Remoção de vírus

Didjo · 07/12/2011

Mr.Wolf disse:
Didjo, poderia tirar com o ESET mesmo. Isso era o correto.

É por este motivo que sempre recomendo a todos que façam uma verificação online ou com rescue disk regularmente. Um antivirus detecta ameaças que outro não detecta, e vice-versa. Não existe o perfeito ou 'the best'. Nenhum software é isento de falhas, infelizmente. É assim no mundo das soluções de segurança em geral. Ter uma contraprova do estado do seu sistema é muito importante.
Só acrescentando que, caso esteja em dúvidas, existem outros excelentes scanners online também. Veja uma lista aqui.

Bom, os arquivos encontrados são variantes do spy.banker - o banker que estava alojado em sua máquina anteriormente. Acredito que não haja mais infecções.

Algum problema na máquina?

OBS: Não esqueça de alterar as senhas.

Retirei os vírus com o ESET mesmo como mencionei anteriormente.

Aparentemente nenhum problema na máquina, irei passar mais alguns scanners online.

Desculpe a ignorância, mas o que seria um rescue disk ?

Mr.Wolf, estava passando alguns scans online e eles acharam vírus nas seguintes pastas:

7 arquivos infectados encontrados!
----------------------------------

C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll --> Trojan.Generic.7017515

C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll --> Trojan.Generic.7017515

C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll --> Trojan.Generic.7017515

C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll --> Trojan.Generic.7017515

C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll --> Trojan.Generic.7017515

C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll --> Trojan.Generic.7017515

C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll --> Trojan.Generic.7017515

Coloquei essas pastas no vírus total e realmente ele acusa esse trojan generic. Tentei verificar o mesmo arquivo utilizando o Malwarebytes e o Avast e ambos não encontraram nenhum arquivo infectado. Gostaria de saber qual programa eu passo para retira-los.

Mr.Wolf · 08/12/2011

Didjo disse:
Retirei os vírus com o ESET mesmo como mencionei anteriormente.

Aparentemente nenhum problema na máquina, irei passar mais alguns scanners online.

Desculpe a ignorância, mas o que seria um rescue disk ?

Didjo, rescue disk de uma solução de segurança nada mais é do que um utilitário que realiza uma verificação na máquina antes de o sistema carregar (no boot), através de um CD/DVD. Isto é, você grava o arquivo na mídia, reinicia o PC e efetua o scan no boot do sistema. É a forma de detecção e desinfecção mais eficaz contra pragas mais complexas pois, como o sistema não estará carregado, a infecção não estará na memória ou com os serviços maliciosos ativos. Facilitando a remoção e identificação. A maioria das empresas antivirais possuem um rescue disk de seus aplicativos. Veja alguns aqui.

Mr.Wolf, estava passando alguns scans online e eles acharam vírus nas seguintes pastas:

7 arquivos infectados encontrados!
----------------------------------

C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll --> Trojan.Generic.7017515

C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll --> Trojan.Generic.7017515

C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll --> Trojan.Generic.7017515

C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll --> Trojan.Generic.7017515

C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll --> Trojan.Generic.7017515

C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll --> Trojan.Generic.7017515

C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll --> Trojan.Generic.7017515

Coloquei essas pastas no vírus total e realmente ele acusa esse trojan generic. Tentei verificar o mesmo arquivo utilizando o Malwarebytes e o Avast e ambos não encontraram nenhum arquivo infectado. Gostaria de saber qual programa eu passo para retira-los.

Falso positivo. Estes arquivos não são maliciosos. Pelo que vi em seus logs do OTL, você tem o QuickTime instalado na máquina. Estes arquivos fazem parte do plugin do programa que, por sua vez, é integrado aos browsers. No entanto, se você não costuma utilizar o IE pode excluí-los sem problemas. Alguns antivirus, às vezes, identificam estes arquivos como ameaças mesmo. Tempos atrás o Malwarebytes estava detectando estes arquivos também. Mas o falso positivo foi corrigido em uma atualização antiga.

Se mesmo assim quiser removê-los, veja se um Shit + Delete não resolve o problema. de qualquer maneira, faça isso somente se não utilizas o IE.

Red Rabbit · 18/12/2011

Olá, Mr. Wolf,

Mais uma vez venho solicitar sua ajuda pq os antvirus não estão resolvendo. Sempre que tenho um problema difícil de solucionar, lembro de vc ehehehhe.

Ontem formatei meu pc e instalei somente o nescessário: Um jogo original (battlefield 3) e alguns arquivos nescessários e básicos, que baixei no baixaki. Depois meu pc começou a ficar lento e não conseguia entrar mais no jogo pq aparecia essa menssagem:

Desconfiei que era virus e baixei a versão trial do kaspersky, e assim que instalei ele encontrou isso:

O kaspersky resolveu o problema e consegui entrar no jogo e está indo tudo bem até agora, mas acabei de iniciar o pc e vi uma menssagem de uma bandeirinha ao lado do relógio do windows que diz o seguinte:

Remove the W32/Jeefo or PE_JEEFO.A Virus virus from your computer
This problem was caused by W32/Jeefo or PE_JEEFO.A Virus, a known computer virus.

To prevent this problem from occurring again, install and run an up-to-date antivirus and antispyware program on your computer.

Abraço

Mr.Wolf · 19/12/2011

E aí Red Rabbit, tudo bem?

Sinceramente, o Baixaki não é um site nada confiável, na minha humilde opinião. O que tem aparecido de casos de usuários reportando vírus nos arquivos hospedados lá não é brincadeira. Inclusive, há tempos o Baixaki hospedava uma versão contaminada do Adobe Flash Player na página. Após inúmeras denúncias (com provas e contraprovas) o suporte do site, finalmente, resolveu remover a versão infectada. O problema é que o Baixaki é mundialmente conhecido, então torna-se um empecilho maior ainda tentar convencer o usuário do contrário.

O ideal é baixar o programa diretamente do site do desenvolvedor.

Bem, este erro Generic Host geralmente é causado por vírus mesmo.

O kaspersky resolveu o problema e consegui entrar no jogo e está indo tudo bem até agora, mas acabei de iniciar o pc e vi uma menssagem de uma bandeirinha ao lado do relógio do windows que diz o seguinte:

Remove the W32/Jeefo or PE_JEEFO.A Virus virus from your computer
This problem was caused by W32/Jeefo or PE_JEEFO.A Virus, a known computer virus.

To prevent this problem from occurring again, install and run an up-to-date antivirus and antispyware program on your computer.

Suspeito de um rootkit. Torçamos para que não seja.

Se puder postar um log do OTL aqui, conforme este post, vai ser de muita ajuda para que eu possar dar uma olhada em seu sistema.

Abraços

Didjo · 21/12/2011

Olá Mr.Wolf!

Amanhã irei fazer uma compra via internet e gostaria que vc analisasse meu log do OTL para ver se não estou com nenhum trojan bankers.

Segue:

Código:

OTL logfile created on: 21/12/2011 22:01:34 - Run 8
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Giovane\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
4,00 Gb Total Physical Memory | 2,74 Gb Available Physical Memory | 68,43% Memory free
7,99 Gb Paging File | 6,50 Gb Available in Paging File | 81,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 597,47 Gb Free Space | 64,15% Space Free | Partition Type: NTFS
 
Computer Name: GIOVANE-PC | User Name: Giovane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011/12/21 21:59:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Giovane\Desktop\OTL.exe
PRC - [2011/12/06 11:42:28 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/11/28 16:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 16:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/11/08 01:51:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/11/07 18:53:32 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/10/22 11:57:28 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2011/11/28 16:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:[b]64bit:[/b] - [2009/07/13 23:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/12/08 12:58:16 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/12/06 11:42:28 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/11/08 01:51:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/11/07 18:53:32 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/01 19:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 19:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2011/12/08 16:25:33 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2011/11/28 15:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:[b]64bit:[/b] - [2011/11/28 15:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:[b]64bit:[/b] - [2011/11/28 15:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:[b]64bit:[/b] - [2011/11/28 15:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:[b]64bit:[/b] - [2011/11/28 15:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:[b]64bit:[/b] - [2011/11/28 15:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:[b]64bit:[/b] - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:[b]64bit:[/b] - [2011/07/07 21:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2011/03/11 04:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/11 04:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010/11/20 11:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/20 09:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/11/20 09:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2010/11/09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:[b]64bit:[/b] - [2010/01/05 20:23:18 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:[b]64bit:[/b] - [2009/08/21 06:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:[b]64bit:[/b] - [2009/07/16 12:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:[b]64bit:[/b] - [2009/07/13 23:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/13 23:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/13 23:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/07/13 22:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:[b]64bit:[/b] - [2009/06/20 00:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:[b]64bit:[/b] - [2009/06/10 18:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 18:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 18:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 18:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2008/08/07 03:08:46 | 001,077,760 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AGUx64.sys -- (A5AGU)
DRV - [2009/07/13 23:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/anyvideo2dvd/{0D029657-07DA-4BAE-9D77-64B20E8FC39C}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-336372419-174131893-1597346273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/anyvideo2dvd/{0D029657-07DA-4BAE-9D77-64B20E8FC39C}
IE - HKU\S-1-5-21-336372419-174131893-1597346273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
IE - HKU\S-1-5-21-336372419-174131893-1597346273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E3 9A 07 96 2D 4D CC 01  [binary data]
IE - HKU\S-1-5-21-336372419-174131893-1597346273-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..network.proxy.backup.ftp: "109.188.171.198:3128"
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: "109.188.171.198:3128"
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: "109.188.171.198:3128"
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "46.47.200.106"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "46.47.200.106"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "46.47.200.106"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "46.47.200.106"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/01 09:37:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/26 00:11:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/11/26 00:11:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Giovane\AppData\Roaming\mozilla\Extensions
[2011/11/26 00:11:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/11/21 02:42:52 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/20 23:34:27 | 000,001,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\buscape.xml
[2011/11/20 23:34:27 | 000,001,212 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mercadolivre.xml
[2011/11/20 23:15:19 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2011/11/20 23:34:27 | 000,001,168 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-br.xml
[2011/11/20 23:34:27 | 000,000,952 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-br.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Giovane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Adblock Plus for Google Chrome\u2122 (Beta) = C:\Users\Giovane\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.1.4_0\
CHR - Extension: Pesquisa do Google = C:\Users\Giovane\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Classic = C:\Users\Giovane\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1_0\
CHR - Extension: Gmail = C:\Users\Giovane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\
 
