[Arquivado] &nbspProblemas ao Iniciar o Windows XP

MasterFuxi · Janeiro 14, 2011

Olá , esta é a segunda vez que acontece isso , eu liguei o pc , ai na hora que aparece o desktop do nada a tela fica preta com uns quadrados azuis e logicamente trava tudo . Depois de tentar algumas vezes eu consegui mexer normalmente . Bom , hoje quando eu liguei apareceu uma coisa não muito esperada, apareceu mensagens de erro na memoria e algo com a pasta system ou system32 , era uma falha la , que precisava clicar em ok para o computador ser desligado , eu usei o Console de Recuperação do windows, ai apareceu C:\WINDOWS para executar o processo de recuperação e reparação, mas eu nao sabia como fazer, tinha os comandos mas eu nao tinha conhecimento da função deles , eu escrevi exit , e o pc reiniciou e amostrou que está no modo diagnóstico , ele abriu normalmente .

Aqui está o log do Hijackthis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 05:48:47, on 14/1/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\VTtrayp.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\tsnp325.exe

C:\WINDOWS\vsnp325.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\SPEEDB~2\VideoAcceleratorService.exe

C:\ARQUIV~1\SPEEDB~2\VideoAcceleratorEngine.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Documents and Settings\eduardo e binha\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\eduardo e binha\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\eduardo e binha\Meus documentos\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://system.setdll.com:8083/connect.dat

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Download Accelerator Plus Integration - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\DAP\DAPIEL~1.DLL

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe

O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} (WorldWinner ActiveX Launcher Control) - http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab

O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} (BejeweledTwist Control) - http://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F32A35DC-6CD5-4A59-93F2-1B77FF085840}: NameServer = 200.149.55.142 200.165.132.154

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~2\VideoAcceleratorService.exe

--

End of file - 8069 bytes

Renato Utsch · Janeiro 17, 2011

Olá!

Seja bem vindo à seção de Remoção de Malwares da IMasters Fóruns!

Por favor, siga as instruções abaixo:

Faça o Download do DDS e salve no Desktop (Área de trabalho).

Temporariamente desative os seus programas de proteção.
Duplo clique em dds.scr.
Irá surgir uma tela preta com algumas informações. Não clique em nada, apenas aguarde!
Quando terminar, duas janelas abrirão: DDS.txt e Attach.txt.
Salve o resultado e cole-o no seu tópico.

OBS: Caso o link disponibilizado não funcione, tente baixar o DDS por ESTE link.

Abraços :D

MasterFuxi · Janeiro 17, 2011

Olá, aqui estão os logs

DDS

DDS (Ver_10-12-12.02) - NTFSx86

Run by eduardo e binha at 16:56:50,50 on seg 17/01/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.991.405 [GMT -2:00]

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

C:\WINDOWS\tsnp325.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\vsnp325.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Documents and Settings\eduardo e binha\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\ARQUIV~1\SPEEDB~2\VideoAcceleratorService.exe

C:\ARQUIV~1\SPEEDB~2\VideoAcceleratorEngine.exe

svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Documents and Settings\eduardo e binha\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jucheck.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\Documents and Settings\eduardo e binha\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\eduardo e binha\Desktop\dds.scr

============== Pseudo HJT Report ===============

uWindow Title =

mWindow Title =

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Download Accelerator Plus Integration: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\arquiv~1\dap\DAPIEL~1.DLL

TB: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

TB: {EBFCD017-BCAD-42C3-9ED5-89DBDFC59171} - No File

TB: {B27200AD-1137-430C-BBAF-593DEFB7373B} - No File

TB: {12FC3D37-2A42-4FE3-8489-81296878CBA5} - No File

uRun: [speedBitVideoAccelerator] c:\arquivos de programas\speedbit video accelerator\VideoAccelerator.exe

uRun: [Pando Media Booster] c:\arquivos de programas\pando networks\media booster\PMB.exe

uRun: [NBCore] "c:\arquivos de programas\arquivos comuns\nero\nero backitup 4\NBCore.exe"

