@%SystemRoot%\System32\certprop.dll,-13; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 SDRSVC;@%SystemRoot%\system32\sdrsvc.dll,-107; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 SensrSvc;@%SystemRoot%\System32\sensrsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 SessionEnv;@%SystemRoot%\System32\SessEnv.dll,-1026; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 SNMPTRAP;@%SystemRoot%\system32\snmptrap.exe,-3; C:\Windows\System32\snmptrap.exe [2009-07-13 12800]
S3 sppuinotify;@%SystemRoot%\system32\sppuinotify.dll,-103; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 SstpSvc;@%SystemRoot%\system32\sstpsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 TabletInputService;@%SystemRoot%\system32\TabSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 TBS;@%SystemRoot%\system32\tbssvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 THREADORDER;@%systemroot%\system32\mmcss.dll,-102; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 TrustedInstaller;@%SystemRoot%\servicing\TrustedInstaller.exe,-100; C:\Windows\servicing\TrustedInstaller.exe [2009-07-13 204800]
S3 UI0Detect;@%SystemRoot%\system32\ui0detect.exe,-101; C:\Windows\system32\UI0Detect.exe [2009-07-13 35840]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 VaultSvc;@%SystemRoot%\system32\vaultsvc.dll,-1003; C:\Windows\system32\lsass.exe [2009-07-13 22528]
S3 vds;@%SystemRoot%\system32\vds.exe,-100; C:\Windows\System32\vds.exe [2009-07-13 452608]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1343400]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-07-13 1202688]
S3 WbioSrvc;@%systemroot%\system32\wbiosrvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 wcncsvc;@%SystemRoot%\system32\wcncsvc.dll,-3; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 WcsPlugInService;@%SystemRoot%\system32\WcsPlugInService.dll,-200; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 Wecsvc;@%SystemRoot%\system32\wecsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 wercplsupport;@%SystemRoot%\System32\wercplsupport.dll,-101; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 WerSvc;@%SystemRoot%\System32\wersvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 WinRM;@%Systemroot%\system32\wsmsvc.dll,-101; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 WMPNetworkSvc;@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101; C:\Program Files\Windows Media Player\wmpnetwk.exe [2009-07-13 1121280]
S3 WPCSvc;@%SystemRoot%\system32\wpcsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 WPDBusEnum;@%SystemRoot%\system32\wpdbusenum.dll,-100; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 WwanSvc;@%SystemRoot%\System32\wwansvc.dll,-257; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S4 Mcx2Svc;@%SystemRoot%\ehome\ehres.dll,-15501; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S4 NetTcpPortSharing;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 128848]

-----------------EOF-----------------

 

[utR]

________________________


Opa utR', aparentemente tudo ok.

Só vamos ver se o winpos.exe está sendo utilizado pelo adware search, ou está limpo. Siga abaixo:

Spoiler

Acesse o site VirusTotal. Copie este caminho em destaque abaixo e cole ao lado do botão

. Clique em Enviar Arquivo e aguarde.

C:\WINDOWS\winpos.exe

Ao término, clique em Mostrar último relatório, copie a URL do resultado e poste aqui.


- Faça o download do RSIT e salve no seu desktop;

● Dê dois cliques em RSIT.exe para executar o programa;
● Na janela que abrir clique no botão Continue para que a ferramenta comece a rodar;
● Quando a ferramenta terminar de rodar, abrirá um log automaticamente no bloco de notas contendo o resultado do scan. Cole o resultado desse log (log.txt) na sua próxima resposta;
● Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt.

Virus Total Link


log.txt RSIT

Spoiler

2010-05-19 20:40:55 ----D---- C:\Arquivos de programas\Steam
2010-05-19 20:40:15 ----AD---- C:\WINDOWS\system32\drivers
2010-05-19 20:37:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-18 22:17:44 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire
2010-05-18 18:04:30 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\uTorrent
2010-05-18 12:28:38 ----RD---- C:\Arquivos de programas
2010-05-13 11:36:45 ----D---- C:\Arquivos de programas\Arquivos comuns
2010-05-13 11:25:14 ----SHD---- C:\WINDOWS\Installer
2010-05-13 11:24:39 ----AD---- C:\WINDOWS\system32
2010-05-13 11:24:33 ----D---- C:\Arquivos de programas\Java
2010-05-12 18:33:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-08 20:33:38 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-06 12:21:33 ----D---- C:\WINDOWS
2010-05-05 11:56:24 ----HD---- C:\WINDOWS\inf
2010-05-05 11:55:21 ----HD---- C:\Arquivos de programas\InstallShield Installation Information
2010-05-05 11:53:12 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-05-04 12:08:53 ----D---- C:\WINDOWS\system32\DirectX
2010-05-04 12:08:26 ----RSD---- C:\WINDOWS\assembly
2010-04-30 13:58:11 ----D---- C:\Arquivos de programas\Rockstar Games
2010-04-30 13:44:09 ----D---- C:\WINDOWS\system32\CatRoot
2010-04-20 11:08:23 ----D---- C:\WINDOWS\Microsoft.NET
2010-04-20 11:02:01 ----D---- C:\Arquivos de programas\Internet Explorer
2010-04-20 01:29:04 ----D---- C:\WINDOWS\WinSxS
2010-04-20 01:26:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-20 01:26:50 ----A---- C:\WINDOWS\imsins.BAK

