[Resolvido] &nbspKeylogger

[zoc 0]

Estava com um keylogger chamado James Bond 007 que só foi detectado pelo SpywareTerminator, ... Gostaria de saber se ele foi realmente removido.

 

 

Log Hijackthis:

 

Logfile of HijackThis v1.99.1

Scan saved at 16:40:46, on 29/8/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\snmp.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\rundll32.exe

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\Arquivos de programas\Visagesoft\eXPert PDF 5\vspdfprsrv.exe

C:\ARQUIV~1\IObitBar\toolbar\1.bin\i0brmon.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de Programas\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60446

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60446

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\ctbr.dll

R3 - URLSearchHook: (no name) - {7757CBCC-0975-4b79-A519-90B142CA3A23} - C:\Arquivos de programas\IObitBar\toolbar\1.bin\i0SrcAs.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\ctbr.dll

O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Arquivos de programas\Google\Web Accelerator\GoogleWebAccToolbar.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Toolbar BHO - {EFA17361-CDC0-4927-9AFC-BAAD1F96B2AE} - C:\Arquivos de programas\IObitBar\toolbar\1.bin\i0bar.dll

O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Arquivos de programas\Google\Web Accelerator\GoogleWebAccToolbar.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Barra de ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\ctbr.dll

O3 - Toolbar: IObit Toolbar - {EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE} - C:\Arquivos de programas\IObitBar\toolbar\1.bin\i0bar.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTPreset] VTPreset.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Arquivos de programas\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background

O4 - HKLM\..\Run: [iObitBar Browser Plugin Loader] C:\ARQUIV~1\IObitBar\toolbar\1.bin\i0brmon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [spywareTerminator] "C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe"

O4 - HKLM\..\RunOnce: [3telefonica.BlockedAlerts] "C:\Arquivos de programas\Assistente Tecnico Speedy\bin\AboutBrowser\MotiveBrowser.exe" -APPKEY=telesp -WINDOWCONTEXT=telesp -URL=file://C:/Arquivos de programas/Assistente Tecnico Speedy/vendors/telefonica/content/template/driven_dev/BroadBandAsst/SB_Template/modificarRul.html

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MI1933~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Pesquisar - http://edits.myway.com/menusearch.jhtml?s=100000379&p=YI&si=&a=595F9358-945F-4ECC-9B2C-E621E1406823&n=2010073119

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MI1933~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.positivoinformatica.com.br/

O15 - Trusted Zone: http://universitario.educacional.com.br

O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.kr/cdndist/neffy/Neffy.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {329D10B1-1C70-11D6-B49A-0040C7A63343} (ChatWebX Control) - http://universitario.educacional.com.br/academico/servicos/unvSalaVirtual/pop_sala/ChatWeb.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164887255703

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://gimme-three-wishes.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A6A1937B-F2BA-4E0C-B63D-5716012C0921}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\ctbr.dll

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

O23 - Service: Google Update Service (gupdate1ca49ff88d6f44d) (gupdate1ca49ff88d6f44d) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IObit Toolbar Service (IObitBarService) - IObit - C:\ARQUIV~1\IObitBar\toolbar\1.bin\i0barsvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

[wings 22]

Boa noite....

 

 

*Baixe o MalwareBytes Anti-malware e salve-o no desktop

*Instale o programa

*Se alguma atualização existir, o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\)

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta

[zoc 0]

RELATÓRIO:

 

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 4510

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

2/9/2010 18:49:15

mbam-log-2010-09-02 (18-49-15).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 395932

Tempo decorrido: 6 hora(s), 12 minuto(s), 8 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 1

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

C:\WINDOWS\gendel32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

[wings 22]

*Desative seu antivírus temporariamente

*Baixe o RSIT e salve-o no desktop

*Execute o RSIT e clique [Continue]

*Ao finalizar, cole o relatório C:\rsit\log.txt

[zoc 0]

Logfile of random's system information tool 1.08 (written by random/random)

Run by Maiko at 2010-09-03 22:36:03

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 6 GB (8%) free of 79 GB

Total RAM: 1023 MB (58% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:36:06, on 3/9/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\snmp.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\Arquivos de programas\Visagesoft\eXPert PDF 5\vspdfprsrv.exe

C:\ARQUIV~1\IObitBar\toolbar\1.bin\i0brmon.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de Programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\SYSTEM32\taskmgr.exe

C:\Arquivos de Programas\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Maiko\Desktop\RSIT.exe

C:\Arquivos de programas\trend micro\Maiko.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60446

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60446

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\ctbr.dll

R3 - URLSearchHook: (no name) - {7757CBCC-0975-4b79-A519-90B142CA3A23} - C:\Arquivos de programas\IObitBar\toolbar\1.bin\i0SrcAs.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\ctbr.dll

O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Arquivos de programas\Google\Web Accelerator\GoogleWebAccToolbar.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Toolbar BHO - {EFA17361-CDC0-4927-9AFC-BAAD1F96B2AE} - C:\Arquivos de programas\IObitBar\toolbar\1.bin\i0bar.dll

O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Arquivos de programas\Google\Web Accelerator\GoogleWebAccToolbar.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Barra de ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\ctbr.dll

O3 - Toolbar: IObit Toolbar - {EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE} - C:\Arquivos de programas\IObitBar\toolbar\1.bin\i0bar.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTPreset] VTPreset.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Arquivos de programas\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background

