Dark Logan

Peguei um vírus de e-mailque manda para todos um email contendo um vírus...
como faço para eliminalo?

Segue um log do Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:53:06, on 20/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\PowerISO\PWRISOVM.EXE
C:\Arquivos de programas\PowerISO\PWRISOVM.EXE
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp325.exe
C:\WINDOWS\vsnp325.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.d ll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [AdobeUpdater6] "C:\Arquivos de programas\Arquivos comuns\Adobe\Updater6\Adobe_Updater.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Download all by RedTube Grabber - C:\Arquivos de programas\RedTubeGrabber\downall.htm
O8 - Extra context menu item: Download by YouTube Robot - C:\Arquivos de programas\RedTubeGrabber\downlink.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01...s/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{91222ED5-03E2-40D4-9538-D5578AA47DAD}: NameServer = 200.204.0.10 200.204.0.138
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Kerberos Key Distribution Centers (kkdc) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Arquivos de programas\WinPcap\rpcapd.exe (file missing)

--
End of file - 8076 bytes

__________________

Felipe_88

Olá, Dark Logan!,

Abra novamente o hijackthis clique em » Do a system scam only marque a(s) seguinte(s) linha(s) abaixo, clique em Fix checked:
- Faça o download do ComboFix e salve-o na área de trabalho;

- Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
- Duplo clique no ícone combofix.exe para iniciar o scan;
- Leia o contrato que aparecerá e clique em Sim para continuar;
- Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;
- Aguarde enquanto o ComboFix faz o scan;
- Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
- Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
- Se quiser sair ou parar o ComboFix, tecle N;
- Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
- Será gerado um log em C:\ComboFix.txt.

Cole este log em sua próxima resposta, juntamente com um novo Log do Hijackthis.

Ficamos no agaurdo!

Dark Logan

log do combofix:
ComboFix 09-10-19.04 - Marcus 20/10/2009 21:03.4.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1551 [GMT -2:00]
Executando de: c:\documents and settings\Marcus\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091020-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))) )
.

