[Resolvido!] Tem alguém espionando meu computador?

• Faça o download do UsbFix e salve-o no desktop (área de trabalho):

● Desative o Avast! temporariamente. Para maiores informações de como desativá-lo, veja em:

Como desabilitar seu antivirus e anti-spyware temporariamente

● Dê um duplo clique no ícone do UsbFix e instale-o clicando em (**Suivant** > **Aceite o contrato** > **Suivant** > **Suivant** > **Démarrer** > **Quitter**);

● Dê um duplo clique no ícone do UsbFix criado no desktop para executá-lo;

● Tecle a opção **2** e pressione **Enter**;

● Insira seu pen drive, MP3, MP4 ou qualquer outra mídia removível que tenha na(s) porta(s) USB do PC e clique **OK** na mensagem. Seu desktop sumirá e aparecerá uma tela preta. Seu computador será reiniciado automaticamente;

● Mantenha a(s) mídia(s) no local. Não remova!

● Quando seu computador estiver reiniciando, seu desktop não será apresentado e aparecerá uma tela preta da ferramenta fazendo uma verificação final;

● Ao término Ao término, será aberto o bloco de notas para você com o log. O log também estará em C:\UsbFix.txt

● Feche o bloco de notas (clicando no X) para fechar o programa também.

OBS: Se após reiniciar o desktop ficar somente com o plano de fundo, sem ícones e barras, tecle Ctrl + Alt + Delete para rodar o gerenciador de tarefas. Clique em Arquivo > Executar nova tarefa, digite: explorer.exe e dê um OK.

Antes de fazer o que você disse tenho notado que o computador tem uns problemas ao iniciar, o desktop fica zuado, os icones mudam de posição...

Ah, e quando tentei baixar o USBFIX seu link nao funcionou, entao baixei de outro lugar.

Segue o log dele e o do HithisJack (caso ajude em alguma coisa...)

-------------- UsbFix V2.395 ---------------

* User : uu - IRLEIDE

* Outils mis a jours le 20/10/2008 par Chiquitine29 et Chimay8

* Recherche effectuée à 16:44:42 le qui 18/06/2009

* Windows Xp - Internet Explorer 6.0.2900.5512

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\DOCUME~1\uu\CONFIG~1\Temp\13.tmp\b2e.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\system32\LckFldService.exe

C:\WINDOWS\vsnpstd.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\System32\alg.exe

--------------- [ Informations lecteurs ] ----------------

C: - Unidade de disco fixo

E: - Unidade de disco remov¡vel

G: - Unidade de disco remov¡vel

--------------- [ Registre / Startup ] ----------------

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

SiSPower REG_SZ Rundll32.exe SiSPower.dll,ModeAgent

SoundMAX REG_SZ "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

AudioDeck REG_SZ C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

Monitor REG_SZ C:\WINDOWS\PixArt\PAC207\Monitor.exe

SoundMAXPnP REG_SZ C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

QuickTime Task REG_SZ "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

snpstd REG_SZ C:\WINDOWS\vsnpstd.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

RemoveIT Pro XT REG_SZ C:\Arquivos de programas\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15746c58-d298-11db-a0f1-00830801f13d}\Shell\AutoRun\command

Supprimé ! - HKEY_USERS\S-1-5-21-1060284298-1844823847-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15746c58-d298-11db-a0f1-00830801f13d}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51baad56-9b1b-11dd-9c12-001558596689}\Shell\AutoRun\command

Supprimé ! - HKEY_USERS\S-1-5-21-1060284298-1844823847-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51baad56-9b1b-11dd-9c12-001558596689}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51baad56-9b1b-11dd-9c12-001558596689}\Shell\open\Command

Supprimé ! - HKEY_USERS\S-1-5-21-1060284298-1844823847-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51baad56-9b1b-11dd-9c12-001558596689}\Shell\open\Command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{579aa8be-a39d-11dc-a3b8-00830801f13d}\Shell\AutoRun\command

Supprimé ! - HKEY_USERS\S-1-5-21-1060284298-1844823847-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{579aa8be-a39d-11dc-a3b8-00830801f13d}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a34d230a-1ef9-11de-9d8f-001558596689}\Shell\AutoRun\command

Supprimé ! - HKEY_USERS\S-1-5-21-1060284298-1844823847-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a34d230a-1ef9-11de-9d8f-001558596689}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7c22868-068e-11dd-9a3d-001558596689}\Shell\AutoRun\command

Supprimé ! - HKEY_USERS\S-1-5-21-1060284298-1844823847-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7c22868-068e-11dd-9a3d-001558596689}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7c22868-068e-11dd-9a3d-001558596689}\Shell\open\Command

Supprimé ! - HKEY_USERS\S-1-5-21-1060284298-1844823847-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7c22868-068e-11dd-9a3d-001558596689}\Shell\open\Command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c74e8e40-c6d9-11dd-9c99-001558596689}\Shell\AutoRun\command

Supprimé ! - HKEY_USERS\S-1-5-21-1060284298-1844823847-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c74e8e40-c6d9-11dd-9c99-001558596689}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c74e8e40-c6d9-11dd-9c99-001558596689}\Shell\open\Command

Supprimé ! - HKEY_USERS\S-1-5-21-1060284298-1844823847-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c74e8e40-c6d9-11dd-9c99-001558596689}\Shell\open\Command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f086c7ce-5030-11dd-9b2c-00830801f13d}\Shell\AutoRun\command

Supprimé ! - HKEY_USERS\S-1-5-21-1060284298-1844823847-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f086c7ce-5030-11dd-9b2c-00830801f13d}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f086c7ce-5030-11dd-9b2c-00830801f13d}\Shell\open\Command

Supprimé ! - HKEY_USERS\S-1-5-21-1060284298-1844823847-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f086c7ce-5030-11dd-9b2c-00830801f13d}\Shell\open\Command

--------------- [ Nettoyage des disques ] ----------------

Supprimé ! - C:\Recycled\Recycled

--------------- ! Fin du rapport ! ----------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:50:44, on 18/6/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\system32\LckFldService.exe

C:\WINDOWS\vsnpstd.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.shareazaweb.com/br/

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKCU\..\Run: [RemoveIT Pro XT] C:\Arquivos de programas\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: Download Links As... - file://C:\WINDOWS\system32\page.htm

O8 - Extra context menu item: Download Target(s) As... - file://C:\WINDOWS\system32\link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Windows Network Data Management System Service (BNDMSS) - Unknown owner - C:\WINDOWS\system32\bndmss.exe (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Hyperdesk Theme Enabler (HdThemeEnabler) - The Skins Factory, Inc. - C:\Arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 7807 bytes

Nigel, Tenha uma boa noite!

• Vá a este Link,e baixe: < Malwarebytes >

• Atualize o programa!

• Escolha o escaneamento Rápido!

• Desabilite programas de proteção,ao executar o malwarebytes.

• Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

• Para maiores detalhes: < Link >

-----------------------

• Poste,os relatórios: mbam-log-2008-xx-xx (00-00-00).txt + HijackThis,atualizado.

Malwarebytes' Anti-Malware 1.38

Versão do banco de dados: 2307

Windows 5.1.2600 Service Pack 3

19/6/2009 11:46:00

mbam-log-2009-06-19 (11-46-00).txt

Tipo de Verificação: Rápida

Objetos verificados: 90616

Tempo decorrido: 3 minute(s), 28 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 2

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 3

Arquivos infectados: 5

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BNDMSS (Trojan.Backdoor) -> Quarantined and deleted successfully.

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Pastas infectadas:

c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851 (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850 (Trojan.Agent) -> Quarantined and deleted successfully.

Arquivos infectados:

c:\documents and settings\uu\clf32.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\RECYCLER\s-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.

c:\RECYCLER\s-1-5-21-0243336031-4052116379-881863308-0851\Desktop.ini (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\RECYCLER\s-1-5-21-0243336031-4052116379-881863308-0850\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\hosts (Trojan.Agent) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:49:45, on 19/6/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\LckFldService.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\vsnpstd.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.shareazaweb.com/br/

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKCU\..\Run: [RemoveIT Pro XT] C:\Arquivos de programas\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: Download Links As... - file://C:\WINDOWS\system32\page.htm

O8 - Extra context menu item: Download Target(s) As... - file://C:\WINDOWS\system32\link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Hyperdesk Theme Enabler (HdThemeEnabler) - The Skins Factory, Inc. - C:\Arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 7623 bytes

Ólá Nigel Tenha uma boa Tarde!

1° Passo.

• Baixe: < ToolBar S&D >

• Salve-o no Disco Local-C, em uma pasta própria.

• Reinicie o computador, em Modo de Segurança. <-- Importante!

• Execute o programa, e à seguir, aperte o "p" --> Enter --> Ok.

• Digite o dois! ( 2 ) --> Aperte Enter --> Aguarde!

• Terminando, poste o relatório. ( C:\ToolBar SD\TB_1.txt )

2° Passo.

Faça o download do Random's System Information Tool (RSIT)

http://images.malwareremoval.com/random/RSIT.exe

Salve na sua área de trabalho.

◘ Execute o RSIT.exe.

◘ Haverá uma janela informativa:

◘ List files/folders created or modified in the last: 1 month

◘ Clique em Continue.

Quando terminar, dois blocos de notas serão abertos:

log.txt -> abrirá maximizado

info.txt -> abrirá minimizado.

poste o arquivo log.txt na sua proxima resposta.

Uma cópia desses arquivos ficará salva na pasta C:\RSIT

Obs: Se o seu firewall alertar sobre o arquivo rsit.exe tentando se conectar, certifique-se de permitir (allow).

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : AMD Sempron Processor 2800+ )

BIOS : Phoenix - AwardBIOS v6.00PG

USER : uu ( Administrator )

BOOT : Fail-safe boot

Antivirus : AVG Anti-Virus Free 8.5 (Not Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:232 Go (Free:149 Go)

D:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [2] ( s b 27/06/2009|11:32 )

C:\WINDOWS\iun6002.exe

C:\DOCUME~1\uu\CONFIG~1\Temp\nsb27.tmp

C:\DOCUME~1\uu\CONFIG~1\Temp\nsb28.tmp

C:\DOCUME~1\uu\CONFIG~1\Temp\nso2C.tmp

C:\DOCUME~1\uu\CONFIG~1\Temp\nso2D.tmp

C:\DOCUME~1\uu\CONFIG~1\Temp\nsu51.tmp

-----------\\ REMOVIDOS

Deletado! - C:\Arquivos de programas\AskPBar\bar

Deletado! - C:\WINDOWS\iun6002.exe

Deletado! - C:\DOCUME~1\uu\CONFIG~1\Temp\nsb27.tmp

Deletado! - C:\DOCUME~1\uu\CONFIG~1\Temp\nsb28.tmp

Deletado! - C:\DOCUME~1\uu\CONFIG~1\Temp\nso2C.tmp

Deletado! - C:\DOCUME~1\uu\CONFIG~1\Temp\nso2D.tmp

Deletado! - C:\DOCUME~1\uu\CONFIG~1\Temp\nsu51.tmp

Deletado! - C:\Arquivos de programas\AskPBar

-----------\\ Procura por Arquivos / Ficheiros ...

-----------\\ Extensions

 (uu) - {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} => forecastfox

 (uu) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

 (uu) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper

 

 

 -----------\\ [..\Internet Explorer\Main]

 

 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

 "Start Page"="[http://search.shareazaweb.com/br/"](http://search.shareazaweb.com/br/)

 "Search Page"="[http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"](http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch)

 "Local Page"="C:\\WINDOWS\\system32\\blank.htm"

 

 [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

 "Default_Page_URL"="[http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"](http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)

 "Default_Search_URL"="[http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"](http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch)

 "Search Page"="[http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"](http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch)

 "Start Page"="[http://www.msn.com/"](http://www.msn.com/)

 "Local Page"="C:\\WINDOWS\\SYSTEM32\\blank.htm"

 

 

 --------------------\\ Procurando por outras infecções

 

 --------------------\\ Cracks & Keygens ..

