Remoção de vírus

[Mr.Wolf]

Boa tarde pessoal!


jpablo, delete a pasta C:\Avenger. Responda-me a pergunta que lhe fiz anteriormente jpablo:

jpablo, foi você quem criou ou tem conhecimento deste arquivo e destas pastas abaixo?

C:\pc.exe
C:\MSI2f7d5.tmp <- pasta
C:\PC <-pasta

Gere apenas o log.txt do RSIT e cole-o em sua próxima resposta.


____________________________________


Amigo ||falcon, ative a opção de ver pastas e arquivos ocultos no Windows e delete a pasta em destaque abaixo:

C:\fsaua.data

No mais, log está limpo ||falcon

Vá em Iniciar > Executar, digite combofix /u e dê um OK para removê-lo. Delete a ferramenta SDFix também (caso esteja aí ainda).
Em seu log constam dois antivirus ||falcon: AVG 7.5 e NOD32 2.7. Recomendo remover um e deixar apenas o outro como proteção, pois não é recomendável ter dois antivirus instalados no PC. Além de gerar conflitos, não lhe dará mais segurança, muito pelo contrário!
Não se esqueça de instalar um firewall também.

Algum problema ainda ||falcon?

____________________________________


flavinha toledo, abra o Malwarebytes e clique na guia Quarentena. Marque todos os itens lá e clique em Remover Tudo.

Poste um novo log do HijackThis aqui Flavinha.

 

[Mr.Wolf]

Sou novo e estou com dificuldades com um virus Win32/Rootkit.Agent.ODG. O que faço para elimina-lo?

Olá Angelo D`Auria, faça e poste um log do HijackThis aqui, conforme instrução abaixo por favor:

- Baixe o HijackThis e extraia-o para uma pasta própria em C:.
- Execute o HijackThis e clique em Do a system scan and a save logfile.
- Será gerado um log no bloco de notas. Copie e cole-o aqui.

Abraço :thumbs_up

_________________________________

Postado originalmente por luisednardo

Mr WOlf, esse software é semelhante ao DeepFreeze? Conhece esse programa? É muito usado em lanhouses e cybercafes. Depois que o programa é instalado, ele "congela" o sistema, ou seja, tudo que for modificado ou criado após a instalação do DeepFreeze irá ser apagado automaticamente após reiniciar o computador. Por isso é muito usado em lanhouses pois lá a incidência de vírus é enorme. A única desvantagem é que se vc salvar algum documento de texto por exemplo, também é apagado. Esse sandbox também é assim?

Exato luisednardo. Possui a mesma função do Deep Freeze sim. Porém, além do SandBoxie ser gratuito, consome menos recurso do sistema do que o Deep Freeze. E é mais fácil de mexer também.
Outra vantagem do SandBoxie é que, caso não queira que tudo seja apagado ao reiniciar, basta configurá-lo para tal. Ou seja, caso salve algum documento de texto importante, como você disse, ele não será apagado ao reiniciar.

Deep Freeze tem, logicamente, mais funções e pode até ser melhor que o SandBoxie. Mas particularmente, gosto bastante do SB e creio que futuramente será do mesmo nível, senão melhor, que o DF. Convenhamos que o DF não é nada fácil de desinstalar também, já vi casos em que somente uma formatação removeu o software da máquina. O SB é fácil de desinstalação.

Enfim, sugiro que experimente qualquer um dos dois softwares e veja se o problema da lentidão ainda ocorrerá após um tempo.

 

[flavinha toledo]