c:\documents and settings\All Users\Menu Iniciar\Programas\ USB Web Camera
c:\documents and settings\All Users\Menu Iniciar\Programas\ USB Web Camera \AMCap.lnk
c:\documents and settings\All Users\Menu Iniciar\Programas\ USB Web Camera \Uninstall.lnk
c:\documents and settings\Marcus\Dados de aplicativos\Desktopicon
c:\documents and settings\Marcus\Dados de aplicativos\Desktopicon\config.ini
c:\documents and settings\Marcus\Dados de aplicativos\Desktopicon\eBayShortcuts.exe
c:\documents and settings\Marcus\Dados de aplicativos\Desktopicon\mc.ico
c:\windows\Installer\105ccb0.msp
c:\windows\Installer\105ccc8.msp
c:\windows\Installer\105ccde.msp
c:\windows\Installer\105ccf4.msp
c:\windows\Installer\105cd0c.msp
c:\windows\Installer\105cd23.msp
c:\windows\Installer\105cd3e.msp
c:\windows\Installer\105cd55.msp
c:\windows\Installer\133116f.msp
c:\windows\Installer\1331187.msp
c:\windows\Installer\133119d.msp
c:\windows\Installer\13311b5.msp
c:\windows\Installer\13311cc.msp
c:\windows\Installer\13311e7.msp
c:\windows\Installer\13311fe.msp
c:\windows\Installer\13e5f5b.msp
c:\windows\Installer\13e5f73.msp
c:\windows\Installer\13e5f89.msp
c:\windows\Installer\13e5f9f.msp
c:\windows\Installer\13e5fb7.msp
c:\windows\Installer\13e5fce.msp
c:\windows\Installer\13e5fe9.msp
c:\windows\Installer\13e6000.msp
c:\windows\Installer\143e387.msp
c:\windows\Installer\143e39d.msp
c:\windows\Installer\143e3b5.msp
c:\windows\Installer\16ce9f.msp
c:\windows\Installer\16ceb7.msp
c:\windows\Installer\16cecd.msp
c:\windows\Installer\16cee3.msp
c:\windows\Installer\16cefb.msp
c:\windows\Installer\16cf12.msp
c:\windows\Installer\16cf2d.msp
c:\windows\Installer\16cf44.msp
c:\windows\Installer\1770ea.msp
c:\windows\Installer\177100.msp
c:\windows\Installer\1973481.msp
c:\windows\Installer\1973497.msp
c:\windows\Installer\1980908.msp
c:\windows\Installer\1980920.msp
c:\windows\Installer\1980936.msp
c:\windows\Installer\198094c.msp
c:\windows\Installer\1980964.msp
c:\windows\Installer\198097b.msp
c:\windows\Installer\1980996.msp
c:\windows\Installer\19809ad.msp
c:\windows\Installer\1a1e811.msp
c:\windows\Installer\1a1e829.msp
c:\windows\Installer\1a1e83f.msp
c:\windows\Installer\1a1e855.msp
c:\windows\Installer\1a1e86d.msp
c:\windows\Installer\1a1e884.msp
c:\windows\Installer\1a1e89b.msp
c:\windows\Installer\1a26ef5.msp
c:\windows\Installer\1a26f0b.msp
c:\windows\Installer\1c620d.msp
c:\windows\Installer\1c622a.msp
c:\windows\Installer\1c6240.msp
c:\windows\Installer\1c6256.msp
c:\windows\Installer\1c626e.msp
c:\windows\Installer\1c6285.msp
c:\windows\Installer\1c62a0.msp
c:\windows\Installer\1db7aa.msp
c:\windows\Installer\1db7c0.msp
c:\windows\Installer\1e05228.msp
c:\windows\Installer\1e0523e.msp
c:\windows\Installer\20257.msp
c:\windows\Installer\2026f.msp
c:\windows\Installer\20285.msp
c:\windows\Installer\2029b.msp
c:\windows\Installer\202b3.msp
c:\windows\Installer\202ca.msp
c:\windows\Installer\202e5.msp
c:\windows\Installer\2048a9e.msp
c:\windows\Installer\2048ab6.msp
c:\windows\Installer\2048acc.msp
c:\windows\Installer\2048ae2.msp
c:\windows\Installer\2048afa.msp
c:\windows\Installer\2048b11.msp
c:\windows\Installer\2048b2c.msp
c:\windows\Installer\20b7f.msp
c:\windows\Installer\20b97.msp
c:\windows\Installer\20bad.msp
c:\windows\Installer\20bc3.msp
c:\windows\Installer\20bdb.msp
c:\windows\Installer\20bf2.msp
c:\windows\Installer\20c0d.msp
c:\windows\Installer\20c24.msp
c:\windows\Installer\210e0d2.msp
c:\windows\Installer\210e0ef.msp
c:\windows\Installer\210e105.msp
c:\windows\Installer\210e11b.msp
c:\windows\Installer\210e133.msp
c:\windows\Installer\210e14a.msp
c:\windows\Installer\210e165.msp
c:\windows\Installer\21ca6.msp
c:\windows\Installer\21cbe.msp
c:\windows\Installer\21cd4.msp
c:\windows\Installer\21cea.msp
c:\windows\Installer\21d02.msp
c:\windows\Installer\21d19.msp
c:\windows\Installer\21d34.msp
c:\windows\Installer\228691d.msp
c:\windows\Installer\2286935.msp
c:\windows\Installer\228694b.msp
c:\windows\Installer\2286961.msp
c:\windows\Installer\2286979.msp
c:\windows\Installer\2286990.msp
c:\windows\Installer\22869ab.msp
c:\windows\Installer\22869c2.msp
c:\windows\Installer\2289c.msp
c:\windows\Installer\228b4.msp
c:\windows\Installer\228bc.msp
c:\windows\Installer\228ca.msp
c:\windows\Installer\228d4.msp
c:\windows\Installer\228e0.msp
c:\windows\Installer\228ea.msp
c:\windows\Installer\228f8.msp
c:\windows\Installer\22900.msp
c:\windows\Installer\2290f.msp
c:\windows\Installer\22918.msp
c:\windows\Installer\2292a.msp
c:\windows\Installer\2292f.msp
c:\windows\Installer\22941.msp
c:\windows\Installer\2294a.msp
c:\windows\Installer\22961.msp
c:\windows\Installer\23166.msp
c:\windows\Installer\2317e.msp
c:\windows\Installer\23194.msp
c:\windows\Installer\231aa.msp
c:\windows\Installer\231c2.msp
c:\windows\Installer\231d9.msp
c:\windows\Installer\231e3.msp
c:\windows\Installer\231f4.msp
c:\windows\Installer\231fb.msp
c:\windows\Installer\2320b.msp
c:\windows\Installer\23211.msp
c:\windows\Installer\23227.msp
c:\windows\Installer\2323f.msp
c:\windows\Installer\23256.msp
c:\windows\Installer\23271.msp
c:\windows\Installer\23288.msp
c:\windows\Installer\23389.msp
c:\windows\Installer\233a1.msp
c:\windows\Installer\233b7.msp
c:\windows\Installer\233cd.msp
c:\windows\Installer\233e5.msp
c:\windows\Installer\233fc.msp
c:\windows\Installer\23417.msp
c:\windows\Installer\2342e.msp
c:\windows\Installer\23464.msp
c:\windows\Installer\2347c.msp
c:\windows\Installer\23492.msp
c:\windows\Installer\234a8.msp
c:\windows\Installer\234c0.msp
c:\windows\Installer\234d7.msp
c:\windows\Installer\234ee.msp
c:\windows\Installer\23a01.msp
c:\windows\Installer\23a19.msp
c:\windows\Installer\23a2f.msp
c:\windows\Installer\23a45.msp
c:\windows\Installer\23a4b2d.msp
c:\windows\Installer\23a4b45.msp
c:\windows\Installer\23a4b5b.msp
c:\windows\Installer\23a4b71.msp
c:\windows\Installer\23a4b89.msp
c:\windows\Installer\23a4ba0.msp
c:\windows\Installer\23a4bb7.msp
c:\windows\Installer\23a5d.msp
c:\windows\Installer\23a74.msp
c:\windows\Installer\23a8f.msp
c:\windows\Installer\23aad.msp
c:\windows\Installer\23ac3.msp
c:\windows\Installer\23eb5.msp
c:\windows\Installer\23ecd.msp
c:\windows\Installer\23ee3.msp
c:\windows\Installer\23ee4.msp
c:\windows\Installer\23ef9.msp
c:\windows\Installer\23efc.msp
c:\windows\Installer\23f11.msp
c:\windows\Installer\23f12.msp
c:\windows\Installer\23f28.msp
c:\windows\Installer\23f29.msp
c:\windows\Installer\23f41.msp
c:\windows\Installer\23f43.msp
c:\windows\Installer\23f58.msp
c:\windows\Installer\23f5a.msp
c:\windows\Installer\23f73.msp
c:\windows\Installer\241c04.msp
c:\windows\Installer\241c1a.msp
c:\windows\Installer\245c672.msp
c:\windows\Installer\245c688.msp
c:\windows\Installer\248f6.msp
c:\windows\Installer\2490e.msp
c:\windows\Installer\24924.msp