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2010-03-28 259632]
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys [2010-03-28 482432]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Arquivos de programas\Arquivos comuns\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Dados de aplicativos\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100513.002\IDSxpx86.sys []
R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 40192]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS [2010-03-28 43696]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS [2010-03-28 217136]
R2 RtNdPt5x;Realtek NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\RtNdPt5x.sys [2008-07-09 22016]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Arquivos de programas\Arquivos comuns\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2010-03-28 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2008-02-14 1389056]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2007-06-10 5810]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Dados de aplicativos\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100519.025\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Dados de aplicativos\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100519.025\NAVEX15.SYS []
R3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2003-04-04 30336]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-04-03 10232128]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol); C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 31232]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-08-07 111360]
R3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS [2010-03-28 308272]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS [2010-03-28 89904]
R3 SYMIDS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS [2010-03-28 33072]
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2010-03-28 36400]
R3 SYMNDIS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS [2010-03-28 36400]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2009-03-26 1086208]
S3 aaay2lv4;aaay2lv4; C:\WINDOWS\system32\drivers\aaay2lv4.sys []
S3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2008-06-25 377358]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features; C:\WINDOWS\system32\DRIVERS\RTLTEAMING.SYS [2008-01-23 25984]
S3 RTLVLAN;Realtek VLAN Intermediate Driver; C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS [2008-05-26 17408]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2010-03-28 36400]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-04-07 233472]
R2 GbpSv;Gbp Service; C:\ARQUIV~1\GbPlugin\GbpSv.exe [2010-02-22 53856]
R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 N360;Norton 360; C:\Arquivos de programas\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2010-03-28 117640]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-04-03 154216]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 aspnet_state;Serviço de estado do ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 WMPNetworkSvc;Serviço de Partilha de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-05-17 825344]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
S4 NetTcpPortSharing;Serviço de Compartilhamento de Porta Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt RSIT

