[Resolvido!] Desktop e barra do iniciar sumindo e aparecendo o tempo

Leandroctp · Julho 21, 2008

Hoje de manha liguei o pc joguei devil may cry 4 e quando sai a barra do iniciar sumiu e nao voltava

reiniciei o computador e entao esse problema começou

Hijackthis Log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:18:11, on 21/7/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Microsoft Private Folder 1.0\PrfldSvc.exe

C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\imapi.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Usefashion - {F12780E0-8D5D-4530-A68A-6CC93B5F891A} - C:\ARQUIV~1\UseLog\USETOO~1.DLL

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MegauploadToolbar\megauploadtoolbar.dll

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1217712252781

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: Google Update Service (gupdate1c8e2157f703fb4) (gupdate1c8e2157f703fb4) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Arquivos de programas\Microsoft Private Folder 1.0\PrfldSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

--

End of file - 6131 bytes

hgb7 · Julho 21, 2008

AVG 8.0 e Spybot atualizados, e rode o scan... se nao resolver... Combo fix nele...

Leandroctp · Julho 21, 2008

AVG 8.0 e Spybot atualizados, e rode o scan... se nao resolver... Combo fix nele...

Passei o AVG e o Spybot mas nao adiantou

como se usa esse combo fix?

jgarcia · Julho 21, 2008

Opa Leandroctp,

Baixe o ComboFix em:

ComboFix

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um log do Hijackthis.

Abraços.

Leandroctp · Julho 21, 2008

Passei o ComboFix e o problema parou por um tempo mas voltou agora

ComboFix 08-07-21.1 - Usuario 2008-07-21 20:12:17.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.594 [GMT -3:00]

Executando de: C:\Documents and Settings\Usuario\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\AbedfMoq.ini

C:\WINDOWS\system32\AbedfMoq.ini2

C:\WINDOWS\system32\aJloWvut.ini

C:\WINDOWS\system32\aJloWvut.ini2

C:\WINDOWS\system32\JjmVCfhk.ini

C:\WINDOWS\system32\JjmVCfhk.ini2

C:\WINDOWS\system32\tCccLRqr.ini

C:\WINDOWS\system32\tCccLRqr.ini2

C:\WINDOWS\system32\UFNVFfhk.ini

C:\WINDOWS\system32\UFNVFfhk.ini2

C:\WINDOWS\system32\UuvEefhk.ini

C:\WINDOWS\system32\UuvEefhk.ini2

C:\WINDOWS\system32\YIPYGMoq.ini

C:\WINDOWS\system32\YIPYGMoq.ini2

.

((((((((((((((((((((((( Ficheiros criados de 2008-06-21 to 2008-07-21 ))))))))))))))))))))))))))))))))

.

2008-08-02 19:33 . 2008-03-19 08:13 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

2008-08-02 19:26 . 2008-08-02 19:26 <DIR> d-------- C:\WINDOWS\Sun

2008-08-02 19:26 . 2008-07-03 17:04 <DIR> d-------- C:\Documents and Settings\Usuario\SystemRequirementsLab

2008-08-02 19:26 . 2008-06-15 01:56 <DIR> d-------- C:\Arquivos de programas\SystemRequirementsLab

2008-08-02 19:25 . 2004-03-18 13:48 <DIR> d-------- C:\Arquivos de programas\Java

2008-08-02 19:25 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-08-02 19:17 . 2008-08-02 19:17 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2008-08-02 19:13 . 2008-05-02 13:41 4,099 --a------ C:\WINDOWS\mozver.dat

2008-08-02 19:06 . 2008-08-02 19:06 <DIR> d-------- C:\Arquivos de programas\Lavalys

2008-08-02 19:06 . 2008-08-02 19:06 <DIR> d-------- C:\Arquivos de programas\foobar2000

2008-08-02 19:05 . 2008-08-02 19:05 <DIR> d-------- C:\Arquivos de programas\Yahoo!