Oi Mr.Wolf aqui esta o novo log querido

Bigadaaaaaaaaaaaaaaaaa

Bjukaaaaaaaaaaaaaaaaaaassssssssssssssssss

Fla

Ahh Mr.Wolf posso te fazer uma pergunta???? hihihihihihi

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:59:22, on 28/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Programas\Ficheiros comuns\Symantec Shared\ccProxy.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
c:\Programas\Norton AntiVirus\navapsvc.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\Programas\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Programas\Ficheiros comuns\System\MSASP32.exe
C:\Programas\Java\j2re1.4.2_03\bin\javaw.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Proprietário-de-HP\Ambiente de trabalho\ccsetup207_slim.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeart1cile.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O1 - Hosts: webmessenger.com.br localhost
O1 - Hosts: orkut.com.br localhost
O1 - Hosts: messenger.com localhost
O1 - Hosts: webmessenger.com locahost
O1 - Hosts: powerscrap.com localhost
O1 - Hosts: powerscrapt.com.br locahost
O1 - Hosts: 127.0.0.1 www.orkut.com
O1 - Hosts: 127.0.0.1 images.orkut.com
O1 - Hosts: 127.0.0.1 meebo.com.br
O1 - Hosts: 127.0.0.1 meebo.com
O1 - Hosts: 127.0.0.1 www.ebuddy.com/
O1 - Hosts: 127.0.0.1 www.meebo.com
O1 - Hosts: 127.0.0.1 www.images.orkut.com
O1 - Hosts: 127.0.0.1 wwwm.meebo.com
O1 - Hosts: 127.0.0.1 www.youtube.com
O1 - Hosts: 127.0.0.1 youtube.com
O1 - Hosts: 127.0.0.1 video.google.com
O1 - Hosts: 127.0.0.1 http://iowa.ebuddy.com/
O1 - Hosts: 127.0.0.1 iowa.ebuddy.com/
O1 - Hosts: 127.0.0.1 http://br.life.dada.net/video/?medialist=cool&ever=1
O1 - Hosts: 127.0.0.1 br.life.dada.net
O1 - Hosts: 127.0.0.1 www.dada.net
O1 - Hosts: 127.0.0.1 http://iowa.ebuddy.com/vm065012/signout.jsp
O1 - Hosts: 127.0.0.1 http://nevada.ebuddy.com/vm065012/ma...90872756051000
O1 - Hosts: 127.0.0.1 nevada.ebuddy.com/vm065012/main.jsp?hash=7e48e728f1f1e5fe04aca6c7478c8e64&tim e=1177590872756051000
O1 - Hosts: 127.0.0.1 nevada.ebuddy.com
O1 - Hosts: 127.0.0.1 http://ebuddy.com/mobile
O1 - Hosts: 127.0.0.1 http://vcontent-us.ebuddy.com/ads/eb...rectangle.html
O1 - Hosts: 127.0.0.1 http://vcontent.ebuddy.com
O1 - Hosts: 127.0.0.1 http://www.pimpproxy.com
O1 - Hosts: 127.0.0.1 http://www.proxy-demon.com
O1 - Hosts: 127.0.0.1 http://www.securesearch.info/
O1 - Hosts: 127.0.0.1 http://www.ninjaproxy.com
O1 - Hosts: 127.0.0.1 http://www.safehazard.com
O1 - Hosts: 127.0.0.1 http://www.zeroproxy.com
O1 - Hosts: 127.0.0.1 http://www.siteallow.com
O1 - Hosts: 127.0.0.1 http://www.youhide.com
O1 - Hosts: 127.0.0.1 http://proxy.org/
O1 - Hosts: 127.0.0.1 http://www.siteallow.com
O1 - Hosts: 127.0.0.1 http://www.anonymousindex.com
O1 - Hosts: 127.0.0.1 http://www.hidemyass.com
O1 - Hosts: 127.0.0.1 http://www.proxyfoxy.com
O1 - Hosts: 127.0.0.1 http://www.proxy7.com
O1 - Hosts: 127.0.0.1 http://www.proxyaction.net/proxy
O1 - Hosts: 127.0.0.1 http://www.proxyfirst.com
O1 - Hosts: 127.0.0.1 http://www.youhide.com
O1 - Hosts: 127.0.0.1 http://www.rapidwire.net
O1 - Hosts: 127.0.0.1 http://www.ninjaproxy.com
O1 - Hosts: 127.0.0.1 http://www.browseprox.com
O1 - Hosts: 127.0.0.1 http://www.myspacebypass.com
O1 - Hosts: 127.0.0.1 http://www.mysearchpirate.com
O1 - Hosts: 127.0.0.1 http://anonymouse.ws
O1 - Hosts: 127.0.0.1 orkut
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Ver HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programas\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Programas\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programas\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [Windows Networking Monitoring] C:\WINDOWS\System32\mdm.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Windows Networking Monitoring] C:\WINDOWS\System32\mdm.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O23 - Service: Advance Service Process - Unknown owner - C:\Programas\Ficheiros comuns\System\MSASP32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Programas\Ficheiros comuns\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: Serviço de proteção automática do Norton AntiVirus (navapsvc) - Symantec Corporation - c:\Programas\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Programas\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe

--
End of file - 5179 bytes

 

[jpablo]

FEITO, E AGORA?? aguardando

pablo, foi você quem criou ou tem conhecimento deste arquivo e destas pastas abaixo?
sim fui eu mas ja apaguei.

C:\pc.exe
C:\MSI2f7d5.tmp <- pasta imagem fotos
C:\PC <-pasta nao lembro oq tinha

 

[Mr.Wolf]

Flavinha, execute o HijackThis e clique em Do a system scan only. Marque a entrada abaixo e clique em Fix Checked:

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Clique em Sim na mensagem e feche o HijackThis.

Ahh Mr.Wolf posso te fazer uma pergunta???? hihihihihihi[/COLOR][/B]

Claro.

 

[Mr.Wolf]

jpablo, leia o que eu disse anteriormente:

Gere apenas o log.txt do RSIT e cole-o em sua próxima resposta.

 

[jpablo]

Duvida

É normal quando eu mando passar o rsit ele abrir um outro programa e mandar executar ?
A imagem É essa abaixo
valeu...

 

[Mr.Wolf]

Sim, é normal jpablo.

 

[jpablo]

log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by jp at 2009-04-28 16:08:27
Microsoft Windows XP Professional Service Pack 2
System drive C: has 7 GB (10%) free of 76 GB
Total RAM: 958 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:13:29, on 28/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\D-Tools\daemon.exe
C:\Arquivos de programas\Winamp\winampa.exe
C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe
C:\Arquivos de programas\QuickTime\qttask.exe
C:\ARQUIV~1\Nero\NERO7~1\NEROTO~1\DRIVES~1.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe
C:\Arquivos de programas\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
C:\Arquivos de programas\MSI\DualCoreCenter\DualCoreCenter.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Java\jre1.6.0_05\bin\jucheck.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\jp\Desktop\RSIT.exe
C:\Documents and Settings_back up2005\juan\Desktop\7up 3\jp.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=172.16.11.102:6588;http=172.16.11.102:6588;https=172.16.11.102:6588;socks=172.16.11.102:6588
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Nero DriveSpeed] C:\ARQUIV~1\Nero\NERO7~1\NEROTO~1\DRIVES~1.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DualCoreCenter.lnk = C:\Arquivos de programas\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{27174DF0-EF54-4D5E-8011-DCDC49A601A4}: NameServer = 10.1.1.1
O17 - HKLM\System\CS4\Services\Tcpip\..\{0D49D05B-2B23-43C6-A53F-318BD20796E1}: NameServer = 200.157.72.6,200.189.170.14
O17 - HKLM\System\CS5\Services\Tcpip\..\{0D49D05B-2B23-43C6-A53F-318BD20796E1}: NameServer = 200.157.72.6,200.189.170.14
O17 - HKLM\System\CS6\Services\Tcpip\..\{0D49D05B-2B23-43C6-A53F-318BD20796E1}: NameServer = 200.157.72.6,200.189.170.14
O17 - HKLM\System\CS8\Services\Tcpip\..\{0D49D05B-2B23-43C6-A53F-318BD20796E1}: NameServer = 200.157.72.6,200.189.170.14
O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE

--
End of file - 6533 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]
GbIehObj Class - C:\ARQUIV~1\GBPLUGIN\gbieh.dll [2009-03-25 271152]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"=C:\Arquivos de programas\D-Tools\daemon.exe [2004-08-22 81920]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]
"nwiz"=nwiz.exe /install []
"WinampAgent"=C:\Arquivos de programas\Winamp\winampa.exe [2007-05-14 35328]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"QuickTime Task"=C:\Arquivos de programas\QuickTime\qttask.exe [2008-01-30 98304]
"Nero DriveSpeed"=C:\ARQUIV~1\Nero\NERO7~1\NEROTO~1\DRIVES~1.EXE [2005-10-24 602112]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-09-18 16855040]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-06-28 81920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"NVIDIA nTune"=C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-09-04 81920]
"Advanced SystemCare 3"=C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe [2009-02-22 2272592]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar
DualCoreCenter.lnk - C:\Arquivos de programas\MSI\DualCoreCenter\StartUpDualCoreCenter.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]
C:\ARQUIV~1\GBPLUGIN\gbieh.dll [2009-03-25 271152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=C:\ARQUIV~1\GBPLUGIN\gbieh.dll [2009-03-25 271152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\apache\Apache.exe"="C:\apache\Apache.exe:*:Enabled:Apache"
"C:\Arquivos de programas\Messenger\msmsgs.exe"="C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Arquivos de programas\Blue Coat Systems\WinProxy 6\WinProxy.exe"="C:\Arquivos de programas\Blue Coat Systems\WinProxy 6\WinProxy.exe:*:Enabled:WinProxy Application"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*isabledxpsp2res.dll,-22019"
"C:\Arquivos de programas\AnalogX\Proxy\proxy.exe"="C:\Arquivos de programas\AnalogX\Proxy\proxy.exe:*:Enabledroxy"
"C:\Arquivos de programas\eMule\emule.exe"="C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\Arquivos de programas\Valve\hl.exe"="C:\Arquivos de programas\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"E:\quakeIIIarena\quake3.exe"="E:\quakeIIIarena\quake3.exe:*:Enabled:quake3"
"C:\Arquivos de programas\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Arquivos de programas\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"C:\Arquivos de programas\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Arquivos de programas\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Áudio AC3 (ac3)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c849219-d5e2-11dc-b4c1-001617413ca0}]
shell\Setup\command - H:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c718dd97-c3f7-11dc-b4a7-001617413ca0}]
shell\Setup\command - H:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c718dd98-c3f7-11dc-b4a7-001617413ca0}]
shell\Setup\command - I:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff4722cf-eec4-11dc-b4e2-001617413ca0}]
shell\Setup\command - H:\setup.exe


======File associations======

.js - edit - "C:\Arquivos de programas\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2009-04-28 11:54:08 ----D---- C:\WINDOWS\LastGood
2009-04-28 08:17:38 ----A---- C:\avenger.txt
2009-04-28 08:07:23 ----A---- C:\UsbFix.txt
2009-04-28 08:02:53 ----D---- C:\Arquivos de programas\UsbFix
2009-04-27 22:14:34 ----A---- C:\TB.txt
2009-04-27 22:13:02 ----D---- C:\ToolBar SD
2009-04-27 17:06:53 ----D---- C:\ComboFix
2009-04-27 17:06:53 ----A---- C:\WINDOWS\system32\CF12199.exe
2009-04-27 16:37:24 ----D---- C:\rsit
2009-04-26 23:23:58 ----A---- C:\WINDOWS\system32\CF528.exe
2009-04-26 23:14:21 ----RASHD---- C:\cmdcons
2009-04-26 23:12:43 ----A---- C:\WINDOWS\system32\CF31108.exe
2009-04-26 23:12:32 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Avg7
2009-04-26 23:04:00 ----A---- C:\WINDOWS\system32\CF29345.exe
2009-04-26 22:55:55 ----A---- C:\WINDOWS\system32\CF27522.exe
2009-04-26 22:49:00 ----A---- C:\WINDOWS\zip.exe
2009-04-26 22:49:00 ----A---- C:\WINDOWS\vFind.exe
2009-04-26 22:49:00 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-04-26 22:49:00 ----A---- C:\WINDOWS\SWSC.exe
2009-04-26 22:49:00 ----A---- C:\WINDOWS\SWREG.exe
2009-04-26 22:49:00 ----A---- C:\WINDOWS\sed.exe
2009-04-26 22:49:00 ----A---- C:\WINDOWS\NIRCMD.exe
2009-04-26 22:49:00 ----A---- C:\WINDOWS\grep.exe
2009-04-26 22:48:53 ----D---- C:\WINDOWS\ERDNT
2009-04-26 22:48:52 ----A---- C:\WINDOWS\system32\CF26419.exe
2009-04-26 22:48:45 ----D---- C:\Qoobox
2009-04-23 13:35:00 ----D---- C:\Arquivos de programas\NVIDIA Corporation
2009-04-23 13:33:49 ----D---- C:\Arquivos de programas\NVIDIA nTune Performance Application
2009-04-23 13:08:05 ----D---- C:\Documents and Settings\jp\Dados de aplicativos\IObit
2009-04-22 17:32:26 ----A---- C:\juan2.txt
2009-04-16 03:04:22 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-16 03:04:14 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-16 03:03:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-16 03:02:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-16 03:02:45 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-16 03:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-12 22:15:38 ----A---- C:\WINDOWS\PHPRunner.INI
2009-04-12 22:07:41 ----D---- C:\Arquivos de programas\PHPRunner5.0
2009-04-12 21:01:16 ----D---- C:\Arquivos de programas\SmartSpidey
2009-04-12 20:17:30 ----D---- C:\Arquivos de programas\AppGini
2009-04-12 20:17:30 ----A---- C:\WINDOWS\system32\msxml3a.dll
2009-04-12 18:19:11 ----D---- C:\Arquivos de programas\SQL Maestro Group