uRun: [msnmsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background

uRun: [MSMSGS] "c:\arquivos de programas\messenger\msmsgs.exe" /background

uRun: [Google Update] "c:\documents and settings\eduardo e binha\configurações locais\dados de aplicativos\google\update\GoogleUpdate.exe" /c

uRun: [DownloadAccelerator] "c:\arquivos de programas\dap\DAP.EXE" /STARTUP

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [VTTrayp] VTtrayp.exe

mRun: [VTTimer] VTTimer.exe

mRun: [unlockerAssistant] "c:\arquivos de programas\unlocker\UnlockerAssistant.exe"

mRun: [tsnp325] c:\windows\tsnp325.exe

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\arquivos comuns\java\java update\jusched.exe"

mRun: [soundMan] SOUNDMAN.EXE

mRun: [snp325] c:\windows\vsnp325.exe

mRun: [NeroFilterCheck] c:\arquivos de programas\arquivos comuns\ahead\lib\NeroCheck.exe

mRun: [Malwarebytes' Anti-Malware] "c:\arquivos de programas\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [desp2k] c:\arquivos de programas\oi velox\manager\desp2k.exe

mRun: [CloneCDTray] "c:\arquivos de programas\slysoft\clonecd\CloneCDTray.exe" /s

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [avgnt] "c:\arquivos de programas\avira\antivir desktop\avgnt.exe" /min

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

IE: &Clean Traces - c:\arquivos de programas\dap\privacy package\dapcleanerie.htm

IE: &Download with &DAP - c:\arquivos de programas\dap\dapextie.htm

IE: Download &all with DAP - c:\arquivos de programas\dap\dapextie2.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

IE: Translate this web page with Babylon

IE: Translate with Babylon

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab

DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

TCP: {F32A35DC-6CD5-4A59-93F2-1B77FF085840} = 200.149.55.142 200.165.132.154

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\dap\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\dap\dapie.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\eduard~1\dadosd~1\mozilla\firefox\profiles\yp8mhne4.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com.br

FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=59925&p=

FF - prefs.js: network.proxy.type - 2

FF - component: c:\arquivos de programas\dap\dapfirefox\components\DAPFireFox.dll

FF - plugin: c:\arquivos de programas\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\microsoft\office live\npOLW.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\arquivos de programas\webzen\webzengamestarter\NPGameWebStarter.dll

FF - plugin: c:\documents and settings\eduardo e binha\dados de aplicativos\mozilla\firefox\profiles\yp8mhne4.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll

FF - plugin: c:\documents and settings\eduardo e binha\dados de aplicativos\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\eduardo e binha\dados de aplicativos\mozilla\plugins\npgtpo3dautoplugin.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}

FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com

FF - Ext: Orkut Manager: om.brunolm@gmail.com - %profile%\extensions\om.brunolm@gmail.com

FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ff

FF - Ext: Download Accelerator Plus (DAP) extension: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - c:\arquivos de programas\dap\DAPFireFox

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\arquivos de programas\avira\antivir desktop\avgio.sys [2009-12-27 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\avira\antivir desktop\sched.exe [2009-12-27 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\arquivos de programas\avira\antivir desktop\avguard.exe [2009-12-27 267944]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2007-9-19 61960]

R2 VideoAcceleratorService;VideoAcceleratorService;c:\arquiv~1\speedb~2\videoacceleratorservice.exe -start -scm --> c:\arquiv~1\speedb~2\VideoAcceleratorService.exe -start -scm [?]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2007-9-19 17144]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [2002-6-10 31232]

S2 DXSOFTIO;DXSOFTIO; [x]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\google\update\GoogleUpdate.exe [2010-9-17 136176]

S2 MBAMDrvService;MBAMDrvService;c:\windows\system32\drivers\mbam.sys [2007-9-19 17144]

S2 MBAMService;MBAMService;c:\arquivos de programas\malwarebytes' anti-malware\mbamservice.exe [2007-9-19 110200]

S3 apf001;apf001;c:\arquivos de programas\softnyxgame\wolfteamps\apf001.sys [2010-8-12 10872]

