Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

renangv

[Arquivado] PC reiniciando sozinho

Recommended Posts

Quando eu clico em algum jogo aparece rapidamente uma tela azul e meu pc reinicia sozinho.

 

O log gerado foi esse:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:41:03, on 26/6/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\uTorrent\uTorrent.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R3 - URLSearchHook: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Arquivos de programas\4shared.com\tb4sh1.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Arquivos de programas\4shared.com\tb4sh1.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Arquivos de programas\kikin\ie_kikin.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Arquivos de programas\4shared.com\tb4sh1.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [javahr] c:\path\javahr.exe

O4 - HKLM\..\Run: [javahr2] c:\path\javahr2.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [EPSON Stylus C87 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABL.EXE /P23 "EPSON Stylus C87 Series" /O6 "USB002" /M "Stylus C87"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Pando Media Booster] C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Arquivos de programas\kikin\ie_kikin.dll

O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Arquivos de programas\kikin\ie_kikin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O20 - AppInit_DLLs:

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: Google Update Service (gupdate1caa77bb41fd422) (gupdate1caa77bb41fd422) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 8633 bytes

 

 

Isso começo a acontecer depois que eu baixei um programa para utilizar o controle de playstation 2 no pc.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite renangv

 

 

1.

*Baixe o AD-Remover e salve-o no desktop

*Duplo clique em AD-R.exe

*Clique em [Clean]...aguarde o término. A reinicialização do PC poderá ser solicitada pelo programa.

*Cole o relatório criado em C:\Ad-Report-CLEAN.log

 

2.

*Baixe o MalwareBytes Anti-malware e salve-o no desktop

*Instale o programa

*Se alguma atualização existir,o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\)

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta

Compartilhar este post


Link para o post
Compartilhar em outros sites

Relatório do AD-Report

 

======= REPORT FROM AD-REMOVER | ONLY XP/VISTA/7 =======

 

Updated by C_XX on 23/06/10 at 19:20

Contact: AdRemover.contact@gmail.com

website: http://pagesperso-orange.fr/NosTools/ad_remover.html

 

C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 23:42:39 on 26/06/2010, Normal boot

 

Microsoft Windows XP Professional Service Pack 3 (X86)

Renangv@RENAN ( )

 

============== ACTION(S) ==============

 

 

0,Folder deleted: C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

0,File deleted: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

0,Folder deleted: C:\Documents and Settings\Renangv\Dados de aplicativos\Mozilla\FireFox\Profiles\6jxvzrvu.default\extensions\toolbar@ask.com

0,File deleted: C:\Documents and Settings\Renangv\Dados de aplicativos\Mozilla\FireFox\Profiles\6jxvzrvu.default\searchplugins\askcom.xml

0,Folder deleted: C:\DOCUME~1\Renangv\CONFIG~1\Temp\AskSearch

0,File deleted: C:\DOCUME~1\Renangv\CONFIG~1\Temp\ASKSUTBLOG

0,File deleted: C:\DOCUME~1\Renangv\CONFIG~1\Temp\Del_AskHPRFF.VBS

0,File deleted: C:\DOCUME~1\Renangv\CONFIG~1\Temp\GLB1.tmp

0,Folder deleted: C:\Arquivos de programas\Ask.com

0,Folder deleted: C:\Documents and Settings\Renangv\Configurações locais\Dados de aplicativos\AskToolbar

0,Folder deleted: C:\Documents and Settings\Renangv\Configurações locais\Dados de aplicativos\Conduit

0,Folder deleted: C:\Arquivos de programas\Conduit

0,Folder deleted: C:\Documents and Settings\Renangv\Dados de aplicativos\DesktopIcon

3,File deleted: C:\WINDOWS\Installer\11586c4.msi

 

(!) -- Temporary files deleted.

 

 

-- File opened: C:\Documents and Settings\Renangv\Dados de aplicativos\Mozilla\FireFox\Profiles\6jxvzrvu.default\Prefs.js --

Line deleted: user_pref("browser.search.defaultengine", "Ask.com");

Line deleted: user_pref("browser.search.defaultenginename", "Ask.com");

Line deleted: user_pref("browser.search.order.1", "Ask.com");

Line deleted: user_pref("browser.search.selectedEngine", "Ask.com");

Line deleted: user_pref("extensions.asktb.cbid", "FV");

Line deleted: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}...

Line deleted: user_pref("extensions.asktb.enable-kw-search", true);

Line deleted: user_pref("extensions.asktb.fresh-install", false);

Line deleted: user_pref("extensions.asktb.l", "dis");

Line deleted: user_pref("extensions.asktb.last-config-req", "1277561092860");

Line deleted: user_pref("extensions.asktb.locale", "en_BR");

Line deleted: user_pref("extensions.asktb.o", "14594");

Line deleted: user_pref("extensions.asktb.overlay-reloaded-using-restart", true);

Line deleted: user_pref("extensions.asktb.qsrc", "2871");

Line deleted: user_pref("extensions.asktb.r", "5");

Line deleted: user_pref("extensions.enabledItems", "DTToolbar@toolbarnet.com:1.1.2.0185,{CAFEEFAC-0016-0000-0018-A...