======List of files/folders modified in the last 1 months======

2009-04-28 16:10:30 ----D---- C:\WINDOWS\Prefetch
2009-04-28 14:18:00 ----D---- C:\Arquivos de programas\Mozilla Firefox
2009-04-28 11:54:24 ----HD---- C:\WINDOWS\inf
2009-04-28 11:54:24 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-28 11:54:08 ----D---- C:\WINDOWS
2009-04-28 08:20:34 ----D---- C:\WINDOWS\temp
2009-04-28 08:17:39 ----D---- C:\WINDOWS\system32
2009-04-28 08:17:38 ----AD---- C:\WINDOWS\system32\drivers
2009-04-28 08:17:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-28 08:10:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-28 08:07:31 ----RSHD---- C:\Recycled
2009-04-28 08:02:53 ----RD---- C:\Arquivos de programas
2009-04-27 14:40:08 ----D---- C:\Arquivos de programas\Malwarebytes' Anti-Malware
2009-04-27 14:02:05 ----AD---- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP
2009-04-26 23:50:20 ----D---- C:\MITSUCA
2009-04-26 23:25:34 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-26 23:14:26 ----RASH---- C:\boot.ini
2009-04-26 23:12:21 ----D---- C:\WINDOWS\system
2009-04-25 16:27:54 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin
2009-04-25 16:27:54 ----D---- C:\Arquivos de programas\GbPlugin
2009-04-23 13:41:36 ----D---- C:\Arquivos de programas\IObit
2009-04-23 13:35:51 ----HD---- C:\Arquivos de programas\InstallShield Installation Information
2009-04-23 13:35:15 ----SHD---- C:\WINDOWS\Installer
2009-04-23 13:35:15 ----D---- C:\Config.Msi
2009-04-23 01:56:11 ----A---- C:\WINDOWS\NeroDigital.ini
2009-04-23 00:10:59 ----D---- C:\WINDOWS\system32\NtmsData
2009-04-23 00:08:29 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft
2009-04-22 17:25:35 ----D---- C:\Arquivos de programas\xBaseView
2009-04-22 01:36:39 ----D---- C:\2009
2009-04-16 07:13:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-16 03:12:04 ----D---- C:\WINDOWS\system32\wbem
2009-04-16 03:12:04 ----D---- C:\WINDOWS\AppPatch
2009-04-16 03:04:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-16 03:04:18 ----A---- C:\WINDOWS\imsins.BAK
2009-04-16 03:03:56 ----D---- C:\WINDOWS\system32\pt-br
2009-04-16 03:03:56 ----D---- C:\Arquivos de programas\Internet Explorer
2009-04-16 03:03:07 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-16 03:02:20 ----A---- C:\WINDOWS\win.ini
2009-04-12 19:55:36 ----D---- C:\Documents and Settings\jp\Dados de aplicativos\DBDesigner4
2009-04-12 03:11:56 ----D---- C:\WINDOWS\system32\QuickTime
2009-04-12 03:11:56 ----D---- C:\Arquivos de programas\QuickTime
2009-04-09 09:05:23 ----D---- C:\WINDOWS\Config
2009-04-09 09:05:22 ----D---- C:\Arquivos de programas\Arquivos comuns
2009-04-08 23:19:12 ----SHD---- C:\System Volume Information
2009-04-08 23:19:12 ----D---- C:\WINDOWS\system32\Restore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DumaNT;NVIDIA Stereo Helper Service; C:\WINDOWS\system32\DRIVERS\dumant.sys [2002-11-18 399700]
R1 HMFAxCore56d706f6725c732df006697fd5ec3381;HMFAxCore56d706f6725c732df006697fd5ec3381; \??\C:\WINDOWS\system32\drivers\HMFAxCore56d706f6725c732df006697fd5ec3381.sys []
R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40192]
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
R3 actser;actser; C:\WINDOWS\system32\drivers\actser.sys [2005-09-12 29440]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2005-09-29 110080]
R3 DualCoreCenter;DualCoreCenter; \??\C:\Arquivos de programas\MSI\DualCoreCenter\NTGLM7X.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-09-18 4816896]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-05 12288]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-28 6807328]
R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-01-18 80512]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2008-02-05 59960]
R3 vsbus;Virtual Serial Bus Enumerator; C:\WINDOWS\system32\DRIVERS\vsb.sys [2005-09-12 15264]
S1 GhPciScan;GhostPciScanner; \??\C:\Arquivos de programas\Symantec\Norton Ghost 2003\ghpciscan.sys []
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-12-16 3842560]
S3 catchme;catchme; \??\C:\DOCUME~2\jp\CONFIG~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-22 7680]
S3 MotDev;Motorola Inc. USB Device; C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NAT;WinProxy Firewall; \??\C:\ARQUIV~1\BLUECO~1\WINPRO~1\NAT.sys []
S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 Ser2pl;Prolific2 Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2005-07-25 48640]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 siusbmod;siusbmod; C:\WINDOWS\system32\DRIVERS\siusbmod.sys [2005-09-12 27008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usb2vcom;USB to Serial Bridge Controller; C:\WINDOWS\System32\Drivers\usb2vcom.sys [2006-07-16 30368]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2004-05-03 20092]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgUsbDiag.sys [2004-05-03 39136]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2004-05-03 41664]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 usbvideo;Dispositivo de vídeo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 vserial;ELTIMA Virtual Serial Ports Driver; C:\WINDOWS\System32\DRIVERS\vserial.sys [2005-09-12 47744]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 ZSMC301b;Vimicro USB PC Camera (VC0305); C:\WINDOWS\System32\Drivers\usbVM31b.sys [2004-08-17 91263]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-06-07 561152]
R2 GbpSv;Gbp Service; C:\ARQUIV~1\GbPlugin\GbpSv.exe [2009-03-25 52560]
R2 MySql;MySql; C:/mysql/bin/mysqld-nt.exe []
R2 nTuneService;nTune Service; C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-06-28 155716]
S2 PHPGeekUtil;PHPGeekUtil; c:\apache\APACHE.EXE [2002-10-03 20480]
S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

 

[Mr.Wolf]

jpablo, vi no log que você utilizou o ToolBar SD. Não há motivos para usá-lo, não tem nada a ver com sua infecção. Provavelmente você copiou instruções que passei à outros amigos aqui no tópico, o que é inútil, pois cada caso é um caso.