O4 - HKLM\..\Run: [iObitBar Browser Plugin Loader] C:\ARQUIV~1\IObitBar\toolbar\1.bin\i0brmon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de Programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\RunOnce: [3telefonica.BlockedAlerts] "C:\Arquivos de programas\Assistente Tecnico Speedy\bin\AboutBrowser\MotiveBrowser.exe" -APPKEY=telesp -WINDOWCONTEXT=telesp -URL=file://C:/Arquivos de programas/Assistente Tecnico Speedy/vendors/telefonica/content/template/driven_dev/BroadBandAsst/SB_Template/modificarRul.html

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MI1933~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Pesquisar - http://edits.myway.com/menusearch.jhtml?s=100000379&p=YI&si=&a=595F9358-945F-4ECC-9B2C-E621E1406823&n=2010073119

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MI1933~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.positivoinformatica.com.br/

O15 - Trusted Zone: http://universitario.educacional.com.br

O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.kr/cdndist/neffy/Neffy.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {329D10B1-1C70-11D6-B49A-0040C7A63343} (ChatWebX Control) - http://universitario.educacional.com.br/academico/servicos/unvSalaVirtual/pop_sala/ChatWeb.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164887255703

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://gimme-three-wishes.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A6A1937B-F2BA-4E0C-B63D-5716012C0921}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\ctbr.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

O23 - Service: Google Update Service (gupdate1ca49ff88d6f44d) (gupdate1ca49ff88d6f44d) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IObit Toolbar Service (IObitBarService) - IObit - C:\ARQUIV~1\IObitBar\toolbar\1.bin\i0barsvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

O24 - Desktop Component 0: (no name) - file:///C:/Arquivos%20de%20Programas/Games/Atrativa/SabreWing%202/WEB/loading.gif

 

--

End of file - 13627 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AWC AutoCare.job

C:\WINDOWS\tasks\AWC Update.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\tasks\SmartDefrag.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]

C:\ARQUIV~1\Crawler\ctbr.dll [2010-08-26 1241448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69A87B7D-DE56-4136-9655-716BA50C19C7}]

&Google Web Accelerator Helper - C:\Arquivos de programas\Google\Web Accelerator\GoogleWebAccToolbar.dll [2007-07-09 311296]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll [2008-12-29 251504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-27 764912]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-17 79648]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EFA17361-CDC0-4927-9AFC-BAAD1F96B2AE}]

Toolbar BHO - C:\Arquivos de programas\IObitBar\toolbar\1.bin\i0bar.dll [2010-07-31 638976]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - Google Web Accelerator - C:\Arquivos de programas\Google\Web Accelerator\GoogleWebAccToolbar.dll [2007-07-09 311296]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll [2008-12-29 251504]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Barra de ferramentas &Crawler - C:\ARQUIV~1\Crawler\ctbr.dll [2010-08-26 1241448]

{EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE} - IObit Toolbar - C:\Arquivos de programas\IObitBar\toolbar\1.bin\i0bar.dll [2010-07-31 638976]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"=C:\WINDOWS\SYSTEM32\VTTimer.exe [2005-03-08 53248]

"VTPreset"=C:\WINDOWS\SYSTEM32\VTPreset.exe [2005-10-13 45056]

"nwiz"=nwiz.exe /install []

"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2005-10-13 208952]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]

"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-10-04 90112]

"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2005-10-13 59392]

"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

"Motive SmartBridge"=C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe [2005-04-15 397312]

"QuickTime Task"=C:\Arquivos de programas\QuickTime\qttask.exe [2006-11-05 282624]

"avast5"=C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864]

"vspdfprsrv.exe"=C:\Arquivos de programas\Visagesoft\eXPert PDF 5\vspdfprsrv.exe [2007-07-02 1179648]

"IObitBar Browser Plugin Loader"=C:\ARQUIV~1\IObitBar\toolbar\1.bin\i0brmon.exe [2010-07-31 20480]

"SunJavaUpdateSched"=C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe [2010-05-14 248552]

"SpywareTerminator"=C:\Arquivos de Programas\Spyware Terminator\SpywareTerminatorShield.exe [2009-02-07 2267136]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"3telefonica.BlockedAlerts"=C:\Arquivos de programas\Assistente Tecnico Speedy\bin\AboutBrowser\MotiveBrowser.exe [2006-03-14 139264]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"=C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-03-31 68856]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]

C:\Arquivos de Programas\IObit\Advanced SystemCare 3\AWC.exe [2010-08-10 2349776]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

C:\Arquivos de Programas\Ares\Ares.exe [2009-12-06 954880]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]

C:\Arquivos de programas\Electronic Arts\EADM\Core.exe -silent []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iBest.baloon]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lingoes]

C:\Arquivos de programas\Lingoes\Translator2\Lingoes.exe [2009-10-08 2203648]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

C:\Arquivos de Programas\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]

C:\Arquivos de Programas\Nokia\Ovi Player\NokiaOviPlayer.exe [2010-03-04 2192672]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]

C:\Arquivos de programas\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2010-06-18 671608]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Arquivos de programas\QuickTime\qttask.exe [2006-11-05 282624]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

C:\Arquivos de programas\Skype\Phone\Skype.exe [2008-11-07 21633320]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]

C:\Arquivos de Programas\Spyware Terminator\SpywareTerminatorShield.exe [2009-02-07 2267136]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-03-31 68856]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Assistente Tecnico Speedy.lnk]