O1 HOSTS File: ([2011/12/03 18:23:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:[b]64bit:[/b] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:[b]64bit:[/b] - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:[b]64bit:[/b] - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:[b]64bit:[/b] - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-336372419-174131893-1597346273-1012..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-336372419-174131893-1597346273-1012..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-336372419-174131893-1597346273-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-336372419-174131893-1597346273-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-336372419-174131893-1597346273-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-336372419-174131893-1597346273-1012\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:[b]64bit:[/b] - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} [url]http://quickscan.bitdefender.com/qsax/qsax.cab[/url] (BitDefender QuickScan Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [url]http://download.eset.com/special/eos/OnlineScanner.cab[/url] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url]http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab[/url] (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [url]http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab[/url] (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url]http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab[/url] (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1226753E-7691-4904-8C66-A65697346F8C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1226753E-7691-4904-8C66-A65697346F8C}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF856659-BA9D-44D2-A2A7-6544B3E6494F}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/14 14:31:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011/12/21 21:59:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Giovane\Desktop\OTL.exe
[2011/12/20 17:40:12 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{82CA89DD-00B3-482E-BA42-CA7C28B5E2A6}
[2011/12/20 17:40:00 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{AFE55A5A-DA92-407B-A5AE-165A73F33105}
[2011/12/20 16:51:12 | 000,946,144 | ---- | C] (techPowerUp ([url=http://www.techpowerup.com]techPowerUp! - The latest in hardware and gaming[/url])) -- C:\Users\Giovane\Desktop\GPU-Z.0.5.7.exe
[2011/12/19 17:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteelSeries
[2011/12/19 17:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SteelSeries
[2011/12/18 12:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix
[2011/12/18 12:35:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MKVToolNix
[2011/12/18 12:19:49 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Roaming\mkvtoolnix
[2011/12/16 13:50:23 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{0FA9DC1E-C941-441C-8E42-1FB4C7648B38}
[2011/12/16 13:50:11 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{7666BF0C-BCA1-4DCD-A084-1BEE5DB9BDD7}
[2011/12/14 14:51:26 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/14 14:51:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/14 14:51:26 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/14 14:51:26 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/14 14:51:25 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/14 14:51:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/14 14:51:24 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/12/14 14:51:24 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/12/14 14:51:24 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/12/14 14:51:24 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/14 14:51:24 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/12/14 12:52:22 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/14 12:52:19 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/14 12:52:19 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/13 22:15:22 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{2E51F877-FB35-49D6-88FA-8DAE1BED56CC}
[2011/12/11 13:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageShack Uploader
[2011/12/11 13:31:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImageShack Uploader
[2011/12/10 13:10:17 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{6C1A0DD6-39E9-42A3-8E83-74137F2B1206}
[2011/12/10 13:09:56 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{FC685A32-DFE2-4320-AE71-9BFE28EEF9C7}
[2011/12/08 21:19:35 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mirillis
[2011/12/08 21:19:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mirillis
[2011/12/07 20:31:55 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Roaming\ArcaVirMicroScan
[2011/12/07 20:09:44 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Roaming\QuickScan
[2011/12/07 18:03:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2011/12/06 18:30:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/12/03 19:31:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/02 19:56:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/02 19:56:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/02 19:56:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/02 19:44:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/02 19:44:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/01 15:08:55 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{5C5352F1-1456-4E0B-950F-4FE96784E2E5}
[2011/12/01 15:08:43 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{89755709-94FD-417D-8FC8-CB19789EF784}
[2011/11/29 13:35:53 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\Microsoft Games
[2011/11/28 17:14:05 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{F129B1AD-E9B0-4096-AB17-D9088604B090}
[2011/11/28 17:13:52 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Local\{D7D884A5-5F1D-402E-8B09-8C0C9BA9C38C}
[2011/11/28 13:08:15 | 000,000,000 | ---D | C] -- C:\Users\Giovane\AppData\Roaming\Leadertech
[2011/11/26 17:12:30 | 000,000,000 | ---D | C] -- C:\Users\Giovane\Documents\DeadIsland
[2011/11/26 00:11:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/11/24 19:37:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/11/24 19:37:39 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/11/24 19:37:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/11/24 19:37:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/11/24 19:37:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/12/21 22:02:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/21 21:59:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Giovane\Desktop\OTL.exe
[2011/12/21 12:12:35 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/21 12:12:35 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/21 12:05:29 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/21 12:05:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/21 12:05:10 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/21 00:41:13 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/12/21 00:41:13 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/12/20 16:51:15 | 000,946,144 | ---- | M] (techPowerUp ([url=http://www.techpowerup.com]techPowerUp! - The latest in hardware and gaming[/url])) -- C:\Users\Giovane\Desktop\GPU-Z.0.5.7.exe
[2011/12/20 16:05:43 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/12/19 15:25:18 | 001,524,858 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/19 15:25:18 | 000,666,510 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2011/12/19 15:25:18 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/19 15:25:18 | 000,128,740 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2011/12/19 15:25:18 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/19 15:24:50 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/18 12:35:38 | 000,001,862 | ---- | M] () -- C:\Users\Public\Desktop\mkvmerge GUI.lnk
[2011/12/15 22:03:25 | 000,414,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/11 13:31:04 | 000,002,483 | ---- | M] () -- C:\Users\Public\Desktop\ImageShack Uploader.lnk
[2011/12/08 21:19:36 | 000,002,246 | ---- | M] () -- C:\Users\Giovane\Desktop\Splash PRO EX.lnk
[2011/12/08 21:17:36 | 019,895,313 | ---- | M] () -- C:\Users\Giovane\Documents\MSPEv1.12.0_--WIL.rar
[2011/12/08 16:25:33 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2011/12/07 20:28:21 | 000,866,936 | ---- | M] () -- C:\Users\Giovane\AppData\Local\census.cache
[2011/12/07 20:27:47 | 000,118,075 | ---- | M] () -- C:\Users\Giovane\AppData\Local\ars.cache
[2011/12/07 20:14:00 | 000,000,036 | ---- | M] () -- C:\Users\Giovane\AppData\Local\housecall.guid.cache
[2011/12/06 11:43:02 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011/12/06 11:42:28 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/12/03 18:23:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/03 11:55:30 | 000,129,400 | ---- | M] () -- C:\Users\Giovane\Documents\injectSMAA_by_mrhaandi_1.1.7z
[2011/12/01 09:37:17 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/11/28 16:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 16:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/11/28 16:01:14 | 000,256,960 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/11/28 15:54:06 | 000,591,192 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/11/28 15:53:58 | 000,304,472 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/11/28 15:52:22 | 000,042,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/11/28 15:52:20 | 000,058,712 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/11/28 15:52:11 | 000,066,904 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/11/28 15:51:53 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/11/26 00:11:03 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/24 19:37:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/11/24 19:37:30 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/11/24 19:37:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/11/24 19:37:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/12/18 12:35:38 | 000,001,862 | ---- | C] () -- C:\Users\Public\Desktop\mkvmerge GUI.lnk
[2011/12/11 13:31:04 | 000,002,483 | ---- | C] () -- C:\Users\Public\Desktop\ImageShack Uploader.lnk
[2011/12/08 21:19:36 | 000,002,246 | ---- | C] () -- C:\Users\Giovane\Desktop\Splash PRO EX.lnk
[2011/12/08 21:16:16 | 019,895,313 | ---- | C] () -- C:\Users\Giovane\Documents\MSPEv1.12.0_--WIL.rar
[2011/12/08 19:23:46 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/12/08 16:25:30 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2011/12/07 20:28:21 | 000,866,936 | ---- | C] () -- C:\Users\Giovane\AppData\Local\census.cache
[2011/12/07 20:27:47 | 000,118,075 | ---- | C] () -- C:\Users\Giovane\AppData\Local\ars.cache
[2011/12/07 20:14:00 | 000,000,036 | ---- | C] () -- C:\Users\Giovane\AppData\Local\housecall.guid.cache
[2011/12/03 11:55:30 | 000,129,400 | ---- | C] () -- C:\Users\Giovane\Documents\injectSMAA_by_mrhaandi_1.1.7z
[2011/12/02 19:56:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/02 19:56:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/02 19:56:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/02 19:56:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/02 19:56:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/26 00:11:03 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/26 00:11:03 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/22 13:46:21 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011/11/07 18:53:44 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/10/23 21:11:51 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
[2011/10/03 21:33:13 | 001,533,836 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/07/12 15:37:48 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/07/07 23:31:09 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/07/07 23:31:02 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/07/06 17:38:02 | 000,674,600 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/05/14 14:01:08 | 000,000,000 | ---- | C] () -- C:\Users\Giovane\AppData\Local\{5DF2AEB5-3646-4324-B994-5E2E6EEF8227}
[2011/05/04 22:42:53 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/05/04 22:42:53 | 000,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/05/01 19:25:29 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2009/07/14 03:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 00:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 22:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 21:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 19:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 19:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011/12/07 20:31:55 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\ArcaVirMicroScan
[2011/08/02 18:56:13 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\Ashampoo
[2011/10/15 21:12:10 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\Bioshock
[2011/10/03 23:51:25 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\DAEMON Tools Lite
[2011/11/28 13:08:15 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\Leadertech
[2011/09/10 18:40:06 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\MAXON
[2011/11/21 19:27:26 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\Mirillis
[2011/12/18 12:19:49 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\mkvtoolnix
[2011/10/19 14:35:04 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\Origin
[2011/12/07 20:09:52 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\QuickScan
[2011/09/15 15:01:55 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\Rovio
[2011/07/08 12:39:53 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\The Creative Assembly
[2011/12/13 23:31:05 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\TS3Client
[2011/07/12 12:09:12 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\Ubisoft
[2011/12/16 19:02:16 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\uTorrent
[2011/10/23 21:13:34 | 000,000,000 | ---D | M] -- C:\Users\Giovane\AppData\Roaming\VDownloader
[2011/11/15 19:05:46 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >

Eu acho que aquele trojan banker que eu fui infectado naquela última vez veio de um arquivo torrent de uma série que eu assisto. Teria algum sistema de segurança que escaneasse esses arquivos para que não venha com vírus?

Abraço!

masterpiece · 23/12/2011

Pessoal,

Tem um vírus muito chato no meu pc, toda vez que eu inicio o windows o meu antivirus, o Microsoft Security Essentials acusa um vírus e pede para remover segundo a tela abaixo:

Aperto em "Mostrar detalhes e aparece a seguinte descrição:

Apertando em "Exibir mais informações sobre este item online" aparece este link: http://www.microsoft.com/security/p...name=Worm:Win32/Nenebra.A&threatid=2147636377

Até agora eu não percebi nenhuma diferença prática no PC, além da chatice de toda vez que reiniciar o windows aparecer esta mensagem, mas sempre fica aquele medo de ser algo sério e alguma hora vir a tona!

O que vcs me recomendam para resolver este problema?

Desde já agradecido!

Baco23 · 24/12/2011

Parabéns pelo Forum e mais pelo post...