-- File closed --

 

 

1,Key deleted: HKLM\Software\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0974BA1E-64EC-11DE-B2A5-E43756D89593}

1,Key deleted: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

1,Key deleted: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

1,Key deleted: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

1,Key deleted: HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B}

1,Key deleted: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

0,Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd

0,Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1

0,Key deleted: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL

1,Key deleted: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

0,Key deleted: HKLM\Software\Conduit

0,Key deleted: HKCU\Software\Ask.com

0,Key deleted: HKCU\Software\AskToolbar

0,Key deleted: HKCU\Software\Conduit

0,Key deleted: HKCU\Software\AppDataLow\AskBarDis

3,Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

3,Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

0,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

 

0,Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}

0,Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}

 

 

============== ADDITIONNAL SCAN ==============

 

** Mozilla Firefox Version [3.6.4 (pt-BR)] **

 

-- C:\Documents and Settings\Renangv\Dados de aplicativos\Mozilla\FireFox\Profiles\6jxvzrvu.default\Prefs.js --

browser.download.lastDir, C:\\Documents and Settings\\Renangv\\Desktop

browser.search.defaulturl, hxxp://www.bing.com/search?FORM=IEFM1&q=

browser.startup.homepage, hxxp://www.daemon-search.com/startpage|hxxp://search.bearshare.com/

browser.startup.homepage_override.mstone, rv:1.9.2.4

 

========================================

 

** Internet Explorer Version [6.0.2900.5512] **

 

[HKCU\Software\Microsoft\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Do404Search: 0x01000000

Enable Browser Extensions: yes

Local Page: C:\WINDOWS\system32\blank.htm

Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

Show_ToolBar: yes

Start Page: hxxp://fr.msn.com/

Use Search Asst: no

 

[HKLM\Software\Microsoft\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Delete_Temp_Files_On_Exit: yes

Local Page: C:\WINDOWS\system32\blank.htm

Search bar: hxxp://search.msn.com/spbasic.htm

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Start Page: hxxp://fr.msn.com/

 

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

Blank: res://mshtml.dll/blank.htm

 

========================================

 

C:\Arquivos de programas\Ad-Remover\Quarantine: 63 File(s)

C:\Arquivos de programas\Ad-Remover\Backup: 15 File(s)

 

C:\Ad-Report-CLEAN[1].txt - 26/06/2010 (2929 Byte(s))

 

End at: 23:43:42, 26/06/2010

 

============== E.O.F ==============

 

 

Cara o incrivel é que quando eu termino a verificação com o MalwareBytes Anti-malware aparece a tela azul ai meu pc reinicia sozinho e não aparece nenhum relatório

 

O que eu devo fazer?

 

você acha que pode me ajudar mesmo sem o relatório do MalwareBytes Anti-malware?

Compartilhar este post


Link para o post
Compartilhar em outros sites

1.

*Execute novamente o AD-Remover

*Clique em [uninstall]

 

2.

*Baixe o RSIT e salve-o no desktop

*Duplo clique em RSIT

*Clique em [Continue]

*Ao término do processo, cole os relatórios criados em C:\rsit\log.txt e C:\rsit\info.txt

 

3.

*Verifique se a fonte do PC está ok e a temperatura do HD também. Tais problemas podem ser causados por Hardware (fonte e cooler).

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ta ai

 

info.txt logfile of random's system information tool 1.06 2010-06-27 14:11:28

 

======Uninstall list======

 

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

µTorrent-->"C:\Arquivos de programas\uTorrent\uTorrent.exe" /UNINSTALL

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 6.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7646-000000000001}

AhnLab Online Security-->C:\Arquivos de programas\AhnLab\ASP\Common\aosremove.exe

Alien Breed: Impact-->"C:\Arquivos de programas\Team17\Alien Breed Impact\unins000.exe"

Arquivo do WinRAR-->C:\Arquivos de programas\WinRAR\uninstall.exe

Assistente de Conexão do Windows Live-->MsiExec.exe /I{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}

Atualização de Segurança para o Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB977165-v2)-->"C:\WINDOWS\$NtUninstallKB977165-v2$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst\spuninst.exe"

Atualização para Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Atualização para Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Atualização para Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"

Atualização para Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"

Atualização para Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

Atualização para Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"

Atualização para Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"

Atualização para Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"

Atualização para Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"

Atualização para Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"

Atualização para Windows XP (KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst\spuninst.exe"

aTube Catcher-->C:\Arquivos de programas\DsNET Corp\aTube Catcher 1.0\uninstall.exe

CloneCD-->"C:\Arquivos de programas\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Arquivos de programas\SlySoft\CloneCD"

CloneDVD2-->"C:\Arquivos de programas\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Arquivos de programas\Elaborate Bytes\CloneDVD2"

Command & Conquer™ Red Alert™ 3-->MsiExec.exe /X{296D8550-CB06-48E4-9A8B-E5034FB64715}

DAEMON Tools Toolbar-->C:\Arquivos de programas\DAEMON Tools Toolbar\uninst.exe

DVDStyler v1.8.0.2-->"C:\Arquivos de programas\DVDStyler\unins000.exe"

eBay Icon-->C:\Documents and Settings\Renangv\Dados de aplicativos\Desktopicon\uninst.exe

EPSON Easy Photo Print-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}\Setup.exe" -l0x416 UNINST

Ferramenta de Carregamento do Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Football Manager 2010-->"C:\Arquivos de programas\Sports Interactive\Football Manager 2010\Uninstall_Football Manager 2010\Uninstall Football Manager 2010.exe"

FormatFactory 2.20-->C:\Arquivos de programas\FreeTime\FormatFactory\uninst.exe

Gemini Lost Deluxe-->"C:\Arquivos de programas\Zylom Games\Gemini Lost Deluxe\GameInstlr.exe" --uninstall UnInstall.log

Google Chrome-->"C:\Arquivos de programas\Google\Chrome\Application\5.0.375.70\Installer\setup.exe" --uninstall --system-level

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

HijackThis 2.0.2-->"C:\Documents and Settings\Renangv\Meus documentos\Downloads\HijackThis.exe" /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix para o Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix para Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Hotfix para Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"

Hotfix para Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"

Hotfix para Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"

ImgBurn-->"C:\Arquivos de programas\ImgBurn\uninstall.exe"

