Remoção de vírus

Acho que estou com vírus!

Fala pessoal, blz?
Bom, esse problema me atormenta a muito tempo, as vezes some e aparece do nada. Ele infecta qualquer navegador que tente acessar a pagina do google e não permite fazer pesquisas!
Eu já passei o kaspersky 10 (pago) e o Malware Bytes mas não adianta, eles não detectam nada de errado.
Vejam o que aparece quando entro na pagina do google:

zTxFd.jpg


Se eu tento acessar alguma outra coisa da pagina, as vezes aparece "NOT FOUND" e alguma coisa sobre APACHE 2.5.2.00 sei la...
O que pode ser? Só sai formatando?

Vlw
 
Mr.Wolf disse:
Didjo, o arquivo que o Avast está notificando por acaso é um dos dois a seguir: un.exe ou unrar.dll?

Acesse o VirusTotal e cole os caminhos abaixo na busca, um por vez. Depois clique no botão Send file.


Aguarde o scan do primeiro terminar e posteriormente submeta o próximo.

Ao término, vá para a página do resultado, copie as URLs e cole-as em sua próxima resposta, por favor.
Clique para expandir...

Não me lembro, pois conforme expliquei passei o anti-vírus nessa pasta e ele acusou dois vírus, feito isso, exclui eles.

Assim que mandar edito esse post.

Edit:

Aqui estão as URLs que pediu:

http://www.virustotal.com/file-scan...ed8b995b6cb779a87f1aaed6967141477f-1322772964

http://www.virustotal.com/file-scan...888c949dc57244f677747bd8d046866e84-1322772881
 
Última edição:
Esledinho, não sei se é o seu caso, mas já deu uma olhada nesta notícia: Servidores DNS da Oi e GVT são envenenados | Guia do PC. Segundo esta matéria os servidores de DNS da OI e da GVT foram envenenados.

Você disse que já efetuou scan com o MBAM e o Kaspersky e ambos não detectaram nada. Mas já tentou talvez alterar a senha do modem ou utilizar o OpenDNS ou o Google Public DNS para ver se o problema persiste?


Didjo, são malwares mesmo. Siga o procedimento do spoiler abaixo.

- Faça o download do OTM e salve no desktop;

- Execute o OTM.exe como administrador;
- Selecione e copie todo este conteúdo aqui abaixo:

Código: 
:Processes
explorer.exe

:Files
C:\Users\Giovane\e540e9fe089\un.exe
C:\Users\Giovane\e540e9fe089\unrar.dll 
C:\Users\Giovane\e540e9fe089
C:\Users\Giovane\e540e9fe089

:Commands 
[purity]
[emptytemp]
[start explorer]
[Reboot]
- Cole o que você copiou no programa no lado em branco esquerdo do painel “Paste Instructions for Items to be Moved”
- Clique no botão MoveIt;
- Se aparecer uma mensagem para reiniciar o computador, reinicie-o;
- Na sua proxima resposta, copie e cole o todo o conteúdo que está em Results;
- Se o computador reiniciou, vá na pasta C:\_OTM\MovedFiles e abra o arquivo com a extensão .log presente dentro da pasta.

Cole este log em sua próxima resposta, juntamente com um novo log do OTL (conforme o primeiro post do tópico).
 
Aqui está o .log do OTM e os arquivos .txt do OTL:

OTM:
Código: 
All processes killed
Error: Unable to interpret <:Processes explorer.exe :Files C:\Users\Giovane\e540e9fe089\un.exe C:\Users\Giovane\e540e9fe089\unrar.dll C:\Users\Giovane\e540e9fe089 C:\Users\Giovane\e540e9fe089 :Commands [purity] [emptytemp] [start explorer] [Reboot]> in the current context!
Error: Unable to interpret <Leia mais: http://adrenaline.uol.com.br/forum/area-windows/207948-remocao-de-virus-343.html#ixzz1fJxshtZv> in the current context!
 
OTM by OldTimer - Version 3.1.19.0 log created on 12012011_193204

OTL:
Código: 
OTL logfile created on: 01/12/2011 20:06:51 - Run 5
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Giovane\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
4,00 Gb Total Physical Memory | 2,71 Gb Available Physical Memory | 67,67% Memory free
7,99 Gb Paging File | 6,62 Gb Available in Paging File | 82,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 602,38 Gb Free Space | 64,67% Space Free | Partition Type: NTFS
 
Computer Name: GIOVANE-PC | User Name: Giovane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011/12/01 17:08:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Giovane\Desktop\OTL.exe
PRC - [2011/11/28 16:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 16:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/11/22 13:45:45 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/11/08 01:51:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/11/07 18:53:32 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/10/22 11:57:28 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2011/11/28 16:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:[b]64bit:[/b] - [2009/07/13 23:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/11/22 13:45:45 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/11/08 01:51:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/11/07 18:53:32 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/10/13 11:58:19 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/01 19:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 19:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2011/11/28 15:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:[b]64bit:[/b] - [2011/11/28 15:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:[b]64bit:[/b] - [2011/11/28 15:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:[b]64bit:[/b] - [2011/11/28 15:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:[b]64bit:[/b] - [2011/11/28 15:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:[b]64bit:[/b] - [2011/11/28 15:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:[b]64bit:[/b] - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:[b]64bit:[/b] - [2011/07/07 21:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2011/03/11 04:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/11 04:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010/11/20 11:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/20 09:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/11/20 09:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2010/11/09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:[b]64bit:[/b] - [2010/01/27 00:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:[b]64bit:[/b] - [2010/01/05 20:23:18 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:[b]64bit:[/b] - [2009/08/21 06:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:[b]64bit:[/b] - [2009/07/16 12:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:[b]64bit:[/b] - [2009/07/13 23:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/13 23:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/13 23:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/07/13 22:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:[b]64bit:[/b] - [2009/06/20 00:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:[b]64bit:[/b] - [2009/06/10 18:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 18:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 18:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 18:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2008/08/07 03:08:46 | 001,077,760 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AGUx64.sys -- (A5AGU)
DRV - [2009/07/13 23:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/anyvideo2dvd/{0D029657-07DA-4BAE-9D77-64B20E8FC39C}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-336372419-174131893-1597346273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-336372419-174131893-1597346273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-336372419-174131893-1597346273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/anyvideo2dvd/{0D029657-07DA-4BAE-9D77-64B20E8FC39C}
IE - HKU\S-1-5-21-336372419-174131893-1597346273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-336372419-174131893-1597346273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
IE - HKU\S-1-5-21-336372419-174131893-1597346273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E3 9A 07 96 2D 4D CC 01  [binary data]
IE - HKU\S-1-5-21-336372419-174131893-1597346273-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-336372419-174131893-1597346273-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..network.proxy.backup.ftp: "109.188.171.198:3128"
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: "109.188.171.198:3128"
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: "109.188.171.198:3128"
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "46.47.200.106"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "46.47.200.106"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "46.47.200.106"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "46.47.200.106"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/01 09:37:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/26 00:11:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/11/26 00:11:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Giovane\AppData\Roaming\mozilla\Extensions
[2011/11/26 00:11:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/11/21 02:42:52 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/20 23:34:27 | 000,001,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\buscape.xml
[2011/11/20 23:34:27 | 000,001,212 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mercadolivre.xml
[2011/11/20 23:15:19 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2011/11/20 23:34:27 | 000,001,168 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-br.xml
[2011/11/20 23:34:27 | 000,000,952 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-br.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Adblock Plus for Google Chrome\u2122 (Beta) = C:\Users\Giovane\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.1.4_0\
CHR - Extension: Classic = C:\Users\Giovane\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1_0\
 