2008-08-02 19:05 . 2008-08-02 19:05 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-08-02 18:54 . 2004-03-18 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-08-02 18:54 . 2004-03-18 19:37 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-08-02 18:43 . 2008-08-02 18:43 <DIR> d-------- C:\Arquivos de programas\Efficient Networks

2008-08-02 18:43 . 2002-10-28 14:19 26,381 --------- C:\WINDOWS\system32\drivers\enethusb.sys

2008-08-02 18:25 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll

2008-08-02 18:25 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui

2008-08-02 18:25 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

2008-08-02 18:25 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-08-02 18:25 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

2008-08-02 18:23 . 2008-08-02 18:23 <DIR> d---s---- C:\Documents and Settings\Usuario\UserData

2008-08-02 18:09 . 2008-08-02 18:09 <DIR> d-------- C:\Documents and Settings\Usuario\Contacts

2008-08-02 17:56 . 2008-04-13 19:20 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-08-02 17:56 . 2008-04-13 18:58 14,720 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

2008-08-02 17:56 . 2008-04-13 11:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-08-02 17:55 . 2008-04-13 11:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-08-02 16:29 . 2008-08-02 16:29 <DIR> d-------- C:\Documents and Settings\Usuario\Dados de aplicativos\Media Player Classic

2008-08-02 16:28 . 2008-04-07 18:08 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-08-02 16:28 . 2008-08-02 16:28 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-08-02 16:20 . 2008-08-02 16:20 268 --ah----- C:\sqmdata03.sqm

2008-08-02 16:20 . 2008-08-02 16:20 244 --ah----- C:\sqmnoopt03.sqm

2008-08-02 16:13 . 2008-08-02 16:13 268 --ah----- C:\sqmdata02.sqm

2008-08-02 16:13 . 2008-08-02 16:13 244 --ah----- C:\sqmnoopt02.sqm

2008-08-02 16:02 . 2008-07-15 01:14 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-08-02 16:01 . 2008-08-02 16:01 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-08-02 15:57 . 2008-08-02 15:57 421 --a------ C:\WINDOWS\ODBC.INI

2008-08-02 15:56 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2008-08-02 15:55 . 2008-08-02 15:55 <DIR> d-------- C:\Arquivos de programas\Microsoft.NET

2008-08-02 15:54 . 2008-08-02 15:54 <DIR> d-------- C:\Arquivos de programas\Microsoft Works

2008-08-02 15:53 . 2008-08-02 15:54 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-08-02 15:47 . 2008-08-02 15:47 268 --ah----- C:\sqmdata01.sqm

2008-08-02 15:47 . 2008-08-02 15:47 244 --ah----- C:\sqmnoopt01.sqm

2008-08-02 15:10 . 2008-02-26 13:02 <DIR> d-------- C:\Arquivos de programas\UseLog

2008-08-02 15:10 . 2008-07-19 15:18 82 --a------ C:\WINDOWS\Winsystemusl.ini

2008-08-02 15:01 . 2008-08-02 15:01 <DIR> d-------- C:\Documents and Settings\Usuario\Dados de aplicativos\Ahead

2008-08-02 14:45 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll

2008-08-02 14:45 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll

2008-08-02 14:45 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll

2008-08-02 14:45 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll

2008-08-02 14:43 . 2008-05-02 13:02 <DIR> d-------- C:\WINDOWS\nview

2008-08-02 14:43 . 2007-12-05 01:41 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe

2008-08-02 14:43 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-08-02 14:42 . 2007-12-05 02:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2008-08-02 14:39 . 2008-08-02 14:39 268 --ah----- C:\sqmdata00.sqm

2008-08-02 14:39 . 2008-08-02 14:39 244 --ah----- C:\sqmnoopt00.sqm

2008-08-02 14:37 . 2008-08-02 14:37 <DIR> d-------- C:\Arquivos de programas\LHSP

2008-08-02 14:37 . 1998-07-30 05:24 192,784 --------- C:\WINDOWS\system32\Tabctl32.ocx

2008-08-02 14:37 . 1998-12-22 01:49 66,594 --a--c--- C:\WINDOWS\system32\dllcache\c_862.nls

2008-08-02 14:37 . 1998-12-22 01:49 66,594 --------- C:\WINDOWS\system32\c_862.nls

2008-08-02 14:37 . 1998-12-22 01:49 66,082 --a--c--- C:\WINDOWS\system32\dllcache\c_708.nls