Spoiler

info.txt logfile of random's system information tool 1.06 2010-05-19 21:14:11

======Uninstall list======

-->MsiExec /X{54194F60-988C-4D03-B922-C2B00EFDA39A}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Arquivos de programas\uTorrent\uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
APB Beta-EU-->"C:\Arquivos de programas\Realtime Worlds\APB\Beta-EU\uninstall.exe"
Assistente de Conexão do Windows Live-->MsiExec.exe /I{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}
ASUSUpdate-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
Atualização de Segurança para o Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Atualização de Segurança para o Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Atualização de Segurança para o Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Atualização de Segurança para o Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Atualização de Segurança para o Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Atualização de Segurança para o Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Atualização de Segurança para Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB981350)-->"C:\WINDOWS\$NtUninstallKB981350$\spuninst\spuninst.exe"
Atualização para Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Atualização para Windows Internet Explorer 8 (KB980302)-->"C:\WINDOWS\ie8updates\KB980302-IE8\spuninst\spuninst.exe"
Atualização para Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Atualização para Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Atualização para Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Atualização para Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Atualização para Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Atualização para Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Atualização para Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Atualização para Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Atualização para Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Atualização para Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Atualização para Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Atualização para Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Atualização para Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Atualização para Windows XP (KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst\spuninst.exe"
Call of Duty Modern Warfare 2-->"C:\Arquivos de programas\Activision\Modern Warfare 2\unins000.exe"
Diagnostic Utility-->"C:\Arquivos de programas\InstallShield Installation Information\{7236672F-6430-439E-9B27-27EDEAF1D676}\setup.exe" -runfromtemp -l0x0416 -removeonly
DVD Solution-->"C:\Arquivos de programas\Uninstall_CDS.exe"
Ferramenta de Carregamento do Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Grand Theft Auto IV - Episodes From Liberty City-->"C:\Arquivos de programas\Grand Theft Auto IV - Episodes From Liberty City\Uninstall\unins000.exe"
Grand Theft Auto IV-->"C:\Arquivos de programas\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0009 -removeonly
Grand Theft Auto IV-->MsiExec.exe /I{5454083B-1308-4485-BF17-1110000B8301}
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix para Windows XP (KB938759)-->"C:\WINDOWS\$NtUninstallKB938759$\spuninst\spuninst.exe"
Hotfix para Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix para Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix para Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0-->C:\Arquivos de programas\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 7.0-->C:\Arquivos de programas\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Arquivos de programas\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0-->C:\Arquivos de programas\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216019FF}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
K-Lite Codec Pack 5.8.3 (Full)-->"C:\Arquivos de programas\K-Lite Codec Pack\unins000.exe"
LightDialer 3.0-->"C:\Arquivos de programas\Turbo\Discador Turbo\unins000.exe"
LightModem 3.0-->"C:\Arquivos de programas\Turbo\Modem\unins000.exe"
LimeWire PRO 5.1.4-->"C:\Arquivos de programas\LimeWire\uninstall.exe"
M4A to MP3 Converter 1.2-->"C:\Arquivos de programas\M4A to MP3 Converter\unins000.exe"
Manual de Instalação 3.0-->"C:\Arquivos de programas\Turbo\Manual\unins000.exe"
Messenger Plus! Live-->"C:\Arquivos de programas\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack-->MsiExec.exe /X{0CBADDF4-2CF6-4CDB-B4F5-29B8FCA7FE07}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTB-->MsiExec.exe /I{3F31F3B5-C1FF-3708-8611-869DE39C0CB6}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTB-->MsiExec.exe /I{B1FA73D8-AB79-3A2E-81AC-DBBAC155B2FE}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - ptb-->MsiExec.exe /I{1438B41C-658C-35B7-9253-780F2E0A0B8E}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft DirectX Transform optional components-->RUNDLL32.EXE ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\DXTXTRA.INF,UNINSTALL.NT,12
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{A1C962E2-2426-49C6-A38B-9A07E40D607C}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0015-0416-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0016-0416-0000-0000000FF1CE}
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00BA-0416-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0044-0416-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00A1-0416-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001A-0416-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0018-0416-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-002C-0416-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0019-0416-0000-0000000FF1CE}
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-006E-0416-0000-0000000FF1CE}
Microsoft Office Word MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001B-0416-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.6.3)-->c:\arquivos de programas\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Multimedia Launcher-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Nero OEM-->C:\Arquivos de programas\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Norton 360-->C:\Arquivos de programas\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\562C4DD5\3.8.0.41\InstStub.exe /X
NVIDIA Display Control Panel-->C:\Arquivos de programas\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->C:\Arquivos de programas\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA PhysX-->MsiExec.exe /X{54194F60-988C-4D03-B922-C2B00EFDA39A}
OCR Software by I.R.I.S 7.0-->C:\Arquivos de programas\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Pacote de Driver do Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)-->C:\ARQUIV~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpacm_18A9B92ED8DEDC602E49E767FA4BE98A30525207\shpacm.inf
Pacote de Driver do Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)-->C:\ARQUIV~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpusb_558D416BCEB984F35885804D3E1A9C3773F1B17C\shpusb.inf
Pacote de Driver do Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\ARQUIV~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - ptb\setup.exe
PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
PCI Audio Driver-->cmuninst.exe
Portal-->"C:\Arquivos de programas\Steam\steam.exe" steam://uninstall/400
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Arquivos de programas\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\Setup.exe -runfromtemp -l0x0416 -removeonly
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6_old\SSBCUninstall.exe
Samsung Mobile Modem Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\7\SSECUninstall.exe
SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung New PC Studio USB Driver Installer-->"C:\Arquivos de programas\InstallShield Installation Information\{AF7E85DC-317C-47F5-810E-B82EE093A612}\setup.exe" -runfromtemp -l0x0416 -removeonly
Samsung New PC Studio USB Driver Installer-->MsiExec.exe /I{AF7E85DC-317C-47F5-810E-B82EE093A612}
Samsung New PC Studio-->"C:\Arquivos de programas\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -runfromtemp -l0x0416 -removeonly
Samsung New PC Studio-->MsiExec.exe /X{F193FC0E-9E18-40FC-A974-509A1BDD240A}
SAMSUNG SYMBIAN USB Download Driver-->C:\Arquivos de programas\SAMSUNG\SYMBIAN USB Download Driver\Uninstall.exe
SAMSUNG USB Mobile Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SS_BUninstall.exe
SamsungConnectivityCableDriver-->MsiExec.exe /X{7E84FAC8-C518-40F9-9807-7455301D6D25}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
StarCraft II Beta-->C:\Arquivos de programas\Arquivos comuns\Blizzard Entertainment\StarCraft II Beta\Uninstall.exe
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Tom Clancy's Splinter Cell Conviction-->"C:\Arquivos de programas\InstallShield Installation Information\{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}\setup.exe" -runfromtemp -l0x0009 -removeonly
Turbo Analisador 1.1-->"C:\Arquivos de programas\Turbo\Manager\unins000.exe"
Ubisoft Game Launcher-->"C:\Arquivos de programas\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VIA Gerenciador de dispositivo de plataforma-->C:\ARQUIV~1\ARQUIV~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
WinAVI Video Converter-->"C:\Arquivos de programas\WinAVI Video Converter\unins000.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{32BC546A-8AA3-4239-AE92-9CF3291C35A6}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Arquivos de programas\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F2CD4651-F948-467C-B014-71FD981B7F59}
Windows Live Mail-->MsiExec.exe /I{74AD1846-2010-4FB1-8E24-B6F2B87150C2}
Windows Live Messenger-->MsiExec.exe /X{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}
Windows Media Format 11 runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Arquivos de programas\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Arquivos de programas\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Security center information======