- Faça o download do OTMoveIt3 e salve no desktop;

● Dê um duplo clique no ícone do programa (OTMoveIt3) para executá-lo;
● Selecione e copie todo este conteúdo aqui abaixo:

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c849219-d5e2-11dc-b4c1-001617413ca0}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c718dd97-c3f7-11dc-b4a7-001617413ca0}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c718dd98-c3f7-11dc-b4a7-001617413ca0}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff4722cf-eec4-11dc-b4e2-001617413ca0}]

:Files
C:\Recycled
C:\avenger.txt
C:\UsbFix.txt
C:\Arquivos de programas\UsbFix
C:\TB.txt
C:\ToolBar SD
C:\ComboFix
C:\WINDOWS\system32\CF12199.exe
C:\WINDOWS\system32\CF528.exe
C:\WINDOWS\system32\CF31108.exe
C:\WINDOWS\system32\CF29345.exe
C:\WINDOWS\system32\CF27522.exe

● Cole o que você copiou no programa (no espaço em branco da janela);
● Clique no botão MoveIt;
● Se aparecer uma mensagem para reiniciar o computador, reinicie-o;
● Na sua proxima resposta, copie e cole o todo o conteúdo que está em Results;
● Se o computador reiniciou, vá na pasta C:\_OTMoveIt\MovedFiles, e abra o mais recente arquivo .log presente. Copie e cole todo o conteúdo desse arquivo.

 

[jpablo]

FEITO aguardando...

========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c849219-d5e2-11dc-b4c1-001617413ca0}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c718dd97-c3f7-11dc-b4a7-001617413ca0}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c718dd98-c3f7-11dc-b4a7-001617413ca0}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff4722cf-eec4-11dc-b4e2-001617413ca0}\\ deleted successfully.
========== FILES ==========
C:\Recycled moved successfully.
C:\avenger.txt moved successfully.
C:\UsbFix.txt moved successfully.
C:\Arquivos de programas\UsbFix\Tools moved successfully.
C:\Arquivos de programas\UsbFix moved successfully.
C:\TB.txt moved successfully.
C:\ToolBar SD\Backup-TB\Reg moved successfully.
C:\ToolBar SD\Backup-TB moved successfully.
C:\ToolBar SD moved successfully.
C:\ComboFix\N_ moved successfully.
C:\ComboFix moved successfully.
C:\WINDOWS\system32\CF12199.exe moved successfully.
C:\WINDOWS\system32\CF528.exe moved successfully.
C:\WINDOWS\system32\CF31108.exe moved successfully.
C:\WINDOWS\system32\CF29345.exe moved successfully.
C:\WINDOWS\system32\CF27522.exe moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04282009_162852

 

[flavinha toledo]

Bigada Mr.Wolf ja fiz o q me passou e deu tdo certinho =) Nao tem mais nada pra fazer???

Bom a pergunta é sobre o windows, eu sempre deixo um wallpaper q eu gosto aki na area de trabalho e a menina q trabalha de manhã q nem é no meu pc troca o wallpaper só para me sacanear =/

Tem algum jeito de fazer com q essa menina nao mude o wallapaper sendo q ela nem meche nesse pc e faz so pra zuar?????

Disculpa se essa pergunta nao pode ser feita aki ou se nao quiser responder. É q é chato fik trocando e arrumando toda hora =]

Bigadaaaa querido

Bjukasssssssss

 

[||falcon]

Boa tarde pessoal!

Amigo ||falcon, ative a opção de ver pastas e arquivos ocultos no Windows e delete a pasta em destaque abaixo:

C:\fsaua.data

No mais, log está limpo ||falcon

Vá em Iniciar > Executar, digite combofix /u e dê um OK para removê-lo. Delete a ferramenta SDFix também (caso esteja aí ainda).
Em seu log constam dois antivirus ||falcon: AVG 7.5 e NOD32 2.7. Recomendo remover um e deixar apenas o outro como proteção, pois não é recomendável ter dois antivirus instalados no PC. Além de gerar conflitos, não lhe dará mais segurança, muito pelo contrário!
Não se esqueça de instalar um firewall também.

Algum problema ainda ||falcon?

____________________________________

Mr.

Apaguei a pasta, removi também o combofix e o SDFix! Sobre os antivirus, são em verão portable, não tenho instalados e nem rodam aqui 2 seguidos..hehe, só deviam estar no registro mesmo por causa que usei ele no dia do desespero:slap:! Firewall instalei o comodo como você sugeriu fui no google procurei um ajuste fino para ele e agora ta tranquilo! Mais importate você resolveu..hehe, obrigado mesmo, me salvou pra caramba..hehe!Te devo essa:yes:!

Ahh como que você sabe de tudo isso?rsrsrs, você pega de algum lugar? Queria pelo menos saber ver possiveis vermes:sly: pelo HijackThis..hehe!

Abraços

 

[jpablo]

So para agradeÇer mesmo

Imagina um monte de gente desesperada pra ver suas maquinas funcionando bem...
Esperando a hora das respostas e passos a seguir ...

MUITO OBRIGADO
WOLF

 

[Mr.Wolf]

jpablo, o log está limpo.

Problema com vírus sua máquina não tem mais.

 

[Mr.Wolf]

Bigada Mr.Wolf ja fiz o q me passou e deu tdo certinho =) Nao tem mais nada pra fazer???

Não Flavinha, seu log está limpo

Bom a pergunta é sobre o windows, eu sempre deixo um wallpaper q eu gosto aki na area de trabalho e a menina q trabalha de manhã q nem é no meu pc troca o wallpaper só para me sacanear =/

Tem algum jeito de fazer com q essa menina nao mude o wallapaper sendo q ela nem meche nesse pc e faz so pra zuar?????

Tente isto:

Vá em Iniciar > Executar, digite gpedit.msc e dê um OK. Caminhe nas seguintes chaves: Configuração do Usuário > Modelos Administrativos > Área de Trabalho > Active Desktop.
Ao lado direito do painel, dê um duplo clique em "Desativar Active Desktop" e coloque a opção Ativado. Logo em seguida, faça o mesmo procedimento com as chaves: "Proibir alterações" e "Papel de parede do Active Desktop".

Veja se dará certo.


_________________________________

Postado originalmente por ||falcon

Ahh como que você sabe de tudo isso?rsrsrs, você pega de algum lugar? Queria pelo menos saber ver possiveis vermes pelo HijackThis..hehe!