Ink Monitor-->C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe -U

Java 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}

Jetz Rampage 4 Gold-->"C:\Arquivos de programas\S64Games\Jetz Rampage 4 Gold\unins000.exe"

kikin plugin (DVDStyler Edition) 2.0-->C:\Arquivos de programas\kikin\uninst.exe

Legend of Mana Sword-->C:\Arquivos de programas\softendo.com\Legend of Mana Sword\Uninstal.exe

Lexmark 510 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBZUN5C.EXE -dLexmark 510 Series

LUNA Online v1.2.0-->C:\gPotato\Luna Online\uninst.exe

Malwarebytes' Anti-Malware-->"C:\Arquivos de programas\Malwarebytes' Anti-Malware\unins000.exe"

MapleStory-->"C:\Level Up! Games\MapleStory\unins000.exe"

Metal Slug - Special Mission-->C:\Arquivos de programas\softendo.com\Metal Slug - Special Mission\Uninstal.exe

Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Office Access MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0015-0416-0000-0000000FF1CE}

Microsoft Office Enterprise 2007-->"C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0016-0416-0000-0000000FF1CE}

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00BA-0416-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0044-0416-0000-0000000FF1CE}

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00A1-0416-0000-0000000FF1CE}

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001A-0416-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0018-0416-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-002C-0416-0000-0000000FF1CE}

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0019-0416-0000-0000000FF1CE}

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-006E-0416-0000-0000000FF1CE}

Microsoft Office Word MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001B-0416-0000-0000000FF1CE}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Motherboard Monitor 5-->"C:\Arquivos de programas\Motherboard Monitor 5\unins000.exe"

Mozilla Firefox (3.6.4)-->C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI

NVIDIA ForceWare Network Access Manager-->C:\ARQUIV~1\ARQUIV~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l2070

Pacote de Driver do Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\ARQUIV~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_997D018D2E01A9942C06298D6FE2CFA91C42E7EA\amdk8.inf

Pando Media Booster-->C:\Arquivos de programas\Pando Networks\Media Booster\uninst.exe

Plants vs Zombies-->C:\Arquivos de programas\Plants vs Zombies\Uninstal.exe

Ragnarok Online-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{2CBEDEBA-8DCE-4C0E-9DA0-0D2B303991A0}\setup.exe" -l0x416 -removeonly

RealPlayer-->C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0

Realtek High Definition Audio Driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x416 -removeonly

RealUpgrade 1.0-->MsiExec.exe /I{F4F4F84E-804F-4E9A-84D7-C34283F0088F}

Runtime Files Pack 3-->C:\WINDOWS\ST4UNST.EXE -n "C:\WINDOWS\system32\ST4UNST.000"

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

ShadowFlare-->C:\Arquivos de programas\ShadowFlare\SFUninst.exe

Software para Impressoras EPSON-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R

SR9600 Driver-->MsiExec.exe /I{9B3D7519-F678-49A4-B7D9-A7F56471C6EC}

StarCraft II Beta-->C:\Arquivos de programas\Arquivos comuns\Blizzard Entertainment\StarCraft II Beta\Uninstall.exe

The KMPlayer (remove only)-->"C:\Arquivos de programas\The KMPlayer\uninstall.exe"

TVUPlayer 2.5.2.2-->C:\Arquivos de programas\TVUPlayer\uninst.exe

Visual Basic 4 Runtime Files-->C:\WINDOWS\ST4UNST.EXE -n "C:\WINDOWS\system32\ST4UNST.LOG"

Windows Live Call-->MsiExec.exe /I{32BC546A-8AA3-4239-AE92-9CF3291C35A6}

Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}

Windows Live Essentials-->C:\Arquivos de programas\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{F2CD4651-F948-467C-B014-71FD981B7F59}

Windows Live Messenger-->MsiExec.exe /X{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}

Windows Media Format 11 runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Arquivos de programas\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

 

======System event log======

 

Computer Name: RENAN

Event Code: 7036

Message: O serviço Serviço de descoberta SSDP entrou no estado executando.

 

Record Number: 9641

Source Name: Service Control Manager

Time Written: 20100617214342.000000-180

Event Type: Informações

User:

 

Computer Name: RENAN

Event Code: 7035

Message: O serviço Adaptador de desempenho WMI recebeu com êxito um controle Iniciar.

 

Record Number: 9640

Source Name: Service Control Manager

Time Written: 20100617214342.000000-180

Event Type: Informações

User: AUTORIDADE NT\SYSTEM

 

Computer Name: RENAN

Event Code: 7036

Message: O serviço Adaptador de desempenho WMI entrou no estado executando.

 

Record Number: 9639

Source Name: Service Control Manager

Time Written: 20100617214342.000000-180

Event Type: Informações

User:

 

Computer Name: RENAN

Event Code: 7036

Message: O serviço Reconhecimento de local da rede (NLA) entrou no estado executando.

 

Record Number: 9638

Source Name: Service Control Manager

Time Written: 20100617214342.000000-180

Event Type: Informações

User:

 

Computer Name: RENAN

Event Code: 7035

Message: O serviço Reconhecimento de local da rede (NLA) recebeu com êxito um controle Iniciar.

 

Record Number: 9637

Source Name: Service Control Manager

Time Written: 20100617214342.000000-180

Event Type: Informações

User: AUTORIDADE NT\SYSTEM

 

=====Application event log=====

 

Computer Name: RENAN

Event Code: 1005

Message: O usuário recusou o Eula.

 

Record Number: 2673

Source Name: WgaSetup

Time Written: 20100425210320.000000-180

Event Type: Informações

User:

 

Computer Name: RENAN

Event Code: 0

Message:

Record Number: 2672

Source Name: gupdate1caa77bb41fd422

Time Written: 20100425210319.000000-180

Event Type: Informações

User:

 

Computer Name: RENAN

Event Code: 1004

Message: O usuário aceitou o Eula.