O1 HOSTS File: ([2009/06/10 19:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:[b]64bit:[/b] - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:[b]64bit:[/b] - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:[b]64bit:[/b] - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-336372419-174131893-1597346273-1000..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-336372419-174131893-1597346273-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-336372419-174131893-1597346273-1012..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-336372419-174131893-1597346273-1012..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-336372419-174131893-1597346273-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:[b]64bit:[/b] - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Arquivos de Programas\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1226753E-7691-4904-8C66-A65697346F8C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF856659-BA9D-44D2-A2A7-6544B3E6494F}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/14 14:31:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011/12/01 19:32:04 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/12/01 19:25:08 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Users\Giovane\Desktop\OTM.exe
[2011/12/01 17:08:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Giovane\Desktop\OTL.exe
[2011/12/01 15:08:55 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{5C5352F1-1456-4E0B-950F-4FE96784E2E5}
[2011/12/01 15:08:43 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{89755709-94FD-417D-8FC8-CB19789EF784}
[2011/11/30 12:51:41 | 000,000,000 | ---D | C] -- C:\Users\Giovane\e540e9fe089
[2011/11/29 13:35:53 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\Microsoft Games
[2011/11/28 17:14:05 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{F129B1AD-E9B0-4096-AB17-D9088604B090}
[2011/11/28 17:13:52 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{D7D884A5-5F1D-402E-8B09-8C0C9BA9C38C}
[2011/11/28 13:08:15 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Roaming\Leadertech
[2011/11/26 17:12:30 | 000,000,000 | ---D | C] -- C:\Users\Giovane\Documents\DeadIsland
[2011/11/26 00:11:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/11/24 19:37:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/11/24 19:37:39 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/11/24 19:37:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/11/24 19:37:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/11/24 19:37:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/11/21 19:26:34 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mirillis
[2011/11/21 19:26:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mirillis
[2011/11/21 14:41:09 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Roaming\Mirillis
[2011/11/21 14:41:09 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\Mirillis
[2011/11/21 14:41:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Mirillis
[2011/11/21 14:28:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2011/11/21 05:33:01 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{BED4497C-36FF-4255-8889-7738B26B3FF4}
[2011/11/21 05:32:49 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{91C9FA7E-EEB8-4B25-9C5A-12E949AD9184}
[2011/11/20 21:15:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2011/11/20 21:14:11 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Roaming\uTorrent
[2011/11/20 21:14:11 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\uTorrent
[2011/11/20 12:53:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/20 12:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/20 12:53:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/15 22:55:51 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{A08E973A-2183-4099-8E57-493E94EE4BFF}
[2011/11/15 22:55:40 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{D061F71C-810A-4D4D-AFA3-EAD6F476C184}
[2011/11/15 21:38:18 | 000,000,000 | ---D | C] -- C:\Users\Giovane\Documents\FIFA 12
[2011/11/15 19:09:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/11/15 10:55:13 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{26047BC6-05EF-40F1-A3F9-CD60EF082866}
[2011/11/15 10:54:54 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{EC70842A-D3AA-47F1-9622-6AECC097C2C2}
[2011/11/10 16:47:52 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{0BFF62C7-9FDB-4622-8100-773F9938124D}
[2011/11/10 16:47:41 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{BB55AC23-4641-410C-B99D-DD55C15F245E}
[2011/11/10 14:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/11/10 14:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/11/10 14:32:55 | 010,406,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2011/11/10 14:32:55 | 005,067,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2011/11/10 14:32:55 | 003,074,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2011/11/10 14:32:55 | 000,837,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll
[2011/11/10 14:32:55 | 000,222,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2011/11/10 14:32:55 | 000,137,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2011/11/10 14:30:55 | 001,452,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420102.dll
[2011/11/10 14:30:55 | 000,174,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2011/11/10 14:30:55 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2011/11/10 14:30:54 | 024,796,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011/11/10 14:30:54 | 024,742,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011/11/10 14:30:54 | 018,871,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011/11/10 14:30:54 | 017,248,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011/11/10 14:30:54 | 015,693,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2011/11/10 14:30:54 | 013,205,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2011/11/10 14:30:54 | 008,792,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2011/11/10 14:30:54 | 007,581,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011/11/10 14:30:54 | 007,042,880 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2011/11/10 14:30:54 | 005,578,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011/11/10 14:30:54 | 002,808,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2011/11/10 14:30:54 | 002,542,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011/11/10 14:30:54 | 002,458,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2011/11/10 14:30:54 | 002,401,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011/11/10 14:30:54 | 002,232,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011/11/10 14:30:54 | 002,099,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2011/11/10 14:30:54 | 001,543,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2011/11/10 14:30:54 | 001,454,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2011/11/10 14:30:54 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/11/10 14:30:54 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/11/10 14:28:15 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/11/10 14:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phyxion.net
[2011/11/10 14:22:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Phyxion.net
[2011/11/10 14:16:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/11/09 16:50:30 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{AC4BE11B-BA08-4514-B4AA-5506980E07C9}
[2011/11/09 16:50:17 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{9925BD94-E016-4753-9B0D-432C129486FC}
[2011/11/08 21:49:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2011/11/08 21:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 12
[2011/11/08 20:24:40 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{E2692993-B40B-4CC8-A7F5-D17B33DEE50C}
[2011/11/08 20:24:28 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{F99C1847-CC0C-463B-BED2-376F6A02DD7B}
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/12/01 20:03:58 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/01 20:02:03 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/01 19:40:39 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/01 19:40:39 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/01 19:33:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/01 19:33:08 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/01 19:25:12 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Users\Giovane\Desktop\OTM.exe
[2011/12/01 17:08:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Giovane\Desktop\OTL.exe
[2011/12/01 09:37:17 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/11/29 13:36:49 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/11/29 13:36:49 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/11/28 16:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 16:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/11/28 16:01:14 | 000,256,960 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/11/28 15:54:06 | 000,591,192 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/11/28 15:53:58 | 000,304,472 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/11/28 15:52:22 | 000,042,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/11/28 15:52:20 | 000,058,712 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/11/28 15:52:11 | 000,066,904 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/11/28 15:51:53 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/11/26 12:43:14 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/11/26 00:11:03 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/24 19:37:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/11/24 19:37:30 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/11/24 19:37:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/11/24 19:37:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/11/23 16:37:44 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/11/22 13:46:21 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011/11/22 13:45:45 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/11/21 19:26:35 | 000,002,209 | ---- | M] () -- C:\Users\Giovane\Desktop\Splash PRO.lnk
[2011/11/20 21:15:44 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/11/20 12:53:18 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/15 19:09:10 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/10 14:22:48 | 000,001,233 | ---- | M] () -- C:\Users\Public\Desktop\Driver Sweeper.lnk
[2011/11/10 14:00:23 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2011/11/09 19:10:10 | 000,414,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/08 21:30:02 | 000,001,234 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 12.lnk
[2011/11/08 01:51:00 | 024,796,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011/11/08 01:51:00 | 024,742,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011/11/08 01:51:00 | 018,871,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011/11/08 01:51:00 | 017,248,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011/11/08 01:51:00 | 015,693,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2011/11/08 01:51:00 | 013,205,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2011/11/08 01:51:00 | 010,406,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2011/11/08 01:51:00 | 008,792,384 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2011/11/08 01:51:00 | 007,581,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011/11/08 01:51:00 | 007,042,880 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2011/11/08 01:51:00 | 005,578,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011/11/08 01:51:00 | 005,067,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2011/11/08 01:51:00 | 003,074,368 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2011/11/08 01:51:00 | 002,808,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2011/11/08 01:51:00 | 002,542,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011/11/08 01:51:00 | 002,458,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2011/11/08 01:51:00 | 002,401,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011/11/08 01:51:00 | 002,232,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011/11/08 01:51:00 | 002,099,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2011/11/08 01:51:00 | 001,543,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2011/11/08 01:51:00 | 001,454,400 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2011/11/08 01:51:00 | 000,837,952 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll
[2011/11/08 01:51:00 | 000,222,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2011/11/08 01:51:00 | 000,137,536 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2011/11/08 01:51:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/11/08 01:51:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/11/08 01:51:00 | 000,007,384 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2011/11/07 18:53:44 | 000,321,856 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/11/06 12:20:03 | 001,524,858 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/06 12:20:03 | 000,666,510 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2011/11/06 12:20:03 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/06 12:20:03 | 000,128,740 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2011/11/06 12:20:03 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/11/26 00:11:03 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/26 00:11:03 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/22 13:46:21 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011/11/21 19:26:35 | 000,002,209 | ---- | C] () -- C:\Users\Giovane\Desktop\Splash PRO.lnk
[2011/11/20 21:15:44 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/11/20 12:53:18 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/10 14:22:48 | 000,001,233 | ---- | C] () -- C:\Users\Public\Desktop\Driver Sweeper.lnk
[2011/11/08 21:30:02 | 000,001,234 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 12.lnk
[2011/11/07 18:53:44 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/10/23 21:11:51 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
[2011/10/03 21:33:13 | 001,533,836 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/12 15:37:48 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/07/07 23:31:09 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/07/07 23:31:02 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/07/06 17:38:02 | 000,674,600 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/05/14 14:01:08 | 000,000,000 | ---- | C] () -- C:\Users\Giovane\AppData\Local\{5DF2AEB5-3646-4324-B994-5E2E6EEF8227}
[2011/05/04 22:42:53 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/05/04 22:42:53 | 000,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/05/01 19:25:29 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011/04/09 19:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/01/27 00:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/07/14 03:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 00:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 22:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 21:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 19:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 19:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011/08/02 18:56:13 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\Ashampoo
[2011/10/15 21:12:10 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\Bioshock
[2011/10/03 23:51:25 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\DAEMON Tools Lite
[2011/11/28 13:08:15 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\Leadertech
[2011/09/10 18:40:06 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\MAXON
[2011/11/21 19:27:26 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\Mirillis
[2011/10/19 14:35:04 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\Origin
[2011/09/15 15:01:55 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\Rovio
[2011/07/08 12:39:53 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\The Creative Assembly
[2011/07/28 01:23:06 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\TS3Client
[2011/07/12 12:09:12 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\Ubisoft
[2011/11/30 22:56:02 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\uTorrent
[2011/10/23 21:13:34 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\VDownloader
[2011/11/15 19:05:46 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >

Não sei porque não apareceu mais aqueles Extras.Txt no OTL, quando acaba de escanear só mostra o OTL.Txt.
 
Mr. Wolf muito obrigado pela dica! Foi como dito na reportagem, após algumas horas o virus para de atacar.
Bom, por acidente, na primeira vez em que apareceu eu acabei clicando dele e ele executou! Será que corro algum risco de estar sendo monitorado?
Devo formatar o PC?
 
Didjo, após o segundo/terceiro scan com o OTL ele não abre mais o Extras.txt automaticamente mesmo. Ele fica armazenado na pasta da ferramenta em C:\_OTL.

Siga o spoiler abaixo.

- Faça o download do Avenger e salve-o no desktop.

- Extraia o conteúdo do zip para o desktop.
- Selecione e copie o texto aqui abaixo dentro do QUOTE. Feche todos os programas abertos.

Files to delete:
C:\Users\Giovane\e540e9fe089\un.exe
C:\Users\Giovane\e540e9fe089\unrar.dll

Folders to delete:
C:\Users\Giovane\e540e9fe089
Clique para expandir...
- Clique com o direito no ícone do Avenger e escolha "Executar como administrador".
- Clique no menu Load Script > Paste from Clipboard.

OBS: Se após colar o script aparecer um texto "Leia mais" no final do script, apague-o! Pois é um recurso do fórum.

- Clique no botão Execute > Yes > OK.
- Seu computador será reiniciado.
- Será gerado um log em C:\avenger.txt

Cole este log em sua próxima resposta, juntamente com um novo OTL.txt.
pauloeduardo15, agora abra o DVD e mova os arquivos para o computador. É o único jeito!


Esledinho, formatar é precipitação, na minha opinião. É possível que algum malware tenha contaminado sua máquina, sim. Se quiser que eu dê uma olhada no estado do seu sistema peço que poste um log do OTL aqui, conforme descrito no primeiro post do tópico.

De qualquer maneira, chegou a alterar a senha do modem ou substituir o DNS para ver se o problema continua ainda assim?
 
Mr.Wolf disse:
Didjo, após o segundo/terceiro scan com o OTL ele não abre mais o Extras.txt automaticamente mesmo. Ele fica armazenado na pasta da ferramenta em C:\_OTL.

Siga o spoiler abaixo.

- Faça o download do Avenger e salve-o no desktop.

- Extraia o conteúdo do zip para o desktop.
- Selecione e copie o texto aqui abaixo dentro do QUOTE. Feche todos os programas abertos.


- Clique com o direito no ícone do Avenger e escolha "Executar como administrador".
- Clique no menu Load Script > Paste from Clipboard.

OBS: Se após colar o script aparecer um texto "Leia mais" no final do script, apague-o! Pois é um recurso do fórum.

- Clique no botão Execute > Yes > OK.
- Seu computador será reiniciado.
- Será gerado um log em C:\avenger.txt

Cole este log em sua próxima resposta, juntamente com um novo OTL.txt.
Clique para expandir...

Mr.Wolf, procurei C:\_OTL e C:\avenger.txt e não achei nada, segue a screen:

screenkko.jpg
 
Esledinho disse:
Fala pessoal, blz?
Bom, esse problema me atormenta a muito tempo, as vezes some e aparece do nada. Ele infecta qualquer navegador que tente acessar a pagina do google e não permite fazer pesquisas!
Eu já passei o kaspersky 10 (pago) e o Malware Bytes mas não adianta, eles não detectam nada de errado.
Vejam o que aparece quando entro na pagina do google:

Se eu tento acessar alguma outra coisa da pagina, as vezes aparece "NOT FOUND" e alguma coisa sobre APACHE 2.5.2.00 sei la...
O que pode ser? Só sai formatando?

Vlw
Clique para expandir...

Eu já passei por isso algumas vezes um tempo atrás... Quando estava navegando a intenet com o modem D-link 500-B, do nada, percebia que as luzes do modem se apagavam e reiniciava o modem. Depois disso, acontecia dois erros.

1) Quando tentava acessar a net, dava essa mensagem pedindo atualização.
2) Era direcionado para algum site.

Depois de tanta investigação, percebi que, quando tentava entrar na configuração do modem, a senha não pegava. Tive que reiniciar o modem, através do pino que fica atrás, acessar novamente com a senha padrão, remover as configurações e refazê-las. Só assim voltava ao normal. Cheguei a pensar até que fosse problema no modem.

Realmente faz sentido esse problema do DNS postado pelo Mr. Wolf.
 
Mr.Wolf disse:
Didjo, muito estranho isso!

Mas poste um log do OTL só para eu ver uma coisa.
Clique para expandir...