 

 C:\DOCUME~1\uu\Meus documentos\ARQUIVOS INSTALACAO\dreburn.mp3.v1.0.keygen.takcrack.com.zip

 C:\DOCUME~1\uu\Meus documentos\ARQUIVOS INSTALACAO\keygen.exe

 C:\DOCUME~1\uu\Recent\Bejeweled_2_Deluxe___keygen.rar.lnk

 

 

 

 1 - "C:\ToolBar SD\TB_1.txt" - s b 27/06/2009|11:34 - Option : [2]

 

 -----------\\ Verificação completa em 11:34:12,75

Logfile of random's system information tool 1.06 (written by random/random)

Run by uu at 2009-06-27 11:47:58

Microsoft Windows XP Professional Service Pack 3

System drive C: has 153 GB (64%) free of 238 GB

Total RAM: 1502 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:48:02, on 27/6/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\vsnpstd.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\LckFldService.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\uu\Desktop\RSIT.exe

C:\HijackThis\uu.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.shareazaweb.com/br/

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKCU\..\Run: [RemoveIT Pro XT] C:\Arquivos de programas\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: Download Links As... - file://C:\WINDOWS\system32\page.htm

O8 - Extra context menu item: Download Target(s) As... - file://C:\WINDOWS\system32\link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Hyperdesk Theme Enabler (HdThemeEnabler) - The Skins Factory, Inc. - C:\Arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 7662 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job

C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

Yahoo! Toolbar Helper - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Facilitador de Leitor de Link Adobe PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Arquivos de programas\AVG\AVG8\avgssie.dll [2009-06-02 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]

Megaupload Toolbar - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL [2007-07-31 1933256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-25 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Megaupload Toolbar - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL [2007-07-31 1933256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SiSPower"=SiSPower.dll,ModeAgent []

"SoundMAX"=C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe [2004-09-23 860160]

"AudioDeck"=C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1 []

"Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2006-11-03 319488]

"SoundMAXPnP"=C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]

"QuickTime Task"=C:\Arquivos de programas\QuickTime\qttask.exe [2007-06-29 286720]

"snpstd"=C:\WINDOWS\vsnpstd.exe [2003-12-31 40960]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"RemoveIT Pro XT"=C:\Arquivos de programas\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\12CFG914-K641-26SF-N31P]

C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850\vsse32.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\13CFG914-K641-26SF-N31P]

C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0950\vsse33.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMsnMonitor]

C:\Arquivos de programas\AwinSoft\MsnMonitor\A_MSN_Monitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]

C:\ARQUIV~1\AVG\AVG8\avgtray.exe [2009-06-26 1948440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Emurayden PSX Emulator]

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C67 Series]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE /P23 EPSON Stylus C67 Series /O6 USB001 /M Stylus C67 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flash]

C:\Arquivos de programas\Flash.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]

C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe [2004-05-05 262210]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Arquivos de programas\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMonitor]

C:\Arquivos de programas\IMMonitor\MSN Messenger Monitor Sniffer\MsnMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]

C:\Arquivos de programas\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [2008-11-07 54576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-03-23 227328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Arquivos de programas\QuickTime\QTTask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RavAV]

C:\WINDOWS\AdobeR.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Real Spy Monitor]

C:\Arquivos de programas\Real Monitor\winrsm.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

C:\Arquivos de programas\Skype\Phone\Skype.exe [2009-04-16 24264488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]

C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-09-03 1576176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]

C:\Arquivos de programas\mobile PhoneTools\WatchDog.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

C:\ARQUIV~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Flash.exe]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Flash.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HOTSYNCSHORTCUTNAME.lnk]

C:\ARQUIV~1\Palm\Hotsync.exe -logon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uu^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

C:\ARQUIV~1\ARQUIV~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uu^Menu Iniciar^Programas^Inicializar^Download Mage.lnk]

C:\ARQUIV~1\DLMage\DNLOAD~1.EXE [2008-08-25 352256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uu^Menu Iniciar^Programas^Inicializar^HotSync Manager.LNK]

C:\ARQUIV~1\Palm\Hotsync.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]

C:\WINDOWS\system32\avgrsstx.dll [2009-06-26 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Arquivos de programas\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Arquivos de programas\eMule\emule.exe"="C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule"

"C:\Arquivos de programas\Orbitdownloader\orbitnet.exe"="C:\Arquivos de programas\Orbitdownloader\orbitnet.exe:*:Enabled:P2P service of Orbit Downloader"

"C:\Arquivos de programas\CyberScript32\CyberScript.exe"="C:\Arquivos de programas\CyberScript32\CyberScript.exe:*:Enabled:mIRC"

"C:\Arquivos de programas\softnyx\GunboundWC\GunBound.gme"="C:\Arquivos de programas\softnyx\GunboundWC\GunBound.gme:*:Enabled:GunBound"

"C:\Arquivos de programas\Gunbound\GunBoundWC\GunBound.gme"="C:\Arquivos de programas\Gunbound\GunBoundWC\GunBound.gme:*:Enabled:GunBound"

"C:\Arquivos de programas\WinPcap\rpcapd.exe"="C:\Arquivos de programas\WinPcap\rpcapd.exe:*:Enabled:Remote Packet Capture Daemon"

"C:\Arquivos de programas\Azureus\Azureus.exe"="C:\Arquivos de programas\Azureus\Azureus.exe:*:Enabled:Azureus"

"C:\Arquivos de programas\BitTornado\btdownloadgui.exe"="C:\Arquivos de programas\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui"

"C:\Arquivos de programas\OnGame\GunBoundWC\GunBound.gme"="C:\Arquivos de programas\OnGame\GunBoundWC\GunBound.gme:*:Enabled:GunBound"

"C:\Documents and Settings\uu\Desktop\Silkroad_Manual-Patch_Downloader.exe"="C:\Documents and Settings\uu\Desktop\Silkroad_Manual-Patch_Downloader.exe:*:Enabled:Full-Client Downloader"

"C:\Arquivos de programas\Silkroad\BOT\nuConnector75.exe"="C:\Arquivos de programas\Silkroad\BOT\nuConnector75.exe:*:Enabled:nuConnector75"

"C:\Arquivos de programas\Silkroad\BOT\nuConnector76.exe"="C:\Arquivos de programas\Silkroad\BOT\nuConnector76.exe:*:Enabled:nuConnector76"

"C:\Arquivos de programas\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe"="C:\Arquivos de programas\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe:*:Disabled:removeit"

"C:\Documents and Settings\uu\Desktop\Renan\Downloads - RG\LieroX v0.56 Pack 1.9\LieroX.exe"="C:\Documents and Settings\uu\Desktop\Renan\Downloads - RG\LieroX v0.56 Pack 1.9\LieroX.exe:*:Disabled:LieroX"

"C:\Documents and Settings\uu\Desktop\Renan\Downloads - RG\Jogos\LieroX v0.56 Pack 1.9\LieroX.exe"="C:\Documents and Settings\uu\Desktop\Renan\Downloads - RG\Jogos\LieroX v0.56 Pack 1.9\LieroX.exe:*:Enabled:LieroX"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Documents and Settings\uu\Desktop\Renan\Downloads - RG\Jogos\LieroX_v0.56_Pack_1.9\LieroX v0.56 Pack 1.9\LieroX.exe"="C:\Documents and Settings\uu\Desktop\Renan\Downloads - RG\Jogos\LieroX_v0.56_Pack_1.9\LieroX v0.56 Pack 1.9\LieroX.exe:*:Enabled:LieroX"

"C:\Arquivos de programas\Java\jre1.6.0_02\bin\javaw.exe"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\javaw.exe:*:Enabled:Java Platform SE binary"

"C:\Documents and Settings\uu\Desktop\Renan\LieroX-v0.62b\LieroX.exe"="C:\Documents and Settings\uu\Desktop\Renan\LieroX-v0.62b\LieroX.exe:*:Enabled:Liero Xtreme"

"C:\Documents and Settings\uu\Desktop\Renan\OpenLieroX\OpenLieroX.exe"="C:\Documents and Settings\uu\Desktop\Renan\OpenLieroX\OpenLieroX.exe:*:Enabled:OpenLieroX"

"C:\Documents and Settings\uu\Desktop\Renan\Downloads - RG\Jogos\OpenLieroX\OpenLieroX.exe"="C:\Documents and Settings\uu\Desktop\Renan\Downloads - RG\Jogos\OpenLieroX\OpenLieroX.exe:*:Enabled:OpenLieroX"

"C:\Documents and Settings\uu\Desktop\emulator-win\Emulator.exe"="C:\Documents and Settings\uu\Desktop\emulator-win\Emulator.exe:*:Enabled:Palm OS® Emulator"

"C:\GenialGiFT\gift\giFT.exe"="C:\GenialGiFT\gift\giFT.exe:*:Enabled:Carregador - GiFT - www.genialgift.sytes.net"

"C:\Arquivos de programas\K-LiteNitro\giFT\giFTl.exe"="C:\Arquivos de programas\K-LiteNitro\giFT\giFTl.exe:*:Enabled:Gift Para o KNitro"

"C:\Arquivos de programas\Silkroad\BOT\nuConnector77.exe"="C:\Arquivos de programas\Silkroad\BOT\nuConnector77.exe:*:Enabled:nuConnector77"

"C:\Documents and Settings\uu\Meus documentos\My Completed Downloads\Silkroad_Manual-Patch_Downloader.exe"="C:\Documents and Settings\uu\Meus documentos\My Completed Downloads\Silkroad_Manual-Patch_Downloader.exe:*:Enabled:Full-Client Downloader"

"C:\Documents and Settings\uu\Desktop\LieroX-v0.62b\LieroX.exe"="C:\Documents and Settings\uu\Desktop\LieroX-v0.62b\LieroX.exe:*:Enabled:Liero Xtreme"

"C:\Arquivos de programas\Shareaza Applications\Shareaza\Shareaza.exe"="C:\Arquivos de programas\Shareaza Applications\Shareaza\Shareaza.exe:*:Enabled:Shareaza"

"C:\WINDOWS\system32\bndmss.exe"="C:\WINDOWS\system32\bndmss.exe:*:Enabled:BNDMSS"

"C:\Documents and Settings\uu\skp66.exe"="C:\Documents and Settings\uu\skp66.exeskp66.exe:*:Enabled:BNDMSS"

"skp66.exe"="skp66.exe:*:Enabled:BNDMSS"

"C:\Arquivos de programas\Silkroad\Bot\Package2.5.3.nomap\nuConnector77.exe"="C:\Arquivos de programas\Silkroad\Bot\Package2.5.3.nomap\nuConnector77.exe:*:Enabled:nuConnector77"

"C:\Arquivos de programas\Motorola\RSD Lite\SDL.exe"="C:\Arquivos de programas\Motorola\RSD Lite\SDL.exe:*:Enabled:SDL"

"C:\Arquivos de programas\Mozilla Firefox\firefox.exe"="C:\Arquivos de programas\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

"C:\Documents and Settings\uu\ud32.exe"="C:\Documents and Settings\uu\ud32.exeud32.exe:*:Enabled:BNDMSS"

"ud32.exe"="ud32.exe:*:Enabled:BNDMSS"

"C:\Documents and Settings\uu\Desktop\Renan\Downloads - RG\Jogos\Left.4.Dead.Full-Rip.Skullptura\Left 4 Dead\left4dead.exe"="C:\Documents and Settings\uu\Desktop\Renan\Downloads - RG\Jogos\Left.4.Dead.Full-Rip.Skullptura\Left 4 Dead\left4dead.exe:*:Enabled:left4dead"

"C:\Documents and Settings\uu\Configurações locais\Temp\Rar$EX00.906\Emulator_Profile.exe"="C:\Documents and Settings\uu\Configurações locais\Temp\Rar$EX00.906\Emulator_Profile.exe:*:Enabled:Palm OS® Emulator"

"C:\Documents and Settings\uu\Desktop\FACULDADE\palmos\emulator-win\Emulator.exe"="C:\Documents and Settings\uu\Desktop\FACULDADE\palmos\emulator-win\Emulator.exe:*:Enabled:Palm OS® Emulator"

"C:\Arquivos de programas\Valve\hl.exe"="C:\Arquivos de programas\Valve\hl.exe:*:Enabled:Half-Life Launcher"

"C:\Documents and Settings\uu\Desktop\Renan\Downloads - RG\Jogos\LackeyCCG\LackeyCCG.exe"="C:\Documents and Settings\uu\Desktop\Renan\Downloads - RG\Jogos\LackeyCCG\LackeyCCG.exe:*:Enabled:LackeyCCG"

"C:\Arquivos de programas\AVG\AVG8\avgupd.exe"="C:\Arquivos de programas\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Arquivos de programas\AVG\AVG8\avgnsx.exe"="C:\Arquivos de programas\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

"C:\Arquivos de programas\Skype\Phone\Skype.exe"="C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Arquivos de programas\Ares\Ares.exe"="C:\Arquivos de programas\Ares\Ares.exe:*:Enabled:Ares p2p for windows"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======File associations======

.txt - open - Notepad.exe "%1"

======List of files/folders created in the last 1 months======

2009-06-27 11:47:58 ----D---- C:\rsit

2009-06-27 11:32:01 ----A---- C:\TB.txt

2009-06-27 11:31:22 ----D---- C:\ToolBar SD

2009-06-27 11:29:48 ----A---- C:\WINDOWS\ntbtlog.txt

2009-06-27 11:07:05 ----D---- C:\Toolbar S&D

2009-06-25 23:35:13 ----D---- C:\Arquivos de programas\Ares

2009-06-25 23:28:00 ----A---- C:\aresregular211_installer.exe

2009-06-24 16:56:14 ----D---- C:\Arquivos de programas\AutorunRemover

2009-06-18 16:44:42 ----A---- C:\UsbFix.txt

2009-06-18 16:41:19 ----D---- C:\Arquivos de programas\UsbFix

2009-06-11 12:37:08 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\81E4

2009-06-04 14:15:36 ----D---- C:\Arquivos de programas\GameHouse

2009-06-03 16:56:45 ----D---- C:\Arquivos de programas\Oberon Media

2009-06-03 16:56:45 ----D---- C:\Arquivos de programas\MSN Games

2009-06-03 16:53:56 ----HD---- C:\$AVG8.VAULT$

2009-06-02 11:28:44 ----A---- C:\WINDOWS\system32\avgrsstx.dll

2009-06-02 11:28:26 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\avg8

2009-06-02 11:28:26 ----D---- C:\Arquivos de programas\AVG

2009-05-30 12:48:24 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\NCH Swift Sound

2009-05-30 12:48:13 ----D---- C:\Arquivos de programas\NCH Software

2009-05-30 12:47:54 ----D---- C:\Documents and Settings\uu\Dados de aplicativos\NCH Swift Sound

2009-05-30 12:47:54 ----D---- C:\Arquivos de programas\NCH Swift Sound

======List of files/folders modified in the last 1 months======

2009-06-27 11:47:59 ----D---- C:\HijackThis

2009-06-27 11:47:47 ----D---- C:\WINDOWS\Prefetch

2009-06-27 11:46:51 ----D---- C:\WINDOWS\system32\CatRoot2

2009-06-27 11:46:10 ----SD---- C:\WINDOWS\Tasks

2009-06-27 11:46:06 ----D---- C:\WINDOWS\temp

2009-06-27 11:46:00 ----A---- C:\WINDOWS\system32\lckfldservicelog.txt

2009-06-27 11:35:44 ----D---- C:\Arquivos de programas\Mozilla Firefox

2009-06-27 11:33:06 ----D---- C:\Arquivos de programas

2009-06-27 11:32:37 ----D---- C:\WINDOWS

2009-06-27 11:28:24 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-06-27 11:10:33 ----A---- C:\WINDOWS\LEXSTAT.INI