 

Record Number: 2671

Source Name: WgaSetup

Time Written: 20100425210317.000000-180

Event Type: Informações

User:

 

Computer Name: RENAN

Event Code: 1002

Message: Starting interactive setup.

 

Record Number: 2670

Source Name: WgaSetup

Time Written: 20100425210317.000000-180

Event Type: Informações

User:

 

Computer Name: RENAN

Event Code: 1006

Message: O Eula foi aceito anteriormente.

 

Record Number: 2669

Source Name: WgaSetup

Time Written: 20100425210317.000000-180

Event Type: Informações

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 1, AuthenticAMD

"PROCESSOR_REVISION"=6b01

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

 

-----------------EOF-----------------

 

Cara não é problema na fonte e nem na temperatura pois eu coloquei coolers faiz uns 3 meses

 

E ai amigo o que eu faço agora?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Foi mal, naum tinha visto

 

Logfile of random's system information tool 1.07 (written by random/random)

Run by Renangv at 2010-06-27 14:11:19

Microsoft Windows XP Professional Service Pack 3

System drive C: has 169 GB (71%) free of 238 GB

Total RAM: 2559 MB (80% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:11:26, on 27/6/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\uTorrent\uTorrent.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\Renangv\Desktop\RSIT.exe

C:\Arquivos de programas\trend micro\Renangv.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Arquivos de programas\4shared.com\tb4sh1.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Arquivos de programas\4shared.com\tb4sh1.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Arquivos de programas\kikin\ie_kikin.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Arquivos de programas\4shared.com\tb4sh1.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [javahr] c:\path\javahr.exe

O4 - HKLM\..\Run: [javahr2] c:\path\javahr2.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [EPSON Stylus C87 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABL.EXE /P23 "EPSON Stylus C87 Series" /O6 "USB002" /M "Stylus C87"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Pando Media Booster] C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Arquivos de programas\kikin\ie_kikin.dll

O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Arquivos de programas\kikin\ie_kikin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: Google Update Service (gupdate1caa77bb41fd422) (gupdate1caa77bb41fd422) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 8828 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-299502267-2077806209-1177238915-1003.job

C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-2077806209-1177238915-1003.job

C:\WINDOWS\tasks\WGASetup.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-14 50376]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]

4shared.com Toolbar - C:\Arquivos de programas\4shared.com\tb4sh1.dll [2010-03-20 2349080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-03-28 341600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2010-03-26 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]

kikin Plugin - C:\Arquivos de programas\kikin\ie_kikin.dll [2010-02-04 750256]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-26 79648]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - 4shared.com Toolbar - C:\Arquivos de programas\4shared.com\tb4sh1.dll [2010-03-20 2349080]

{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]

"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-06-15 1826816]

"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]

"nwiz"=nwiz.exe /install []

"CloneCDTray"=C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe [2009-01-29 57344]

"SunJavaUpdateSched"=C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe [2010-02-18 248040]

"javahr"=c:\path\javahr.exe []

"javahr2"=c:\path\javahr2.exe []

""= []

"TkBellExe"=C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [2010-03-28 202256]

"Ink Monitor"=C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe [2004-05-05 262210]

"EPSON Stylus C87 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABL.EXE [2005-01-27 98304]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-06-28 81920]

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"uTorrent"=C:\Arquivos de programas\uTorrent\uTorrent.exe [2010-03-20 319792]

"msnmsgr"=C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]

"Pando Media Booster"=C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe [2010-03-20 2937528]

"MSMSGS"=C:\Arquivos de programas\Messenger\msmsgs.exe [2008-04-13 1695232]

"DAEMON Tools Lite"=C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0

nwprovau

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"

"C:\Arquivos de programas\uTorrent\uTorrent.exe"="C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\BearShare Applications\BearShare\BearShare.exe"="C:\Arquivos de programas\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare"

"C:\Documents and Settings\Renangv\Meus documentos\Downloads\MWOdownloaderbuild0910.exe"="C:\Documents and Settings\Renangv\Meus documentos\Downloads\MWOdownloaderbuild0910.exe:*:Enabled:MWOdownloaderbuild0910.exe"

"C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe"="C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

"C:\Arquivos de programas\Sports Interactive\Football Manager 2010\fm.exe"="C:\Arquivos de programas\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010"

"C:\Arquivos de programas\TVUPlayer\TVUPlayer.exe"="C:\Arquivos de programas\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"

"C:\Arquivos de programas\StarCraft II Beta\Support\BlizzardDownloader.exe"="C:\Arquivos de programas\StarCraft II Beta\Support\BlizzardDownloader.exe:*:Enabled:Blizzard Downloader"

"C:\Arquivos de programas\StarCraft II Beta\StarCraft II.exe"="C:\Arquivos de programas\StarCraft II Beta\StarCraft II.exe:*:Enabled:Blizzard Launcher"

"C:\Arquivos de programas\StarCraft II Beta\Starcraft II - Beta Launcher.exe"="C:\Arquivos de programas\StarCraft II Beta\Starcraft II - Beta Launcher.exe:*:Enabled:Starcraft II - Beta Launcher"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f391fa81-129d-11df-b606-806d6172696f}]

shell\AutoRun\command - D:\Bin\assetup.exe

 

 

======List of files/folders created in the last 1 months======

 

2010-06-27 14:11:19 ----D---- C:\rsit

2010-06-27 14:11:19 ----D---- C:\Arquivos de programas\trend micro

2010-06-26 23:48:22 ----D---- C:\Documents and Settings\Renangv\Dados de aplicativos\Malwarebytes

2010-06-26 23:48:15 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2010-06-26 23:48:15 ----D---- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2010-06-26 20:40:21 ----D---- C:\HiJackThis