c:\windows\Installer\2493a.msp
c:\windows\Installer\24952.msp
c:\windows\Installer\24969.msp
c:\windows\Installer\24984.msp
c:\windows\Installer\2499b.msp
c:\windows\Installer\249d0.msp
c:\windows\Installer\249e8.msp
c:\windows\Installer\249fe.msp
c:\windows\Installer\24a14.msp
c:\windows\Installer\24a2c.msp
c:\windows\Installer\24a43.msp
c:\windows\Installer\24a5e.msp
c:\windows\Installer\24a75.msp
c:\windows\Installer\24bf3.msp
c:\windows\Installer\251a0.msp
c:\windows\Installer\251b8.msp
c:\windows\Installer\251ce.msp
c:\windows\Installer\251e4.msp
c:\windows\Installer\251fc.msp
c:\windows\Installer\25213.msp
c:\windows\Installer\2522e.msp
c:\windows\Installer\25245.msp
c:\windows\Installer\25431.msp
c:\windows\Installer\25449.msp
c:\windows\Installer\2545f.msp
c:\windows\Installer\2547f.msp
c:\windows\Installer\25497.msp
c:\windows\Installer\254ae.msp
c:\windows\Installer\254c9.msp
c:\windows\Installer\254e0.msp
c:\windows\Installer\25673.msp
c:\windows\Installer\2568b.msp
c:\windows\Installer\256a1.msp
c:\windows\Installer\256b7.msp
c:\windows\Installer\256cf.msp
c:\windows\Installer\256e6.msp
c:\windows\Installer\25701.msp
c:\windows\Installer\25718.msp
c:\windows\Installer\25ba728.msp
c:\windows\Installer\25ba740.msp
c:\windows\Installer\25ba756.msp
c:\windows\Installer\25ba76c.msp
c:\windows\Installer\25ba784.msp
c:\windows\Installer\25ba79b.msp
c:\windows\Installer\25ba7b6.msp
c:\windows\Installer\25c2f.msp
c:\windows\Installer\25c47.msp
c:\windows\Installer\25c5d.msp
c:\windows\Installer\25c73.msp
c:\windows\Installer\25c8b.msp
c:\windows\Installer\25ca2.msp
c:\windows\Installer\25cbd.msp
c:\windows\Installer\25cd4.msp
c:\windows\Installer\25f047.msp
c:\windows\Installer\25f05f.msp
c:\windows\Installer\25f075.msp
c:\windows\Installer\25f08b.msp
c:\windows\Installer\25f0a3.msp
c:\windows\Installer\25f0ba.msp
c:\windows\Installer\25f0d1.msp
c:\windows\Installer\25f5c.msp
c:\windows\Installer\25f74.msp
c:\windows\Installer\25f8a.msp
c:\windows\Installer\25fa0.msp
c:\windows\Installer\25fb8.msp
c:\windows\Installer\25fcf.msp
c:\windows\Installer\25fea.msp
c:\windows\Installer\26001.msp
c:\windows\Installer\26037.msp
c:\windows\Installer\2604f.msp
c:\windows\Installer\26065.msp
c:\windows\Installer\2607b.msp
c:\windows\Installer\26093.msp
c:\windows\Installer\260aa.msp
c:\windows\Installer\260c5.msp
c:\windows\Installer\260dc.msp
c:\windows\Installer\26102.msp
c:\windows\Installer\2611a.msp
c:\windows\Installer\26130.msp
c:\windows\Installer\26146.msp
c:\windows\Installer\2615e.msp
c:\windows\Installer\26175.msp
c:\windows\Installer\26190.msp
c:\windows\Installer\261a7.msp
c:\windows\Installer\2675b.msp
c:\windows\Installer\26773.msp
c:\windows\Installer\26789.msp
c:\windows\Installer\2679f.msp
c:\windows\Installer\267b7.msp
c:\windows\Installer\267ce.msp
c:\windows\Installer\267e9.msp
c:\windows\Installer\26800.msp
c:\windows\Installer\26bdf.msp
c:\windows\Installer\26bf7.msp
c:\windows\Installer\26c0d.msp
c:\windows\Installer\26c23.msp
c:\windows\Installer\26c3b.msp
c:\windows\Installer\26c52.msp
c:\windows\Installer\26c6d.msp
c:\windows\Installer\27006.msp
c:\windows\Installer\2701e.msp
c:\windows\Installer\27034.msp
c:\windows\Installer\2704a.msp
c:\windows\Installer\27062.msp
c:\windows\Installer\27079.msp
c:\windows\Installer\27094.msp
c:\windows\Installer\270ab.msp
c:\windows\Installer\27286.msp
c:\windows\Installer\2729e.msp
c:\windows\Installer\272b4.msp
c:\windows\Installer\272ca.msp
c:\windows\Installer\272e2.msp
c:\windows\Installer\272f9.msp
c:\windows\Installer\27314.msp
c:\windows\Installer\2732b.msp
c:\windows\Installer\2785206.msp
c:\windows\Installer\278521e.msp
c:\windows\Installer\2785234.msp
c:\windows\Installer\278524a.msp
c:\windows\Installer\2785262.msp
c:\windows\Installer\2785279.msp
c:\windows\Installer\2785294.msp
c:\windows\Installer\27853.msp
c:\windows\Installer\2786b.msp
c:\windows\Installer\27881.msp
c:\windows\Installer\27897.msp
c:\windows\Installer\278af.msp
c:\windows\Installer\278c6.msp
c:\windows\Installer\278e1.msp
c:\windows\Installer\27ca8.msp
c:\windows\Installer\27cc1.msp
c:\windows\Installer\27cd7.msp
c:\windows\Installer\27ced.msp
c:\windows\Installer\27d05.msp
c:\windows\Installer\27d1c.msp
c:\windows\Installer\27d37.msp
c:\windows\Installer\27d4e.msp
c:\windows\Installer\27f67.msp
c:\windows\Installer\27f7f.msp
c:\windows\Installer\27f95.msp
c:\windows\Installer\27fab.msp
c:\windows\Installer\27fc3.msp
c:\windows\Installer\27fda.msp
c:\windows\Installer\27ff5.msp
c:\windows\Installer\2800c.msp
c:\windows\Installer\28090.msp
c:\windows\Installer\280a8.msp
c:\windows\Installer\280be.msp
c:\windows\Installer\280d4.msp
c:\windows\Installer\280ec.msp
c:\windows\Installer\28103.msp
c:\windows\Installer\2811e.msp
c:\windows\Installer\28821.msp
c:\windows\Installer\28839.msp
c:\windows\Installer\2884f.msp
c:\windows\Installer\28865.msp
c:\windows\Installer\2887d.msp
c:\windows\Installer\28894.msp
c:\windows\Installer\288af.msp
c:\windows\Installer\288c6.msp
c:\windows\Installer\2893b.msp
c:\windows\Installer\28953.msp
c:\windows\Installer\28969.msp
c:\windows\Installer\2897f.msp
c:\windows\Installer\28997.msp
c:\windows\Installer\289ae.msp
c:\windows\Installer\289c7.msp
c:\windows\Installer\289c9.msp
c:\windows\Installer\289df.msp
c:\windows\Installer\289e0.msp
c:\windows\Installer\289f5.msp
c:\windows\Installer\28a0b.msp
c:\windows\Installer\28a23.msp
c:\windows\Installer\28a3a.msp
c:\windows\Installer\28a55.msp
c:\windows\Installer\28a6c.msp
c:\windows\Installer\28ec9.msp
c:\windows\Installer\28ee1.msp
c:\windows\Installer\28f1c.msp
c:\windows\Installer\28f32.msp
c:\windows\Installer\28f48.msp
c:\windows\Installer\28f5e.msp
c:\windows\Installer\28f74.msp
c:\windows\Installer\28f8c.msp
c:\windows\Installer\28fa4.msp
c:\windows\Installer\28fbb.msp
c:\windows\Installer\28fd6.msp
c:\windows\Installer\28fed.msp
c:\windows\Installer\290dc.msp
c:\windows\Installer\290f4.msp
c:\windows\Installer\2910a.msp
c:\windows\Installer\29120.msp
c:\windows\Installer\29138.msp
c:\windows\Installer\2914f.msp
c:\windows\Installer\29166.msp
c:\windows\Installer\29253.msp
c:\windows\Installer\2926b.msp
c:\windows\Installer\292a6.msp
c:\windows\Installer\292bc.msp
c:\windows\Installer\292d2.msp
c:\windows\Installer\292e8.msp
c:\windows\Installer\292fe.msp
c:\windows\Installer\29316.msp
c:\windows\Installer\2932e.msp
c:\windows\Installer\29345.msp
c:\windows\Installer\29360.msp
c:\windows\Installer\29377.msp
c:\windows\Installer\29466.msp
c:\windows\Installer\2947e.msp
c:\windows\Installer\29494.msp
c:\windows\Installer\294aa.msp
c:\windows\Installer\294c2.msp
c:\windows\Installer\294d9.msp
c:\windows\Installer\294f4.msp
c:\windows\Installer\2950b.msp
c:\windows\Installer\2985e.msp
c:\windows\Installer\29874.msp