2009-06-27 10:44:44 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Google Updater

2009-06-27 10:44:15 ----D---- C:\WINDOWS\system32

2009-06-26 16:59:50 ----A---- C:\WINDOWS\NeroDigital.ini

2009-06-26 11:44:54 ----D---- C:\WINDOWS\system32\drivers

2009-06-22 22:20:20 ----D---- C:\Documents and Settings\uu\Dados de aplicativos\Skype

2009-06-19 11:46:00 ----SHD---- C:\RECYCLER

2009-06-19 07:51:46 ----D---- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2009-06-18 16:44:51 ----RSHD---- C:\Recycled

2009-06-18 12:40:48 ----ASH---- C:\boot.ini

2009-06-18 12:40:48 ----A---- C:\WINDOWS\win.ini

2009-06-18 12:40:48 ----A---- C:\WINDOWS\system.ini

2009-06-18 12:37:24 ----D---- C:\Arquivos de programas\Silkroad

2009-06-18 12:35:38 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software

2009-06-18 12:35:25 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-06-18 12:35:12 ----HD---- C:\WINDOWS\inf

2009-06-18 12:35:04 ----HD---- C:\Arquivos de programas\InstallShield Installation Information

2009-06-04 14:16:55 ----AD---- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2009-06-03 16:57:44 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft

2009-06-02 19:04:07 ----SHD---- C:\WINDOWS\Installer

2009-06-02 19:04:07 ----D---- C:\Config.Msi

2009-06-02 11:28:11 ----D---- C:\WINDOWS\WinSxS

2009-06-02 11:28:11 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

2009-06-01 22:18:07 ----D---- C:\Documents and Settings\uu\Dados de aplicativos\.BitTornado

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-06-26 327688]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-26 27784]

R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-02 108552]

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]

R1 SASDIFSV;SASDIFSV; \??\C:\Arquivos de programas\SUPERAntiSpyware\SASDIFSV.SYS []

R1 SASKUTIL;SASKUTIL; \??\C:\Arquivos de programas\SUPERAntiSpyware\SASKUTIL.sys []

R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-05-25 11904]

R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-01-21 267384]

R1 WS2IFSL;Ambiente de suporte a provedores de serviços não-IFS do Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-28 12032]

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2005-03-04 127872]

R3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-05 12288]

R3 NTProcDrv;Process creation detector for NT.; \??\C:\WINDOWS\TEMP\drv1.tmp []

R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-28 5888]

R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2005-03-01 392704]

R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-05-25 245760]

R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992]

R3 SymEvent;SymEvent; \??\C:\Arquivos de programas\Symantec\SYMEVENT.SYS []

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 41856]

S1 mferkdk;VSCore mferkdk; \??\C:\Arquivos de programas\McAfee\VirusScan Enterprise\mferkdk.sys []

S3 catchme;catchme; \??\C:\DOCUME~1\uu\CONFIG~1\Temp\catchme.sys []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 FXDRV;FXDRV; \??\D:\Fxdrv.sys []

S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys []

S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2004-09-14 88960]

S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 nm;Driver de monitor de rede; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]

S3 nocashio;nocashio; C:\WINDOWS\system32\drivers\nocashio.sys [2007-07-09 4096]

S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys []

S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]

S3 SASENUM;SASENUM; \??\C:\Arquivos de programas\SUPERAntiSpyware\SASENUM.SYS []

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 snpstd;D-Link CIF Webcam; C:\WINDOWS\system32\DRIVERS\snpstd.sys [2004-02-18 299776]

S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-01-21 26424]

S3 usb2vcom;USB to Serial Bridge Controller; C:\WINDOWS\System32\Drivers\usb2vcom.sys [2006-07-16 30368]

S3 Usblink;Usblink Driver; C:\WINDOWS\System32\Drivers\ulink.sys [2003-06-02 40060]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]

S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2008-11-09 22768]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 zlportio;zlportio; \??\C:\Documents and Settings\uu\Desktop\Renan\Downloads - RG\Jogos\UltraSta Deluxe 1.1\zlportio.sys []

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG Free8 WatchDog; C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2009-06-26 298776]

R2 HdThemeEnabler;Hyperdesk Theme Enabler; C:\Arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe [2008-07-21 106496]

R2 LckFldService;LckFldService; C:\WINDOWS\system32\LckFldService.exe [2004-01-11 36864]

R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-11-06 307200]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]

R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]

S2 gusvc;Google Software Updater; C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]

S3 Adobe LM Service;Adobe LM Service; C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-04-27 72704]

S3 IDriverT;InstallDriver Table Manager; C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 NBService;NBService; C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 ServiceLayer;ServiceLayer; C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]

S3 SNDSrvc;Symantec Network Drivers Service; C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe [2005-01-21 206552]

S3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\MSN Messenger\usnsvc.exe [2007-01-19 97136]

S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]

S4 NMIndexingService;NMIndexingService; C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]

-----------------EOF-----------------

Ola Nigel,

1° Passo.

Vá em Iniciar > Executar > e digite "notepad" sem aspas. Vai ser aberto o bloco de notas do windows.

Copie todo o contéudo do QUOTE abaixo para ele.

REGEDIT4 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\12CFG914-K641-26SF-N31P]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\13CFG914-K641-26SF-N31P]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RavAV]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Real Spy Monitor]

Vá em arquivos > Salvar como > Salve com o nome Fix.reg. Lembrando que você deve salva-lo em seu Desktop.

Execute o arquivo e permita que seja adicionado as informações ao registro clicando em "sim"

2° Passo.

Faça o download do Avenger e salve no seu Desktop em seguida descompacte-o.

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo:

Begin copying here:Files to delete:

C:\WINDOWS\AdobeR.exe

C:\WINDOWS\system32\DRIVERS\lmimirr.sys

C:\WINDOWS\system32\drivers\PalmUSBD.sys

Folders to delete:

C:\Arquivos de programas\Real Monitor\winrsm.exe

Execute o Avenger.exe no desktop.

• Clique direito do mouse na janela Input script here:, em seguida clique em Paste ou (control + v).

• Clique em Execute

• Escolha "Yes" duas vezes, quando solicitado.

Ao acabar de executar o script o PC será reiniciado. É possivel que o PC seja reiniciado mais de uma vez.

Poste o log que encontrará em C:\avenger.txt.

3° Passo.

Faça o download do Gmer e salve no seu desktop (Área de Trabalho).

• Extraia/tire do zip o arquivo para uma pasta própria.

• Feito isso, desligue o PC da Internet e feche todos os programas.

Existe uma pequenissíma hipótese desta aplicação desligar o seu PC. Por isso, salve qualquer trabalho que tenha aberto.

• Duplo-clique em Gmer.exe.

• Permita que o driver gmer.sys seja rodado, se lhe for perguntado.

• Se receber o aviso acerca de actividade de rootkit e para fazer um scan...clique em Yes.

• Quando o scan terminar poderá receber outro aviso sobre atividade de rootkit, clique OK.

• GMER irá produzir um log. Clique em "Save" e salve o log no seu desktop como gmer.txt.

Caso não tenha recebido o aviso sobre atividade de rootkit, clique em Rootkit.

• No lado direito (debaixo de file, desmarque todos os drives excepto o seu disco (usualmente o C).

• Certifique-se que todas as outras caixas, no lado direito do ecran estao marcadas, EXCEPTO para "Show All".

• Clique em "Scan" e aguarde que o scan seja efectuado.

• Quando o scan terminar poderá receber outro aviso sobre atividade de rootkit, clique OK.

• GMER irá produzir um log. Clique em "Save" e salve o log no seu desktop como gmer.txt.

-- Na sua proxima resposta poste os log(s) do:

Random's System Information Tool (RSIT)

Avenger

Gmer

Ok, feitos os 3 passos, seguem os logs!

Logfile of random's system information tool 1.06 (written by random/random)

Run by uu at 2009-06-29 17:40:29

Microsoft Windows XP Professional Service Pack 3

System drive C: has 154 GB (64%) free of 238 GB

Total RAM: 1502 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:40:31, on 29/6/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\vsnpstd.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\LckFldService.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\uu\Desktop\RSIT.exe

C:\HijackThis\uu.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.shareazaweb.com/br/

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKCU\..\Run: [RemoveIT Pro XT] C:\Arquivos de programas\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: Download Links As... - file://C:\WINDOWS\system32\page.htm

O8 - Extra context menu item: Download Target(s) As... - file://C:\WINDOWS\system32\link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Hyperdesk Theme Enabler (HdThemeEnabler) - The Skins Factory, Inc. - C:\Arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 7629 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job

C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

Yahoo! Toolbar Helper - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Facilitador de Leitor de Link Adobe PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Arquivos de programas\AVG\AVG8\avgssie.dll [2009-06-02 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]

Megaupload Toolbar - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL [2007-07-31 1933256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-25 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Megaupload Toolbar - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL [2007-07-31 1933256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SiSPower"=SiSPower.dll,ModeAgent []

"SoundMAX"=C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe [2004-09-23 860160]

"AudioDeck"=C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1 []

"Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2006-11-03 319488]

"SoundMAXPnP"=C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]

"QuickTime Task"=C:\Arquivos de programas\QuickTime\qttask.exe [2007-06-29 286720]

"snpstd"=C:\WINDOWS\vsnpstd.exe [2003-12-31 40960]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"RemoveIT Pro XT"=C:\Arquivos de programas\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMsnMonitor]

C:\Arquivos de programas\AwinSoft\MsnMonitor\A_MSN_Monitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]

C:\ARQUIV~1\AVG\AVG8\avgtray.exe [2009-06-26 1948440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Emurayden PSX Emulator]

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C67 Series]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE /P23 EPSON Stylus C67 Series /O6 USB001 /M Stylus C67 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flash]

C:\Arquivos de programas\Flash.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]

C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe [2004-05-05 262210]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Arquivos de programas\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMonitor]

C:\Arquivos de programas\IMMonitor\MSN Messenger Monitor Sniffer\MsnMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]

C:\Arquivos de programas\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [2008-11-07 54576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-03-23 227328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Arquivos de programas\QuickTime\QTTask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

C:\Arquivos de programas\Skype\Phone\Skype.exe [2009-04-16 24264488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]

C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-09-03 1576176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]

C:\Arquivos de programas\mobile PhoneTools\WatchDog.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

C:\ARQUIV~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Flash.exe]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Flash.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HOTSYNCSHORTCUTNAME.lnk]

C:\ARQUIV~1\Palm\Hotsync.exe -logon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uu^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

C:\ARQUIV~1\ARQUIV~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uu^Menu Iniciar^Programas^Inicializar^Download Mage.lnk]

C:\ARQUIV~1\DLMage\DNLOAD~1.EXE [2008-08-25 352256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uu^Menu Iniciar^Programas^Inicializar^HotSync Manager.LNK]

C:\ARQUIV~1\Palm\Hotsync.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]

C:\WINDOWS\system32\avgrsstx.dll [2009-06-26 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Arquivos de programas\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Arquivos de programas\eMule\emule.exe"="C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule"

"C:\Arquivos de programas\Orbitdownloader\orbitnet.exe"="C:\Arquivos de programas\Orbitdownloader\orbitnet.exe:*:Enabled:P2P service of Orbit Downloader"

"C:\Arquivos de programas\CyberScript32\CyberScript.exe"="C:\Arquivos de programas\CyberScript32\CyberScript.exe:*:Enabled:mIRC"

"C:\Arquivos de programas\softnyx\GunboundWC\GunBound.gme"="C:\Arquivos de programas\softnyx\GunboundWC\GunBound.gme:*:Enabled:GunBound"

"C:\Arquivos de programas\Gunbound\GunBoundWC\GunBound.gme"="C:\Arquivos de programas\Gunbound\GunBoundWC\GunBound.gme:*:Enabled:GunBound"

"C:\Arquivos de programas\WinPcap\rpcapd.exe"="C:\Arquivos de programas\WinPcap\rpcapd.exe:*:Enabled:Remote Packet Capture Daemon"

"C:\Arquivos de programas\Azureus\Azureus.exe"="C:\Arquivos de programas\Azureus\Azureus.exe:*:Enabled:Azureus"

"C:\Arquivos de programas\BitTornado\btdownloadgui.exe"="C:\Arquivos de programas\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui"

"C:\Arquivos de programas\OnGame\GunBoundWC\GunBound.gme"="C:\Arquivos de programas\OnGame\GunBoundWC\GunBound.gme:*:Enabled:GunBound"

"C:\Documents and Settings\uu\Desktop\Silkroad_Manual-Patch_Downloader.exe"="C:\Documents and Settings\uu\Desktop\Silkroad_Manual-Patch_Downloader.exe:*:Enabled:Full-Client Downloader"

"C:\Arquivos de programas\Silkroad\BOT\nuConnector75.exe"="C:\Arquivos de programas\Silkroad\BOT\nuConnector75.exe:*:Enabled:nuConnector75"

"C:\Arquivos de programas\Silkroad\BOT\nuConnector76.exe"="C:\Arquivos de programas\Silkroad\BOT\nuConnector76.exe:*:Enabled:nuConnector76"

"C:\Arquivos de programas\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe"="C:\Arquivos de programas\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe:*:Disabled:removeit"

"C:\Documents and Settings\uu\Desktop\Renan\Downloads - RG\LieroX v0.56 Pack 1.9\LieroX.exe"="C:\Documents and Settings\uu\Desktop\Renan\Downloads - RG\LieroX v0.56 Pack 1.9\LieroX.exe:*:Disabled:LieroX"