2010-06-26 20:40:07 ----A---- C:\HiJackThis.exe

2010-06-26 00:26:22 ----D---- C:\Arquivos de programas\Gravity

2010-06-25 22:52:08 ----D---- C:\Arquivos de programas\Plants vs Zombies

2010-06-17 21:41:23 ----D---- C:\WINDOWS\USB Vibration

2010-06-17 21:31:35 ----A---- C:\WINDOWS\system32\ntpadcpl.dll

2010-06-17 21:31:35 ----A---- C:\WINDOWS\system32\ntpad.dll

2010-06-17 21:15:19 ----D---- C:\Documents and Settings\Renangv\Dados de aplicativos\fltk.org

2010-06-16 20:35:50 ----D---- C:\Documents and Settings\Renangv\Dados de aplicativos\Uniblue

2010-06-16 20:26:19 ----A---- C:\WINDOWS\system32\XAudio2_5.dll

2010-06-16 20:26:19 ----A---- C:\WINDOWS\system32\xactengine3_5.dll

2010-06-16 20:26:19 ----A---- C:\WINDOWS\system32\d3dx11_42.dll

2010-06-16 20:26:19 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll

2010-06-16 20:26:19 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll

2010-06-16 20:26:18 ----A---- C:\WINDOWS\system32\D3DX9_42.dll

2010-06-16 20:26:18 ----A---- C:\WINDOWS\system32\d3dx10_42.dll

2010-06-16 20:25:06 ----D---- C:\Arquivos de programas\Team17

2010-06-10 14:45:26 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$

2010-06-10 14:45:23 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$

2010-06-10 14:45:20 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$

2010-06-10 14:45:17 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$

2010-06-10 14:45:14 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$

2010-06-10 14:45:10 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$

2010-06-10 14:45:03 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$

2010-05-30 14:50:15 ----D---- C:\gPotato

 

======List of files/folders modified in the last 1 months======

 

2010-06-27 14:11:19 ----RD---- C:\Arquivos de programas

2010-06-27 14:04:28 ----D---- C:\WINDOWS\Temp

2010-06-27 14:04:26 ----SD---- C:\WINDOWS\Tasks

2010-06-27 14:04:26 ----D---- C:\Documents and Settings\Renangv\Dados de aplicativos\uTorrent

2010-06-27 13:52:22 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-06-27 00:18:22 ----D---- C:\WINDOWS

2010-06-27 00:18:21 ----D---- C:\WINDOWS\Minidump

2010-06-26 23:48:16 ----D---- C:\WINDOWS\system32\drivers

2010-06-26 23:43:36 ----SHD---- C:\WINDOWS\Installer

2010-06-26 23:42:48 ----D---- C:\WINDOWS\Prefetch

2010-06-26 12:29:51 ----D---- C:\WINDOWS\system32\CatRoot2

2010-06-26 12:17:01 ----D---- C:\Arquivos de programas\Arquivos comuns

2010-06-26 03:02:21 ----D---- C:\WINDOWS\system32

2010-06-26 00:26:22 ----HD---- C:\Arquivos de programas\InstallShield Installation Information

2010-06-22 19:57:33 ----D---- C:\Arquivos de programas\Mozilla Firefox

2010-06-22 16:40:17 ----HD---- C:\WINDOWS\inf

2010-06-20 20:31:12 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2010-06-20 20:31:09 ----RSD---- C:\WINDOWS\Fonts

2010-06-19 22:54:13 ----D---- C:\Documents and Settings\Renangv\Dados de aplicativos\AdobeUM

2010-06-17 21:41:32 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-06-17 21:34:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-06-16 20:50:12 ----D---- C:\WINDOWS\system32\wbem

2010-06-16 20:50:12 ----D---- C:\WINDOWS\system32\usmt

2010-06-16 20:50:12 ----D---- C:\WINDOWS\system32\Setup

2010-06-16 20:50:12 ----D---- C:\WINDOWS\system32\Restore

2010-06-16 20:50:12 ----D---- C:\WINDOWS\system32\oobe

2010-06-16 20:50:12 ----D---- C:\WINDOWS\system32\1046

2010-06-16 20:50:12 ----D---- C:\WINDOWS\srchasst

2010-06-16 20:50:12 ----D---- C:\WINDOWS\Network Diagnostic

2010-06-16 20:50:12 ----D---- C:\WINDOWS\msagent

2010-06-16 20:50:12 ----D---- C:\WINDOWS\ime

2010-06-16 20:50:12 ----D---- C:\Arquivos de programas\Windows NT

2010-06-16 20:50:12 ----D---- C:\Arquivos de programas\Arquivos comuns\System

2010-06-16 20:50:11 ----D---- C:\Arquivos de programas\Windows Media Player

2010-06-16 20:50:11 ----D---- C:\Arquivos de programas\Outlook Express

2010-06-16 20:50:11 ----D---- C:\Arquivos de programas\NetMeeting

2010-06-16 20:50:11 ----D---- C:\Arquivos de programas\Movie Maker

2010-06-16 20:50:11 ----D---- C:\Arquivos de programas\Messenger

2010-06-16 20:50:11 ----D---- C:\Arquivos de programas\Internet Explorer

2010-06-16 20:48:26 ----D---- C:\WINDOWS\Media

2010-06-16 20:48:26 ----D---- C:\WINDOWS\Cursors

2010-06-16 20:26:20 ----D---- C:\WINDOWS\system32\DirectX

2010-06-14 18:49:07 ----D---- C:\Arquivos de programas\StarCraft II Beta

2010-06-10 14:45:25 ----A---- C:\WINDOWS\imsins.BAK

2010-06-10 14:45:23 ----HD---- C:\WINDOWS\$hf_mig$

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]

R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2010-02-07 11296]

R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-12-17 26024]

R1 mbmiodrvr;mbmiodrvr; \??\C:\WINDOWS\system32\mbmiodrvr.sys []

R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Protocolo de transporte compatível; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]