Não pego em nenhum lugar não amigo ||falcon. Basta estudar mesmo tudo sobre o HijackThis e suas entradas, conhecer os vírus e ferramentas a utilizar. Um bom começo é este abaixo:

http://www.linhadefensiva.org/2005/06/hijackthis-completo/

Bom estudo :thumbs_up

 

[jpablo]

Valeu
mr.
Vc saberia o pq nÃo consigo a cessar meu gerenciador de dispositivos?
Ocorre o seguinte :

 

[jpablo]

Ps: Qual antivÍrus me aconselharia usar?

 

[Mr.Wolf]

jpablo, vá Iniciar > Executar, digite o comando aqui abaixo na caixa e dê um OK:

regsvr32 dmocx.dll

Veja se o Gerenciador de Dispositivos volta ao normal.

Ps: Qual antivÍrus me aconselharia usar?

Depende se quer um antivirus pago ou gratuito. Minha sugestão é:

Antivirus gratuito: Avira AntiVir
Antivirus pago: Kaspersky ou NOD32

 

[jpablo]

Perfeitooooo
uhuuuuuuu
apareceu ufa
brigadaum mesmmo!
Tu É o cara windows-man hehehe valeu
se nao for ser mto chato poderia me falar pq isso aconteceu?
Ter sumido e estar tao lentinha a maquina valeu mesmo abraÇos
e novamente grato

 

[flavinha toledo]

Mr.Wolf fiz tudo como me mostro mais quando vou no papel de parede do active desktop, dou ativado e dou ok aparece uma msg dizendo q eu preciso digitar o nome do papel de parede no campo em branco =/

I agora hihihihihi????

Bigada querido

Bjukssssssssssss

 

[Mr.Wolf]

se nao for ser mto chato poderia me falar pq isso aconteceu? Ter sumido e estar tao lentinha a maquina valeu mesmo abraÇos

Na maioria das vezes, o problema com o Gerenciador é um bug do próprio Windows jpablo. Às vezes também pode ser causado por vírus, mas não foi o seu caso.

A máquina estar lenta pode ser por diversos motivos: temperatura do processador, máquina cheio de lixo (faça uma limpeza geral dos arquivos temporários e do registro), sistema fragmentado (desfragmente o disco), etc...

 

[Mr.Wolf]

Mr.Wolf fiz tudo como me mostro mais quando vou no papel de parede do active desktop, dou ativado e dou ok aparece uma msg dizendo q eu preciso digitar o nome do papel de parede no campo em branco =/

I agora hihihihihi????

Bigada querido

Bjukssssssssssss

Faça isso Flavinha: Já mantenha o wallpaper que deseja ativo no desktop. Quando for no "Papel de parede do Active Desktop" e colocar Ativado, no campo "Nome do papel de parede" coloque o caminho deste seu wallpaper, que fica na seguinte pasta: C:\Windows\Web\Wallpaper.

Exemplo:

C:\Windows\Web\Wallpaper\flavinha toledo.jpg

E dê um OK.

 

[flavinha toledo]

Uhullllll \o/ \o/ \o/

Bigaaaaada Mr.Wolf vc eh d+++++++ querido deu certinho nossa q tuuuuuudoooooooooo =) =)

nem sei como agradecer Mr.Wolf mtoo obrigada msm viu

Ahh te mandei uma mensagem privada da uma olhada lah plixxxxx hihihihihihi

Bjukaaaaaaassssssssssssssss

Fla eternamente grata

 

[brunobyof]

Mais logs Wolf, plz rrs
Eu fiz a 1ª e 2ª etapa:

1) Resultado do OT_move_it3:

Spoiler

========== FILES ==========
File/Folder C:\ProgramData\ByteFunkFunk.wmz90 not found.
File/Folder C:\ProgramData\Move ref exit.n6x79 not found.
C:\ProgramData\{0AAA1129-1E09-47FC-B02B-648C164E1F6F} moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Internet More deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\way math bike enc deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31f650b3-bb4e-11dd-ac53-001fc6e9614f}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\Users\bruno\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be deleted on reboot.
File delete failed. C:\Users\bruno\AppData\Local\Temp\~DFA946.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\bruno\AppData\Local\Temp\~DFB0F0.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\bruno\AppData\Local\Temp\~DFB100.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Windows Temp folder emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04282009_182201

Files moved on Reboot...
C:\Users\bruno\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\bruno\AppData\Local\Temp\~DFA946.tmp moved successfully.
File C:\Users\bruno\AppData\Local\Temp\~DFB0F0.tmp not found!
File C:\Users\bruno\AppData\Local\Temp\~DFB100.tmp not found!

2) Log da opção 4 (log scritp) do LopSD:

Spoiler

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Ultimate ( v6.0.6001 ) Service Pack 1
x64-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz )
BIOS : BIOS Date: 03/19/08 11:51:41 Ver: 08.00.12
USER : bruno ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081208-0] 4.8.1229 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:9 Go)
D:\ (Local Disk) - NTFS - Total:58 Go (Free:33 Go)
E:\ (Local Disk) - NTFS - Total:195 Go (Free:118 Go)
F:\ (Local Disk) - NTFS - Total:15 Go (Free:15 Go)
G:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [4] ( 28/04/2009|18:31 )

[ UAC => 0 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Lop Script

C:\ProgramData\bore cool hide
C:\ProgramData\cast dale way math
C:\Program Files (x86)\bore cool hide


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ REMOVIDOS

... C:\ProgramData\bore cool hide -> nOo encontrado !
... C:\ProgramData\cast dale way math -> nOo encontrado !
... C:\Program Files (x86)\bore cool hide -> nOo encontrado !

