[Resolvido!] Analisem meu log do Hijackthis

Jocasinho · Janeiro 17, 2009

Analisem ai por favor !

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:29:24, on 17/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\BandRich\BandLuxe HSDPA utility R11\BRService.exe

C:\WINDOWS\system32\slmdmsr.exe

C:\WINDOWS\System32\WScript.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\IObit\Advanced WindowsCare V2\MemCleaner.exe

C:\WINDOWS\SYSTEM\spoolsv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\NitroPC\NitroPC.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Trayit\trayit!.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, explorer.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [barsaka] explorer.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [smartRAM] C:\Arquivos de programas\IObit\Advanced WindowsCare V2\MemCleaner.exe /m

O4 - HKLM\..\Run: [Microsoft App] C:\WINDOWS\SYSTEM\spoolsv.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKLM\..\Policies\Explorer\Run: [JOCASINH-0588F4] .vbe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: TrayIt!.lnk = C:\Arquivos de programas\Trayit\trayit!.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\Microsoft Office\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3C718167-F9DF-4942-B1CA-CA2D7EFE8E70}: NameServer = 200.222.0.34 200.202.193.75

O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Arquivos de programas\BandRich\BandLuxe HSDPA utility R11\BRService.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe

--

End of file - 4789 bytes

DigRam · Janeiro 18, 2009

Boa Noite! Jocasinho

<@> Baixe: < ComboFix.exe > ( ...by sUBs )

<@> Salve-o no Desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.
<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <-- Link!

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

----------------------

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

Abraços!

Jocasinho · Janeiro 19, 2009

Log do Combofix

ComboFix 09-01-18.01 - Jocasinho 2009-01-19 0:37:09.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.991.662 [GMT -2:00]

Executando de: c:\documents and settings\Jocasinho\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\arquivos de programas\Turkojan

c:\arquivos de programas\Turkojan\readme.rtf

c:\windows\system\spoolsv.exe

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-12-19 to 2009-01-19 ))))))))))))))))))))))))))))

.

2009-01-16 03:12 . 2009-01-16 03:12 <DIR> d-------- c:\arquivos de programas\Trend Micro

2009-01-15 15:13 . 2009-01-15 15:13 <DIR> d-------- c:\arquivos de programas\Silkroad

2009-01-15 01:53 . 2009-01-15 01:53 <DIR> d-------- c:\arquivos de programas\OnGame

2009-01-14 18:41 . 2009-01-14 18:41 <DIR> d-------- c:\documents and settings\Jocasinho\Dados de aplicativos\Media Player Classic

2009-01-04 07:37 . 2009-01-04 07:37 <DIR> d-------- c:\arquivos de programas\VIA

2009-01-04 07:36 . 2008-07-08 11:46 <DIR> d-------- C:\via_windows_falcon_ide_v251a

2009-01-04 07:36 . 2008-07-08 11:42 <DIR> d-------- C:\via_hyperionpro_518a

2009-01-04 07:36 . 2008-04-03 15:42 53,248 --a------ c:\windows\system32\drivers\ViPrt.sys

2009-01-04 07:36 . 2008-05-26 16:14 18,432 --a------ c:\windows\system32\vIdeInst.dll

2009-01-04 07:36 . 2008-04-03 15:42 16,896 --a------ c:\windows\system32\drivers\ViBus.sys

2009-01-04 07:36 . 2007-09-21 17:49 9,216 --a------ c:\windows\system32\drivers\videX32.sys

2009-01-04 07:35 . 2005-11-17 15:46 337,320 --a------ c:\windows\system32\difxapi.dll

2009-01-04 07:35 . 2006-10-27 16:26 69,632 --a------ c:\windows\system32\vuins32.dll

2009-01-04 07:35 . 2007-09-21 19:24 43,520 --a------ c:\windows\system32\drivers\fetnd5bv.sys

2009-01-04 07:34 . 2008-07-08 22:56 <DIR> d-------- C:\via_vt6105m_60

2009-01-04 06:58 . 2009-01-04 07:03 139,264 --a------ c:\windows\War3Unin.exe

2009-01-04 06:58 . 2009-01-04 07:04 91,443 --a------ c:\windows\War3Unin.dat

2009-01-04 06:58 . 2009-01-04 07:03 2,829 --a------ c:\windows\War3Unin.pif

2009-01-04 06:55 . 2009-01-14 19:08 <DIR> d-------- c:\arquivos de programas\Warcraft III

2009-01-03 20:08 . 2009-01-14 19:10 <DIR> d-------- c:\windows\system32\drivers\SLDRV

2009-01-03 20:07 . 2009-01-03 20:07 <DIR> d-------- c:\windows\Modio

2009-01-03 20:07 . 2009-01-03 20:07 <DIR> d-------- C:\smartlink_v90usb_42001_xp

2009-01-03 20:07 . 2005-05-10 19:49 221,184 --a------ c:\windows\system32\slmdmsp.dll

2009-01-03 20:07 . 2005-05-10 19:50 192,512 --a------ c:\windows\system32\slmdmgx.dll

