Remoção de vírus

karolz · 07/07/2009

Sério?

Olha Mr. Wolf sendo vírus ou nao quando eu liguei o pc de novo ele só ficava reiniciando até q chegou ao ponto de nem chegar a aparecer a area de trabalho, entao sendo vírus ou nao eu acabei optando por formatar a maquina, perdi tudo mas pelo menos ajeitou, seja lá o q fosse...

Eu ainda estou instalando algumas coisas e troquei o mozilla pelo google chrome, fiz certo ou era melhor ter deixado o antigo? :huh:
Ah! e mais uma duvida, estava baixando alguns videos torrent(sempre me falavam dele mas eu nunca tinha testado) e sempre q terminava o download o Avira acusava de ter um virus no arquivo, será q tá tudo bem? E o q eu faço pra assistir videos com esse formato?

Tiagoquiroga · 07/07/2009

Ola wolf aqui estou eu denovo meu pc esta lento e estranho ja peguei um trojan com o avast mas quero saber se tem mais abraçao aqui vao o log do hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:34:04, on 7/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Arquivos de programas\Winamp\winampa.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe
C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Orbitdownloader\orbitnet.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Sony Ericsson\Sony Ericsson Wireless Manager 5\WirelessManager.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\DOCUME~1\User\CONFIG~1\Temp\sasA4.tmp
C:\Documents and Settings\User\Dados de aplicativos\cft\cft.exe
C:\Documents and Settings\User\Dados de aplicativos\Microsoft\Windows\cktuwa.exe
C:\Documents and Settings\User\Dados de aplicativos\digifast\digifast.exe
C:\Arquivos de programas\Winamp\winamp.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pesbrasil.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - Default URLSearchHook is missing
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CPV - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Arquivos de programas\WWShow\WWShow.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: MJCore - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Arquivos de programas\Jcore\Jcore2.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE LG webpro2 Camera
O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [pridl] "C:\Documents and Settings\User\Dados de aplicativos\pridl\pridl.exe" 61A847B5BBF72810339E3F466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [cft] C:\Documents and Settings\User\Dados de aplicativos\cft\cft.exe
O4 - HKCU\..\Run: [DigiFast] C:\Documents and Settings\User\Dados de aplicativos\digifast\digifast.exe
O4 - HKCU\..\Run: [SfKg6wIPuSpdc] C:\Documents and Settings\User\Dados de aplicativos\Microsoft\Windows\cktuwa.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://127.0.0.1:9070/etc/var/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 9539 bytes

kym3ra · 07/07/2009

Mr.Wolf dá uma analizada por favor:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:06 PM, on 7/7/2009
Platform: Unknown Windows (WinNT 6.01.3004)
MSIE: Internet Explorer v8.00 (8.00.7100.0000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
C:\Program Files (x86)\Razer\Lachesis\OSD.exe
C:\Program Files (x86)\Razer\Lachesis\razerofa.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\FRAPS\fraps.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Lachesis] C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O13 - Gopher Prefix:
O23 - Service: Norton2009 Reset (.norton2009Reset) - Unknown owner - C:\Program Files (x86)\Norton2009Reset.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6359 bytes

Johnn Y · 08/07/2009

Log ComboFix

ComboFix 09-07-06.01 - USER 06/07/2009 18:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.192 [GMT -3:00]
Executando de: c:\documents and settings\USER\Desktop\ComboFix2.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
ADS - WINDOWS: deleted 48 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\USER\Dados de aplicativos\inst.exe
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\windows\Installer\4ac57ef.msi
c:\windows\Installer\4ac57f0.msp
c:\windows\Installer\4ac57f1.msp
c:\windows\Installer\4ac57f2.msp
c:\windows\Installer\4ac57f3.msp
c:\windows\Installer\4ac57f4.msp
c:\windows\Installer\4ac57f5.msp
c:\windows\Installer\4ac57f6.msp
c:\windows\Installer\4ac57f7.msp
c:\windows\Installer\4ac57f8.msp
c:\windows\Installer\ab98c.msp
c:\windows\Installer\ab98d.msp
c:\windows\Installer\ab98e.msp
c:\windows\Installer\ab98f.msp
c:\windows\Installer\ab990.msp
c:\windows\Installer\ab991.msp
c:\windows\Installer\ab992.msp
c:\windows\Installer\ab993.msp
c:\windows\Installer\ab994.msp
c:\windows\system32\mdm.exe

.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-06 to 2009-07-06 ))))))))))))))))))))))))))))
.

2009-07-01 01:33 . 2009-07-01 20:09 -------- d-----w- C:\Downloads
2009-06-27 04:12 . 2009-06-27 04:12 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-06-23 02:50 . 2009-06-23 03:00 574 ----a-w- C:\cleanup.bat
2009-06-23 02:50 . 2009-06-23 03:00 135168 ----a-w- C:\zip.exe
2009-06-19 18:58 . 2009-06-19 18:58 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache
2009-06-09 23:29 . 2009-04-30 21:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-09 23:29 . 2009-04-30 21:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-08 00:49 . 2001-08-18 00:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-06-08 00:49 . 2001-08-18 00:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 21:24 . 2009-05-29 12:05 5705760 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-06 21:23 . 2009-05-29 12:05 252448 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-06 21:22 . 2009-05-29 12:05 77420 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-06 21:22 . 2009-05-29 12:05 24692 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-06 21:21 . 2009-04-28 01:33 -------- d-----w- c:\documents and settings\USER\Dados de aplicativos\Free Download Manager
2009-07-06 20:55 . 2009-05-29 12:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab
2009-07-06 17:45 . 2009-04-22 22:30 -------- d-----w- c:\documents and settings\USER\Dados de aplicativos\uTorrent
2009-06-27 04:28 . 2008-07-03 21:19 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS
2009-06-27 04:25 . 2009-06-27 04:25 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-06-21 21:58 . 2009-04-19 23:52 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-06-21 21:43 . 2009-05-21 21:07 -------- d-----w- c:\arquivos de programas\SlySoft
2009-06-21 21:42 . 2009-04-23 16:59 -------- d-----w- c:\arquivos de programas\Any Video Converter
2009-06-10 16:49 . 2009-05-13 02:57 -------- d-----w- c:\documents and settings\USER\Dados de aplicativos\BSplayer PRO
2009-06-02 01:52 . 2009-05-21 21:22 -------- d-----w- c:\arquivos de programas\DVDFab 6
2009-05-29 15:24 . 2007-10-31 16:41 112144 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-05-29 15:24 . 2009-05-29 12:06 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-29 15:24 . 2009-05-29 12:06 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-29 15:24 . 2009-05-29 15:24 112144 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\X86\kl1.sys
2009-05-29 15:24 . 2009-05-29 15:24 25104 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ushata.dll
2009-05-29 15:24 . 2009-05-29 15:23 772624 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\updater.dll
2009-05-29 15:23 . 2009-05-29 15:23 150032 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\diffs.dll
2009-05-29 15:23 . 2009-05-29 15:23 354832 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ckahum.dll
2009-05-29 15:00 . 2009-05-29 15:00 192 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Last.fm\Client\uninst2.bat
2009-05-29 15:00 . 2009-05-29 15:00 683801 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Last.fm\Client\UninstWMP\unins000.exe
2009-05-29 15:00 . 2009-05-29 15:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Last.fm
2009-05-29 15:00 . 2009-05-29 15:00 683801 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Last.fm\Client\UninstITW\unins000.exe
2009-05-29 12:05 . 2009-04-20 00:58 -------- d-----w- c:\arquivos de programas\Kaspersky Lab
2009-05-29 12:04 . 2009-04-20 00:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files
2009-05-29 03:32 . 2008-04-14 09:00 67232 ----a-w- c:\windows\system32\perfc016.dat
2009-05-29 03:32 . 2008-04-14 09:00 425072 ----a-w- c:\windows\system32\perfh016.dat
2009-05-28 04:42 . 2009-04-22 18:36 274224 ----a-w- C:\utorrent.exe
2009-05-24 14:37 . 2009-05-24 14:37 -------- d-----w- c:\arquivos de programas\MSXML 4.0
2009-05-22 20:22 . 2009-05-22 20:22 -------- d-----w- c:\documents and settings\USER\Dados de aplicativos\Malwarebytes
2009-05-22 20:22 . 2009-05-22 20:22 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2009-05-22 20:22 . 2009-05-22 20:22 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2009-05-22 19:37 . 2009-05-22 19:37 -------- d-----w- c:\arquivos de programas\Trend Micro
2009-05-22 09:45 . 2009-05-22 09:45 -------- d-----w- c:\arquivos de programas\Clickidéia
2009-05-21 21:32 . 2009-04-20 19:30 -------- d-----w- c:\arquivos de programas\DVDFab 5
2009-05-21 21:12 . 2009-05-21 21:12 -------- d-----w- c:\arquivos de programas\Alwil Software
2009-05-21 21:11 . 2009-05-21 21:11 -------- d-----w- c:\arquivos de programas\Elaborate Bytes
2009-05-21 21:09 . 2009-05-21 21:09 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SlySoft
2009-05-19 20:36 . 2009-05-19 02:28 -------- d-----w- c:\arquivos de programas\LastFM
2009-05-14 02:48 . 2009-04-23 16:59 -------- d-----w- c:\documents and settings\USER\Dados de aplicativos\Any Video Converter
2009-05-14 02:40 . 2009-05-14 02:40 -------- d-----w- c:\arquivos de programas\WinAVI Video Converter
2009-05-14 02:40 . 2009-05-14 02:40 3082 ----a-w- c:\windows\system32\affv208325p1now.sys
2009-05-13 05:03 . 2008-04-14 09:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-13 02:57 . 2009-05-13 02:57 -------- d-----w- c:\arquivos de programas\Webteh
2009-05-07 15:33 . 2008-04-14 09:00 347136 ----a-w- c:\windows\system32\localspl.dll
2009-04-23 17:21 . 2009-04-23 17:21 94208 ----a-w- c:\windows\system32\ScrUnZip.dll
2009-04-22 01:53 . 2009-04-20 11:38 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-04-22 01:53 . 2009-04-20 11:38 47360 ----a-w- c:\documents and settings\USER\Dados de aplicativos\pcouffin.sys
2009-04-22 01:53 . 2009-04-20 11:38 47360 ----a-w- c:\documents and settings\USER\Dados de aplicativos\pcouffin.sys
2009-04-20 19:52 . 2009-04-20 19:52 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-20 19:51 . 2009-04-20 19:51 152576 ----a-w- c:\documents and settings\USER\Dados de aplicativos\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-20 18:48 . 2009-04-20 18:48 0 ----a-w- c:\windows\nsreg.dat
2009-04-19 23:39 . 2009-04-19 23:39 5194 ----a-w- c:\windows\Help\hhcolreg.dat
2009-04-19 23:02 . 2009-04-19 22:39 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-19 22:37 . 2009-04-19 22:37 21844 ----a-w- c:\windows\system32\emptyregdb.dat
2009-04-19 19:50 . 2008-04-14 09:00 1847296 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:53 . 2008-04-14 09:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

------- Sigcheck -------

[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2009-06-27 04:28 361600 CBEEBEB899E31EF52B962CB31FC8CA5C c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-06-27 04:28 361600 CBEEBEB899E31EF52B962CB31FC8CA5C c:\windows\system32\drivers\TCPIP.SYS

[-] 2008-07-03 21:20 1571840 E5B29D36CCEE2370812E5FC5965BD07B c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Free Download Manager"="c:\arquivos de programas\Free Download Manager\fdm.exe" [2009-01-31 3399727]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-02 7626752]
"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"EPSON Stylus C43 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S08IC1.EXE" [2002-12-25 75776]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-04-20 148888]
"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2009-01-05 413696]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"tsnp325"="c:\windows\tsnp325.exe" [2007-04-21 270336]
"snp325"="c:\windows\vsnp325.exe" [2007-05-10 835584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-02 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-07-02 1519616]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2008-07-02 53248]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=
"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\utorrent.exe"=
"c:\\Arquivos de programas\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Arquivos de programas\\Free Download Manager\\fdm.exe"=
"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Brazilian\\setup.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/12/2007 13:28 24592]
R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [21/4/2009 00:34 10343168]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\arquivos de programas\NOS\bin\getPlus_HelperSvc.exe [20/4/2009 16:56 33176]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Conteúdo da pasta 'Tarefas Agendadas'

2009-06-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

2009-07-06 c:\windows\Tasks\User_Feed_Synchronization-{59626D11-C12C-43AF-BFF3-E4F094E79737}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 07:31]
.
- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-Software Informer - c:\arquivos de programas\Software Informer\softinfo.exe
HKCU-Run-moniprot - c:\windows\system32\imgrdir\moniprot.exe
HKLM-Run-moniprot - c:\windows\system32\imgrdir\namesys32.exe
HKLM-Run-Cmaudio - cmicnfg.cpl

.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm
IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm
IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm
IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm
TCP: {C365B74B-935E-4CA6-AEA9-94474F754339} = 200.149.55.140,200.165.132.148
FF - ProfilePath - c:\documents and settings\USER\Dados de aplicativos\Mozilla\Firefox\Profiles\mzxz78ys.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - component: c:\arquivos de programas\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 18:23
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(820)
c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(876)
c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll

- - - - - - - > 'explorer.exe'(3872)
c:\windows\system32\WININET.dll
c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll
c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
c:\arquivos de programas\Bonjour\mDNSResponder.exe
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-07-06 18:28 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-07-06 21:28

Pré-execução: 444.444.672 bytes disponíveis
Pós execução: 374.743.040 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

291 --- E O F --- 2009-07-03 23:48

Log HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:28:15, on 8/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S08IC1.EXE
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp325.exe
C:\WINDOWS\vsnp325.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\LastFM\LastFM.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\iTunes\iTunes.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S08IC1.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Adicionar ao Anti-Banner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C365B74B-935E-4CA6-AEA9-94474F754339}: NameServer = 200.149.55.140,200.165.132.148
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

--
End of file - 8312 bytes

Pryds · 08/07/2009

Valeu ae vitao e wolf, fiz oq vcs disseram, terminei em modo de segurança, dai reiniciou, fez o relatorio e parece estar normal, unica coisa q minha barra do iniciar customizada ta estilo 98, jaja vou tentar volta-la ao q tava antes

Log do Combofix:

ComboFix 09-07-07.07 - Pryds 08/07/2009 4:32.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1733 [GMT 4,5:30]
Executando de: c:\documents and settings\Pryds\Meus documentos\Alessandro\Pryds.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\19b57b2.msi
c:\windows\system32\fciqohm.dll
c:\windows\system32\gckoxsgm.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VHWJGAKC
-------\Service_vhwjgakc

(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-08 to 2009-07-08 ))))))))))))))))))))))))))))
.