c:\windows\Installer\29f43.msp
c:\windows\Installer\29f5b.msp
c:\windows\Installer\29f71.msp
c:\windows\Installer\29f87.msp
c:\windows\Installer\29f9f.msp
c:\windows\Installer\29fb6.msp
c:\windows\Installer\29fd1.msp
c:\windows\Installer\29fe8.msp
c:\windows\Installer\2a00e.msp
c:\windows\Installer\2a026.msp
c:\windows\Installer\2a03c.msp
c:\windows\Installer\2a052.msp
c:\windows\Installer\2a05d.msp
c:\windows\Installer\2a06a.msp
c:\windows\Installer\2a075.msp
c:\windows\Installer\2a081.msp
c:\windows\Installer\2a08b.msp
c:\windows\Installer\2a09c.msp
c:\windows\Installer\2a0a1.msp
c:\windows\Installer\2a0b3.msp
c:\windows\Installer\2a0b9.msp
c:\windows\Installer\2a0d0.msp
c:\windows\Installer\2a0eb.msp
c:\windows\Installer\2a102.msp
c:\windows\Installer\2a1b4.msp
c:\windows\Installer\2a1cc.msp
c:\windows\Installer\2a1e2.msp
c:\windows\Installer\2a1f8.msp
c:\windows\Installer\2a210.msp
c:\windows\Installer\2a227.msp
c:\windows\Installer\2a242.msp
c:\windows\Installer\2a259.msp
c:\windows\Installer\2a3f6.msp
c:\windows\Installer\2a40e.msp
c:\windows\Installer\2a424.msp
c:\windows\Installer\2a43a.msp
c:\windows\Installer\2a452.msp
c:\windows\Installer\2a469.msp
c:\windows\Installer\2a484.msp
c:\windows\Installer\2a49b.msp
c:\windows\Installer\2a8b9.msp
c:\windows\Installer\2a8d1.msp
c:\windows\Installer\2a8e7.msp
c:\windows\Installer\2a8e8.msp
c:\windows\Installer\2a8fd.msp
c:\windows\Installer\2a900.msp
c:\windows\Installer\2a915.msp
c:\windows\Installer\2a916.msp
c:\windows\Installer\2a92c.msp
c:\windows\Installer\2a92d.msp
c:\windows\Installer\2a944.msp
c:\windows\Installer\2a948.msp
c:\windows\Installer\2a95b.msp
c:\windows\Installer\2a95f.msp
c:\windows\Installer\2a976.msp
c:\windows\Installer\2a98d.msp
c:\windows\Installer\2acd0.msp
c:\windows\Installer\2ace8.msp
c:\windows\Installer\2acfe.msp
c:\windows\Installer\2ad14.msp
c:\windows\Installer\2ad2c.msp
c:\windows\Installer\2ad43.msp
c:\windows\Installer\2af8f.msp
c:\windows\Installer\2afa7.msp
c:\windows\Installer\2afbd.msp
c:\windows\Installer\2afd3.msp
c:\windows\Installer\2afeb.msp
c:\windows\Installer\2b002.msp
c:\windows\Installer\2b01c.msp
c:\windows\Installer\2b01d.msp
c:\windows\Installer\2b034.msp
c:\windows\Installer\2b04a.msp
c:\windows\Installer\2b060.msp
c:\windows\Installer\2b078.msp
c:\windows\Installer\2b08f.msp
c:\windows\Installer\2b0aa.msp
c:\windows\Installer\2b0c1.msp
c:\windows\Installer\2b26e.msp
c:\windows\Installer\2b286.msp
c:\windows\Installer\2b29c.msp
c:\windows\Installer\2b2b2.msp
c:\windows\Installer\2b2ca.msp
c:\windows\Installer\2b2e1.msp
c:\windows\Installer\2b2fc.msp
c:\windows\Installer\2b313.msp
c:\windows\Installer\2b8d6.msp
c:\windows\Installer\2b8ee.msp
c:\windows\Installer\2b904.msp
c:\windows\Installer\2b91a.msp
c:\windows\Installer\2b932.msp
c:\windows\Installer\2b949.msp
c:\windows\Installer\2b964.msp
c:\windows\Installer\2b972.msp
c:\windows\Installer\2b97b.msp
c:\windows\Installer\2c0d5.msp
c:\windows\Installer\2c0ed.msp
c:\windows\Installer\2c103.msp
c:\windows\Installer\2c119.msp
c:\windows\Installer\2c131.msp
c:\windows\Installer\2c148.msp
c:\windows\Installer\2c163.msp
c:\windows\Installer\2c17a.msp
c:\windows\Installer\2c24c.msp
c:\windows\Installer\2c262.msp
c:\windows\Installer\2c421.msp
c:\windows\Installer\2c439.msp
c:\windows\Installer\2c44f.msp
c:\windows\Installer\2c465.msp
c:\windows\Installer\2c46f.msp
c:\windows\Installer\2c47d.msp
c:\windows\Installer\2c487.msp
c:\windows\Installer\2c494.msp
c:\windows\Installer\2c49d.msp
c:\windows\Installer\2c4ab.msp
c:\windows\Installer\2c4b3.msp
c:\windows\Installer\2c4cb.msp
c:\windows\Installer\2c4e2.msp
c:\windows\Installer\2c4f9.msp
c:\windows\Installer\2c539f3.msp
c:\windows\Installer\2c53a09.msp
c:\windows\Installer\2c70f.msp
c:\windows\Installer\2c727.msp
c:\windows\Installer\2c73d.msp
c:\windows\Installer\2c753.msp
c:\windows\Installer\2c76b.msp
c:\windows\Installer\2c782.msp
c:\windows\Installer\2c79d.msp
c:\windows\Installer\2c7b4.msp
c:\windows\Installer\2cbf1.msp
c:\windows\Installer\2cc09.msp
c:\windows\Installer\2cc1f.msp
c:\windows\Installer\2cc35.msp
c:\windows\Installer\2cc4d.msp
c:\windows\Installer\2cc64.msp
c:\windows\Installer\2cc7f.msp
c:\windows\Installer\2cc96.msp
c:\windows\Installer\2cf9a.msp
c:\windows\Installer\2cfb2.msp
c:\windows\Installer\2cfc8.msp
c:\windows\Installer\2cfde.msp
c:\windows\Installer\2cff6.msp
c:\windows\Installer\2d00d.msp
c:\windows\Installer\2d028.msp
c:\windows\Installer\2d03f.msp
c:\windows\Installer\2d0d3.msp
c:\windows\Installer\2d0eb.msp
c:\windows\Installer\2d0fd4d.msp
c:\windows\Installer\2d0fd65.msp
c:\windows\Installer\2d0fd7b.msp
c:\windows\Installer\2d0fd91.msp
c:\windows\Installer\2d0fda9.msp
c:\windows\Installer\2d0fdc0.msp
c:\windows\Installer\2d0fdd7.msp
c:\windows\Installer\2d101.msp
c:\windows\Installer\2d117.msp
c:\windows\Installer\2d12f.msp
c:\windows\Installer\2d146.msp
c:\windows\Installer\2d161.msp
c:\windows\Installer\2d178.msp
c:\windows\Installer\2d18e.msp
c:\windows\Installer\2d1a6.msp
c:\windows\Installer\2d1bc.msp
c:\windows\Installer\2d1d2.msp
c:\windows\Installer\2d1ea.msp
c:\windows\Installer\2d201.msp
c:\windows\Installer\2d21c.msp
c:\windows\Installer\2d233.msp
c:\windows\Installer\2d259.msp
c:\windows\Installer\2d271.msp
c:\windows\Installer\2d287.msp
c:\windows\Installer\2d29d.msp
c:\windows\Installer\2d2a8.msp
c:\windows\Installer\2d2b5.msp
c:\windows\Installer\2d2c0.msp
c:\windows\Installer\2d2cc.msp
c:\windows\Installer\2d2d6.msp
c:\windows\Installer\2d2e7.msp
c:\windows\Installer\2d2ec.msp
c:\windows\Installer\2d2fe.msp
c:\windows\Installer\2d304.msp
c:\windows\Installer\2d31b.msp
c:\windows\Installer\2d336.msp
c:\windows\Installer\2d34d.msp
c:\windows\Installer\2d603.msp
c:\windows\Installer\2d619.msp
c:\windows\Installer\2d631.msp
c:\windows\Installer\2d680.msp
c:\windows\Installer\2d698.msp
c:\windows\Installer\2d6ae.msp
c:\windows\Installer\2d6c4.msp
c:\windows\Installer\2d75b.msp
c:\windows\Installer\2d773.msp
c:\windows\Installer\2d7ae.msp
c:\windows\Installer\2d7c4.msp
c:\windows\Installer\2d7da.msp
c:\windows\Installer\2d7f0.msp
c:\windows\Installer\2d806.msp
c:\windows\Installer\2d81e.msp
c:\windows\Installer\2d836.msp
c:\windows\Installer\2d84d.msp
c:\windows\Installer\2d868.msp
c:\windows\Installer\2d87f.msp
c:\windows\Installer\2dcd9.msp
c:\windows\Installer\2dcef.msp
c:\windows\Installer\2de9e.msp
c:\windows\Installer\2deb6.msp
c:\windows\Installer\2decc.msp
c:\windows\Installer\2dee2.msp
c:\windows\Installer\2defa.msp
c:\windows\Installer\2df11.msp
c:\windows\Installer\2df2c.msp
c:\windows\Installer\2df43.msp
c:\windows\Installer\2e12e.msp
c:\windows\Installer\2e144.msp
c:\windows\Installer\2e15a.msp
c:\windows\Installer\2e172.msp
c:\windows\Installer\2e189.msp
c:\windows\Installer\2e1a4.msp