2009-01-03 20:07 . 2005-05-10 19:54 77,824 --a------ c:\windows\system32\slmdmco.dll

2009-01-03 20:07 . 2005-05-10 19:53 61,440 --a------ c:\windows\system32\slmdmsr.exe

2009-01-03 03:26 . 2006-08-01 15:02 49,152 --a------ c:\windows\system32\ChCfg.exe

2009-01-03 03:23 . 2009-01-03 03:24 <DIR> d-------- c:\arquivos de programas\Realtek AC97

2009-01-03 03:23 . 2006-07-31 11:19 315,392 --a------ c:\windows\alcupd.exe

2009-01-03 03:23 . 2006-07-31 11:27 217,088 --a------ c:\windows\Alcrmv.exe

2009-01-03 03:22 . 2008-07-08 10:48 <DIR> d-------- C:\realtek_alc650_404_xp

2009-01-03 03:00 . 2009-01-03 05:48 <DIR> d-------- c:\arquivos de programas\Everest

2008-12-31 02:53 . 2008-12-31 02:53 <DIR> d-------- c:\arquivos de programas\Trayit

2008-12-31 02:24 . 2008-12-31 02:24 <DIR> d-------- c:\arquivos de programas\XP Codec Pack

2008-12-31 02:24 . 2008-07-09 06:05 421,888 --a------ c:\windows\system32\ac3filter.acm

2008-12-30 04:59 . 2009-01-03 05:43 <DIR> d-------- c:\arquivos de programas\ElfBot NG 8.40

2008-12-30 02:48 . 2008-12-30 02:49 <DIR> d--hsc--- c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-12-30 02:47 . 2008-12-30 02:47 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2008-12-30 02:38 . 2008-12-30 02:39 <DIR> d-------- c:\arquivos de programas\S3

2008-12-30 02:37 . 2008-07-08 12:35 <DIR> d-------- C:\via_k8m800_220001j_xp

2008-12-30 02:12 . 2008-12-30 02:12 <DIR> d-------- c:\arquivos de programas\Microsoft.NET

2008-12-30 02:11 . 2008-12-30 02:12 <DIR> d-------- c:\windows\SHELLNEW

2008-12-30 01:59 . 2008-12-30 02:00 <DIR> d-------- c:\arquivos de programas\GameVicio

2008-12-30 00:30 . 2008-12-30 00:30 <DIR> d-------- c:\arquivos de programas\Driver-Soft

2008-12-30 00:30 . 2007-09-02 20:56 1,686,016 --a------ c:\windows\system32\clinetsuitex6.ocx

2008-12-30 00:30 . 2004-03-09 16:45 662,288 --a------ c:\windows\system32\MSCOMCT2.OCX

2008-12-30 00:30 . 2004-06-14 14:56 427,864 --a------ c:\windows\system32\XceedZip.dll

2008-12-28 23:26 . 2008-12-28 23:26 <DIR> d-------- c:\arquivos de programas\Ubisoft

2008-12-26 21:20 . 2008-12-26 21:20 <DIR> d-------- c:\documents and settings\Jocasinho\Dados de aplicativos\DAEMON Tools Pro

2008-12-26 21:20 . 2008-12-26 21:20 <DIR> d-------- c:\documents and settings\Jocasinho\Dados de aplicativos\DAEMON Tools

2008-12-26 21:19 . 2008-12-26 21:19 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite

2008-12-26 21:19 . 2008-12-26 21:19 <DIR> d-------- c:\arquivos de programas\DAEMON Tools Lite

2008-12-26 21:07 . 2008-12-26 21:07 <DIR> d-------- c:\documents and settings\Jocasinho\Dados de aplicativos\DAEMON Tools Lite

2008-12-26 21:07 . 2008-12-26 21:07 717,296 --a------ c:\windows\system32\drivers\sptd.sys

2008-12-26 19:24 . 1999-12-17 10:13 86,016 --a------ c:\windows\unvise32.exe

2008-12-26 19:20 . 2008-12-26 19:24 <DIR> d-------- C:\CS1.6 pod-Bot

2008-12-21 23:26 . 2008-12-21 23:26 <DIR> d-------- c:\arquivos de programas\Dynamic HTML Editor

2008-12-21 23:26 . 2003-11-16 17:34 700,416 --a------ c:\windows\system32\FreeImage.dll

2008-12-21 23:26 . 2003-01-26 14:41 40,960 --a------ c:\windows\system32\SSubTmr6.dll

2008-12-21 18:10 . 2008-12-21 18:11 <DIR> d-------- c:\arquivos de programas\Dynamic HTML Editor 4x

2008-12-21 18:10 . 2003-04-21 16:09 245,408 --a------ c:\windows\system32\unicows.dll

2008-12-19 23:39 . 2008-12-19 23:39 <DIR> d--h----- c:\windows\PIF

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-19 02:14 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-01-19 02:14 --------- d-----w c:\arquivos de programas\ElfBot NG 8.31