Aqui está:

Código: 
OTL logfile created on: 02/12/2011 18:00:52 - Run 6
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Giovane\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
4,00 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 68,99% Memory free
7,99 Gb Paging File | 6,70 Gb Available in Paging File | 83,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 601,82 Gb Free Space | 64,61% Space Free | Partition Type: NTFS
 
Computer Name: GIOVANE-PC | User Name: Giovane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011/12/01 17:08:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Giovane\Desktop\OTL.exe
PRC - [2011/11/28 16:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 16:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/11/22 13:45:45 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/11/08 01:51:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/11/07 18:53:32 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/10/22 11:57:28 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2011/11/28 16:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:[b]64bit:[/b] - [2009/07/13 23:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/11/22 13:45:45 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/11/08 01:51:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/11/07 18:53:32 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/10/13 11:58:19 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/01 19:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 19:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2011/11/28 15:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:[b]64bit:[/b] - [2011/11/28 15:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:[b]64bit:[/b] - [2011/11/28 15:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:[b]64bit:[/b] - [2011/11/28 15:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:[b]64bit:[/b] - [2011/11/28 15:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:[b]64bit:[/b] - [2011/11/28 15:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:[b]64bit:[/b] - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:[b]64bit:[/b] - [2011/07/07 21:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2011/03/11 04:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/11 04:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010/11/20 11:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/20 09:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/11/20 09:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2010/11/09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:[b]64bit:[/b] - [2010/01/27 00:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:[b]64bit:[/b] - [2010/01/05 20:23:18 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:[b]64bit:[/b] - [2009/08/21 06:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:[b]64bit:[/b] - [2009/07/16 12:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:[b]64bit:[/b] - [2009/07/13 23:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/13 23:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/13 23:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/07/13 22:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:[b]64bit:[/b] - [2009/06/20 00:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:[b]64bit:[/b] - [2009/06/10 18:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 18:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 18:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 18:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2008/08/07 03:08:46 | 001,077,760 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AGUx64.sys -- (A5AGU)
DRV - [2011/12/02 17:56:33 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\jgjgo.sys -- (rgyezn)
DRV - [2009/07/13 23:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/anyvideo2dvd/{0D029657-07DA-4BAE-9D77-64B20E8FC39C}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-336372419-174131893-1597346273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-336372419-174131893-1597346273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-336372419-174131893-1597346273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/anyvideo2dvd/{0D029657-07DA-4BAE-9D77-64B20E8FC39C}
IE - HKU\S-1-5-21-336372419-174131893-1597346273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-336372419-174131893-1597346273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
IE - HKU\S-1-5-21-336372419-174131893-1597346273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E3 9A 07 96 2D 4D CC 01  [binary data]
IE - HKU\S-1-5-21-336372419-174131893-1597346273-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-336372419-174131893-1597346273-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..network.proxy.backup.ftp: "109.188.171.198:3128"
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: "109.188.171.198:3128"
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: "109.188.171.198:3128"
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "46.47.200.106"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "46.47.200.106"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "46.47.200.106"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "46.47.200.106"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/01 09:37:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/26 00:11:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/11/26 00:11:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Giovane\AppData\Roaming\mozilla\Extensions
[2011/11/26 00:11:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/11/21 02:42:52 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/20 23:34:27 | 000,001,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\buscape.xml
[2011/11/20 23:34:27 | 000,001,212 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mercadolivre.xml
[2011/11/20 23:15:19 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2011/11/20 23:34:27 | 000,001,168 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-br.xml
[2011/11/20 23:34:27 | 000,000,952 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-br.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Adblock Plus for Google Chrome\u2122 (Beta) = C:\Users\Giovane\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.1.4_0\
CHR - Extension: Classic = C:\Users\Giovane\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1_0\
 
O1 HOSTS File: ([2009/06/10 19:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:[b]64bit:[/b] - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:[b]64bit:[/b] - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:[b]64bit:[/b] - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-336372419-174131893-1597346273-1000..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-336372419-174131893-1597346273-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-336372419-174131893-1597346273-1012..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-336372419-174131893-1597346273-1012..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-336372419-174131893-1597346273-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:[b]64bit:[/b] - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Arquivos de Programas\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1226753E-7691-4904-8C66-A65697346F8C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF856659-BA9D-44D2-A2A7-6544B3E6494F}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/14 14:31:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011/12/01 19:32:04 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/12/01 19:25:08 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Users\Giovane\Desktop\OTM.exe
[2011/12/01 17:08:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Giovane\Desktop\OTL.exe
[2011/12/01 15:08:55 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{5C5352F1-1456-4E0B-950F-4FE96784E2E5}
[2011/12/01 15:08:43 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{89755709-94FD-417D-8FC8-CB19789EF784}
[2011/11/30 12:51:41 | 000,000,000 | ---D | C] -- C:\Users\Giovane\e540e9fe089
[2011/11/29 13:35:53 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\Microsoft Games
[2011/11/28 17:14:05 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{F129B1AD-E9B0-4096-AB17-D9088604B090}
[2011/11/28 17:13:52 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{D7D884A5-5F1D-402E-8B09-8C0C9BA9C38C}
[2011/11/28 13:08:15 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Roaming\Leadertech
[2011/11/26 17:12:30 | 000,000,000 | ---D | C] -- C:\Users\Giovane\Documents\DeadIsland
[2011/11/26 00:11:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/11/24 19:37:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/11/24 19:37:39 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/11/24 19:37:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/11/24 19:37:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/11/24 19:37:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/11/21 19:26:34 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mirillis
[2011/11/21 19:26:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mirillis
[2011/11/21 14:41:09 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Roaming\Mirillis
[2011/11/21 14:41:09 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\Mirillis
[2011/11/21 14:41:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Mirillis
[2011/11/21 14:28:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2011/11/21 05:33:01 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{BED4497C-36FF-4255-8889-7738B26B3FF4}
[2011/11/21 05:32:49 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{91C9FA7E-EEB8-4B25-9C5A-12E949AD9184}
[2011/11/20 21:15:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2011/11/20 21:14:11 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Roaming\uTorrent
[2011/11/20 21:14:11 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\uTorrent
[2011/11/20 12:53:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/20 12:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/20 12:53:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/15 22:55:51 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{A08E973A-2183-4099-8E57-493E94EE4BFF}
[2011/11/15 22:55:40 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{D061F71C-810A-4D4D-AFA3-EAD6F476C184}
[2011/11/15 21:38:18 | 000,000,000 | ---D | C] -- C:\Users\Giovane\Documents\FIFA 12
[2011/11/15 19:09:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/11/15 10:55:13 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{26047BC6-05EF-40F1-A3F9-CD60EF082866}
[2011/11/15 10:54:54 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{EC70842A-D3AA-47F1-9622-6AECC097C2C2}
[2011/11/10 16:47:52 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{0BFF62C7-9FDB-4622-8100-773F9938124D}
[2011/11/10 16:47:41 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{BB55AC23-4641-410C-B99D-DD55C15F245E}
[2011/11/10 14:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/11/10 14:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/11/10 14:32:55 | 010,406,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2011/11/10 14:32:55 | 005,067,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2011/11/10 14:32:55 | 003,074,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2011/11/10 14:32:55 | 000,837,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll
[2011/11/10 14:32:55 | 000,222,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2011/11/10 14:32:55 | 000,137,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2011/11/10 14:30:55 | 001,452,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420102.dll
[2011/11/10 14:30:55 | 000,174,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2011/11/10 14:30:55 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2011/11/10 14:30:54 | 024,796,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011/11/10 14:30:54 | 024,742,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011/11/10 14:30:54 | 018,871,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011/11/10 14:30:54 | 017,248,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011/11/10 14:30:54 | 015,693,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2011/11/10 14:30:54 | 013,205,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2011/11/10 14:30:54 | 008,792,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2011/11/10 14:30:54 | 007,581,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011/11/10 14:30:54 | 007,042,880 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2011/11/10 14:30:54 | 005,578,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011/11/10 14:30:54 | 002,808,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2011/11/10 14:30:54 | 002,542,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011/11/10 14:30:54 | 002,458,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2011/11/10 14:30:54 | 002,401,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011/11/10 14:30:54 | 002,232,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011/11/10 14:30:54 | 002,099,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2011/11/10 14:30:54 | 001,543,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2011/11/10 14:30:54 | 001,454,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2011/11/10 14:30:54 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/11/10 14:30:54 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/11/10 14:28:15 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/11/10 14:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phyxion.net
[2011/11/10 14:22:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Phyxion.net
[2011/11/10 14:16:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/11/09 16:50:30 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{AC4BE11B-BA08-4514-B4AA-5506980E07C9}
[2011/11/09 16:50:17 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{9925BD94-E016-4753-9B0D-432C129486FC}
[2011/11/08 21:49:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2011/11/08 21:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 12
[2011/11/08 20:24:40 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{E2692993-B40B-4CC8-A7F5-D17B33DEE50C}
[2011/11/08 20:24:28 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{F99C1847-CC0C-463B-BED2-376F6A02DD7B}
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/12/02 18:02:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/02 17:57:55 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/02 17:57:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/02 17:57:32 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/02 17:56:33 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\jgjgo.sys
[2011/12/02 17:48:39 | 000,724,952 | ---- | M] () -- C:\Users\Giovane\Desktop\avenger.zip
[2011/12/02 10:54:00 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/02 09:49:21 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/02 09:49:21 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/01 21:42:40 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/12/01 21:42:40 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/12/01 21:26:19 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/12/01 19:25:12 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Users\Giovane\Desktop\OTM.exe
[2011/12/01 17:08:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Giovane\Desktop\OTL.exe
[2011/12/01 09:37:17 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/11/28 16:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 16:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/11/28 16:01:14 | 000,256,960 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/11/28 15:54:06 | 000,591,192 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/11/28 15:53:58 | 000,304,472 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/11/28 15:52:22 | 000,042,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/11/28 15:52:20 | 000,058,712 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/11/28 15:52:11 | 000,066,904 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/11/28 15:51:53 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/11/26 00:11:03 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/24 19:37:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/11/24 19:37:30 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/11/24 19:37:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/11/24 19:37:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/11/22 13:46:21 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011/11/22 13:45:45 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/11/21 19:26:35 | 000,002,209 | ---- | M] () -- C:\Users\Giovane\Desktop\Splash PRO.lnk
[2011/11/20 21:15:44 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/11/20 12:53:18 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/15 19:09:10 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/10 14:22:48 | 000,001,233 | ---- | M] () -- C:\Users\Public\Desktop\Driver Sweeper.lnk
[2011/11/10 14:00:23 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2011/11/09 19:10:10 | 000,414,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/08 21:30:02 | 000,001,234 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 12.lnk
[2011/11/08 01:51:00 | 024,796,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011/11/08 01:51:00 | 024,742,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011/11/08 01:51:00 | 018,871,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011/11/08 01:51:00 | 017,248,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011/11/08 01:51:00 | 015,693,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2011/11/08 01:51:00 | 013,205,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2011/11/08 01:51:00 | 010,406,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2011/11/08 01:51:00 | 008,792,384 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2011/11/08 01:51:00 | 007,581,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011/11/08 01:51:00 | 007,042,880 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2011/11/08 01:51:00 | 005,578,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011/11/08 01:51:00 | 005,067,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2011/11/08 01:51:00 | 003,074,368 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2011/11/08 01:51:00 | 002,808,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2011/11/08 01:51:00 | 002,542,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011/11/08 01:51:00 | 002,458,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2011/11/08 01:51:00 | 002,401,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011/11/08 01:51:00 | 002,232,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011/11/08 01:51:00 | 002,099,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2011/11/08 01:51:00 | 001,543,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2011/11/08 01:51:00 | 001,454,400 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2011/11/08 01:51:00 | 000,837,952 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll
[2011/11/08 01:51:00 | 000,222,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2011/11/08 01:51:00 | 000,137,536 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2011/11/08 01:51:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/11/08 01:51:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/11/08 01:51:00 | 000,007,384 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2011/11/07 18:53:44 | 000,321,856 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/11/06 12:20:03 | 001,524,858 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/06 12:20:03 | 000,666,510 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2011/11/06 12:20:03 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/06 12:20:03 | 000,128,740 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2011/11/06 12:20:03 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/12/02 17:56:33 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\jgjgo.sys
[2011/12/02 17:55:24 | 000,731,136 | ---- | C] () -- C:\Users\Giovane\Desktop\avenger.exe
[2011/12/02 17:48:37 | 000,724,952 | ---- | C] () -- C:\Users\Giovane\Desktop\avenger.zip
[2011/11/26 00:11:03 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/26 00:11:03 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/22 13:46:21 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011/11/21 19:26:35 | 000,002,209 | ---- | C] () -- C:\Users\Giovane\Desktop\Splash PRO.lnk
[2011/11/20 21:15:44 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/11/20 12:53:18 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/10 14:22:48 | 000,001,233 | ---- | C] () -- C:\Users\Public\Desktop\Driver Sweeper.lnk
[2011/11/08 21:30:02 | 000,001,234 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 12.lnk
[2011/11/07 18:53:44 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/10/23 21:11:51 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
[2011/10/03 21:33:13 | 001,533,836 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/12 15:37:48 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/07/07 23:31:09 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/07/07 23:31:02 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/07/06 17:38:02 | 000,674,600 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/05/14 14:01:08 | 000,000,000 | ---- | C] () -- C:\Users\Giovane\AppData\Local\{5DF2AEB5-3646-4324-B994-5E2E6EEF8227}
[2011/05/04 22:42:53 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/05/04 22:42:53 | 000,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/05/01 19:25:29 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011/04/09 19:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/01/27 00:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/07/14 03:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 00:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 22:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 21:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 19:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 19:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011/08/02 18:56:13 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\Ashampoo
[2011/10/15 21:12:10 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\Bioshock
[2011/10/03 23:51:25 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\DAEMON Tools Lite
[2011/11/28 13:08:15 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\Leadertech
[2011/09/10 18:40:06 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\MAXON
[2011/11/21 19:27:26 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\Mirillis
[2011/10/19 14:35:04 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\Origin
[2011/09/15 15:01:55 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\Rovio
[2011/07/08 12:39:53 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\The Creative Assembly
[2011/07/28 01:23:06 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\TS3Client
[2011/07/12 12:09:12 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\Ubisoft
[2011/12/02 10:54:23 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\uTorrent
[2011/10/23 21:13:34 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\VDownloader
[2011/11/15 19:05:46 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >
 
Didjo, o malware está deletando os arquivos das ferramentas e bloqueando a execução dos scripts.