Hailander12 · 02/01/2012

Mr.Wolf

Quando vou iniciar um jogo aqui aparece o seguinte:

[/URL] Uploaded with ImageShack.us[/IMG

Me ajude ae

Aqui estâo os logs

HijackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:38:08, on 2/1/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe
C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe
C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe
C:\ARQUIV~1\WI371A~1\Datamngr\DATAMN~1.EXE
C:\Documents and Settings\Windows XP\Configurações locais\Dados de aplicativos\Akamai\netsession_win.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Documents and Settings\Windows XP\Configurações locais\Dados de aplicativos\Akamai\netsession_win.exe
C:\WINDOWS\system32\PnkBstrB.exe
c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Windows XP\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Windows XP\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Windows XP\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Windows XP\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Windows XP\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Windows XP\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Windows XP\Meus documentos\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Arquivos de programas\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Arquivos de programas\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [DATAMNGR] C:\ARQUIV~1\WI371A~1\Datamngr\DATAMN~1.EXE
O4 - HKCU\..\Run: [RGSC] C:\Arquivos de programas\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Windows XP\Configurações locais\Dados de aplicativos\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Arquivos de programas\4shared Desktop\down_all.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL
O14 - IERESET.INF: SEARCH_PAGE_URL=&MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~3\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

--
End of file - 9294 bytes

Vicalvi · 09/01/2012

Queria aproveitar o tópico e perguntar ao Mr.Wolf se terei algum problema de conflito em utilizar o anti-vírus Avira Premium + Malwarebytes Pro? Já que os dois tem proteção em tempo real.

Penha13 · 09/01/2012

Tem um virus chato aqui, que não consigo eliminar, ja tentei entrar em modo de segurança MalwareBytes + avast
e nada , ele fica pegando 25% da porra do meu processador vou por algumas fotos no final do post.

Código:

OTL logfile created on: 09/01/2012 10:30:17 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Charles\Downloads
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
3,50 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 65,64% Memory free
7,00 Gb Paging File | 5,62 Gb Available in Paging File | 80,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 348,46 Gb Free Space | 74,83% Space Free | Partition Type: NTFS
 
Computer Name: CHARLES-PC | User Name: Charles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012/01/09 10:28:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Charles\Downloads\OTL.exe
PRC - [2012/01/09 10:26:46 | 000,012,970 | ---- | M] () -- C:\Users\Charles\AppData\Local\Temp\neim.exe
PRC - [2012/01/09 10:26:37 | 000,012,970 | ---- | M] () -- C:\Windows\Temp\wingyoq.exe
PRC - [2012/01/09 10:09:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/11/29 07:50:03 | 002,916,736 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/10/01 12:08:26 | 003,507,608 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2011/09/08 15:30:10 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/09/08 15:29:46 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/09/06 17:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/08/15 17:18:14 | 002,024,840 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/08/15 17:18:10 | 001,435,016 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/08/02 05:33:30 | 004,984,640 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/06/24 17:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/06/24 17:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2009/08/03 03:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 23:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012/01/09 10:26:46 | 000,012,970 | ---- | M] () -- C:\Users\Charles\AppData\Local\Temp\neim.exe
MOD - [2012/01/09 10:09:05 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/14 04:53:28 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2010/06/24 17:35:28 | 000,050,600 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\mmdslang\LangPtBr.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/29 07:50:03 | 002,916,736 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/09/08 15:29:46 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/09/06 17:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/15 17:18:10 | 001,435,016 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/06/24 17:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/07/13 23:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 23:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 23:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2011/12/26 01:50:23 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/10/08 02:38:45 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/09/08 16:26:10 | 008,606,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011/09/08 16:26:10 | 008,606,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/09/08 14:52:20 | 000,248,832 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/09/06 17:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 17:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 17:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 17:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 17:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/09/06 17:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/01 02:04:32 | 000,092,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\sXe Injected\ddsxei.sys -- (ddsxeiservice)
DRV - [2011/07/06 13:14:42 | 000,089,376 | ---- | M] (Tonec Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2011/06/06 20:06:54 | 000,211,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011/03/30 09:05:55 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2010/06/18 15:09:48 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/06/18 14:41:34 | 000,019,968 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2010/04/01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2009/07/13 23:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 23:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 23:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 21:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 21:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 21:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/10 13:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motoandroid.sys -- (motandroidusb)
DRV - [2009/05/08 11:56:12 | 000,042,752 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motodrv.sys -- (MotDev)
DRV - [2009/03/18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://find.localstrike.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://find.localstrike.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://find.localstrike.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://find.localstrike.net/
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2298984361-2374600404-967774717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://find.localstrike.net/
IE - HKU\S-1-5-21-2298984361-2374600404-967774717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://find.localstrike.net/
IE - HKU\S-1-5-21-2298984361-2374600404-967774717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2298984361-2374600404-967774717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKU\S-1-5-21-2298984361-2374600404-967774717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 79 9F A9 92 8F 84 CC 01  [binary data]
IE - HKU\S-1-5-21-2298984361-2374600404-967774717-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..keyword.URL: "about:blank"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/10/30 08:51:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/09 10:09:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Charles\AppData\Roaming\IDM\idmmzcc5 [2011/10/08 02:20:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Charles\AppData\Roaming\IDM\idmmzcc5 [2011/10/08 02:20:39 | 000,000,000 | ---D | M]
 
[2011/11/05 21:45:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\mozilla\Extensions
[2012/01/08 15:30:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\mozilla\Firefox\Profiles\m436ezi0.default\extensions
[2011/08/30 17:37:02 | 000,002,156 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\m436ezi0.default\searchplugins\localstrike-search.xml
[2012/01/09 10:09:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/01/09 10:09:06 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/13 17:27:09 | 000,002,287 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/01/09 10:09:03 | 000,001,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\buscape.xml
[2012/01/09 10:09:03 | 000,001,212 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml
[2012/01/09 10:09:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/01/09 10:09:03 | 000,001,168 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-br.xml
[2012/01/09 10:09:03 | 000,000,952 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-br.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: LocalStrike Search (Enabled)
CHR - default_search_provider: search_url = http://find.localstrike.net/?q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\LocalHost\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Chrome NaCl (Enabled) = C:\Users\LocalHost\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\LocalHost\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
CHR - plugin: Google Update (Enabled) = C:\Users\LocalHost\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: No name found = C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
CHR - Extension: New Tab Redirect! = C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\
 
O1 HOSTS File: ([2011/10/01 10:23:55 | 000,000,792 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 0.0.0.0 transportandoobrasil.com
O1 - Hosts: 127.0.0.1 ci-main.loginregistration.eadm.ea.com
O1 - Hosts: 127.0.0.1 motd.dm.origin.com
O1 - Hosts: 127.0.0.1 store.origin.com
O1 - Hosts: 127.0.0.1 drh.img.digitalriver.com
O1 - Hosts: 127.0.0.1 drh2.img.digitalriver.com
O1 - Hosts: 127.0.0.1 drh1.img.digitalriver.com
O1 - Hosts: 127.0.0.1 eaeacom.112.2o7.net
O1 - Hosts: 127.0.0.1 b.scorecardresearch.com
O1 - Hosts: 127.0.0.1 heartbeat.dm.origin.com
O1 - Hosts: 127.0.0.1 web.dm.origin.com
O1 - Hosts: 127.0.0.1 loginregistration.dm.origin.com
O1 - Hosts: 127.0.0.1 friends.dm.origin.com:443
O1 - Hosts: 127.0.0.1 avatar.dm.origin.com:443
O1 - Hosts: 127.0.0.1 ecommerce.dm.origin.com
O1 - Hosts: 127.0.0.1 gosredirector.ea.com
O1 - Hosts: 127.0.0.1 blazeserver.blazeemu.org
O1 - Hosts: 127.0.0.1 gosgvaprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 gosiadprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 gossjcprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 demangler.ea.com
O1 - Hosts: 127.0.0.1 vmp.tools.gos.ea.com
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-2298984361-2374600404-967774717-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2298984361-2374600404-967774717-1001..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2298984361-2374600404-967774717-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Fazer o download usando o IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Charles\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Charles\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.17.0.53 201.17.0.63 201.17.0.45
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C762CD55-7F84-4DA2-A45E-ABFC15796FA1}: DhcpNameServer = 201.17.0.53 201.17.0.63 201.17.0.45
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 19:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/01/08 19:06:17 | 000,000,285 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{a02c70d7-f082-11e0-a8f5-e0cb4ebcdce1}\Shell - "" = AutoRun
O33 - MountPoints2\{a02c70d7-f082-11e0-a8f5-e0cb4ebcdce1}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{e70dc2e0-2f19-11e1-a5f5-e0cb4ebcdce1}\Shell - "" = AutoRun
O33 - MountPoints2\{e70dc2e0-2f19-11e1-a5f5-e0cb4ebcdce1}\Shell\AutoRun\command - "" = F:\autorun.exe Launch.hta
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]
 
[2012/01/09 09:45:11 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/01/09 00:06:47 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Malwarebytes
[2012/01/09 00:06:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/09 00:06:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/09 00:06:39 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/09 00:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/08 15:30:04 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Opera
[2012/01/08 15:30:04 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Apple Computer
[2012/01/08 15:30:02 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected
[2012/01/06 06:57:53 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\POrev
[2012/01/05 18:26:15 | 000,000,000 | ---D | C] -- C:\Users\Charles\Documents\18 WoS Extreme Trucker 2
[2012/01/05 18:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\18 WoS Extreme Trucker 2
[2012/01/05 18:25:57 | 000,000,000 | ---D | C] -- C:\Program Files\18 WoS Extreme Trucker 2
[2012/01/05 05:16:50 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2012/01/05 05:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012/01/05 05:16:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2012/01/05 05:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola
[2012/01/05 02:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012/01/05 02:06:54 | 000,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\mp3fhg.acm
[2012/01/05 02:06:54 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm
[2012/01/05 02:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2012/01/03 18:41:15 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Tibia
[2012/01/03 18:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia
[2012/01/02 03:42:16 | 000,000,000 | ---D | C] -- C:\Program Files\valve
[2012/01/02 03:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter Strike 1.6
[2011/12/30 22:36:00 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Local\Windows Live
[2011/12/30 01:46:31 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Sports Interactive
[2011/12/30 01:46:31 | 000,000,000 | ---D | C] -- C:\Users\Charles\Documents\Sports Interactive
[2011/12/30 01:46:31 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Sports Interactive
[2011/12/30 01:46:31 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Local\Sports Interactive
[2011/12/30 01:17:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA
[2011/12/29 18:32:32 | 000,000,000 | ---D | C] -- C:\Program Files\sXe Injected
[2011/12/29 01:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\TtqvkgX
[2011/12/27 05:16:38 | 000,000,000 | -HSD | C] -- C:\tmp
[2011/12/27 04:34:59 | 000,000,000 | ---D | C] -- C:\Mobile
[2011/12/26 01:52:02 | 000,000,000 | ---D | C] -- C:\Program Files\EA Sports
[2011/12/14 01:08:47 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Unity
[2011/12/14 01:04:27 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Local\Unity
[2011/12/04 08:07:46 | 000,000,000 | ---D | C] -- C:\Users\Charles\Documents\FIFA 12
[2011/12/03 16:38:13 | 000,000,000 | R--D | C] -- C:\Users\Charles\4Sync
[2011/12/03 16:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\4Sync
[2011/12/02 21:43:20 | 000,000,000 | ---D | C] -- C:\Users\Charles\Desktop\Metal Slug
[2011/12/02 21:43:00 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Supercade
[2011/12/02 21:41:11 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Supercade
[2011/11/21 14:34:21 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tower Defence
[2011/11/21 14:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tower Defence
[2011/11/21 00:09:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011/11/20 08:01:46 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/11/20 08:01:46 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011/11/20 08:01:46 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011/11/19 23:46:38 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2011/11/19 23:45:29 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/11/19 23:45:29 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/11/19 23:45:29 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/11/19 23:45:29 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/11/19 23:45:29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/11/19 23:45:29 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/11/19 23:45:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/11/19 23:45:29 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/11/19 23:45:29 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/11/19 23:45:29 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/11/19 23:45:29 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/11/19 23:45:29 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/11/19 23:45:29 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/11/19 23:45:29 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/11/19 23:45:29 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/11/19 23:45:29 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/11/19 23:45:29 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/11/19 23:45:29 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/11/19 23:45:29 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/11/19 23:45:29 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/11/19 23:45:29 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/11/19 23:45:28 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/11/19 23:45:28 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/11/19 23:45:28 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/11/19 23:45:28 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/11/19 23:45:28 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/11/19 23:45:28 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/11/19 23:45:28 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/11/19 23:45:28 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/11/19 23:45:28 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/11/19 23:45:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/11/19 23:45:28 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/11/19 23:45:28 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/11/19 23:45:28 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/11/19 23:45:28 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/11/19 23:45:28 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/11/19 23:45:28 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/11/19 23:44:55 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/11/19 23:44:55 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011/11/19 23:44:55 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011/11/19 23:44:55 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/11/19 23:44:55 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/11/19 23:44:55 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/11/19 23:44:55 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/11/19 23:44:55 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/11/19 23:44:55 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/11/19 23:44:55 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/11/19 23:44:55 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/11/19 23:44:55 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/11/19 23:44:55 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/11/19 23:44:55 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/11/12 15:05:47 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\vlc
[2011/11/12 15:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/11/12 15:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]
 
