sorry pelo double 
Passei o antivirus e nao detecto NADA. A restauração doi sistema ta desativada olha o log do hijack this agora: Logfile of HijackThis v1.99.1 Scan saved at 14:55:23, on 11/9/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\SOUNDMAN.EXE C:\Arquivos de programas\Eset\nod32kui.exe C:\Arquivos de programas\DU Meter\DUMeter.exe C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\GizmoPlugin\GizmoPlugin.exe C:\Arquivos de programas\Eset\nod32krn.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\WinRAR\WinRAR.exe C:\DOCUME~1\Cristian\CONFIG~1\Temp\Rar$EX00.797\HijackThis.exe C:\Arquivos de programas\MSN Messenger\usnsvc.exe C:\Arquivos de programas\DAEMON Tools SearchBar\Search.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\Arquivos de programas\DAEMON Tools SearchBar\search.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [DU Meter] C:\Arquivos de programas\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WhenUSearch] "C:\Arquivos de programas\DAEMON Tools SearchBar\Search.exe" O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4DBCA54B-CE0A-46AD-8AA8-849A2197350F}: NameServer = 201.10.1.2,201.120.1.3 O17 - HKLM\System\CS1\Services\Tcpip\..\{4DBCA54B-CE0A-46AD-8AA8-849A2197350F}: NameServer = 201.10.1.2,201.120.1.3 O17 - HKLM\System\CS2\Services\Tcpip\..\{4DBCA54B-CE0A-46AD-8AA8-849A2197350F}: NameServer = 201.10.1.2,201.120.1.3 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O21 - SSODL: msmhost - {A1C9356B-DA58-404B-AE68-B6A7AD34F236} - C:\WINDOWS\msmhost.dll O21 - SSODL: msmdev - {857AA683-725A-423C-9956-6A31DEB74DA6} - C:\WINDOWS\msmdev.dll O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Arquivos de programas\GizmoPlugin\GizmoPlugin.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
Passei o antivirus e nao detecto NADA. A restauração doi sistema ta desativada olha o log do hijack this agora: Logfile of HijackThis v1.99.1 Scan saved at 14:55:23, on 11/9/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\SOUNDMAN.EXE C:\Arquivos de programas\Eset\nod32kui.exe C:\Arquivos de programas\DU Meter\DUMeter.exe C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\GizmoPlugin\GizmoPlugin.exe C:\Arquivos de programas\Eset\nod32krn.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\WinRAR\WinRAR.exe C:\DOCUME~1\Cristian\CONFIG~1\Temp\Rar$EX00.797\HijackThis.exe C:\Arquivos de programas\MSN Messenger\usnsvc.exe C:\Arquivos de programas\DAEMON Tools SearchBar\Search.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\Arquivos de programas\DAEMON Tools SearchBar\search.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [DU Meter] C:\Arquivos de programas\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WhenUSearch] "C:\Arquivos de programas\DAEMON Tools SearchBar\Search.exe" O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4DBCA54B-CE0A-46AD-8AA8-849A2197350F}: NameServer = 201.10.1.2,201.120.1.3 O17 - HKLM\System\CS1\Services\Tcpip\..\{4DBCA54B-CE0A-46AD-8AA8-849A2197350F}: NameServer = 201.10.1.2,201.120.1.3 O17 - HKLM\System\CS2\Services\Tcpip\..\{4DBCA54B-CE0A-46AD-8AA8-849A2197350F}: NameServer = 201.10.1.2,201.120.1.3 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O21 - SSODL: msmhost - {A1C9356B-DA58-404B-AE68-B6A7AD34F236} - C:\WINDOWS\msmhost.dll O21 - SSODL: msmdev - {857AA683-725A-423C-9956-6A31DEB74DA6} - C:\WINDOWS\msmdev.dll O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Arquivos de programas\GizmoPlugin\GizmoPlugin.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
), tens é que ter cuidado. Nunca é demais fazer um scan (com um bom antivírus, obviamente) aos ficheiros que sacas.