Baixe e utilize o ComboFix conforme este tutorial aqui. Porém, faça o procedimento em modo de segurança.

Ao término do scan poste o log dele.
 
Mr.Wolf disse:
Didjo, o malware está deletando os arquivos das ferramentas e bloqueando a execução dos scripts.

Baixe e utilize o ComboFix conforme este tutorial aqui. Porém, faça o procedimento em modo de segurança.

Ao término do scan poste o log dele.
Clique para expandir...

Aqui está o log feito conforme o tutorial:

Código: 
ComboFix 11-12-02.02 - Giovane 02/12/2011  20:11:17.2.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.55.1046.18.4094.2737 [GMT -2:00]
Executando de: c:\users\Giovane\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Execuções precedente -------
.
c:\users\Giovane\AppData\Roaming\Microsoft\Windows\Recent\Dead Space.url
c:\users\Giovane\e540e9fe089\config\bkblock
c:\users\Giovane\e540e9fe089\config\block
c:\users\Giovane\e540e9fe089\config\configure
c:\users\Giovane\e540e9fe089\config\exitd.vxd
c:\users\Giovane\e540e9fe089\config\live.txt
c:\users\Giovane\e540e9fe089\config\mx0.txt
c:\users\Giovane\e540e9fe089\config\name.drv
c:\users\Giovane\e540e9fe089\config\ref\hotmail.on
c:\users\Giovane\e540e9fe089\config\ref\hotmail577777.dll
c:\users\Giovane\e540e9fe089\config\ref\live.on
c:\users\Giovane\e540e9fe089\config\scr
c:\users\Giovane\e540e9fe089\config\script.txt
c:\users\Giovane\e540e9fe089\config\tm.t
c:\users\Giovane\e540e9fe089\config\update.txt
c:\users\Giovane\e540e9fe089\config\upinfod.drv
c:\users\Giovane\e540e9fe089\config\wininfo1.vxd
c:\users\Giovane\e540e9fe089\un.exe
c:\users\Giovane\e540e9fe089\unrar.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Serviços   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2011-11-02 to 2011-12-02  ))))))))))))))))))))))))))))
.
.
2011-12-02 22:16 . 2011-12-02 22:16	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-12-02 19:56 . 2011-12-02 19:56	61440	----a-w-	c:\windows\SysWow64\drivers\jgjgo.sys
2011-12-02 11:47 . 2011-11-21 11:40	8822856	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E3B834D-059B-4AFD-ADE1-EB4739825474}\mpengine.dll
2011-12-01 21:32 . 2011-12-01 21:32	--------	d-----w-	C:\_OTM
2011-11-29 15:35 . 2011-11-29 15:36	--------	d-----w-	c:\users\Giovane\AppData\Local\Microsoft Games
2011-11-28 15:08 . 2011-11-28 15:08	--------	d-----w-	c:\users\Giovane\AppData\Roaming\Leadertech
2011-11-24 21:37 . 2011-11-24 21:37	--------	d-----w-	c:\program files (x86)\Common Files\Java
2011-11-24 21:37 . 2011-11-24 21:37	--------	d-----w-	c:\program files (x86)\Java
2011-11-21 21:26 . 2011-11-21 21:26	--------	d-----w-	c:\program files (x86)\Mirillis
2011-11-21 16:41 . 2011-12-02 14:23	--------	d-----w-	c:\users\Giovane\AppData\Local\Mirillis
2011-11-21 16:41 . 2011-11-21 21:27	--------	d-----w-	c:\users\Giovane\AppData\Roaming\Mirillis
2011-11-21 16:41 . 2011-11-21 21:27	--------	d-----w-	c:\programdata\Mirillis
2011-11-21 16:28 . 2011-11-21 19:26	--------	d-----w-	c:\windows\SysWow64\Adobe
2011-11-20 23:15 . 2011-11-20 23:15	--------	d-----w-	c:\program files (x86)\uTorrent
2011-11-20 23:14 . 2011-12-02 12:54	--------	d-----w-	c:\users\Giovane\AppData\Roaming\uTorrent
2011-11-20 23:14 . 2011-11-20 23:14	--------	d-----w-	c:\users\Giovane\AppData\Local\uTorrent
2011-11-20 14:53 . 2011-11-20 14:53	--------	d-----w-	c:\program files\iPod
2011-11-20 14:53 . 2011-11-20 14:53	--------	d-----w-	c:\program files\iTunes
2011-11-15 21:09 . 2011-11-15 21:09	--------	d-----w-	c:\windows\system32\Macromed
2011-11-10 16:34 . 2011-12-02 22:17	--------	d-----w-	c:\programdata\NVIDIA
2011-11-10 16:34 . 2011-11-26 12:58	--------	d-----w-	c:\users\UpdatusUser
2011-11-10 16:32 . 2011-11-08 03:51	837952	----a-w-	c:\windows\system32\easyupdatusapiu64.dll
2011-11-10 16:32 . 2011-11-08 03:51	5067584	----a-w-	c:\windows\system32\nvsvc64.dll
2011-11-10 16:32 . 2011-11-08 03:51	3074368	----a-w-	c:\windows\system32\nvsvcr.dll
2011-11-10 16:32 . 2011-11-08 03:51	222528	----a-w-	c:\windows\system32\nvmctray.dll
2011-11-10 16:32 . 2011-11-08 03:51	1640768	----a-w-	c:\windows\system32\nvvsvc.exe
2011-11-10 16:32 . 2011-11-08 03:51	137536	----a-w-	c:\windows\system32\nvshext.dll
2011-11-10 16:32 . 2011-11-08 03:51	10406208	----a-w-	c:\windows\system32\nvcpl.dll
2011-11-10 16:28 . 2011-11-10 16:28	--------	d-----w-	C:\NVIDIA
2011-11-10 16:22 . 2011-11-10 16:22	--------	d-----w-	c:\program files (x86)\Phyxion.net
2011-11-10 16:16 . 2011-11-10 16:16	--------	d-----w-	c:\programdata\NVIDIA Corporation
2011-11-09 18:06 . 2011-10-01 05:45	886784	----a-w-	c:\program files\Common Files\System\wab32.dll
2011-11-09 18:06 . 2011-10-01 04:37	708608	----a-w-	c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 18:06 . 2011-09-29 16:29	1923952	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-09 18:06 . 2011-09-29 04:03	3144704	----a-w-	c:\windows\system32\win32k.sys
2011-11-08 23:49 . 2011-11-08 23:49	--------	d-----w-	c:\program files (x86)\TeamViewer
2011-11-07 20:53 . 2011-11-07 20:53	321856	----a-w-	c:\windows\SysWow64\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-01 23:42 . 2011-07-08 01:31	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2011-12-01 23:42 . 2011-05-01 21:26	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2011-12-01 23:26 . 2011-07-08 01:31	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2011-11-28 18:01 . 2011-08-02 21:41	41184	----a-w-	c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-08-02 21:41	199816	----a-w-	c:\windows\SysWow64\aswBoot.exe
2011-11-28 18:01 . 2011-05-01 16:28	256960	----a-w-	c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-08-02 21:42	591192	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-08-02 21:42	304472	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-08-02 21:42	42328	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-08-02 21:42	58712	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-08-02 21:42	66904	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2011-08-02 21:42	24408	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-11-24 21:37 . 2011-09-21 21:59	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-11-22 15:45 . 2011-07-08 01:31	75136	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2011-11-15 21:09 . 2011-05-17 18:55	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-01 21:09 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2011-11-01 21:09 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2011-10-24 16:29 . 2011-10-24 16:29	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 16:29 . 2011-10-24 16:29	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2010-01-26 13:11 . 2011-10-23 23:11	444283	----a-w-	c:\program files (x86)\Common Files\WinPcapNmap.exe
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-01 136176]
R3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\system32\DRIVERS\AGUx64.sys [x]
R3 cpuz130;cpuz130;c:\users\Giovane\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-01 136176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-08 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-11-07 381248]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
.
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2011-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-01 16:28]
.
2011-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-01 16:28]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01	134384	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bigseekpro.com/anyvideo2dvd/{0D029657-07DA-4BAE-9D77-64B20E8FC39C}
mStart Page = hxxp://www.bigseekpro.com/anyvideo2dvd/{0D029657-07DA-4BAE-9D77-64B20E8FC39C}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Giovane\AppData\Roaming\Mozilla\Firefox\Profiles\fvkmphzr.default\
FF - prefs.js: network.proxy.ftp - 46.47.200.106
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 46.47.200.106
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 46.47.200.106
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 46.47.200.106
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
.
- - - - ORFÃOS REMOVIDOS - - - -
.
HKLM-Run-combofix - c:\combofix\CF10206.3XE
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-336372419-174131893-1597346273-1000\Software\SecuROM\License information*]
"datasecu"=hex:c1,ca,30,08,c2,5f,3a,dc,4c,ca,cf,ec,7e,c9,67,ac,b6,e5,60,a3,83,
   53,fe,72,23,ca,2e,8a,c1,77,c8,c2,99,f5,55,ed,25,57,87,c6,59,e6,87,95,f0,93,\
"rkeysecu"=hex:5c,97,45,4c,74,f2,86,cc,67,01,e0,71,a2,0e,be,05
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Google\Update\1.3.21.79\GoogleCrashHandler.exe
.
**************************************************************************
.
Tempo para conclusão: 2011-12-02  20:21:05 - Máquina reiniciou
ComboFix-quarantined-files.txt  2011-12-02 22:21
.
Pré-execução: 644.935.434.240 bytes disponíveis
Pós execução: 644.524.744.704 bytes disponíveis
.
- - End Of File - - CFD5C350B7C950CC3F5A8B8389C0B647
 
Mr. Wolf fiz o log como vc solicitou e tbm já resetei o modem, porém mesmo resetando não resolveu, só apos algumas horas como dito na reportagem!