C:\ARQUIV~1\ASSIST~1\bin\matcli.exe [2005-04-15 217088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Maiko^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]

C:\ARQUIV~1\MI1933~1\Office12\ONENOTEM.EXE [2009-02-26 97680]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Maiko^Menu Iniciar^Programas^Inicializar^Xfire.lnk]

C:\ARQUIV~1\Xfire\Xfire.exe [2006-01-04 3469448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\SYSTEM32\WgaLogon.dll [2006-06-19 702768]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,zpasspc.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=1

"NoResolveSearch"=1

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de Programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de Programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de Programas\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Arquivos de Programas\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"

"C:\Arquivos de Programas\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Arquivos de Programas\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"

"C:\Arquivos de Programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de Programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de Programas\Windows Live\Sync\WindowsLiveSync.exe"="C:\Arquivos de Programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Arquivos de Programas\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Arquivos de Programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Arquivos de Programas\Microsoft Office\Office12\GROOVE.EXE"="C:\Arquivos de Programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\Arquivos de Programas\Microsoft Office\Office12\ONENOTE.EXE"="C:\Arquivos de Programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\Arquivos de Programas\Megacubo\megacubo.exe"="C:\Arquivos de Programas\Megacubo\megacubo.exe:*:Enabled:MegaCubo"

"C:\Arquivos de Programas\Skype\Phone\Skype.exe"="C:\Arquivos de Programas\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Arquivos de Programas\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe"="C:\Arquivos de Programas\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite"

"C:\Arquivos de Programas\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Arquivos de Programas\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"

"C:\Arquivos de Programas\LimeWire\LimeWire.exe"="C:\Arquivos de Programas\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\Arquivos de Programas\LucasArts\Star Wars Empire at War\GameData\sweaw.exe"="C:\Arquivos de Programas\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:*:Enabled:Star Wars: Empire at War"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de Programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de Programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de Programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de Programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de Programas\Windows Live\Sync\WindowsLiveSync.exe"="C:\Arquivos de Programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

 

======List of files/folders created in the last 1 months======

 

2010-09-03 22:30:44 ----D---- C:\Arquivos de programas\trend micro

2010-09-03 22:30:41 ----D---- C:\rsit

2010-08-29 13:22:26 ----D---- C:\Arquivos de programas\WinClamAVShield

2010-08-21 17:20:11 ----D---- C:\Documents and Settings\Maiko\Dados de aplicativos\Sony Online Entertainment

2010-08-12 21:33:35 ----A---- C:\WINDOWS\system32\unrar.dll

2010-08-12 21:33:28 ----A---- C:\WINDOWS\system32\yv12vfw.dll

2010-08-12 21:33:28 ----A---- C:\WINDOWS\system32\xvidvfw.dll

2010-08-12 21:33:28 ----A---- C:\WINDOWS\system32\xvidcore.dll

2010-08-12 21:33:28 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest

2010-08-12 21:33:27 ----A---- C:\WINDOWS\system32\ff_vfw.dll

2010-08-11 00:40:36 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$

2010-08-11 00:40:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$

2010-08-11 00:40:05 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$

2010-08-11 00:39:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$

2010-08-11 00:34:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$

2010-08-11 00:33:55 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$

2010-08-11 00:26:01 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$

2010-08-11 00:25:29 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$

2010-08-04 20:12:22 ----A---- C:\WINDOWS\system32\javaws.exe

2010-08-04 20:12:22 ----A---- C:\WINDOWS\system32\javaw.exe

2010-08-04 20:12:22 ----A---- C:\WINDOWS\system32\java.exe

 

======List of files/folders modified in the last 1 months======

 

2010-09-03 22:35:49 ----D---- C:\WINDOWS\Prefetch

2010-09-03 22:30:44 ----D---- C:\Arquivos de Programas

2010-09-03 20:46:12 ----D---- C:\Documents and Settings\Maiko\Dados de aplicativos\Spyware Terminator

2010-09-03 19:53:43 ----D---- C:\WINDOWS\Temp

2010-09-03 19:43:00 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

2010-09-03 19:38:27 ----D---- C:\Arquivos de programas\Microsoft Silverlight

2010-09-03 16:37:54 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-09-03 16:37:44 ----SHD---- C:\WINDOWS\Installer

2010-09-03 16:37:44 ----SHD---- C:\Config.Msi

2010-09-03 03:12:32 ----D---- C:\WINDOWS\system32\CatRoot2

2010-09-02 21:12:43 ----A---- C:\WINDOWS\NeroDigital.ini

2010-09-02 19:19:23 ----D---- C:\Arquivos de programas\JDownloader

2010-09-02 19:09:29 ----D---- C:\WINDOWS\system32\drivers

2010-09-02 19:09:29 ----D---- C:\WINDOWS\Media

2010-09-02 18:49:14 ----D---- C:\WINDOWS

2010-08-31 10:12:16 ----D---- C:\Arquivos de programas\Spyware Terminator

2010-08-30 19:15:16 ----D---- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2010-08-29 20:43:13 ----D---- C:\WINDOWS\system32

2010-08-29 16:40:43 ----D---- C:\Arquivos de programas\HijackThis

2010-08-29 15:11:35 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-08-29 13:17:45 ----D---- C:\Arquivos de programas\Crawler

2010-08-23 16:42:48 ----D---- C:\Arquivos de programas\SpeedFan

2010-08-21 17:35:59 ----SD---- C:\WINDOWS\Tasks

2010-08-21 17:32:37 ----D---- C:\Documents and Settings\Maiko\Dados de aplicativos\Free Download Manager