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

3) Log o LopSD opção 1 (procura) atual (plz veja se tá limpo):

Spoiler

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Ultimate ( v6.0.6001 ) Service Pack 1
x64-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz )
BIOS : BIOS Date: 03/19/08 11:51:41 Ver: 08.00.12
USER : bruno ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081208-0] 4.8.1229 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:9 Go)
D:\ (Local Disk) - NTFS - Total:58 Go (Free:33 Go)
E:\ (Local Disk) - NTFS - Total:195 Go (Free:118 Go)
F:\ (Local Disk) - NTFS - Total:15 Go (Free:15 Go)
G:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 28/04/2009|18:32 )

[ UAC => 0 ]

--------------------\\ Lista de pastas em Local

[19/12/2008|19:29] C:\Users\bruno\AppData\Local\Activision
[11/10/2008|16:33] C:\Users\bruno\AppData\Local\Adobe
[11/10/2008|14:43] C:\Users\bruno\AppData\Local\Ahead
[30/03/2009|16:51] C:\Users\bruno\AppData\Local\ApplicationHistory
[26/03/2009|22:19] C:\Users\bruno\AppData\Local\d3d9caps.dat
[11/10/2008|15:02] C:\Users\bruno\AppData\Local\d3d9caps64.dat
[11/10/2008|13:32] C:\Users\bruno\AppData\Local\Dados de aplicativos
[27/04/2009|18:13] C:\Users\bruno\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[19/12/2008|13:19] C:\Users\bruno\AppData\Local\dd_depcheckdotnetfx30.txt
[19/12/2008|13:19] C:\Users\bruno\AppData\Local\dd_dotnetfx3error.txt
[19/12/2008|13:19] C:\Users\bruno\AppData\Local\dd_dotnetfx3install.txt
[12/12/2008|20:42] C:\Users\bruno\AppData\Local\DNA
[11/10/2008|16:22] C:\Users\bruno\AppData\Local\Downloaded Installations
[13/04/2009|19:54] C:\Users\bruno\AppData\Local\EA Games
[28/11/2008|20:42] C:\Users\bruno\AppData\Local\Electronic Arts
[17/04/2009|18:37] C:\Users\bruno\AppData\Local\eMule
[19/12/2008|14:32] C:\Users\bruno\AppData\Local\Fallout3
[29/03/2009|20:28] C:\Users\bruno\AppData\Local\fusioncache.dat
[30/03/2009|16:53] C:\Users\bruno\AppData\Local\GameSpy
[28/04/2009|18:24] C:\Users\bruno\AppData\Local\GDIPFONTCACHEV1.DAT
[24/03/2009|19:58] C:\Users\bruno\AppData\Local\Google
[11/10/2008|13:32] C:\Users\bruno\AppData\Local\Hist¢rico
[28/04/2009|18:22] C:\Users\bruno\AppData\Local\IconCache.db
[24/03/2009|22:27] C:\Users\bruno\AppData\Local\Microsoft
[11/10/2008|14:27] C:\Users\bruno\AppData\Local\Microsoft Help
[25/03/2009|19:58] C:\Users\bruno\AppData\Local\PunkBuster
[01/12/2008|19:59] C:\Users\bruno\AppData\Local\Real
[24/03/2009|19:51] C:\Users\bruno\AppData\Local\Rockstar Games
[28/04/2009|18:31] C:\Users\bruno\AppData\Local\Temp
[11/10/2008|13:32] C:\Users\bruno\AppData\Local\Temporary Internet Files
[26/10/2008|21:27] C:\Users\bruno\AppData\Local\The Witcher
[19/12/2008|13:19] C:\Users\bruno\AppData\Local\uxeventlog.txt
[11/10/2008|13:32] C:\Users\bruno\AppData\Local\VirtualStore
[27/04/2009|20:05] C:\Users\bruno\AppData\Local\WinZip

--------------------\\ Tarefas Agendadas na pasta C:\Windows\Tasks

[28/03/2009 20:52][--a------] C:\Windows\tasks\Crysis Wars(R) Updates.job
[28/04/2009 18:23][--ah-----] C:\Windows\tasks\SA.DAT
[28/04/2009 18:22][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Lista de pastas em C:\ProgramData

[28/03/2009|20:57] C:\ProgramData\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
[11/10/2008|16:14] C:\ProgramData\Adobe
[11/10/2008|14:42] C:\ProgramData\Ahead
[02/11/2006|12:41] C:\ProgramData\Application Data
[11/10/2008|13:29] C:\ProgramData\Dados de aplicativos
[02/11/2006|12:41] C:\ProgramData\Desktop
[11/10/2008|13:29] C:\ProgramData\Documentos
[02/11/2006|12:41] C:\ProgramData\Documents
[18/10/2008|19:49] C:\ProgramData\eMule
[02/11/2006|12:41] C:\ProgramData\Favorites
[11/10/2008|13:29] C:\ProgramData\Favoritos
[24/03/2009|19:58] C:\ProgramData\Google
[11/10/2008|13:29] C:\ProgramData\Menu Iniciar
[31/01/2009|11:48] C:\ProgramData\Microsoft
[20/02/2009|22:51] C:\ProgramData\Microsoft Help
[11/10/2008|13:29] C:\ProgramData\Modelos
[11/10/2008|14:41] C:\ProgramData\Nero
[21/02/2009|19:35] C:\ProgramData\NVIDIA
[01/12/2008|19:59] C:\ProgramData\Real
[11/10/2008|14:51] C:\ProgramData\SonicFocus
[24/10/2008|18:13] C:\ProgramData\SpeedBit
[02/11/2006|12:41] C:\ProgramData\Start Menu
[28/04/2009|18:24] C:\ProgramData\TEMP
[02/11/2006|12:41] C:\ProgramData\Templates
[11/10/2008|15:25] C:\ProgramData\VistaCodecs
[31/01/2009|11:48] C:\ProgramData\WinZip
[11/10/2008|16:09] C:\ProgramData\WLInstaller

4) Log.txt do RSIT :