AV: Norton 360
FW: Norton 360

======System event log======

Computer Name: SILVAXAVIER
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.

Record Number: 18783
Source Name: EventLog
Time Written: 20100514114825.000000-180
Event Type: Informações
User:

Computer Name: SILVAXAVIER
Event Code: 6006
Message: O serviço Log de eventos foi finalizado.

Record Number: 18782
Source Name: EventLog
Time Written: 20100514013835.000000-180
Event Type: Informações
User:

Computer Name: SILVAXAVIER
Event Code: 7036
Message: O serviço Pml Driver HPZ12 entrou no estado interrompido.

Record Number: 18781
Source Name: Service Control Manager
Time Written: 20100513172329.000000-180
Event Type: Informações
User:

Computer Name: SILVAXAVIER
Event Code: 4226
Message: TCP/IP alcançou o limite de segurança imposto sobre o número de tentativas de conexão TCP simultâneas.

Record Number: 18780
Source Name: Tcpip
Time Written: 20100513132250.000000-180
Event Type: aviso
User:

Computer Name: SILVAXAVIER
Event Code: 6006
Message: O serviço Log de eventos foi finalizado.

Record Number: 18779
Source Name: EventLog
Time Written: 20100512221530.000000-180
Event Type: Informações
User:

=====Application event log=====

Computer Name: SILVAXAVIER
Event Code: 1022
Message: Produto: Microsoft .NET Framework 3.0 Service Pack 2 - A atualização 'WF_32' foi instalada com êxito.

Record Number: 793
Source Name: MsiInstaller
Time Written: 20100419103657.000000-180
Event Type: Informações
User: SILVAXAVIER\Administrador

Computer Name: SILVAXAVIER
Event Code: 1022
Message: Produto: Microsoft .NET Framework 3.0 Service Pack 2 - A atualização 'WPF_Other' foi instalada com êxito.

Record Number: 792
Source Name: MsiInstaller
Time Written: 20100419103657.000000-180
Event Type: Informações
User: SILVAXAVIER\Administrador

Computer Name: SILVAXAVIER
Event Code: 1022
Message: Produto: Microsoft .NET Framework 3.0 Service Pack 2 - A atualização 'WF' foi instalada com êxito.

Record Number: 791
Source Name: MsiInstaller
Time Written: 20100419103657.000000-180
Event Type: Informações
User: SILVAXAVIER\Administrador

Computer Name: SILVAXAVIER
Event Code: 1022
Message: Produto: Microsoft .NET Framework 3.0 Service Pack 2 - A atualização 'WPF_1' foi instalada com êxito.

Record Number: 790
Source Name: MsiInstaller
Time Written: 20100419103657.000000-180
Event Type: Informações
User: SILVAXAVIER\Administrador

Computer Name: SILVAXAVIER
Event Code: 1022
Message: Produto: Microsoft .NET Framework 3.0 Service Pack 2 - A atualização 'WCF' foi instalada com êxito.

Record Number: 789
Source Name: MsiInstaller
Time Written: 20100419103657.000000-180
Event Type: Informações
User: SILVAXAVIER\Administrador

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Arquivos de programas\PC Connectivity Solution\;C:\Arquivos de programas\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------