2010-08-20 20:50:45 ----D---- C:\Documents and Settings\Maiko\Dados de aplicativos\IObit

2010-08-18 20:00:42 ----D---- C:\Ongame

2010-08-15 19:47:05 ----A---- C:\WINDOWS\win.ini

2010-08-12 21:34:39 ----D---- C:\Arquivos de programas\K-Lite Codec Pack

2010-08-12 00:52:07 ----D---- C:\WINDOWS\Microsoft.NET

2010-08-12 00:52:01 ----RSD---- C:\WINDOWS\assembly

2010-08-11 00:40:39 ----HD---- C:\WINDOWS\inf

2010-08-11 00:40:33 ----HD---- C:\WINDOWS\$hf_mig$

2010-08-11 00:40:27 ----A---- C:\WINDOWS\imsins.BAK

2010-08-11 00:39:22 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2010-08-11 00:37:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-08-11 00:37:07 ----D---- C:\WINDOWS\WinSxS

2010-08-11 00:34:33 ----D---- C:\Arquivos de programas\Internet Explorer

2010-08-11 00:34:20 ----D---- C:\WINDOWS\ie8updates

2010-08-11 00:26:03 ----D---- C:\Arquivos de programas\Movie Maker

2010-08-04 20:12:42 ----D---- C:\Arquivos de programas\Arquivos comuns\Java

2010-08-04 20:12:18 ----D---- C:\Arquivos de programas\Java

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]

R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\Drivers\PxHelp20.sys [2006-11-02 36624]

R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]

R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-02-16 691696]

R0 uagp35;Filtro Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672]

R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2005-10-13 27904]

R0 viamraid;viamraid; C:\WINDOWS\system32\DRIVERS\viamraid.sys [2005-04-26 60928]

R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-06-28 28880]

R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-06-28 165456]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-06-28 46672]

R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40448]

R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-06-28 17744]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-06-28 100176]

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-10-04 3797632]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-06-28 23376]

R3 Cap7134;AVerMedia, AVerTV WDM Video Capture (Silicon); C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2005-10-24 346304]

R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []

R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-09-29 1036928]

R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-09-29 219136]

R3 MODEMCSA;Dispositivo de filtro de fluxo unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]

R3 PhTVTune;Cap7134 TVTuner; C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2005-10-24 54304]

R3 slnt;Real RTL8139 PCI Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\slnt.sys [2003-11-20 18004]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-09-29 702592]

S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]

S3 abj7s05d;abj7s05d; C:\WINDOWS\system32\drivers\abj7s05d.sys []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []

S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []

S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]

S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-04-14 42496]

S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]

S3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]

S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-05 12288]

S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\ARQUIV~1\COMMON~1\Motive\MRENDIS5.SYS []

S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 ndiscm;Motorola SURFboard USB Cable Modem Windows Driver; C:\WINDOWS\system32\DRIVERS\NetMotCM.sys [2004-02-09 15360]

S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]

S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]

S3 nocashio;nocashio; C:\WINDOWS\system32\drivers\nocashio.sys [2008-10-04 4096]

S3 npkcrypt;npkcrypt; \??\C:\Arquivos de Programas\Gravity\Ragnarok Online\npkcrypt.sys []

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]

S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-10-13 74496]

S3 S3Psddr;S3Psddr; C:\WINDOWS\system32\DRIVERS\s3gnbm.sys [2005-10-13 167168]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]

S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]

S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]

S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]

S3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2005-08-24 237312]

S3 VIASens;Vinyl Sensaura WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\viasens.sys [2005-10-13 391680]

S3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudios.sys [2005-10-13 113024]

S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S3 XDva332;XDva332; \??\C:\WINDOWS\system32\XDva332.sys []

S3 XDva349;XDva349; \??\C:\WINDOWS\system32\XDva349.sys []

S3 XDva356;XDva356; \??\C:\WINDOWS\system32\XDva356.sys []

S3 XDva359;XDva359; \??\C:\WINDOWS\system32\XDva359.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 avast! Antivirus;avast! Antivirus; C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Arquivos de programas\Bonjour\mDNSResponder.exe [2006-02-28 229376]

R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-06-03 233472]

R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2010-07-17 153376]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]

R2 SeaPort;SeaPort; C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136]

R2 SNMP;Serviço SNMP; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]

R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe [2009-02-07 540672]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S2 gupdate1ca49ff88d6f44d;Google Update Service (gupdate1ca49ff88d6f44d); C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2009-10-10 133104]

S2 IObitBarService;IObit Toolbar Service; C:\ARQUIV~1\IObitBar\toolbar\1.bin\i0barsvc.exe [2010-07-31 28766]

S3 Adobe LM Service;Adobe LM Service; C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-12-16 72704]

S3 aspnet_state;Serviço de estado do ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 avast! Mail Scanner;avast! Mail Scanner; C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]

S3 avast! Web Scanner;avast! Web Scanner; C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-03-31 654848]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 IDriverT;InstallDriver Table Manager; C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 khpqbtblyrqi;khpqbtblyrqi; C:\WINDOWS\system32\drivers\khpqbtblyrqi.sys [2009-08-06 8576]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]

S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-03-24 2796573]

S3 odserv;Microsoft Office Diagnostics Service; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 ServiceLayer;ServiceLayer; C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]

S3 SNMPTRAP;Serviço de interceptação SNMP; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]

S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]

S3 WLSetupSvc;Windows Live Setup Service; C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-02 914944]

S3 xhgpmrwijywi;xhgpmrwijywi; C:\WINDOWS\system32\drivers\xhgpmrwijywi.sys [2010-01-31 8576]

S4 NetTcpPortSharing;Serviço de Compartilhamento de Porta Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

[wings 22]

1.