2009-01-17 18:00 --------- d-----w c:\documents and settings\Jocasinho\Dados de aplicativos\Tibia

2009-01-07 03:36 --------- d-----w c:\arquivos de programas\TibiaBot NG

2009-01-04 09:34 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-12-30 04:52 --------- d-----w c:\arquivos de programas\MSN Messenger

2008-12-30 04:47 --------- d-----w c:\arquivos de programas\Windows Live

2008-12-30 04:38 --------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield

2008-12-26 22:43 --------- d-----w c:\arquivos de programas\Tibia 8.30

2008-12-18 02:48 --------- d-----w c:\documents and settings\Jocasinho\Dados de aplicativos\Audacity

2008-12-18 02:37 --------- d-----w c:\arquivos de programas\Audacity 1.3 Beta

2008-12-17 04:05 --------- d-----w c:\arquivos de programas\MCV

2008-12-10 19:01 --------- d-----w c:\arquivos de programas\Asprate

2008-12-10 04:15 --------- d-----w c:\arquivos de programas\PHP Editor

2008-12-09 14:35 --------- d-----w c:\arquivos de programas\Tales of Pirates Online

2008-12-07 02:07 --------- d-----w c:\arquivos de programas\ALCATech

2008-12-05 01:35 --------- d-----w c:\documents and settings\Jocasinho\Dados de aplicativos\mIRC

2008-12-05 01:33 --------- d-----w c:\arquivos de programas\mIRC

2008-12-04 18:03 --------- d-----w c:\arquivos de programas\CreaSoftware

2008-12-02 23:47 --------- d-----w c:\arquivos de programas\CloneDVD

2008-12-02 13:28 --------- d-----w c:\arquivos de programas\VirtualDJ

2008-12-02 00:52 --------- d-----w c:\documents and settings\Jocasinho\Dados de aplicativos\Sony Setup

2008-12-02 00:52 --------- d-----w c:\arquivos de programas\Sony Setup

2008-11-26 19:52 --------- d-----w c:\documents and settings\Jocasinho\Dados de aplicativos\IObit

2008-11-25 01:15 --------- d-----w c:\arquivos de programas\Foxit Software

2008-11-21 03:44 --------- d-----w c:\arquivos de programas\Native Instruments

2008-11-19 03:25 11,973 -c--a-w c:\windows\system32\drivers\secdrv.sys

2008-10-07 03:36 81,920 -c--a-w c:\documents and settings\Jocasinho\Dados de aplicativos\ezpinst.exe

2008-10-07 03:36 47,360 -c--a-w c:\documents and settings\Jocasinho\Dados de aplicativos\pcouffin.sys

2004-10-01 18:00 40,960 ----a-w c:\arquivos de programas\Uninstall_CDS.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2006-09-14 c:\windows\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2007-04-25 c:\windows\system32\VTTrayp.exe]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Jocasinho\Menu Iniciar\Programas\Inicializar\

TrayIt!.lnk - c:\arquivos de programas\Trayit\trayit!.exe [2008-12-31 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-06-12 03:38 34672 c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-12-10 07:02 216520 c:\arquivos de programas\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-08-04 01:56 1667584 c:\arquivos de programas\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a--c--- 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NitroPC]

--a------ 2008-08-19 18:11 3477504 c:\arquivos de programas\NitroPC\NitroPC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2004-11-02 21:24 32768 c:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartRAM]

--a------ 2007-10-29 17:43 662016 c:\arquivos de programas\IObit\Advanced WindowsCare V2\MemCleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Barsaka]

--a------ 2004-08-04 01:45 1034240 c:\windows\explorer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Valve\\hl.exe"=

"c:\\Arquivos de programas\\Tibia 8.22\\Tibia.exe"=

"c:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"c:\\Arquivos de programas\\Blackd Tools\\Blackd Proxy\\BlackdProxy.exe"=

"c:\\Arquivos de programas\\Tibia 8.30\\Tibia.exe"=

"c:\\Arquivos de programas\\ElfBot NG\\navserv.exe"=

"c:\\Arquivos de programas\\mIRC\\mirc.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\PHP Editor\\PHPServer.exe"=

"c:\\CS1.6 pod-Bot\\hl.exe"=

"c:\\Arquivos de programas\\Warcraft III\\Warcraft III.exe"=

"c:\\Arquivos de programas\\Warcraft III\\War3.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"27015:UDP"= 27015:UDP:CS

"27015:TCP"= 27015:TCP:cs

R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [2009-01-04 16896]

R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2009-01-04 53248]

R3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\drivers\SLDRV\slnt7554.sys [2009-01-03 225272]

R4 BandLuxe_Service;BandLuxe Service;c:\arquivos de programas\BandRich\BandLuxe HSDPA utility R11\BRService.exe [2008-04-15 85016]

S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;c:\windows\system32\drivers\br3gmdm.sys [2008-10-25 100096]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11c9a1cc-9a3c-11dd-ab0e-0016ec2370d0}]