2009-07-08 00:15 . 2009-07-08 00:15 -------- d-----w- c:\windows\system32\xircom
2009-07-08 00:15 . 2009-07-08 00:15 -------- d-----w- c:\windows\system32\wbem\snmp
2009-07-08 00:15 . 2009-07-08 00:15 -------- d-----w- c:\arquivos de programas\microsoft frontpage
2009-07-07 16:04 . 2009-07-07 16:04 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\urdstnim
2009-07-07 10:45 . 2005-05-03 14:13 69632 ----a-w- c:\windows\Alcmtr.exe
2009-07-06 15:33 . 2009-07-06 15:33 -------- d-----w- c:\documents and settings\NetworkService\Dados de aplicativos\urdstnim
2009-07-05 14:41 . 2009-07-05 14:41 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\Malwarebytes
2009-07-05 14:41 . 2009-06-17 06:57 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-05 14:41 . 2009-07-05 14:41 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2009-07-05 14:41 . 2009-07-05 14:41 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2009-07-05 14:41 . 2009-06-17 06:57 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-03 16:04 . 2006-05-03 17:53 135168 ----a-w- c:\windows\system32\expat.dll
2009-07-03 16:04 . 2006-05-03 17:54 49152 ----a-w- c:\windows\system32\INETWH32.dll
2009-07-02 19:10 . 2009-07-02 19:10 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\FUEL
2009-07-02 18:53 . 2009-07-02 18:53 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\InstallShield Installation Information
2009-07-02 18:53 . 2009-07-02 18:53 -------- d-----w- c:\arquivos de programas\Codemasters
2009-07-02 18:53 . 2009-06-15 10:39 546668 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\InstallShield Installation Information\{F51FF206-2273-4B3E-A90A-4752AE288C12}\ISSetup.dll
2009-07-02 18:53 . 2007-02-27 15:08 456416 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\InstallShield Installation Information\{F51FF206-2273-4B3E-A90A-4752AE288C12}\setup.exe
2009-07-02 18:53 . 2006-05-17 16:21 373680 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\InstallShield Installation Information\{F51FF206-2273-4B3E-A90A-4752AE288C12}\_setup.dll
2009-07-02 18:52 . 2009-07-02 18:52 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\InstallShield
2009-07-02 15:55 . 2009-07-02 15:55 -------- d-----w- c:\arquivos de programas\SEGA
2009-07-02 15:08 . 2009-07-04 01:08 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP
2009-07-02 15:08 . 2009-07-04 01:10 -------- d-----w- C:\Fraps
2009-06-30 21:33 . 2009-06-30 21:33 -------- d-----w- c:\arquivos de programas\CAPCOM
2009-06-30 18:08 . 2009-06-30 18:19 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy
2009-06-30 18:08 . 2009-06-30 18:08 -------- d-----w- c:\arquivos de programas\Spybot
2009-06-27 20:28 . 2009-06-27 20:49 -------- d-----w- c:\arquivos de programas\MorphVOX Pro
2009-06-27 20:28 . 2009-06-27 20:30 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Screaming Bee
2009-06-26 18:36 . 2009-06-26 18:40 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\Likno
2009-06-26 12:16 . 2009-06-27 20:30 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\Screaming Bee
2009-06-26 10:13 . 2009-06-26 10:13 -------- d-----w- c:\windows\system32\AGEIA
2009-06-26 10:13 . 2009-06-26 10:13 -------- d-----w- c:\arquivos de programas\AGEIA Technologies
2009-06-20 20:23 . 2009-06-20 20:23 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2009-06-20 20:23 . 2009-06-20 20:23 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2009-06-20 20:23 . 2009-06-20 20:23 -------- d-----w- c:\arquivos de programas\OpenAL
2009-06-20 20:10 . 2009-06-20 20:10 -------- d-----w- c:\arquivos de programas\Paradox Interactive
2009-06-19 17:46 . 2009-06-19 17:46 7680 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\Thinstall\Anim-FX\40000064300002i\bsplayer.exe
2009-06-19 16:32 . 2009-06-19 16:32 7680 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\Thinstall\Anim-FX\400000a800002i\uTorrent.exe
2009-06-19 16:15 . 2009-06-19 16:24 -------- d-----w- C:\Program Files
2009-06-19 15:12 . 2009-06-19 15:12 7680 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\Thinstall\Anim-FX\4000004d00002i\firefox.exe
2009-06-18 20:59 . 2009-06-18 20:59 -------- d-----w- c:\windows\osu!
2009-06-18 20:59 . 2009-06-28 14:58 -------- d-----w- c:\arquivos de programas\osu!
2009-06-18 16:13 . 2009-06-18 16:13 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\Aleo Software
2009-06-17 21:39 . 2003-11-04 10:41 159744 ----a-w- c:\windows\system32\lfpng13n.dll
2009-06-17 21:39 . 2003-05-22 12:01 55808 ----a-w- c:\windows\system32\lfpsd13n.dll
2009-06-17 21:39 . 2003-11-04 10:40 69632 ----a-w- c:\windows\system32\lfgif13n.dll
2009-06-17 21:39 . 2004-05-14 12:23 462848 ----a-w- c:\windows\system32\ltkrn13n.dll
2009-06-17 21:39 . 2004-05-14 12:23 450560 ----a-w- c:\windows\system32\ltimg13n.dll
2009-06-17 21:39 . 2004-05-14 12:23 299008 ----a-w- c:\windows\system32\ltdis13n.dll
2009-06-17 21:39 . 2004-05-14 12:23 163840 ----a-w- c:\windows\system32\ltfil13n.dll
2009-06-17 21:39 . 2004-05-14 12:23 57344 ----a-w- c:\windows\system32\lfbmp13n.dll
2009-06-17 21:39 . 2004-05-14 12:23 401408 ----a-w- c:\windows\system32\lfcmp13n.dll
2009-06-17 21:39 . 2004-01-11 21:39 206336 ----a-w- c:\windows\system32\ltefx13n.dll
2009-06-17 17:38 . 2009-06-17 17:38 -------- d-----w- c:\arquivos de programas\Wondershare
2009-06-17 08:00 . 2009-06-17 08:00 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\Media Player Classic
2009-06-13 15:53 . 2009-06-13 15:53 -------- d-sh--w- c:\documents and settings\Pryds\PrivacIE
2009-06-11 07:28 . 2009-06-11 07:30 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\DPlot
2009-06-11 07:28 . 2009-06-11 07:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DPlot
2009-06-11 07:03 . 2009-06-11 07:03 -------- d-sh--w- c:\documents and settings\Pryds\IETldCache
2009-06-11 06:59 . 2009-06-11 07:01 -------- dc-h--w- c:\windows\ie8
2009-06-11 06:59 . 2009-06-11 07:01 -------- d-----w- C:\ceb2195bbb4efffa4762fb4a071d1d
2009-06-10 12:22 . 2008-04-13 10:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-06-10 12:22 . 2008-04-13 10:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-06-10 12:21 . 2008-04-13 10:16 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-06-10 12:21 . 2008-04-13 10:16 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-06-10 12:21 . 2008-04-13 10:16 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-06-10 12:21 . 2008-04-13 10:16 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-06-10 12:21 . 2008-04-13 10:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-06-10 12:21 . 2008-04-13 17:50 54784 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-06-10 12:21 . 2009-06-10 12:21 13824 ----a-w- c:\windows\system32\drivers\splitcam.sys
2009-06-10 12:20 . 2009-06-10 12:20 -------- d-----w- c:\arquivos de programas\SplitCam
2009-06-08 17:21 . 2009-06-08 17:21 -------- d-----w- C:\tmp
2009-06-08 17:21 . 2009-06-08 17:21 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\YCanPDF

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-07 16:57 . 2009-04-27 02:27 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\skypePM
2009-07-07 12:01 . 2009-04-27 01:32 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\Skype
2009-07-07 10:47 . 2009-04-27 02:22 -------- d-----w- c:\arquivos de programas\Steam
2009-07-07 09:21 . 2009-04-27 00:26 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\uTorrent
2009-07-04 01:34 . 2009-04-27 01:27 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-07-01 19:33 . 2009-04-27 19:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\TrackMania
2009-06-27 17:17 . 2009-05-06 17:31 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\Thinstall
2009-06-26 14:58 . 2009-04-27 14:40 -------- d-----w- c:\arquivos de programas\BSplayer
2009-06-26 10:12 . 2009-06-07 13:15 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard
2009-06-14 13:18 . 2009-05-22 07:04 189072 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-14 13:00 . 2009-05-22 07:05 138920 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-11 07:11 . 2009-06-06 16:31 -------- d-----w- c:\arquivos de programas\Opera
2009-06-10 05:50 . 2009-05-22 06:33 -------- d-----w- c:\arquivos de programas\Activision
2009-06-10 05:44 . 2009-05-17 23:40 -------- d-----w- c:\arquivos de programas\Electronic Arts
2009-06-09 09:43 . 2009-04-27 02:40 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys
2009-06-07 17:18 . 2009-05-28 20:44 -------- d-----w- c:\arquivos de programas\HD Tach
2009-06-01 08:06 . 2009-06-01 08:06 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\Nero
2009-05-29 19:08 . 2009-05-29 19:07 -------- d-----w- c:\arquivos de programas\QuickTime
2009-05-29 19:07 . 2009-05-29 19:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer
2009-05-29 19:07 . 2009-05-29 19:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple
2009-05-29 19:07 . 2009-05-29 19:07 -------- d-----w- c:\arquivos de programas\Apple Software Update
2009-05-29 18:09 . 2009-04-27 00:26 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield
2009-05-28 16:46 . 2009-05-28 16:46 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\PixelPlanet
2009-05-26 20:53 . 2009-05-26 20:53 1915520 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-05-24 10:59 . 2009-05-24 10:59 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\TortoiseSVN
2009-05-24 10:53 . 2009-05-24 10:53 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\Subversion
2009-05-24 10:53 . 2009-05-24 10:53 -------- d-----w- c:\arquivos de programas\TortoiseSVN
2009-05-24 10:53 . 2009-05-24 10:53 -------- d-----w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays
2009-05-23 23:07 . 2009-05-23 23:07 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\Avira
2009-05-22 10:12 . 2009-05-22 10:12 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\teamspeak2
2009-05-22 10:12 . 2009-05-22 10:12 -------- d-----w- c:\arquivos de programas\Teamspeak
2009-05-22 07:19 . 2009-05-22 07:03 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-05-22 07:05 . 2009-05-22 07:05 22328 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\PnkBstrK.sys
2009-05-22 07:05 . 2009-05-22 07:05 22328 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\PnkBstrK.sys
2009-05-20 19:40 . 2009-05-20 19:40 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-17 23:51 . 2009-05-17 23:51 10134 ----a-r- c:\documents and settings\Pryds\Dados de aplicativos\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-05-17 23:51 . 2009-05-17 23:51 -------- d-----w- c:\arquivos de programas\Microsoft WSE
2009-05-17 18:35 . 2009-05-17 18:35 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab
2009-05-17 15:27 . 2009-05-17 15:27 -------- d--h--r- c:\documents and settings\Pryds\Dados de aplicativos\SecuROM
2009-05-17 15:26 . 2009-05-17 15:23 -------- d-----w- c:\arquivos de programas\Microsoft Games for Windows - LIVE
2009-05-16 14:23 . 2008-04-14 11:00 76414 ----a-w- c:\windows\system32\perfc016.dat
2009-05-16 14:23 . 2008-04-14 11:00 465986 ----a-w- c:\windows\system32\perfh016.dat
2009-05-16 14:22 . 2009-05-16 14:22 -------- d-----w- c:\arquivos de programas\MSBuild
2009-05-16 14:22 . 2009-05-16 14:22 -------- d-----w- c:\arquivos de programas\Reference Assemblies
2009-05-12 20:00 . 2009-05-09 18:17 -------- d-----w- c:\arquivos de programas\Tibia
2009-05-12 19:02 . 2009-05-12 19:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FLEXnet
2009-05-12 18:34 . 2009-04-27 02:13 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2009-05-12 12:54 . 2009-04-27 08:47 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DVDVideoSoft
2009-05-12 12:54 . 2009-04-27 08:47 -------- d-----w- c:\arquivos de programas\Youtube
2009-05-09 19:19 . 2009-05-09 19:12 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\Tibia
2009-05-09 19:13 . 2009-05-09 19:13 -------- d-----w- c:\arquivos de programas\Asprate
2009-05-09 18:57 . 2009-05-09 18:57 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\Remere's Map Editor
2009-04-30 20:14 . 2009-04-30 20:14 36101 ----a-w- c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2009-04-30 20:14 . 2009-04-30 20:14 131072 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-04-27 10:40 . 2009-04-27 02:40 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-04-27 10:40 . 2009-04-27 02:40 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-04-27 02:27 . 2009-04-27 02:27 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-04-27 02:22 . 2009-04-27 02:22 1204 ----a-w- c:\windows\mozver.dat
2009-04-27 02:16 . 2008-10-10 20:42 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS
2009-04-27 01:29 . 2009-04-27 01:29 315392 ----a-w- c:\windows\HideWin.exe
2009-04-27 01:18 . 2009-04-27 00:09 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-27 00:35 . 2009-04-27 00:35 0 ----a-w- c:\windows\nsreg.dat
2009-04-27 00:06 . 2009-04-27 00:07 21844 ----a-w- c:\windows\system32\emptyregdb.dat
2009-04-21 19:50 . 2009-04-21 19:50 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-21 19:50 . 2009-04-21 19:50 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2008-04-14 11:00 . 2008-04-14 11:00 164746 --sha-r- c:\windows\system32\cfgnm.dll
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 04:56 80384 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 04:56 80384 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 04:56 80384 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 04:56 80384 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 04:56 80384 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 04:56 80384 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 04:56 80384 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 04:56 80384 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 04:56 80384 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\arquivos de programas\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"WinampAgent"="c:\arquivos de programas\Winamp\winampa.exe" [2009-04-10 37888]
"AdobeCS4ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2009-01-05 413696]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-02 1630208]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-16 16862720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Arquivos de programas\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"c:\\Arquivos de programas\\Steam\\Steam.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Arquivos de programas\\Teamspeak\\TeamSpeak.exe"=
"c:\\Arquivos de programas\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\Pryds\\Dados de aplicativos\\Thinstall\\Anim-FX\\400000a800002i\\uTorrent.exe"=
"c:\\Arquivos de programas\\Steam\\steamapps\\ciganoo\\source sdk base\\hl2.exe"=
"c:\\Arquivos de programas\\Steam\\steamapps\\ciganoo\\counter-strike source\\hl2.exe"=
"c:\\Arquivos de programas\\Steam\\steamapps\\ciganoo\\garrysmod\\hl2.exe"=
"c:\\Arquivos de programas\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe"=
"c:\\Arquivos de programas\\Microsoft Games for Windows - LIVE\\Client\\GFWLive.exe"=
"c:\\WINDOWS\\system32\\winmine.exe"=
"c:\\Arquivos de programas\\Microsoft Games for Windows - LIVE\\Client\\GFWLClient.exe"=
"c:\\Arquivos de programas\\CAPCOM\\STREETFIGHTERIV\\SF4Launcher.exe"=
"c:\\Arquivos de programas\\Codemasters\\FUEL\\FUEL.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3907:TCP"= 3907:TCP:dgciyeg
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"27015:TCP"= 27015:TCP:27015
"27015:UDP"= 27015:UDP:Nome
"88:UDP"= 88:UDP:88
"3074:UDP"= 3074:UDP:3074
"3074:TCP"= 3074:TCP:3074
"443:UDP"= 443:UDP:443
"53:TCP"= 53:TCP:53
"53:UDP"= 53:UDP:53
"15:TCP"= 15:TCP:15
"15:UDP"= 15:UDP:15
"40:TCP"= 40:TCP:40
"40:UDP"= 40:UDP:40
"17:TCP"= 17:TCP:17
"17:UDP"= 17:UDP:17

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [27/4/2009 07:10 97608]
R2 AntiVirFirewallService;Avira Firewall;c:\arquivos de programas\Avira\AntiVir Desktop\avfwsvc.exe [27/4/2009 07:10 388865]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [27/4/2009 07:10 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\arquivos de programas\Avira\AntiVir Desktop\avwebgrd.exe [27/4/2009 07:10 434945]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [27/4/2009 05:56 36864]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [27/4/2009 07:10 69632]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\arquivos de programas\Avira\AntiVir Desktop\avmailc.exe [27/4/2009 07:10 194817]
S2 dbtdpjsb;Helper Center;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 15:30 14336]
S2 fglfjk;Task Installer;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 15:30 14336]
S2 fxwxzerzw;Update Monitor;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 15:30 14336]
S2 gpiemlun;Monitor Security;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 15:30 14336]
S2 hesezgm;Center Server;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 15:30 14336]
S2 hlqno;Time Task;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 15:30 14336]
S2 hzcamad;Support Time;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 15:30 14336]
S2 kjkptdoub;Image Center;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 15:30 14336]
S2 sbrqmd;Universal Driver;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 15:30 14336]
S2 tpcymut;Image Config;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 15:30 14336]
S2 uodezrst;Network Universal;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 15:30 14336]
S2 xkkmnhw;Microsoft Network;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 15:30 14336]
S2 xpzswek;Installer Security;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 15:30 14336]
S2 xxcmbi;Monitor Windows;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 15:30 14336]
S2 ybjrxfawd;Time Network;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 15:30 14336]
S2 yqfkzmy;Security Support;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 15:30 14336]
S2 ztfbfxmf;Helper Microsoft;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 15:30 14336]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [6/4/2009 13:19 23064]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
hlqno
ybjrxfawd
uodezrst
hzcamad
dbtdpjsb
fxwxzerzw
sbrqmd
gpiemlun
xkkmnhw
fglfjk
kjkptdoub
tpcymut
ztfbfxmf
xpzswek
yqfkzmy
hesezgm
xxcmbi

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORFÃOS REMOVIDOS - - - -

BHO-{03E70D97-221A-425F-8847-D9A73EA9380d} - c:\windows\system32\gckoxsgm.dll
BHO-{7EB1BA21-BCC4-4865-AD70-6AB3874C82C2} - c:\windows\system32\fciqohm.dll
HKCU-Run-AdobeBridge - (no file)

.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Pryds\Dados de aplicativos\Mozilla\Firefox\Profiles\4eucr364.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-08 04:45
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dbtdpjsb]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fglfjk]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fxwxzerzw]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gpiemlun]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hesezgm]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hlqno]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hzcamad]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kjkptdoub]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sbrqmd]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tpcymut]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uodezrst]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xkkmnhw]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xpzswek]
"ServiceDll"="c:\windows\system32\cfgnm.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xxcmbi]
"ServiceDll"="c:\windows\system32\cfgnm.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ybjrxfawd]
"ServiceDll"="c:\windows\system32\cfgnm.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yqfkzmy]
"ServiceDll"="c:\windows\system32\cfgnm.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ztfbfxmf]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-861567501-261903793-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:fb,d5,18,94,06,f5,ff,99,02,70,50,c5,af,13,b4,fb,a0,4f,95,7d,34,
90,3a,cb,ea,5a,04,65,88,c2,bc,4d,03,4b,ed,1d,a7,a5,5d,15,0c,4d,e0,88,94,f8,\
"rkeysecu"=hex:df,10,11,86,2c,d5,f9,64,13,e3,ca,41,c4,37,da,33
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(816)
c:\arquivos de programas\RocketDock\RocketDock.dll
c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll
c:\arquivos de programas\TortoiseSVN\bin\TortoiseStub.dll
c:\arquivos de programas\TortoiseSVN\bin\TortoiseSVN.dll
c:\arquivos de programas\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\drwtsn32.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-07-08 4:56 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-07-08 00:26

Pré-execução: 10 pasta(s) 14.923.636.736 bytes disponíveis
Pós execução: 10 pasta(s) 14.747.975.680 bytes disponíveis

475

Mr.Wolf · 08/07/2009

Olá pessoal, boa tarde!