c:\windows\Installer\2e1bb.msp
c:\windows\Installer\2ee513c.msp
c:\windows\Installer\2ee5154.msp
c:\windows\Installer\2ee516a.msp
c:\windows\Installer\2ee5180.msp
c:\windows\Installer\2ee5198.msp
c:\windows\Installer\2ee51af.msp
c:\windows\Installer\2ee51c6.msp
c:\windows\Installer\2ef28.msp
c:\windows\Installer\2ef40.msp
c:\windows\Installer\2ef56.msp
c:\windows\Installer\2ef6c.msp
c:\windows\Installer\2ef84.msp
c:\windows\Installer\2ef9b.msp
c:\windows\Installer\2efb6.msp
c:\windows\Installer\2efcd.msp
c:\windows\Installer\2f14b.msp
c:\windows\Installer\2f163.msp
c:\windows\Installer\2f179.msp
c:\windows\Installer\2f18f.msp
c:\windows\Installer\2f1a7.msp
c:\windows\Installer\2f1be.msp
c:\windows\Installer\2f1d9.msp
c:\windows\Installer\2f34f.msp
c:\windows\Installer\2f365.msp
c:\windows\Installer\2f652d.msp
c:\windows\Installer\2f6543.msp
c:\windows\Installer\2f655b.msp
c:\windows\Installer\2f93b.msp
c:\windows\Installer\2f953.msp
c:\windows\Installer\2f969.msp
c:\windows\Installer\2f97f.msp
c:\windows\Installer\2f997.msp
c:\windows\Installer\2f9ae.msp
c:\windows\Installer\2f9c9.msp
c:\windows\Installer\2f9e0.msp
c:\windows\Installer\2ff587d.msp
c:\windows\Installer\2ff5895.msp
c:\windows\Installer\2ff58ab.msp
c:\windows\Installer\2ff58c1.msp
c:\windows\Installer\2ff58d9.msp
c:\windows\Installer\2ff58f0.msp
c:\windows\Installer\2ff590b.msp
c:\windows\Installer\2ff5922.msp
c:\windows\Installer\301b6.msp
c:\windows\Installer\301ce.msp
c:\windows\Installer\301e4.msp
c:\windows\Installer\301fa.msp
c:\windows\Installer\30212.msp
c:\windows\Installer\30229.msp
c:\windows\Installer\30244.msp
c:\windows\Installer\3025b.msp
c:\windows\Installer\30a61.msp
c:\windows\Installer\30a79.msp
c:\windows\Installer\30a8f.msp
c:\windows\Installer\30aa5.msp
c:\windows\Installer\30abd.msp
c:\windows\Installer\30ad4.msp
c:\windows\Installer\30aee.msp
c:\windows\Installer\30aef.msp
c:\windows\Installer\30b06.msp
c:\windows\Installer\30b1c.msp
c:\windows\Installer\30b32.msp
c:\windows\Installer\30b4a.msp
c:\windows\Installer\30b61.msp
c:\windows\Installer\30b78.msp
c:\windows\Installer\31260.msp
c:\windows\Installer\31278.msp
c:\windows\Installer\312b3.msp
c:\windows\Installer\312c9.msp
c:\windows\Installer\312df.msp
c:\windows\Installer\312f5.msp
c:\windows\Installer\3130b.msp
c:\windows\Installer\31323.msp
c:\windows\Installer\3133b.msp
c:\windows\Installer\31352.msp
c:\windows\Installer\3136d.msp
c:\windows\Installer\3156d.msp
c:\windows\Installer\31585.msp
c:\windows\Installer\3159b.msp
c:\windows\Installer\315b1.msp
c:\windows\Installer\315c9.msp
c:\windows\Installer\315e0.msp
c:\windows\Installer\315fb.msp
c:\windows\Installer\31612.msp
c:\windows\Installer\31a11.msp
c:\windows\Installer\31a29.msp
c:\windows\Installer\31a3f.msp
c:\windows\Installer\31a55.msp
c:\windows\Installer\31a6d.msp
c:\windows\Installer\31a84.msp
c:\windows\Installer\31a9f.msp
c:\windows\Installer\31b49.msp
c:\windows\Installer\31b5f.msp
c:\windows\Installer\3203b.msp
c:\windows\Installer\32053.msp
c:\windows\Installer\32069.msp
c:\windows\Installer\3207f.msp
c:\windows\Installer\32097.msp
c:\windows\Installer\320ae.msp
c:\windows\Installer\320c9.msp
c:\windows\Installer\328c7d.msp
c:\windows\Installer\328c95.msp
c:\windows\Installer\328cab.msp
c:\windows\Installer\328cc1.msp
c:\windows\Installer\328cd9.msp
c:\windows\Installer\328cf0.msp
c:\windows\Installer\328d0b.msp
c:\windows\Installer\328d22.msp
c:\windows\Installer\32ee1.msp
c:\windows\Installer\32ef9.msp
c:\windows\Installer\32f0f.msp
c:\windows\Installer\32f25.msp
c:\windows\Installer\32f3d.msp
c:\windows\Installer\32f54.msp
c:\windows\Installer\32f6f.msp
c:\windows\Installer\32f86.msp
c:\windows\Installer\33559.msp
c:\windows\Installer\33571.msp
c:\windows\Installer\33587.msp
c:\windows\Installer\3359d.msp
c:\windows\Installer\335b5.msp
c:\windows\Installer\335cc.msp
c:\windows\Installer\335e7.msp
c:\windows\Installer\335fe.msp
c:\windows\Installer\33c6e.msp
c:\windows\Installer\33c86.msp
c:\windows\Installer\33c9c.msp
c:\windows\Installer\33cb2.msp
c:\windows\Installer\33cca.msp
c:\windows\Installer\33ce1.msp
c:\windows\Installer\33cfc.msp
c:\windows\Installer\33d13.msp
c:\windows\Installer\35f38.msp
c:\windows\Installer\35f50.msp
c:\windows\Installer\35f66.msp
c:\windows\Installer\35f7c.msp
c:\windows\Installer\35f94.msp
c:\windows\Installer\35fab.msp
c:\windows\Installer\35fc6.msp
c:\windows\Installer\360af.msp
c:\windows\Installer\360c7.msp
c:\windows\Installer\360dd.msp
c:\windows\Installer\360f3.msp
c:\windows\Installer\3610b.msp
c:\windows\Installer\36122.msp
c:\windows\Installer\36139.msp
c:\windows\Installer\3614b.msp
c:\windows\Installer\36163.msp
c:\windows\Installer\36179.msp
c:\windows\Installer\3618f.msp
c:\windows\Installer\361a7.msp
c:\windows\Installer\361be.msp
c:\windows\Installer\361d5.msp
c:\windows\Installer\376c5a.msp
c:\windows\Installer\376c70.msp
c:\windows\Installer\379d4.msp
c:\windows\Installer\379ec.msp
c:\windows\Installer\37a02.msp
c:\windows\Installer\37a18.msp
c:\windows\Installer\37a30.msp
c:\windows\Installer\37a47.msp
c:\windows\Installer\37a5e.msp
c:\windows\Installer\38415.msp
c:\windows\Installer\3842d.msp
c:\windows\Installer\38443.msp
c:\windows\Installer\38459.msp
c:\windows\Installer\38471.msp
c:\windows\Installer\38488.msp
c:\windows\Installer\384a3.msp
c:\windows\Installer\384ba.msp
c:\windows\Installer\397ad.msp
c:\windows\Installer\397c5.msp
c:\windows\Installer\397db.msp
c:\windows\Installer\397f1.msp
c:\windows\Installer\39809.msp
c:\windows\Installer\39820.msp
c:\windows\Installer\3983b.msp
c:\windows\Installer\39f1f.msp
c:\windows\Installer\39f37.msp
c:\windows\Installer\39f4d.msp
c:\windows\Installer\39f63.msp
c:\windows\Installer\39f7b.msp
c:\windows\Installer\39f92.msp
c:\windows\Installer\39fa9.msp
c:\windows\Installer\3a019.msp
c:\windows\Installer\3a031.msp
c:\windows\Installer\3a047.msp
c:\windows\Installer\3a05d.msp
c:\windows\Installer\3a075.msp
c:\windows\Installer\3a08c.msp
c:\windows\Installer\3a0a7.msp
c:\windows\Installer\3a0be.msp
c:\windows\Installer\3aa89.msp
c:\windows\Installer\3aaa1.msp
c:\windows\Installer\3aab7.msp
c:\windows\Installer\3aacd.msp
c:\windows\Installer\3aae5.msp
c:\windows\Installer\3aafc.msp
c:\windows\Installer\3ab17.msp
c:\windows\Installer\3c12ab7.msp
c:\windows\Installer\3c12acf.msp
c:\windows\Installer\3c12ae5.msp
c:\windows\Installer\3c12afb.msp
c:\windows\Installer\3c12b13.msp
c:\windows\Installer\3c12b2a.msp
c:\windows\Installer\3c12b41.msp
c:\windows\Installer\402543.msp
c:\windows\Installer\402559.msp
c:\windows\Installer\402ea.msp
c:\windows\Installer\40302.msp
c:\windows\Installer\40318.msp
c:\windows\Installer\4032e.msp
c:\windows\Installer\40346.msp
c:\windows\Installer\4035d.msp
c:\windows\Installer\40378.msp
c:\windows\Installer\4038f.msp