*Delete o RSI e a pasta C:\rsit

 

2.

*Desative temporariamente seu antivírus

 

*Baixe o ComboFix e salve-o no desktop

 

*Execute o Combofix e aceite o contrato

 

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique [sIM] para instalar e depois [sIM] para continuar.

 

 

 

*Aguarde a conclusão de todas as etapas

 

 

*Evite usar o mouse e o teclado durante a execução do Combofix!!..... Para interromper o procedimento tecle [N] ou [2] e depois [ENTER]

 

*Ao finalizar, o relatório C:\combofix.txt será apresentado.

*Cole-o na próxima resposta.

 

*Se for reiniciar o PC haverá uma opção, na inicialização, chamada Console de Recuperação. Não entre no Windows através do mesmo desde que devidamente orientado(a)!

[zoc 0]

Executei o ComboFix conforme você me orientou, mas quando ele foi excluir alguns arquivos, apareceu o erro BAD_POOL_HEADER.

 

Então executei em modo de segurança e o programa funcionou normalmente, mas quando houve a renicialização automática, na hora de abrir o relatório houve o mesmo erro da tela azul BAD_POOL_HEADER, enfim o relatório foi feito mesmo assim, só gostaria de saber o porquê desse erro.

 

 

Relatório:

 

ComboFix 10-09-04.04 - Maiko 05/09/2010 11:13:39.3.2 - x86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.1023.691 [GMT -3:00]

Executando de: C:\Documents and Settings\Maiko\Meus documentos\Downloads\ComboFix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

C:\WINDOWS\system32\_000001_.tmp.dll

C:\WINDOWS\system32\_000003_.tmp.dll

C:\WINDOWS\system32\_000005_.tmp.dll

C:\WINDOWS\system32\_000008_.tmp.dll

C:\WINDOWS\system32\_000110_.tmp.dll

c:\windows\system32\drivers\khpqbtblyrqi.sys

c:\windows\system32\drivers\xhgpmrwijywi.sys

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_khpqbtblyrqi

-------\Legacy_xhgpmrwijywi

-------\Service_khpqbtblyrqi

-------\Service_xhgpmrwijywi

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-08-05 to 2010-09-05 ))))))))))))))))))))))))))))

.

 

2010-09-05 14:10:01 . 2010-09-05 14:10:01 -------- d-sh--w- C:\Documents and Settings\Administrador\IETldCache

2010-09-04 21:28:23 . 2010-09-04 21:28:23 -------- d-----w- C:\Documents and Settings\Maiko\Dados de aplicativos\eMule

2010-09-04 21:28:21 . 2010-09-04 21:28:36 -------- d-----w- C:\Arquivos de programas\eMule

2010-09-04 01:30:44 . 2010-09-04 01:36:04 -------- d-----w- C:\Arquivos de programas\trend micro

2010-09-03 19:37:08 . 2010-09-03 19:37:08 -------- d-sh--w- C:\Documents and Settings\Default User\IETldCache

2010-08-29 16:22:26 . 2010-09-03 22:43:00 -------- d-----w- C:\Arquivos de programas\WinClamAVShield

2010-08-21 20:20:11 . 2010-08-21 20:20:17 -------- d-----w- C:\Documents and Settings\Maiko\Dados de aplicativos\Sony Online Entertainment

2010-08-13 00:33:35 . 2010-03-15 09:31:50 165376 ----a-w- C:\WINDOWS\system32\unrar.dll

2010-08-13 00:33:28 . 2010-06-08 16:10:50 790528 ----a-w- C:\WINDOWS\system32\xvidcore.dll

2010-08-13 00:33:28 . 2010-06-08 16:10:50 134144 ----a-w- C:\WINDOWS\system32\xvidvfw.dll

2010-08-13 00:33:28 . 2004-01-25 16:18:44 217088 ----a-w- C:\WINDOWS\system32\yv12vfw.dll

2010-08-13 00:33:27 . 2010-08-12 08:00:00 108032 ----a-w- C:\WINDOWS\system32\ff_vfw.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-05 04:48:44 . 2009-02-07 20:08:35 -------- d-----w- C:\Arquivos de programas\Crawler

2010-09-04 21:16:23 . 2010-07-19 01:54:00 -------- d-----w- C:\Arquivos de programas\LimeWire

2010-09-04 01:53:12 . 2009-02-07 20:08:30 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

2010-09-04 01:52:55 . 2009-02-07 20:08:30 -------- d-----w- C:\Arquivos de programas\Spyware Terminator

2010-09-04 01:48:26 . 2009-02-07 20:08:33 -------- d-----w- C:\Documents and Settings\Maiko\Dados de aplicativos\Spyware Terminator

2010-09-03 22:38:27 . 2009-11-24 01:36:15 -------- d-----w- C:\Arquivos de programas\Microsoft Silverlight

2010-09-02 22:19:23 . 2010-04-03 02:42:56 -------- d-----w- C:\Arquivos de programas\JDownloader