Tiagoquiroga, seu log está infectado por alguns Trojans.Dropper e Trojans.Agent. Siga as instruções abaixo:

- Faça o download do Malwarebytes Anti-Malware e salve-o no desktop;

● Dê dois cliques no programa para iniciar a instalação. Selecione o idioma Português (Brasil);
● Ao final da instalação, marque as opções "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em Concluir;
● Após a instalação execute o programa;
● Marque a opção Verificação Completa e depois clique em Verificar. Selecione sua unidade C: e clique no botão Iniciar Verificação;
● Quando o scan terminar, clique em OK e o log será automaticamente aberto para você;
● Se algo for detectado, verifique se todos os itens estão marcados e clique no botão Remover.
OBS: Caso apareça uma mensagem pedindo para que você reinicie o computador para completar o processo de remoção, reinicie-o imediatamente;
● O log pode ser consultado clicando em Logs do menu principal também;

Copie e cole o conteúdo desse log na sua próxima resposta, juntamente com um novo log do HijackThis.

________________________________________________________

kym3ra, seu log está limpo

Algum problema amigo kym3ra?

________________________________________________________

Johnn Y, siga as instruções abaixo:

Selecione e copie este texto abaixo. Cole no Bloco de Notas de seu computador e salve-o no desktop como CFScript.txt

File::
C:\cleanup.bat
C:\zip.exe

Registry::

Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:

● Se for solicitado à você, pressione Enter para iniciar o processo de remoção;
● Não use o mouse nem o teclado quando o ComboFix estiver rodando;
● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt;
● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

________________________________________________________

Amigo Pryds, quando o computador está infectado por rootkits (como é o seu caso), e utiliza-se o ComboFix, a aparência do desktop às vezes fica como do Windows 98 mesmo. Isso é pelo fato de que os rootkits interferem em arquivos de kernel do Windows, e normalmente, modificam a estrutura do sistema. O ComboFix deve desativar as modificações para desativar e em seguida tentar remover o rootkit. Por isso a aparência do Windows fica modificada mesmo. Isso quer dizer que o rootkit foi desativado e /ou removido com sucesso. Pois se o rootkit não tivesse sido destaivado e/ou removido, a aparência continuaria normal - com a do Windows XP mesmo. Portanto, isso é um ponto positivo.

Basta voltar a aparência que estava antes, como você já deve ter feito.

Porém, os rootkits foram apenas desativados. Vamos removê-los agora, Pryds. Siga as instruções abaixo:

Selecione e copie este texto abaixo (começando de File, até o final e sem pular nenhuma linha). Cole no Bloco de Notas de seu computador e salve-o no desktop como CFScript.txt

Código:

File::
c:\windows\system32\ezsidmv.dat
c:\windows\system32\cfgnm.dll

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3907:TCP"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dbtdpjsb]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fglfjk]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fxwxzerzw]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gpiemlun]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hesezgm]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hlqno]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hzcamad]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kjkptdoub]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sbrqmd]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tpcymut]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uodezrst]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xkkmnhw]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xpzswek]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xxcmbi]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ybjrxfawd]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yqfkzmy]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ztfbfxmf]

Driver::
dbtdpjsb
fglfjk
fxwxzerzw
gpiemlun
hesezgm
hlqno
hzcamad
kjkptdoub
sbrqmd
tpcymut
uodezrst
xkkmnhw
xpzswek
xxcmbi
ybjrxfawd
yqfkzmy
ztfbfxmf

NetSvc::
hlqno
ybjrxfawd
uodezrst
hzcamad
dbtdpjsb
fxwxzerzw
sbrqmd
gpiemlun
xkkmnhw
fglfjk
kjkptdoub
tpcymut
ztfbfxmf
xpzswek
yqfkzmy
hesezgm
xxcmbi

DirLook::
c:\documents and settings\Pryds\Dados de aplicativos\urdstnim
c:\documents and settings\NetworkService\Dados de aplicativos\urdstnim

Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:

● Se for solicitado à você, pressione Enter para iniciar o processo de remoção;
● Não use o mouse nem o teclado quando o ComboFix estiver rodando;
● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt;
● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

Depois disso, me diga como está a sutuação do PC, amigo Pryds.

Mr.Wolf · 08/07/2009

karolz disse:
Eu ainda estou instalando algumas coisas e troquei o mozilla pelo google chrome, fiz certo ou era melhor ter deixado o antigo? :huh:

karolz, os dois navegadores são ótimos. Os melhores navegadores da atualidade são: Firefox 3.5, Google Chrome e Opera. Portanto, qualquer um dos três que você escolha, terá um ótimo browser.
Navegador é como antivirus - opção do usuário. Há quem prefira o Firefox (como eu), há quem prefira o Chrome e há quem prefira o Opera.

O Google Chrome é muito bom sim. No entanto, pode até ter o Chrome e o Firefox juntos, sem problema algum.

karolz disse:
Ah! e mais uma duvida, estava baixando alguns videos torrent(sempre me falavam dele mas eu nunca tinha testado) e sempre q terminava o download o Avira acusava de ter um virus no arquivo, será q tá tudo bem?

Apesar do Avira ser o rei dos falsos-positivos, um alerta de vírus nunca é bom, né! Não posso dizer se está tudo bem ou não se você não der mais detalhes. Peço que cole uma screen do alerta, ou me diga o nome do arquivo detectado e a descrição do vírus. :thumbs_up

karolz disse:
]E o q eu faço pra assistir videos com esse formato?

Não existe formato de vídeo torrent. Acho que você não está sabendo utilizar um torrent. Antes de mais nada, está usando um cliente de torrent? Como BitComet, BitTorrent, µTorrent, ou outros?

Em caso negativo, instale um cliente primeiramente. Em seguida, vá ao site de torrent (como: Mininova.org, por exemplo - NESTE link você encontra uma lista) e baixe o arquivo que deseja. Procure sempre o torrent com a maior quantidade de Seeders (seeders são as pessoas que tem o arquivo em questão completo e estão disponiblizando, leechers são os que estão baixando mas não tem completo ainda). Um torrent tem que possuir pelo menos 1 seeder para ser baixado com sucesso.

Após baixar seu arquivo, ele ficará primeiro em formato .torrent, mas não é para executá-lo com o player ainda. Abra este arquivo com a extensão .torrent em seu programa cliente, como os que eu citei acima, e faça o download dele através do programa. Após o download, o arquivo de vídeo terá o formato normal de vídeo. Aí sim, você pode assistir normalmente.

felipe agp · 08/07/2009

Ae mr.wolf

Faz tempo q uso o malwarebytes anti-spyware aqui pra tirar virus. Mais ele nao ta mais atualizando. Da um erro e fecha o malwarebytes.

To postando meu logfile do hijackthis pra vc dar uma verificada ae. Me ajuda ae

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:25:11, on 8/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe
E:\oracle\product\10.2.0\client_1\bin\omtsreco.exe
C:\WINDOWS\system32\msiexec.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OrderReminder] C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF21DEE7-B08D-48A8-AF20-7964C2BAED04}: NameServer = 192.168.1.100
O20 - Winlogon Notify: GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - E:\oracle\product\10.2.0\client_1\bin\omtsreco.exe
--

End of file - 4176 bytes

Brandao · 08/07/2009

Mr. Wolf malz a demora, tão aí os outros logs.....

log do Rsit:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Fernando Ponciano at 2009-07-08 16:28:17
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 3 GB (13%) free of 26 GB
Total RAM: 2046 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:28:41, on 08/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WLTRAY.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
E:\Appz\Babylon-Pro\Babylon.exe
E:\Appz\AVG 8\avgtray.exe
E:\Appz\RocketDock\RocketDock.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
E:\Appz\FireFox\firefox.exe
E:\Appz\uTorrent\uTorrent.exe
C:\Windows\system32\SearchFilterHost.exe
E:\Downloads\RSIT.exe
E:\Appz\HijackThis\Fernando Ponciano.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5757
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Appz\AVG 8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Babylon Client] E:\Appz\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [AVG8_TRAY] E:\Appz\AVG8~1\avgtray.exe
O4 - HKCU\..\Run: [RocketDock] "E:\Appz\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Baixar com o Free Download Manager - file://E:\Appz\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://E:\Appz\Free Download Manager\dlall.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://E:\Appz\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://E:\Appz\Free Download Manager\dlselected.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\Appz\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://E:\Appz\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Appz\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Appz\AVG 8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Norton 2009 Reset (.norton2009Reset) - Unknown owner - C:\ProgramData\Norton\Norton2009Reset.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Appz\Ad-Aware\aawservice.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\Appz\AVG8~1\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\Appz\AVG8~1\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 6575 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3920799289-2916679780-507358931-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3920799289-2916679780-507358931-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Facilitador de Leitor de Link Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - E:\Appz\AVG 8\avgssie.dll [2009-07-06 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Auxiliar de Conexão do Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2007-12-08 3444736]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-02-04 4907008]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2007-12-14 159744]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-06-09 13543968]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-06-09 92704]
"NVHotkey"=C:\Windows\system32\nvHotkey.dll [2008-06-09 96800]
"Babylon Client"=E:\Appz\Babylon-Pro\Babylon.exe [2009-04-10 3165920]
"AVG8_TRAY"=E:\Appz\AVG8~1\avgtray.exe [2009-07-06 1948440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"=E:\Appz\RocketDock\RocketDock.exe [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\447eae6d]
C:\Users\FERNAN~1\AppData\Local\Temp\reeejaob.dll,b []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
E:\Appz\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM474d9df1]
C:\Users\FERNAN~1\AppData\Local\Temp\glnlhlof.dll,s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
C:\Users\FERNAN~1\AppData\Local\Temp\hgGvuTJY.dll,c []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-11-15 202544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Fernando Ponciano\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-02 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
E:\Appz\iTunes\iTunesHelper.exe [2009-05-30 292136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphc7coj0et83]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
C:\Users\FERNAN~1\AppData\Local\Temp\geBrsPgG.dll,#1 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\Windows\system32\oodtray.exe [2007-05-11 2512392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemProtDeamon]
C:\Program Files\Fortes Informática\RemProtDeamon.exe -a []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
E:\Appz\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-06-20 1316136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win32 Firewall]
C:\Users\Fernando Ponciano\AppData\Local\Temp\387.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
C:\PROGRA~1\Dell\QuickSet\quickset.exe [2008-02-22 1193240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{7543347C-E33D-49FE-B2F0-580DAF43F608}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"UacDisableNotify"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9de00ced-630e-11dd-aa20-001c23555af3}]
shell\AutoRun\command - H:\LaunchU3.exe -a

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-07-08 16:28:17 ----D---- C:\rsit
2009-07-06 20:07:49 ----RASHD---- C:\autorun.inf
2009-07-06 20:07:49 ----A---- C:\UsbFix.txt
2009-07-06 19:58:34 ----A---- C:\FindyKill.txt
2009-07-06 11:13:54 ----HD---- C:\$AVG8.VAULT$
2009-07-05 23:48:59 ----A---- C:\Windows\system32\avgrsstx.dll
2009-07-05 23:48:52 ----D---- C:\ProgramData\avg8
2009-07-05 23:48:52 ----D---- C:\Program Files\AVG
2009-06-28 23:50:56 ----D---- C:\Users\Fernando Ponciano\AppData\Roaming\ESET
2009-06-28 23:49:01 ----RSHD---- C:\RECYCLER
2009-06-19 13:22:07 ----A---- C:\Windows\system32\ieui.dll
2009-06-19 13:22:07 ----A---- C:\Windows\system32\iesetup.dll
2009-06-19 13:22:07 ----A---- C:\Windows\system32\iernonce.dll
2009-06-19 13:22:06 ----A---- C:\Windows\system32\wininet.dll
2009-06-19 13:22:06 ----A---- C:\Windows\system32\jsproxy.dll
2009-06-19 13:22:06 ----A---- C:\Windows\system32\iertutil.dll
2009-06-19 13:22:06 ----A---- C:\Windows\system32\ie4uinit.exe
2009-06-19 13:22:05 ----A---- C:\Windows\system32\urlmon.dll
2009-06-19 13:22:05 ----A---- C:\Windows\system32\iedkcs32.dll
2009-06-19 13:22:03 ----A---- C:\Windows\system32\mshtml.dll
2009-06-19 13:22:03 ----A---- C:\Windows\system32\ieframe.dll
2009-06-19 13:20:50 ----A---- C:\Windows\system32\mshtmled.dll
2009-06-19 13:20:50 ----A---- C:\Windows\system32\icardie.dll
2009-06-19 13:20:49 ----A---- C:\Windows\system32\msls31.dll
2009-06-19 13:20:49 ----A---- C:\Windows\system32\mshtmler.dll
2009-06-19 13:20:49 ----A---- C:\Windows\system32\imgutil.dll
2009-06-19 13:20:49 ----A---- C:\Windows\system32\ieakeng.dll
2009-06-19 13:20:49 ----A---- C:\Windows\system32\dxtmsft.dll
2009-06-19 13:20:49 ----A---- C:\Windows\system32\corpol.dll
2009-06-19 13:20:49 ----A---- C:\Windows\system32\admparse.dll
2009-06-19 13:20:48 ----A---- C:\Windows\system32\occache.dll
2009-06-19 13:20:48 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-06-19 13:20:48 ----A---- C:\Windows\system32\licmgr10.dll
2009-06-19 13:20:48 ----A---- C:\Windows\system32\inseng.dll
2009-06-19 13:20:48 ----A---- C:\Windows\system32\iepeers.dll
2009-06-19 13:20:48 ----A---- C:\Windows\system32\ieaksie.dll
2009-06-19 13:20:48 ----A---- C:\Windows\system32\dxtrans.dll
2009-06-19 13:20:47 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-06-19 13:20:47 ----A---- C:\Windows\system32\wextract.exe
2009-06-19 13:20:47 ----A---- C:\Windows\system32\webcheck.dll
2009-06-19 13:20:47 ----A---- C:\Windows\system32\mstime.dll
2009-06-19 13:20:47 ----A---- C:\Windows\system32\msrating.dll
2009-06-19 13:20:47 ----A---- C:\Windows\system32\msfeedssync.exe
2009-06-19 13:20:47 ----A---- C:\Windows\system32\ieakui.dll
2009-06-19 13:20:46 ----A---- C:\Windows\system32\vbscript.dll
2009-06-19 13:20:46 ----A---- C:\Windows\system32\pngfilt.dll
2009-06-19 13:20:46 ----A---- C:\Windows\system32\msfeeds.dll
2009-06-19 13:20:46 ----A---- C:\Windows\system32\jscript.dll
2009-06-19 13:20:46 ----A---- C:\Windows\system32\ieapfltr.dll
2009-06-19 13:20:46 ----A---- C:\Windows\system32\advpack.dll
2009-06-19 13:20:45 ----A---- C:\Windows\system32\url.dll
2009-06-19 13:20:44 ----A---- C:\Windows\system32\mshta.exe
2009-06-19 13:20:44 ----A---- C:\Windows\system32\iexpress.exe
2009-06-19 13:20:44 ----A---- C:\Windows\system32\iesysprep.dll
2009-06-19 13:20:43 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-06-19 13:20:43 ----A---- C:\Windows\system32\SetDepNx.exe
2009-06-19 13:20:43 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-06-19 13:20:43 ----A---- C:\Windows\system32\PDMSetup.exe
2009-06-19 13:20:43 ----A---- C:\Windows\system32\ieUnatt.exe
2009-06-19 13:20:29 ----D---- C:\Program Files\MSXML 4.0
2009-06-18 15:15:35 ----D---- C:\Users\Fernando Ponciano\AppData\Roaming\Samsung
2009-06-18 15:03:54 ----D---- C:\Windows\system32\Samsung_USB_Drivers
2009-06-18 15:03:51 ----D---- C:\Program Files\Samsung
2009-06-10 18:04:57 ----A---- C:\Windows\system32\MRT.INI
2009-06-10 12:29:31 ----A---- C:\Windows\system32\rpcrt4.dll
2009-06-10 12:20:06 ----A---- C:\Windows\system32\localspl.dll
2009-06-09 20:00:46 ----D---- C:\Program Files\Microsoft WSE