c:\windows\Installer\40ce8bb.msp
c:\windows\Installer\40ce8d3.msp
c:\windows\Installer\40ce8e9.msp
c:\windows\Installer\40ce8ff.msp
c:\windows\Installer\40ce917.msp
c:\windows\Installer\40ce92e.msp
c:\windows\Installer\40ce949.msp
c:\windows\Installer\40ce960.msp
c:\windows\Installer\41d58.msp
c:\windows\Installer\41d70.msp
c:\windows\Installer\41d86.msp
c:\windows\Installer\41d9c.msp
c:\windows\Installer\41db4.msp
c:\windows\Installer\41dcb.msp
c:\windows\Installer\41de6.msp
c:\windows\Installer\41dfd.msp
c:\windows\Installer\42da4.msp
c:\windows\Installer\42dbc.msp
c:\windows\Installer\42df7.msp
c:\windows\Installer\42e23.msp
c:\windows\Installer\42e39.msp
c:\windows\Installer\42e4f.msp
c:\windows\Installer\42e65.msp
c:\windows\Installer\42e7d.msp
c:\windows\Installer\42e95.msp
c:\windows\Installer\42eac.msp
c:\windows\Installer\42ec7.msp
c:\windows\Installer\43ca6e.msp
c:\windows\Installer\43ca84.msp
c:\windows\Installer\43ca9c.msp
c:\windows\Installer\4cc6471.msp
c:\windows\Installer\4cc6489.msp
c:\windows\Installer\4cc649f.msp
c:\windows\Installer\4cc64b5.msp
c:\windows\Installer\4cc64cd.msp
c:\windows\Installer\4cc64e4.msp
c:\windows\Installer\4cc64ff.msp
c:\windows\Installer\4cc6516.msp
c:\windows\Installer\4e35771.msp
c:\windows\Installer\4e35789.msp
c:\windows\Installer\4e3579f.msp
c:\windows\Installer\4e357b5.msp
c:\windows\Installer\4e357cd.msp
c:\windows\Installer\4e357e4.msp
c:\windows\Installer\4e357ff.msp
c:\windows\Installer\4e35816.msp
c:\windows\Installer\507d49.msp
c:\windows\Installer\507d61.msp
c:\windows\Installer\507d77.msp
c:\windows\Installer\507d8d.msp
c:\windows\Installer\507da5.msp
c:\windows\Installer\507dbc.msp
c:\windows\Installer\507dd7.msp
c:\windows\Installer\512f4c6.msp
c:\windows\Installer\512f4de.msp
c:\windows\Installer\512f4f4.msp
c:\windows\Installer\512f50a.msp
c:\windows\Installer\512f522.msp
c:\windows\Installer\512f539.msp
c:\windows\Installer\512f554.msp
c:\windows\Installer\512f56b.msp
c:\windows\Installer\54fec.msp
c:\windows\Installer\55004.msp
c:\windows\Installer\5501a.msp
c:\windows\Installer\55030.msp
c:\windows\Installer\55048.msp
c:\windows\Installer\5505f.msp
c:\windows\Installer\5507a.msp
c:\windows\Installer\564cee0.msp
c:\windows\Installer\564cef8.msp
c:\windows\Installer\564cf0e.msp
c:\windows\Installer\564cf24.msp
c:\windows\Installer\564cf3c.msp
c:\windows\Installer\564cf53.msp
c:\windows\Installer\564cf6e.msp
c:\windows\Installer\564cf85.msp
c:\windows\Installer\5b8a9.msp
c:\windows\Installer\5b8bf.msp
c:\windows\Installer\5b8d7.msp
c:\windows\Installer\669848.msp
c:\windows\Installer\669860.msp
c:\windows\Installer\669876.msp
c:\windows\Installer\66988c.msp
c:\windows\Installer\6698a4.msp
c:\windows\Installer\6698bb.msp
c:\windows\Installer\6698d6.msp
c:\windows\Installer\6698ed.msp
c:\windows\Installer\692c946.msp
c:\windows\Installer\692c95c.msp
c:\windows\Installer\71d3e4.msp
c:\windows\Installer\71d3fc.msp
c:\windows\Installer\71d412.msp
c:\windows\Installer\71d428.msp
c:\windows\Installer\71d440.msp
c:\windows\Installer\71d457.msp
c:\windows\Installer\71d472.msp
c:\windows\Installer\7326c2.msp
c:\windows\Installer\7326da.msp
c:\windows\Installer\7326f0.msp
c:\windows\Installer\732706.msp
c:\windows\Installer\73271e.msp
c:\windows\Installer\732735.msp
c:\windows\Installer\73274c.msp
c:\windows\Installer\739cf.msi
c:\windows\Installer\73cbfb.msp
c:\windows\Installer\73cc11.msp
c:\windows\Installer\73cc29.msp
c:\windows\Installer\7621cf5.msp
c:\windows\Installer\7621d0d.msp
c:\windows\Installer\7621d23.msp
c:\windows\Installer\7621d39.msp
c:\windows\Installer\7621d51.msp
c:\windows\Installer\7621d68.msp
c:\windows\Installer\7621d83.msp
c:\windows\Installer\7621d9a.msp
c:\windows\Installer\7a4e7c.msp
c:\windows\Installer\7a4e94.msp
c:\windows\Installer\7a4eaa.msp
c:\windows\Installer\7a4ec0.msp
c:\windows\Installer\7a4ed8.msp
c:\windows\Installer\7a4eef.msp
c:\windows\Installer\7a4f0a.msp
c:\windows\Installer\7a4f21.msp
c:\windows\Installer\7f18fc.msp
c:\windows\Installer\7f1914.msp
c:\windows\Installer\7f192a.msp
c:\windows\Installer\7f1940.msp
c:\windows\Installer\7f1958.msp
c:\windows\Installer\7f196f.msp
c:\windows\Installer\7f198a.msp
c:\windows\Installer\7f19a1.msp
c:\windows\Installer\85da9.msp
c:\windows\Installer\85dc1.msp
c:\windows\Installer\85dd7.msp
c:\windows\Installer\85ded.msp
c:\windows\Installer\85e05.msp
c:\windows\Installer\85e1c.msp
c:\windows\Installer\85e37.msp
c:\windows\Installer\85e4e.msp
c:\windows\Installer\86aa0f.msp
c:\windows\Installer\86aa27.msp
c:\windows\Installer\86aa3d.msp
c:\windows\Installer\86aa53.msp
c:\windows\Installer\86aa6b.msp
c:\windows\Installer\86aa82.msp
c:\windows\Installer\86aa9d.msp
c:\windows\Installer\8a1b7.msp
c:\windows\Installer\8a1cf.msp
c:\windows\Installer\8a1e5.msp
c:\windows\Installer\8a1fb.msp
c:\windows\Installer\8a213.msp
c:\windows\Installer\8a22a.msp
c:\windows\Installer\8a245.msp
c:\windows\Installer\91e108.msp
c:\windows\Installer\91e11e.msp
c:\windows\Installer\99c924.msp
c:\windows\Installer\99c93c.msp
c:\windows\Installer\99c952.msp
c:\windows\Installer\99c968.msp
c:\windows\Installer\99c980.msp
c:\windows\Installer\99c997.msp
c:\windows\Installer\99c9b2.msp
c:\windows\Installer\9fd69.msp
c:\windows\Installer\9fd80.msp
c:\windows\Installer\9fd9b.msp
c:\windows\Installer\9fdb2.msp
c:\windows\Installer\a3661.msp
c:\windows\Installer\a3677.msp
c:\windows\Installer\ba3c64.msp
c:\windows\Installer\ba3c7c.msp
c:\windows\Installer\ba3c92.msp
c:\windows\Installer\ba3ca8.msp
c:\windows\Installer\ba3cc0.msp
c:\windows\Installer\ba3cd7.msp
c:\windows\Installer\ba3cf2.msp
c:\windows\Installer\be7b8c.msp
c:\windows\Installer\be7ba2.msp
c:\windows\Installer\be7bba.msp
c:\windows\Installer\c17d3.msp
c:\windows\Installer\c17e9.msp
c:\windows\Installer\c1801.msp
c:\windows\Installer\cd6e64.msp
c:\windows\Installer\cd6e7c.msp
c:\windows\Installer\cd6e92.msp
c:\windows\Installer\cd6ea8.msp
c:\windows\Installer\cd6ec0.msp
c:\windows\Installer\cd6ed7.msp
c:\windows\Installer\cd6ef2.msp
c:\windows\Installer\cf6d80.msp
c:\windows\Installer\cf6d98.msp
c:\windows\Installer\cf6dae.msp
c:\windows\Installer\cf6dc4.msp
c:\windows\Installer\cf6ddc.msp
c:\windows\Installer\cf6df3.msp
c:\windows\Installer\cf6e0a.msp
c:\windows\Installer\cfa818.msp
c:\windows\Installer\cfa82e.msp
c:\windows\Installer\ea208.msp
c:\windows\Installer\ea220.msp
c:\windows\Installer\ea236.msp
c:\windows\Installer\ea24c.msp
c:\windows\Installer\ea264.msp
c:\windows\Installer\ea27b.msp
c:\windows\Installer\ea296.msp
c:\windows\Installer\ea2ad.msp
c:\windows\steps.txt
c:\windows\system32\5xJsO.vbs
c:\windows\system32\Drivers\erfdi.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\Tasks\startt.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