"C:\Documents and Settings\uu\Desktop\Renan\Downloads - RG\Jogos\LieroX v0.56 Pack 1.9\LieroX.exe"="C:\Documents and Settings\uu\Desktop\Renan\Downloads - RG\Jogos\LieroX v0.56 Pack 1.9\LieroX.exe:*:Enabled:LieroX"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Documents and Settings\uu\Desktop\Renan\Downloads - RG\Jogos\LieroX_v0.56_Pack_1.9\LieroX v0.56 Pack 1.9\LieroX.exe"="C:\Documents and Settings\uu\Desktop\Renan\Downloads - RG\Jogos\LieroX_v0.56_Pack_1.9\LieroX v0.56 Pack 1.9\LieroX.exe:*:Enabled:LieroX"

"C:\Arquivos de programas\Java\jre1.6.0_02\bin\javaw.exe"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\javaw.exe:*:Enabled:Java Platform SE binary"

"C:\Documents and Settings\uu\Desktop\Renan\LieroX-v0.62b\LieroX.exe"="C:\Documents and Settings\uu\Desktop\Renan\LieroX-v0.62b\LieroX.exe:*:Enabled:Liero Xtreme"

"C:\Documents and Settings\uu\Desktop\Renan\OpenLieroX\OpenLieroX.exe"="C:\Documents and Settings\uu\Desktop\Renan\OpenLieroX\OpenLieroX.exe:*:Enabled:OpenLieroX"

"C:\Documents and Settings\uu\Desktop\Renan\Downloads - RG\Jogos\OpenLieroX\OpenLieroX.exe"="C:\Documents and Settings\uu\Desktop\Renan\Downloads - RG\Jogos\OpenLieroX\OpenLieroX.exe:*:Enabled:OpenLieroX"

"C:\Documents and Settings\uu\Desktop\emulator-win\Emulator.exe"="C:\Documents and Settings\uu\Desktop\emulator-win\Emulator.exe:*:Enabled:Palm OS® Emulator"

"C:\GenialGiFT\gift\giFT.exe"="C:\GenialGiFT\gift\giFT.exe:*:Enabled:Carregador - GiFT - www.genialgift.sytes.net"

"C:\Arquivos de programas\K-LiteNitro\giFT\giFTl.exe"="C:\Arquivos de programas\K-LiteNitro\giFT\giFTl.exe:*:Enabled:Gift Para o KNitro"

"C:\Arquivos de programas\Silkroad\BOT\nuConnector77.exe"="C:\Arquivos de programas\Silkroad\BOT\nuConnector77.exe:*:Enabled:nuConnector77"

"C:\Documents and Settings\uu\Meus documentos\My Completed Downloads\Silkroad_Manual-Patch_Downloader.exe"="C:\Documents and Settings\uu\Meus documentos\My Completed Downloads\Silkroad_Manual-Patch_Downloader.exe:*:Enabled:Full-Client Downloader"

"C:\Documents and Settings\uu\Desktop\LieroX-v0.62b\LieroX.exe"="C:\Documents and Settings\uu\Desktop\LieroX-v0.62b\LieroX.exe:*:Enabled:Liero Xtreme"

"C:\Arquivos de programas\Shareaza Applications\Shareaza\Shareaza.exe"="C:\Arquivos de programas\Shareaza Applications\Shareaza\Shareaza.exe:*:Enabled:Shareaza"

"C:\WINDOWS\system32\bndmss.exe"="C:\WINDOWS\system32\bndmss.exe:*:Enabled:BNDMSS"

"C:\Documents and Settings\uu\skp66.exe"="C:\Documents and Settings\uu\skp66.exeskp66.exe:*:Enabled:BNDMSS"

"skp66.exe"="skp66.exe:*:Enabled:BNDMSS"

"C:\Arquivos de programas\Silkroad\Bot\Package2.5.3.nomap\nuConnector77.exe"="C:\Arquivos de programas\Silkroad\Bot\Package2.5.3.nomap\nuConnector77.exe:*:Enabled:nuConnector77"

"C:\Arquivos de programas\Motorola\RSD Lite\SDL.exe"="C:\Arquivos de programas\Motorola\RSD Lite\SDL.exe:*:Enabled:SDL"

"C:\Arquivos de programas\Mozilla Firefox\firefox.exe"="C:\Arquivos de programas\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

"C:\Documents and Settings\uu\ud32.exe"="C:\Documents and Settings\uu\ud32.exeud32.exe:*:Enabled:BNDMSS"

"ud32.exe"="ud32.exe:*:Enabled:BNDMSS"

"C:\Documents and Settings\uu\Desktop\Renan\Downloads - RG\Jogos\Left.4.Dead.Full-Rip.Skullptura\Left 4 Dead\left4dead.exe"="C:\Documents and Settings\uu\Desktop\Renan\Downloads - RG\Jogos\Left.4.Dead.Full-Rip.Skullptura\Left 4 Dead\left4dead.exe:*:Enabled:left4dead"

"C:\Documents and Settings\uu\Configurações locais\Temp\Rar$EX00.906\Emulator_Profile.exe"="C:\Documents and Settings\uu\Configurações locais\Temp\Rar$EX00.906\Emulator_Profile.exe:*:Enabled:Palm OS® Emulator"

"C:\Documents and Settings\uu\Desktop\FACULDADE\palmos\emulator-win\Emulator.exe"="C:\Documents and Settings\uu\Desktop\FACULDADE\palmos\emulator-win\Emulator.exe:*:Enabled:Palm OS® Emulator"

"C:\Arquivos de programas\Valve\hl.exe"="C:\Arquivos de programas\Valve\hl.exe:*:Enabled:Half-Life Launcher"

"C:\Documents and Settings\uu\Desktop\Renan\Downloads - RG\Jogos\LackeyCCG\LackeyCCG.exe"="C:\Documents and Settings\uu\Desktop\Renan\Downloads - RG\Jogos\LackeyCCG\LackeyCCG.exe:*:Enabled:LackeyCCG"

"C:\Arquivos de programas\AVG\AVG8\avgupd.exe"="C:\Arquivos de programas\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Arquivos de programas\AVG\AVG8\avgnsx.exe"="C:\Arquivos de programas\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

"C:\Arquivos de programas\Ares\Ares.exe"="C:\Arquivos de programas\Ares\Ares.exe:*:Enabled:Ares p2p for windows"

"C:\Arquivos de programas\Skype\Phone\Skype.exe"="C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======File associations======

.txt - open - Notepad.exe "%1"

======List of files/folders created in the last 1 months======

2009-06-28 18:52:10 ----D---- C:\Avenger

2009-06-28 18:52:09 ----A---- C:\avenger.txt

2009-06-28 12:55:52 ----A---- C:\SIABMUN.BAT

2009-06-27 11:47:58 ----D---- C:\rsit

2009-06-27 11:32:01 ----A---- C:\TB.txt

2009-06-27 11:31:22 ----D---- C:\ToolBar SD

2009-06-27 11:29:48 ----A---- C:\WINDOWS\ntbtlog.txt

2009-06-27 11:07:05 ----D---- C:\Toolbar S&D

2009-06-25 23:35:13 ----D---- C:\Arquivos de programas\Ares

2009-06-25 23:28:00 ----A---- C:\aresregular211_installer.exe

2009-06-24 16:56:14 ----D---- C:\Arquivos de programas\AutorunRemover

2009-06-18 16:44:42 ----A---- C:\UsbFix.txt

2009-06-18 16:41:19 ----D---- C:\Arquivos de programas\UsbFix

2009-06-11 12:37:08 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\81E4

2009-06-04 14:15:36 ----D---- C:\Arquivos de programas\GameHouse

2009-06-03 16:56:45 ----D---- C:\Arquivos de programas\Oberon Media

2009-06-03 16:56:45 ----D---- C:\Arquivos de programas\MSN Games

2009-06-03 16:53:56 ----HD---- C:\$AVG8.VAULT$

2009-06-02 11:28:44 ----A---- C:\WINDOWS\system32\avgrsstx.dll

2009-06-02 11:28:26 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\avg8

2009-06-02 11:28:26 ----D---- C:\Arquivos de programas\AVG

2009-05-30 12:48:24 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\NCH Swift Sound

2009-05-30 12:48:13 ----D---- C:\Arquivos de programas\NCH Software

2009-05-30 12:47:54 ----D---- C:\Documents and Settings\uu\Dados de aplicativos\NCH Swift Sound

2009-05-30 12:47:54 ----D---- C:\Arquivos de programas\NCH Swift Sound

======List of files/folders modified in the last 1 months======

2009-06-29 17:40:30 ----D---- C:\HijackThis

2009-06-29 17:38:39 ----A---- C:\WINDOWS\NeroDigital.ini

2009-06-29 17:37:30 ----D---- C:\Arquivos de programas\Mozilla Firefox

2009-06-29 17:29:18 ----SD---- C:\WINDOWS\Tasks

2009-06-29 17:29:11 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Google Updater

2009-06-29 17:29:03 ----D---- C:\WINDOWS\temp

2009-06-29 17:28:58 ----A---- C:\WINDOWS\system32\lckfldservicelog.txt

2009-06-29 10:48:34 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-06-29 10:42:20 ----D---- C:\WINDOWS\system32\CatRoot2

2009-06-28 18:59:46 ----D---- C:\WINDOWS\Prefetch

2009-06-28 18:59:15 ----A---- C:\WINDOWS\LEXSTAT.INI

2009-06-28 18:52:10 ----D---- C:\WINDOWS\system32\drivers

2009-06-28 18:47:41 ----D---- C:\Documents and Settings\uu\Dados de aplicativos\Skype

2009-06-27 11:33:06 ----D---- C:\Arquivos de programas

2009-06-27 11:32:37 ----D---- C:\WINDOWS

2009-06-27 10:44:15 ----D---- C:\WINDOWS\system32

2009-06-19 11:46:00 ----SHD---- C:\RECYCLER

2009-06-19 07:51:46 ----D---- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2009-06-18 16:44:51 ----RSHD---- C:\Recycled

2009-06-18 12:40:48 ----ASH---- C:\boot.ini

2009-06-18 12:40:48 ----A---- C:\WINDOWS\win.ini

2009-06-18 12:40:48 ----A---- C:\WINDOWS\system.ini

2009-06-18 12:37:24 ----D---- C:\Arquivos de programas\Silkroad

2009-06-18 12:35:38 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software

2009-06-18 12:35:25 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-06-18 12:35:12 ----HD---- C:\WINDOWS\inf

2009-06-18 12:35:04 ----HD---- C:\Arquivos de programas\InstallShield Installation Information

2009-06-04 14:16:55 ----AD---- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2009-06-03 16:57:44 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft

2009-06-02 19:04:07 ----SHD---- C:\WINDOWS\Installer

2009-06-02 19:04:07 ----D---- C:\Config.Msi

2009-06-02 11:28:11 ----D---- C:\WINDOWS\WinSxS

2009-06-02 11:28:11 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

2009-06-01 22:18:07 ----D---- C:\Documents and Settings\uu\Dados de aplicativos\.BitTornado

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-06-26 327688]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-26 27784]

R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-02 108552]

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]

R1 SASDIFSV;SASDIFSV; \??\C:\Arquivos de programas\SUPERAntiSpyware\SASDIFSV.SYS []

R1 SASKUTIL;SASKUTIL; \??\C:\Arquivos de programas\SUPERAntiSpyware\SASKUTIL.sys []

R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-05-25 11904]

R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-01-21 267384]

R1 WS2IFSL;Ambiente de suporte a provedores de serviços não-IFS do Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-28 12032]

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2005-03-04 127872]

R3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-05 12288]

R3 NTProcDrv;Process creation detector for NT.; \??\C:\WINDOWS\TEMP\drv1.tmp []

R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-28 5888]

R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2005-03-01 392704]

R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-05-25 245760]

R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992]

R3 SymEvent;SymEvent; \??\C:\Arquivos de programas\Symantec\SYMEVENT.SYS []

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 41856]

S1 mferkdk;VSCore mferkdk; \??\C:\Arquivos de programas\McAfee\VirusScan Enterprise\mferkdk.sys []

S3 catchme;catchme; \??\C:\DOCUME~1\uu\CONFIG~1\Temp\catchme.sys []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 FXDRV;FXDRV; \??\D:\Fxdrv.sys []

S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys []

S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2004-09-14 88960]

S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 nm;Driver de monitor de rede; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]

S3 nocashio;nocashio; C:\WINDOWS\system32\drivers\nocashio.sys [2007-07-09 4096]

S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys []

S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]

S3 SASENUM;SASENUM; \??\C:\Arquivos de programas\SUPERAntiSpyware\SASENUM.SYS []

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 snpstd;D-Link CIF Webcam; C:\WINDOWS\system32\DRIVERS\snpstd.sys [2004-02-18 299776]

S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-01-21 26424]

S3 usb2vcom;USB to Serial Bridge Controller; C:\WINDOWS\System32\Drivers\usb2vcom.sys [2006-07-16 30368]

S3 Usblink;Usblink Driver; C:\WINDOWS\System32\Drivers\ulink.sys [2003-06-02 40060]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]

S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2008-11-09 22768]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 zlportio;zlportio; \??\C:\Documents and Settings\uu\Desktop\Renan\Downloads - RG\Jogos\UltraSta Deluxe 1.1\zlportio.sys []

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG Free8 WatchDog; C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2009-06-26 298776]

R2 HdThemeEnabler;Hyperdesk Theme Enabler; C:\Arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe [2008-07-21 106496]

R2 LckFldService;LckFldService; C:\WINDOWS\system32\LckFldService.exe [2004-01-11 36864]

R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-11-06 307200]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]

R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]

S2 gusvc;Google Software Updater; C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]

S3 Adobe LM Service;Adobe LM Service; C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-04-27 72704]

S3 IDriverT;InstallDriver Table Manager; C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 NBService;NBService; C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 ServiceLayer;ServiceLayer; C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]

S3 SNDSrvc;Symantec Network Drivers Service; C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe [2005-01-21 206552]

S3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\MSN Messenger\usnsvc.exe [2007-01-19 97136]

S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]

S4 NMIndexingService;NMIndexingService; C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]

-----------------EOF-----------------

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Error: file "C:\WINDOWS\AdobeR.exe" not found!