[2012/01/09 10:28:18 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/09 10:28:18 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/09 10:27:27 | 000,702,882 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2012/01/09 10:27:27 | 000,651,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/09 10:27:27 | 000,145,668 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2012/01/09 10:27:27 | 000,120,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/09 10:23:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/09 10:22:59 | 2817,925,120 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/09 10:18:27 | 000,103,140 | ---- | M] () -- C:\dvhdrd.pif
[2012/01/09 09:45:08 | 306,324,301 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/09 00:22:07 | 000,001,013 | ---- | M] () -- C:\Users\Charles\Desktop\sXe Injected.lnk
[2012/01/09 00:06:40 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/08 21:37:03 | 000,001,952 | ---- | M] () -- C:\Users\Public\Desktop\Servidor Dedicado CS.lnk
[2012/01/08 21:37:03 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Counter Strike 1.6.lnk
[2012/01/08 19:06:17 | 000,000,285 | RHS- | M] () -- C:\autorun.inf
[2012/01/05 18:26:08 | 000,001,357 | ---- | M] () -- C:\Users\Public\Desktop\18 WoS Extreme Trucker 2.lnk
[2012/01/05 05:49:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2012/01/05 05:49:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_motfilt_01007.Wdf
[2012/01/05 05:49:03 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2012/01/05 05:47:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2012/01/05 05:47:50 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_motccgp_01007.Wdf
[2012/01/05 05:47:44 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_motoandroid_01007.Wdf
[2012/01/05 05:18:56 | 000,002,585 | ---- | M] () -- C:\Users\Public\Desktop\RSD Lite.lnk
[2012/01/05 02:04:16 | 000,002,196 | ---- | M] () -- C:\Users\Public\Desktop\Media Player Classic - Home Cinema.lnk
[2011/12/30 05:04:43 | 000,015,160 | ---- | M] () -- C:\Users\Charles\Desktop\ehnopis.jpg
[2011/12/29 16:00:00 | 000,079,360 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll
[2011/12/29 01:02:30 | 000,000,000 | ---- | M] () -- C:\ProgramData\92xp6pW7.exe
[2011/12/24 20:03:12 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/12/24 20:03:12 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/12/21 16:14:02 | 000,151,552 | ---- | M] (fccHandler) -- C:\Windows\System32\ac3acm.acm
[2011/12/15 02:00:02 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/13 06:09:37 | 000,035,840 | ---- | M] () -- C:\Users\Charles\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/02 21:41:11 | 000,000,312 | ---- | M] () -- C:\Users\Charles\Desktop\Supercade.appref-ms
[2011/11/29 16:31:56 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2011/11/21 05:52:00 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\Tibia MULTI-IP Changer.lnk
[2011/11/19 23:48:25 | 000,001,383 | ---- | M] () -- C:\Users\Charles\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/19 23:45:29 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/11/19 23:45:29 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/11/19 23:45:29 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/11/19 23:45:29 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/11/19 23:45:29 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/11/19 23:45:29 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/11/19 23:45:29 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/11/19 23:45:29 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/11/19 23:45:29 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/11/19 23:45:29 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/11/19 23:45:29 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/11/19 23:45:29 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/11/19 23:45:29 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/11/19 23:45:29 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/11/19 23:45:29 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/11/19 23:45:29 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/11/19 23:45:29 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/11/19 23:45:29 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/11/19 23:45:29 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/11/19 23:45:29 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/11/19 23:45:29 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/11/19 23:45:29 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/11/19 23:45:28 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/11/19 23:45:28 | 001,798,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/11/19 23:45:28 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/11/19 23:45:28 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/11/19 23:45:28 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/11/19 23:45:28 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/11/19 23:45:28 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/11/19 23:45:28 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/11/19 23:45:28 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/11/19 23:45:28 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/11/19 23:45:28 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/11/19 23:45:28 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/11/19 23:45:28 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/11/19 23:45:28 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/11/19 23:45:28 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/11/19 23:45:28 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/11/19 23:44:55 | 003,181,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/11/19 23:44:55 | 001,619,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011/11/19 23:44:55 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011/11/19 23:44:55 | 001,170,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/11/19 23:44:55 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/11/19 23:44:55 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/11/19 23:44:55 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/11/19 23:44:55 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/11/19 23:44:55 | 000,219,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/11/19 23:44:55 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/11/19 23:44:55 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/11/19 23:44:55 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/11/19 23:44:55 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/11/19 23:44:55 | 000,107,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/11/16 16:23:10 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/11/14 04:53:28 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/12 15:04:59 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012/01/09 10:18:27 | 000,103,140 | ---- | C] () -- C:\dvhdrd.pif
[2012/01/09 09:45:08 | 306,324,301 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/01/09 00:06:40 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/08 19:06:28 | 000,000,285 | RHS- | C] () -- C:\autorun.inf
[2012/01/08 15:45:29 | 000,001,952 | ---- | C] () -- C:\Users\Public\Desktop\Servidor Dedicado CS.lnk
[2012/01/08 15:45:29 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Counter Strike 1.6.lnk
[2012/01/08 15:30:02 | 000,001,013 | ---- | C] () -- C:\Users\Charles\Desktop\sXe Injected.lnk
[2012/01/05 18:26:08 | 000,001,357 | ---- | C] () -- C:\Users\Public\Desktop\18 WoS Extreme Trucker 2.lnk
[2012/01/05 05:49:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2012/01/05 05:49:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_motfilt_01007.Wdf
[2012/01/05 05:49:03 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2012/01/05 05:47:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2012/01/05 05:47:50 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_motccgp_01007.Wdf
[2012/01/05 05:47:44 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_motoandroid_01007.Wdf
[2012/01/05 05:18:56 | 000,002,597 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RSD Lite.lnk
[2012/01/05 05:18:56 | 000,002,585 | ---- | C] () -- C:\Users\Public\Desktop\RSD Lite.lnk
[2012/01/05 02:06:54 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/01/05 02:06:54 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/01/05 02:06:54 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/01/05 02:04:16 | 000,002,196 | ---- | C] () -- C:\Users\Public\Desktop\Media Player Classic - Home Cinema.lnk
[2011/12/30 05:04:42 | 000,015,160 | ---- | C] () -- C:\Users\Charles\Desktop\ehnopis.jpg
[2011/12/29 01:02:23 | 000,000,000 | ---- | C] () -- C:\ProgramData\92xp6pW7.exe
[2011/12/24 20:03:12 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/12/24 20:03:12 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/12/02 21:41:11 | 000,000,312 | ---- | C] () -- C:\Users\Charles\Desktop\Supercade.appref-ms
[2011/11/29 16:31:56 | 000,001,132 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2011/11/29 16:31:56 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2011/11/19 23:48:25 | 000,001,389 | ---- | C] () -- C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/11/19 23:45:29 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/11/16 16:23:10 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/11/12 15:04:59 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/11/01 17:09:00 | 000,370,284 | ---- | C] () -- C:\ProgramData\Tibia_dat.bak
[2011/10/27 21:40:43 | 000,000,600 | ---- | C] () -- C:\Users\Charles\AppData\Local\PUTTY.RND
[2011/10/22 19:24:28 | 000,002,848 | ---- | C] () -- C:\Windows\System32\LOWERP.ini
[2011/10/22 19:24:28 | 000,001,520 | ---- | C] () -- C:\Windows\System32\LPOff.ini
[2011/10/12 17:42:53 | 000,702,882 | ---- | C] () -- C:\Windows\System32\prfh0416.dat
[2011/10/12 17:42:53 | 000,323,154 | ---- | C] () -- C:\Windows\System32\prfi0416.dat
[2011/10/12 17:42:53 | 000,145,668 | ---- | C] () -- C:\Windows\System32\prfc0416.dat
[2011/10/12 17:42:53 | 000,038,536 | ---- | C] () -- C:\Windows\System32\prfd0416.dat
[2011/10/08 05:47:15 | 000,035,840 | ---- | C] () -- C:\Users\Charles\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/08 05:42:24 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/10/06 23:14:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/14 12:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/08/26 12:34:14 | 000,239,869 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/04/09 19:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/17 15:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2009/07/14 02:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 02:33:53 | 000,279,896 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 00:05:48 | 000,651,450 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 00:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 00:05:48 | 000,120,382 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 00:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 00:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 00:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 22:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 21:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 21:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 21:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 19:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/08/13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011/10/13 17:24:37 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Babylon
[2011/12/30 01:14:25 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\DAEMON Tools Lite
[2012/01/09 10:22:10 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\DMCache
[2011/10/16 06:32:39 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\DVDVideoSoft
[2011/10/16 06:32:35 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/10/08 02:56:06 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\GameRanger
[2011/10/13 17:27:16 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\GetRightToGo
[2011/12/29 17:49:34 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\IDM
[2011/10/11 00:46:05 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\KiTTY
[2011/11/08 22:47:32 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Leadertech
[2011/10/13 19:29:50 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Megaupload
[2012/01/08 15:30:04 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Opera
[2012/01/06 06:58:21 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\POrev
[2011/12/30 01:46:31 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Sports Interactive
[2011/12/31 20:07:46 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Supercade
[2011/10/12 17:27:49 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\TeamViewer
[2012/01/03 18:44:04 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Tibia
[2011/10/07 18:08:11 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Tibiacast
[2011/12/14 01:08:47 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Unity
[2011/12/26 01:40:54 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\uTorrent
[2011/10/22 16:41:21 | 000,000,000 | -HSD | M] -- C:\Users\Charles\AppData\Roaming\wyUpdate AU
[2009/07/14 02:53:46 | 000,015,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >

Eu vou elimino um processo ele vai pra outro, eu nao entendo HAUAHAH!