R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2008-04-14 63232]

R2 NwlnkSpx;Protocolo NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2008-04-14 55936]

R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-15 34760]

R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-09 4449280]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-28 6807328]

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-05-20 46080]

R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-05-20 19968]

R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-14 163584]

R3 padenum;Enumerador de dispositivos de NTPAD; C:\WINDOWS\system32\DRIVERS\padenum.sys [2002-03-07 10624]

R3 SR9USB;SR9600 USB To Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\sr9usb.sys [2009-03-15 14720]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]

R3 VendorJoystickEnabler;Driver para joystick paralelo de consola; C:\WINDOWS\system32\drivers\ntpad.sys [2005-03-26 42880]

S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]

S2 ASInsHelp;ASInsHelp; \??\C:\WINDOWS\system32\drivers\AsInsHelp32.sys []

S3 afrxpqs3;afrxpqs3; C:\WINDOWS\system32\drivers\afrxpqs3.sys []

S3 dump_wmimmc;dump_wmimmc; \??\C:\Arquivos de programas\Gravity\Ragnarok Online\GameGuard\dump_wmimmc.sys []

S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []

S3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []

S3 Mkd2kfNt;Mkd2kfNt; C:\WINDOWS\system32\drivers\Mkd2kfNt.sys [2008-10-17 131072]

S3 Mkd2Nadr;Mkd2Nadr; C:\WINDOWS\system32\drivers\Mkd2Nadr.sys [2008-10-17 79104]

S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-05 12288]

S3 nm;Driver de monitor de rede; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]

S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []

S3 PciCon;PciCon; \??\D:\PciCon.sys []

S3 s916bus;Sony Ericsson Device 916 driver (WDM); C:\WINDOWS\system32\DRIVERS\s916bus.sys [2007-11-02 83496]

S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s916mdfl.sys [2007-11-02 15016]

S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s916mdm.sys [2007-11-02 109992]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 ForcewareWebInterface;Forceware Web Interface; C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2007-05-15 20543]

R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2010-03-26 153376]

R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-11-06 307200]

R2 nSvcIp;ForceWare IP service; C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2007-05-21 135233]

R2 nSvcLog;ForceWare user log service; C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2007-05-21 65605]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-06-28 155716]

R2 NWCWorkstation;Serviço de cliente para NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S2 gupdate1caa77bb41fd422;Google Update Service (gupdate1caa77bb41fd422); C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2010-02-06 133104]

S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2010-02-22 3539180]

S3 odserv;Microsoft Office Diagnostics Service; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-02 914944]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

 

-----------------EOF-----------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

1.

*Delete o RSIT e a pasta C:\rsit

 

2.

*Desative temporariamente seu antivírus

 

 

*Baixe o ComboFix e salve-o no desktop

 

*Execute o Combofix e aceite o contrato

 

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique em [sIM] para a sua instalação.

 

recovery-console-prompt.jpg

 

*Clique em [sIM] para continuar.

 

recovery-console-installed.jpg

 

*Aguarde a conclusão de todas as etapas

 

etapas.jpg

 

*Enquanto o ComboFix estiver em execução, evite usar o mouse e o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

 

*O programa será fechado automaticamente e um relatório (C:\combofix.txt) será apresentado. Cole-o na próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 10-06-27.06 - Renangv 28/06/2010 13:45:34.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2559.2076 [GMT -3:00]

Executando de: c:\documents and settings\Renangv\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\path\javahr.exe

c:\windows\system32\vbzlib1.dll

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-05-28 to 2010-06-28 ))))))))))))))))))))))))))))

.

 

2010-06-27 17:42 . 2010-06-28 01:23 -------- d-----w- c:\arquivos de programas\Plants vs Zombies

2010-06-27 17:11 . 2010-06-27 17:11 -------- d-----w- c:\arquivos de programas\trend micro

2010-06-27 02:48 . 2010-06-27 02:48 -------- d-----w- c:\documents and settings\Renangv\Dados de aplicativos\Malwarebytes

2010-06-27 02:48 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-27 02:48 . 2010-06-27 02:48 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-06-27 02:48 . 2010-06-27 02:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-06-27 02:48 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-26 23:40 . 2010-06-26 23:40 -------- d-----w- C:\HiJackThis

2010-06-26 23:40 . 2010-06-26 23:39 401720 ----a-w- C:\HiJackThis.exe

2010-06-26 06:02 . 2005-01-04 00:43 4682 ----a-w- c:\windows\system32\npptNT2.sys

2010-06-26 03:26 . 2010-06-26 03:26 -------- d-----w- c:\arquivos de programas\Gravity

2010-06-26 02:51 . 2010-06-28 01:23 25 ----a-w- c:\windows\popcinfot.dat

2010-06-22 23:57 . 2010-03-25 14:27 1107264 ----a-w- c:\documents and settings\Renangv\Dados de aplicativos\Mozilla\Firefox\Profiles\6jxvzrvu.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll

2010-06-18 00:47 . 2006-07-09 13:47 10240 ----a-w- c:\windows\system32\drivers\GF0012.SYS

2010-06-18 00:41 . 2008-04-13 21:58 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2010-06-18 00:41 . 2008-04-13 21:58 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2010-06-18 00:41 . 2010-06-18 00:41 -------- d-----w- c:\windows\USB Vibration

2010-06-18 00:31 . 2005-03-26 20:13 42880 ----a-w- c:\windows\system32\drivers\NTPAD.sys

2010-06-18 00:31 . 2005-03-01 04:42 123392 ----a-w- c:\windows\system32\ntpadcpl.dll

2010-06-18 00:31 . 2005-03-01 04:25 57344 ----a-w- c:\windows\system32\ntpad.dll

2010-06-18 00:31 . 2002-03-07 06:33 10624 ----a-w- c:\windows\system32\drivers\padenum.sys