Deletion of file "C:\WINDOWS\AdobeR.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\DRIVERS\lmimirr.sys" not found!

Deletion of file "C:\WINDOWS\system32\DRIVERS\lmimirr.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\drivers\PalmUSBD.sys" not found!

Deletion of file "C:\WINDOWS\system32\drivers\PalmUSBD.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: could not open folder "C:\Arquivos de programas\Real Monitor\winrsm.exe"

Deletion of folder "C:\Arquivos de programas\Real Monitor\winrsm.exe" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Completed script processing.

*******************

Finished! Terminate.

GMER 1.0.15.14972 - http://www.gmer.net

Rootkit scan 2009-06-28 19:00:53

Windows 5.1.2600 Service Pack 3

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

Faça o download do ComboFix de um destes locais:

Link 1.

Link 2.

Link 3.

Importante!

Você não deve usar Combofix a menos que você tenha sido instruído a fazê-lo por um análista de segurança.

Destina-se pelo seu criador para ser utilizado sob orientação e supervisão de um especialista, e não para uso privado.

Utilizando esta ferramenta incorreto poderia levar a desastrosa problemas com o seu sistema operacional.

Certifique-se de que você salvou ComboFix.exe para o seu desktop.

• Desabilite o seu Antivírus e AntiSpyware , geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir na execução da ferramenta.

• Dê um duplo clique no ComboFix.exe & siga as instruções.

• Como parte de seu processo, ComboFix irá verificar se o Microsoft Windows Recovery Console está instalado. Como as infecções de malware são hoje, é fortemente recomendado que esteja pré-instalado em sua máquina antes de fazer qualquer remoção de malware. Ela permitirá que você arrancar em especial uma recuperação / reparação modo a permitir-nos-á mais fácil ajudá-lo a seu computador deve ter um problema após uma tentativa de remoção de malware.

• Siga as instruções para permitir ComboFix para baixar e instalar o Microsoft Windows Recovery Console e, quando for solicitado, concordar com o End-User License Agreement para instalar o Microsoft Windows Recovery Console.

-- Atenção: Se a consola de recuperação do Microsoft Windows já estiver instalado, ComboFix irá continuar a sua remoção malware procedimentos.

/applications/core/interface/imageproxy/imageproxy.php?img=http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif&key=0010234c6eff8b98a829fe5910d3fd47cc8c551f0c1836fc4748c11079a71d03" alt="RcAuto1.gif" />

Uma vez que o Microsoft Windows Recovery Console é instalado usando o ComboFix, você deverá ver a seguinte mensagem:

/applications/core/interface/imageproxy/imageproxy.php?img=http://img.photobucket.com/albums/v706/ried7/whatnext.png&key=0322e0e02f7f8338f55d719ebc365432f43703c06265204b488fcc51da87f466" alt="whatnext.png" />

Clique em Sim, para continuar a varredura de malware.

Quando terminar, ela deve produzir um log para você. Poste o relatorio do combofix que estar em C: \ ComboFix.txt junto com um log do hijackthis.

Feito! Seguem os logs...

ComboFix 09-06-29.02 - uu 29/06/2009 22:46.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1502.1074 [GMT -3:00]

Executando de: c:\documents and settings\uu\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\uu\Favoritos\Videos.url

c:\documents and settings\uu\RavMonLog

c:\windows\msettings.ini

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_BNDMSS

-------\Legacy_NPF

(((((((((((((((( Arquivos/Ficheiros criados de 2009-05-28 to 2009-06-30 ))))))))))))))))))))))))))))

.

2009-06-28 15:55 . 2009-06-28 15:55 230 ----a-w- C:\SIABMUN.BAT

2009-06-27 14:47 . 2009-06-27 14:48 -------- d-----w- C:\rsit

2009-06-27 14:31 . 2009-06-27 14:34 -------- d-----w- C:\ToolBar SD

2009-06-27 14:07 . 2009-06-27 14:07 -------- d-----w- C:\Toolbar S&D

2009-06-26 02:35 . 2009-06-26 02:35 -------- d-----w- c:\arquivos de programas\Ares

2009-06-26 02:34 . 2009-06-02 14:28	1085208	----a-w-	c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgupd.exe

2009-06-26 02:34 . 2009-06-02 14:28	755992	----a-w-	c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avginet.dll

2009-06-26 02:34 . 2009-06-02 14:28	587032	----a-w-	c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgiproxy.exe

2009-06-26 02:34 . 2009-06-02 14:28	1439488	----a-w-	c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgupd.dll

2009-06-26 02:28 . 2009-06-26 02:31 2374583 ----a-w- C:\aresregular211_installer.exe

2009-06-24 19:56 . 2009-06-24 19:56 -------- d-----w- c:\arquivos de programas\AutorunRemover

2009-06-19 10:46 . 2009-06-19 10:51 3561743 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-06-18 19:41 . 2009-06-18 19:44 -------- d-----w- c:\arquivos de programas\UsbFix

2009-06-11 15:37 . 2009-06-11 15:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\81E4

2009-06-04 17:15 . 2009-06-04 17:15 -------- d-----w- c:\arquivos de programas\GameHouse

2009-06-03 19:56 . 2009-06-03 19:56 -------- d-----w- c:\arquivos de programas\Oberon Media

2009-06-03 19:56 . 2009-06-03 19:56 -------- d-----w- c:\arquivos de programas\MSN Games

2009-06-03 19:53 . 2009-06-03 19:53 -------- d--h--w- C:\$AVG8.VAULT$

2009-06-02 15:03 . 2009-06-03 00:14 3532 ----a-w- C:\drmHeader.bin

2009-06-02 14:28 . 2009-06-26 14:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-06-02 14:28 . 2009-06-26 14:43 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-06-02 14:28 . 2009-06-02 14:28 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-06-02 14:28 . 2009-06-29 20:43 -------- d-----w- c:\windows\system32\drivers\Avg

2009-06-02 14:28 . 2009-06-02 14:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8

2009-06-02 14:28 . 2009-06-02 14:28 -------- d-----w- c:\arquivos de programas\AVG

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-30 01:35 . 2007-03-16 00:06 -------- d-----w- c:\documents and settings\uu\Dados de aplicativos\Skype

2009-06-29 23:39 . 2007-07-15 16:28 16 ----a-w- c:\windows\popcinfo.dat

2009-06-29 20:29 . 2008-08-25 01:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Google Updater

2009-06-26 14:43 . 2007-08-20 20:28 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-06-19 10:51 . 2008-09-15 20:49 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-06-18 15:37 . 2008-12-18 00:42 -------- d-----w- c:\arquivos de programas\Silkroad

2009-06-18 15:35 . 2008-06-07 21:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\BVRP Software

2009-06-18 15:35 . 2007-03-16 02:16 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-06-17 14:27 . 2008-09-15 20:49 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-17 14:27 . 2008-09-15 20:49 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-04 17:16 . 2008-05-18 22:25 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-06-02 01:18 . 2008-03-12 15:52 -------- d-----w- c:\documents and settings\uu\Dados de aplicativos\.BitTornado

2009-05-30 15:48 . 2009-05-30 15:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NCH Swift Sound

2009-05-30 15:48 . 2009-05-30 15:48 -------- d-----w- c:\arquivos de programas\NCH Software

2009-05-30 15:47 . 2009-05-30 15:47 -------- d-----w- c:\documents and settings\uu\Dados de aplicativos\NCH Swift Sound

2009-05-30 15:47 . 2009-05-30 15:47 -------- d-----w- c:\arquivos de programas\NCH Swift Sound

2009-05-03 20:18 . 2009-04-26 20:09 -------- d-----w- c:\arquivos de programas\Valve

2009-04-20 14:04 . 2001-10-28 15:07 49586 ----a-w- c:\windows\system32\perfc016.dat

2009-04-20 14:04 . 2001-10-28 15:07 347294 ----a-w- c:\windows\system32\perfh016.dat

2009-04-18 20:03 . 2009-04-18 20:03 5120 --sha-w- c:\arquivos de programas\Thumbs.db

2009-04-17 14:03 . 2009-04-29 21:42 69632 ----a-w- c:\windows\system32\MSJCE.dll

2009-04-15 01:00 . 2009-04-15 01:00 249856 ------w- c:\windows\Setup1.exe

2009-04-15 01:00 . 2009-04-15 01:00 73216 ----a-w- c:\windows\ST6UNST.EXE

2009-02-24 00:32 . 2009-02-24 00:32 11747 ----a-w- c:\arquivos de programas\uninstal.log

2002-12-11 17:17 . 2002-11-29 13:38 13366265 --s-a-w- c:\arquivos de programas\Encore Manual.pdf

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

Nota entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2007-06-29 286720]

"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]

"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2005-05-26 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Nokia.PCSync"="c:\arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 19:28 352256 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-06-26 14:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Flash.exe]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Flash.exe

backup=c:\windows\pss\Flash.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HOTSYNCSHORTCUTNAME.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HOTSYNCSHORTCUTNAME.lnk

backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^uu^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

path=c:\documents and settings\uu\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uu^Menu Iniciar^Programas^Inicializar^Download Mage.lnk]

path=c:\documents and settings\uu\Menu Iniciar\Programas\Inicializar\Download Mage.lnk

backup=c:\windows\pss\Download Mage.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uu^Menu Iniciar^Programas^Inicializar^HotSync Manager.LNK]

path=c:\documents and settings\uu\Menu Iniciar\Programas\Inicializar\HotSync Manager.LNK

backup=c:\windows\pss\HotSync Manager.LNKStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Azureus\\Azureus.exe"=

"c:\\Arquivos de programas\\BitTornado\\btdownloadgui.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Java\\jre1.6.0_02\\bin\\javaw.exe"=

"c:\\GenialGiFT\\gift\\giFT.exe"=

"c:\\Arquivos de programas\\K-LiteNitro\\giFT\\giFTl.exe"=

"c:\\Documents and Settings\\uu\\Meus documentos\\My Completed Downloads\\Silkroad_Manual-Patch_Downloader.exe"=

"skp66.exe"= skp66.exe:BNDMSS

"c:\\Arquivos de programas\\Motorola\\RSD Lite\\SDL.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"ud32.exe"= ud32.exe:BNDMSS

"c:\\Documents and Settings\\uu\\Desktop\\FACULDADE\\palmos\\emulator-win\\Emulator.exe"=

"c:\\Documents and Settings\\uu\\Desktop\\Renan\\Downloads - RG\\Jogos\\LackeyCCG\\LackeyCCG.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"15615:TCP"= 15615:TCP:NortonAV

"17371:TCP"= 17371:TCP:NortonAV

"17598:TCP"= 17598:TCP:NortonAV

"16173:TCP"= 16173:TCP:NortonAV

"15121:TCP"= 15121:TCP:NortonAV

"18053:TCP"= 18053:TCP:NortonAV

"16092:TCP"= 16092:TCP:NortonAV

"14679:TCP"= 14679:TCP:NortonAV

"12345:TCP"= 12345:TCP:NortonAV

"15458:TCP"= 15458:TCP:NortonAV

"15379:TCP"= 15379:TCP:NortonAV

"17238:TCP"= 17238:TCP:NortonAV

"15994:TCP"= 15994:TCP:NortonAV

"17564:TCP"= 17564:TCP:NortonAV

"13620:TCP"= 13620:TCP:NortonAV

"13793:TCP"= 13793:TCP:NortonAV

"12503:TCP"= 12503:TCP:NortonAV

"15290:TCP"= 15290:TCP:NortonAV

"15012:TCP"= 15012:TCP:NortonAV

"14760:TCP"= 14760:TCP:NortonAV

"12891:TCP"= 12891:TCP:NortonAV

"12835:TCP"= 12835:TCP:NortonAV

"12557:TCP"= 12557:TCP:NortonAV

"18892:TCP"= 18892:TCP:NortonAV

"14865:TCP"= 14865:TCP:NortonAV

"18611:TCP"= 18611:TCP:NortonAV

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/6/2009 11:28 327688]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/6/2009 11:28 108552]

R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\sasdifsv.sys [3/9/2008 14:07 8944]

R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [3/9/2008 14:07 55024]

R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2/6/2009 11:28 298776]

R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe [21/7/2008 12:50 106496]

R3 NTProcDrv;Process creation detector for NT.;c:\windows\temp\drv1.tmp [29/6/2009 22:50 3584]

S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]

S3 SASENUM;SASENUM;c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [3/9/2008 14:07 7408]

S3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\drivers\usb2vcom.sys [17/4/2008 16:32 30368]

S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys [30/7/2008 17:17 40060]

S3 zlportio;zlportio;\??\c:\documents and settings\uu\Desktop\Renan\Downloads - RG\Jogos\UltraSta Deluxe 1.1\zlportio.sys --> c:\documents and settings\uu\Desktop\Renan\Downloads - RG\Jogos\UltraSta Deluxe 1.1\zlportio.sys [?]

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-06-30 c:\windows\Tasks\Google Software Updater.job

• c:\arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-25 21:20]

2007-03-21 c:\windows\Tasks\Symantec NetDetect.job

• c:\arquivos de programas\Symantec\LiveUpdate\NDETECT.EXE [2007-07-05 22:20]

.

• - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-RemoveIT Pro XT - c:\arquivos de programas\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe

HKLM-Run-AudioDeck - c:\arquivos de programas\VIAudioi\SBADeck\ADeck.exe

.