S3 ddsxeiservice;ddsxeiservice2; [x]

S3 LLRING0;LLRING0; [x]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-1-21 19712]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2010-1-21 8320]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2010-1-21 42752]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-14 14336]

S3 npggsvc;nProtect GameGuard Service; [x]

S3 PPJoyBus;Parallel Port Joystick Bus Enumerator;c:\windows\system32\drivers\PPJoyBus.sys [2009-11-4 15936]

S3 PPortJoystick;Parallel Port Joystick Device Driver;c:\windows\system32\drivers\PPortJoy.sys [2009-11-4 31808]

S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [2010-2-8 10343168]

S3 XDva281;XDva281; [x]

S3 XDva370;XDva370; [x]

=============== File Associations ===============

regfile=regedit.exe "%1" %*

=============== Created Last 30 ================

2010-12-31 04:55:33 -------- d-----r- c:\arquivos de programas\Skype

2010-12-27 11:54:40 -------- d-----w- C:\OnGame

2010-12-25 21:54:36 -------- d-----w- c:\docume~1\eduard~1\dadosd~1\JustVoip

2010-12-25 21:22:15 -------- d-----w- c:\docume~1\eduard~1\dadosd~1\ADPHONE

2010-12-25 21:21:17 -------- d-----w- c:\docume~1\eduard~1\config~1\dadosd~1\Downloaded Installations

==================== Find3M ====================

2010-11-18 18:15:22 86016 ----a-w- c:\windows\system32\isign32.dll

2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll

2010-11-06 00:21:10 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:21:08 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:21:08 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:27:25 385024 ----a-w- c:\windows\system32\html.iec

2010-10-28 13:09:04 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:58:48 1853440 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 16:57:39,82 ===============

Attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 11/1/2007 13:48:05

System Uptime: 17/1/2011 15:45:26 (1 hours ago)

Motherboard: Semp Toshiba | | STI 910134

Processor: Processador Intel Pentium II | CPU 1 | 1796/200mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 149 GiB total, 130,772 GiB free.

D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 16/1/2011 15:06:51 - Ponto de verificação do sistema

==== Installed Programs ======================

Adobe Download Manager

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Shockwave Player 11.5

Advertising Center

Assistente de Conexão do Windows Live

Atualização de Segurança para Windows Internet Explorer 8 (KB2183461)

Atualização de Segurança para Windows Internet Explorer 8 (KB2360131)

Atualização de Segurança para Windows Internet Explorer 8 (KB2416400)

Atualização de Segurança para Windows Internet Explorer 8 (KB971961)

Atualização de Segurança para Windows Internet Explorer 8 (KB974455)

Atualização de Segurança para Windows Internet Explorer 8 (KB976325)

Atualização de Segurança para Windows Internet Explorer 8 (KB978207)

Atualização de Segurança para Windows Internet Explorer 8 (KB981332)

Atualização de Segurança para Windows Internet Explorer 8 (KB982381)

Atualização de Segurança para Windows XP (KB2419632)

Atualização para Windows Internet Explorer 8 (KB975364)

Atualização para Windows Internet Explorer 8 (KB976662)

Atualização para Windows Internet Explorer 8 (KB976749)

Atualização para Windows Internet Explorer 8 (KB980182)

Auslogics Disk Defrag

Avira AntiVir Personal - Free Antivirus

CCleaner

CloneCD

Defraggler

DolbyFiles

Download Accelerator Plus (DAP)

Express Burn

Ferramenta de Carregamento do Windows Live

Fiesta

FormatFactory 2.15

Foxit Reader

Google Chrome

Google Talk Plugin

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB954550-v5)

Java Auto Updater

Java 6 Update 20

Junk Mail filter update

LightComm Start 1.0

Malwarebytes' Anti-Malware

Messenger Plus! Live

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Office Live Add-in 1.3

Microsoft Office Professional Edição 2003

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Motorola Phone Tools

Mozilla Firefox (3.6.13)