2010-06-18 00:15 . 2010-06-18 00:15 -------- d-----w- c:\documents and settings\Renangv\Dados de aplicativos\fltk.org

2010-06-16 23:35 . 2010-06-16 23:35 -------- d-----w- c:\documents and settings\Renangv\Dados de aplicativos\Uniblue

2010-06-16 23:26 . 2009-09-04 20:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll

2010-06-16 23:26 . 2009-09-04 20:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll

2010-06-16 23:26 . 2009-09-04 20:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll

2010-06-16 23:26 . 2009-09-04 20:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll

2010-06-16 23:26 . 2009-09-04 20:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll

2010-06-16 23:26 . 2009-09-04 20:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll

2010-06-16 23:26 . 2009-09-04 20:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

2010-06-16 23:25 . 2010-06-16 23:25 -------- d-----w- c:\arquivos de programas\Team17

2010-06-01 22:14 . 2010-06-01 22:14 45828 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll

2010-05-30 17:50 . 2010-05-30 17:50 -------- d-----w- C:\gPotato

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-28 16:41 . 2010-02-07 22:25 -------- d-----w- c:\documents and settings\Renangv\Dados de aplicativos\uTorrent

2010-06-26 03:26 . 2010-02-06 00:56 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-06-20 23:31 . 2010-03-22 20:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2010-06-20 01:54 . 2010-02-25 17:37 -------- d-----w- c:\documents and settings\Renangv\Dados de aplicativos\AdobeUM

2010-06-18 00:34 . 2008-04-14 12:00 48628 ----a-w- c:\windows\system32\perfc016.dat

2010-06-18 00:34 . 2008-04-14 12:00 344380 ----a-w- c:\windows\system32\perfh016.dat

2010-06-14 21:49 . 2010-05-22 20:13 -------- d-----w- c:\arquivos de programas\StarCraft II Beta

2010-05-24 17:50 . 2010-05-24 17:50 503808 ----a-w- c:\documents and settings\Renangv\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-345728f8-n\msvcp71.dll

2010-05-24 17:50 . 2010-05-24 17:50 499712 ----a-w- c:\documents and settings\Renangv\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-345728f8-n\jmc.dll

2010-05-24 17:50 . 2010-05-24 17:50 348160 ----a-w- c:\documents and settings\Renangv\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-345728f8-n\msvcr71.dll

2010-05-24 17:50 . 2010-05-24 17:50 61440 ----a-w- c:\documents and settings\Renangv\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-72986059-n\decora-sse.dll

2010-05-24 17:50 . 2010-05-24 17:50 12800 ----a-w- c:\documents and settings\Renangv\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-72986059-n\decora-d3d.dll

2010-05-22 20:17 . 2010-05-22 20:13 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Blizzard Entertainment

2010-05-22 20:17 . 2010-02-26 17:49 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Blizzard Entertainment

2010-05-07 13:40 . 2010-05-07 02:58 -------- d-----w- c:\documents and settings\Renangv\Dados de aplicativos\kikin

2010-05-07 02:58 . 2010-05-07 02:58 -------- d-----w- c:\arquivos de programas\kikin

2010-05-07 02:58 . 2010-05-07 02:58 -------- d-----w- c:\arquivos de programas\DVDStyler

2010-05-05 17:33 . 2010-05-05 17:33 -------- d-----w- c:\documents and settings\Renangv\Dados de aplicativos\EPSON

2010-05-05 17:27 . 2010-05-05 17:27 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\UDL

2010-05-05 17:27 . 2010-02-06 00:56 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2010-05-05 17:26 . 2010-05-05 17:19 -------- d-----w- c:\arquivos de programas\EPSON

2010-05-05 15:31 . 2010-05-05 15:07 -------- d-----w- c:\arquivos de programas\The KMPlayer

2010-05-02 22:44 . 2010-05-02 00:18 -------- d-----w- c:\arquivos de programas\DAEMON Tools Lite

2010-05-02 08:08 . 2008-04-14 12:00 1851392 ----a-w- c:\windows\system32\win32k.sys

2010-05-02 00:19 . 2010-03-24 03:21 -------- d-----w- c:\arquivos de programas\DAEMON Tools Toolbar

2010-04-20 05:31 . 2008-04-14 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-16 16:07 . 2008-04-14 12:00 669184 ----a-w- c:\windows\system32\wininet.dll

2010-04-16 16:07 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll

2010-04-02 19:54 . 2010-02-06 00:55 600680 ----a-w- c:\windows\system32\NVUNINST.EXE

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}"= "c:\arquivos de programas\4shared.com\tb4sh1.dll" [2010-03-20 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]

2010-03-20 23:16 2349080 ----a-w- c:\arquivos de programas\4shared.com\tb4sh1.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]

2010-02-04 22:59 750256 ----a-w- c:\arquivos de programas\kikin\ie_kikin.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}"= "c:\arquivos de programas\4shared.com\tb4sh1.dll" [2010-03-20 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}"= "c:\arquivos de programas\4shared.com\tb4sh1.dll" [2010-03-20 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\arquivos de programas\uTorrent\uTorrent.exe" [2010-03-20 319792]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"Pando Media Booster"="c:\arquivos de programas\Pando Networks\Media Booster\PMB.exe" [2010-03-20 2937528]

"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]

"SkyTel"="SkyTel.EXE" [2007-06-15 1826816]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]

"nwiz"="nwiz.exe" [2007-06-28 1626112]

"CloneCDTray"="c:\arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-03-28 202256]

"Ink Monitor"="c:\arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe" [2004-05-05 262210]

"EPSON Stylus C87 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIABL.EXE" [2005-01-27 98304]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Documents and Settings\\Renangv\\Meus documentos\\Downloads\\MWOdownloaderbuild0910.exe"=