------- Scan Suplementar -------

.

uStart Page = hxxp://search.shareazaweb.com/br/

mWindow Title =

uInternet Connection Wizard,ShellNext = iexplore

IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm

IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm

IE: Download Links As... - file://c:\windows\system32\page.htm

IE: Download Target(s) As... - file://c:\windows\system32\link.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: MediaManager tool grab multimedia file - c:\arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

FF - ProfilePath - c:\documents and settings\uu\Dados de aplicativos\Mozilla\Firefox\Profiles\94m5qc5q.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.startup.homepage - hxxp://google.com.br

FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?ei=ISO-8859-1&fr=megaup&p=

FF - component: c:\arquivos de programas\AVG\AVG8\Firefox\components\avgssff.dll

FF - plugin: c:\arquivos de programas\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

.

------- Associação de arquivos/ficheiros -------

.

txtfile=Notepad.exe "%1"

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-29 22:50

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

AudioDeck = c:\arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1??|????$i?|????` $?????????????????????????????????

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NTProcDrv]

"ImagePath"="\??\c:\windows\TEMP\drv1.tmp"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-1060284298-1844823847-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

@Denied: (Full) (LocalSystem)

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

• - - - - - - > 'winlogon.exe'(592)

c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\LEXBCES.EXE

c:\windows\system32\LEXPPS.EXE

c:\windows\system32\LckFldService.exe

c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe

c:\arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

c:\windows\system32\wdfmgr.exe

c:\arquivos de programas\AVG\AVG8\avgrsx.exe

c:\arquiv~1\AVG\AVG8\avgnsx.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-06-30 22:54 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-06-30 01:54

Pré-execução: 21 pasta(s) 160.758.657.024 bytes disponíveis

Pós execução: 21 pasta(s) 161.219.665.920 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

258 --- E O F --- 2009-05-22 01:35

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:00:42, on 29/6/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\LckFldService.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.shareazaweb.com/br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: Download Links As... - file://C:\WINDOWS\system32\page.htm

O8 - Extra context menu item: Download Target(s) As... - file://C:\WINDOWS\system32\link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Hyperdesk Theme Enabler (HdThemeEnabler) - The Skins Factory, Inc. - C:\Arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 7366 bytes

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

File::C:\drmHeader.bin

C:\WINDOWS\AdobeR.exe

C:\WINDOWS\system32\DRIVERS\lmimirr.sys

C:\WINDOWS\system32\drivers\PalmUSBD.sys

Driver::

"PalmUSBD"

"lmimirr"

Folder::

C:\Arquivos de programas\Real Monitor\winrsm.exe

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

/applications/core/interface/imageproxy/imageproxy.php?img=http://virus-protect.org/artikel/bilder/cfscript.gif&key=9b762e2062a60b210b24ca6bb45677b226357ecae5fca060027ef09f35e03016" alt="cfscript.gif" />

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

Poste-o junto com o novo log do hijackthis

ComboFix 09-07-01.01 - uu 01/07/2009 16:55:42.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1502.1086 [GMT -3:00]

Executando de: C:\Documents and Settings\uu\Desktop\ComboFix.exe

Comandos utilizados :: C:\Documents and Settings\uu\Desktop\CFScript.txt

AV: AVG Anti-Virus Free On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::

"C:\drmHeader.bin"

"C:\WINDOWS\AdobeR.exe"

"C:\WINDOWS\system32\DRIVERS\lmimirr.sys"

"C:\WINDOWS\system32\drivers\PalmUSBD.sys"

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\drmHeader.bin

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_lmimirr

-------\Service_PalmUSBD

(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-01 to 2009-07-01 ))))))))))))))))))))))))))))

.

2009-06-28 15:55:52 . 2009-06-28 15:55:52 230 ----a-w- C:\SIABMUN.BAT

2009-06-27 14:47:58 . 2009-06-27 14:48:05 0 d-----w- C:\rsit

2009-06-27 14:31:22 . 2009-06-27 14:34:12 0 d-----w- C:\ToolBar SD

2009-06-27 14:07:05 . 2009-06-27 14:07:32 0 d-----w- C:\Toolbar S&D

2009-06-26 02:35:13 . 2009-06-26 02:35:15 0 d-----w- C:\Arquivos de programas\Ares

2009-06-26 02:34:47 . 2009-06-02 14:28:29	1085208	----a-w-	C:\Documents and Settings\All Users\Dados de aplicativos\avg8\update\backup\avgupd.exe

2009-06-26 02:34:46 . 2009-06-02 14:28:29	755992	----a-w-	C:\Documents and Settings\All Users\Dados de aplicativos\avg8\update\backup\avginet.dll

2009-06-26 02:34:46 . 2009-06-02 14:28:29	587032	----a-w-	C:\Documents and Settings\All Users\Dados de aplicativos\avg8\update\backup\avgiproxy.exe

2009-06-26 02:34:46 . 2009-06-02 14:28:29	1439488	----a-w-	C:\Documents and Settings\All Users\Dados de aplicativos\avg8\update\backup\avgupd.dll

2009-06-26 02:28:00 . 2009-06-26 02:31:42 2374583 ----a-w- C:\aresregular211_installer.exe

2009-06-24 19:56:14 . 2009-06-24 19:56:45 0 d-----w- C:\Arquivos de programas\AutorunRemover

2009-06-19 10:46:30 . 2009-06-19 10:51:36 3561743 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-06-18 19:41:19 . 2009-06-18 19:44:50 0 d-----w- C:\Arquivos de programas\UsbFix

2009-06-11 15:37:08 . 2009-06-11 15:37:08 0 d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\81E4

2009-06-04 17:15:36 . 2009-06-04 17:15:36 0 d-----w- C:\Arquivos de programas\GameHouse

2009-06-03 19:56:45 . 2009-06-03 19:56:45 0 d-----w- C:\Arquivos de programas\Oberon Media

2009-06-03 19:56:45 . 2009-06-03 19:56:45 0 d-----w- C:\Arquivos de programas\MSN Games

2009-06-03 19:53:56 . 2009-06-03 19:53:56 0 d--h--w- C:\$AVG8.VAULT$

2009-06-02 14:28:44 . 2009-06-26 14:43:32 11952 ----a-w- C:\WINDOWS\system32\avgrsstx.dll

2009-06-02 14:28:43 . 2009-06-26 14:43:32 327688 ----a-w- C:\WINDOWS\system32\drivers\avgldx86.sys

2009-06-02 14:28:43 . 2009-06-02 14:28:43 108552 ----a-w- C:\WINDOWS\system32\drivers\avgtdix.sys

2009-06-02 14:28:35 . 2009-07-01 19:09:30 0 d-----w- C:\WINDOWS\system32\drivers\Avg

2009-06-02 14:28:26 . 2009-06-02 14:28:26 0 d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\avg8

2009-06-02 14:28:26 . 2009-06-02 14:28:26 0 d-----w- C:\Arquivos de programas\AVG

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-01 19:50:15 . 2007-07-15 16:28:31 16 ----a-w- C:\WINDOWS\popcinfo.dat

2009-07-01 02:14:33 . 2007-03-16 00:06:36 0 d-----w- C:\Documents and Settings\uu\Dados de aplicativos\Skype

2009-06-30 21:30:12 . 2008-08-25 01:38:50 0 d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Google Updater

2009-06-26 14:43:32 . 2007-08-20 20:28:19 27784 ----a-w- C:\WINDOWS\system32\drivers\avgmfx86.sys

2009-06-19 10:51:46 . 2008-09-15 20:49:30 0 d-----w- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2009-06-18 15:37:24 . 2008-12-18 00:42:31 0 d-----w- C:\Arquivos de programas\Silkroad

2009-06-18 15:35:38 . 2008-06-07 21:12:43 0 d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software

2009-06-18 15:35:04 . 2007-03-16 02:16:00 0 d--h--w- C:\Arquivos de programas\InstallShield Installation Information

2009-06-17 14:27:56 . 2008-09-15 20:49:31 38160 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2009-06-17 14:27:44 . 2008-09-15 20:49:32 19096 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2009-06-04 17:16:55 . 2008-05-18 22:25:16 0 d---a-w- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2009-06-02 01:18:07 . 2008-03-12 15:52:07 0 d-----w- C:\Documents and Settings\uu\Dados de aplicativos\.BitTornado

2009-05-30 15:48:24 . 2009-05-30 15:48:24 0 d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\NCH Swift Sound

2009-05-30 15:48:13 . 2009-05-30 15:48:13 0 d-----w- C:\Arquivos de programas\NCH Software

2009-05-30 15:47:54 . 2009-05-30 15:47:54 0 d-----w- C:\Documents and Settings\uu\Dados de aplicativos\NCH Swift Sound

2009-05-30 15:47:54 . 2009-05-30 15:47:54 0 d-----w- C:\Arquivos de programas\NCH Swift Sound

2009-05-03 20:18:48 . 2009-04-26 20:09:37 0 d-----w- C:\Arquivos de programas\Valve

2009-04-20 14:04:45 . 2001-10-28 15:07:18 49586 ----a-w- C:\WINDOWS\system32\perfc016.dat

2009-04-20 14:04:45 . 2001-10-28 15:07:18 347294 ----a-w- C:\WINDOWS\system32\perfh016.dat

2009-04-18 20:03:05 . 2009-04-18 20:03:05 5120 --sha-w- C:\Arquivos de programas\Thumbs.db

2009-04-17 14:03:02 . 2009-04-29 21:42:17 69632 ----a-w- C:\WINDOWS\system32\MSJCE.dll

2009-04-15 01:00:36 . 2009-04-15 01:00:35 249856 ------w- C:\WINDOWS\Setup1.exe

2009-04-15 01:00:34 . 2009-04-15 01:00:34 73216 ----a-w- C:\WINDOWS\ST6UNST.EXE

2009-02-24 00:32:26 . 2009-02-24 00:32:26 11747 ----a-w- C:\Arquivos de programas\uninstal.log

2002-12-11 17:17:34 . 2002-11-29 13:38:52 13366265 --s-a-w- C:\Arquivos de programas\Encore Manual.pdf

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

Nota entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 14:01:16 319488]

"SoundMAXPnP"="C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 12:11:10 1388544]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-06-29 09:24:52 286720]

"snpstd"="C:\WINDOWS\vsnpstd.exe" [2003-12-31 04:39:04 40960]

"SiSPower"="SiSPower.dll" - C:\WINDOWS\system32\SiSPower.dll [2005-05-26 03:01:44 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Nokia.PCSync"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 18:58:06 1744896]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 13:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 19:28:18 352256 ----a-w- C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-06-26 14:43:32 11952 ----a-w- C:\WINDOWS\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Flash.exe]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Flash.exe

backup=C:\WINDOWS\pss\Flash.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HOTSYNCSHORTCUTNAME.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HOTSYNCSHORTCUTNAME.lnk

backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^uu^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

path=C:\Documents and Settings\uu\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uu^Menu Iniciar^Programas^Inicializar^Download Mage.lnk]

path=C:\Documents and Settings\uu\Menu Iniciar\Programas\Inicializar\Download Mage.lnk

backup=C:\WINDOWS\pss\Download Mage.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uu^Menu Iniciar^Programas^Inicializar^HotSync Manager.LNK]

path=C:\Documents and Settings\uu\Menu Iniciar\Programas\Inicializar\HotSync Manager.LNK

backup=C:\WINDOWS\pss\HotSync Manager.LNKStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\Azureus\\Azureus.exe"=

"C:\\Arquivos de programas\\BitTornado\\btdownloadgui.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Java\\jre1.6.0_02\\bin\\javaw.exe"=

"C:\\GenialGiFT\\gift\\giFT.exe"=

"C:\\Arquivos de programas\\K-LiteNitro\\giFT\\giFTl.exe"=

"C:\\Documents and Settings\\uu\\Meus documentos\\My Completed Downloads\\Silkroad_Manual-Patch_Downloader.exe"=

"skp66.exe"= skp66.exe:BNDMSS

"C:\\Arquivos de programas\\Motorola\\RSD Lite\\SDL.exe"=

"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"ud32.exe"= ud32.exe:BNDMSS

"C:\\Documents and Settings\\uu\\Desktop\\FACULDADE\\palmos\\emulator-win\\Emulator.exe"=

"C:\\Documents and Settings\\uu\\Desktop\\Renan\\Downloads - RG\\Jogos\\LackeyCCG\\LackeyCCG.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"=

"C:\\Arquivos de programas\\Ares\\Ares.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"15615:TCP"= 15615:TCP:NortonAV

"17371:TCP"= 17371:TCP:NortonAV

"17598:TCP"= 17598:TCP:NortonAV

"16173:TCP"= 16173:TCP:NortonAV

"15121:TCP"= 15121:TCP:NortonAV

"18053:TCP"= 18053:TCP:NortonAV

"16092:TCP"= 16092:TCP:NortonAV

"14679:TCP"= 14679:TCP:NortonAV

"12345:TCP"= 12345:TCP:NortonAV

"15458:TCP"= 15458:TCP:NortonAV

"15379:TCP"= 15379:TCP:NortonAV

"17238:TCP"= 17238:TCP:NortonAV

"15994:TCP"= 15994:TCP:NortonAV

"17564:TCP"= 17564:TCP:NortonAV

"13620:TCP"= 13620:TCP:NortonAV

"13793:TCP"= 13793:TCP:NortonAV

"12503:TCP"= 12503:TCP:NortonAV

"15290:TCP"= 15290:TCP:NortonAV

"15012:TCP"= 15012:TCP:NortonAV

"14760:TCP"= 14760:TCP:NortonAV

"12891:TCP"= 12891:TCP:NortonAV

"12835:TCP"= 12835:TCP:NortonAV

"12557:TCP"= 12557:TCP:NortonAV

"18892:TCP"= 18892:TCP:NortonAV

"14865:TCP"= 14865:TCP:NortonAV

"18611:TCP"= 18611:TCP:NortonAV

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\drivers\avgldx86.sys [2/6/2009 11:28:43 327688]

R1 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\drivers\avgtdix.sys [2/6/2009 11:28:43 108552]

R1 SASDIFSV;SASDIFSV;C:\Arquivos de programas\SUPERAntiSpyware\sasdifsv.sys [3/9/2008 14:07:14 8944]

R1 SASKUTIL;SASKUTIL;C:\Arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [3/9/2008 14:07:12 55024]

R2 avg8wd;AVG Free8 WatchDog;C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2/6/2009 11:28:27 298776]

R2 HdThemeEnabler;Hyperdesk Theme Enabler;C:\Arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe [21/7/2008 12:50:02 106496]

R3 NTProcDrv;Process creation detector for NT.;C:\WINDOWS\temp\drv1.tmp [1/7/2009 17:00:32 3584]

S3 FXDRV;FXDRV;\??\D:\Fxdrv.sys --> D:\Fxdrv.sys [?]