Segue o log:

Código: 
OTL logfile created on: 03/12/2011 14:03:29 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\ESL\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
7,98 Gb Total Physical Memory | 5,92 Gb Available Physical Memory | 74,15% Memory free
15,96 Gb Paging File | 13,76 Gb Available in Paging File | 86,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 719,89 Gb Free Space | 77,29% Space Free | Partition Type: NTFS
 
Computer Name: CENTURION | User Name: ESL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011/12/03 14:02:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\ESL\Desktop\OTL.exe
PRC - [2011/11/10 07:17:04 | 003,514,176 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011/09/29 05:30:17 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/09/20 13:39:48 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2011/08/03 09:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/03 04:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/12/20 08:30:38 | 002,656,280 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 08:30:36 | 000,325,656 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/02 23:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
PRC - [2008/10/18 07:32:46 | 000,775,168 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
PRC - [2008/08/04 19:04:38 | 000,226,816 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
PRC - [2008/08/01 16:55:28 | 000,143,467 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe
PRC - [2006/12/19 11:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe
PRC - [2006/11/03 12:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7302\Monitor.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2011/11/14 09:26:36 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/29 05:30:18 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/08/07 16:54:16 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\detour32.dll
MOD - [2011/08/03 04:31:28 | 000,255,592 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/06/24 23:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 23:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/01/30 03:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
MOD - [2010/01/30 03:41:12 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2008/08/04 19:04:38 | 000,226,816 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
MOD - [2008/08/01 16:58:14 | 000,622,693 | ---- | M] () -- C:\Windows\SysWOW64\BsShell.dll
MOD - [2008/08/01 16:55:40 | 000,118,880 | ---- | M] () -- C:\Windows\SysWOW64\BsMobileSDK.dll
MOD - [2008/08/01 16:55:30 | 000,028,672 | ---- | M] () -- C:\Windows\SysWOW64\BsMobileCSps.dll
MOD - [2008/08/01 16:54:12 | 000,106,595 | ---- | M] () -- C:\Windows\SysWOW64\Bs2Res.dll
MOD - [2008/08/01 16:46:30 | 017,907,824 | ---- | M] () -- C:\Windows\SysWOW64\BsLangInDepRes.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2010/12/14 17:34:20 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:[b]64bit:[/b] - [2009/07/13 23:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/10/06 21:27:33 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2011/10/06 21:26:28 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/03 09:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/03 04:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/01/11 20:04:04 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/12/20 08:30:38 | 002,656,280 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/12/20 08:30:36 | 000,325,656 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/11/02 23:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
SRV - [2009/06/10 19:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/10/18 07:32:46 | 000,775,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2008/08/01 17:00:18 | 000,141,824 | ---- | M] () [On_Demand | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2008/08/01 16:55:28 | 000,143,467 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)
SRV - [2006/12/19 11:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2011/11/21 19:10:17 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:[b]64bit:[/b] - [2011/11/20 21:57:19 | 000,530,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2011/10/06 21:26:31 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:[b]64bit:[/b] - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2011/08/12 23:01:47 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:[b]64bit:[/b] - [2011/06/16 07:22:50 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:[b]64bit:[/b] - [2011/06/16 07:22:50 | 000,093,496 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:[b]64bit:[/b] - [2011/01/11 20:04:04 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:[b]64bit:[/b] - [2011/01/11 20:04:00 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:[b]64bit:[/b] - [2010/12/14 17:34:16 | 001,357,424 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:[b]64bit:[/b] - [2010/11/09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:[b]64bit:[/b] - [2010/10/19 06:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:[b]64bit:[/b] - [2010/09/27 05:24:43 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:[b]64bit:[/b] - [2010/06/09 17:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:[b]64bit:[/b] - [2010/06/09 17:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:[b]64bit:[/b] - [2010/04/22 19:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:[b]64bit:[/b] - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:[b]64bit:[/b] - [2009/07/13 23:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2009/07/13 23:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2009/07/13 23:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/13 23:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/13 23:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2009/07/13 23:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/10 18:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 18:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 18:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 18:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2008/07/31 21:45:44 | 000,024,328 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
DRV:[b]64bit:[/b] - [2008/07/02 15:58:50 | 000,031,624 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:[b]64bit:[/b] - [2008/07/02 15:58:38 | 000,038,536 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VCommMgr.sys -- (VcommMgr)
DRV:[b]64bit:[/b] - [2008/07/02 15:58:28 | 000,047,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btcusb.sys -- (Btcsrusb)
DRV:[b]64bit:[/b] - [2008/01/21 20:28:14 | 000,016,904 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btnetdrv.sys -- (BT)
DRV:[b]64bit:[/b] - [2008/01/21 20:27:52 | 000,017,032 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VComm.sys -- (VComm)
DRV:[b]64bit:[/b] - [2007/11/08 11:29:22 | 000,527,872 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2011/01/11 20:04:04 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys -- (LMIInfo)
DRV - [2009/07/13 23:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2610910088-3659751682-1710283599-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
IE - HKU\S-1-5-21-2610910088-3659751682-1710283599-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2610910088-3659751682-1710283599-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://www.google.com.br/"
FF - prefs.js..extensions.enabledItems: virtualKeyboard@kaspersky.ru:11.0.2.579
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.579
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886C}:2.6.3.1
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.664
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ESL\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ESL\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru [2011/08/12 23:33:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru [2011/08/12 23:33:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/15 20:45:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/15 20:45:57 | 000,000,000 | ---D | M]
 
[2011/08/12 23:33:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ESL\AppData\Roaming\mozilla\Extensions
[2011/11/29 00:23:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ESL\AppData\Roaming\mozilla\Firefox\Profiles\pt0id0hy.default\extensions
[2011/11/29 00:23:35 | 000,000,000 | ---D | M] (Modulo de Seguranca - Banco do Brasil) -- C:\Users\ESL\AppData\Roaming\mozilla\Firefox\Profiles\pt0id0hy.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}
[2011/09/24 14:56:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ESL\AppData\Roaming\mozilla\Firefox\Profiles\pt0id0hy.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}-trash
[2011/11/10 23:17:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\ESL\AppData\Roaming\mozilla\Firefox\Profiles\pt0id0hy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/08/24 09:44:07 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\ESL\AppData\Roaming\mozilla\Firefox\Profiles\pt0id0hy.default\extensions\LogMeInClient@logmein.com
[2011/10/22 13:00:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/08/13 03:10:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/22 12:47:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/09/29 05:30:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/28 22:55:26 | 000,001,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\buscape.xml
[2011/09/28 22:55:26 | 000,001,212 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mercadolivre.xml
[2011/09/28 22:55:26 | 000,001,168 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-br.xml
[2011/09/28 22:55:26 | 000,000,952 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-br.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ESL\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ESL\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ESL\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\ESL\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2011/10/22 11:37:29 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:[b]64bit:[/b] - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O4:[b]64bit:[/b] - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BtTray] C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2610910088-3659751682-1710283599-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2610910088-3659751682-1710283599-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2610910088-3659751682-1710283599-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\ESL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fgfh676767io.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2610910088-3659751682-1710283599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:[b]64bit:[/b] - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:[b]64bit:[/b] - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:[b]64bit:[/b] - Extra context menu item: Enviar por Bluetooth - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm ()
O8:[b]64bit:[/b] - Extra context menu item: Enviar por mensagem(&M)... - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm ()
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Enviar por Bluetooth - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm ()
O8 - Extra context menu item: Enviar por mensagem(&M)... - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm ()
O9:[b]64bit:[/b] - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: &Teclado Virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:[b]64bit:[/b] - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Teclado Virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Arquivos de Programas\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F156D6E-B9F4-40CC-B772-00E0590370B0}: DhcpNameServer = 192.168.0.1
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
O18:[b]64bit:[/b] - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:[b]64bit:[/b] - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:[b]64bit:[/b] - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) -C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab ZAO)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:[b]64bit:[/b] - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29:[b]64bit:[/b] - HKLM SecurityProviders - (credssp.dll) - File not found
O29 - HKLM SecurityProviders - (credssp.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011/12/03 14:02:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\ESL\Desktop\OTL.exe
[2011/12/01 20:14:35 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/11/28 16:40:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire
[2011/11/28 16:40:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FinalWire
[2011/11/28 00:22:28 | 000,000,000 | ---D | C] -- C:\Users\ESL\AppData\Local\TechSmith
[2011/11/25 19:11:08 | 000,000,000 | ---D | C] -- C:\Users\ESL\Documents\Usenet.nl
[2011/11/21 19:10:17 | 000,279,616 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011/11/20 21:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/11/20 21:56:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011/11/19 20:42:10 | 000,000,000 | ---D | C] -- C:\Users\ESL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/11/19 20:40:17 | 000,000,000 | ---D | C] -- C:\Users\ESL\AppData\Local\Google
[2011/11/19 11:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Disk Sentinel
[2011/11/19 10:54:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hard Disk Sentinel
[2011/11/15 20:45:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/15 20:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/15 20:33:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/15 20:33:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/15 20:33:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/11/15 20:31:01 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/11/15 20:31:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/11/14 09:26:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/11/11 20:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital Corporation
[2011/11/11 00:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Regenerator
[2011/11/06 16:09:28 | 000,021,992 | ---- | C] (CPUID) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys
[2011/11/06 16:09:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2011/11/06 16:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2011/11/06 02:38:54 | 000,000,000 | ---D | C] -- C:\Users\ESL\AppData\Local\MulletPower
[2011/11/06 01:02:13 | 000,000,000 | ---D | C] -- C:\Users\ESL\AppData\Roaming\ImgBurn
[2011/11/05 23:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/12/03 14:02:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\ESL\Desktop\OTL.exe
[2011/12/03 13:45:01 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2610910088-3659751682-1710283599-1000UA.job
[2011/12/03 13:26:04 | 000,000,196 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2011/12/03 13:25:14 | 000,000,962 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
[2011/12/03 13:25:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/03 13:25:04 | 2133,831,679 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/03 01:46:55 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/12/02 20:45:00 | 000,001,018 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2610910088-3659751682-1710283599-1000Core.job
[2011/12/02 20:24:46 | 000,004,609 | ---- | M] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2011/12/02 20:22:56 | 000,000,193 | ---- | M] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2011/12/02 00:59:23 | 2372,599,964 | ---- | M] () -- C:\Users\ESL\Desktop\Image.nrg
[2011/11/29 00:44:14 | 000,009,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/29 00:44:14 | 000,009,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/28 22:13:08 | 000,000,254 | ---- | M] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2011/11/28 19:35:26 | 001,499,760 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/28 19:35:26 | 000,657,176 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2011/11/28 19:35:26 | 000,609,896 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/28 19:35:26 | 000,125,568 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2011/11/28 19:35:26 | 000,104,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/28 02:10:06 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/21 19:10:17 | 000,279,616 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011/11/20 21:57:19 | 000,530,488 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/12/02 00:56:23 | 2372,599,964 | ---- | C] () -- C:\Users\ESL\Desktop\Image.nrg
[2011/11/19 20:40:19 | 000,001,070 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2610910088-3659751682-1710283599-1000UA.job
[2011/11/19 20:40:18 | 000,001,018 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2610910088-3659751682-1710283599-1000Core.job
[2011/10/22 03:05:04 | 000,138,844 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/09/21 01:11:04 | 000,029,696 | ---- | C] () -- C:\Users\ESL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/17 19:54:33 | 000,001,584 | ---- | C] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2011/08/16 20:00:39 | 001,508,738 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/14 03:05:14 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/08/13 14:26:09 | 000,000,254 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2011/08/13 01:26:44 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/08/13 01:26:43 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/08/13 01:26:43 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/08/13 01:26:43 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/08/13 01:26:43 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/08/13 00:03:04 | 000,614,400 | ---- | C] () -- C:\Windows\AutoKMS.exe
[2011/08/13 00:03:04 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2011/08/12 23:53:19 | 000,000,324 | ---- | C] () -- C:\Windows\MP3trt.ini
[2011/08/12 23:53:14 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\ammpp.dll
[2011/08/12 23:53:14 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\a1.dll
[2011/08/12 23:50:32 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\SP7302.INI
[2011/08/12 23:33:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/08/12 23:22:23 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2011/08/12 23:13:47 | 000,004,609 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2011/08/12 23:13:42 | 000,000,193 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2011/08/12 23:10:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\BSPRINT.INI
[2011/08/03 04:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/06/07 12:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/06/07 12:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/06/07 12:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/06/07 12:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2009/07/14 03:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 00:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 22:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 21:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 19:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 19:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/08/04 19:04:44 | 000,000,962 | ---- | C] () -- C:\Windows\SysWow64\bscs.ini
[2008/08/04 18:36:50 | 000,405,589 | ---- | C] () -- C:\Windows\SysWow64\BsUI.dll
[2008/08/01 16:58:50 | 000,278,647 | ---- | C] () -- C:\Windows\SysWow64\outlookAddin.dll
[2008/08/01 16:58:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\HtmPrintHelper.dll
[2008/08/01 16:58:14 | 000,622,693 | ---- | C] () -- C:\Windows\SysWow64\BsShell.dll
[2008/08/01 16:58:04 | 000,106,597 | ---- | C] () -- C:\Windows\SysWow64\BsAddin.dll
[2008/08/01 16:55:40 | 000,118,880 | ---- | C] () -- C:\Windows\SysWow64\BsMobileSDK.dll
[2008/08/01 16:55:30 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\BsMobileCSps.dll
[2008/08/01 16:54:12 | 000,106,595 | ---- | C] () -- C:\Windows\SysWow64\Bs2Res.dll
[2008/08/01 16:46:30 | 017,907,824 | ---- | C] () -- C:\Windows\SysWow64\BsLangInDepRes.dll
[2008/08/01 16:46:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\BsVistaCommon.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011/11/21 19:12:01 | 000,000,000 | ---D | M] -- C:\Users\ESL\AppData\Roaming\DAEMON Tools Lite
[2011/11/06 01:46:34 | 000,000,000 | ---D | M] -- C:\Users\ESL\AppData\Roaming\ImgBurn
[2011/09/20 20:35:12 | 000,000,000 | ---D | M] -- C:\Users\ESL\AppData\Roaming\Samsung
[2011/11/19 12:03:36 | 000,000,000 | ---D | M] -- C:\Users\ESL\AppData\Roaming\uTorrent
[2011/12/03 13:26:04 | 000,000,196 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2011/10/23 13:54:14 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:1AAB2E68
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B755D674