======List of files/folders modified in the last 1 months======

2009-07-08 16:28:41 ----D---- C:\Windows\Temp
2009-07-08 16:28:38 ----D---- C:\Users\Fernando Ponciano\AppData\Roaming\uTorrent
2009-07-08 16:28:32 ----D---- C:\Windows\Prefetch
2009-07-08 15:32:48 ----D---- C:\ProgramData\Babylon
2009-07-07 12:16:12 ----D---- C:\Windows\system32\drivers
2009-07-06 22:44:54 ----SHD---- C:\Windows\Installer
2009-07-06 22:44:31 ----D---- C:\Program Files\Common Files\microsoft shared
2009-07-06 20:07:54 ----SHD---- C:\$Recycle.Bin
2009-07-06 15:57:53 ----D---- C:\Windows\system32\pt-BR
2009-07-06 15:49:16 ----D---- C:\Windows
2009-07-06 15:41:05 ----D---- C:\Windows\System32
2009-07-05 23:58:15 ----D---- C:\Windows\system32\catroot2
2009-07-05 23:57:12 ----A---- C:\Windows\ntbtlog.txt
2009-07-05 23:48:52 ----RD---- C:\Program Files
2009-07-05 23:48:52 ----HD---- C:\ProgramData
2009-07-05 23:47:59 ----SD---- C:\Users\Fernando Ponciano\AppData\Roaming\Microsoft
2009-07-05 23:10:19 ----SHD---- C:\System Volume Information
2009-07-05 23:10:19 ----D---- C:\Program Files\Common Files
2009-07-05 23:08:17 ----D---- C:\Windows\system32\catroot
2009-07-05 23:08:17 ----D---- C:\Windows\inf
2009-07-01 23:48:36 ----D---- C:\Windows\Tasks
2009-07-01 23:48:36 ----D---- C:\Windows\system32\Tasks
2009-06-29 00:20:30 ----D---- C:\Users\Fernando Ponciano\AppData\Roaming\Babylon
2009-06-29 00:13:32 ----D---- C:\Windows\pss
2009-06-24 10:40:20 ----RSD---- C:\Windows\assembly
2009-06-24 09:15:25 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-06-24 09:14:02 ----D---- C:\Users\Fernando Ponciano\AppData\Roaming\U3
2009-06-23 18:00:12 ----D---- C:\Windows\winsxs
2009-06-23 18:00:12 ----D---- C:\Program Files\Internet Explorer
2009-06-22 12:35:10 ----D---- C:\Program Files\Safari
2009-06-21 00:51:48 ----D---- C:\Windows\Minidump
2009-06-19 13:47:16 ----D---- C:\Windows\rescache
2009-06-19 13:28:17 ----D---- C:\Windows\system32\migration
2009-06-19 13:28:12 ----D---- C:\Windows\system32\en-US
2009-06-19 13:28:12 ----D---- C:\Windows\PolicyDefinitions
2009-06-18 15:05:06 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-16 14:40:42 ----D---- C:\ProgramData\Microsoft Help
2009-06-15 10:37:39 ----RSD---- C:\Windows\Fonts
2009-06-10 18:04:57 ----D---- C:\Windows\system32\svc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-07-07 335752]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-07-06 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-07-06 108552]
R1 DLARTL_M;DLARTL_M; C:\Windows\System32\Drivers\DLARTL_M.SYS [2007-07-23 30064]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-06-18 5632]
R2 DLABMFSM;DLABMFSM; C:\Windows\System32\Drivers\DLABMFSM.SYS [2007-07-23 37360]
R2 DLABOIOM;DLABOIOM; C:\Windows\System32\Drivers\DLABOIOM.SYS [2007-07-23 32848]
R2 DLADResM;DLADResM; C:\Windows\System32\Drivers\DLADResM.SYS [2007-07-23 9104]
R2 DLAIFS_M;DLAIFS_M; C:\Windows\System32\Drivers\DLAIFS_M.SYS [2007-07-23 108752]
R2 DLAOPIOM;DLAOPIOM; C:\Windows\System32\Drivers\DLAOPIOM.SYS [2007-07-23 27216]
R2 DLAPoolM;DLAPoolM; C:\Windows\System32\Drivers\DLAPoolM.SYS [2007-07-23 16304]
R2 DLAUDF_M;DLAUDF_M; C:\Windows\System32\Drivers\DLAUDF_M.SYS [2007-07-23 98448]
R2 DLAUDFAM;DLAUDFAM; C:\Windows\System32\Drivers\DLAUDFAM.SYS [2007-07-23 93552]
R2 DRVNDDM;DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [2007-07-23 52000]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-12-14 155136]
R3 BCM43XX;Controlador da Placa WLAN sem Fios Dell; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-12-06 1044984]
R3 CmBatt;Driver de Bateria do Método de Controle ACPI da Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-02-04 2054872]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-06-09 7522624]
R3 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2media.sys [2008-02-14 48472]
R3 O2SDRDR;O2SDRDR; C:\Windows\system32\DRIVERS\o2sd.sys [2008-02-14 43480]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-07-28 47360]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-02-14 106496]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S1 OMCI;OMCI; \??\C:\Windows\SYSTEM32\DRIVERS\OMCI.SYS []
S3 axqzlcge;axqzlcge; C:\Windows\system32\drivers\axqzlcge.sys []
S3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 HdAudAddService;Driver de Função Microsoft 1.1 UAA para Serviço de High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Proxy de serviço de streaming Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy do relógio de streaming Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gerenciador de qualidade de streaming Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Conversor em T entre Coletores de streaming Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2005-08-02 32512]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-06-20 200112]
S3 vncmirror;vncmirror; C:\Windows\system32\DRIVERS\vncmirror.sys [2008-05-06 4608]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; E:\Appz\Ad-Aware\aawservice.exe [2008-08-11 611664]
R2 AERTFilters;Andrea RT Filters Service; C:\Windows\system32\AERTSrv.exe [2008-02-04 77824]
R2 Apple Mobile Device;Dispositivo Celular da Apple; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 avg8emc;AVG8 E-mail Scanner; E:\Appz\AVG8~1\avgemc.exe [2009-07-07 907032]
R2 avg8wd;AVG8 WatchDog; E:\Appz\AVG8~1\avgwdsvc.exe [2009-07-06 298776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-06-09 196608]
R2 O&O Defrag;O&O Defrag; C:\Windows\system32\oodag.exe [2007-05-11 1050120]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2007-12-08 24064]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-05-30 541992]
S2 .norton2009Reset;Norton 2009 Reset; C:\ProgramData\Norton\Norton2009Reset.exe []
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-31 136120]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2008-12-29 355584]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 o2flash;O2Micro Flash Memory Card Service; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [2008-02-14 65536]
S4 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 202544]
S4 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-07-11 69632]

-----------------EOF-----------------

____________________________________________________________________________

info.txt do Rsit

info.txt logfile of random's system information tool 1.06 2009-07-08 16:28:45

======Uninstall list======

-->E:\Appz\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3}
Acronis*Disk Director Server-->MsiExec.exe /X{F0E8F664-CAC6-4104-A4F9-4373F0633495}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Digital Editions-->"E:\Appz\Adobe\Adobe Digital Editions\uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.5 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A81300000003}
Adobe Shockwave Player 11.5-->C:\Windows\system32\Adobe\uninstaller.exe
Apple Mobile Device Support-->MsiExec.exe /I{659B48CD-0608-4ED5-94C0-0B6C87114F10}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Arquivo do WinRAR-->E:\Appz\WinRAR\uninstall.exe
Assistente de Conexão do Windows Live-->MsiExec.exe /I{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}
Atualização do produto Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0416-0000-0000000FF1CE} /uninstall {717C9095-8AAE-41CB-B046-BD6E8399F4F3}
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0416-0000-0000000FF1CE} /uninstall {5016CB22-B9A7-44FB-AA72-AF28B27B15EA}
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0416-0000-0000000FF1CE} /uninstall {BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}
Atualização do produto Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0416-0000-0000000FF1CE} /uninstall {7297E3A9-FCD4-4E0E-A306-7A90359E50E3}
AVG 8.5-->E:\Appz\AVG 8\setup.exe /UNINSTALL
AVS Video Converter 6-->"E:\Appz\AVSVideoConverter6\unins000.exe"
AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Babylon-->E:\Appz\Babylon-Pro\Utils\uninstbb.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Chinese Simplified Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-2447-0000-800000000003}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Cisco EAP-FAST Module-->MsiExec.exe /I{BF53252E-4AB2-4C7F-A0FD-6100755745E3}
Cisco LEAP Module-->MsiExec.exe /I{76F9CF97-FC4B-4E20-B363-D127C888448F}
Cisco PEAP Module-->MsiExec.exe /I{4E5386F5-C0F6-4532-A54A-374865AEAB71}
ConvertHelper 2.2-->"E:\Appz\ConvertHelper\unins000.exe"
ConvertXtoDVD 3.1.3.40-->"E:\Appz\Convert X to DVD\unins000.exe"
Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Dell Support Center-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
DivX Codec-->E:\Appz\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->E:\Appz\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->E:\Appz\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->E:\Appz\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->E:\Appz\DivX\DivXWebPlayerUninstall.exe /PLUGIN
doPDF 6.1 printer-->"E:\Appz\DoPDF\unins000.exe"
DreaMule 3.2-->"E:\Appz\DreaMule\unins000.exe"
FCWC2009-->"E:\Downloads\Games\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\unins000.exe"
FIFA 09-->MsiExec.exe /X{2315B23D-3E21-4920-837D-AE6460934ECB}
FIFA Club World Cup 2009-->"C:\Users\Fernando Ponciano\Documents\KONAMI\Pro Evolution Soccer 2009\unins000.exe"
FIFA Club World Cup 2009-->"E:\Downloads\Games\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\unins001.exe"
FindyKill-->E:\FindyKill\Uninstal.exe
Fortes Mafin-->E:\Appz\Matemática Financeira\Desinstala.Exe
Free Download Manager 2.5-->"E:\Appz\Free Download Manager\unins000.exe"
Game Graphic Studio-->MsiExec.exe /I{5AEDCB07-25E3-4136-BE1E-BB2A2944355D}
GameHouse Sudoku-->E:\Games\Sudoku\UNWISE.EXE /U E:\Games\Sudoku\INSTALL.LOG
Google Gears-->MsiExec.exe /I{95774351-6087-3A3B-8CA8-70BEE49D2BD5}
HijackThis 2.0.2-->"E:\Appz\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
iTunes-->MsiExec.exe /I{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Maxima 5.15.0-->"E:\Appz\Maxima-5.15.0\uninst\unins000.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - ptb-->MsiExec.exe /I{1438B41C-658C-35B7-9253-780F2E0A0B8E}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0416-0000-0000000FF1CE} /uninstall {9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0100-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0101-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0015-0416-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0016-0416-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00BA-0416-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0044-0416-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 - Portuguese/Português (Brasil)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall OMUI.PT-BR /dll OSETUP.DLL
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office O MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0100-0416-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00A1-0416-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001A-0416-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0018-0416-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-002C-0416-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0416-0000-0000000FF1CE} /uninstall {75EBE365-7FC5-4720-A7D3-804BF550D1BC}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0019-0416-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-006E-0416-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0017-0416-0000-0000000FF1CE} /uninstall {06505BF4-1BDC-494D-8336-7069BA950039}
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0017-0416-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001B-0416-0000-0000000FF1CE}
Microsoft Office X MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0101-0416-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
MobileMe Control Panel-->MsiExec.exe /I{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}
Mozilla Firefox (3.0.11)-->E:\Appz\FireFox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3}
O&O Defrag Professional Edition-->MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50}
O2Micro Flash Memory Card Reader Driver (x86)-->MsiExec.exe /X{372B31CF-77FB-4E29-860C-A0EA2985AB7F}
Official Patch 1.3 by KONAMI + Kitserver 8.1.2 äëÿ PES2009-->"E:\Downloads\Games\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\unins002.exe"
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - ptb\setup.exe
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
Photosynth 2.0.1519.16-->MsiExec.exe /X{366E24C6-9097-4F63-BF42-3F3EF356A960}
Picasa 3-->"E:\Appz\Google\Picasa3\Uninstall.exe"
Placa WLAN sem Fios Dell-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
PlayFLV-->"E:\Appz\PlayFLV\uninstall.exe"
Power Data Recovery 4.1.1-->"E:\Appz\PowerDataRecovery\unins000.exe"
QuickSet-->MsiExec.exe /I{4B6AD248-D3BF-426A-8D64-847288154F13}
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0416 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Registry Mechanic 8.0-->"E:\Appz\Registry Mechanic\unins000.exe" /Log
RocketDock 1.3.5-->"E:\Appz\RocketDock\unins000.exe"
Roxio Activation Module-->MsiExec.exe /I{07159635-9DFE-4105-BFC0-2817DB540C68}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ED8-B104-03393876DFDF}
Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Safari-->MsiExec.exe /I{C5C649A8-1D21-4C83-9B08-7B3752E580F4}
SAMSUNG Mobile Composite Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x0416 -removeonly
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0416 -removeonly
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
SopCast 3.0.3-->C:\Program Files\SopCast\uninst.exe
Spybot - Search & Destroy-->"E:\Appz\Spybot - Search & Destroy\unins000.exe"
STATISTICA 7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Appz\Statistica 7\Setup\setup.exe" -l0x9
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The Sims™ 3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\Sims3Setup.exe" -runfromtemp -l0x0416 -removeonly
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb970012)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Vista Codec Package-->MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
VobSub v2.23 (Remove Only)-->"E:\Appz\VobSub\uninstall.exe"
Wanted: Weapons of Fate-->"C:\Program Files\InstallShield Installation Information\{9312191B-30A5-44E1-8D8D-6936FE06CDE8}\setup.exe" -runfromtemp -l0x0009 -removeonly
Windows Live Call-->MsiExec.exe /I{32BC546A-8AA3-4239-AE92-9CF3291C35A6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{3B96F4EA-CD82-4C57-B86A-646A017CAF18}
Windows Live Messenger-->MsiExec.exe /X{C8DD4EAD-674B-461B-94D5-4C80CCFB8401}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinPcap 3.1-->C:\Program Files\WinPcap\uninstall.exe
WM Recorder 11.0-->E:\Appz\WMR11\Uninstal.exe

=====HijackThis Backups=====

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) [2009-07-05]
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe [2009-07-05]
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) [2009-07-05]
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [2009-07-05]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus
AV: Avira AntiVir PersonalEdition
AS: AVG Anti-Virus (disabled)
AS: Spybot - Search and Destroy (disabled)
AS: Windows Defender
AS: Avira AntiVir PersonalEdition

======System event log======

Computer Name: Ponci-Mobile
Event Code: 7036
Message: O serviço Suporte do Painel de Controle Relatórios de Problemas e Soluções entrou no estado executando.
Record Number: 134280
Source Name: Service Control Manager
Time Written: 20090708184504.000000-000
Event Type: Informações
User:

Computer Name: Ponci-Mobile
Event Code: 7036
Message: O serviço Suporte do Painel de Controle Relatórios de Problemas e Soluções entrou no estado interrompido.
Record Number: 134281
Source Name: Service Control Manager
Time Written: 20090708184504.000000-000
Event Type: Informações
User:

Computer Name: Ponci-Mobile
Event Code: 7036
Message: O serviço Serviço de Descoberta Automática de Proxy da Web do WinHTTP entrou no estado interrompido.
Record Number: 134282
Source Name: Service Control Manager
Time Written: 20090708185152.000000-000
Event Type: Informações
User:

Computer Name: Ponci-Mobile
Event Code: 10029
Message: O DCOM iniciou o serviço iPod Service com argumentos "" para executar o servidor:
{063D34A4-BF84-4B8D-B699-E8CA06504DDE}
Record Number: 134283
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090708190815.000000-000
Event Type: Informações
User:

Computer Name: Ponci-Mobile
Event Code: 7036
Message: O serviço iPod Service entrou no estado executando.
Record Number: 134284
Source Name: Service Control Manager
Time Written: 20090708190815.000000-000
Event Type: Informações
User:

=====Application event log=====

Computer Name: Ponci-Mobile
Event Code: 302
Message: Windows (3072) Windows: O mecanismo de banco de dados concluiu com êxito as etapas de recuperação.
Record Number: 24765
Source Name: ESENT
Time Written: 20090708183230.000000-000
Event Type: Informações
User:

Computer Name: Ponci-Mobile
Event Code: 1003
Message: O Windows Search Service foi iniciado.

Record Number: 24766
Source Name: Microsoft-Windows-Search
Time Written: 20090708183235.000000-000
Event Type: Informações
User:

Computer Name: Ponci-Mobile
Event Code: 1
Message: Cliente de Serviços de Certificados iniciado com êxito.
Record Number: 24767
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20090708183305.133115-000
Event Type: Informações
User: Ponci-Mobile\Fernando Ponciano

Computer Name: Ponci-Mobile
Event Code: 1
Message: Cliente de Serviços de Certificados iniciado com êxito.
Record Number: 24768
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20090708183314.321515-000
Event Type: Informações
User: AUTORIDADE NT\SYSTEM

Computer Name: Ponci-Mobile
Event Code: 0
Message:
Record Number: 24769
Source Name: iPod Service
Time Written: 20090708190815.000000-000
Event Type: Informações
User:

=====Security event log=====

Computer Name: Ponci-Mobile
Event Code: 5038
Message: A integridade do código determinou que o hash de imagem de um arquivo não é válido. O arquivo pode estar corrompido devido a uma modificação não-autorizada, ou o hash inválido pode indicar um erro em potencial do dispositivo de disco.