(((((((((((((((( Arquivos/Ficheiros criados de 2009-09-20 to 2009-10-20 ))))))))))))))))))))))))))))
.

Nenhum ficheiro/arquivo criado durante este período

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-10-20 09:47 . 2008-09-01 00:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help
2009-10-18 10:22 . 2001-10-28 12:07 94718 ----a-w- c:\windows\system32\perfc016.dat
2009-10-18 10:22 . 2001-10-28 12:07 504566 ----a-w- c:\windows\system32\perfh016.dat
2009-10-18 01:36 . 2008-08-30 20:40 -------- d-----w- c:\arquivos de programas\Common Files
2009-10-09 01:32 . 2008-08-31 15:29 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\uTorrent
2009-09-27 19:55 . 2008-12-22 22:02 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP
2009-09-22 22:54 . 2008-10-18 02:00 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\LimeWire
2009-09-11 19:51 . 2009-09-09 17:25 -------- d-----w- c:\arquivos de programas\MegaJogos
2009-09-11 14:19 . 2008-09-20 17:27 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 20:11 . 2008-08-31 03:53 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2009-09-04 21:04 . 2004-08-04 03:45 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:57 . 2004-08-04 03:45 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:01 . 2004-08-04 03:45 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 23:51 . 2009-08-25 23:51 -------- d-----w- c:\arquivos de programas\Arquivos comuns\snp325
2009-08-25 23:51 . 2008-08-30 20:55 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-08-24 21:48 . 2008-10-18 02:00 -------- d-----w- c:\arquivos de programas\LimeWire
2009-08-24 17:07 . 2008-09-22 22:40 -------- d-----w- c:\arquivos de programas\Java
2009-08-17 16:10 . 2009-05-08 22:50 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-05-08 22:50 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-05-08 22:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-05-08 22:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-05-08 22:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-05-08 22:50 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-05-08 22:50 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-05-08 22:50 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-05-08 22:50 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-13 03:56 . 2009-08-13 03:56 45 ---h--w- c:\windows\dsez5533.dat
2009-08-05 09:00 . 2004-08-04 03:45 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:27 . 2008-09-20 17:27 2149376 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:27 . 2008-09-20 17:27 2028032 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-25 08:23 . 2009-01-05 12:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-02-25 16:11 . 2009-02-25 16:11 48 -csha-w- c:\windows\S2E66E3E2.tmp
.

------- Sigcheck -------

[-] 2008-04-14 . 9897C5DF7D7CD69EBCAD49B54BB49AF8 . 1426432 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 9897C5DF7D7CD69EBCAD49B54BB49AF8 . 1426432 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\system32\VITrans\explorer.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-14 1695232]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-12 4608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-10-07 86016]
"PWRISOVM.EXE"="c:\arquivos de programas\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp. exe" [2009-08-17 81000]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"tsnp325"="c:\windows\tsnp325.exe" [2007-04-21 270336]
"snp325"="c:\windows\vsnp325.exe" [2007-05-09 835584]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-08-03 1826816]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-08-10 16384000]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Marcus\Menu Iniciar\Programas\Inicializar\
Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"<NO NAME>"= 0

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Arquivos de programas\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=
"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Arquivos de programas\\Persona\\Persona.exe"=
"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Arquivos de programas\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Arquivos de programas\\MegaJogos\\jre\\jre\\bin\\javaw.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/5/2009 20:50 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [8/5/2009 20:50 20560]
R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [25/8/2009 21:51 10343168]
S2 kkdc;Kerberos Key Distribution Centers;c:\windows\lsass.exe -netsvcs --> c:\windows\lsass.exe -netsvcs [?]
S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [25/2/2009 21:29 42112]
S3 Neo_IP novo;VPN Client Device Driver - IP novo;c:\windows\system32\drivers\Neo_0030.sys [14/1/2009 12:38 15232]
S3 Neo_Markis;VPN Client Device Driver - Markis;c:\windows\system32\drivers\Neo_0044.sys [13/1/2009 00:30 15232]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 ntkvpn;Loki VPN Driver Service;c:\windows\system32\DRIVERS\ntkvpn.sys --> c:\windows\system32\DRIVERS\ntkvpn.sys [?]
S3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\Drivers\usb2vcom.sy s --> c:\windows\system32\Drivers\usb2vcom.sys [?]
S3 XDva186;XDva186;\??\c:\windows\system32\XDva186.sy s --> c:\windows\system32\XDva186.sys [?]
.
Conteúdo da pasta 'Tarefas Agendadas'

2009-10-20 c:\windows\Tasks\User_Feed_Synchronization-{9F677287-C4DD-4B40-B671-9BA0CDEBDCF3}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 07:31]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
uInternet Settings,ProxyOverride = local
IE: Download all by RedTube Grabber - c:\arquivos de programas\RedTubeGrabber\downall.htm
IE: Download by RedTube Grabber
IE: Download by YouTube Robot - c:\arquivos de programas\RedTubeGrabber\downlink.htm
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {91222ED5-03E2-40D4-9538-D5578AA47DAD} = 200.204.0.10 200.204.0.138
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Marcus\Dados de aplicativos\Mozilla\Firefox\Profiles\md715g1e.defa ult\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.
- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Run-Emurayden PSX Emulator - (no file)



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-20 21:23
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\n pggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\cscui.dll

- - - - - - - > 'explorer.exe'(2872)
c:\windows\system32\WININET.dll
c:\arquiv~1\WINDOW~2\wmpband.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
c:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
c:\combofix\CF15286.exe
c:\windows\system32\RUNDLL32.EXE
c:\combofix\PEV.cfxxe
.
************************************************** ************************
.
Tempo para conclusão: 2009-10-20 21:28 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-10-20 23:28

Pré-execução: 15 pasta(s) 91.604.058.112 bytes disponíveis
Pós execução: 19 pasta(s) 91.578.019.840 bytes disponíveis

- - End Of File - - 329B7AC5659F3BB7F65ABD1D5E64D749



Combo do Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:31:17, on 20/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\PowerISO\PWRISOVM.EXE
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp325.exe
C:\WINDOWS\vsnp325.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.d ll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Download all by RedTube Grabber - C:\Arquivos de programas\RedTubeGrabber\downall.htm
O8 - Extra context menu item: Download by YouTube Robot - C:\Arquivos de programas\RedTubeGrabber\downlink.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01...s/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{91222ED5-03E2-40D4-9538-D5578AA47DAD}: NameServer = 200.204.0.10 200.204.0.138
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Kerberos Key Distribution Centers (kkdc) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Arquivos de programas\WinPcap\rpcapd.exe (file missing)

--
End of file - 7762 bytes

__________________

Felipe_88

Dark Logan,
*Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo:
*Salve o arquivo no desktop como CFScript.txt
*Arraste o arquivo para o Combofix conforme ilustração abaixo:



*Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!!

*Ao final do procedimento, o programa será fechado automaticamente e será mostrado o relatório
*Cole o relatório criado em C:\combofix.txt e novo log do hijack

Ficamos no aguardo!