< End of report >

James10 disse:
Eu já passei por isso algumas vezes um tempo atrás... Quando estava navegando a intenet com o modem D-link 500-B, do nada, percebia que as luzes do modem se apagavam e reiniciava o modem. Depois disso, acontecia dois erros.

1) Quando tentava acessar a net, dava essa mensagem pedindo atualização.
2) Era direcionado para algum site.

Depois de tanta investigação, percebi que, quando tentava entrar na configuração do modem, a senha não pegava. Tive que reiniciar o modem, através do pino que fica atrás, acessar novamente com a senha padrão, remover as configurações e refazê-las. Só assim voltava ao normal. Cheguei a pensar até que fosse problema no modem.

Realmente faz sentido esse problema do DNS postado pelo Mr. Wolf.
Clique para expandir...

Fala blz?
Pois é cara, negócio chato! Eu resetei o modem uma vez e resolveu, mas dessa vez não adiantou e tive que esperar!
 
Última edição:
Didjo, estamos quase lá! Antes de prosseguirmos, convém dizer que seu PC está contaminado por trojans bankers. Este tipo de praga tem a finalidade de roubar dados bancários (principalmente), senhas de redes sociais, MSN, e etc. É altamente recomendável que após a limpeza da máquina você efetue a alteração dos dados digitados no computador.

Vamos remover as infecções restantes no log do ComboFix.

Siga o spoiler.

OBS: Peço que mova delete o ComboFix que está aí na pasta Downloads e baixe-o novamente. Mas agora salve-o no desktop para que o procedimento a seguir tenha êxito.

- Reinicie o PC em modo de segurança mais uma vez.
- Selecione e copie o script dentro do QUOTE abaixo. Abra o bloco de notas e cole o script lá. Salve no desktop (local onde deverá estar o executável do ComboFix) com o nome CFScript.txt

Folder::
C:\_OTM
c:\users\Giovane\e540e9fe089
File::
c:\windows\SysWow64\drivers\jgjgo.sys
Clique para expandir...
- Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:

CFScript.gif


- O ComboFix será executado novamente, como anteriormente. Apenas aguarde o scan terminar.
- Procure não mexer no mouse ou no teclado durante o scan.

No término da execução da ferramenta, poste o novo log gerado pelo ComboFix, por gentileza.
Esledinho, não há nada de errado no log. Aparentemente, sem infecções. O que não quer dizer que o computador esteja 100% limpo. O malware pode até estar escondido, logo, há meios de identificá-lo mesmo assim.

No entanto, percebi que o seu DNS ainda é o mesmo fornecido pelo seu provedor. Já trocou pelo DNS da Google ou do OpenDNS só para fazer um teste e ver se o problema continua? Acho que não custa tentar.

Se persistir, faremos uma varredura minuciosa para averiguar se há malwares escondidos aí. O que acha?
 
Mr. Wolf por mim tudo bem! Eu já troquei o DNS do roteador pelo OPENDNS, tem que trocar o do navegador tbm?
Me esqueci de postar o extra:

Código: 
OTL Extras logfile created on: 03/12/2011 14:03:29 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\ESL\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
7,98 Gb Total Physical Memory | 5,92 Gb Available Physical Memory | 74,15% Memory free
15,96 Gb Paging File | 13,76 Gb Available in Paging File | 86,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 719,89 Gb Free Space | 77,29% Space Free | Partition Type: NTFS
 
Computer Name: CENTURION | User Name: ESL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
 
[HKEY_USERS\S-1-5-21-2610910088-3659751682-1710283599-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0416-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Driver do 3D Vision 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Painel de controle da NVIDIA 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver de gráficos 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Driver de controle do 3D Vision 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Software do sistema PhysX 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Atualizações da NVIDIA 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F230730E-4C3C-4A9B-A44B-C5E533F0BFA2}" = Bluesoleil 6.2.227.11
"2E85B24B7EDF495B57D81136F09567FA79E17482" = Pacote de Driver do Windows - Atheros (L1C) Net  (09/27/2010 1.0.0.36)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2445981B-A23B-4A0E-AD15-3D391BDAEC3E}" = HDD Regenerator
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{470C8EFE-AEB0-402E-B05A-91E08C201046}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.24
"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57573545-74EB-46D2-B362-AA05364E4ED8}" = LogMeIn
"{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}" = Camtasia Studio 5
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2010
"{90140000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
"{90140000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
"{90140000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
"{90140000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
"{90140000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2010
"{90140000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
"{90140000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
"{90140000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
"{90140000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
"{95140000-0080-0416-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-7AD7-1046-7B44-A94000000001}" = Adobe Reader 9.4.6 - Português
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"7-Zip" = 7-Zip 9.21beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v2.00
"aTube Catcher" = aTube Catcher
"DAEMON Tools Lite" = DAEMON Tools Lite
"FormatFactory" = FormatFactory 2.70
"Hard Disk Sentinel_is1" = Hard Disk Sentinel PRO
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Gerenciador de dispositivo de plataforma
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware versão 1.51.2.1300
"Messenger Plus!" = Messenger Plus! 5
"Mozilla Firefox 7.0.1 (x86 pt-BR)" = Mozilla Firefox 7.0.1 (x86 pt-BR)
"MP3 To Ringtone_is1" = MP3 To Ringtone 1.45
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Total Video Converter 3.11_is1" = Total Video Converter 3.11 070908
"uTorrent" = µTorrent
"WinAVI Video Converter 9.09.0" = WinAVI Video Converter 9.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = Arquivo do WinRAR
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-2610910088-3659751682-1710283599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 02/12/2011 19:18:59 | Computer Name = Centurion | Source = SideBySide | ID = 16842832
Description = Falha na geração de contexto de ativação para "C:\Program Files (x86)\Nero\Nero8\Nero
 PhotoSnap\PhotoSnapViewer.exe".Erro no arquivo de manifesto ou de diretiva "", 
na linha.  Uma versão de componente exigida pelo aplicativo está em conflito com outra
 versão de componente já ativa.  Os componentes conflitantes são:.  Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Componente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
 
Error - 02/12/2011 19:59:42 | Computer Name = Centurion | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: AUDIODG.EXE, versão: 6.1.7600.16385,
 carimbo de hora: 0x4a5bced5  Nome do módulo de falhas: VIASysFx.dll, versão: 1.0.0.0,
 carimbo de hora: 0x4d070815  Código de exceção: 0xc0000005  Deslocamento com falha:
 0x000000000005de92  Identificação do processo com falha: 0xbac  Hora de início do aplicativo
 com falha: 0x01ccb14e73f4139b  Caminho do aplicativo com falha: C:\Windows\system32\AUDIODG.EXE
FCaminho
 do módulo de falhas: C:\Windows\system32\VIASysFx.dll  Identificação do Relatório:
 b31fcc6a-1d41-11e1-a41b-00158315a310
 
Error - 02/12/2011 20:13:16 | Computer Name = Centurion | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: AUDIODG.EXE, versão: 6.1.7600.16385,
 carimbo de hora: 0x4a5bced5  Nome do módulo de falhas: VIASysFx.dll, versão: 1.0.0.0,
 carimbo de hora: 0x4d070815  Código de exceção: 0xc0000005  Deslocamento com falha:
 0x000000000005de92  Identificação do processo com falha: 0x10c4  Hora de início do 
aplicativo com falha: 0x01ccb15059a80437  Caminho do aplicativo com falha: C:\Windows\system32\AUDIODG.EXE
FCaminho
 do módulo de falhas: C:\Windows\system32\VIASysFx.dll  Identificação do Relatório:
 984140f8-1d43-11e1-a41b-00158315a310
 
Error - 02/12/2011 20:48:50 | Computer Name = Centurion | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: AUDIODG.EXE, versão: 6.1.7600.16385,
 carimbo de hora: 0x4a5bced5  Nome do módulo de falhas: VIASysFx.dll, versão: 1.0.0.0,
 carimbo de hora: 0x4d070815  Código de exceção: 0xc0000005  Deslocamento com falha:
 0x000000000005de92  Identificação do processo com falha: 0x1698  Hora de início do 
aplicativo com falha: 0x01ccb15551836133  Caminho do aplicativo com falha: C:\Windows\system32\AUDIODG.EXE
FCaminho
 do módulo de falhas: C:\Windows\system32\VIASysFx.dll  Identificação do Relatório:
 903d02dd-1d48-11e1-a41b-00158315a310
 
Error - 02/12/2011 20:51:03 | Computer Name = Centurion | Source = Winlogon | ID = 4103
Description = Falha de ativação da licença do Windows. Erro 0x80070005.
 
Error - 02/12/2011 21:16:21 | Computer Name = Centurion | Source = SideBySide | ID = 16842832
Description = Falha na geração de contexto de ativação para "C:\Program Files (x86)\Nero\Nero8\Nero
 Toolkit\DiscSpeed.exe".Erro no arquivo de manifesto ou de diretiva "", na linha.
Uma
 versão de componente exigida pelo aplicativo está em conflito com outra versão 
de componente já ativa.  Os componentes conflitantes são:.  Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Componente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 02/12/2011 21:16:21 | Computer Name = Centurion | Source = SideBySide | ID = 16842832
Description = Falha na geração de contexto de ativação para "C:\Program Files (x86)\Nero\Nero8\Nero
 PhotoSnap\PhotoSnap.exe".Erro no arquivo de manifesto ou de diretiva "", na linha.
Uma
 versão de componente exigida pelo aplicativo está em conflito com outra versão 
de componente já ativa.  Os componentes conflitantes são:.  Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Componente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
 
Error - 02/12/2011 21:16:21 | Computer Name = Centurion | Source = SideBySide | ID = 16842832
Description = Falha na geração de contexto de ativação para "C:\Program Files (x86)\Nero\Nero8\Nero
 PhotoSnap\PhotoSnapViewer.exe".Erro no arquivo de manifesto ou de diretiva "", 
na linha.  Uma versão de componente exigida pelo aplicativo está em conflito com outra
 versão de componente já ativa.  Os componentes conflitantes são:.  Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Componente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
 
Error - 02/12/2011 22:30:22 | Computer Name = Centurion | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: AUDIODG.EXE, versão: 6.1.7600.16385,
 carimbo de hora: 0x4a5bced5  Nome do módulo de falhas: VIASysFx.dll, versão: 1.0.0.0,
 carimbo de hora: 0x4d070815  Código de exceção: 0xc0000005  Deslocamento com falha:
 0x000000000005de92  Identificação do processo com falha: 0x1534  Hora de início do 
aplicativo com falha: 0x01ccb1638030af87  Caminho do aplicativo com falha: C:\Windows\system32\AUDIODG.EXE
FCaminho
 do módulo de falhas: C:\Windows\system32\VIASysFx.dll  Identificação do Relatório:
 bf5808bc-1d56-11e1-a41b-00158315a310
 
Error - 03/12/2011 11:25:15 | Computer Name = Centurion | Source = Winlogon | ID = 4103
Description = Falha de ativação da licença do Windows. Erro 0x80070005.
 