OgAAAEkaZn3PplDZI_2pUE4jG0h0Yu5PjXgLDovQD-CuUPng4qNmliE7N4KP9qDeB0wd7h7P9knN72mlpz_XPMlK9NAAm1T1UCytvSoe1sfVZBSrOJZhPNtqLccw.jpg

OgAAANDmXWSGvj1IUydg5Ntau6eO1ql_2rfjBtpcC_T2tHhzSwngvHCQiMxltVAmq5zVdTu05t_9XILRhFeQ5zuKkt0Am1T1UNEPUcgYCAknXrvmgNo2FEcEG2yp.jpg

OwAAAPsTS8m1lfjuiivC2yMKYfCRaCYWEMv8mPumrxtSlLMnuW6wh3v2XfZE2GOO82mJpyd_fyL5BcKj8vBvYKi3DCEAm1T1UL6yMdP-u7H03ywgYbBY4GtYNYzp.jpg

ExtremeGamerBR · 09/01/2012

Vicalvi disse:
Queria aproveitar o tópico e perguntar ao Mr.Wolf se terei algum problema de conflito em utilizar o anti-vírus Avira Premium + Malwarebytes Pro? Já que os dois tem proteção em tempo real.

Me intrometendo um pouco, mas não há problemas em executar os dois ao mesmo tempo, é provável que não seja necessário mas recomendo que você crie exceções/exclua um da proteção do outro, inclusive os drivers.

cLIX · 21/01/2012

Recebo esta barra no centro da tela de tempos em tempos. Demora 1 segundo ou menos.

Algo aleatório, pode demorar 30 minutos entre uma e outra, assim como podem ser 5 vezes em 5 minutos.

O chato disso é que me traz para o windows quando ela passa e estou em algum aplicativo tela-cheia.

Seria algum tipo de vírus ?

vlw !

Mr.Wolf · 22/01/2012

cLIX

Para que eu possa lhe ajudar, preciso que você poste um log do OTL aqui conforme o primeiro post deste tópico.

Falc0n · 24/01/2012

Alguém poderia por favor, me dizer se este arquivo de tradução, esta limpo ?

http://www.gamevicio.com/i/traducao/348-fallout-3-para-portugues-brasil/start/3/index.html

Eu passei no Vírus Total e achou 4. Mas não sa pra saber se realmente é. Estou com medo de instalar e ter alguma coisa hahaha. https://www.virustotal.com/file/0db...a2a7692ae0d821a2990bbc8281eb16370ff/analysis/

Primoit · 24/01/2012

Olá Mr.Wolf,

poderia dar uma analisada no log abaixo? muito obrigado.

OTL

Código:

OTL logfile created on: 24/01/2012 23:37:47 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Willian\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
2,00 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 44,25% Memory free
4,00 Gb Paging File | 2,34 Gb Available in Paging File | 58,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 156,15 Gb Total Space | 46,45 Gb Free Space | 29,74% Space Free | Partition Type: NTFS
Drive D: | 163,02 Gb Total Space | 97,59 Gb Free Space | 59,87% Space Free | Partition Type: NTFS
Drive J: | 146,49 Gb Total Space | 25,98 Gb Free Space | 17,73% Space Free | Partition Type: NTFS
Drive W: | 465,76 Gb Total Space | 268,60 Gb Free Space | 57,67% Space Free | Partition Type: NTFS
 
Computer Name: WILLIAN-PC | User Name: Willian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012/01/24 23:33:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Willian\Desktop\OTL.exe
PRC - [2012/01/16 11:09:14 | 003,462,552 | ---- | M] (Tonec Inc.) -- C:\Arquivos de Programas\Internet Download Manager\IDMan.exe
PRC - [2012/01/11 22:55:22 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de Programas\Mozilla Firefox\firefox.exe
PRC - [2011/12/02 22:32:44 | 000,226,816 | ---- | M] (Unified Remote) -- C:\Arquivos de Programas\Unified Remote\RemoteServer.exe
PRC - [2011/10/15 06:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de Programas\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/15 06:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de Programas\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/10/15 06:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de Programas\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de Programas\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/09/26 18:15:36 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Arquivos de Programas\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/08/22 17:23:28 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2011/08/22 17:22:54 | 000,432,752 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2011/08/22 15:28:42 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Arquivos de Programas\VMware\VMware Player\vmware-authd.exe
PRC - [2011/08/21 23:11:22 | 000,665,200 | ---- | M] (VMware, Inc.) -- C:\Arquivos de Programas\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2011/08/17 13:52:05 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Arquivos de Programas\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/06/24 18:13:33 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Arquivos de Programas\uTorrent\uTorrent.exe
PRC - [2011/04/16 22:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Arquivos de Programas\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2011/02/25 03:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 10:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe
PRC - [2010/11/20 10:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/12 12:04:20 | 004,142,448 | ---- | M] (Stardock) -- C:\Arquivos de Programas\Stardock\ObjectDockPlus2\ObjectDock.exe
PRC - [2010/09/30 23:50:23 | 000,296,448 | ---- | M] (Microsoft) -- C:\Arquivos de Programas\Stardock\ObjectDockPlus2\ObjectDockTray.exe
PRC - [2010/05/25 10:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Arquivos de Programas\Internet Download Manager\IEMonitor.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/04/24 18:01:24 | 001,683,456 | ---- | M] () -- C:\Arquivos de Programas\LG Soft India\forteManager\bin\Monitor.exe
PRC - [2008/10/25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007/04/06 12:06:58 | 000,057,344 | ---- | M] (ZSMCSNAP) -- C:\Windows\ZSSnp211.exe
PRC - [2006/08/18 17:58:14 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012/01/24 21:43:18 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2012/01/23 03:25:15 | 000,458,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\RenderPanel\b75438838f383db397974c719ff32784\RenderPanel.ni.dll
MOD - [2012/01/23 03:25:14 | 000,440,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\ObjectDockTray\ee7aa030f659ba9f6df66f770806c280\ObjectDockTray.ni.exe
MOD - [2012/01/23 03:19:57 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2012/01/23 03:19:51 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2012/01/23 03:19:34 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2012/01/23 03:19:30 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2012/01/23 03:19:29 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2012/01/23 03:19:19 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2012/01/11 22:55:22 | 002,124,760 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\mozjs.dll
MOD - [2011/10/15 00:54:26 | 000,265,536 | ---- | M] () -- C:\Arquivos de Programas\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/10/13 21:02:33 | 018,058,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\559ebac0a85ae55da09827b8048f77bd\System.ServiceModel.ni.dll
MOD - [2011/10/13 21:00:52 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\993f89ba22499c379d2a9dd25d13cd94\System.Runtime.Serialization.ni.dll
MOD - [2011/10/13 03:23:38 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\14d8a7579839b11151cd901b846d0afb\System.Data.ni.dll
MOD - [2011/10/13 03:23:32 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\2de8b7360d6a58fa7fd1b451fa88dde6\System.Windows.Forms.ni.dll
MOD - [2011/10/13 03:23:23 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\4844dd28e0611d1ebd1e449fe822c2a5\System.Configuration.ni.dll
MOD - [2011/10/13 03:23:21 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\419103071a5a5d17738afbe9dd03d58a\System.Xml.ni.dll
MOD - [2011/10/13 03:23:20 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\44a7d2597981a82da8b9e3e2298602de\System.Core.ni.dll
MOD - [2011/10/13 03:23:17 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\17bfc7131aca3a393f430121f79307bd\System.Drawing.ni.dll
MOD - [2011/10/13 03:23:13 | 009,086,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\5286fe2d0167eb835a9f11025f1cb756\System.ni.dll
MOD - [2011/10/13 03:23:08 | 014,407,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll
MOD - [2011/10/03 05:05:36 | 000,008,192 | ---- | M] () -- C:\Arquivos de Programas\Java\jre6\bin\jp2native.dll
MOD - [2011/06/27 22:24:05 | 000,807,936 | ---- | M] () -- C:\Arquivos de Programas\Stardock\ObjectDockPlus2\CrashRpt.dll
MOD - [2010/11/12 21:34:31 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/09/30 23:50:23 | 000,675,840 | ---- | M] () -- C:\Arquivos de Programas\Stardock\ObjectDockPlus2\DockShellHook.dll
MOD - [2010/03/09 19:58:30 | 000,053,760 | ---- | M] () -- C:\Arquivos de Programas\Stardock\ObjectDockPlus2\zlib.dll
MOD - [2009/12/12 15:12:04 | 000,141,824 | ---- | M] () -- C:\Arquivos de Programas\WinRAR\RarExt.dll
MOD - [2009/04/24 18:01:24 | 001,683,456 | ---- | M] () -- C:\Arquivos de Programas\LG Soft India\forteManager\bin\Monitor.exe
MOD - [2009/04/24 17:03:30 | 000,069,632 | ---- | M] () -- C:\Arquivos de Programas\LG Soft India\forteManager\bin\MonitorPortRes.dll
MOD - [2009/04/24 17:03:22 | 000,122,880 | ---- | M] () -- C:\Arquivos de Programas\LG Soft India\forteManager\bin\ApplicationManager.dll
MOD - [2009/04/24 17:03:14 | 000,090,112 | ---- | M] () -- C:\Arquivos de Programas\LG Soft India\forteManager\bin\ACRHook.dll
MOD - [2009/04/24 17:03:14 | 000,073,728 | ---- | M] () -- C:\Arquivos de Programas\LG Soft India\forteManager\bin\ProtocolEngine.dll
MOD - [2009/04/24 17:03:12 | 000,159,744 | ---- | M] () -- C:\Arquivos de Programas\LG Soft India\forteManager\bin\DeviceManager.dll
MOD - [2009/04/24 17:03:10 | 000,053,248 | ---- | M] () -- C:\Arquivos de Programas\LG Soft India\forteManager\bin\ErrorHandler.dll
MOD - [2006/08/18 17:58:14 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [Auto | Stopped] --  -- (NeroMediaHomeService.4)
SRV - [2011/11/19 15:55:47 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/15 06:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Arquivos de Programas\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Arquivos de Programas\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/09/26 18:15:44 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/09/26 18:15:36 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/09/16 15:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011/08/22 17:23:28 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011/08/22 17:22:54 | 000,432,752 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2011/08/22 15:28:42 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2011/08/21 23:11:22 | 000,665,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2011/08/17 13:52:05 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Arquivos de Programas\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/04/16 22:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2010/03/03 03:04:26 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/18 11:20:12 | 000,054,048 | ---- | M] ( ) [Auto | Stopped] -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe -- (GbpSv)
SRV - [2010/02/04 12:11:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/13 23:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 23:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 23:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2012/01/10 21:37:46 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/01/10 21:37:25 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120124.008\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/01/10 21:37:25 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Arquivos de Programas\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/01/10 21:37:25 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Arquivos de Programas\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/01/10 21:37:25 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120124.008\NAVENG.SYS -- (NAVENG)
DRV - [2011/12/23 22:17:32 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120121.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/12/20 16:05:38 | 000,091,424 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2011/12/15 21:33:22 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120121.005\IDSvix86.sys -- (IDSVix86)
DRV - [2011/11/04 13:42:02 | 000,158,512 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2011/11/04 13:42:02 | 000,116,016 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2011/11/04 13:42:02 | 000,104,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2011/11/04 13:42:02 | 000,091,440 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2011/11/04 13:42:02 | 000,082,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2011/10/15 06:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/09/26 18:16:14 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/09/16 15:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/09/16 15:10:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Arquivos de Programas\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/08/22 17:23:36 | 000,055,280 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2011/08/22 17:23:00 | 000,023,792 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmparport.sys -- (VMparport)
DRV - [2011/08/22 17:22:44 | 000,025,584 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2011/08/22 17:22:08 | 000,025,712 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2011/08/22 15:12:26 | 000,036,464 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2011/08/22 15:12:26 | 000,016,624 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2011/08/21 23:11:22 | 000,032,496 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2011/08/08 14:58:56 | 000,098,928 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmci.sys -- (vmci)
DRV - [2011/07/08 17:44:30 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SYMNETS.SYS -- (SymNetS)
DRV - [2011/03/31 01:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/31 01:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/15 00:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 04:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 03:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/12/07 14:23:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem)
DRV - [2010/12/07 14:23:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag)
DRV - [2010/12/07 14:23:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps)
DRV - [2010/12/07 14:22:58 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus)
DRV - [2010/11/20 10:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 10:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 10:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 10:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 10:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 08:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 08:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 08:50:37 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vpcuxd.sys -- (vpcuxd)
DRV - [2010/11/20 08:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 08:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 07:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 07:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 07:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/08/02 16:19:22 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandadb.sys -- (androidusb)
DRV - [2010/07/14 22:40:02 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/07/14 22:40:01 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/02/18 11:20:44 | 000,030,752 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\GbpKm.sys -- (GbpKm)
DRV - [2010/02/09 18:32:04 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2010/01/20 16:53:06 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/01/20 16:53:04 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/09/29 08:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtport.sys -- (LgBttPort)
DRV - [2009/09/29 08:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgvmodem.sys -- (LGVMODEM)
DRV - [2009/09/29 08:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum)
DRV - [2009/07/13 21:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/05/25 13:38:16 | 000,734,208 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/04/24 17:03:10 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Arquivos de Programas\LG Soft India\forteManager\bin\PII2CDriver.sys -- (LGII2CDevice)
DRV - [2009/04/24 17:03:10 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Arquivos de Programas\LG Soft India\forteManager\bin\I2CDriver.sys -- (LGDDCDevice)
DRV - [2009/03/27 01:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2007/12/05 12:00:08 | 001,537,024 | ---- | M] (ZSMC.Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZS211.sys -- (ZSMC30x)
DRV - [2007/11/02 11:47:38 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s916bus.sys -- (s916bus) Sony Ericsson Device 916 driver (WDM)
DRV - [2005/08/30 02:47:38 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2002/07/17 17:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-107195155-1495035494-2883815816-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
IE - HKU\S-1-5-21-107195155-1495035494-2883815816-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKU\S-1-5-21-107195155-1495035494-2883815816-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B6 B3 40 A4 3D 0F CB 01  [binary data]
IE - HKU\S-1-5-21-107195155-1495035494-2883815816-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-107195155-1495035494-2883815816-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.globo.com/"
FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886C}:2.6.1.1
FF - prefs.js..extensions.enabledItems: allglassv2@ambroos.neowin.net:2.1.4
FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E8874}:2.3.5.41
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:7.3.3
FF - prefs.js..extensions.enabledItems: Strata40@SpewBoy.au:0.6.2
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.http: "203.160.1.103"
FF - prefs.js..network.proxy.http_port: 80
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Willian\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Willian\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012/01/24 21:42:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_4_3 [2012/01/24 21:42:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/11 22:55:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/02 23:58:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Willian\AppData\Roaming\IDM\idmmzcc5 [2012/01/24 22:21:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Willian\AppData\Roaming\IDM\idmmzcc5 [2012/01/24 22:21:29 | 000,000,000 | ---D | M]
 