Dark Logan

Opa fiz como pedido e aqui está o log do combofix:

ComboFix 09-10-19.04 - Marcus 21/10/2009 12:52.5.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1551 [GMT -2:00]
Executando de: c:\documents and settings\Marcus\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Marcus\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 091020-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\windows\dsez5533.dat"
"c:\windows\lsass.exe"
"c:\windows\S2E66E3E2.tmp"
"c:\windows\system32\XDva186.sys"
"d:\fxdrv32.sys"
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
c:\windows\dsez5533.dat
c:\windows\Installer\255e6.msp
c:\windows\Installer\255fe.msp
c:\windows\Installer\25639.msp
c:\windows\Installer\2564d.msp
c:\windows\Installer\2564f.msp
c:\windows\Installer\25665.msp
c:\windows\Installer\2567b.msp
c:\windows\Installer\25691.msp
c:\windows\Installer\256a9.msp
c:\windows\Installer\256c1.msp
c:\windows\Installer\256d8.msp
c:\windows\Installer\256f3.msp
c:\windows\S2E66E3E2.tmp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FXDRV32
-------\Legacy_KKDC
-------\Legacy_XDVA186
-------\Service_FXDrv32
-------\Service_kkdc
-------\Service_XDva186

(((((((((((((((( Arquivos/Ficheiros criados de 2009-09-21 to 2009-10-21 ))))))))))))))))))))))))))))
.
Nenhum ficheiro/arquivo criado durante este período
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-10-21 10:29 . 2008-09-01 00:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help
2009-10-18 10:22 . 2001-10-28 12:07 94718 ----a-w- c:\windows\system32\perfc016.dat
2009-10-18 10:22 . 2001-10-28 12:07 504566 ----a-w- c:\windows\system32\perfh016.dat
2009-10-18 01:36 . 2008-08-30 20:40 -------- d-----w- c:\arquivos de programas\Common Files
2009-10-09 01:32 . 2008-08-31 15:29 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\uTorrent
2009-09-27 19:55 . 2008-12-22 22:02 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP
2009-09-22 22:54 . 2008-10-18 02:00 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\LimeWire
2009-09-11 19:51 . 2009-09-09 17:25 -------- d-----w- c:\arquivos de programas\MegaJogos
2009-09-11 14:19 . 2008-09-20 17:27 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 20:11 . 2008-08-31 03:53 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2009-09-04 21:04 . 2004-08-04 03:45 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:57 . 2004-08-04 03:45 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:01 . 2004-08-04 03:45 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 23:51 . 2009-08-25 23:51 -------- d-----w- c:\arquivos de programas\Arquivos comuns\snp325
2009-08-25 23:51 . 2008-08-30 20:55 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-08-24 21:48 . 2008-10-18 02:00 -------- d-----w- c:\arquivos de programas\LimeWire
2009-08-24 17:07 . 2008-09-22 22:40 -------- d-----w- c:\arquivos de programas\Java
2009-08-17 16:10 . 2009-05-08 22:50 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-05-08 22:50 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-05-08 22:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-05-08 22:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-05-08 22:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-05-08 22:50 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-05-08 22:50 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-05-08 22:50 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-05-08 22:50 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-05 09:00 . 2004-08-04 03:45 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:27 . 2008-09-20 17:27 2149376 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:27 . 2008-09-20 17:27 2028032 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-25 08:23 . 2009-01-05 12:33 411368 ----a-w- c:\windows\system32\deploytk.dll
.
------- Sigcheck -------
[-] 2008-04-14 . 9897C5DF7D7CD69EBCAD49B54BB49AF8 . 1426432 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 9897C5DF7D7CD69EBCAD49B54BB49AF8 . 1426432 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\system32\VITrans\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-10-20_23.23.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-21 14:57 . 2009-10-21 14:57 16384 c:\windows\Temp\Perflib_Perfdata_60c.dat
- 2009-10-20 23:10 . 2009-10-20 23:10 16384 c:\windows\Temp\Perflib_Perfdata_60c.dat
+ 2009-10-21 14:57 . 2009-10-21 14:57 16384 c:\windows\Temp\Perflib_Perfdata_4b4.dat
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-14 1695232]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-12 4608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-10-07 86016]
"PWRISOVM.EXE"="c:\arquivos de programas\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp. exe" [2009-08-17 81000]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"tsnp325"="c:\windows\tsnp325.exe" [2007-04-21 270336]
"snp325"="c:\windows\vsnp325.exe" [2007-05-09 835584]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-08-03 1826816]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-08-10 16384000]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Marcus\Menu Iniciar\Programas\Inicializar\
Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"<NO NAME>"= 0
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Arquivos de programas\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=
"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Arquivos de programas\\Persona\\Persona.exe"=
"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Arquivos de programas\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Arquivos de programas\\MegaJogos\\jre\\jre\\bin\\javaw.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/5/2009 20:50 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [8/5/2009 20:50 20560]
R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [25/8/2009 21:51 10343168]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [25/2/2009 21:29 42112]
S3 Neo_IP novo;VPN Client Device Driver - IP novo;c:\windows\system32\drivers\Neo_0030.sys [14/1/2009 12:38 15232]
S3 Neo_Markis;VPN Client Device Driver - Markis;c:\windows\system32\drivers\Neo_0044.sys [13/1/2009 00:30 15232]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 ntkvpn;Loki VPN Driver Service;c:\windows\system32\DRIVERS\ntkvpn.sys --> c:\windows\system32\DRIVERS\ntkvpn.sys [?]
S3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\Drivers\usb2vcom.sy s --> c:\windows\system32\Drivers\usb2vcom.sys [?]
.
Conteúdo da pasta 'Tarefas Agendadas'
2009-10-20 c:\windows\Tasks\User_Feed_Synchronization-{9F677287-C4DD-4B40-B671-9BA0CDEBDCF3}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 07:31]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
uInternet Settings,ProxyOverride = local
IE: Download all by RedTube Grabber - c:\arquivos de programas\RedTubeGrabber\downall.htm
IE: Download by RedTube Grabber
IE: Download by YouTube Robot - c:\arquivos de programas\RedTubeGrabber\downlink.htm
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Marcus\Dados de aplicativos\Mozilla\Firefox\Profiles\md715g1e.defa ult\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-21 12:58
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
************************************************** ************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\n pggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\cscui.dll
- - - - - - - > 'explorer.exe'(3696)
c:\windows\system32\WININET.dll
c:\arquiv~1\WINDOW~2\wmpband.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\combofix\CF11259.exe
c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
c:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\RUNDLL32.EXE
c:\combofix\PEV.cfxxe
.
************************************************** ************************
.
Tempo para conclusão: 2009-10-21 13:04 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-10-21 15:04
ComboFix2.txt 2009-10-20 23:28
Pré-execução: 17 pasta(s) 91.446.272.000 bytes disponíveis
Pós execução: 19 pasta(s) 91.457.556.480 bytes disponíveis
- - End Of File - - 21788AC1FF869FD85A9F31F99835F723


e aqui está o log do Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:19:02, on 21/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\PowerISO\PWRISOVM.EXE
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp325.exe
C:\WINDOWS\vsnp325.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.d ll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Download all by RedTube Grabber - C:\Arquivos de programas\RedTubeGrabber\downall.htm
O8 - Extra context menu item: Download by YouTube Robot - C:\Arquivos de programas\RedTubeGrabber\downlink.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01...s/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{91222ED5-03E2-40D4-9538-D5578AA47DAD}: NameServer = 200.204.0.10 200.204.0.138
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Arquivos de programas\WinPcap\rpcapd.exe (file missing)
--
End of file - 7630 bytes

__________________

Felipe_88

Dark Logan,

Ok, outros malwares foram removidos!

*Clique em [Iniciar] > [Executar] > digite: ComboFix /u
*Clique [OK]



*Delete a pasta C:\Qoobox e o arquivo C:\combofix.txt, se ainda existirem.
__________________________________________________ ___________


* Faça o download do Dr. Web CureIt:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe

* Reinicie o computador em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança);
* Caso não seja possível reiniciar o computador em Modo de segurança, faça o escaneamento no modo normal.
* Dê um duplo clique no ícone dele e clique em Iniciar. Aguarde o scan inicial das áreas vitais do sistema terminar;
* Caso encontre algo, clique em "Sim";
* Quando o scan rápido terminar, clique em Opções > Alterar Definições. Na aba Verificar desmarque a opção Análise Heurística e clique no botão Ok.
* Depois disto, marque a opção Verificação Completa e clique na seta verde;
*Clique sempre na opção "Sim" para a remoção dos problemas encontrados;
*Ao término, clique em "Arquivo" e salve o relatório no desktop (área de trabalho);
*O relatório terá extensão .csv
*Feche o DrWebCureIt e reinicie o PC;

* Vá na sua área de trabalho, abra este relatório, selecione-o inteiramente, copie-o e poste-o em sua próxima resposta juntamente com um novo log do Hijackthis e nos diga como está o seu PC depois destes procedimentos;



Ficamos no aguardo.