2010-08-30 22:15:16 . 2009-01-04 12:28:25 -------- d-----w- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2010-08-23 19:42:48 . 2009-06-30 23:18:17 -------- d-----w- C:\Arquivos de programas\SpeedFan

2010-08-21 20:32:37 . 2010-04-21 18:54:17 -------- d-----w- C:\Documents and Settings\Maiko\Dados de aplicativos\Free Download Manager

2010-08-20 23:50:45 . 2009-02-27 23:28:57 -------- d-----w- C:\Documents and Settings\Maiko\Dados de aplicativos\IObit

2010-08-13 00:34:39 . 2008-04-30 22:59:41 -------- d-----w- C:\Arquivos de programas\K-Lite Codec Pack

2010-08-11 03:39:22 . 2010-02-10 22:25:57 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2010-08-11 03:37:55 . 2006-03-01 19:36:01 87118 ----a-w- C:\WINDOWS\system32\perfc016.dat

2010-08-11 03:37:55 . 2006-03-01 19:36:01 488116 ----a-w- C:\WINDOWS\system32\perfh016.dat

2010-08-04 23:12:42 . 2006-03-01 23:35:04 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Java

2010-08-04 23:12:18 . 2006-03-01 23:35:05 -------- d-----w- C:\Arquivos de programas\Java

2010-08-03 00:59:39 . 2010-08-03 00:59:39 -------- d-----w- C:\Arquivos de programas\GameVicio

2010-08-02 14:20:35 . 2010-08-01 21:29:43 -------- d-----w- C:\Documents and Settings\Maiko\Dados de aplicativos\Xfire

2010-08-02 14:20:04 . 2010-08-01 21:29:41 -------- d-s---w- C:\Arquivos de programas\Xfire

2010-08-01 21:45:25 . 2010-08-01 21:45:25 -------- d-----w- C:\Documents and Settings\Maiko\Dados de aplicativos\Petroglyph

2010-08-01 21:30:29 . 2006-03-01 23:54:55 -------- d--h--w- C:\Arquivos de programas\InstallShield Installation Information

2010-08-01 21:30:10 . 2010-08-01 21:30:10 -------- d-----w- C:\Arquivos de programas\LucasArts

2010-07-31 21:13:44 . 2010-07-31 21:13:44 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\IObit

2010-07-31 21:13:16 . 2010-07-31 21:13:16 -------- d-----w- C:\Arquivos de programas\IObitBar

2010-07-28 01:27:26 . 2010-07-28 01:27:26 -------- d-----w- C:\Arquivos de programas\OnGame

2010-07-17 08:00:04 . 2010-06-25 14:02:59 423656 ----a-w- C:\WINDOWS\system32\deployJava1.dll

2010-07-17 02:47:43 . 2010-07-17 01:01:15 -------- d-----w- C:\Arquivos de programas\Perfect World

2010-06-30 12:32:26 . 2006-03-01 19:35:37 149504 ----a-w- C:\WINDOWS\system32\schannel.dll

2010-06-28 20:57:33 . 2010-07-18 00:19:17 38848 ----a-w- C:\WINDOWS\avastSS.scr

2010-06-28 20:57:12 . 2010-05-16 00:32:52 165032 ----a-w- C:\WINDOWS\system32\aswBoot.exe

2010-06-28 20:37:52 . 2010-05-16 00:33:10 46672 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys

2010-06-28 20:37:30 . 2010-05-16 00:33:12 165456 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys

2010-06-28 20:33:13 . 2010-05-16 00:33:11 23376 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys

2010-06-28 20:32:45 . 2010-05-16 00:33:09 100176 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys

2010-06-28 20:32:42 . 2010-05-16 00:33:09 94544 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys

2010-06-28 20:32:33 . 2010-05-16 00:33:13 17744 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys

2010-06-28 20:32:16 . 2010-05-16 00:33:08 28880 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys

2010-06-24 12:24:53 . 2006-03-01 19:35:49 916480 ----a-w- C:\WINDOWS\system32\wininet.dll

2010-06-24 09:02:34 . 2006-03-01 19:35:49 1852032 ----a-w- C:\WINDOWS\system32\win32k.sys

2010-06-21 15:27:11 . 2006-03-01 19:35:43 354304 ----a-w- C:\WINDOWS\system32\drivers\srv.sys

2010-06-17 14:03:09 . 2006-03-01 19:35:10 80384 ----a-w- C:\WINDOWS\system32\iccvid.dll

2010-06-14 14:31:20 . 2006-03-01 23:00:27 744448 ----a-w- C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

2010-06-14 07:42:28 . 2006-03-01 19:35:25 1172480 ----a-w- C:\WINDOWS\system32\msxml3.dll

2006-12-03 10:25:01 . 2006-12-03 10:25:01 9414856 ----a-w- C:\Arquivos de programas\Install_MSN_Messenger.EXE

2002-08-29 12:41:08 . 2010-05-16 02:06:33 401462 ----a-w- C:\Arquivos de programas\mozilla firefox\plugins\msvcp60.dll

2002-08-29 12:41:08 . 2010-05-16 02:06:33 323072 ----a-w- C:\Arquivos de programas\mozilla firefox\plugins\msvcrt.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{7757CBCC-0975-4b79-A519-90B142CA3A23}"= "C:\Arquivos de programas\IObitBar\toolbar\1.bin\i0SrcAs.dll" [2010-07-31 21:13:16 49152]

 