[2010/04/29 21:08:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Willian\AppData\Roaming\mozilla\Extensions
[2010/04/29 21:08:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Willian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/01/24 21:44:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Willian\AppData\Roaming\mozilla\Firefox\Profiles\n169crbp.default\extensions
[2012/01/17 18:50:37 | 000,000,000 | ---D | M] (Modulo de Seguranca - Banco do Brasil) -- C:\Users\Willian\AppData\Roaming\mozilla\Firefox\Profiles\n169crbp.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}
[2011/07/25 20:56:03 | 000,000,000 | ---D | M] (Modulo de Protecao) -- C:\Users\Willian\AppData\Roaming\mozilla\Firefox\Profiles\n169crbp.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}
[2011/07/25 20:56:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Willian\AppData\Roaming\mozilla\Firefox\Profiles\n169crbp.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}-trash
[2011/05/01 22:07:05 | 000,000,000 | ---D | M] (Edit Cookies) -- C:\Users\Willian\AppData\Roaming\mozilla\Firefox\Profiles\n169crbp.default\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}
[2010/06/23 19:26:37 | 000,000,000 | ---D | M] ("All-Glass Firefox mod, based on Glasser") -- C:\Users\Willian\AppData\Roaming\mozilla\Firefox\Profiles\n169crbp.default\extensions\allglassv2@ambroos.neowin.net
[2010/06/18 21:22:55 | 000,000,000 | ---D | M] ("Strata40") -- C:\Users\Willian\AppData\Roaming\mozilla\Firefox\Profiles\n169crbp.default\extensions\Strata40@SpewBoy.au
[2010/06/18 21:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Willian\AppData\Roaming\mozilla\Firefox\Profiles\n169crbp.default\extensions\Strata40@SpewBoy.au\chrome\mozapps\extensions
[2012/01/11 22:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\extensions
[2012/01/24 22:21:29 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\WILLIAN\APPDATA\ROAMING\IDM\IDMMZCC5
() (No name found) -- C:\USERS\WILLIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N169CRBP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/01/11 22:55:22 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/02/08 22:52:09 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010/03/16 14:57:46 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npganymedenet.dll
[2009/08/03 16:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2012/01/11 22:55:20 | 000,001,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\buscape.xml
[2012/01/11 22:55:20 | 000,001,212 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml
[2012/01/11 22:55:20 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/01/11 22:55:20 | 000,001,168 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-br.xml
[2012/01/11 22:55:20 | 000,000,952 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-br.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Willian\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Willian\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Willian\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: GanymedeNet.Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll
CHR - plugin: Office Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Willian\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\Willian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
 