2008-08-02 14:37 . 1998-12-22 01:49 66,082 --a--c--- C:\WINDOWS\system32\dllcache\c_28596.nls

2008-08-02 14:37 . 1998-12-22 01:49 66,082 --------- C:\WINDOWS\system32\c_708.nls

2008-08-02 14:37 . 1998-12-22 01:49 66,082 --------- C:\WINDOWS\system32\c_28596.nls

2008-08-02 14:37 . 1998-10-07 09:21 29,184 --------- C:\WINDOWS\system32\Popup.ocx

2008-08-02 14:36 . 1998-10-09 16:56 327,168 --a------ C:\WINDOWS\IsUn0416.exe

2008-08-02 14:34 . 2008-04-07 18:04 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-08-02 14:34 . 2008-08-02 14:34 <DIR> d-------- C:\Arquivos de programas\Positivo

2008-08-02 14:33 . 2008-08-02 14:33 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

2008-08-02 14:32 . 2008-08-02 14:32 <DIR> d-------- C:\Arquivos de programas\CyberLink

2008-08-02 14:32 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll

2008-08-02 14:30 . 2008-08-02 14:31 <DIR> d-------- C:\Arquivos de programas\Nero

2008-08-02 14:29 . 2003-02-28 18:26 947,472 --a------ C:\WINDOWS\system32\msjava.dll

2008-08-02 14:29 . 2003-02-28 18:26 404,752 --a------ C:\WINDOWS\system32\javart.dll

2008-08-02 14:29 . 2003-02-28 18:26 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll

2008-08-02 14:29 . 2003-02-28 18:26 187,152 --a------ C:\WINDOWS\system32\javacypt.dll

2008-08-02 14:29 . 2003-02-28 18:26 172,304 --a------ C:\WINDOWS\system32\jview.exe

2008-08-02 14:29 . 2003-02-28 18:26 171,792 --a------ C:\WINDOWS\system32\wjview.exe

2008-08-02 14:29 . 2003-02-28 18:26 154,384 --a------ C:\WINDOWS\system32\msawt.dll

2008-08-02 14:29 . 2003-02-28 18:26 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll

2008-08-02 14:29 . 2003-02-28 18:26 49,424 --a------ C:\WINDOWS\system32\clspack.exe

2008-08-02 14:29 . 2003-02-28 18:26 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll

2008-08-02 14:29 . 2003-02-28 18:26 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe

2008-08-02 14:28 . 2008-07-21 13:15 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-08-02 14:28 . 2008-07-11 01:48 <DIR> d-------- C:\Arquivos de programas\Kaspersky Lab

2008-08-02 14:27 . 2008-08-02 14:27 <DIR> d-------- C:\KAV

2008-07-21 16:54 . 2008-07-21 16:54 95 --a------ C:\WINDOWS\wininit.ini

2008-07-21 15:35 . 2008-07-21 18:17 <DIR> d--h----- C:\$AVG8.VAULT$

2008-07-21 15:19 . 2008-07-21 15:29 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-07-21 15:19 . 2008-07-21 15:19 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\avg8

2008-07-21 15:19 . 2008-07-21 15:19 <DIR> d-------- C:\Arquivos de programas\AVG

2008-07-21 15:19 . 2008-07-21 15:19 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-07-21 15:19 . 2008-07-21 15:19 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

2008-07-21 15:19 . 2008-07-21 15:19 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-07-21 14:10 . 2008-07-21 14:10 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2008-07-21 14:10 . 2008-07-21 14:10 396,288 --a------ C:\HijackThis.exe

2008-07-21 14:03 . 2008-07-21 14:03 812,344 --a------ C:\HJTInstall.exe

2008-07-21 13:43 . 2008-07-21 13:43 0 --a------ C:\ComboFix.exe

2008-07-21 13:39 . 2008-07-21 13:39 2,158 --a------ C:\WINDOWS\system32\tmp.reg

2008-07-21 12:50 . 2008-07-21 12:50 245,760 --a------ C:\WINDOWS\system32\khfeEvuU.dll