Spoiler

Logfile of random's system information tool 1.06 (written by random/random)
Run by bruno at 2009-04-28 18:34:24
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 10 GB (25%) free of 38 GB
Total RAM: 4094 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:25, on 28/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DNA\btdna.exe
E:\DownloadAP\DAP.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
E:\Avast\ashDisp.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
E:\PStrip\PStrip.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\SysWOW64\conime.exe
C:\Users\bruno\Desktop\Remoção de vírus\RSIT.exe
C:\Program Files (x86)\trend micro\bruno.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Windows\SysWow64\scpsssh2.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - E:\DOWNLO~1\DAPIEL~1.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"
O4 - HKLM\..\Run: [avast!] E:\Avast\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\AdobeReader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files (x86)\DNA\btdna.exe"
O4 - HKCU\..\Run: [DownloadAccelerator] "E:\DownloadAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O4 - Startup: PowerStrip.lnk = E:\PStrip\PStrip.exe
O8 - Extra context menu item: &Clean Traces - E:\DownloadAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - E:\DownloadAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\DownloadAP\dapextie2.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Serviço de estado do ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Avast\ashWebSv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - E:\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files (x86)\Scpad\scpVista.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8153 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Crysis Wars(R) Updates.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E3C3651-B19C-4DD9-A979-901EC3E930AF}]
ssh2 Class - C:\Windows\SysWow64\scpsssh2.dll [2007-12-12 214272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Auxiliar de Conexão do Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-04-07 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
DAPIELoader Class - E:\DOWNLO~1\DAPIEL~1.DLL [2009-02-23 140880]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [2007-08-28 1282048]
"SoundTray"=C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe [2007-08-02 53248]
"avast!"=E:\Avast\ashDisp.exe [2009-02-05 81000]
"Adobe Reader Speed Launcher"=E:\AdobeReader\Reader\Reader_sl.exe [2008-06-12 34672]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-04-07 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"=C:\Program Files (x86)\DNA\btdna.exe [2008-12-12 342848]
"DownloadAccelerator"=E:\DownloadAP\DAP.EXE [2009-03-25 2811392]
"WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe []

C:\Users\bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
PowerStrip.lnk - E:\PStrip\PStrip.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll [2007-12-12 201984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll [2007-12-12 201984]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"E:\BitTorrent\bittorrent.exe"="E:\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-04-28 18:22:01 ----D---- C:\_OTMoveIt
2009-04-27 18:18:31 ----D---- C:\Program Files (x86)\trend micro
2009-04-27 18:18:30 ----D---- C:\rsit
2009-04-24 18:10:02 ----D---- C:\Lop SD
2009-04-20 15:15:06 ----D---- C:\Arquivos de Programas RFB
2009-04-13 19:21:36 ----A---- C:\Windows\system32\d3dx10_40.dll
2009-04-13 19:21:36 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2009-04-13 19:21:32 ----A---- C:\Windows\system32\D3DX9_40.dll
2009-04-07 22:10:10 ----D---- C:\Windows\BDOSCAN8
2009-04-07 18:46:53 ----D---- C:\Program Files (x86)\Panda Security
2009-04-07 18:26:17 ----A---- C:\Windows\system32\javaws.exe
2009-04-07 18:26:17 ----A---- C:\Windows\system32\javaw.exe
2009-04-07 18:26:17 ----A---- C:\Windows\system32\java.exe
2009-04-07 18:25:43 ----D---- C:\Program Files (x86)\Java
2009-04-07 18:21:59 ----D---- C:\Windows\Sun
2009-04-03 20:53:37 ----D---- C:\Program Files (x86)\GalaPlayer

======List of files/folders modified in the last 1 months======

2009-04-28 18:34:11 ----D---- C:\Users\bruno\AppData\Roaming\DNA
2009-04-28 18:30:05 ----D---- C:\Windows\System32
2009-04-28 18:30:05 ----D---- C:\Windows\inf
2009-04-28 18:24:11 ----A---- C:\Users\bruno\AppData\Roaming\PStrip.ini
2009-04-28 18:24:11 ----A---- C:\Users\bruno\AppData\Roaming\PStrip.bak
2009-04-28 18:24:10 ----AD---- C:\ProgramData\TEMP
2009-04-28 18:24:07 ----D---- C:\Program Files (x86)\DNA
2009-04-28 18:24:03 ----D---- C:\Windows\Temp
2009-04-28 18:23:35 ----HD---- C:\ProgramData
2009-04-28 18:21:34 ----D---- C:\Windows\Prefetch
2009-04-28 18:16:13 ----RD---- C:\Program Files (x86)
2009-04-28 18:13:00 ----SHD---- C:\Windows\Installer
2009-04-27 22:37:04 ----A---- C:\Windows\NeroDigital.ini
2009-04-27 19:17:36 ----SHD---- C:\System Volume Information
2009-04-27 18:03:07 ----D---- C:\Windows
2009-04-24 18:27:46 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2009-04-24 18:26:19 ----D---- C:\Program Files (x86)\Common Files\InstallShield
2009-04-20 15:24:46 ----D---- C:\Windows\SysWOW64
2009-04-07 22:10:12 ----SD---- C:\Windows\Downloaded Program Files
2009-04-07 18:48:32 ----D---- C:\Windows\system32\drivers
2009-04-07 18:25:47 ----A---- C:\Windows\system32\deploytk.dll
2009-03-30 17:29:13 ----A---- C:\Windows\system32\PnkBstrB.exe
2009-03-29 21:18:32 ----SD---- C:\Users\bruno\AppData\Roaming\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys []
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys []
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys []
R1 PStrip64;PStrip64; C:\Windows\system32\drivers\pstrip64.sys []
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys []
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys []
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x64.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 HdAudAddService;Driver de Função Microsoft 1.1 UAA para Serviço de High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys []
S3 MSKSSRV;Proxy de serviço de streaming Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Proxy do relógio de streaming Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Proxy de gerenciador de qualidade de streaming Microsoft; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Conversor em T entre Coletores de streaming Microsoft; C:\Windows\system32\drivers\MSTEE.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE []
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agr64svc.exe []
R2 aswUpdSv;avast! iAVS4 Control Service; E:\Avast\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; E:\Avast\ashServ.exe [2009-02-05 138680]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-03-28 66872]
R2 scpVista;scpVista; C:\Program Files (x86)\Scpad\scpVista.exe [2007-12-12 136448]
R3 avast! Mail Scanner;avast! Mail Scanner; E:\Avast\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; E:\Avast\ashWebSv.exe [2009-02-05 352920]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 aspnet_state;Serviço de estado do ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-01-05 93696]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NBService;NBService; E:\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-08 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-18 19968]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

É isso por enquanto. Parece que eles estão saindo, agora não recebo mais mensagens no início do ruindows! :lol:
AGUARDANDO MAIS INSTRUÇÕES