Depois de utilizar o Rd-Kill e o KiliBox em modo seguro, quando arranco em modo normal o rdriv.sys continua instalado no sistema. Também já o eleminei manualmente e eliminei augumas chaves do registo, mas em modo normal volta tudo ao mesmo. Agradeço a vossa ajuda. Aqui vai o meu ficheiro de log criado pelo HijacThis:

Logfile of HijackThis v1.99.1
Scan saved at 10:18:46, on 06-02-2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\Compaq\vcagent\vcagent.exe
C:\Program Files\SAV\DefWatch.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\compaq\hpdiags\hpdiags.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\system32\cba\pds.exe
C:\WINNT\System32\ismserv.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Exchsrvr\bin\srsmain.exe
C:\Program Files\Microsoft BackOffice\Connectivity\POP3 Connector\vmimb.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\Program Files\SAV\Rtvscan.exe
C:\WINNT\system32\ntfrs.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\snmptrap.exe
C:\SQLANY50\WIN32\dbsrv50.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wins.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\CPQNiMgt\cpqnimgt.exe
C:\WINNT\System32\CpqRcmc.exe
C:\WINNT\System32\CPQMgmt\CqMgServ\cqmgserv.exe
C:\WINNT\System32\CPQMgmt\CqMgStor\cqmgstor.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\modemshr.exe
C:\Program Files\Exchsrvr\bin\mad.exe
C:\Program Files\Microsoft Shared Fax\Bin\FXSSVC.exe
C:\WINNT\System32\sysdown.exe
C:\WINNT\System32\CPQMgmt\CqMgHost\cqmghost.exe
C:\WINNT\System32\CPQMgmt\cpqwmgmt.exe
C:\Program Files\Microsoft ISA Server\mspadmin.exe
C:\Program Files\Exchsrvr\bin\store.exe
C:\Program Files\Exchsrvr\bin\emsmta.exe
C:\Program Files\Microsoft ISA Server\w3proxy.exe
C:\Program Files\Microsoft ISA Server\W3Prefch.exe
C:\Program Files\Microsoft ISA Server\wspsrv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Atiptaxx.exe
C:\WINNT\system32\cpqteam.exe
C:\WINNT\system32\carpserv.exe
C:\PROGRA~1\SAV\vptray.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = BERALTSRV:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [CPQTEAM] cpqteam.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SAV\vptray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126604473000
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = beraltportugal.pt
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DD7B2FC-6E79-450F-A4FB-56AA84D50501}: NameServer = 192.168.1.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{66D7565D-92E5-4E0B-A985-E076BDB2AAB3}: NameServer = 194.65.100.117 194.65.5.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = beraltportugal.pt
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = beraltportugal.pt
O18 - Protocol: hpapp - {24F45006-5BD9-41B7-9BD9-5F8921C8EBD1} - C:\Program Files\Compaq\Cpqacuxe\Bin\hpapp.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\\NavLogon.dll
O23 - Service: HP Insight NIC Agent (CpqNicMgmt) - Hewlett-Packard Company - C:\WINNT\System32\CPQNiMgt\cpqnimgt.exe
O23 - Service: Compaq Remote Monitor Service (CpqRcmc) - Compaq - C:\WINNT\System32\CpqRcmc.exe
O23 - Service: HP Version Control Agent (cpqvcagent) - Hewlett-Packard Company - C:\Compaq\vcagent\vcagent.exe
O23 - Service: HP Insight Web Agent (CpqWebMgmt) - HP Corporation - C:\WINNT\System32\CPQMgmt\cpqwmgmt.exe
O23 - Service: HP Insight Foundation Agent (CqMgHost) - Hewlett-Packard Company - C:\WINNT\System32\CPQMgmt\CqMgHost\cqmghost.exe
O23 - Service: HP Insight Server Agents (CqMgServ) - Hewlett-Packard Company - C:\WINNT\System32\CPQMgmt\CqMgServ\cqmgserv.exe
O23 - Service: HP Insight Storage Agents (CqMgStor) - Hewlett-Packard Company - C:\WINNT\System32\CPQMgmt\CqMgStor\cqmgstor.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\SAV\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Microsoft H.323 Gatekeeper (GKSVC) - Unknown owner - svchost.exe (file missing)
O23 - Service: HP Insight Diagnostics (hpdiags) - Unknown owner - C:\compaq\hpdiags\hpdiags.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINNT\system32\cba\pds.exe
O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINNT\MSmedia.exe
O23 - Service: Microsoft Connector for POP3 Mailboxes (MSPOP3Connector) - Unknown owner - C:\Program Files\Microsoft BackOffice\Connectivity\POP3 Connector\vmimb.exe" /SERVICE (file missing)
O23 - Service: Symantec AntiVirus Server (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\SAV\Rtvscan.exe
O23 - Service: SQL Anywhere - SERVIDOR (SQLANYs_SERVIDOR) - Unknown owner - C:\SQLANY50\WIN32\dbsrv50.exe
O23 - Service: HP ProLiant System Shutdown Service (sysdown) - Compaq Computer Corporation - C:\WINNT\System32\sysdown.exe

Hola te doy la bienvenida al foro, no te olvides de pasar por WindowsUpdate para tener actualizado el sistema ya que tienes el navegador muy desactualizado, luego sigue estos pasos:

1.- Apaga el "Restaurar Sistema"

a) Ir a INICIO > EJECUTAR > y ahi pones Services.msc y le das OK
b) En el listado que aparece de los servicios de Windows tienes que buscar MicroSoft Media Tools
c) Click en "MicroSoft Media Tools " y en el panel de la izquierda presiona "STOP"
d) Click con el botón derecho del mouse, te vas a "Propiedades" y le pones Disabled
e) Ejecuta HijackThis y vas a Config -> Misc Tools -> Delete an NT service.
f) En la pantalla de eliminar pones: MicroSoft Media Tools y OK
g) vas a Inicio > Ejecutar > y ahi pones sc delete MicroSoft Media Tools y OK.

2.- Descarga el programa Rd-Kill.zip, pero aun no lo ejecutes.

3.- Con todos los programas cerrados ejecuta el HijackThis y dale a esta entrada:

O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINNT\MSmedia.exe

4.- Sin reiniciar con el programa "KillBox" elimina este archivo:

C:\WINNT\MSmedia.exe

5.- Ejecuta Rd-Kill.exe

6.- Usa el Disk Cleaner para limpiar cookies y temporales y RegSeeker para limpiar el registro de Windows.

7.- Reinicia la máquina y nos cuentas los resultados.

Saludos

OK GPastor!!!!!!!
A vossa sugestão resultou.
Obrigado pela ajuda.
Um abraço.