Nome do arquivo: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 39516
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090708192838.931315-000
Event Type: Falha de Auditoria
User:

Computer Name: Ponci-Mobile
Event Code: 5038
Message: A integridade do código determinou que o hash de imagem de um arquivo não é válido. O arquivo pode estar corrompido devido a uma modificação não-autorizada, ou o hash inválido pode indicar um erro em potencial do dispositivo de disco.

Nome do arquivo: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 39517
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090708192838.960315-000
Event Type: Falha de Auditoria
User:

Computer Name: Ponci-Mobile
Event Code: 5038
Message: A integridade do código determinou que o hash de imagem de um arquivo não é válido. O arquivo pode estar corrompido devido a uma modificação não-autorizada, ou o hash inválido pode indicar um erro em potencial do dispositivo de disco.

Nome do arquivo: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 39518
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090708192838.989315-000
Event Type: Falha de Auditoria
User:

Computer Name: Ponci-Mobile
Event Code: 5038
Message: A integridade do código determinou que o hash de imagem de um arquivo não é válido. O arquivo pode estar corrompido devido a uma modificação não-autorizada, ou o hash inválido pode indicar um erro em potencial do dispositivo de disco.

Nome do arquivo: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 39519
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090708192839.020315-000
Event Type: Falha de Auditoria
User:

Computer Name: Ponci-Mobile
Event Code: 5038
Message: A integridade do código determinou que o hash de imagem de um arquivo não é válido. O arquivo pode estar corrompido devido a uma modificação não-autorizada, ou o hash inválido pode indicar um erro em potencial do dispositivo de disco.

Nome do arquivo: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 39520
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090708192839.050315-000
Event Type: Falha de Auditoria
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\Samsung\Samsung PC Studio 3
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Mr.Wolf · 08/07/2009

felipe agp disse:
Faz tempo q uso o malwarebytes anti-spyware aqui pra tirar virus. Mais ele nao ta mais atualizando. Da um erro e fecha o malwarebytes.

Qual é o erro?

Mr.Wolf · 08/07/2009

Brandao, abra o Bloco de Notas de seu computador e cole este texto abaixo dentro:

Código:

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9de00ced-630e-11dd-aa20-001c23555af3}]

Salve com o nome de fix.reg no desktop. Dê um duplo clique neste arquivo e clique em Sim na mensagem. Após isto, delete este arquivo.

No mais, o log está limpo

Algum problema ainda Brandao?

felipe agp · 08/07/2009

Mr.Wolf disse:
Qual é o erro?

ERRO INESPERADO

NÃO FOI POSSÍVEL COMPLETAR A ATUALIZAÇAO. TENTE MAIS TARDE OU CLIQUE NO BOTÃO AJUDA PARA OBTER OS DETALHES.

Daí eu clico em ajuda e aparece tudo em ingles nao entendi nada. E quando clico em ok fecha o programa.

A atualizaçao parou em 1.38 database 2176 e a ultima atualizaçao foi dia 23/6/2009 :boring:

Brandao · 08/07/2009

Mr.Wolf disse:
Brandao, abra o Bloco de Notas de seu computador e cole este texto abaixo dentro:

Código:

REGEDIT4 [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9de00ced-630e-11dd-aa20-001c23555af3}]

Salve com o nome de fix.reg no desktop. Dê um duplo clique neste arquivo e clique em Sim na mensagem. Após isto, delete este arquivo.

No mais, o log está limpo

Algum problema ainda Brandao?

ow cara valew mesmo ehaheha... me salvou de uma formatação do hd uheauauhehe..... acho q agora não to com mais problemas, qualquer coisa eu volto aqui... brigadãooo

Mr.Wolf · 08/07/2009

felipe agp disse:
ERRO INESPERADO

NÃO FOI POSSÍVEL COMPLETAR A ATUALIZAÇAO. TENTE MAIS TARDE OU CLIQUE NO BOTÃO AJUDA PARA OBTER OS DETALHES.

Daí eu clico em ajuda e aparece tudo em ingles nao entendi nada. E quando clico em ok fecha o programa.

A atualizaçao parou em 1.38 database 2176 e a ultima atualizaçao foi dia 23/6/2009 :boring:

Felipe, tente estas três possíveis soluções:

1ª) Vá em Painel de Controle > Firewall do Windows e marque "Desativado (não recomendado)".
Tente atualizar o Malwarebytes.

2ª) Em Painel de Controle, clique em Conexões de Rede. Clique com o botão direito sobre sua conexão local e selecione Propriedades. Clique sobre Protocolo TCP/IP e clique no botão Propriedades.
Marque a opção "Usar os seguintes endereços de servidor DNS" e coinfigure os campos conforme abaixo:

Servidor DNS Preferencial: 208.67.222.222
Servidor DNS Alternativo: 208.67.220.220

Dê um OK nas telas para fechar.
Tente atualizar o Malwarebytes.

3ª) Baixe e execute o arquivo abaixo:
http://customer.llnw.com/traceput.cgi?host=mbam-cdn.malwarebytes.org&ticket=752033

Tente atualizar o Malwarebytes.

felipe agp · 08/07/2009

Mr.Wolf disse:
Felipe, tente estas três possíveis soluções:

1ª) Vá em Painel de Controle > Firewall do Windows e marque "Desativado (não recomendado)".
Tente atualizar o Malwarebytes.

2ª) Em Painel de Controle, clique em Conexões de Rede. Clique com o botão direito sobre sua conexão local e selecione Propriedades. Clique sobre Protocolo TCP/IP e clique no botão Propriedades.
Marque a opção "Usar os seguintes endereços de servidor DNS" e coinfigure os campos conforme abaixo:

Servidor DNS Preferencial: 208.67.222.222
Servidor DNS Alternativo: 208.67.220.220

Dê um OK nas telas para fechar.
Tente atualizar o Malwarebytes.

3ª) Baixe e execute o arquivo abaixo:
http://customer.llnw.com/traceput.cgi?host=mbam-cdn.malwarebytes.org&ticket=752033

Tente atualizar o Malwarebytes.

O 1 e o 2 nao deram certo. Mais o 3 o malwarebytes atualizou e depois deu o erro e voltou a atualizaçao q tava antes.

Mr.Wolf · 08/07/2009

felipe agp disse:
O 1 e o 2 nao deram certo. Mais o 3 o malwarebytes atualizou e depois deu o erro e voltou a atualizaçao q tava antes.

Tente isto:

- Feche o MBAM (Malwarebytes).

- Crie uma nova pasta em C:\. Vá até a pasta do anti-malware em C:\Arquivos de programas\Malwarebytes' Anti-Malware. Localize o arquivo zlib.dll e mova-o para a nova pasta criada em C:\.

- Execute novamente o arquivo do meu post anterior (TracePut.exe).

- Baixe as últimas atualizações do MBAM manualmente abaixo:
http://www.gt500.org/malwarebytes/mbam-rules.exe

- Basta abrir o executável, ele atualizará a base de dados do anti-malware.

Veja se dará certo.

felipe agp · 08/07/2009

Mr.Wolf disse:
Tente isto:

- Feche o MBAM (Malwarebytes).

- Crie uma nova pasta em C:\. Vá até a pasta do anti-malware em C:\Arquivos de programas\Malwarebytes' Anti-Malware. Localize o arquivo zlib.dll e mova-o para a nova pasta criada em C:\.

- Execute novamente o arquivo do meu post anterior (TracePut.exe).

- Baixe as últimas atualizações do MBAM manualmente abaixo:
http://www.gt500.org/malwarebytes/mbam-rules.exe

- Basta abrir o executável, ele atualizará a base de dados do anti-malware.

Veja se dará certo.

SHOOOOOOOOWWWWWWWWWW

Funfo blezinha agora mr.wolf.

Vlw msm

Mais sempre terei q atualizar assim??? :cry:

Ve ai se a atualizaçao é essa 1.38 database 2395

Vleuzao msm :yes: vou ate passar um scan agora hauheuah

Tiagoquiroga · 08/07/2009

Aí vao os logs do malwarebytes e do hijackthis
Malwarebytes' Anti-Malware 1.38
Versão do banco de dados: 2396
Windows 5.1.2600 Service Pack 2

8/7/2009 19:48:39
mbam-log-2009-07-08 (19-48-39).txt

Tipo de Verificação: Completa (C:\|)
Objetos verificados: 142422
Tempo decorrido: 21 minute(s), 26 second(s)

Processos da Memória infectados: 4
Módulos de Memória Infectados: 2
Chaves do Registro infectadas: 20
Valores do Registro infectados: 4
Ítens do Registro infectados: 1
Pastas infectadas: 5
Arquivos infectados: 15

Processos da Memória infectados:
C:\Documents and Settings\User\Dados de aplicativos\pridl\pridl.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\Documents and Settings\User\Dados de aplicativos\cft\cft.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\Documents and Settings\User\Dados de aplicativos\digifast\digifast.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\Documents and Settings\User\Dados de aplicativos\Microsoft\Windows\cktuwa.exe (Trojan.Dropper) -> Unloaded process successfully.

Módulos de Memória Infectados:
C:\Arquivos de programas\Mozilla Firefox\components\WWShow.dll (Trojan.BHO) -> Delete on reboot.
C:\Arquivos de programas\Mozilla Firefox\components\dfff.dll (Trojan.Agent.V) -> Delete on reboot.

Chaves do Registro infectadas:
HKEY_CLASSES_ROOT\bho_cpv.workhorse (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_cpv.workhorse.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mjcore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mjcore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{26a98aa8-07fe-46e6-b6df-26704f3b895f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\digifast (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\asc3550p (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_CPV.dll (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MJCore.dll (Trojan.BHO) -> Quarantined and deleted successfully.

Valores do Registro infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pridl (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cft (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\digifast (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sfkg6wipuspdc (Trojan.Dropper) -> Quarantined and deleted successfully.

Ítens do Registro infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Pastas infectadas:
c:\documents and settings\User\Dados de aplicativos\digifast (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Arquivos de programas\WWShow (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Arquivos de programas\Jcore (Trojan.BHO) -> Quarantined and deleted successfully.
c:\documents and settings\User\Dados de aplicativos\pridl (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\User\Dados de aplicativos\cft (Trojan.Downloader) -> Quarantined and deleted successfully.

Arquivos infectados:
C:\Documents and Settings\User\Dados de aplicativos\pridl\pridl.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Dados de aplicativos\cft\cft.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Dados de aplicativos\digifast\digifast.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Dados de aplicativos\Microsoft\Windows\cktuwa.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Arquivos de programas\Mozilla Firefox\components\WWShow.dll (Trojan.BHO) -> Delete on reboot.
C:\Arquivos de programas\Mozilla Firefox\components\dfff.dll (Trojan.Agent.V) -> Delete on reboot.
C:\Arquivos de programas\WWShow\WWShow.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Arquivos de programas\Jcore\Jcore2.dll (Trojan.BHO) -> Quarantined and deleted successfully.
c:\documents and settings\User\dados de aplicativos\digifast\DFUninstall.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\User\configurações locais\temporary internet files\Content.IE5\1KJ5O0MN\156[1].net (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\User\configurações locais\temporary internet files\Content.IE5\TLYL0JLR\dfuninstaller.prod.v14000.18mar2009.exe[1].10b9665cc5f98c037e9b8dcc0e88929e (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\User\configurações locais\temporary internet files\Content.IE5\TLYL0JLR\152[1].net (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\User\configurações locais\temporary internet files\Content.IE5\YYPJDIJR\155[1].net (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\User\configurações locais\temporary internet files\Content.IE5\YYPJDIJR\163[1].net (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\User\dados de aplicativos\digifast\config.cfg (Trojan.Agent) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:52:09, on 8/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Arquivos de programas\Winamp\winampa.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
C:\Arquivos de programas\Orbitdownloader\orbitnet.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pesbrasil.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - Default URLSearchHook is missing
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE LG webpro2 Camera
O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

Pryds · 08/07/2009

Nao tem nenhum ComboFix.txt e o meu relogio ta desrregulando sozinho entao nao sei qual q foi gerado =\
o q gerou foi um log.txt q ja abriu no final:

Log.txt:

ComboFix 09-07-08.04 - Pryds 08/07/2009 20:22.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1433 [GMT 4,5:30]
Executando de: c:\documents and settings\Pryds\Meus documentos\Alessandro\Pryds.exe
Comandos utilizados :: c:\documents and settings\Pryds\Meus documentos\Alessandro\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}

FILE ::
"c:\windows\system32\cfgnm.dll"
"c:\windows\system32\ezsidmv.dat"
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\cfgnm.dll
c:\windows\system32\ezsidmv.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DBTDPJSB
-------\Legacy_FGLFJK
-------\Legacy_FXWXZERZW
-------\Legacy_GPIEMLUN
-------\Legacy_HESEZGM
-------\Legacy_HLQNO
-------\Legacy_HZCAMAD
-------\Legacy_KJKPTDOUB
-------\Legacy_SBRQMD
-------\Legacy_TPCYMUT
-------\Legacy_UODEZRST
-------\Legacy_XKKMNHW
-------\Legacy_XPZSWEK
-------\Legacy_XXCMBI
-------\Legacy_YBJRXFAWD
-------\Legacy_YQFKZMY
-------\Legacy_ZTFBFXMF
-------\Service_dbtdpjsb
-------\Service_fglfjk
-------\Service_fxwxzerzw
-------\Service_gpiemlun
-------\Service_hesezgm
-------\Service_hlqno
-------\Service_hzcamad
-------\Service_kjkptdoub
-------\Service_sbrqmd
-------\Service_tpcymut
-------\Service_uodezrst
-------\Service_xkkmnhw
-------\Service_xpzswek
-------\Service_xxcmbi
-------\Service_ybjrxfawd
-------\Service_yqfkzmy
-------\Service_ztfbfxmf

(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-08 to 2009-07-08 ))))))))))))))))))))))))))))
.