S3 SASENUM;SASENUM;C:\Arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [3/9/2008 14:07:16 7408]

S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\drivers\usb2vcom.sys [17/4/2008 16:32:15 30368]

S3 Usblink;Usblink Driver;C:\WINDOWS\system32\drivers\ulink.sys [30/7/2008 17:17:29 40060]

S3 zlportio;zlportio;\??\C:\Documents and Settings\uu\Desktop\Renan\Downloads - RG\Jogos\UltraSta Deluxe 1.1\zlportio.sys --> C:\Documents and Settings\uu\Desktop\Renan\Downloads - RG\Jogos\UltraSta Deluxe 1.1\zlportio.sys [?]

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-07-01 C:\WINDOWS\Tasks\Google Software Updater.job

• C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-25 01:38:48 . 2009-03-25 21:20:58]

2007-03-21 C:\WINDOWS\Tasks\Symantec NetDetect.job

• C:\Arquivos de programas\Symantec\LiveUpdate\NDETECT.EXE [2007-07-05 17:23:38 . 2003-08-19 22:20:56]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://search.shareazaweb.com/br/

mWindow Title =

uInternet Connection Wizard,ShellNext = iexplore

IE: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

IE: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

IE: Download Links As... - file://C:\WINDOWS\system32\page.htm

IE: Download Target(s) As... - file://C:\WINDOWS\system32\link.htm

IE: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

FF - ProfilePath - C:\Documents and Settings\uu\Dados de aplicativos\Mozilla\Firefox\Profiles\94m5qc5q.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.startup.homepage - hxxp://google.com.br

FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?ei=ISO-8859-1&fr=megaup&p=

FF - component: C:\Arquivos de programas\AVG\AVG8\Firefox\components\avgssff.dll

FF - plugin: C:\Arquivos de programas\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - HiddenExtension: Java Console: No Registry Reference - C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:05:24, on 1/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\LckFldService.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.shareazaweb.com/br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: Download Links As... - file://C:\WINDOWS\system32\page.htm

O8 - Extra context menu item: Download Target(s) As... - file://C:\WINDOWS\system32\link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Hyperdesk Theme Enabler (HdThemeEnabler) - The Skins Factory, Inc. - C:\Arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 7398 bytes

Olá Nigel, boa noite. Siga os meus passos na ordem por favor.

1° Passo.

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

File::C:\WINDOWS\Setup1.exe

C:\WINDOWS\ST6UNST.EXE

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

/applications/core/interface/imageproxy/imageproxy.php?img=http://virus-protect.org/artikel/bilder/cfscript.gif&key=9b762e2062a60b210b24ca6bb45677b226357ecae5fca060027ef09f35e03016" alt="cfscript.gif" />

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

Poste-o junto com o novo log do hijackthis

2° Passo.

<@> Faça um escaneamento online em: < Panda ActiveScan 2.0 >

<@> Ps: Utilize o navegador Firefox ou Internet Explorer.

<@> Faça o registro gratuito,para que tenhas a opção na desinfecção de arquivos.

<@> Clique em "Registar-se".

<@> Terminando,clique em "Enviar".

<@> Na janela de boas vindas,escolha a "Análise completa" --> Clique em "Analisar agora".

<@> Se esta é a primeira vez que utiliza o ActiveScan 2.0,com o Mozilla Firefox,será pedido a instalação de um plugin.

<@> Portanto,para que o ActiveScan 2.0 funcione,é necessário transferir e instalar essa extensão.

<@> Aguarde,também,a atualização do ActiveScan 2.0.

<@> Terminando,podes dar início ao scan.

<@> Ao final da verificação,clique em "Disinfect".

<@> Clique,à seguir,em "Export to" para que tenhamos o relatório. <-- Salve-o no desktop!

<@> Poste: ActiveScan.txt <--

ComboFix 09-07-01.04 - uu 02/07/2009 9:21.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1502.1095 [GMT -3:00]

Executando de: c:\documents and settings\uu\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\uu\Desktop\CFScript.txt

AV: AVG Anti-Virus Free On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::

"c:\windows\Setup1.exe"

"c:\windows\ST6UNST.EXE"

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\Installer\507cc.msi

c:\windows\Setup1.exe

c:\windows\ST6UNST.EXE

.

---- Execuções precedente -------

.

C:\drmHeader.bin

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_lmimirr

-------\Service_PalmUSBD

(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-02 to 2009-07-02 ))))))))))))))))))))))))))))

.

2009-06-28 15:55 . 2009-06-28 15:55 230 ----a-w- C:\SIABMUN.BAT

2009-06-27 14:47 . 2009-06-27 14:48 -------- d-----w- C:\rsit

2009-06-27 14:31 . 2009-06-27 14:34 -------- d-----w- C:\ToolBar SD

2009-06-27 14:07 . 2009-06-27 14:07 -------- d-----w- C:\Toolbar S&D

2009-06-26 02:35 . 2009-06-26 02:35 -------- d-----w- c:\arquivos de programas\Ares

2009-06-26 02:34 . 2009-06-02 14:28	1085208	----a-w-	c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgupd.exe

2009-06-26 02:34 . 2009-06-02 14:28	755992	----a-w-	c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avginet.dll

2009-06-26 02:34 . 2009-06-02 14:28	587032	----a-w-	c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgiproxy.exe

2009-06-26 02:34 . 2009-06-02 14:28	1439488	----a-w-	c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgupd.dll

2009-06-26 02:28 . 2009-06-26 02:31 2374583 ----a-w- C:\aresregular211_installer.exe

2009-06-24 19:56 . 2009-06-24 19:56 -------- d-----w- c:\arquivos de programas\AutorunRemover

2009-06-19 10:46 . 2009-06-19 10:51 3561743 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-06-18 19:41 . 2009-06-18 19:44 -------- d-----w- c:\arquivos de programas\UsbFix

2009-06-11 15:37 . 2009-06-11 15:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\81E4

2009-06-04 17:15 . 2009-06-04 17:15 -------- d-----w- c:\arquivos de programas\GameHouse

2009-06-03 19:56 . 2009-06-03 19:56 -------- d-----w- c:\arquivos de programas\Oberon Media

2009-06-03 19:56 . 2009-06-03 19:56 -------- d-----w- c:\arquivos de programas\MSN Games

2009-06-03 19:53 . 2009-06-03 19:53 -------- d--h--w- C:\$AVG8.VAULT$

2009-06-02 14:28 . 2009-06-26 14:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-06-02 14:28 . 2009-06-26 14:43 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-06-02 14:28 . 2009-06-02 14:28 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-06-02 14:28 . 2009-07-02 12:11 -------- d-----w- c:\windows\system32\drivers\Avg

2009-06-02 14:28 . 2009-06-02 14:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8

2009-06-02 14:28 . 2009-06-02 14:28 -------- d-----w- c:\arquivos de programas\AVG

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-02 12:11 . 2007-07-15 16:28 16 ----a-w- c:\windows\popcinfo.dat

2009-07-01 22:31 . 2008-08-25 01:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Google Updater

2009-07-01 02:14 . 2007-03-16 00:06 -------- d-----w- c:\documents and settings\uu\Dados de aplicativos\Skype

2009-06-26 14:43 . 2007-08-20 20:28 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-06-19 10:51 . 2008-09-15 20:49 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-06-18 15:37 . 2008-12-18 00:42 -------- d-----w- c:\arquivos de programas\Silkroad

2009-06-18 15:35 . 2008-06-07 21:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\BVRP Software

2009-06-18 15:35 . 2007-03-16 02:16 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-06-17 14:27 . 2008-09-15 20:49 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-17 14:27 . 2008-09-15 20:49 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-04 17:16 . 2008-05-18 22:25 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-06-02 01:18 . 2008-03-12 15:52 -------- d-----w- c:\documents and settings\uu\Dados de aplicativos\.BitTornado

2009-05-30 15:48 . 2009-05-30 15:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NCH Swift Sound

2009-05-30 15:48 . 2009-05-30 15:48 -------- d-----w- c:\arquivos de programas\NCH Software

2009-05-30 15:47 . 2009-05-30 15:47 -------- d-----w- c:\documents and settings\uu\Dados de aplicativos\NCH Swift Sound

2009-05-30 15:47 . 2009-05-30 15:47 -------- d-----w- c:\arquivos de programas\NCH Swift Sound

2009-05-03 20:18 . 2009-04-26 20:09 -------- d-----w- c:\arquivos de programas\Valve

2009-04-20 14:04 . 2001-10-28 15:07 49586 ----a-w- c:\windows\system32\perfc016.dat

2009-04-20 14:04 . 2001-10-28 15:07 347294 ----a-w- c:\windows\system32\perfh016.dat

2009-04-18 20:03 . 2009-04-18 20:03 5120 --sha-w- c:\arquivos de programas\Thumbs.db

2009-04-17 14:03 . 2009-04-29 21:42 69632 ----a-w- c:\windows\system32\MSJCE.dll

2009-02-24 00:32 . 2009-02-24 00:32 11747 ----a-w- c:\arquivos de programas\uninstal.log

2002-12-11 17:17 . 2002-11-29 13:38 13366265 --s-a-w- c:\arquivos de programas\Encore Manual.pdf

.

((((((((((((((((((((((((((((( SnapShot@2009-06-30_01.51.00 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-06-18 19:03 . 2007-06-18 19:03 268800 c:\windows\Installer\deb243.msi

+ 2008-03-01 20:11 . 2008-03-01 20:11 257024 c:\windows\Installer\c8a761.msi

+ 2007-07-05 17:42 . 2007-07-05 17:42 388608 c:\windows\Installer\afcf31.msi

+ 2008-04-17 19:47 . 2008-04-17 19:47 409600 c:\windows\Installer\a68a5.msi

+ 2008-04-17 19:46 . 2008-04-17 19:46 368640 c:\windows\Installer\a68a0.msi

+ 2007-12-24 18:26 . 2007-12-24 18:26 100352 c:\windows\Installer\7fa93.msi

+ 2007-04-28 01:53 . 2007-04-28 01:53 537600 c:\windows\Installer\5d5acb.msi

+ 2008-11-12 13:37 . 2008-11-12 13:37 432640 c:\windows\Installer\54f1fd.msi

+ 2009-06-02 14:28 . 2009-06-02 14:28 337408 c:\windows\Installer\428cd5.msi

+ 2007-07-12 22:28 . 2007-07-12 22:28 434176 c:\windows\Installer\417fc.msi

+ 2008-09-15 01:53 . 2008-09-15 01:53 431104 c:\windows\Installer\3655845.msi

+ 2007-07-05 15:20 . 2007-07-05 15:20 265216 c:\windows\Installer\2ed6ad.msi

+ 2009-03-10 02:42 . 2009-03-10 02:42 208896 c:\windows\Installer\2095bc4.msi

+ 2009-03-10 02:42 . 2009-03-10 02:42 390656 c:\windows\Installer\2095bba.msi

+ 2008-10-21 01:45 . 2008-10-21 01:45 707072 c:\windows\Installer\13e52b3.msi

+ 2007-08-25 19:45 . 2007-08-25 19:45 282624 c:\windows\Installer\1113418.msi

+ 2008-10-14 19:09 . 2008-10-14 19:09 350296 c:\windows\Downloaded Installations\Virtual Desktop Manager Powertoy for Windows XP.msi

+ 2004-07-17 11:35 . 2004-07-17 11:35 1354752 c:\windows\system32\webfldrs.msi

+ 2008-10-04 12:31 . 2004-07-17 11:35 1354752 c:\windows\ServicePackFiles\i386\webfldrs.msi

+ 2008-05-22 14:48 . 2008-05-22 14:48 3441664 c:\windows\Installer\ddee57.msi

+ 2007-12-25 14:47 . 2007-12-25 14:47 2707456 c:\windows\Installer\a7a10d.msi

+ 2008-04-17 19:49 . 2008-04-17 19:49 1145344 c:\windows\Installer\a68aa.msi

+ 2007-12-25 16:58 . 2007-12-25 16:58 6379520 c:\windows\Installer\a1987.msi

+ 2007-07-05 16:50 . 2007-07-05 16:50 5788160 c:\windows\Installer\7ec4ea.msi

+ 2009-06-02 22:04 . 2009-06-02 22:04 1602048 c:\windows\Installer\6ba02.msi

+ 2008-10-28 19:28 . 2008-10-28 19:28 6865408 c:\windows\Installer\692c44.msi

+ 2007-04-28 01:56 . 2007-04-28 01:56 1453568 c:\windows\Installer\5d5ad5.msi

+ 2007-04-28 01:54 . 2007-04-28 01:54 1868800 c:\windows\Installer\5d5ad0.msi

+ 2007-04-28 01:52 . 2007-04-28 01:52 2892288 c:\windows\Installer\5d5ac6.msi

+ 2007-04-28 01:50 . 2007-04-28 01:50 5091840 c:\windows\Installer\5d5ac1.msi

+ 2008-09-15 18:56 . 2008-09-15 18:56 1038848 c:\windows\Installer\50b7a5.msi

+ 2007-11-04 02:50 . 2007-11-04 02:50 7958016 c:\windows\Installer\385e25.msi

+ 2008-11-25 12:33 . 2008-11-25 12:33 4235776 c:\windows\Installer\2cab40.msi

+ 2009-03-24 17:36 . 2009-03-24 17:36 4733440 c:\windows\Installer\13939.msp

+ 2007-03-22 00:50 . 2007-01-19 16:21 16841728 c:\windows\Installer\MSN Messenger 8.1.0178\MsnMsgs.Msi