2008-07-20 22:58 . 2008-07-20 22:58 <DIR> d-------- C:\WarS

2008-07-20 22:43 . 2008-07-20 22:43 <DIR> d-------- C:\Documents and Settings\Administrador

2008-07-19 20:30 . 2008-07-19 20:30 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Zylom

2008-07-19 20:30 . 2008-07-19 20:30 <DIR> d-------- C:\Arquivos de programas\Zylom Games

2008-07-14 01:43 . 2008-07-14 01:43 <DIR> d-------- C:\Arquivos de programas\RamBooster 2.0

2008-07-12 19:38 . 2008-07-12 19:38 <DIR> d-------- C:\Arquivos de programas\CAPCOM

2008-07-11 01:41 . 2008-07-11 01:41 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2008-07-09 07:13 . 2008-05-09 07:55 512,000 -----c--- C:\WINDOWS\system32\dllcache\jscript.dll

2008-07-09 07:13 . 2008-05-09 07:55 430,080 -----c--- C:\WINDOWS\system32\dllcache\vbscript.dll

2008-07-09 07:13 . 2008-05-09 07:55 180,224 -----c--- C:\WINDOWS\system32\dllcache\scrobj.dll

2008-07-09 07:13 . 2008-05-09 07:55 172,032 -----c--- C:\WINDOWS\system32\dllcache\scrrun.dll

2008-07-09 07:13 . 2008-05-08 08:24 155,648 -----c--- C:\WINDOWS\system32\dllcache\wscript.exe

2008-07-09 07:13 . 2008-05-09 05:45 135,168 -----c--- C:\WINDOWS\system32\dllcache\cscript.exe

2008-07-09 07:13 . 2008-05-09 07:55 90,112 -----c--- C:\WINDOWS\system32\dllcache\wshext.dll

2008-07-08 12:48 . 2008-07-08 12:48 <DIR> d-------- C:\Arquivos de programas\Atari

2008-07-08 12:45 . 2008-07-08 12:45 <DIR> d-------- C:\Documents and Settings\Usuario\Dados de aplicativos\gnupg

2008-07-02 13:59 . 2008-07-02 13:59 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\SimCity Societies

2008-07-01 20:58 . 2008-07-01 20:58 <DIR> d-------- C:\Arquivos de programas\Opera

2008-06-30 22:47 . 2008-06-30 22:47 <DIR> d-------- C:\Documents and Settings\Usuario\Dados de aplicativos\Spore Creature Creator

2008-06-30 14:55 . 2008-06-20 08:51 361,600 --a--c--- C:\WINDOWS\system32\dllcache\tcpip.sys

2008-06-30 14:55 . 2008-04-13 12:20 361,344 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.ORIGINAL

2008-06-30 14:55 . 2008-06-30 14:55 361,344 --a--c--- C:\WINDOWS\system32\dllcache\tcpip.sys.ORIGINAL

2008-06-30 14:54 . 2008-06-30 14:54 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll

2008-06-30 14:53 . 2008-06-30 21:45 <DIR> d-------- C:\Arquivos de programas\BitComet

2008-06-25 14:18 . <DIR> C:\WINDOWS\Mafia

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-02 22:33 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-08-02 22:21 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java

2008-08-02 17:36 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-08-02 17:31 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-07-21 23:15 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\Free Download Manager

2008-07-21 22:52 --------- d-----w C:\Arquivos de programas\On-line Help Console

2008-07-21 19:31 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\foobar2000

2008-07-21 17:16 --------- d-----w C:\Arquivos de programas\Spyware Terminator

2008-07-21 16:23 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\Spyware Terminator

2008-07-21 01:51 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\MegauploadToolbar

2008-07-20 19:15 --------- d-----w C:\Arquivos de programas\Warcraft III

2008-07-12 23:17 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\uTorrent

2008-07-12 05:48 --------- d-----w C:\Arquivos de programas\WinClamAVShield

2008-07-11 13:01 --------- d-----w C:\Arquivos de programas\Tibia

2008-07-09 22:50 --------- d-----w C:\Arquivos de programas\Google

2008-07-05 02:17 --------- d-----w C:\Arquivos de programas\Electronic Arts

2008-07-01 01:47 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-06-20 16:31 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\HP