2009-07-08 00:58 . 2005-05-03 14:13 69632 ----a-w- c:\windows\Alcmtr.exe
2009-07-08 00:15 . 2009-07-08 00:15 -------- d-----w- c:\windows\system32\xircom
2009-07-08 00:15 . 2009-07-08 00:15 -------- d-----w- c:\windows\system32\wbem\snmp
2009-07-08 00:15 . 2009-07-08 00:15 -------- d-----w- c:\arquivos de programas\microsoft frontpage
2009-07-07 16:04 . 2009-07-07 16:04 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\urdstnim
2009-07-06 15:33 . 2009-07-06 15:33 -------- d-----w- c:\documents and settings\NetworkService\Dados de aplicativos\urdstnim
2009-07-05 14:41 . 2009-07-05 14:41 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\Malwarebytes
2009-07-05 14:41 . 2009-06-17 06:57 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-05 14:41 . 2009-07-05 14:41 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2009-07-05 14:41 . 2009-07-05 14:41 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2009-07-05 14:41 . 2009-06-17 06:57 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-03 16:04 . 2006-05-03 17:53 135168 ----a-w- c:\windows\system32\expat.dll
2009-07-03 16:04 . 2006-05-03 17:54 49152 ----a-w- c:\windows\system32\INETWH32.dll
2009-07-02 19:10 . 2009-07-02 19:10 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\FUEL
2009-07-02 18:53 . 2009-07-02 18:53 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\InstallShield Installation Information
2009-07-02 18:53 . 2009-07-02 18:53 -------- d-----w- c:\arquivos de programas\Codemasters
2009-07-02 18:53 . 2009-06-15 10:39 546668 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\InstallShield Installation Information\{F51FF206-2273-4B3E-A90A-4752AE288C12}\ISSetup.dll
2009-07-02 18:53 . 2007-02-27 15:08 456416 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\InstallShield Installation Information\{F51FF206-2273-4B3E-A90A-4752AE288C12}\setup.exe
2009-07-02 18:53 . 2006-05-17 16:21 373680 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\InstallShield Installation Information\{F51FF206-2273-4B3E-A90A-4752AE288C12}\_setup.dll
2009-07-02 18:52 . 2009-07-02 18:52 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\InstallShield
2009-07-02 15:08 . 2009-07-04 01:08 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP
2009-07-02 15:08 . 2009-07-04 01:10 -------- d-----w- C:\Fraps
2009-06-30 21:33 . 2009-06-30 21:33 -------- d-----w- c:\arquivos de programas\CAPCOM
2009-06-30 18:08 . 2009-06-30 18:19 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy
2009-06-30 18:08 . 2009-06-30 18:08 -------- d-----w- c:\arquivos de programas\Spybot
2009-06-27 20:28 . 2009-06-27 20:49 -------- d-----w- c:\arquivos de programas\MorphVOX Pro
2009-06-27 20:28 . 2009-06-27 20:30 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Screaming Bee
2009-06-26 18:36 . 2009-06-26 18:40 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\Likno
2009-06-26 12:16 . 2009-06-27 20:30 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\Screaming Bee
2009-06-26 10:13 . 2009-06-26 10:13 -------- d-----w- c:\windows\system32\AGEIA
2009-06-26 10:13 . 2009-06-26 10:13 -------- d-----w- c:\arquivos de programas\AGEIA Technologies
2009-06-20 20:23 . 2009-06-20 20:23 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2009-06-20 20:23 . 2009-06-20 20:23 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2009-06-20 20:23 . 2009-06-20 20:23 -------- d-----w- c:\arquivos de programas\OpenAL
2009-06-20 20:10 . 2009-06-20 20:10 -------- d-----w- c:\arquivos de programas\Paradox Interactive
2009-06-19 17:46 . 2009-06-19 17:46 7680 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\Thinstall\Anim-FX\40000064300002i\bsplayer.exe
2009-06-19 16:32 . 2009-06-19 16:32 7680 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\Thinstall\Anim-FX\400000a800002i\uTorrent.exe
2009-06-19 16:15 . 2009-06-19 16:24 -------- d-----w- C:\Program Files
2009-06-19 15:12 . 2009-06-19 15:12 7680 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\Thinstall\Anim-FX\4000004d00002i\firefox.exe
2009-06-18 20:59 . 2009-06-18 20:59 -------- d-----w- c:\windows\osu!
2009-06-18 20:59 . 2009-06-28 14:58 -------- d-----w- c:\arquivos de programas\osu!
2009-06-18 16:13 . 2009-06-18 16:13 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\Aleo Software
2009-06-17 21:39 . 2003-11-04 10:41 159744 ----a-w- c:\windows\system32\lfpng13n.dll
2009-06-17 21:39 . 2003-05-22 12:01 55808 ----a-w- c:\windows\system32\lfpsd13n.dll
2009-06-17 21:39 . 2003-11-04 10:40 69632 ----a-w- c:\windows\system32\lfgif13n.dll
2009-06-17 21:39 . 2004-05-14 12:23 462848 ----a-w- c:\windows\system32\ltkrn13n.dll
2009-06-17 21:39 . 2004-05-14 12:23 450560 ----a-w- c:\windows\system32\ltimg13n.dll
2009-06-17 21:39 . 2004-05-14 12:23 299008 ----a-w- c:\windows\system32\ltdis13n.dll
2009-06-17 21:39 . 2004-05-14 12:23 163840 ----a-w- c:\windows\system32\ltfil13n.dll
2009-06-17 21:39 . 2004-05-14 12:23 57344 ----a-w- c:\windows\system32\lfbmp13n.dll
2009-06-17 21:39 . 2004-05-14 12:23 401408 ----a-w- c:\windows\system32\lfcmp13n.dll
2009-06-17 21:39 . 2004-01-11 21:39 206336 ----a-w- c:\windows\system32\ltefx13n.dll
2009-06-17 17:38 . 2009-06-17 17:38 -------- d-----w- c:\arquivos de programas\Wondershare
2009-06-17 08:00 . 2009-06-17 08:00 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\Media Player Classic
2009-06-13 15:53 . 2009-06-13 15:53 -------- d-sh--w- c:\documents and settings\Pryds\PrivacIE
2009-06-11 07:28 . 2009-06-11 07:30 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\DPlot
2009-06-11 07:28 . 2009-06-11 07:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DPlot
2009-06-11 07:03 . 2009-06-11 07:03 -------- d-sh--w- c:\documents and settings\Pryds\IETldCache
2009-06-11 06:59 . 2009-06-11 07:01 -------- dc-h--w- c:\windows\ie8
2009-06-11 06:59 . 2009-06-11 07:01 -------- d-----w- C:\ceb2195bbb4efffa4762fb4a071d1d
2009-06-10 12:22 . 2008-04-13 10:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-06-10 12:22 . 2008-04-13 10:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-06-10 12:21 . 2008-04-13 10:16 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-06-10 12:21 . 2008-04-13 10:16 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-06-10 12:21 . 2008-04-13 10:16 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-06-10 12:21 . 2008-04-13 10:16 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-06-10 12:21 . 2008-04-13 10:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-06-10 12:21 . 2008-04-13 17:50 54784 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-06-10 12:21 . 2009-06-10 12:21 13824 ----a-w- c:\windows\system32\drivers\splitcam.sys
2009-06-10 12:20 . 2009-06-10 12:20 -------- d-----w- c:\arquivos de programas\SplitCam

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-08 15:59 . 2009-04-27 00:26 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\uTorrent
2009-07-08 15:50 . 2009-04-27 01:32 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\Skype
2009-07-08 15:49 . 2009-04-27 02:27 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\skypePM
2009-07-08 15:43 . 2009-04-27 02:22 -------- d-----w- c:\arquivos de programas\Steam
2009-07-04 01:34 . 2009-04-27 01:27 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-07-01 19:33 . 2009-04-27 19:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\TrackMania
2009-06-27 17:17 . 2009-05-06 17:31 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\Thinstall
2009-06-26 14:58 . 2009-04-27 14:40 -------- d-----w- c:\arquivos de programas\BSplayer
2009-06-26 10:12 . 2009-06-07 13:15 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard
2009-06-14 13:18 . 2009-05-22 07:04 189072 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-14 13:00 . 2009-05-22 07:05 138920 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-11 07:11 . 2009-06-06 16:31 -------- d-----w- c:\arquivos de programas\Opera
2009-06-10 05:50 . 2009-05-22 06:33 -------- d-----w- c:\arquivos de programas\Activision
2009-06-10 05:44 . 2009-05-17 23:40 -------- d-----w- c:\arquivos de programas\Electronic Arts
2009-06-09 09:43 . 2009-04-27 02:40 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys
2009-06-08 17:21 . 2009-06-08 17:21 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\YCanPDF
2009-06-07 17:18 . 2009-05-28 20:44 -------- d-----w- c:\arquivos de programas\HD Tach
2009-06-01 08:06 . 2009-06-01 08:06 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\Nero
2009-05-29 19:08 . 2009-05-29 19:07 -------- d-----w- c:\arquivos de programas\QuickTime
2009-05-29 19:07 . 2009-05-29 19:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer
2009-05-29 19:07 . 2009-05-29 19:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple
2009-05-29 19:07 . 2009-05-29 19:07 -------- d-----w- c:\arquivos de programas\Apple Software Update
2009-05-29 18:09 . 2009-04-27 00:26 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield
2009-05-28 16:46 . 2009-05-28 16:46 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\PixelPlanet
2009-05-26 20:53 . 2009-05-26 20:53 1915520 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-05-24 10:59 . 2009-05-24 10:59 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\TortoiseSVN
2009-05-24 10:53 . 2009-05-24 10:53 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\Subversion
2009-05-24 10:53 . 2009-05-24 10:53 -------- d-----w- c:\arquivos de programas\TortoiseSVN
2009-05-24 10:53 . 2009-05-24 10:53 -------- d-----w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays
2009-05-23 23:07 . 2009-05-23 23:07 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\Avira
2009-05-22 10:12 . 2009-05-22 10:12 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\teamspeak2
2009-05-22 10:12 . 2009-05-22 10:12 -------- d-----w- c:\arquivos de programas\Teamspeak
2009-05-22 07:19 . 2009-05-22 07:03 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-05-22 07:05 . 2009-05-22 07:05 22328 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\PnkBstrK.sys
2009-05-22 07:05 . 2009-05-22 07:05 22328 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\PnkBstrK.sys
2009-05-20 19:40 . 2009-05-20 19:40 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-17 23:51 . 2009-05-17 23:51 10134 ----a-r- c:\documents and settings\Pryds\Dados de aplicativos\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-05-17 23:51 . 2009-05-17 23:51 -------- d-----w- c:\arquivos de programas\Microsoft WSE
2009-05-17 18:35 . 2009-05-17 18:35 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab
2009-05-17 15:27 . 2009-05-17 15:27 -------- d--h--r- c:\documents and settings\Pryds\Dados de aplicativos\SecuROM
2009-05-17 15:26 . 2009-05-17 15:23 -------- d-----w- c:\arquivos de programas\Microsoft Games for Windows - LIVE
2009-05-16 14:23 . 2008-04-14 11:00 76414 ----a-w- c:\windows\system32\perfc016.dat
2009-05-16 14:23 . 2008-04-14 11:00 465986 ----a-w- c:\windows\system32\perfh016.dat
2009-05-16 14:22 . 2009-05-16 14:22 -------- d-----w- c:\arquivos de programas\MSBuild
2009-05-16 14:22 . 2009-05-16 14:22 -------- d-----w- c:\arquivos de programas\Reference Assemblies
2009-05-12 20:00 . 2009-05-09 18:17 -------- d-----w- c:\arquivos de programas\Tibia
2009-05-12 19:02 . 2009-05-12 19:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FLEXnet
2009-05-12 18:34 . 2009-04-27 02:13 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2009-05-12 12:54 . 2009-04-27 08:47 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DVDVideoSoft
2009-05-12 12:54 . 2009-04-27 08:47 -------- d-----w- c:\arquivos de programas\Youtube
2009-04-30 20:14 . 2009-04-30 20:14 36101 ----a-w- c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2009-04-30 20:14 . 2009-04-30 20:14 131072 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-04-27 10:40 . 2009-04-27 02:40 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-04-27 10:40 . 2009-04-27 02:40 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-04-27 02:22 . 2009-04-27 02:22 1204 ----a-w- c:\windows\mozver.dat
2009-04-27 02:16 . 2008-10-10 20:42 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS
2009-04-27 01:29 . 2009-04-27 01:29 315392 ----a-w- c:\windows\HideWin.exe
2009-04-27 01:18 . 2009-04-27 00:09 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-27 00:35 . 2009-04-27 00:35 0 ----a-w- c:\windows\nsreg.dat
2009-04-27 00:06 . 2009-04-27 00:07 21844 ----a-w- c:\windows\system32\emptyregdb.dat
2009-04-21 19:50 . 2009-04-21 19:50 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-21 19:50 . 2009-04-21 19:50 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\NetworkService\Dados de aplicativos\urdstnim ----

2009-07-06 15:33 . 2009-07-06 15:33 569 ----a-w- c:\documents and settings\NetworkService\Dados de aplicativos\urdstnim\Profiles\ycd58hqd.default\localstore.rdf
2009-07-06 15:33 . 2009-07-06 15:33 10457 ----a-w- c:\documents and settings\NetworkService\Dados de aplicativos\urdstnim\Profiles\ycd58hqd.default\pluginreg.dat
2009-07-06 15:33 . 2009-07-06 15:33 2048 ----a-w- c:\documents and settings\NetworkService\Dados de aplicativos\urdstnim\Profiles\ycd58hqd.default\webappsstore.sqlite
2009-07-06 15:33 . 2009-07-06 15:33 4096 ----a-w- c:\documents and settings\NetworkService\Dados de aplicativos\urdstnim\Profiles\ycd58hqd.default\formhistory.sqlite
2009-07-06 15:33 . 2009-07-06 15:33 131072 ----a-w- c:\documents and settings\NetworkService\Dados de aplicativos\urdstnim\Profiles\ycd58hqd.default\places.sqlite
2009-07-06 15:33 . 2009-07-06 15:33 0 ----a-w- c:\documents and settings\NetworkService\Dados de aplicativos\urdstnim\Profiles\ycd58hqd.default\places.sqlite-journal
2009-07-06 15:33 . 2009-07-06 15:33 16384 ----a-w- c:\documents and settings\NetworkService\Dados de aplicativos\urdstnim\Profiles\ycd58hqd.default\key3.db
2009-07-06 15:33 . 2009-07-06 15:35 65536 ----a-w- c:\documents and settings\NetworkService\Dados de aplicativos\urdstnim\Profiles\ycd58hqd.default\cert8.db
2009-07-06 15:33 . 2009-07-06 15:33 16384 ----a-w- c:\documents and settings\NetworkService\Dados de aplicativos\urdstnim\Profiles\ycd58hqd.default\secmod.db
2009-07-06 15:33 . 2009-07-06 15:35 2048 ----a-w- c:\documents and settings\NetworkService\Dados de aplicativos\urdstnim\Profiles\ycd58hqd.default\cookies.sqlite
2009-07-06 15:33 . 2009-07-06 15:33 2048 ----a-w- c:\documents and settings\NetworkService\Dados de aplicativos\urdstnim\Profiles\ycd58hqd.default\permissions.sqlite
2009-07-06 15:33 . 2009-07-06 15:33 367 ----a-w- c:\documents and settings\NetworkService\Dados de aplicativos\urdstnim\Profiles\ycd58hqd.default\prefs.js
2009-07-06 15:33 . 2009-07-06 15:33 127820 ----a-w- c:\documents and settings\NetworkService\Dados de aplicativos\urdstnim\Profiles\ycd58hqd.default\compreg.dat
2009-07-06 15:33 . 2009-07-06 15:33 96206 ----a-w- c:\documents and settings\NetworkService\Dados de aplicativos\urdstnim\Profiles\ycd58hqd.default\xpti.dat
2009-07-06 15:33 . 2009-07-06 15:33 111 ----a-w- c:\documents and settings\NetworkService\Dados de aplicativos\urdstnim\profiles.ini
2009-07-06 15:33 . 2009-07-06 15:33 229 ----a-w- c:\documents and settings\NetworkService\Dados de aplicativos\urdstnim\Profiles\ycd58hqd.default\compatibility.ini

---- Directory of c:\documents and settings\Pryds\Dados de aplicativos\urdstnim ----

2009-07-07 16:04 . 2009-07-07 16:04 569 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\urdstnim\Profiles\wj7kwubq.default\localstore.rdf
2009-07-07 16:04 . 2009-07-06 18:54 10460 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\urdstnim\Profiles\wj7kwubq.default\pluginreg.dat
2009-07-07 16:04 . 2009-07-06 18:54 2048 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\urdstnim\Profiles\wj7kwubq.default\webappsstore.sqlite
2009-07-07 16:04 . 2009-07-07 16:04 4096 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\urdstnim\Profiles\wj7kwubq.default\formhistory.sqlite
2009-07-07 16:04 . 2009-07-06 18:55 0 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\urdstnim\Profiles\wj7kwubq.default\places.sqlite-journal
2009-07-07 16:04 . 2009-07-06 18:55 131072 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\urdstnim\Profiles\wj7kwubq.default\places.sqlite
2009-07-07 16:04 . 2009-07-07 16:04 16384 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\urdstnim\Profiles\wj7kwubq.default\key3.db
2009-07-07 16:04 . 2009-07-07 16:05 65536 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\urdstnim\Profiles\wj7kwubq.default\cert8.db
2009-07-07 16:04 . 2009-07-07 16:04 16384 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\urdstnim\Profiles\wj7kwubq.default\secmod.db
2009-07-07 16:04 . 2009-07-06 18:57 2048 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\urdstnim\Profiles\wj7kwubq.default\cookies.sqlite
2009-07-07 16:04 . 2009-07-07 16:04 2048 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\urdstnim\Profiles\wj7kwubq.default\permissions.sqlite
2009-07-07 16:04 . 2009-07-06 18:54 127885 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\urdstnim\Profiles\wj7kwubq.default\compreg.dat
2009-07-07 16:04 . 2009-07-06 18:54 96206 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\urdstnim\Profiles\wj7kwubq.default\xpti.dat
2009-07-07 16:04 . 2009-07-07 16:04 111 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\urdstnim\profiles.ini
2009-07-07 16:04 . 2009-07-06 18:54 229 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\urdstnim\Profiles\wj7kwubq.default\compatibility.ini
2009-07-06 18:54 . 2009-07-06 18:54 367 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\urdstnim\Profiles\wj7kwubq.default\prefs.js