MSVC80_x86_v2

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MV RegClean 5.9

NCH Toolbox

Nero 7 Essentials

Nero 8 Lite 8.3.6.0

Nero ControlCenter

Nero Installer

Nero StartSmart

neroxml

OGA Notifier 2.0.0048.0

Oi Velox Check Up 1.0

Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0

Pacote de Driver do Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)

Pando Media Booster

PC Connectivity Solution

Plato Media Player 1.0.2

PlayPad

PPP over Ethernet Protocol 0.98

Prism Video Converter

Realtek AC'97 Audio

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Segoe UI

SHOUTcast DNAS (remove only)

Skype™ 5.0

Soft Voice SoftRing Modem with SmartSP

SoundTap Streaming Audio Recorder

SpeedBit Video Accelerator

SpywareBlaster 4.4

Streamripper (Remove only)

System Requirements Lab

Unlocker 1.8.9

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

USB PC Camera

WebFldrs XP

Webzen Game Starter

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Media Format 11 runtime

Windows Media Player 11

WinRAR archiver

==== End Of File ===========================

Renato Utsch · Janeiro 17, 2011

Olá!

Por favor, siga as instruções abaixo:

<< 1 >>

Siga o tutorial abaixo e execute o Ad-Remover. Poste o log gerado. Utilize a opção Clean.

Tutorial do Ad-Remover

<< 2 >>

Por favor, siga o tutorial no link abaixo:

#### Como usar o ComboFix ####

Sugiro que imprima as instruções abaixo pois não poderá lê-las enquanto utiliza a ferramenta.

Siga o tutorial e execute o ComboFix.
Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.

De forma alguma saia do ComboFix usando o "X" do programa. Caso queira sair, tecle "N".

Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.

Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

MasterFuxi · Janeiro 17, 2011

Ad-Remover

======= REPORT FROM AD-REMOVER 2.0.0.2,D | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 16/01/11 at 02:00

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

website: http://www.teamxscript.org

C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 20:12:30 on 17/01/2011, Normal boot

Microsoft Windows XP Professional Service Pack 3 (X86)

eduardo e binha@EDUARDO-9481FDB ( )

============== ACTION(S) ==============

File deleted: C:\Documents and Settings\eduardo e binha\Dados de aplicativos\Mozilla\FireFox\Profiles\yp8mhne4.default\prefs.js.ask.bak

Folder deleted: C:\Documents and Settings\eduardo e binha\Dados de aplicativos\Mozilla\FireFox\Profiles\yp8mhne4.default\conduit

File deleted: C:\Documents and Settings\eduardo e binha\Dados de aplicativos\Mozilla\FireFox\Profiles\yp8mhne4.default\searchplugins\conduit.xml

Folder deleted: C:\Documents and Settings\eduardo e binha\Configurações locais\Dados de aplicativos\ConduitEngine

Folder deleted: C:\Documents and Settings\eduardo e binha\Dados de aplicativos\PriceGong

(!) -- Temporary files deleted.

Key deleted: HKLM\Software\Classes\Toolbar.CT2451340

Key deleted: HKLM\Software\Classes\Toolbar.CT2552374

Key deleted: HKLM\Software\conduitEngine

Key deleted: HKCU\Software\conduitEngine

Key deleted: HKCU\Software\PriceGong

============== ADDITIONNAL SCAN ==============

** Mozilla Firefox Version [3.6.13 (pt-BR)] **

-- C:\Documents and Settings\eduardo e binha\Dados de aplicativos\Mozilla\FireFox\Profiles\yp8mhne4.default\Prefs.js --

browser.download.dir, C:\\Documents and Settings\\eduardo e binha\\Desktop

browser.download.lastDir, C:\\Documents and Settings\\eduardo e binha\\Desktop

browser.search.defaultenginename, Search the web (Babylon)

browser.search.selectedEngine, Google

browser.startup.homepage, www.google.com.br

browser.startup.homepage_override.mstone, rv:1.9.2.13

keyword.URL, hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=59925&p=

========================================

** Internet Explorer Version [8.0.6001.18702] **

[HKCU\Software\Microsoft\Internet Explorer\Main]

AutoHide: yes

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Do404Search: 0x01000000

Enable Browser Extensions: YES

Local Page: C:\WINDOWS\system32\blank.htm

Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

Show_ToolBar: yes

Start Page: hxxp://fr.msn.com/

Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Delete_Temp_Files_On_Exit: yes

Local Page: C:\WINDOWS\system32\blank.htm

Search bar: hxxp://search.msn.com/spbasic.htm

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

Blank: res://mshtml.dll/blank.htm

========================================

C:\Arquivos de programas\Ad-Remover\Quarantine: 53 File(s)

C:\Arquivos de programas\Ad-Remover\Backup: 13 File(s)

C:\Ad-Report-CLEAN[1].txt - 17/01/2011 (1112 Byte(s))

End at: 20:13:55, 17/01/2011

============== E.O.F ==============

ComboFix

ComboFix 11-01-16.04 - eduardo e binha 17/01/2011 20:30:34.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.991.654 [GMT -2:00]

Executando de: c:\documents and settings\eduardo e binha\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-12-17 to 2011-01-17 ))))))))))))))))))))))))))))

.

2011-01-17 22:12 . 2011-01-17 22:12 -------- d-----w- c:\arquivos de programas\Ad-Remover

2010-12-31 04:55 . 2010-12-31 04:55 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype

2010-12-31 04:55 . 2010-12-31 04:55 -------- d-----r- c:\arquivos de programas\Skype

2010-12-27 11:54 . 2010-12-27 11:54 -------- d-----w- C:\OnGame

2010-12-25 21:54 . 2010-12-25 21:54 -------- d-----w- c:\documents and settings\eduardo e binha\Dados de aplicativos\JustVoip

2010-12-25 21:22 . 2010-12-25 23:02 -------- d-----w- c:\documents and settings\eduardo e binha\Dados de aplicativos\ADPHONE

2010-12-25 21:21 . 2010-12-25 21:21 -------- d-----w- c:\documents and settings\eduardo e binha\Configurações locais\Dados de aplicativos\Downloaded Installations

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-21 21:37 . 2009-12-27 09:43 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-12-09 21:31 . 2010-12-09 21:31 7318 ----a-w- C:\UsbFix_Upload_Me_EDUARDO-9481FDB.zip

2010-11-23 14:52 . 2007-09-19 14:16 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-11-18 18:15 . 2007-09-19 14:01 86016 ----a-w- c:\windows\system32\isign32.dll

2010-11-09 14:52 . 2008-04-14 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll

2010-11-06 00:21 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:21 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:21 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:27 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec

2010-11-02 15:17 . 2008-04-14 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2010-10-28 13:09 . 2008-04-14 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:58 . 2008-04-14 12:00 1853440 ----a-w- c:\windows\system32\win32k.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpeedBitVideoAccelerator"="c:\arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe" [2010-04-01 1607272]

"Pando Media Booster"="c:\arquivos de programas\Pando Networks\Media Booster\PMB.exe" [2010-01-17 2937528]

"NBCore"="c:\arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBCore.exe" [2009-09-23 1598760]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"Google Update"="c:\documents and settings\eduardo e binha\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2010-05-18 136176]

"DownloadAccelerator"="c:\arquivos de programas\DAP\DAP.EXE" [2010-11-21 2836656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTrayp"="VTtrayp.exe" [2008-05-08 180224]

"VTTimer"="VTTimer.exe" [2008-05-08 53248]

"UnlockerAssistant"="c:\arquivos de programas\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]

"tsnp325"="c:\windows\tsnp325.exe" [2007-04-21 270336]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]

"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]

"snp325"="c:\windows\vsnp325.exe" [2007-05-10 835584]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"Malwarebytes' Anti-Malware"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]

"desp2k"="c:\arquivos de programas\Oi Velox\Manager\desp2k.exe" [2006-08-03 65536]

"CloneCDTray"="c:\arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\DAP\\DAP.exe"=

"c:\\Documents and Settings\\eduardo e binha\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"57846:TCP"= 57846:TCP:Pando Media Booster

"57846:UDP"= 57846:UDP:Pando Media Booster

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [27/12/2009 07:43 135336]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19/9/2007 12:25 17144]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [10/6/2002 00:09 31232]

S2 DXSOFTIO;DXSOFTIO; [x]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [17/9/2010 14:13 136176]

S2 MBAMService;MBAMService;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe [19/9/2007 12:25 110200]

S2 VideoAcceleratorService;VideoAcceleratorService;c:\arquiv~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm --> c:\arquiv~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm [?]

S3 apf001;apf001;c:\arquivos de programas\SoftnyxGame\WolfTeamPS\apf001.sys [12/8/2010 18:03 10872]

S3 ddsxeiservice;ddsxeiservice2; [x]

S3 LLRING0;LLRING0; [x]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [21/1/2010 03:18 19712]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [21/1/2010 03:18 8320]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [21/1/2010 03:18 42752]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [14/4/2008 10:00 14336]

S3 npggsvc;nProtect GameGuard Service; [x]

S3 PPJoyBus;Parallel Port Joystick Bus Enumerator;c:\windows\system32\drivers\PPJoyBus.sys [4/11/2009 01:03 15936]

S3 PPortJoystick;Parallel Port Joystick Device Driver;c:\windows\system32\drivers\PPortJoy.sys [4/11/2009 01:03 31808]

S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [8/2/2010 02:55 10343168]

S3 XDva281;XDva281; [x]

S3 XDva370;XDva370; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

Conteúdo da pasta 'Tarefas Agendadas'

2010-02-21 c:\windows\Tasks\expressburnSevenDaysInit.job

- c:\arquivos de programas\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-02-21 07:15]

2010-07-24 c:\windows\Tasks\expressburnShakeIcon.job

- c:\arquivos de programas\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-02-21 07:15]

2011-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-09-17 16:13]

2011-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-09-17 16:13]

2011-01-17 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 17:07]

.

------- Scan Suplementar -------

.

mWindow Title =

IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm

IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Translate this web page with Babylon

IE: Translate with Babylon

TCP: {F32A35DC-6CD5-4A59-93F2-1B77FF085840} = 200.149.55.142 200.165.132.154

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll

FF - ProfilePath - c:\documents and settings\eduardo e binha\Dados de aplicativos\Mozilla\Firefox\Profiles\yp8mhne4.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com.br

FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=59925&p=

FF - prefs.js: network.proxy.type - 2

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}

FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com

FF - Ext: Orkut Manager: om.brunolm@gmail.com - %profile%\extensions\om.brunolm@gmail.com

FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Download Accelerator Plus (DAP) extension: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - c:\arquivos de programas\DAP\DAPFireFox

.

- - - - ORFÃOS REMOVIDOS - - - -

WebBrowser-{EBFCD017-BCAD-42C3-9ED5-89DBDFC59171} - (no file)

WebBrowser-{B27200AD-1137-430C-BBAF-593DEFB7373B} - (no file)

WebBrowser-{12FC3D37-2A42-4FE3-8489-81296878CBA5} - (no file)

MSConfigStartUp-erth - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-01-17 20:34

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{190c6340-eb93-455e-96cb-c05979170011}]

@Denied: (Full) (Everyone)

"Model"=dword:0000004f

"Therad"=dword:00000001

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2391a9e3-5960-4733-9657-c3faad319bbf}]

@Denied: (Full) (Everyone)

"Model"=dword:0000002d

"Therad"=dword:0000001e

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,ab,9e,50,1b,eb,77,d1,ab,5d,8b,ff,a9,dd,3c,42,cb,83,e0,8b,c5,07,bb,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):cf,02,42,84,a8,5e,ba,4d,89,6c,14,1e,b9,07,bc,58,8a,76,8b,14,77,

25,44,89,d6,07,e6,06,16,df,cd,52,79,86,48,42,e5,93,e1,fe,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2011-01-17 20:37:06

ComboFix-quarantined-files.txt 2011-01-17 22:36

Pré-execução: 20 pasta(s) 140.350.615.552 bytes disponíveis

Pós execução: 21 pasta(s) 140.341.202.944 bytes disponíveis

- - End Of File - - 6E608DE0DDBB4C9E66F7ED123DFA4E2F

Renato Utsch · Janeiro 18, 2011

Olá!