2008-06-20 16:30 --------- d-----w C:\Arquivos de programas\HP

2008-06-20 16:30 --------- d-----w C:\Arquivos de programas\Arquivos comuns\HP

2008-06-20 16:26 --------- d-----w C:\Arquivos de programas\Hewlett-Packard

2008-06-20 16:24 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-20 01:29 --------- d--h--r C:\Documents and Settings\Usuario\Dados de aplicativos\SecuROM

2008-06-18 00:57 --------- d-----w C:\Arquivos de programas\MegauploadToolbar

2008-06-17 19:59 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\Megaupload

2008-06-15 13:28 --------- d-----w C:\Arquivos de programas\OnGame

2008-06-14 18:49 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\Hamachi

2008-06-14 17:34 272,384 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-14 01:25 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\U3

2008-06-13 23:38 --------- d-----w C:\Arquivos de programas\The KMPlayer

2008-06-09 01:53 --------- d-----w C:\Arquivos de programas\World of Warcraft

2008-06-05 01:40 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\AVI ReComp

2008-06-04 17:55 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\FreeDownloadManager.ORG

2008-06-04 17:55 --------- d-----w C:\Arquivos de programas\Free Download Manager

2008-06-04 17:50 --------- d-----w C:\Arquivos de programas\Xvid

2008-06-04 17:50 --------- d-----w C:\Arquivos de programas\Gabest

2008-06-04 17:50 --------- d-----w C:\Arquivos de programas\AVI ReComp

2008-06-04 17:49 --------- d-----w C:\Arquivos de programas\AviSynth 2.5

2008-05-27 22:30 --------- d-----w C:\Arquivos de programas\DiskTrix

2008-05-25 18:07 --------- d-----w C:\Arquivos de programas\Microsoft Private Folder 1.0

2008-05-23 19:11 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\vlc

2008-05-23 16:33 --------- d-----w C:\Arquivos de programas\Silkroad

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4CC8907-3EA6-49EE-8B74-D09660120910}]

2008-07-15 10:17 184816 --a----t- C:\Arquivos de programas\Google\Update\1.2.121.9\GoopdateBho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F338F9ED-9BD6-4D5B-9C55-83CFA5280410}]

2008-07-21 12:50 245760 --a------ C:\WINDOWS\system32\khfeEvuU.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-11-07 15:34 3739672]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:20 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"SiSRaid"="C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" [2007-01-18 11:59 389120]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208]

"LanguageShortcut"="C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09 49152]

"SoundMan"="SOUNDMAN.EXE" [2006-11-16 18:42 577536 C:\WINDOWS\soundman.exe]

"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"SynchronousMachineGroupPolicy"= 0 (0x0)

"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMBalloonTip"= 1 (0x1)

"MemCheckBoxInRunDlg"= 0 (0x0)

"NoAutoTrayNotify"= 0 (0x0)

"NoResolveTrack"= 0 (0x0)

"NoResolveSearch"= 1 (0x1)

"NoWelcomeScreen"= 1 (0x1)

"NoRecentDocsNetHood"= 1 (0x1)

"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Synchronizer.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Arquivos de programas\\Ares\\Ares.exe"=

"C:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"C:\\Arquivos de programas\\Microsoft Games\\Age of Empires III\\age3.exe"=

"C:\\Arquivos de programas\\Microsoft Games\\Age of Empires III\\age3y.exe"=

"C:\\Arquivos de programas\\Microsoft Games\\Age of Empires III\\age3x.exe"=

"C:\\Arquivos de programas\\Ocean Technologies & Media\\GG E-Sports Platform\\GGclient.exe"=

"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"C:\\Arquivos de programas\\World of Warcraft\\Repair.exe"=

"C:\\Arquivos de programas\\SopCast\\SopCast.exe"=

"C:\\Arquivos de programas\\SopCast\\adv\\SopAdver.exe"=

"C:\\Arquivos de programas\\SopCast\\sopvod.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"C:\\Arquivos de programas\\Ocean Technologies & Media\\GG E-Sports Platform\\Garena.exe"=