+ 2007-06-22 21:07 . 2007-06-29 23:08 55682048 c:\windows\Downloaded Installations\{69CC78F2-D6EE-4702-A0C8-1913BB2D9F01}\Palm.msi

+ 2008-10-12 12:34 . 2008-10-12 12:34 11049984 c:\windows\Downloaded Installations\{51C8736D-4956-4172-AACA-0A8FFC4BC652}\PC Camera .msi

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

Nota entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2007-06-29 286720]

"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]

"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2005-05-26 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Nokia.PCSync"="c:\arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 19:28 352256 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-06-26 14:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Flash.exe]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Flash.exe

backup=c:\windows\pss\Flash.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HOTSYNCSHORTCUTNAME.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HOTSYNCSHORTCUTNAME.lnk

backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^uu^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

path=c:\documents and settings\uu\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uu^Menu Iniciar^Programas^Inicializar^Download Mage.lnk]

path=c:\documents and settings\uu\Menu Iniciar\Programas\Inicializar\Download Mage.lnk

backup=c:\windows\pss\Download Mage.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uu^Menu Iniciar^Programas^Inicializar^HotSync Manager.LNK]

path=c:\documents and settings\uu\Menu Iniciar\Programas\Inicializar\HotSync Manager.LNK

backup=c:\windows\pss\HotSync Manager.LNKStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Azureus\\Azureus.exe"=

"c:\\Arquivos de programas\\BitTornado\\btdownloadgui.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Java\\jre1.6.0_02\\bin\\javaw.exe"=

"c:\\GenialGiFT\\gift\\giFT.exe"=

"c:\\Arquivos de programas\\K-LiteNitro\\giFT\\giFTl.exe"=

"c:\\Documents and Settings\\uu\\Meus documentos\\My Completed Downloads\\Silkroad_Manual-Patch_Downloader.exe"=

"skp66.exe"= skp66.exe:BNDMSS

"c:\\Arquivos de programas\\Motorola\\RSD Lite\\SDL.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"ud32.exe"= ud32.exe:BNDMSS

"c:\\Documents and Settings\\uu\\Desktop\\FACULDADE\\palmos\\emulator-win\\Emulator.exe"=

"c:\\Documents and Settings\\uu\\Desktop\\Renan\\Downloads - RG\\Jogos\\LackeyCCG\\LackeyCCG.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"15615:TCP"= 15615:TCP:NortonAV

"17371:TCP"= 17371:TCP:NortonAV

"17598:TCP"= 17598:TCP:NortonAV

"16173:TCP"= 16173:TCP:NortonAV

"15121:TCP"= 15121:TCP:NortonAV

"18053:TCP"= 18053:TCP:NortonAV

"16092:TCP"= 16092:TCP:NortonAV

"14679:TCP"= 14679:TCP:NortonAV

"12345:TCP"= 12345:TCP:NortonAV

"15458:TCP"= 15458:TCP:NortonAV

"15379:TCP"= 15379:TCP:NortonAV

"17238:TCP"= 17238:TCP:NortonAV

"15994:TCP"= 15994:TCP:NortonAV

"17564:TCP"= 17564:TCP:NortonAV

"13620:TCP"= 13620:TCP:NortonAV

"13793:TCP"= 13793:TCP:NortonAV

"12503:TCP"= 12503:TCP:NortonAV

"15290:TCP"= 15290:TCP:NortonAV

"15012:TCP"= 15012:TCP:NortonAV

"14760:TCP"= 14760:TCP:NortonAV

"12891:TCP"= 12891:TCP:NortonAV

"12835:TCP"= 12835:TCP:NortonAV

"12557:TCP"= 12557:TCP:NortonAV

"18892:TCP"= 18892:TCP:NortonAV

"14865:TCP"= 14865:TCP:NortonAV

"18611:TCP"= 18611:TCP:NortonAV

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/6/2009 11:28 327688]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/6/2009 11:28 108552]

R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\sasdifsv.sys [3/9/2008 14:07 8944]

R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [3/9/2008 14:07 55024]

R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2/6/2009 11:28 298776]

R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe [21/7/2008 12:50 106496]

R3 NTProcDrv;Process creation detector for NT.;\??\c:\windows\TEMP\drv1.tmp --> c:\windows\TEMP\drv1.tmp [?]

S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]

S3 SASENUM;SASENUM;c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [3/9/2008 14:07 7408]

S3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\drivers\usb2vcom.sys [17/4/2008 16:32 30368]

S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys [30/7/2008 17:17 40060]

S3 zlportio;zlportio;\??\c:\documents and settings\uu\Desktop\Renan\Downloads - RG\Jogos\UltraSta Deluxe 1.1\zlportio.sys --> c:\documents and settings\uu\Desktop\Renan\Downloads - RG\Jogos\UltraSta Deluxe 1.1\zlportio.sys [?]

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-07-02 c:\windows\Tasks\Google Software Updater.job

• c:\arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-25 21:20]

2007-03-21 c:\windows\Tasks\Symantec NetDetect.job

• c:\arquivos de programas\Symantec\LiveUpdate\NDETECT.EXE [2007-07-05 22:20]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://search.shareazaweb.com/br/

mWindow Title =

uInternet Connection Wizard,ShellNext = iexplore

IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm

IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm

IE: Download Links As... - file://c:\windows\system32\page.htm

IE: Download Target(s) As... - file://c:\windows\system32\link.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: MediaManager tool grab multimedia file - c:\arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

FF - ProfilePath - c:\documents and settings\uu\Dados de aplicativos\Mozilla\Firefox\Profiles\94m5qc5q.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - YouTube - Videos

FF - prefs.js: browser.startup.homepage - hxxp://google.com.br

FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?ei=ISO-8859-1&fr=megaup&p=

FF - component: c:\arquivos de programas\AVG\AVG8\Firefox\components\avgssff.dll

FF - plugin: c:\arquivos de programas\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-02 09:25

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NTProcDrv]

"ImagePath"="\??\c:\windows\TEMP\drv1.tmp"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-1060284298-1844823847-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

@Denied: (Full) (LocalSystem)

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

• - - - - - - > 'winlogon.exe'(588)

c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

.

Tempo para conclusão: 2009-07-02 9:27

ComboFix-quarantined-files.txt 2009-07-02 12:27

ComboFix2.txt 2009-06-30 01:54

Pré-execução: 21 pasta(s) 161.330.069.504 bytes disponíveis

Pós execução: 21 pasta(s) 161.313.701.888 bytes disponíveis

274 --- E O F --- 2009-05-22 01:35

;*******************************************************************************

*********************************************************************************

*******************

ANALYSIS: 2009-07-02 16:13:28

PROTECTIONS: 1

MALWARE: 16

SUSPECTS: 2

;*******************************************************************************

*********************************************************************************

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

=================================================================================

===================

AVG Anti-Virus Free 8.5 No Yes

;===============================================================================

=================================================================================

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

=================================================================================

===================

00055913 adware/razespyware Adware No 0 Yes No c:\windows\system32\page.htm

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\uu\Cookies\uu@doubleclick[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\uu\Cookies\uu@atdmt[2].txt

00162852 Bck/Sensive.51 Virus/Trojan No 0 Yes Yes C:\System Volume Information\_restore{DADA5E68-B0EE-431B-B067-0AF33E327A93}\RP708\A0239769.exe

00472815 Adware/MyCentria Adware No 0 Yes No C:\Arquivos de programas\MyCentria\Firefox\InstallerFF.exe

00509861 Hacktool/AngryScan HackTools No 1 No No C:\Documents and Settings\uu\Meus documentos\Lupo_PenSuite_v6.60_Full.exe[ipscan.exe]

00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{DADA5E68-B0EE-431B-B067-0AF33E327A93}\RP711\A0240381.sys

00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{DADA5E68-B0EE-431B-B067-0AF33E327A93}\RP720\A0241023.sys

01241732 Trj/PSW Virus/Trojan No 1 No No C:\Documents and Settings\uu\Desktop\F O T O S.{21EC2020-3AEA-1069-A2DD-08002B30309D}\FOTOS\orkut\gesetup.rar[gesetup.exe]

01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{DADA5E68-B0EE-431B-B067-0AF33E327A93}\RP721\A0241092.exe

01675833 Trj/SMSlock.C Virus/Trojan No 0 Yes Yes C:\System Volume Information\_restore{DADA5E68-B0EE-431B-B067-0AF33E327A93}\RP720\A0241028.exe

02058580 Generic Malware Virus/Trojan No 0 Yes Yes C:\Arquivos de programas\A8GSdsApp\AGSeiApp.exe.BAK

02885963 Rootkit/Booto.C Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{DADA5E68-B0EE-431B-B067-0AF33E327A93}\RP721\A0241126.sys

02885963 Rootkit/Booto.C Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{DADA5E68-B0EE-431B-B067-0AF33E327A93}\RP722\A0241363.sys

03447042 Generic Trojan Virus/Trojan No 0 No No C:\Documents and Settings\uu\Meus documentos\Lupo_PenSuite_v6.60_Full.exe[nPOPuk.exe]

03447262 Generic Trojan Virus/Trojan No 0 No No C:\Documents and Settings\uu\Meus documentos\Lupo_PenSuite_v6.60_Full.exe[lightup.exe]

03587590 Adware/Yassist Adware No 0 No No C:\Documents and Settings\uu\Desktop\Renan\Downloads - RG\Dead Files\Legendas\DivXInstaller.exe[²ÇÇ\y_toolbar.exe][²èÇ]

03714899 Adware/SecurityError Adware No 0 Yes No C:\Arquivos de programas\Motorola\RSD Lite\Uninstall.exe

;===============================================================================

=================================================================================

===================

SUSPECTS

Sent Location _

;===============================================================================

=================================================================================

===================

No C:\Documents and Settings\uu\Meus documentos\ARQUIVOS INSTALACAO\dreburn.mp3.v1.0.keygen.takcrack.com.zip[keymaker.exe]

No C:\Documents and Settings\uu\Meus documentos\Lupo_PenSuite_v6.60_Full.exe[iefdmdm.dll] _

;===============================================================================

=================================================================================

===================

VULNERABILITIES

Id Severity Description _

;===============================================================================

=================================================================================

===================

210625 HIGH MS09-026 _

210624 HIGH MS09-025 _

210621 HIGH MS09-022 _

210618 HIGH MS09-019 _

;===============================================================================

=================================================================================

===================

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:18:25, on 2/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\LckFldService.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.shareazaweb.com/br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: Download Links As... - file://C:\WINDOWS\system32\page.htm

O8 - Extra context menu item: Download Target(s) As... - file://C:\WINDOWS\system32\link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Hyperdesk Theme Enabler (HdThemeEnabler) - The Skins Factory, Inc. - C:\Arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 7416 bytes

Acesse este site: http://www.kaspersky.com/virusscanner

Clique em /applications/core/interface/imageproxy/imageproxy.php?img=http://i100.photobucket.com/albums/m7/dasaki/Clipboard01-1.jpg&key=483c4a42f147247f0bb8150c84614e06b49841c5a4b237186e0cd8bb9608f168" alt="Clipboard01-1.jpg" />

Siga as instruções de configuração do verificador conforme imagem abaixo.

/applications/core/interface/imageproxy/imageproxy.php?img=http://img113.imageshack.us/img113/9393/kosjn0.gif&key=cd24a699f2728ee4bca5f3fe65f56fc42b1bbf4a7a0247876fe42387af9f68a0" alt="kosjn0.gif" />

poste o log do scan aqui mesmo no tópico

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0 REPORT

Friday, July 3, 2009

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

 Program database last update: Friday, July 03, 2009 14:16:59

 Records in database: 2419886

--------------------------------------------------------------------------------

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

Scan area - My Computer:

A:\

C:\

D:\

Scan statistics:

Files scanned: 78260

Threat name: 4

Infected objects: 5

Suspicious objects: 0

Duration of the scan: 02:52:18

File name / Threat name / Threats count

C:\Documents and Settings\uu\Meus documentos\Lupo_PenSuite_v6.60_Full.exe Infected: not-a-virus:RiskTool.Win32.Shutdown.g 1

C:\Documents and Settings\uu\Meus documentos\Lupo_PenSuite_v6.60_Full.exe Infected: not-a-virus:NetTool.Win32.Portscan.c 1

C:\Documents and Settings\uu\Meus documentos\setup.exe Infected: not-a-virus:Monitor.Win32.PCSentinelsBusted.24 2

C:\GenialGiFT\gift\giFT.dll Infected: not-a-virus:----Tool.Win32.---2Peer.c 1

The selected area was scanned.

Execute o Malwarebytes novamente.

Malwarebytes' Anti-Malware 1.38

Versão do banco de dados: 2374

Windows 5.1.2600 Service Pack 3

7/7/2009 12:58:01

mbam-log-2009-07-07 (12-58-01).txt

Tipo de Verificação: Rápida

Objetos verificados: 91947

Tempo decorrido: 4 minute(s), 37 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

O log estar limpo, algum problema?

PROBLEMA RESOLVIDO!

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.