((((((((((((((((((((((((((((( SnapShot@2009-07-08_00.16.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-08 00:58 . 2006-07-21 11:44 86016 c:\windows\system32\ReinstallBackups\0001\DriverFiles\SOUNDMAN.EXE
+ 2009-07-08 00:58 . 2008-04-13 17:51 23552 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\wdmaud.drv
+ 2009-07-08 00:58 . 2008-04-13 10:15 49408 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\stream.sys
+ 2009-07-08 00:58 . 2008-04-13 10:15 60160 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\drmk.sys
+ 2008-04-13 14:45 . 2008-04-13 10:15 49408 c:\windows\system32\dllcache\stream.sys
+ 2009-04-27 01:29 . 2008-04-13 10:15 60160 c:\windows\system32\dllcache\drmk.sys
+ 2009-07-08 00:58 . 2008-04-13 17:50 4096 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\ksuser.dll
+ 2009-07-08 00:58 . 2008-03-26 14:20 131072 c:\windows\system32\ReinstallBackups\0001\DriverFiles\RTLCPAPI.dll
+ 2009-07-08 00:58 . 2008-03-26 09:34 266240 c:\windows\system32\ReinstallBackups\0001\DriverFiles\RTCOMDLL.dll
+ 2009-07-08 00:58 . 2008-04-13 10:49 146048 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\portcls.sys
+ 2009-07-08 00:58 . 2008-04-13 10:46 141056 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\ks.sys
+ 2009-04-27 01:29 . 2008-04-13 10:49 146048 c:\windows\system32\dllcache\portcls.sys
+ 2008-04-13 15:16 . 2008-04-13 10:46 141056 c:\windows\system32\dllcache\ks.sys
+ 2009-07-08 00:58 . 2007-11-20 13:45 1826816 c:\windows\system32\ReinstallBackups\0001\DriverFiles\SkyTel.exe
+ 2009-07-08 00:58 . 2008-04-02 04:57 1196032 c:\windows\system32\ReinstallBackups\0001\DriverFiles\RtlUpd.exe
+ 2009-07-08 00:58 . 2007-03-23 14:49 9715200 c:\windows\system32\ReinstallBackups\0001\DriverFiles\RTLCPL.EXE
+ 2009-07-08 00:58 . 2008-05-20 13:23 4800000 c:\windows\system32\ReinstallBackups\0001\DriverFiles\RtkHDAud.sys
+ 2009-07-08 00:58 . 2007-06-28 12:14 2165760 c:\windows\system32\ReinstallBackups\0001\DriverFiles\MicCal.exe
+ 2009-07-08 00:58 . 2006-05-04 11:56 2808832 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ALCWZRD.EXE
+ 2009-07-08 00:58 . 2008-05-16 10:09 16862720 c:\windows\system32\ReinstallBackups\0001\DriverFiles\RTHDCPL.EXE
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 04:56 80384 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 04:56 80384 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 04:56 80384 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 04:56 80384 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 04:56 80384 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 04:56 80384 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 04:56 80384 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 04:56 80384 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 04:56 80384 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\arquivos de programas\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"WinampAgent"="c:\arquivos de programas\Winamp\winampa.exe" [2009-04-10 37888]
"AdobeCS4ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2009-01-05 413696]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-02 1630208]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-16 16862720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Arquivos de programas\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"c:\\Arquivos de programas\\Steam\\Steam.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Arquivos de programas\\Teamspeak\\TeamSpeak.exe"=
"c:\\Arquivos de programas\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\Pryds\\Dados de aplicativos\\Thinstall\\Anim-FX\\400000a800002i\\uTorrent.exe"=
"c:\\Arquivos de programas\\Steam\\steamapps\\ciganoo\\source sdk base\\hl2.exe"=
"c:\\Arquivos de programas\\Steam\\steamapps\\ciganoo\\counter-strike source\\hl2.exe"=
"c:\\Arquivos de programas\\Steam\\steamapps\\ciganoo\\garrysmod\\hl2.exe"=
"c:\\Arquivos de programas\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe"=
"c:\\Arquivos de programas\\Microsoft Games for Windows - LIVE\\Client\\GFWLive.exe"=
"c:\\WINDOWS\\system32\\winmine.exe"=
"c:\\Arquivos de programas\\Microsoft Games for Windows - LIVE\\Client\\GFWLClient.exe"=
"c:\\Arquivos de programas\\CAPCOM\\STREETFIGHTERIV\\SF4Launcher.exe"=
"c:\\Arquivos de programas\\Codemasters\\FUEL\\FUEL.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"27015:TCP"= 27015:TCP:27015
"27015:UDP"= 27015:UDP:Nome
"88:UDP"= 88:UDP:88
"3074:UDP"= 3074:UDP:3074
"3074:TCP"= 3074:TCP:3074
"443:UDP"= 443:UDP:443
"53:TCP"= 53:TCP:53
"53:UDP"= 53:UDP:53
"15:TCP"= 15:TCP:15
"15:UDP"= 15:UDP:15
"40:TCP"= 40:TCP:40
"40:UDP"= 40:UDP:40
"17:TCP"= 17:TCP:17
"17:UDP"= 17:UDP:17

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [27/4/2009 07:10 97608]
R2 AntiVirFirewallService;Avira Firewall;c:\arquivos de programas\Avira\AntiVir Desktop\avfwsvc.exe [27/4/2009 07:10 388865]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [27/4/2009 07:10 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\arquivos de programas\Avira\AntiVir Desktop\avwebgrd.exe [27/4/2009 07:10 434945]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [27/4/2009 05:56 36864]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [27/4/2009 07:10 69632]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\arquivos de programas\Avira\AntiVir Desktop\avmailc.exe [27/4/2009 07:10 194817]
S2 gbzxaqh;Server Universal;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 15:30 14336]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [6/4/2009 13:19 23064]

--- =Outros Serviços/Drivers Na Memória ---

*NewlyCreated* - GBZXAQH

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
gbzxaqh

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORFÃOS REMOVIDOS - - - -

BHO-{03E70D97-221A-425F-8847-D9A73EA9380d} - (no file)
BHO-{7EB1BA21-BCC4-4865-AD70-6AB3874C82C2} - (no file)

.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Pryds\Dados de aplicativos\Mozilla\Firefox\Profiles\4eucr364.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-08 20:31
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gbzxaqh]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-861567501-261903793-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:fb,d5,18,94,06,f5,ff,99,02,70,50,c5,af,13,b4,fb,a0,4f,95,7d,34,
90,3a,cb,ea,5a,04,65,88,c2,bc,4d,03,4b,ed,1d,a7,a5,5d,15,0c,4d,e0,88,94,f8,\
"rkeysecu"=hex:df,10,11,86,2c,d5,f9,64,13,e3,ca,41,c4,37,da,33
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(2968)
c:\arquivos de programas\RocketDock\RocketDock.dll
c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll
c:\arquivos de programas\TortoiseSVN\bin\TortoiseStub.dll
c:\arquivos de programas\TortoiseSVN\bin\TortoiseSVN.dll
c:\arquivos de programas\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-07-08 4:12 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-07-08 23:42
ComboFix2.txt 2009-07-08 00:26

Pré-execução: 10 pasta(s) 14.600.159.232 bytes disponíveis
Pós execução: 10 pasta(s) 14.586.380.288 bytes disponíveis

486

Tem tesse combofix2.txt, mas n sei se é esse:

ComboFix 09-07-07.07 - Pryds 08/07/2009 4:32.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1733 [GMT 4,5:30]
Executando de: c:\documents and settings\Pryds\Meus documentos\Alessandro\Pryds.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\19b57b2.msi
c:\windows\system32\fciqohm.dll
c:\windows\system32\gckoxsgm.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VHWJGAKC
-------\Service_vhwjgakc

(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-08 to 2009-07-08 ))))))))))))))))))))))))))))
.

2009-07-08 00:15 . 2009-07-08 00:15 -------- d-----w- c:\windows\system32\xircom
2009-07-08 00:15 . 2009-07-08 00:15 -------- d-----w- c:\windows\system32\wbem\snmp
2009-07-08 00:15 . 2009-07-08 00:15 -------- d-----w- c:\arquivos de programas\microsoft frontpage
2009-07-07 16:04 . 2009-07-07 16:04 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\urdstnim
2009-07-07 10:45 . 2005-05-03 14:13 69632 ----a-w- c:\windows\Alcmtr.exe
2009-07-06 15:33 . 2009-07-06 15:33 -------- d-----w- c:\documents and settings\NetworkService\Dados de aplicativos\urdstnim
2009-07-05 14:41 . 2009-07-05 14:41 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\Malwarebytes
2009-07-05 14:41 . 2009-06-17 06:57 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-05 14:41 . 2009-07-05 14:41 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2009-07-05 14:41 . 2009-07-05 14:41 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2009-07-05 14:41 . 2009-06-17 06:57 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-03 16:04 . 2006-05-03 17:53 135168 ----a-w- c:\windows\system32\expat.dll
2009-07-03 16:04 . 2006-05-03 17:54 49152 ----a-w- c:\windows\system32\INETWH32.dll
2009-07-02 19:10 . 2009-07-02 19:10 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\FUEL
2009-07-02 18:53 . 2009-07-02 18:53 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\InstallShield Installation Information
2009-07-02 18:53 . 2009-07-02 18:53 -------- d-----w- c:\arquivos de programas\Codemasters
2009-07-02 18:53 . 2009-06-15 10:39 546668 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\InstallShield Installation Information\{F51FF206-2273-4B3E-A90A-4752AE288C12}\ISSetup.dll
2009-07-02 18:53 . 2007-02-27 15:08 456416 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\InstallShield Installation Information\{F51FF206-2273-4B3E-A90A-4752AE288C12}\setup.exe
2009-07-02 18:53 . 2006-05-17 16:21 373680 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\InstallShield Installation Information\{F51FF206-2273-4B3E-A90A-4752AE288C12}\_setup.dll
2009-07-02 18:52 . 2009-07-02 18:52 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\InstallShield
2009-07-02 15:55 . 2009-07-02 15:55 -------- d-----w- c:\arquivos de programas\SEGA
2009-07-02 15:08 . 2009-07-04 01:08 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP
2009-07-02 15:08 . 2009-07-04 01:10 -------- d-----w- C:\Fraps
2009-06-30 21:33 . 2009-06-30 21:33 -------- d-----w- c:\arquivos de programas\CAPCOM
2009-06-30 18:08 . 2009-06-30 18:19 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy
2009-06-30 18:08 . 2009-06-30 18:08 -------- d-----w- c:\arquivos de programas\Spybot
2009-06-27 20:28 . 2009-06-27 20:49 -------- d-----w- c:\arquivos de programas\MorphVOX Pro
2009-06-27 20:28 . 2009-06-27 20:30 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Screaming Bee
2009-06-26 18:36 . 2009-06-26 18:40 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\Likno
2009-06-26 12:16 . 2009-06-27 20:30 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\Screaming Bee
2009-06-26 10:13 . 2009-06-26 10:13 -------- d-----w- c:\windows\system32\AGEIA
2009-06-26 10:13 . 2009-06-26 10:13 -------- d-----w- c:\arquivos de programas\AGEIA Technologies
2009-06-20 20:23 . 2009-06-20 20:23 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2009-06-20 20:23 . 2009-06-20 20:23 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2009-06-20 20:23 . 2009-06-20 20:23 -------- d-----w- c:\arquivos de programas\OpenAL
2009-06-20 20:10 . 2009-06-20 20:10 -------- d-----w- c:\arquivos de programas\Paradox Interactive
2009-06-19 17:46 . 2009-06-19 17:46 7680 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\Thinstall\Anim-FX\40000064300002i\bsplayer.exe
2009-06-19 16:32 . 2009-06-19 16:32 7680 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\Thinstall\Anim-FX\400000a800002i\uTorrent.exe
2009-06-19 16:15 . 2009-06-19 16:24 -------- d-----w- C:\Program Files
2009-06-19 15:12 . 2009-06-19 15:12 7680 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\Thinstall\Anim-FX\4000004d00002i\firefox.exe
2009-06-18 20:59 . 2009-06-18 20:59 -------- d-----w- c:\windows\osu!
2009-06-18 20:59 . 2009-06-28 14:58 -------- d-----w- c:\arquivos de programas\osu!
2009-06-18 16:13 . 2009-06-18 16:13 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\Aleo Software
2009-06-17 21:39 . 2003-11-04 10:41 159744 ----a-w- c:\windows\system32\lfpng13n.dll
2009-06-17 21:39 . 2003-05-22 12:01 55808 ----a-w- c:\windows\system32\lfpsd13n.dll
2009-06-17 21:39 . 2003-11-04 10:40 69632 ----a-w- c:\windows\system32\lfgif13n.dll
2009-06-17 21:39 . 2004-05-14 12:23 462848 ----a-w- c:\windows\system32\ltkrn13n.dll
2009-06-17 21:39 . 2004-05-14 12:23 450560 ----a-w- c:\windows\system32\ltimg13n.dll
2009-06-17 21:39 . 2004-05-14 12:23 299008 ----a-w- c:\windows\system32\ltdis13n.dll
2009-06-17 21:39 . 2004-05-14 12:23 163840 ----a-w- c:\windows\system32\ltfil13n.dll
2009-06-17 21:39 . 2004-05-14 12:23 57344 ----a-w- c:\windows\system32\lfbmp13n.dll
2009-06-17 21:39 . 2004-05-14 12:23 401408 ----a-w- c:\windows\system32\lfcmp13n.dll
2009-06-17 21:39 . 2004-01-11 21:39 206336 ----a-w- c:\windows\system32\ltefx13n.dll
2009-06-17 17:38 . 2009-06-17 17:38 -------- d-----w- c:\arquivos de programas\Wondershare
2009-06-17 08:00 . 2009-06-17 08:00 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\Media Player Classic
2009-06-13 15:53 . 2009-06-13 15:53 -------- d-sh--w- c:\documents and settings\Pryds\PrivacIE
2009-06-11 07:28 . 2009-06-11 07:30 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\DPlot
2009-06-11 07:28 . 2009-06-11 07:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DPlot
2009-06-11 07:03 . 2009-06-11 07:03 -------- d-sh--w- c:\documents and settings\Pryds\IETldCache
2009-06-11 06:59 . 2009-06-11 07:01 -------- dc-h--w- c:\windows\ie8
2009-06-11 06:59 . 2009-06-11 07:01 -------- d-----w- C:\ceb2195bbb4efffa4762fb4a071d1d
2009-06-10 12:22 . 2008-04-13 10:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-06-10 12:22 . 2008-04-13 10:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-06-10 12:21 . 2008-04-13 10:16 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-06-10 12:21 . 2008-04-13 10:16 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-06-10 12:21 . 2008-04-13 10:16 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-06-10 12:21 . 2008-04-13 10:16 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-06-10 12:21 . 2008-04-13 10:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-06-10 12:21 . 2008-04-13 17:50 54784 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-06-10 12:21 . 2009-06-10 12:21 13824 ----a-w- c:\windows\system32\drivers\splitcam.sys
2009-06-10 12:20 . 2009-06-10 12:20 -------- d-----w- c:\arquivos de programas\SplitCam
2009-06-08 17:21 . 2009-06-08 17:21 -------- d-----w- C:\tmp
2009-06-08 17:21 . 2009-06-08 17:21 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\YCanPDF

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-07 16:57 . 2009-04-27 02:27 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\skypePM
2009-07-07 12:01 . 2009-04-27 01:32 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\Skype
2009-07-07 10:47 . 2009-04-27 02:22 -------- d-----w- c:\arquivos de programas\Steam
2009-07-07 09:21 . 2009-04-27 00:26 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\uTorrent
2009-07-04 01:34 . 2009-04-27 01:27 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-07-01 19:33 . 2009-04-27 19:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\TrackMania
2009-06-27 17:17 . 2009-05-06 17:31 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\Thinstall
2009-06-26 14:58 . 2009-04-27 14:40 -------- d-----w- c:\arquivos de programas\BSplayer
2009-06-26 10:12 . 2009-06-07 13:15 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard
2009-06-14 13:18 . 2009-05-22 07:04 189072 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-14 13:00 . 2009-05-22 07:05 138920 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-11 07:11 . 2009-06-06 16:31 -------- d-----w- c:\arquivos de programas\Opera
2009-06-10 05:50 . 2009-05-22 06:33 -------- d-----w- c:\arquivos de programas\Activision
2009-06-10 05:44 . 2009-05-17 23:40 -------- d-----w- c:\arquivos de programas\Electronic Arts
2009-06-09 09:43 . 2009-04-27 02:40 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys
2009-06-07 17:18 . 2009-05-28 20:44 -------- d-----w- c:\arquivos de programas\HD Tach
2009-06-01 08:06 . 2009-06-01 08:06 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\Nero
2009-05-29 19:08 . 2009-05-29 19:07 -------- d-----w- c:\arquivos de programas\QuickTime
2009-05-29 19:07 . 2009-05-29 19:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer
2009-05-29 19:07 . 2009-05-29 19:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple
2009-05-29 19:07 . 2009-05-29 19:07 -------- d-----w- c:\arquivos de programas\Apple Software Update
2009-05-29 18:09 . 2009-04-27 00:26 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield
2009-05-28 16:46 . 2009-05-28 16:46 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\PixelPlanet
2009-05-26 20:53 . 2009-05-26 20:53 1915520 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-05-24 10:59 . 2009-05-24 10:59 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\TortoiseSVN
2009-05-24 10:53 . 2009-05-24 10:53 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\Subversion
2009-05-24 10:53 . 2009-05-24 10:53 -------- d-----w- c:\arquivos de programas\TortoiseSVN
2009-05-24 10:53 . 2009-05-24 10:53 -------- d-----w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays
2009-05-23 23:07 . 2009-05-23 23:07 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\Avira
2009-05-22 10:12 . 2009-05-22 10:12 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\teamspeak2
2009-05-22 10:12 . 2009-05-22 10:12 -------- d-----w- c:\arquivos de programas\Teamspeak
2009-05-22 07:19 . 2009-05-22 07:03 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-05-22 07:05 . 2009-05-22 07:05 22328 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\PnkBstrK.sys
2009-05-22 07:05 . 2009-05-22 07:05 22328 ----a-w- c:\documents and settings\Pryds\Dados de aplicativos\PnkBstrK.sys
2009-05-20 19:40 . 2009-05-20 19:40 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-17 23:51 . 2009-05-17 23:51 10134 ----a-r- c:\documents and settings\Pryds\Dados de aplicativos\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-05-17 23:51 . 2009-05-17 23:51 -------- d-----w- c:\arquivos de programas\Microsoft WSE
2009-05-17 18:35 . 2009-05-17 18:35 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab
2009-05-17 15:27 . 2009-05-17 15:27 -------- d--h--r- c:\documents and settings\Pryds\Dados de aplicativos\SecuROM
2009-05-17 15:26 . 2009-05-17 15:23 -------- d-----w- c:\arquivos de programas\Microsoft Games for Windows - LIVE
2009-05-16 14:23 . 2008-04-14 11:00 76414 ----a-w- c:\windows\system32\perfc016.dat
2009-05-16 14:23 . 2008-04-14 11:00 465986 ----a-w- c:\windows\system32\perfh016.dat
2009-05-16 14:22 . 2009-05-16 14:22 -------- d-----w- c:\arquivos de programas\MSBuild
2009-05-16 14:22 . 2009-05-16 14:22 -------- d-----w- c:\arquivos de programas\Reference Assemblies
2009-05-12 20:00 . 2009-05-09 18:17 -------- d-----w- c:\arquivos de programas\Tibia
2009-05-12 19:02 . 2009-05-12 19:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FLEXnet
2009-05-12 18:34 . 2009-04-27 02:13 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2009-05-12 12:54 . 2009-04-27 08:47 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DVDVideoSoft
2009-05-12 12:54 . 2009-04-27 08:47 -------- d-----w- c:\arquivos de programas\Youtube
2009-05-09 19:19 . 2009-05-09 19:12 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\Tibia
2009-05-09 19:13 . 2009-05-09 19:13 -------- d-----w- c:\arquivos de programas\Asprate
2009-05-09 18:57 . 2009-05-09 18:57 -------- d-----w- c:\documents and settings\Pryds\Dados de aplicativos\Remere's Map Editor
2009-04-30 20:14 . 2009-04-30 20:14 36101 ----a-w- c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2009-04-30 20:14 . 2009-04-30 20:14 131072 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-04-27 10:40 . 2009-04-27 02:40 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-04-27 10:40 . 2009-04-27 02:40 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-04-27 02:27 . 2009-04-27 02:27 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-04-27 02:22 . 2009-04-27 02:22 1204 ----a-w- c:\windows\mozver.dat
2009-04-27 02:16 . 2008-10-10 20:42 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS
2009-04-27 01:29 . 2009-04-27 01:29 315392 ----a-w- c:\windows\HideWin.exe
2009-04-27 01:18 . 2009-04-27 00:09 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-27 00:35 . 2009-04-27 00:35 0 ----a-w- c:\windows\nsreg.dat
2009-04-27 00:06 . 2009-04-27 00:07 21844 ----a-w- c:\windows\system32\emptyregdb.dat
2009-04-21 19:50 . 2009-04-21 19:50 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-21 19:50 . 2009-04-21 19:50 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2008-04-14 11:00 . 2008-04-14 11:00 164746 --sha-r- c:\windows\system32\cfgnm.dll
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 04:56 80384 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 04:56 80384 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 04:56 80384 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 04:56 80384 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 04:56 80384 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 04:56 80384 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 04:56 80384 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 04:56 80384 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 04:56 80384 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\arquivos de programas\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"WinampAgent"="c:\arquivos de programas\Winamp\winampa.exe" [2009-04-10 37888]
"AdobeCS4ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2009-01-05 413696]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-02 1630208]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-16 16862720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Arquivos de programas\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"c:\\Arquivos de programas\\Steam\\Steam.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Arquivos de programas\\Teamspeak\\TeamSpeak.exe"=
"c:\\Arquivos de programas\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\Pryds\\Dados de aplicativos\\Thinstall\\Anim-FX\\400000a800002i\\uTorrent.exe"=
"c:\\Arquivos de programas\\Steam\\steamapps\\ciganoo\\source sdk base\\hl2.exe"=
"c:\\Arquivos de programas\\Steam\\steamapps\\ciganoo\\counter-strike source\\hl2.exe"=
"c:\\Arquivos de programas\\Steam\\steamapps\\ciganoo\\garrysmod\\hl2.exe"=
"c:\\Arquivos de programas\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe"=
"c:\\Arquivos de programas\\Microsoft Games for Windows - LIVE\\Client\\GFWLive.exe"=
"c:\\WINDOWS\\system32\\winmine.exe"=
"c:\\Arquivos de programas\\Microsoft Games for Windows - LIVE\\Client\\GFWLClient.exe"=
"c:\\Arquivos de programas\\CAPCOM\\STREETFIGHTERIV\\SF4Launcher.exe"=
"c:\\Arquivos de programas\\Codemasters\\FUEL\\FUEL.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3907:TCP"= 3907:TCP:dgciyeg
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"27015:TCP"= 27015:TCP:27015
"27015:UDP"= 27015:UDP:Nome
"88:UDP"= 88:UDP:88
"3074:UDP"= 3074:UDP:3074
"3074:TCP"= 3074:TCP:3074
"443:UDP"= 443:UDP:443
"53:TCP"= 53:TCP:53
"53:UDP"= 53:UDP:53
"15:TCP"= 15:TCP:15
"15:UDP"= 15:UDP:15
"40:TCP"= 40:TCP:40
"40:UDP"= 40:UDP:40
"17:TCP"= 17:TCP:17
"17:UDP"= 17:UDP:17

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [27/4/2009 07:10 97608]
R2 AntiVirFirewallService;Avira Firewall;c:\arquivos de programas\Avira\AntiVir Desktop\avfwsvc.exe [27/4/2009 07:10 388865]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [27/4/2009 07:10 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\arquivos de programas\Avira\AntiVir Desktop\avwebgrd.exe [27/4/2009 07:10 434945]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [27/4/2009 05:56 36864]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [27/4/2009 07:10 69632]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\arquivos de programas\Avira\AntiVir Desktop\avmailc.exe [27/4/2009 07:10 194817]
S2 dbtdpjsb;Helper Center;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 15:30 14336]
S2 fglfjk;Task Installer;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 15:30 14336]
S2 fxwxzerzw;Update Monitor;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 15:30 14336]
S2 gpiemlun;Monitor Security;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 15:30 14336]
S2 hesezgm;Center Server;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 15:30 14336]
S2 hlqno;Time Task;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 15:30 14336]
S2 hzcamad;Support Time;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 15:30 14336]
S2 kjkptdoub;Image Center;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 15:30 14336]
S2 sbrqmd;Universal Driver;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 15:30 14336]
S2 tpcymut;Image Config;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 15:30 14336]
S2 uodezrst;Network Universal;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 15:30 14336]
S2 xkkmnhw;Microsoft Network;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 15:30 14336]
S2 xpzswek;Installer Security;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 15:30 14336]
S2 xxcmbi;Monitor Windows;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 15:30 14336]
S2 ybjrxfawd;Time Network;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 15:30 14336]
S2 yqfkzmy;Security Support;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 15:30 14336]
S2 ztfbfxmf;Helper Microsoft;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 15:30 14336]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [6/4/2009 13:19 23064]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
hlqno
ybjrxfawd
uodezrst
hzcamad
dbtdpjsb
fxwxzerzw
sbrqmd
gpiemlun
xkkmnhw
fglfjk
kjkptdoub
tpcymut
ztfbfxmf
xpzswek
yqfkzmy
hesezgm
xxcmbi

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORFÃOS REMOVIDOS - - - -

BHO-{03E70D97-221A-425F-8847-D9A73EA9380d} - c:\windows\system32\gckoxsgm.dll
BHO-{7EB1BA21-BCC4-4865-AD70-6AB3874C82C2} - c:\windows\system32\fciqohm.dll
HKCU-Run-AdobeBridge - (no file)

.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Pryds\Dados de aplicativos\Mozilla\Firefox\Profiles\4eucr364.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-08 04:45
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dbtdpjsb]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fglfjk]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fxwxzerzw]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gpiemlun]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hesezgm]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hlqno]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hzcamad]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kjkptdoub]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sbrqmd]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tpcymut]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uodezrst]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xkkmnhw]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xpzswek]
"ServiceDll"="c:\windows\system32\cfgnm.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xxcmbi]
"ServiceDll"="c:\windows\system32\cfgnm.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ybjrxfawd]
"ServiceDll"="c:\windows\system32\cfgnm.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yqfkzmy]
"ServiceDll"="c:\windows\system32\cfgnm.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ztfbfxmf]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-861567501-261903793-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:fb,d5,18,94,06,f5,ff,99,02,70,50,c5,af,13,b4,fb,a0,4f,95,7d,34,
90,3a,cb,ea,5a,04,65,88,c2,bc,4d,03,4b,ed,1d,a7,a5,5d,15,0c,4d,e0,88,94,f8,\
"rkeysecu"=hex:df,10,11,86,2c,d5,f9,64,13,e3,ca,41,c4,37,da,33
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(816)
c:\arquivos de programas\RocketDock\RocketDock.dll
c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll
c:\arquivos de programas\TortoiseSVN\bin\TortoiseStub.dll
c:\arquivos de programas\TortoiseSVN\bin\TortoiseSVN.dll
c:\arquivos de programas\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\drwtsn32.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-07-08 4:56 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-07-08 00:26

Pré-execução: 10 pasta(s) 14.923.636.736 bytes disponíveis
Pós execução: 10 pasta(s) 14.747.975.680 bytes disponíveis

475

HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:27, on 8/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\Winamp\winampa.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Arquivos de programas\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [RocketDock] "C:\Arquivos de programas\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\arquivos de programas\bonjour\mdnsnsp.dll' missing
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 5695 bytes

Vitao222 · 08/07/2009

Pô pessoal, vamos colocar os logs em spoiler, né.

Aqui nessa página tá cheio de logs gigantes. Basta usar o [*spoiler] log [/spoiler], só tirando o asterisco da primeira tag (fiz isso pra não virar spoiler).

jvictorpaiva · 09/07/2009

Mr.Wolf, tudo bom?

Por gentileza me ajude, estou no pc da minha avó e está péssimo, travando direto, etc. Segue abaixo o log do HijackThis.

Agradeço desde já.

Código:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:18, on 9/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Adicionar ao Anti-Banner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&[url]http://home.microsoft.com/intl/br/access/allinone.asp[/url]
O20 - AppInit_DLLs: C:\ARQUIV~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5350 bytes

Megadeeth · 09/07/2009

faaaala grande Mestre Wolf tdo bom irmao????? espero q sim

Mr eu me cadastrei na quele twitter ta ligado???? gostaria de saber se o risco de pegar um virus no twitter é igual q no orkut e talz??? qual sao os virus do twitter essas coisas assim.Poderia mi ixplicar Mestre???? pq vc sabe sempre q preciso de informaçao sobre virus e segurança a 1 pessoa q eu procuro eh vc pq vc eh o melhor!!!!!!!!!!!!!!!!!!!!!

mto obrigado grande Mestre

um abraçao

EDIT

Mestre desculpe encomodar di novo mais eh q eu to trabalhando num escritorio do meu tiu e esse pc q eu to ta estranho tipo tem veiz q liga o pc e a barra de tarefas e as outras coisas nao aparece nem o papel de parede fik tdo branco!!!!!!!!!!!!!!

mais nao eh soh na hora q liga do nada qndo to usando o pc a barra de tarefas some sozinha e nem indo pelo gerenciador de tarefas e escrevendo explorer.exe q vi no google uma veiz da certo!!!!!!! as pastas fecham do nada tb e alguns programas tb fecham sozinhos!!!!!!! isso nao eh sempre mais agora ta mais constante

sera q eh virus????? eu posso postar um log do hijackthis desse pc p vc dar uma olhada p mim???

obrigado irmao

Mr.Wolf · 09/07/2009

Olá pessoal, boa tarde!

Tiagoquiroga, siga as instruções abaixo:

- Baixe o RunScanner e salve-o no desktop.

- Dê um duplo clique em runscanner.exe para rodar a ferramenta.
- Marque a opção Expert Mode e clique em OK.
- Quando o programa abrir, verifique nas guias Malware hunting e Extra stuff se no item "Filter" a opção selecionada é All files. Se não for, coloque esta opção.
- Clique no botão Scan computer e aguarde a análise da ferramenta.
- Ao término do scan, clique no botão Save log file e salve o log em seu desktop. Terá o nome de runscanner.log.

Poste este log em sua próxima resposta Tiago.

____________________________________________________

Pryds, estamos terminando já. Delete a pasta C:\Qoobox. Quanto ao relógio, é normal ficar desajustado quando o ComboFix é executado. Isso evita que o malware restaure a data do sistema complicando sua remoção. Após terminarmos a limpeza iremos corrigir este problema.

Siga as instruções abaixo:

Selecione e copie o texto abaixo. Cole no Bloco de Notas e salve como CFScript.txt

Código:

File::
c:\windows\system32\cfgnm.dll

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gbzxaqh]

NetSvc::
gbzxaqh

Driver::
gbzxaqh


KillAll::

Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:

● Se for solicitado à você, pressione Enter para iniciar o processo de remoção;
● Não use o mouse nem o teclado quando o ComboFix estiver rodando;
● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt;
● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

____________________________________________________

Olá jvictorpaiva, siga as instruções abaixo:

- Baixe o HijackThis ScanList upado no link abaixo e salve-o no desktop;
http://rapidshare.com/files/155713635/HijackThisScanlist.zip.html

● Extraia o seu conteúdo para o desktop;
● Dê um duplo clique em hjtscanlist.bat;
● Tecle X > Enter;
● Tecle 1 > Enter;

Selecione (Ctrl+A), copie (Ctrl+C) e cole (Ctrl+V) o resultado apresentado em sua próxima resposta.

Mr.Wolf · 09/07/2009

felipe agp disse:
SHOOOOOOOOWWWWWWWWWW

Funfo blezinha agora mr.wolf.

Vlw msm

Mais sempre terei q atualizar assim??? :cry:

Não, Felipe.

Mova o arquivo zlib.dll para a pasta do MBAM em arquivos de programas.

O programa deverá atualizar automaticamente agora.

Qualquer problema novamente, você pode reportar aqui para mim ou reportar pelo próprio programa - o report pode ser no idioma PT-BR mesmo, não necessariamente em inglês. :thumbs_up

_________________________________________________

Megadeeth disse:
Mr eu me cadastrei na quele twitter ta ligado???? gostaria de saber se o risco de pegar um virus no twitter é igual q no orkut e talz??? qual sao os virus do twitter essas coisas assim.Poderia mi ixplicar Mestre????

Leia as notícias abaixo Megadeeth:
http://www.linhadefensiva.org/2009/07/virus-especializado-em-redes-sociais-ataca-twitter/
http://www.linhadefensiva.org/2009/07/ataques-no-twitter-roubam-credenciais-de-acesso/

Megadeeth disse:
Mestre desculpe encomodar di novo mais eh q eu to trabalhando num escritorio do meu tiu e esse pc q eu to ta estranho tipo tem veiz q liga o pc e a barra de tarefas e as outras coisas nao aparece nem o papel de parede fik tdo branco!!!!!!!!!!!!!!

mais nao eh soh na hora q liga do nada qndo to usando o pc a barra de tarefas some sozinha e nem indo pelo gerenciador de tarefas e escrevendo explorer.exe q vi no google uma veiz da certo!!!!!!! as pastas fecham do nada tb e alguns programas tb fecham sozinhos!!!!!!! isso nao eh sempre mais agora ta mais constante

sera q eh virus????? eu posso postar um log do hijackthis desse pc p vc dar uma olhada p mim???

Poste um log, por favor.

Megadeeth · 09/07/2009

vlw pelos links das noticias Mestre !!!!!!!!!!! :yes: entao tem virus no twitter tb esses kras sao mto chatos colocam virus em todo lugares!!!!!!!! :ranting3: vou tomar cuidado como tomo no orkut e talz

vc tem twitter Mestre???? orkut?????

o log do pc aki eh esse

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:01:36, on 9/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.versarehoteis.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (file missing)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Tarifador] C:\Cosmos\Tarifador.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD2385C5-B048-4453-9477-2F1CCF864367}: NameServer = 192.168.1.254
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe
--
End of file - 2997 bytes

eu queria tirar essa bosta de avast e coloca o avira mais meu tiu gosta dessa ***** de avast :no:

obrigadao pela analise Mestre :yes:

Remoção de vírus

Member

Member

!

Member

know-it-all Member

Malware Removal

Malware Removal

Member

know-it-all Member

Malware Removal

Malware Removal

Member

know-it-all Member

Malware Removal

Member

Malware Removal

Member

Member

know-it-all Member

know-it-all Member

Active Member

Well-Known Member

Malware Removal

Malware Removal

Well-Known Member

Users who are viewing this thread