"C:\\Arquivos de programas\\Valve\\hl.exe"=

"C:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=

"C:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"C:\\Arquivos de programas\\Atari\\AITD\\Alone.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"32459:TCP"= 32459:TCP:uTorrent

"13992:TCP"= 13992:TCP:BitComet 13992 TCP

"13992:UDP"= 13992:UDP:BitComet 13992 UDP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-21 15:19]

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-04-09 14:53]

R2 avg8emc;AVG Free8 E-mail Scanner;C:\ARQUIV~1\AVG\AVG8\avgemc.exe [2008-07-21 15:19]

R2 avg8wd;AVG Free8 WatchDog;C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2008-07-21 15:19]

R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-21 15:19]

R2 Prvflder;Prvflder;C:\WINDOWS\system32\DRIVERS\prvflder.sys [2006-04-21 08:22]

R3 NWRDR;NetWare Rdr;C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 11:34]

R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 11:47]

S2 gupdate1c8e2157f703fb4;Google Update Service (gupdate1c8e2157f703fb4);C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2008-07-09 19:45]

S2 RPCT;Remote Procedure Call (TPM);C:\Arquivos de programas\NetMeeting\mstinit.exe [2005-03-18 15:31]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]

\Shell\AutoRun\command - M:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab072114-3930-11dd-90dd-000b2325219d}]

\Shell\AutoRun\command - M:\LaunchU3.exe -a

.

Conte£do da pasta 'Tarefas Agendadas'

"2008-06-20 16:34:52 C:\WINDOWS\Tasks\GlaryInitialize.job"

- C:\Arquivos de programas\Glary Utilities\initialize.exe

"2008-07-09 22:45:34 C:\WINDOWS\Tasks\GoogleUpdateTask.job"

- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

.

- - - - ORPHANS REMOVED - - - -

BHO-{29906FE3-8D17-4F50-B9E0-300993CD198F} - (no file)

BHO-{6D53E7A9-8ADC-45DC-B6B5-F1A3DA7E3EAC} - (no file)

BHO-{7A486C6B-8102-49A6-8A3A-30F714C7EE2A} - (no file)

BHO-{914AA7F3-FCD5-468E-B4D2-4AE98D331410} - (no file)

BHO-{9942CEC0-46C1-4B3B-A2DC-C075ABD22E7F} - (no file)

BHO-{BC728C13-5691-4529-A1C2-E662A9AD1C87} - C:\WINDOWS\system32\urqPfcAq.dll

ShellExecuteHooks-{009E9850-D7A2-456A-AE04-EB9ABF822FE4} - (no file)

ShellExecuteHooks-{BC728C13-5691-4529-A1C2-E662A9AD1C87} - C:\WINDOWS\system32\urqPfcAq.dll

.

------- Supplementary Scan -------

.

R1 -: HKCU-Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

O8 -: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 -: Baixar link usando &BitComet - C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 -: Baixar todos os links usando BitComet - C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 -: Baixar todos os vídeos usando BitComet - C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 -: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 -: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 -: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 -: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 -: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll/206

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab

C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-21 20:16:57

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializ veis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Microsoft Private Folder 1.0\PrfldSvc.exe

C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-07-21 20:22:06 - machine was rebooted [usuario]

ComboFix-quarantined-files.txt 2008-07-21 23:21:58

Pre-Run: 1,577,345,024 bytes disponíveis

Post-Run: 1,504,092,160 bytes dispon¡veis

363 --- E O F --- 2008-07-21 22:27:52

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:28:02, on 21/7/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Microsoft Private Folder 1.0\PrfldSvc.exe

C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MegauploadToolbar\megauploadtoolbar.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Update Helper - {A4CC8907-3EA6-49EE-8B74-D09660120910} - C:\Arquivos de programas\Google\Update\1.2.121.9\GoopdateBho.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O2 - BHO: (no name) - {F338F9ED-9BD6-4D5B-9C55-83CFA5280410} - C:\WINDOWS\system32\khfeEvuU.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Usefashion - {F12780E0-8D5D-4530-A68A-6CC93B5F891A} - C:\ARQUIV~1\UseLog\USETOO~1.DLL

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MegauploadToolbar\megauploadtoolbar.dll

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [siSRaid] C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe