Ajuda - Pesquisa - Usuários - Calendário
Versão Completa Controlador de volume do windows para de funcionar

Fórum Linha Defensiva > Remoção de Malware > Casos Resolvidos
ronniecarol
15/07/2010, 10:12 PM
Por favor me ajudem !!! o volume do meu pc some do nada , a barra de volume do windows não abre mais ... só volta a fuincionar depois de reiniciar o pc novamente e mesmo assim depois de certo tempo desaparece de novo , não consigo abrir mais nenhum arquivo de audio e video pois aparece uma mensagem dizendo que não existe dispositivos de mixer ativos , não é a primeira vez que acontece isso comigo , sempro que acontece formato o pc , mas depois de alguns dias volta de novo !!! Meu HD é particionado acho que deve ser algum virus instalado na outra partiçao . por favor peço encarecidamente que me ajudem !!!!

____________________________________________________________________


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:08:04, on 15/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe
C:\Arquivos de programas\AVG\AVG9\avgrsx.exe
C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\ARQUIV~1\AVG\AVG9\avgtray.exe
C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\NetWorx\networx.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\AVG\AVG9\avgnsx.exe
C:\Arquivos de programas\AVG\AVG9\avgemc.exe
C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Ronnie e Carol\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &NetWorx Desk Band - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\ARQUIV~1\NetWorx\deskband.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GEST] m‘|Pë
O4 - HKLM\..\Run: [StartCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NetWorx] "C:\Arquivos de programas\NetWorx\networx.exe" /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DivXUpdate] "C:\Arquivos de programas\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Arquivos de programas\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Arquivos de programas\Stardock\Fences\FencesMenu.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 10247 bytes
JoseMelo
16/07/2010, 05:42 PM
Seja bem-vindo(a) à Linha Defensiva

Meu nome é José Humberto e "nickname" JoseMelo

Para que possamos ter sucesso ao final dos procedimentos, sugiro que siga estritamente o que lhe for proposto e não use qualquer ferramenta ou programa, que não seja os aqui recomendados;
Não desinstale nenhuma ferramenta que esteja sendo usada, até a finalização dos procedimentos;
Caso tenha um tópico em andamento em outro fórum, recomendo que o abandone para que os procedimentos não sejam conflitantes;
Se preferir receber por e-mail um aviso toda vez que houver resposta no seu tópico, clique em
Imagem postada pelo usuário
no alto da página e em Assinar este tópico.
Se tiver mais de um programa, com proteção residente instalado (antivírus, antispyware, firewall), mantenha somente um para evitar conflitos e lentidão ao sistema.

- Faça o download do Malwarebytes Anti-Malware
http://www.malwarebytes.org/mbam-download.php
  • Desative o antivírus;
  • Faça a instalação dando um duplo clique em "mbam-setup.exe";
  • Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir;
  • Marque "Verificação Completa" e depois clique em Verificar;
  • Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;
  • Se algo for detectado, veja se tudo está marcado e clique em "Remover";
  • O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;
  • Copie e cole o conteúdo desse log na sua próxima resposta.
- Gere novo log do HijackThis e cole na sua resposta.
ronniecarol
16/07/2010, 08:11 PM

me desculpa , mas eu não consegui desativar o avg , apenas desativei o spybot e o avast , aparentemente não causou nenhum problema na verificaçao do Malwarebytes , mas se você quiser eu posso desinstalar o avg !!??

_________________________________________________________




Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versão da Base de Dados: 4320

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

16/7/2010 19:56:23
mbam-log-2010-07-16 (19-56-23).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|)
Objetos escaneados: 321077
Tempo decorrido: 2 hora(s), 25 minuto(s), 25 segundo(s)

Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 0
Valores de Registro Infectados: 0
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 0
Arquivos Infectados: 1

Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:
(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:
(Não foram detectados ítens maliciosos)

Pastas Infectadas:
(Não foram detectados ítens maliciosos)

Arquivos Infectados:
D:\Programas\Programas Fev 2010\VSO Convert X to DVD 4.0.3.313 Final\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

____________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:10:30, on 16/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe
C:\Arquivos de programas\AVG\AVG9\avgrsx.exe
C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\ARQUIV~1\AVG\AVG9\avgtray.exe
C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Arquivos de programas\NetWorx\networx.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe
C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\AVG\AVG9\avgemc.exe
C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\Ronnie e Carol\Desktop\Hijackthis\HiJackThis.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &NetWorx Desk Band - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\ARQUIV~1\NetWorx\deskband.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GEST] m‘|Pë
O4 - HKLM\..\Run: [StartCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NetWorx] "C:\Arquivos de programas\NetWorx\networx.exe" /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DivXUpdate] "C:\Arquivos de programas\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Arquivos de programas\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Arquivos de programas\Stardock\Fences\FencesMenu.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 10024 bytes
JoseMelo
17/07/2010, 08:06 AM
- Faça o download do ComboFix de sUBs e salve-o no desktop;
OBS: Para que a ferramenta seja executada é necessário que esteja no desktop (área de trabalho)
  • Desative, temporariamente, o antivírus;
  • Feche todas as janelas abertas;
  • Dê um duplo clique no ComboFix;
  • Na próxima janela clique em Executar, aceite o contrato e aguarde até que o relatório seja gerado;
    OBS: Caso não queira que seja instalado o console de recuperação do Windows, clique em "Não" e depois concorde que a verificação prossiga.
    Ao ser instalado o console, na inicialização do sistema será apresentada a tela para seleção dos sistemas operacionais.
    Mais informações sobre o Console: http://support.microsoft.com/kb/307654/pt-br
  • Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento;
  • O ComboFix "poderá" reiniciar o PC automaticamente para completar o processo de remoção.
  • Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Se perder a conexão com a internet, reinicie o computador. Caso o problema persista, abra Conexões de Rede no Painel de Controle, clique com o botão direito do mouse sobre a sua conexão com a internet e em "Reparar";
  • Anexe o ComboFix.txt à sua resposta conforme as instruções abaixo
    http://www.linhadefensiva.org/forum/index.php?showtopic=595
ronniecarol
17/07/2010, 03:03 PM
log combofix !!
JoseMelo
17/07/2010, 07:15 PM
- Selecione o texto abaixo e copie para o bloco de notas. Salve-o como CFScript.txt;

CODE
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"=-

- Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

Imagem postada pelo usuário


Se solicitado pressione "Enter" para iniciar o processo de remoção;

Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.

Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.
ronniecarol
17/07/2010, 08:55 PM
ComboFix 10-07-16.01 - Ronnie e Carol 17/07/2010 20:35:58.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3327.2891 [GMT -3:00]
Executando de: c:\documents and settings\Ronnie e Carol\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Ronnie e Carol\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATENÇAO - ESTA MAQUINA não TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-06-17 to 2010-07-17 ))))))))))))))))))))))))))))
.

2010-07-17 23:17 . 2010-07-17 23:17 -------- d-----w- c:\documents and settings\Ronnie e Carol\Dados de aplicativos\GRETECH
2010-07-17 23:16 . 2010-07-17 23:16 -------- d-----w- c:\arquivos de programas\GRETECH
2010-07-17 22:31 . 2010-07-17 22:31 -------- d--h--w- c:\windows\PIF
2010-07-17 21:59 . 2010-07-17 21:59 -------- d-----w- c:\arquivos de programas\Bohemia Interactive
2010-07-17 21:41 . 2010-07-17 21:43 -------- d-----w- c:\arquivos de programas\DAEMON Tools Lite
2010-07-17 00:38 . 2010-07-17 00:38 -------- d-----w- c:\documents and settings\Ronnie e Carol\Dados de aplicativos\CyberLink
2010-07-16 21:25 . 2010-07-16 21:25 -------- d-----w- c:\arquivos de programas\CCleaner
2010-07-16 20:28 . 2010-07-16 20:28 -------- d-----w- c:\documents and settings\Ronnie e Carol\Dados de aplicativos\Malwarebytes
2010-07-16 20:28 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-16 20:28 . 2010-07-16 20:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2010-07-16 20:28 . 2010-07-16 20:28 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2010-07-16 20:28 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-16 19:50 . 2010-07-16 19:50 -------- d-----w- c:\arquivos de programas\Sierra Entertainment
2010-07-16 03:38 . 2010-07-16 03:39 -------- d-----w- c:\arquivos de programas\Stella
2010-07-16 03:02 . 2010-07-16 03:03 -------- d-----w- c:\documents and settings\Ronnie e Carol\Dados de aplicativos\Bioshock2
2010-07-16 03:00 . 2010-07-16 03:00 -------- d-sh--w- c:\documents and settings\All Users\Dados de aplicativos\SecuROM
2010-07-16 01:30 . 2010-07-16 01:31 -------- d-----w- C:\LinhaDefensiva
2010-07-15 03:05 . 2010-07-15 03:05 -------- d-----w- c:\windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP
2010-07-14 15:50 . 2010-07-14 15:50 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-14 15:09 . 2010-07-14 15:19 -------- d-----w- c:\documents and settings\Ronnie e Carol\Dados de aplicativos\My Battle for Middle-earth™ II Files
2010-07-14 02:04 . 2010-07-17 21:44 -------- d-----w- c:\documents and settings\Ronnie e Carol\Tracing
2010-07-14 02:01 . 2010-07-14 02:01 -------- d-----w- c:\arquivos de programas\Microsoft
2010-07-14 02:01 . 2010-07-14 02:01 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive
2010-07-14 02:00 . 2010-07-14 02:01 -------- d-----w- c:\arquivos de programas\Windows Live
2010-07-14 01:52 . 2010-07-14 01:52 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live
2010-07-13 08:59 . 2010-07-13 09:39 -------- d-----w- c:\documents and settings\Ronnie e Carol\[www.theevolution.org]Resident.Evil.A.Extincao.2007.DVDRip.byizumita.part1
2010-07-12 22:32 . 2010-07-12 22:32 -------- d-----w- c:\documents and settings\Ronnie e Carol\Dados de aplicativos\WB Games
2010-07-12 20:29 . 2010-07-12 20:29 -------- d-----w- c:\documents and settings\Ronnie e Carol\Dados de aplicativos\Codemasters
2010-07-12 20:25 . 2010-07-12 20:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\InstallShield
2010-07-12 20:25 . 2010-07-12 20:25 -------- d-----w- c:\windows\85EBB28365AF4C539EBE7C0A232762F7.TMP
2010-07-12 20:25 . 2010-07-12 20:25 -------- d-----w- C:\ProgramData
2010-07-12 20:03 . 2006-04-29 17:25 40960 ----a-w- c:\windows\system32\psfind.dll
2010-07-12 19:59 . 2010-07-12 19:59 -------- d-----w- c:\arquivos de programas\THQ
2010-07-12 19:52 . 2010-06-02 07:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-07-12 19:52 . 2010-06-02 07:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-07-12 19:52 . 2010-06-02 07:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-07-12 19:52 . 2010-05-26 14:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-07-12 19:52 . 2010-05-26 14:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-07-12 19:52 . 2010-05-26 14:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-07-12 19:52 . 2010-05-26 14:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-07-12 19:52 . 2010-05-26 14:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-07-12 19:18 . 2010-07-12 19:54 -------- d-----w- c:\arquivos de programas\Left 4 Dead 2
2010-07-12 18:39 . 2010-07-12 18:39 -------- d-----w- c:\arquivos de programas\WB Games
2010-07-12 17:33 . 2010-07-12 17:35 10274313 ----a-w- c:\documents and settings\Ronnie e Carol\Dados de aplicativos\bizarre creations\blur\BizUpdaterPack.exe
2010-07-12 17:33 . 2010-07-12 17:33 -------- d-----w- c:\documents and settings\Ronnie e Carol\Dados de aplicativos\bizarre creations
2010-07-12 17:30 . 2010-02-04 13:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-07-12 17:30 . 2010-02-04 13:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-07-12 17:30 . 2010-02-04 13:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-07-12 17:30 . 2010-02-04 13:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-07-12 17:11 . 2010-07-15 02:46 -------- d-----w- c:\arquivos de programas\Activision
2010-07-12 02:24 . 2010-07-14 14:48 -------- d-----w- c:\arquivos de programas\Electronic Arts
2010-07-12 01:47 . 2010-07-12 01:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Codemasters
2010-07-12 01:39 . 2009-07-13 22:04 839680 ----a-w- c:\windows\system32\mkl_vml_p4.dll
2010-07-12 01:39 . 2009-07-13 22:04 532480 ----a-w- c:\windows\system32\mkl_vml_p3.dll
2010-07-12 01:39 . 2009-07-13 22:04 512000 ----a-w- c:\windows\system32\mkl_vml_def.dll
2010-07-12 01:39 . 2009-07-13 22:04 3485696 ----a-w- c:\windows\system32\mkl_p4.dll
2010-07-12 01:39 . 2009-10-16 14:19 872448 ----a-w- c:\windows\system32\rapture3d_oal.dll
2010-07-12 01:39 . 2009-07-13 22:04 2793472 ----a-w- c:\windows\system32\mkl_p3.dll
2010-07-12 01:39 . 2009-07-13 22:04 2441216 ----a-w- c:\windows\system32\mkl_def.dll
2010-07-12 01:39 . 2009-07-13 22:04 2174976 ----a-w- c:\windows\system32\mkl_lapack32.dll
2010-07-12 01:39 . 2009-07-13 22:04 2125824 ----a-w- c:\windows\system32\mkl_lapack64.dll
2010-07-12 01:39 . 2009-07-13 22:04 184320 ----a-w- c:\windows\system32\libguide40.dll
2010-07-12 01:39 . 2010-07-12 01:39 -------- d-----w- c:\arquivos de programas\BRS
2010-07-12 01:32 . 2010-07-12 01:32 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-07-12 01:32 . 2010-07-12 01:32 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-07-12 01:32 . 2010-07-12 01:32 -------- d-----w- c:\arquivos de programas\OpenAL
2010-07-12 01:32 . 2009-09-04 20:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-07-12 01:32 . 2009-09-04 20:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-07-12 01:32 . 2009-09-04 20:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-07-12 01:32 . 2009-09-04 20:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-07-12 01:32 . 2009-09-04 20:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-07-12 01:32 . 2009-09-04 20:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-07-12 01:32 . 2009-09-04 20:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-07-12 01:18 . 2010-07-12 20:19 -------- d-----w- c:\arquivos de programas\Codemasters
2010-07-11 04:42 . 2010-07-17 21:43 -------- d-----w- c:\arquivos de programas\Steam
2010-07-11 04:37 . 2010-07-11 04:37 -------- d-----w- c:\arquivos de programas\NVIDIA Corporation
2010-07-11 04:28 . 2010-07-11 04:28 -------- d-----w- c:\documents and settings\Ronnie e Carol\appW72010_By_.Neon._www.warezone.biz.iso
2010-07-11 04:18 . 2010-07-17 22:29 -------- d-----w- c:\documents and settings\Ronnie e Carol\Windows_7_Ultimate_BR_Final-www.facildebaixar.org.iso
2010-07-11 04:09 . 2010-07-16 02:45 -------- d-----w- c:\arquivos de programas\2K Games
2010-07-11 04:07 . 2010-07-15 03:04 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard
2010-07-11 00:25 . 2010-07-17 23:32 -------- d-----w- c:\documents and settings\Ronnie e Carol\Dados de aplicativos\BitTorrent
2010-07-11 00:25 . 2010-07-11 00:25 -------- d-----w- c:\arquivos de programas\BitTorrent
2010-07-11 00:10 . 2010-07-11 00:10 -------- d-----w- c:\arquivos de programas\City Interactive
2010-07-10 20:11 . 2010-07-10 20:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\vsosdk
2010-07-10 19:45 . 2010-07-10 19:45 -------- d-----w- C:\$AVG
2010-07-10 19:18 . 2010-07-13 23:05 -------- d-----w- c:\documents and settings\Ronnie e Carol\Dados de aplicativos\Vso
2010-07-10 19:18 . 2010-07-10 19:18 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-07-10 19:18 . 2010-07-10 19:18 47360 ----a-w- c:\documents and settings\Ronnie e Carol\Dados de aplicativos\pcouffin.sys
2010-07-10 19:18 . 2009-09-02 19:41 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-07-10 19:18 . 2009-09-02 19:41 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-07-10 19:18 . 2009-09-02 19:41 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-07-10 19:18 . 2009-09-02 19:41 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-07-10 19:18 . 2009-09-02 19:41 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-07-10 19:18 . 2009-09-02 19:41 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-07-10 19:18 . 2009-09-02 19:41 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-07-10 19:18 . 2010-07-10 19:18 -------- d-----w- c:\arquivos de programas\VSO
2010-07-10 19:12 . 2010-07-10 19:12 -------- d-----w- c:\documents and settings\Ronnie e Carol\Dados de aplicativos\Stardock
2010-07-10 19:12 . 2010-07-10 19:12 -------- dc-h--w- c:\documents and settings\All Users\Dados de aplicativos\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
2010-07-10 19:12 . 2010-06-22 19:49 3349784 -c--a-w- c:\documents and settings\All Users\Dados de aplicativos\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}\Fences.exe
2010-07-10 19:12 . 2010-07-10 19:12 -------- d-----w- c:\arquivos de programas\Stardock
2010-07-10 19:07 . 2010-07-10 19:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Ubisoft
2010-07-10 19:06 . 2010-07-14 15:45 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-10 19:06 . 2010-07-14 15:45 22328 ----a-w- c:\documents and settings\Ronnie e Carol\Dados de aplicativos\PnkBstrK.sys
2010-07-10 19:06 . 2010-07-14 15:45 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-10 19:06 . 2010-07-14 15:44 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-07-10 19:06 . 2010-07-14 15:44 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2010-07-10 19:06 . 2010-07-10 19:06 -------- d-----w- c:\windows\system32\LogFiles
2010-07-10 18:56 . 2010-07-14 16:24 -------- d-----w- c:\arquivos de programas\Ubisoft
2010-07-10 18:54 . 2010-07-16 18:03 -------- d-----w- c:\arquivos de programas\GameVicio
2010-07-10 18:33 . 2009-03-09 18:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2010-07-10 18:33 . 2009-03-09 18:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2010-07-10 18:33 . 2009-03-09 18:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2010-07-10 18:33 . 2009-09-04 20:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-07-10 18:33 . 2009-03-16 17:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2010-07-10 18:33 . 2009-03-16 17:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2010-07-10 18:33 . 2009-03-16 17:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2010-07-10 18:31 . 2010-07-12 23:08 -------- d-----w- c:\arquivos de programas\CAPCOM
2010-07-10 18:28 . 2010-07-12 01:38 -------- d-----w- c:\windows\system32\XPSViewer
2010-07-10 18:28 . 2010-07-10 18:28 -------- d-----w- c:\arquivos de programas\Reference Assemblies
2010-07-10 18:28 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-07-10 18:28 . 2006-06-29 16:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-07-10 18:27 . 2008-03-05 18:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2010-07-10 18:27 . 2008-02-06 02:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2010-07-10 18:27 . 2008-03-05 18:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2010-07-10 18:27 . 2007-04-04 21:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-16 19:50 . 2010-07-08 18:57 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2010-07-12 20:25 . 2010-07-08 18:55 -------- d-----w- c:\documents and settings\Ronnie e Carol\Dados de aplicativos\InstallShield
2010-07-12 20:19 . 2010-07-08 18:57 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield
2010-07-12 01:36 . 2001-10-28 18:07 80184 ----a-w- c:\windows\system32\perfc016.dat
2010-07-12 01:36 . 2001-10-28 18:07 471352 ----a-w- c:\windows\system32\perfh016.dat
2010-07-10 12:44 . 2010-07-10 12:17 -------- d-----w- c:\documents and settings\Ronnie e Carol\Dados de aplicativos\DivX
2010-07-08 23:55 . 2010-07-08 18:49 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-08 23:05 . 2010-07-08 22:37 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-07-08 23:05 . 2010-07-08 22:37 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-07-08 22:38 . 2010-07-08 22:38 45056 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-07-08 22:38 . 2010-07-08 22:38 308808 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-07-08 22:38 . 2010-07-08 22:38 40960 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-07-08 22:38 . 2010-07-08 22:38 341600 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-07-08 22:38 . 2010-07-08 22:38 14848 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-07-08 22:38 . 2010-07-08 22:37 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Real
2010-07-08 22:38 . 2010-07-08 22:37 -------- d-----w- c:\arquivos de programas\Real
2010-07-08 22:37 . 2010-07-08 22:37 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared
2010-07-08 18:58 . 2010-07-08 18:54 16608 ----a-w- c:\windows\gdrv.sys
2010-07-08 18:57 . 2010-07-08 18:57 -------- d-----w- c:\arquivos de programas\Realtek
2010-07-08 18:57 . 2010-07-08 18:57 -------- d-----w- c:\arquivos de programas\AMD
2010-07-08 18:50 . 2010-07-08 18:50 -------- d-----w- c:\arquivos de programas\microsoft frontpage
2010-07-08 18:48 . 2010-07-08 18:48 -------- d-----w- c:\arquivos de programas\Serviços on-line
2010-07-08 18:48 . 2010-07-08 18:48 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços
2010-07-08 18:47 . 2010-07-08 18:47 21844 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-09 23:01 . 2010-07-10 12:17 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-06-09 23:01 . 2010-07-10 12:17 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-06-09 23:01 . 2010-07-10 12:17 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-06-09 23:01 . 2010-07-10 12:17 133616 ------w- c:\windows\system32\pxafs.dll
2010-06-09 23:01 . 2010-07-10 12:17 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-06-09 23:01 . 2010-07-10 12:17 123888 ------w- c:\windows\system32\pxcpyi64.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-07-17_17.56.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-17 23:34 . 2010-07-17 23:34 16384 c:\windows\Temp\Perflib_Perfdata_41c.dat
- 2010-07-16 02:56 . 2010-07-16 02:56 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2010-07-17 22:08 . 2010-07-17 22:08 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2010-07-16 02:56 . 2010-07-16 02:56 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2010-07-17 22:08 . 2010-07-17 22:08 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2010-07-10 18:16 . 2010-07-17 21:41 691696 c:\windows\system32\drivers\sptd.sys
- 2010-07-10 18:16 . 2010-07-10 18:16 691696 c:\windows\system32\drivers\sptd.sys
- 2010-07-16 02:56 . 2010-07-16 02:56 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2010-07-17 22:08 . 2010-07-17 22:08 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2010-07-17 22:08 . 2010-07-17 22:08 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2010-07-16 02:56 . 2010-07-16 02:56 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2010-07-17 22:08 . 2010-07-17 22:08 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2010-07-16 02:56 . 2010-07-16 02:56 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2010-07-17 22:08 . 2010-07-17 22:08 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2010-07-16 02:56 . 2010-07-16 02:56 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2010-07-16 02:56 . 2010-07-16 02:56 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2010-07-17 22:08 . 2010-07-17 22:08 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2010-07-16 02:56 . 2010-07-16 02:56 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-07-17 22:08 . 2010-07-17 22:08 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-07-17 22:08 . 2010-07-17 22:08 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-07-16 02:56 . 2010-07-16 02:56 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-07-17 22:08 . 2010-07-17 22:08 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-07-16 02:56 . 2010-07-16 02:56 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-07-16 02:56 . 2010-07-16 02:56 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-07-17 22:08 . 2010-07-17 22:08 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-07-17 22:08 . 2010-07-17 22:08 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-07-16 02:56 . 2010-07-16 02:56 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-07-16 02:56 . 2010-07-16 02:56 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-07-17 22:08 . 2010-07-17 22:08 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-07-16 02:56 . 2010-07-16 02:56 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-07-17 22:08 . 2010-07-17 22:08 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-07-16 02:56 . 2010-07-16 02:56 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-07-17 22:08 . 2010-07-17 22:08 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-07-16 02:56 . 2010-07-16 02:56 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2010-07-17 22:08 . 2010-07-17 22:08 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2010-07-16 02:56 . 2010-07-16 02:56 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-07-17 22:08 . 2010-07-17 22:08 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-07-17 22:08 . 2010-07-17 22:08 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-07-16 02:56 . 2010-07-16 02:56 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Steam"="c:\arquivos de programas\Steam\Steam.exe" [2010-07-11 1238352]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-09 18063872]
"StartCCC"="c:\arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"avast5"="c:\arquiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NetWorx"="c:\arquivos de programas\NetWorx\networx.exe" [2010-05-19 2929152]
"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-07-08 202256]
"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]
"DivXUpdate"="c:\arquivos de programas\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

c:\documents and settings\Ronnie e Carol\Menu Iniciar\Programas\Inicializar\
Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\arquivos de programas\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
[BU]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Arquivos de programas\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\CAPCOM\\RESIDENT EVIL 5\\RE5DX9.EXE"=
"c:\\Arquivos de programas\\CAPCOM\\RESIDENT EVIL 5\\RE5DX10.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Arquivos de programas\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"c:\\Arquivos de programas\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=
"c:\\Arquivos de programas\\2K Games\\Gearbox Software\\Borderlands\\Binaries\\Borderlands.exe"=
"c:\\Arquivos de programas\\Steam\\Steam.exe"=
"c:\\Arquivos de programas\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Arquivos de programas\\Codemasters\\DiRT2\\dirt2_game.exe"=
"c:\\Arquivos de programas\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\Arquivos de programas\\Activision\\Blur™\\Blur.exe"=
"c:\\Arquivos de programas\\Left 4 Dead 2\\left4dead2.exe"=
"c:\\Arquivos de programas\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Electronic Arts\\The Battle for Middle-earth ™ II\\game.dat"=
"c:\\Arquivos de programas\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Arquivos de programas\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Arquivos de programas\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Arquivos de programas\\Activision\\Singularity™\\Binaries\\Singularity.exe"=
"d:\\Jogos\\Legendary.Multi5.Full-Rip.Skullptura\\Legendary\\Binaries\\Legendary.exe"=
"c:\\Arquivos de programas\\Sierra Entertainment\\FEAR Perseus Mandate\\FEARXP2.exe"=
"c:\\Arquivos de programas\\Bohemia Interactive\\ArmA 2 Operation Arrowhead\\arma2OA.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/7/2010 22:30 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/7/2010 16:34 165456]
R1 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [8/7/2010 19:29 38976]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\arquivos de programas\CyberLink\PowerDVD8\000.fcl [27/6/2008 16:50 61424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/7/2010 16:34 17744]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [11/7/2010 01:44 136176]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/7/2010 15:16 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Conteúdo da pasta 'Tarefas Agendadas'

2010-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-07-11 04:44]

2010-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-07-11 04:44]

2010-07-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-839522115-287218729-2147074499-1003.job
- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 06:02]

2010-07-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-287218729-2147074499-1003.job
- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 06:02]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORFÃOS REMOVIDOS - - - -

AddRemove-BattlEye - c:\arquivos de programas\Bohemia Interactive\ArmA 2 Operation ArrowheadExpansion\BattlEye\UnInstallBE.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-17 20:42
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\arquivos de programas\CyberLink\PowerDVD8\000.fcl"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
.
Tempo para conclusão: 2010-07-17 20:43:07
ComboFix-quarantined-files.txt 2010-07-17 23:43
ComboFix2.txt 2010-07-17 17:57

Pré-execução: 11 pasta(s) 256.465.457.152 bytes disponíveis
Pós execução: 12 pasta(s) 257.769.492.480 bytes disponíveis

- - End Of File - - F9C9DEACBEB8F3A5543BE7F676F69694



_____________________________________________________________-_________________




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:52:35, on 17/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\NetWorx\networx.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\DivX\DivX Update\DivXUpdate.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\Ronnie e Carol\Desktop\Hijackthis\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &NetWorx Desk Band - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\ARQUIV~1\NetWorx\deskband.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NetWorx] "C:\Arquivos de programas\NetWorx\networx.exe" /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Arquivos de programas\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "C:\Arquivos de programas\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: avgrsstarter - Invalid registry found
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Arquivos de programas\Stardock\Fences\FencesMenu.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 8909 bytes
JoseMelo
18/07/2010, 07:35 AM
- Ok, o log está limpo smile.gif

- Renomeie o ComboFix para Uninstall, execute-o e aguarde a remoção da ferramenta;

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:
  • Clique em Salvar e quando terminado o download, faça a instalação;
  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados
- Desative e ative novamente a Restauração do Sistema

- Leitura recomendada:
http://www.linhadefensiva.org/forum/index....showtopic=75646

- Leia o artigo Proteja seu PC para maiores informações sobre como evitar infecções;

- Se não tiver mais problema, clique no botão
Imagem postada pelo usuário
e diga que o seu caso foi resolvido.
ronniecarol
19/07/2010, 08:30 PM
Já fiz tudo o que você mandou mas acho que o virus não saiu !!! o som ainda continua desaparecendo , só volta a funcionar depois que eu reinicio o pc ..... por favor me ajuda .....
JoseMelo
20/07/2010, 04:36 PM
Esse problema não está relacionado com malware. Faça a reinstalação do driver de som.
ronniecarol
21/07/2010, 12:23 AM
já reinstalei , mas alem do pc ficar sem som , a cor da barra de tarefas muda sozinha de azul para bege e a internet passou a cair e só volta depois que reinicio o pc , não creio que seja apenas problema de drivers !!
JoseMelo
21/07/2010, 04:34 PM
QUOTE
não creio que seja apenas problema de drivers

Malware também não é, então resta o próprio sistema ou falha de hardware que pode causar erros no sistema.
LUA
17/08/2010, 05:01 PM
Problema Resolvido!

Caso o autor necessite que o tópico seja reaberto, entre em contato com um dos membros da equipe de moderação.
Esta é uma versão "lo-fi" do conteúdo. Para acessar a versão completa com mais informações, formatação e imagens, por favor clique aqui .
©2005-2008 Linha Defensiva. Todos os Direitos Reservados.
Invision Power Board © 2001-2010 Invision Power Services, Inc.
Adaptado por Shaun Harrison
Traduzido e modificado por Fantome e David, Lafter