[HKEY_CLASSES_ROOT\clsid\{7757cbcc-0975-4b79-a519-90b142ca3a23}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EFA17361-CDC0-4927-9AFC-BAAD1F96B2AE}]

2010-07-31 21:13:16 638976 ----a-w- C:\Arquivos de Programas\IObitBar\toolbar\1.bin\i0bar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE}"= "C:\Arquivos de programas\IObitBar\toolbar\1.bin\i0bar.dll" [2010-07-31 21:13:16 638976]

 

[HKEY_CLASSES_ROOT\clsid\{efa17369-cdc0-4927-9afc-baad1f96b2ae}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-31 20:44:21 68856]

"ares"="C:\Arquivos de Programas\Ares\Ares.exe" [2009-12-06 16:24:32 954880]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2005-03-08 05:33:00 53248]

"VTPreset"="VTPreset.exe" [2005-10-13 16:22:28 45056]

"nwiz"="nwiz.exe" [2006-10-22 15:22:00 1622016]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2005-10-13 16:01:11 208952]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 15:22:00 86016]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 15:22:00 7700480]

"SoundMan"="SOUNDMAN.EXE" [2005-10-04 16:12:52 90112]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2005-10-13 16:01:09 59392]

"Motive SmartBridge"="C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2005-04-15 19:46:04 397312]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2006-11-05 23:13:21 282624]

"vspdfprsrv.exe"="C:\Arquivos de programas\Visagesoft\eXPert PDF 5\vspdfprsrv.exe" [2007-07-02 22:58:54 1179648]

"IObitBar Browser Plugin Loader"="C:\ARQUIV~1\IObitBar\toolbar\1.bin\i0brmon.exe" [2010-07-31 21:13:16 20480]

"SunJavaUpdateSched"="C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-05-14 14:44:46 248552]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"3telefonica.BlockedAlerts"="C:\Arquivos de programas\Assistente Tecnico Speedy\bin\AboutBrowser\MotiveBrowser.exe" [2006-03-15 00:45:34 139264]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:20:54 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="C:\WINDOWS\system32\logonui.exe"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zpasspc.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Assistente Tecnico Speedy.lnk]

backup=C:\WINDOWS\pss\Assistente Tecnico Speedy.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Maiko^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]

backup=C:\WINDOWS\pss\Recorte de tela e Iniciador do OneNote 2007.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Maiko^Menu Iniciar^Programas^Inicializar^Xfire.lnk]

backup=C:\WINDOWS\pss\Xfire.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iBest.baloon

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]

2010-08-10 18:13:42 2349776 ----a-w- C:\Arquivos de Programas\IObit\Advanced SystemCare 3\AWC.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

2009-12-06 16:24:32 954880 ----a-w- C:\Arquivos de Programas\Ares\Ares.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2009-10-30 11:57:08 369200 ----a-w- C:\Arquivos de Programas\DAEMON Tools Lite\DTLite.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 13:44:34 31072 ----a-w- C:\Arquivos de Programas\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lingoes]

2009-10-09 02:50:40 2203648 ----a-w- C:\Arquivos de Programas\Lingoes\Translator2\Lingoes.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 18:44:26 3883840 ----a-w- C:\Arquivos de Programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 13:50:42 155648 ----a-w- C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]

2010-03-04 18:10:52 2192672 ----a-w- C:\Arquivos de Programas\Nokia\Ovi Player\NokiaOviPlayer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]

2010-06-18 18:37:48 671608 ----a-w- C:\Arquivos de Programas\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2006-11-05 23:13:21 282624 ----a-w- C:\Arquivos de Programas\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2008-11-07 17:31:38 21633320 ----a-r- C:\Arquivos de Programas\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]

2009-02-07 20:08:33 2267136 ----a-w- C:\Arquivos de Programas\Spyware Terminator\SpywareTerminatorShield.Exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-03-31 20:44:21 68856 ----a-w- C:\Arquivos de Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de Programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"C:\\Arquivos de Programas\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=

"C:\\Arquivos de Programas\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=

"C:\\Arquivos de Programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de Programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"C:\\Arquivos de Programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de Programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de Programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de Programas\\Megacubo\\megacubo.exe"=

"C:\\Arquivos de Programas\\Skype\\Phone\\Skype.exe"=

"C:\\Arquivos de Programas\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=

"C:\\Arquivos de Programas\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"C:\\Arquivos de Programas\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

 

R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [15/5/2010 21:33:12 165456]

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [7/2/2009 17:08:33 142592]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [15/5/2010 21:33:13 17744]

R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [20/11/2009 10:25:25 233472]

R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [20/11/2009 10:25:25 36608]

R3 PhTVTune;Cap7134 TVTuner;C:\WINDOWS\system32\drivers\PhTVTune.sys [1/3/2006 20:09:09 54304]

R3 slnt;Real RTL8139 PCI Fast Ethernet Adapter;C:\WINDOWS\system32\drivers\slnt.sys [12/9/2009 13:27:24 18004]

S2 gupdate1ca49ff88d6f44d;Google Update Service (gupdate1ca49ff88d6f44d);C:\Arquivos de Programas\Google\Update\GoogleUpdate.exe [10/10/2009 20:15:17 133104]

S2 IObitBarService;IObit Toolbar Service;C:\ARQUIV~1\IObitBar\toolbar\1.bin\i0barsvc.exe [31/7/2010 18:13:16 28766]

S3 npggsvc;nProtect GameGuard Service;C:\WINDOWS\system32\GameMon.des -service --> C:\WINDOWS\system32\GameMon.des -service [?]