Por favor, siga as instruções abaixo:

<< 1 >>

Faça o download do SafeBootKeyRepair e salve no seu desktop.

Feche todos os programas abertos.
Execute a ferramenta.
Seja paciente, pode demorar.
Poste o conteúdo do arquivo C:\SafeBoot_Repair.txt
Agora entre em Modo Seguro.

<< 2 >>

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

Delete o Combofix.exe do seu desktop e baixe uma nova versão AQUI, salvando no seu Desktop.

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Code":

Driver::
DXSOFTIO
ddsxeiservice2
LLRING0
npggsvc
XDva281
XDva370

DDS::
TB: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {EBFCD017-BCAD-42C3-9ED5-89DBDFC59171} - No File
TB: {B27200AD-1137-430C-BBAF-593DEFB7373B} - No File
TB: {12FC3D37-2A42-4FE3-8489-81296878CBA5} - No File

Salve este arquivo como: CFScript.txt
Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe.
Se solicitado, pressione Enter para iniciar o processo de remoção.
Não use o mouse nem o teclado quando o ComboFix estiver rodando.
Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

Abraços :D

MasterFuxi · Janeiro 18, 2011

SafeBootKeyRepair

Reg export of SafeBoot key after repair:

========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]

"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PEVSystemStart]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\procexp90.Sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]

@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PEVSystemStart]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\procexp90.Sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]

@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]

@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

@="Human Interface Devices"

========================

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\PEVSystemStart

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\procexp90.Sys

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\Wdf01000.sys

ComboFix

ComboFix 11-01-17.04 - eduardo e binha 18/01/2011 10:32:40.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.991.557 [GMT -2:00]

Executando de: c:\documents and settings\eduardo e binha\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\eduardo e binha\Desktop\CFScript.txt

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\midas.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_LLRING0

-------\Legacy_XDVA281

-------\Legacy_XDVA370

-------\Service_DXSOFTIO

-------\Service_LLRING0

-------\Service_npggsvc

-------\Service_XDva281

-------\Service_XDva370

(((((((((((((((( Arquivos/Ficheiros criados de 2010-12-18 to 2011-01-18 ))))))))))))))))))))))))))))

.

2011-01-18 12:17 . 2011-01-18 12:17 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2011-01-17 22:12 . 2011-01-17 22:12 -------- d-----w- c:\arquivos de programas\Ad-Remover

2010-12-31 04:55 . 2010-12-31 04:55 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype

2010-12-31 04:55 . 2010-12-31 04:55 -------- d-----r- c:\arquivos de programas\Skype

2010-12-27 11:54 . 2010-12-27 11:54 -------- d-----w- C:\OnGame

2010-12-25 21:54 . 2010-12-25 21:54 -------- d-----w- c:\documents and settings\eduardo e binha\Dados de aplicativos\JustVoip

2010-12-25 21:22 . 2010-12-25 23:02 -------- d-----w- c:\documents and settings\eduardo e binha\Dados de aplicativos\ADPHONE

2010-12-25 21:21 . 2010-12-25 21:21 -------- d-----w- c:\documents and settings\eduardo e binha\Configurações locais\Dados de aplicativos\Downloaded Installations

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-21 21:37 . 2009-12-27 09:43 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-12-09 21:31 . 2010-12-09 21:31 7318 ----a-w- C:\UsbFix_Upload_Me_EDUARDO-9481FDB.zip

2010-11-23 14:52 . 2007-09-19 14:16 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-11-18 18:15 . 2007-09-19 14:01 86016 ----a-w- c:\windows\system32\isign32.dll

2010-11-12 20:53 . 2010-06-22 12:33 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-12 18:34 . 2009-12-14 23:10 73728 ----a-w- c:\windows\system32\javacpl.cpl