"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Arquivos de programas\\Sports Interactive\\Football Manager 2010\\fm.exe"=

"c:\\Arquivos de programas\\TVUPlayer\\TVUPlayer.exe"=

"c:\\Arquivos de programas\\StarCraft II Beta\\Support\\BlizzardDownloader.exe"=

"c:\\Arquivos de programas\\StarCraft II Beta\\StarCraft II.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"57359:TCP"= 57359:TCP:Pando Media Booster

"57359:UDP"= 57359:UDP:Pando Media Booster

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

 

R3 padenum;Enumerador de dispositivos de NTPAD;c:\windows\system32\drivers\padenum.sys [17/6/2010 21:31 10624]

R3 SR9USB;SR9600 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\sr9usb.sys [6/2/2010 00:00 14720]

R3 VendorJoystickEnabler;Driver para joystick paralelo de consola;c:\windows\system32\drivers\NTPAD.sys [17/6/2010 21:31 42880]

S2 gupdate1caa77bb41fd422;Google Update Service (gupdate1caa77bb41fd422);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [6/2/2010 19:28 133104]

S3 dump_wmimmc;dump_wmimmc;\??\c:\arquivos de programas\Gravity\Ragnarok Online\GameGuard\dump_wmimmc.sys --> c:\arquivos de programas\Gravity\Ragnarok Online\GameGuard\dump_wmimmc.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [26/6/2010 23:48 38224]

S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [21/3/2010 02:24 131072]

S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [21/3/2010 02:24 79104]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2/11/2007 10:47 83496]

S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [2/11/2007 10:47 15016]

S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [2/11/2007 10:47 109992]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/3/2010 00:21 691696]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-02-06 22:28]

 

2010-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-02-06 22:28]

 

2010-06-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-2077806209-1177238915-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-02-25 01:09]

 

2010-06-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-2077806209-1177238915-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-02-25 01:09]

 

2010-06-28 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2010-02-20 01:18]

.

.

------- Scan Suplementar -------

.

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\arquivos de programas\kikin\ie_kikin.dll

FF - ProfilePath - c:\documents and settings\Renangv\Dados de aplicativos\Mozilla\Firefox\Profiles\6jxvzrvu.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage|http://search.bearshare.com/

FF - component: c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - component: c:\documents and settings\Renangv\Dados de aplicativos\Mozilla\Firefox\Profiles\6jxvzrvu.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\components\kikin_3_0.dll

FF - component: c:\documents and settings\Renangv\Dados de aplicativos\Mozilla\Firefox\Profiles\6jxvzrvu.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\components\kikin_3_6.dll

FF - component: c:\documents and settings\Renangv\Dados de aplicativos\Mozilla\Firefox\Profiles\6jxvzrvu.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll

FF - plugin: c:\arquivos de programas\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\documents and settings\All Users\Dados de aplicativos\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF - plugin: c:\documents and settings\Renangv\Dados de aplicativos\Mozilla\Firefox\Profiles\6jxvzrvu.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

FF - plugin: c:\documents and settings\Renangv\Dados de aplicativos\Mozilla\plugins\np-mswmp.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKLM-Run-javahr - c:\path\javahr.exe

HKLM-Run-javahr2 - c:\path\javahr2.exe

AddRemove-eBay Icon - c:\documents and settings\Renangv\Dados de aplicativos\Desktopicon\uninst.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-28 13:49

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

Tempo para conclusão: 2010-06-28 13:50:17

ComboFix-quarantined-files.txt 2010-06-28 16:50

 

Pré-execução: 16 pasta(s) 177.589.989.376 bytes disponíveis

Pós execução: 18 pasta(s) 178.173.722.624 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="C:" XP

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

 

- - End Of File - - C1FE4E770A4CFE55DE9AE83B1651768E

Compartilhar este post


Link para o post
Compartilhar em outros sites

OK....o log está limpo.

 

 

1.

*Clique em [iniciar] > [Executar] > digite: Combofix /uninstall

*Clique [OK]

 

92674490.jpg

 

*Clique em [Executar]

*Aguarde até surgir a mensagem: "ComboFix está desinstalado"

*Clique [OK]

 

2.

Remova da inicialização do PC a opção do Microsoft Windows Recovery Console (Console de Recuperação)

*Clique em [iniciar] > [Executar] > digite: msconfig

*Clique OK

*Clique na aba "BOOT.INI"

*Selecione a linha C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

 

removercombofix1.jpg

 

*Clique em [Verificar caminhos de inicialização]

*Clique em [sIM] > [OK]

 

removercombofix2.jpg

 

*Reinicie o PC

*Ao iniciar o Windows, o utilitário de configuração informará que foi alterado.

*Clique em "Não mostrar esta mensagem ou iniciar o utilitário de configuração do sistema ao iniciar o Windows"

Compartilhar este post


Link para o post
Compartilhar em outros sites

*Baixe o Kaspersky Virus Removal Tool e salve-o no desktop

*Instale o programa

*A tela principal do programa será aberta automaticamente

*Selecione a opção:

 

[] Meu Computador

*Clique em [start scan]....aguarde. Pode demorar.

*Caso encontre algo, clique em [skip]

*Ao término do scan, clique em [Report]

*Uma janela chamada "Detailed report" será aberta

*Clique no sinal [+] ao lado de Autoscan para expandir os eventos encontrados

*Clique com o botão direito do mouse e selecione "Select all"

*Clique novamente com o botão direito do mouse e selecione "Copy"

*Abra o bloco de notas e cole (Ctrl+v) e salve o arquivo no desktop como log.txt

*Feche a janela "Detailed report" do Kasperky

*Na tela principal do Kaspersky clique em [Exit] > [No]

*Cole o relatório salvo no desktop na sua próxima resposta

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.