O1 HOSTS File: ([2012/01/24 22:21:09 | 000,001,367 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1       adobeereg.com
O1 - Hosts: 127.0.0.1       activate.adobe.com
O1 - Hosts: 127.0.0.1       practivate.adobe.com
O1 - Hosts: 127.0.0.1       ereg.adobe.com
O1 - Hosts: 127.0.0.1       activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1       wip3.adobe.com
O1 - Hosts: 127.0.0.1       3dns 3.adobe.com-
O1 - Hosts: 127.0.0.1       3dns 2.adobe.com-
O1 - Hosts: 127.0.0.1       adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1       adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1       adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1       ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1       ativar sea.adobe.com-
O1 - Hosts: 127.0.0.1       WWIS-dubc1 vip60.adobe.com-
O1 - Hosts: 127.0.0.1       ativar sjc0.adobe.com-
O1 - Hosts: 127.0.0.1       WWIS-dubc1 vip60.adobe.com-
O1 - Hosts: 127.0.0.1 tonec.com
O1 - Hosts: 127.0.0.1 www.tonec.com
O1 - Hosts: 127.0.0.1 registeridm.com
O1 - Hosts: 127.0.0.1 www.registeridm.com
O1 - Hosts: 127.0.0.1 secure.registeridm.com
O1 - Hosts: 127.0.0.1 internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 www.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 secure.internetdownloadmanager.com
O1 - Hosts: 11 more lines...
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Arquivos de Programas\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Arquivos de Programas\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Arquivos de Programas\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Arquivos de Programas\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Arquivos de Programas\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Domino] C:\Windows\Domino.exe ()
O4 - HKLM..\Run: [Nero MediaHome 4] "E:\Programmi\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN File not found
O4 - HKLM..\Run: [Skytel] C:\Arquivos de Programas\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe (ZSMCSNAP)
O4 - HKU\S-1-5-21-107195155-1495035494-2883815816-1000..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-107195155-1495035494-2883815816-1000..\Run: [LG LinkAir]  File not found
O4 - HKU\S-1-5-21-107195155-1495035494-2883815816-1000..\Run: [Nero MediaHome 4] "E:\Programmi\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN File not found
O4 - HKU\S-1-5-21-107195155-1495035494-2883815816-1000..\Run: [Unified Remote v2] C:\Arquivos de Programas\Unified Remote\RemoteServer.exe (Unified Remote)
O4 - HKU\S-1-5-21-107195155-1495035494-2883815816-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Willian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Arquivos de Programas\Stardock\ObjectDockPlus2\ObjectDock.exe (Stardock)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-107195155-1495035494-2883815816-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-107195155-1495035494-2883815816-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-107195155-1495035494-2883815816-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Arquivos de Programas\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Fazer o download usando o IDM - C:\Arquivos de Programas\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de Programas\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de Programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Arquivos de Programas\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O15 - HKU\S-1-5-21-107195155-1495035494-2883815816-1000\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O15 - HKU\S-1-5-21-107195155-1495035494-2883815816-1000\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)
O15 - HKU\S-1-5-21-107195155-1495035494-2883815816-1000\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)
O15 - HKU\S-1-5-21-107195155-1495035494-2883815816-1000\..Trusted Domains: bb.com.br ([www] * in Trusted sites)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.64.0.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 187.22.0.15 187.22.0.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{572DABFA-658C-4DA2-8870-239C097C6D63}: DhcpNameServer = 187.22.0.15 187.22.0.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE87A421-4E2B-4E67-A639-7DE1C971713B}: DhcpNameServer = 187.22.0.15 187.22.0.16
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\S-1-5-21-107195155-1495035494-2883815816-1000 Winlogon: Shell - (expstart.exe) -C:\Windows\expstart.exe ()
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files\GbPlugin\gbieh.dll) - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil)
O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Arquivos de Programas\Stardock\ObjectDockPlus2\ODMenu.dll (Stardock)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012/01/24 23:33:41 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Willian\Desktop\OTL.exe
[2012/01/24 22:20:06 | 000,000,000 | ---D | C] -- C:\Users\Willian\AppData\Roaming\IDM
[2012/01/24 22:19:56 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2012/01/24 22:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedBit
[2012/01/24 21:57:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/24 16:31:53 | 000,000,000 | ---D | C] -- C:\Users\Willian\Desktop\O.Homem.do.Futuro.2012.720p.BluRay.x264-ZMG
[2012/01/21 16:08:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012/01/21 16:07:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012/01/18 23:27:36 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/01/18 23:27:36 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/01/18 23:27:36 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/01/18 23:27:36 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/01/18 23:27:36 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/01/18 23:27:36 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/01/18 23:27:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/01/18 23:27:36 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/01/18 23:27:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/01/18 23:27:36 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/01/18 23:27:36 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/01/18 23:27:36 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/01/18 23:27:36 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/01/18 23:27:36 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/01/18 23:27:36 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/01/18 23:27:36 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/01/18 23:27:36 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/01/18 23:27:36 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/01/18 23:27:36 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/01/18 23:27:36 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/01/18 23:27:36 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/01/18 23:27:36 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/01/18 23:27:36 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/01/18 23:27:35 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/01/18 23:27:35 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/01/18 23:27:35 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/01/18 23:27:35 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/01/18 23:27:35 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/01/18 23:27:35 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/01/18 23:27:35 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/01/18 23:27:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/01/18 23:27:35 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/01/18 23:27:35 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/01/18 23:27:35 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/01/18 23:27:35 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/01/18 23:27:35 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/01/18 23:27:35 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/01/17 20:37:24 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012/01/17 20:37:24 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012/01/16 21:08:47 | 000,000,000 | ---D | C] -- C:\Users\Willian\Desktop\Projeto quarto
[2012/01/16 11:11:57 | 000,091,424 | ---- | C] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys
[2012/01/15 19:03:09 | 000,000,000 | ---D | C] -- C:\Program Files\Batman Arkham City
[2012/01/14 15:30:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
[2012/01/14 15:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/01/13 00:48:03 | 000,000,000 | ---D | C] -- C:\Users\Willian\Documents\WB Games
[2012/01/13 00:43:48 | 000,000,000 | ---D | C] -- C:\Users\Willian\Documents\Games for Windows - LIVE Demos
[2012/01/12 20:24:02 | 000,000,000 | ---D | C] -- C:\Users\Willian\Application Data
[2012/01/11 23:22:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2012/01/11 23:12:48 | 000,000,000 | ---D | C] -- C:\Users\Willian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LIMBO
[2012/01/11 23:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\LIMBO
[2012/01/11 16:02:49 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/11 16:02:43 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/11 16:02:43 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/01/10 21:37:44 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\symefa.sys
[2012/01/10 21:37:44 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\srtsp.sys
[2012/01/10 21:37:44 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\symds.sys
[2012/01/10 21:37:44 | 000,299,640 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\symnets.sys
[2012/01/10 21:37:44 | 000,136,312 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\ironx86.sys
[2012/01/10 21:37:44 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\srtspx.sys
[2012/01/10 21:37:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1206000.01D
[2012/01/10 21:27:11 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/01/10 21:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/01/10 21:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/01/10 21:26:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2012/01/10 21:26:42 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012/01/10 21:26:42 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2012/01/10 21:26:37 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/01/07 18:13:06 | 000,000,000 | ---D | C] -- C:\Users\Willian\AppData\Local\Ubisoft Game Launcher
[2012/01/07 17:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2012/01/07 17:16:41 | 000,000,000 | ---D | C] -- C:\Users\Willian\Documents\Assassin's Creed Revelations
[2012/01/07 17:13:09 | 000,000,000 | ---D | C] -- C:\Users\Willian\AppData\Roaming\PunkBuster
[2012/01/04 21:34:41 | 000,000,000 | ---D | C] -- C:\Users\Willian\Documents\DisplayFusion Backups
[2012/01/04 16:47:27 | 000,000,000 | ---D | C] -- C:\Users\Willian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rainmeter
[2012/01/03 21:15:45 | 000,000,000 | ---D | C] -- C:\Users\Willian\AppData\Roaming\Unified Remote
[2012/01/03 21:15:23 | 000,000,000 | ---D | C] -- C:\Users\Willian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unified Remote
[2012/01/03 21:15:23 | 000,000,000 | ---D | C] -- C:\Program Files\Unified Remote
[2011/12/29 16:20:12 | 000,000,000 | ---D | C] -- C:\Users\Willian\AppData\Local\Nero
[2011/12/29 16:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2011/12/28 22:43:26 | 000,000,000 | ---D | C] -- C:\Users\Willian\AppData\Local\Plex Media Server
[2011/12/28 22:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
[2011/12/28 22:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\Plex
[2011/12/27 22:26:11 | 000,000,000 | ---D | C] -- C:\Users\Willian\AppData\Local\MindGems
[2011/12/26 13:45:10 | 000,000,000 | ---D | C] -- C:\Users\Willian\Documents\FFOutput
[2011/12/26 13:44:52 | 000,000,000 | ---D | C] -- C:\Users\Willian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
[2011/12/26 13:44:42 | 000,000,000 | ---D | C] -- C:\Program Files\FreeTime
[2010/05/01 16:56:19 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Willian\AppData\Roaming\pcouffin.sys
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[20 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012/01/24 23:33:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Willian\Desktop\OTL.exe
[2012/01/24 23:08:00 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-107195155-1495035494-2883815816-1000UA.job
[2012/01/24 22:05:18 | 000,109,216 | ---- | M] () -- C:\Windows\System32\EasyHook64.dll
[2012/01/24 22:05:18 | 000,084,480 | ---- | M] () -- C:\Windows\System32\EasyHook32.dll
[2012/01/24 21:49:40 | 000,019,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/24 21:49:40 | 000,019,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/24 21:47:19 | 000,676,322 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2012/01/24 21:47:19 | 000,627,800 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/24 21:47:19 | 000,134,684 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2012/01/24 21:47:19 | 000,111,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/24 21:46:27 | 001,600,564 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\Cat.DB
[2012/01/24 21:43:18 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/01/24 21:42:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/24 21:42:15 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/24 02:08:00 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-107195155-1495035494-2883815816-1000Core.job
[2012/01/22 05:39:25 | 003,800,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/21 16:15:53 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2012/01/18 23:27:36 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/01/18 23:27:36 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/01/18 23:27:36 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/01/18 23:27:36 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/01/18 23:27:36 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/01/18 23:27:36 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/01/18 23:27:36 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/01/18 23:27:36 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/01/18 23:27:36 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/01/18 23:27:36 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/01/18 23:27:36 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/01/18 23:27:36 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/01/18 23:27:36 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/01/18 23:27:36 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/01/18 23:27:36 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/01/18 23:27:36 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/01/18 23:27:36 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/01/18 23:27:36 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/01/18 23:27:36 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/01/18 23:27:36 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/01/18 23:27:36 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/01/18 23:27:36 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/01/18 23:27:36 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/01/18 23:27:36 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/01/18 23:27:35 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/01/18 23:27:35 | 001,798,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/01/18 23:27:35 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/01/18 23:27:35 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/01/18 23:27:35 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/01/18 23:27:35 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/01/18 23:27:35 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/01/18 23:27:35 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/01/18 23:27:35 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/01/18 23:27:35 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/01/18 23:27:35 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/01/18 23:27:35 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/01/18 23:27:35 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/01/18 23:27:35 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/01/10 23:17:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_lgandadb_01005.Wdf
[2012/01/10 21:37:46 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/01/10 21:37:46 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/01/10 21:37:46 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/01/04 20:54:39 | 000,087,608 | ---- | M] () -- C:\Users\Willian\AppData\Roaming\inst.exe
[2012/01/04 20:54:39 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Willian\AppData\Roaming\pcouffin.sys
[2012/01/04 20:54:39 | 000,007,887 | ---- | M] () -- C:\Users\Willian\AppData\Roaming\pcouffin.cat
[2012/01/04 20:54:39 | 000,001,144 | ---- | M] () -- C:\Users\Willian\AppData\Roaming\pcouffin.inf
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[20 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012/01/24 22:06:36 | 000,109,216 | ---- | C] () -- C:\Windows\System32\EasyHook64.dll
[2012/01/24 22:06:36 | 000,084,480 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll
[2012/01/18 23:27:36 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/01/11 15:50:23 | 001,600,564 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\Cat.DB
[2012/01/10 23:17:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_lgandadb_01005.Wdf
[2012/01/10 21:37:44 | 000,007,528 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\iron.cat
[2012/01/10 21:37:44 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symnet.cat
[2012/01/10 21:37:44 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symefa.cat
[2012/01/10 21:37:44 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtspx.cat
[2012/01/10 21:37:44 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtsp.cat
[2012/01/10 21:37:44 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symefa.inf
[2012/01/10 21:37:44 | 000,002,792 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symds.inf
[2012/01/10 21:37:44 | 000,001,446 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symnet.inf
[2012/01/10 21:37:44 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtspx.inf
[2012/01/10 21:37:44 | 000,001,383 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtsp.inf
[2012/01/10 21:37:44 | 000,000,742 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\iron.inf
[2012/01/10 21:37:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symds.cat
[2012/01/10 21:37:32 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\isolate.ini
[2012/01/10 21:27:11 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/01/10 21:27:11 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/01/04 20:54:39 | 000,087,608 | ---- | C] () -- C:\Users\Willian\AppData\Roaming\inst.exe
[2011/11/12 16:55:31 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2011/11/12 16:55:31 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/09/11 18:36:47 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/09/01 21:04:31 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2011/08/24 18:17:15 | 000,069,632 | ---- | C] () -- C:\Windows\System32\MSJCE.dll
[2011/07/14 23:30:22 | 000,049,152 | ---- | C] () -- C:\Windows\Domino.exe
[2011/07/05 01:17:48 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2011/07/01 01:18:28 | 000,000,132 | ---- | C] () -- C:\Users\Willian\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/06/14 00:14:37 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/06/14 00:13:35 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/05/16 23:27:01 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/16 23:27:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/16 23:27:01 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/16 23:27:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/16 23:27:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/09 19:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/12/21 11:10:06 | 000,000,018 | ---- | C] () -- C:\Windows\borlamd.dll
[2010/12/21 11:10:04 | 000,000,021 | ---- | C] () -- C:\Windows\ATALHOS.INI
[2010/12/12 23:34:05 | 000,000,090 | ---- | C] () -- C:\Windows\GLP.INI
[2010/11/12 22:21:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/02 19:00:47 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2010/10/24 17:20:32 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/04 21:59:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\StarOpen.sys
[2010/07/14 22:40:02 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010/07/14 22:40:01 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010/05/31 23:43:01 | 000,162,304 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010/05/31 22:57:08 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/05/19 02:00:41 | 000,004,608 | ---- | C] () -- C:\Users\Willian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/11 23:41:43 | 000,128,000 | ---- | C] () -- C:\Windows\DesinstWRecnet.EXE
[2010/05/11 23:41:43 | 000,122,880 | ---- | C] () -- C:\Windows\DesinstRecnet.exe
[2010/05/11 23:41:43 | 000,005,361 | ---- | C] () -- C:\Windows\DesinstWRecnet.ini
[2010/05/11 23:41:43 | 000,000,146 | ---- | C] () -- C:\Windows\REC-NET.INI
[2010/05/03 00:17:26 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/05/03 00:17:26 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/05/03 00:17:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010/05/03 00:17:24 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/05/03 00:17:24 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/05/03 00:17:22 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/05/01 16:57:28 | 000,001,189 | ---- | C] () -- C:\Users\Willian\AppData\Roaming\vso_ts_preview.xml
[2010/05/01 16:56:19 | 000,007,887 | ---- | C] () -- C:\Users\Willian\AppData\Roaming\pcouffin.cat
[2010/05/01 16:56:19 | 000,001,144 | ---- | C] () -- C:\Users\Willian\AppData\Roaming\pcouffin.inf
[2010/04/30 23:07:37 | 000,000,095 | ---- | C] () -- C:\Users\Willian\AppData\Local\fusioncache.dat
[2010/04/30 20:54:36 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/04/30 20:54:35 | 000,022,328 | ---- | C] () -- C:\Users\Willian\AppData\Roaming\PnkBstrK.sys
[2010/04/30 20:54:24 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/04/30 20:54:23 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010/04/30 20:54:23 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/02/02 22:26:12 | 000,007,607 | ---- | C] () -- C:\Users\Willian\AppData\Local\resmon.resmoncfg
[2010/02/02 21:34:19 | 001,692,288 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2010/02/02 21:34:19 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2010/02/02 21:34:19 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2010/02/02 21:34:19 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2010/02/02 21:34:19 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 06:31:12 | 000,676,322 | ---- | C] () -- C:\Windows\System32\prfh0416.dat
[2009/07/14 06:31:12 | 000,323,154 | ---- | C] () -- C:\Windows\System32\prfi0416.dat
[2009/07/14 06:31:12 | 000,134,684 | ---- | C] () -- C:\Windows\System32\prfc0416.dat
[2009/07/14 06:31:12 | 000,038,536 | ---- | C] () -- C:\Windows\System32\prfd0416.dat
[2009/07/14 02:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 02:33:53 | 003,800,616 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 00:05:48 | 000,627,800 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 00:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 00:05:48 | 000,111,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 00:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 00:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 00:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 21:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 21:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 21:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 19:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/06/21 20:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[1997/06/13 22:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[1996/04/03 17:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011/01/12 21:40:03 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\.minecraft
[2010/07/20 22:47:45 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\abgx360
[2010/06/09 02:01:54 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\AnvSoft
[2010/10/21 22:15:54 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\Ashampoo
[2010/08/19 01:22:29 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\Audacity
[2010/02/02 21:32:28 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\Auslogics
[2011/03/11 23:14:47 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\Beat Hazard
[2011/09/14 19:04:19 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\BinarySense
[2010/04/21 23:16:50 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\Bioshock2
[2011/06/27 00:54:11 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\BitComet
[2011/04/18 22:23:12 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\BSplayer Pro
[2012/01/23 17:04:49 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\DAEMON Tools Lite
[2011/06/24 21:42:17 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\Day 1 Studios
[2011/10/31 21:46:14 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\Dev-Cpp
[2012/01/24 23:43:37 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\DMCache
[2011/04/17 22:52:22 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\DVDVideoSoft
[2011/11/07 22:51:12 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\FileZilla
[2011/11/06 15:30:14 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\foobar2000
[2010/02/08 22:52:17 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\Foxit
[2010/07/11 22:52:00 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\GameSave Manager 2.0
[2010/04/28 23:33:49 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\GanymedeNet
[2011/03/16 22:36:08 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\GetRightToGo
[2010/06/04 21:42:22 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\GrabPro
[2012/01/24 23:35:27 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\IDM
[2010/10/15 01:51:46 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\Juce VST Host
[2010/03/09 21:00:19 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\Leadertech
[2011/10/04 16:09:13 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\mkvtoolnix
[2011/06/14 00:39:21 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\Oracle SQL Developer Data Modeler
[2012/01/24 19:16:08 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\Orbit
[2010/10/02 02:32:01 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\ProgSense
[2010/12/16 21:47:03 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\Publish Providers
[2012/01/07 17:13:09 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\PunkBuster
[2012/01/06 18:12:53 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\Rainmeter
[2011/07/23 19:40:26 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\Rovio
[2010/12/16 21:46:58 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\Sony
[2011/03/22 22:46:37 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\Sports Interactive
[2011/06/27 22:23:33 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\Stardock
[2011/10/13 23:32:17 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\Subversion
[2011/01/03 20:17:35 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\TeamViewer
[2011/03/12 19:28:58 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\The Creative Assembly
[2010/04/29 21:08:37 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\Thunderbird
[2012/01/12 20:18:07 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\Ubisoft
[2012/01/03 21:15:51 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\Unified Remote
[2012/01/24 23:40:16 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\uTorrent
[2012/01/04 20:54:40 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\Vso
[2011/10/31 21:57:44 | 000,000,000 | ---D | M] -- C:\Users\Willian\AppData\Roaming\WinAVI
[2011/12/26 00:35:51 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:553CA6CA