S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\WINDOWS\system32\drivers\ss_bbus.sys [20/11/2009 10:38:25 90112]

S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\WINDOWS\system32\drivers\ss_bmdfl.sys [20/11/2009 10:38:25 14976]

S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\WINDOWS\system32\drivers\ss_bmdm.sys [20/11/2009 10:38:25 121856]

S3 VIASens;Vinyl Sensaura WDM 3D Audio Driver;C:\WINDOWS\system32\drivers\viasens.sys [1/3/2006 20:08:26 391680]

S3 XDva332;XDva332;\??\C:\WINDOWS\system32\XDva332.sys --> C:\WINDOWS\system32\XDva332.sys [?]

S3 XDva349;XDva349;\??\C:\WINDOWS\system32\XDva349.sys --> C:\WINDOWS\system32\XDva349.sys [?]

S3 XDva356;XDva356;\??\C:\WINDOWS\system32\XDva356.sys --> C:\WINDOWS\system32\XDva356.sys [?]

S3 XDva359;XDva359;\??\C:\WINDOWS\system32\XDva359.sys --> C:\WINDOWS\system32\XDva359.sys [?]

S4 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [26/12/2006 16:58:00 691696]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*NewlyCreated* - FSUSBEXDISK

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-09-04 C:\WINDOWS\Tasks\AWC AutoCare.job

- C:\Arquivos de programas\IObit\Advanced SystemCare 3\AutoCare.exe [2010-04-19 00:07:11 . 2010-01-22 17:10:48]

 

2010-09-05 C:\WINDOWS\Tasks\AWC Update.job

- C:\Arquivos de Programas\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-07-12 01:34:19 . 2010-07-14 14:08:36]

 

2010-09-05 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2009-10-10 23:15:17 . 2009-10-10 23:15:07]

 

2010-09-05 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2009-10-10 23:15:17 . 2009-10-10 23:15:07]

 

2010-08-16 C:\WINDOWS\Tasks\SmartDefrag.job

- C:\Arquivos de Programas\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-02-27 23:28:55 . 2010-03-26 19:48:20]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.baixaki.com.br/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

IE: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

IE: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

IE: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

IE: Crawler Search - tbr:iemenu

IE: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

IE: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: Pesquisar - http://edits.myway.com/menusearch.jhtml?s=100000379&p=YI&si=&a=595F9358-945F-4ECC-9B2C-E621E1406823&n=2010073119

Trusted Zone: educacional.com.br\universitario

TCP: {A6A1937B-F2BA-4E0C-B63D-5716012C0921} = 200.204.0.10 200.204.0.138

Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\ctbr.dll

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} - hxxp://dist.cdnetworks.co.kr/cdndist/neffy/Neffy.cab

DPF: {329D10B1-1C70-11D6-B49A-0040C7A63343} - hxxp://universitario.educacional.com.br/academico/servicos/unvSalaVirtual/pop_sala/ChatWeb.cab

FF - ProfilePath - C:\Documents and Settings\Maiko\Dados de aplicativos\Mozilla\Firefox\Profiles\mh2uozw5.default\

FF - prefs.js: browser.startup.homepage - www.globo.com

FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60446&qkw=

FF - component: C:\Arquivos de programas\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll

FF - plugin: C:\Arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Arquivos de programas\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: C:\Arquivos de programas\IObitBar\toolbar\1.bin\NPi0Stub.dll

FF - plugin: C:\Arquivos de programas\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Arquivos de Programas\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Documents and Settings\All Users\Dados de aplicativos\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 16000

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 4095

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 1000000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 1000000

FF - user.js: dom.disable_window_status_change - true

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 1000

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORFÃOS REMOVIDOS - - - -

 

SafeBoot-mcmscsvc

SafeBoot-MCODS

MSConfigStartUp-EA Core - C:\Arquivos de programas\Electronic Arts\EADM\Core.exe

[wings 22]

Alguma incompatibilidade entre o hardware com algum programa ou com o próprio PC.

 

OU

 

Muitas informações enviadas ao processador e assim a velocidade necessária para agir é maior do que a velocidade de leitura do HD. Nesta última opção podemos resumir como: pouca memória.

 

 

OK...o log está limpo.

 

Informe como está o PC antes de procedermos com a desinstalação do combofix e realizar procedimentos de manutenção.

[zoc 0]

o PC está aparentemente normal.

[wings 22]

1.

*Clique em [iniciar] > [Executar] > copie e cole: Combofix /uninstall

 

 

*Clique [OK] > [Executar]

*Aguarde surgir a mensagem: "ComboFix está desinstalado"

*Clique [OK]

 

2.

*Baixe o ATF-Cleaner e salve-o no desktop

*Execute o ATF-Cleaner

*Selecione:

 

[X] Select All

*Clique [Empty Selected]

 

=>Caso use Firefox ou Opera:

*Clique na aba "Firefox" ou em "Opera"

*Selecione:

 

[X] Select All

*Clique [sim] > [Empty Selected] > [sim]

 

3.

*Baixe e instale o CCleaner

*Clique [Executar Limpeza]

*Clique [Registro] > [Procurar erros] > [Corrigir Erros Selecionados] > [Corrigir Todos os Erros Selecionados]

 

Use regularmente os programas ATF-Cleaner e CCleaner para manter o PC em ordem.

 

 

Um abraço.

[wings 22]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.