[ System Events ]
Error - 28/11/2011 14:52:43 | Computer Name = Centurion | Source = Service Control Manager | ID = 7031
Description = O serviço Central de Segurança foi finalizado inesperadamente. Isto
 aconteceu 2 vez(es). A seguinte ação corretiva será tomada em 300000 milissegundos:
 Reiniciar o serviço.
 
Error - 28/11/2011 14:57:43 | Computer Name = Centurion | Source = Service Control Manager | ID = 7032
Description = O Gerenciador de controle de serviços tentou executar uma ação corretiva
 (Reiniciar o serviço) após a finalização inesperada do serviço Cliente DHCP, mas
 essa ação falhou com o seguinte erro:   %%1056
 
Error - 28/11/2011 19:14:14 | Computer Name = Centurion | Source = Service Control Manager | ID = 7023
Description = O serviço Serviço de Notificação da SPP terminou com o erro:   %%5
 
Error - 28/11/2011 20:14:14 | Computer Name = Centurion | Source = Service Control Manager | ID = 7023
Description = O serviço Serviço de Notificação da SPP terminou com o erro:   %%5
 
Error - 28/11/2011 21:14:14 | Computer Name = Centurion | Source = Service Control Manager | ID = 7023
Description = O serviço Serviço de Notificação da SPP terminou com o erro:   %%5
 
Error - 28/11/2011 22:14:14 | Computer Name = Centurion | Source = Service Control Manager | ID = 7023
Description = O serviço Serviço de Notificação da SPP terminou com o erro:   %%5
 
Error - 29/11/2011 20:35:48 | Computer Name = Centurion | Source = EventLog | ID = 6008
Description = O desligamento anterior do sistema em 19:30:19 às ?29/?11/?2011 não
 era esperado.
 
Error - 01/12/2011 16:14:30 | Computer Name = Centurion | Source = DCOM | ID = 10010
Description = 
 
Error - 01/12/2011 16:26:08 | Computer Name = Centurion | Source = EventLog | ID = 6008
Description = O desligamento anterior do sistema em 18:24:45 às ?01/?12/?2011 não
 era esperado.
 
Error - 01/12/2011 18:14:35 | Computer Name = Centurion | Source = Service Control Manager | ID = 7034
Description = O serviço NVIDIA Stereoscopic 3D Driver Service foi encerrado inesperadamente.
  Isso aconteceu 1 vez(es).
 
 
< End of report >
 
Mr.Wolf disse:
Didjo, estamos quase lá! Antes de prosseguirmos, convém dizer que seu PC está contaminado por trojans bankers. Este tipo de praga tem a finalidade de roubar dados bancários (principalmente), senhas de redes sociais, MSN, e etc. É altamente recomendável que após a limpeza da máquina você efetue a alteração dos dados digitados no computador.

Vamos remover as infecções restantes no log do ComboFix.

Siga o spoiler.

OBS: Peço que mova delete o ComboFix que está aí na pasta Downloads e baixe-o novamente. Mas agora salve-o no desktop para que o procedimento a seguir tenha êxito.

- Reinicie o PC em modo de segurança mais uma vez.
- Selecione e copie o script dentro do QUOTE abaixo. Abra o bloco de notas e cole o script lá. Salve no desktop (local onde deverá estar o executável do ComboFix) com o nome CFScript.txt


- Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:

http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

- O ComboFix será executado novamente, como anteriormente. Apenas aguarde o scan terminar.
- Procure não mexer no mouse ou no teclado durante o scan.

No término da execução da ferramenta, poste o novo log gerado pelo ComboFix, por gentileza.
Esledinho, não há nada de errado no log. Aparentemente, sem infecções. O que não quer dizer que o computador esteja 100% limpo. O malware pode até estar escondido, logo, há meios de identificá-lo mesmo assim.

No entanto, percebi que o seu DNS ainda é o mesmo fornecido pelo seu provedor. Já trocou pelo DNS da Google ou do OpenDNS só para fazer um teste e ver se o problema continua? Acho que não custa tentar.

Se persistir, faremos uma varredura minuciosa para averiguar se há malwares escondidos aí. O que acha?
Clique para expandir...

Certo, irei executar e edito esse post.

Usei o cartão para fazer uma compra recentemente, no dia 27 se não me engano. Possui algum jeito de verificar quando esses trojans bankers infectaram minha máquina ? Estou com medo que tenham roubado os dados e o cartão não é meu, é do meu pai.

Aqui está o relatório conforme vc pediu:

Código: 
ComboFix 11-12-03.01 - Giovane 03/12/2011  18:15:21.3.4 - x64 MINIMAL
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.55.1046.18.4094.3416 [GMT -2:00]
Executando de: c:\users\Giovane\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\Giovane\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Criado um novo ponto de restauração
.
FILE ::
"c:\windows\SysWow64\drivers\jgjgo.sys"
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\_OTM
c:\_otm\MovedFiles\12012011_193204.log
c:\_otm\MovedFiles\12012011_193204.res
c:\windows\SysWow64\drivers\jgjgo.sys
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2011-11-03 to 2011-12-03  ))))))))))))))))))))))))))))
.
.
2011-12-03 20:24 . 2011-12-03 20:24	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E3B834D-059B-4AFD-ADE1-EB4739825474}\offreg.dll
2011-12-03 20:21 . 2011-12-03 20:21	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-12-03 14:39 . 2011-12-03 14:44	--------	d-----w-	c:\program files (x86)\MU Online Server
2011-12-02 11:47 . 2011-11-21 11:40	8822856	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E3B834D-059B-4AFD-ADE1-EB4739825474}\mpengine.dll
2011-11-29 15:35 . 2011-11-29 15:36	--------	d-----w-	c:\users\Giovane\AppData\Local\Microsoft Games
2011-11-28 15:08 . 2011-11-28 15:08	--------	d-----w-	c:\users\Giovane\AppData\Roaming\Leadertech
2011-11-24 21:37 . 2011-11-24 21:37	--------	d-----w-	c:\program files (x86)\Common Files\Java
2011-11-24 21:37 . 2011-11-24 21:37	--------	d-----w-	c:\program files (x86)\Java
2011-11-21 21:26 . 2011-11-21 21:26	--------	d-----w-	c:\program files (x86)\Mirillis
2011-11-21 16:41 . 2011-12-02 14:23	--------	d-----w-	c:\users\Giovane\AppData\Local\Mirillis
2011-11-21 16:41 . 2011-11-21 21:27	--------	d-----w-	c:\users\Giovane\AppData\Roaming\Mirillis
2011-11-21 16:41 . 2011-11-21 21:27	--------	d-----w-	c:\programdata\Mirillis
2011-11-21 16:28 . 2011-11-21 19:26	--------	d-----w-	c:\windows\SysWow64\Adobe
2011-11-20 23:15 . 2011-11-20 23:15	--------	d-----w-	c:\program files (x86)\uTorrent
2011-11-20 23:14 . 2011-12-02 12:54	--------	d-----w-	c:\users\Giovane\AppData\Roaming\uTorrent
2011-11-20 23:14 . 2011-11-20 23:14	--------	d-----w-	c:\users\Giovane\AppData\Local\uTorrent
2011-11-20 14:53 . 2011-11-20 14:53	--------	d-----w-	c:\program files\iPod
2011-11-20 14:53 . 2011-11-20 14:53	--------	d-----w-	c:\program files\iTunes
2011-11-15 21:09 . 2011-11-15 21:09	--------	d-----w-	c:\windows\system32\Macromed
2011-11-10 16:34 . 2011-12-03 20:22	--------	d-----w-	c:\programdata\NVIDIA
2011-11-10 16:34 . 2011-11-26 12:58	--------	d-----w-	c:\users\UpdatusUser
2011-11-10 16:32 . 2011-11-08 03:51	837952	----a-w-	c:\windows\system32\easyupdatusapiu64.dll
2011-11-10 16:32 . 2011-11-08 03:51	5067584	----a-w-	c:\windows\system32\nvsvc64.dll
2011-11-10 16:32 . 2011-11-08 03:51	3074368	----a-w-	c:\windows\system32\nvsvcr.dll
2011-11-10 16:32 . 2011-11-08 03:51	222528	----a-w-	c:\windows\system32\nvmctray.dll
2011-11-10 16:32 . 2011-11-08 03:51	1640768	----a-w-	c:\windows\system32\nvvsvc.exe
2011-11-10 16:32 . 2011-11-08 03:51	137536	----a-w-	c:\windows\system32\nvshext.dll
2011-11-10 16:32 . 2011-11-08 03:51	10406208	----a-w-	c:\windows\system32\nvcpl.dll
2011-11-10 16:28 . 2011-11-10 16:28	--------	d-----w-	C:\NVIDIA
2011-11-10 16:22 . 2011-11-10 16:22	--------	d-----w-	c:\program files (x86)\Phyxion.net
2011-11-10 16:16 . 2011-11-10 16:16	--------	d-----w-	c:\programdata\NVIDIA Corporation
2011-11-09 18:06 . 2011-10-01 05:45	886784	----a-w-	c:\program files\Common Files\System\wab32.dll
2011-11-09 18:06 . 2011-10-01 04:37	708608	----a-w-	c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 18:06 . 2011-09-29 16:29	1923952	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-09 18:06 . 2011-09-29 04:03	3144704	----a-w-	c:\windows\system32\win32k.sys
2011-11-08 23:49 . 2011-11-08 23:49	--------	d-----w-	c:\program files (x86)\TeamViewer
2011-11-07 20:53 . 2011-11-07 20:53	321856	----a-w-	c:\windows\SysWow64\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-02 23:55 . 2011-07-08 01:31	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2011-12-02 23:55 . 2011-05-01 21:26	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2011-12-02 23:32 . 2011-07-08 01:31	271200	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2011-11-28 18:01 . 2011-08-02 21:41	41184	----a-w-	c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-08-02 21:41	199816	----a-w-	c:\windows\SysWow64\aswBoot.exe
2011-11-28 18:01 . 2011-05-01 16:28	256960	----a-w-	c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-08-02 21:42	591192	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-08-02 21:42	304472	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-08-02 21:42	42328	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-08-02 21:42	58712	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-08-02 21:42	66904	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2011-08-02 21:42	24408	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-11-24 21:37 . 2011-09-21 21:59	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-11-22 15:45 . 2011-07-08 01:31	75136	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2011-11-15 21:09 . 2011-05-17 18:55	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-01 21:09 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2011-11-01 21:09 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2011-10-24 16:29 . 2011-10-24 16:29	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 16:29 . 2011-10-24 16:29	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2011-09-28 19:45 . 2011-09-28 19:45	15453832	----a-w-	c:\windows\SysWow64\xlive.dll
2011-09-28 19:45 . 2011-09-28 19:45	13642888	----a-w-	c:\windows\SysWow64\xlivefnt.dll
2010-01-26 13:11 . 2011-10-23 23:11	444283	----a-w-	c:\program files (x86)\Common Files\WinPcapNmap.exe
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-12-02_22.17.58   )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-12-02 22:04	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-12-03 20:22	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-12-02 22:04	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-03 20:22	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-02 22:04	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-03 20:22	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-01 16:04 . 2011-12-03 20:24	45988              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-03 20:24	36488              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-12-02 22:06	36488              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-01 15:32 . 2011-12-03 20:24	12348              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-336372419-174131893-1597346273-1000_UserData.bin
+ 2011-05-11 01:38 . 2011-12-03 20:04	4864              c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-05-11 01:38 . 2011-11-20 02:25	4864              c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-12-02 22:17 . 2011-12-02 22:17	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-03 20:22 . 2011-12-03 20:22	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-03 20:22 . 2011-12-03 20:22	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-02 22:17 . 2011-12-02 22:17	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-12-02 22:16	391740              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-12-03 20:04	391740              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-01 22:09 . 2011-12-03 20:04	10481632              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-336372419-174131893-1597346273-1000-12288.dat
+ 2011-09-28 19:55 . 2011-09-28 19:55	21598208              c:\windows\Installer\2e6d5a.msi
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 rgyezn;rgyezn;c:\windows\system32\drivers\jgjgo.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-01 136176]
R3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\system32\DRIVERS\AGUx64.sys [x]
R3 cpuz130;cpuz130;c:\users\Giovane\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-01 136176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-08 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-11-07 381248]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
.
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2011-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-01 16:28]
.
2011-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-01 16:28]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01	134384	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bigseekpro.com/anyvideo2dvd/{0D029657-07DA-4BAE-9D77-64B20E8FC39C}
mStart Page = hxxp://www.bigseekpro.com/anyvideo2dvd/{0D029657-07DA-4BAE-9D77-64B20E8FC39C}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Giovane\AppData\Roaming\Mozilla\Firefox\Profiles\fvkmphzr.default\
FF - prefs.js: network.proxy.ftp - 46.47.200.106
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 46.47.200.106
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 46.47.200.106
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 46.47.200.106
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-336372419-174131893-1597346273-1000\Software\SecuROM\License information*]
"datasecu"=hex:be,8e,c8,cf,3b,2e,63,4d,e7,62,00,e2,b9,b3,51,aa,32,9e,d7,b0,e2,
   4a,58,a2,36,df,19,f3,37,07,b3,f5,47,3b,54,d8,74,63,60,2b,a7,80,c4,73,bb,b0,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Google\Update\1.3.21.79\GoogleCrashHandler.exe
.
**************************************************************************
.
Tempo para conclusão: 2011-12-03  18:28:00 - Máquina reiniciou
ComboFix-quarantined-files.txt  2011-12-03 20:27
ComboFix2.txt  2011-12-02 22:21
.
Pré-execução: 642.499.047.424 bytes disponíveis
Pós execução: 642.450.243.584 bytes disponíveis
.
- - End Of File - - 11473377A635E9C84E26AB325E69A0F8
 