< End of report >

Mr.Wolf · 25/01/2012

madrugones, o arquivo está limpo. Falso positivo dos scanners.

Opa Primoit, o log também está limpo.

вяυиασ 1988 · 31/01/2012

Mr. Wolf

Meu KIS 2012 pegou um tal de ryfgdjsry.exe na pasta TEMP esses dias. Ele dizia que era Unknow Virus ou algo assim. Eu deletava e um outro virus estranho tipo ihagdsygd.exe era criado no lugar. Foi então que resolvi fazer backup e formatar meu pc de uma vez pra acabar com isso.

Maaaas pra minha surpresa, logo depois de formatar o virus voltou ou continuou lá sei lá. Po, que virus é esse vc sabe informar? Procurei no google e não achei nada a respeito.

Até hoje não conhecia virus que resistia a formatações. :fuuu:

Mr.Wolf · 31/01/2012

Meu KIS 2012 pegou um tal de ryfgdjsry.exe na pasta TEMP esses dias. Ele dizia que era Unknow Virus ou algo assim. Eu deletava e um outro virus estranho tipo ihagdsygd.exe era criado no lugar.

Pelos nomes aleatórios, e pela localização, podemos suspeitar de Sality ou Virut -- ambos file infectores -- ou qualquer outro infector de arquivos. Mas é muito difícil dar um parecer assim por cima.

Foi então que resolvi fazer backup e formatar meu pc de uma vez pra acabar com isso.

O problema pode estar aí.

Por acaso fez backup de algum .exe, .dll, .msi, .html, .htm, .asp, .pdf, .php, .doc/.docx, ou .cmd?

Até hoje não conhecia virus que resistia a formatações. :fuuu:

Não existe. Formatação completa de uma partição nenhum malware resiste, amigo. A não ser que tenha feito backup com o sistema comprometido e copiado os arquivos do backup para o sistema pós-formatado.

вяυиασ 1988 · 31/01/2012

Só salvei uns pdfs e docx da facul no meu pendrive. Virus pega nesses arquivos também? E agora, não tem salvação então?

Mr.Wolf · 31/01/2012

Só salvei uns pdfs e docx da facul no meu pendrive. Virus pega nesses arquivos também?

Praga é praga, rapaz. Dependendo do tipo e da sofisticação, pode contaminar o que quiser.

E agora, não tem salvação então?

Bem, não garanto, mas existem meios de limpar estes arquivos, sim. Se fosse um .exe, .cmd ou .dll, aí sim, era improvável a recuperação dos mesmos.

No entanto, para que eu possa ajudá-lo melhor, preciso saber de qual infecção se trata. O KIS, quando emitiu o alerta antes da formatação, não exibiu nenhum nome ou tipo de ameaça na janela de detecção?

De qualquer forma, deixarei aqui algumas ferramentas que, talvez, possam limpar seus arquivos.

Dr.Web CureIt (para qualquer tipo de infecção)
WC32 (se for o Virut)
ElistarA (se for Sality, Virut, Junkpoly ou Vitro)
Norman Malware Cleaner (se for o Inudc File ou qualquer outro infector)
Kaspersky Virus Removal Tool (para qualquer infecção, e deve ser usado em modo seguro)

Veja se um destes aplicativos lhe ajuda.

вяυиασ 1988 · 31/01/2012

O KIS não mostrou o nome não. Só disse que era desconhecido e tipo ehsyehdse.exe. Só isso.

Tipo, como uso esses programas? Posso colocar eles no pendrive pra escanear?

Mr.Wolf · 31/01/2012

Você não transferiu os arquivos do pen drive para o sistema já? Copie-os para o Windows e utilize as ferramentas indicadas no post anterior.

Com o WC32, basta colocá-lo no mesmo diretório onde os arquivos estão e iniciar a verificação (que não é demorada).

Contudo, use primeiro o WC32 e o ElistarA, pois eles possuem um scan não tão demorado e lidam com infectores diretamente. Porque, pela descrição que você postou, os sintomas são bem semelhantes aos de infectores de arquivos.

вяυиασ 1988 · 31/01/2012

Ja passei os escans com os 2. Mas como vou saber se limpou?

Mr.Wolf · 31/01/2012

Se o WC32 não exibiu nenhuma mensagem, o Virut não foi encontrado nos arquivos.

O ElistarA salva um log no diretório raiz do seu computador (geralmente C:\). Verifique lá.

вяυиασ 1988 · 31/01/2012

(31-1-2012 16:23:02 (GMT))
EliStartPage v24.77 (c)2012 S.G.H. / Satinfo S.L. (Actualizado el 31 de Enero del 2012)
--------------------------------------------------
Usuario: Bruno
ID de Usuario: S-1-5-21-1960408961-1993962763-839522115-1003

Lista de Acciones (por Acción Directa):
Eliminadas las Paginas de Inicio y de Busqueda del IE
Eliminados Ficheros Temporales del IE

(31-1-2012 16:24:04 (GMT))
EliStartPage v24.77 (c)2012 S.G.H. / Satinfo S.L. (Actualizado el 31 de Enero del 2012)
--------------------------------------------------
Usuario: Bruno
ID de Usuario: S-1-5-21-1960408961-1993962763-839522115-1003

Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 1358
Nº Total de Ficheros: 11579
Nº de Ficheros Analizados: 7035
Nº de Ficheros Infectados: 7
Nº de Ficheros Limpiados: 7

EliStartPage v24.77 (c)2012 S.G.H. / Satinfo S.L. (Actualizado el 31 de Enero del 2012)
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Facul\Gestão.pdf --> Eliminado, MalWare.Vitro
C:\Facul\Finança.pdf --> Eliminado, GameSpyArcade
C:\Facul\Preparação Jurídico.pdf --> Eliminado, Malware.Vitro
C:\Facul\Documentario Luis Henrique.doc --> Eliminado, Generic.Packed.Vitro
C:\Facul\Documentario Professor Paulinha.doc --> Eliminado, Keylog-Briss
C:\Facul\Gestão.doc --> Eliminado, Malware.Vitro
C:\Facul\CMJJ.doc --> Eliminado, Malware.Vitro

Remoção de vírus

know-it-all Member

Malware Removal

know-it-all Member

Malware Removal

know-it-all Member

know-it-all Member

New Member

New Member

Agora papai :)

Hungry Member

Joy Division

Member

Malware Removal

Banido

Banido

Malware Removal

Active Member

Malware Removal

Active Member

Malware Removal

Active Member

Malware Removal

Active Member

Malware Removal

Active Member

Users who are viewing this thread