Última edição:
Didjo, a infecção principal (banker) estava na pasta e540e9fe089 e, segundo o log do OTL, a mesma foi criada no dia 30/11, ao 12:51. Se você usou o cartão no dia 27, menos mal. Porém, se fosse comigo, eu faria a alteração dos dados mesmo assim, só por precaução. Afinal, são informações extremamente sensíveis e sigilosas. Mas cabe a você decidir tal questão.

O log está limpo. O Avast ainda emite alerta?

Outra pergunta: Foi você quem configurou o endereço proxy "46.47.200.106" no Firefox?

Exclua as pastas C:\Qoobox e C:\ComboFix. Pode deletar as ferramentas ComboFix.exe, OTL e OTM.

Recomendo também um scan online em seu sistema com um antivirus diferente. O ESET Online Scanner é uma excelente opção free, eficaz e leve. Mas existem outros tão bons quanto, se for de sua preferência.
 
Mr.Wolf disse:
Didjo, a infecção principal (banker) estava na pasta e540e9fe089 e, segundo o log do OTL, a mesma foi criada no dia 30/11, ao 12:51. Se você usou o cartão no dia 27, menos mal. Porém, se fosse comigo, eu faria a alteração dos dados mesmo assim, só por precaução. Afinal, são informações extremamente sensíveis e sigilosas. Mas cabe a você decidir tal questão.

O log está limpo. O Avast ainda emite alerta?

Outra pergunta: Foi você quem configurou o endereço proxy "46.47.200.106" no Firefox?

Exclua as pastas C:\Qoobox e C:\ComboFix. Pode deletar as ferramentas ComboFix.exe, OTL e OTM.

Recomendo também um scan online em seu sistema com um antivirus diferente. O ESET Online Scanner é uma excelente opção free, eficaz e leve. Mas existem outros tão bons quanto, se for de sua preferência.
Clique para expandir...

Mr.Wolf, conferi aqui e a compra foi feita no dia 26/11, e não no dia 27/11 como havia mencionado antes.

O avast por enquanto não emitiu nenhum novo alerta.

Fui eu que configurei o proxy no Firefox sim, inclusive foi nesse dia que fiz a compra. Configurei o proxy para comprar o jogo mais barato.

Gostaria de perguntar pra vc que é uma pessoa mais experiente no assunto, que anti-vírus e ferramentas de segurança vc me recomenda que sejam gratuitos para proteger minha máquina ?

Também de agradecer toda a atenção que vc me deu durante esses dias e fico feliz que minha máquina agora esteja segura, muito obrigado! :yes:

Edit:

Mr.Wolf, não estou conseguindo deletar a pasta C:\Qoobox, diz que eu preciso de permissão dos administradores para fazer alterações na pasta. Não encontrei a pasta C:\ComboFix.

Algumas pastas, antes ocultas, agora estão aparecendo. Como faço para elas voltarem a ficarem ocultas ?

Uma screen de algumas pastas de C:, antes ocultas:

semttulooon.jpg
 
Última edição:
Didjo disse:
Gostaria de perguntar pra vc que é uma pessoa mais experiente no assunto, que anti-vírus e ferramentas de segurança vc me recomenda que sejam gratuitos para proteger minha máquina ?
Clique para expandir...
Os programas que você utiliza (Avast e o Malwarebytes) são bons, na minha opinião. As soluções gratuitas hoje estão muito boas, inclusive, muitas igualam a soluções pagas. Avira, Panda Cloud e MSE também são opções free e tão boas quanto. Ter o Malwarebytes como anti-malware auxiliar é o suficiente. Mas lembre-se que a melhor proteção de um sistema é o próprio usuário.

Fazer uma verificação online ou com um rescue disk (preferencialmente) de tempos em tempos também é bastante recomendável.

Se por acaso você estiver decepcionado com o Avast devido a infecção na máquina, é totalmente compreensível. No entanto, é importante ressaltar que nenhum programa de segurança é 100% eficaz. Isso pode acontecer mesmo você utilizando um software pago. Para não ter surpresas como esta, basta ter cuidado e bons hábitos de navegação, saber no que está clicando, o que está baixando, enfim...
Usar uma sandboxie ou máquina virtual para navegar e baixar arquivos é uma escolha interessante também.

Mr.Wolf, não estou conseguindo deletar a pasta C:\Qoobox, diz que eu preciso de permissão dos administradores para fazer alterações na pasta. Não encontrei a pasta C:\ComboFix.
Clique para expandir...
Alguns usuários estão tendo problema em remover essa pasta mesmo. Entretanto, já foi reportado ao desenvolvedor da ferramenta.

Clique com o direito do mouse sobre a pasta, selecione Propriedades. Desmarque a opção "Somente leitura" e tente removê-la. Se ainda assim não resolver, tente usar o Unlocker Portable.

Algumas pastas, antes ocultas, agora estão aparecendo. Como faço para elas voltarem a ficarem ocultas ?
Clique para expandir...
Vá em Meu computador e tecle Alt. No menu superior que abrirá clique em Ferramentas > Opções de pasta > Modo de Exibição. Desça a barra de rolagem e marque as três opções abaixo:

Ocultar arquivos protegidos do sistema operacional (Recomendado)
Ocultar unidades vazias na pasta Computador
Não mostrar arquivos, pastas ou unidades ocultas

Dê um OK e veja se eles voltarão a ficar ocultos.
 
Última edição:
Mr.Wolf, obrigado pelo esclarecimento.

É necessário deixar o Malwarebytes rodando junto com o Avast ? Eles podem entrar em conflito ?

Essa verificação online que vc me recomendou é aquele ESET Online Scanner ? Se sim, possui algum problema em utiliza-lo usando o Avast como anti-vírus ?

Desculpa tantas perguntas e mais uma vez obrigado pelas respostas, isso será muito útil para a segurança da minha máquina.
 
Didjo disse:
É necessário deixar o Malwarebytes rodando junto com o Avast ? Eles podem entrar em conflito ?
Clique para expandir...
É necessário somente se você julgar necessário, Didjo. Lógico, ter uma outra solução de segurança auxiliando na proteção real-time é interessante. Mas o essencial é antivirus, firewall, e o principal, o bom senso. E não, eles não conflitam. Pode ficar despreocupado e usá-lo à vontade em conjunto ao Avast. O Malwarebytes, até hoje, não apresentou conflitos com nenhum antivirus.

Essa verificação online que vc me recomendou é aquele ESET Online Scanner ?
Clique para expandir...
Exato.

Se sim, possui algum problema em utiliza-lo usando o Avast como anti-vírus ?
Clique para expandir...
Problema nenhum. Você não vai instalar o antivirus em si. Apenas um simples activeX necessário, que não interfere no andamento da máquina, e pode ser removido pelo "Desinstalar programas" facilmente após o scan. A verificação online (ou rescue disk) com um antivirus diferente do seu é extremamente importante, sob meu ponto de vista. Pois você terá uma segunda opinião - digamos assim - sobre a integridade do seu sistema. O rescue disk é mais eficaz ainda, uma vez que o scan é realizado sem o sistema estar carregado.

Desculpa tantas perguntas e mais uma vez obrigado pelas respostas, isso será muito útil para a segurança da minha máquina.
Clique para expandir...
Sem problemas. Estamos aqui para isso mesmo! :)

Abraços
 
Mr.Wolf, estou rodando o ESET Online Scanner que vc me recomendou e por enquanto foram acusados três vírus:

Win32/Spy.Bancos.NNZ trojan
a variant of Win32/Spy.Bancos.OGX trojan
a variant of Java/Rexec.A trojan

Segue uma screen:

viruslf.jpg


Gostaria de saber o que eu faço para remove-los, se eu posso utilizar o próprio ESET Online Scanner para retira-los ou se seria mais viável eu utilizar outro programa.

Edit: Coloquei para retirar os vírus utilizando o ESET mesmo. Salvei um log da onde estavam os vírus caso queira analisar mais tarde.

Código: 
C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\img.exe	a variant of Win32/Spy.Bancos.OGX trojan	cleaned by deleting - quarantined
C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\ytr.vbs	Win32/Spy.Bancos.NNZ trojan	cleaned by deleting - quarantined
C:\Users\Giovane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\298dc875-7ef17285	a variant of Java/Rexec.A trojan	deleted - quarantined
 
Última edição:
Didjo, poderia tirar com o ESET mesmo. Isso era o correto.

É por este motivo que sempre recomendo a todos que façam uma verificação online ou com rescue disk regularmente. Um antivirus detecta ameaças que outro não detecta, e vice-versa. Não existe o perfeito ou 'the best'. Nenhum software é isento de falhas, infelizmente. É assim no mundo das soluções de segurança em geral. Ter uma contraprova do estado do seu sistema é muito importante.
Só acrescentando que, caso esteja em dúvidas, existem outros excelentes scanners online também. Veja uma lista aqui.

Bom, os arquivos encontrados são variantes do spy.banker - o banker que estava alojado em sua máquina anteriormente. Acredito que não haja mais infecções.

Algum problema na máquina?

OBS: Não esqueça de alterar as senhas.
 
Última edição:
Você deve fazer login ou se registrar para responder aqui.

Users who are viewing this thread

Total: 3 (membros: 0, visitantes: 3)
Voltar
Topo