Remoção de vírus

[Mr.Wolf]

O23 - Service: Hoster Service (autoupdate) - C:\Windows\system32\01asajks.exe

Rogue.

Rode o MBAM em modo de segurança (sem rede). Ele certamente fará a limpeza das infecções principais, mas provavelmente o sistema continuará infectado. Neste caso, o recomendável seria o ComboFix.

Se quiser postar ambos os logs após os procedimentos, fique à vontade!

 

[guilhermeX]

Po, valeu Mr.Wolf. Nem em sonho saberia como identificar essa p0rra.

Vou baixar esses programas e deixar eles rodando aqui e mais tarde eu posto os logs sim pq eu sou um analfa-log haha.

[]'s

EDIT: depois que eu fizer isso o anti-virus aparecerá novamente ou terei que instalar ele denovo?

 

[Luis_Oliveira]

Bom galera, o problema com os acentos continua !
Rodei o F-Prot e o Avira aqui, ambos localizaram alguns arquivos e os moveram para quarentena, mas o problema continua..

Rodei um programinha da Symantec espec´´ifico para remoç~~ao do BugBear, mas nada foi encontrado !

Detalhe, acentos n~~ao funcionam em nenhum navegador, nem no msn e nem no word, mas no bloco de notas funcionam normalmente.. hahaha

OTL.txt:

Spoiler

OTL logfile created on: 03/03/2012 17:35:27 - Run 1
OTL by OldTimer - Version 3.2.35.0 Folder = C:\Users\Luís
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 51,75% Memory free
8,21 Gb Paging File | 6,03 Gb Available in Paging File | 73,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 285,48 Gb Free Space | 61,29% Space Free | Partition Type: NTFS

Computer Name: LUÍS-PC | User Name: Luís | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/03 17:11:04 | 000,585,216 | ---- | M] (OldTimer Tools) -- C:\Users\Luís\OTL.exe
PRC - [2012/03/03 00:37:19 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/31 12:30:36 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\Luís\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe
PRC - [2011/11/03 15:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/10/06 12:24:52 | 000,084,136 | ---- | M] (FRISK Software International) -- C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
PRC - [2010/11/03 16:40:36 | 001,674,016 | ---- | M] (FRISK Software International) -- C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
PRC - [2009/11/29 09:10:57 | 000,297,472 | ---- | M] (2q3wet Corporation) -- C:\Users\Luís\AppData\Roaming\Ymdypy\wyvy.exe
PRC - [2009/08/19 19:04:40 | 000,822,936 | ---- | M] (BinarySense, Inc.) -- C:\Program Files (x86)\Common Files\BinarySense\hldasvc.exe
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/10 23:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/01/28 10:42:10 | 001,352,704 | ---- | M] () -- C:\Arquivos de programas\ASUS\Ai Suite\EnergySaving\PwSave.exe
PRC - [2008/01/23 23:53:16 | 000,613,376 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.59\aaCenter.exe
PRC - [2008/01/09 10:17:18 | 000,627,200 | ---- | M] () -- C:\Arquivos de programas\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
PRC - [2007/11/30 20:03:28 | 000,881,152 | ---- | M] () -- C:\Arquivos de programas\ASUS\Ai Suite\CpuLevelUpHelp.exe
PRC - [2007/10/16 14:48:50 | 000,319,488 | ---- | M] (ASUS) -- C:\Arquivos de programas\ASUS\Ai Suite\CpuLevelUpHook32.exe
PRC - [2007/10/11 17:09:50 | 000,582,656 | ---- | M] () -- C:\Arquivos de programas\ASUS\Ai Suite\CpuLevelUpHookLaunch.exe
PRC - [2007/08/02 17:45:50 | 000,053,248 | ---- | M] (Sonic Focus, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe
PRC - [2007/05/28 13:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2006/08/11 11:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/03 00:37:19 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/08/25 20:20:25 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2008/01/28 10:42:10 | 001,352,704 | ---- | M] () -- C:\Arquivos de programas\ASUS\Ai Suite\EnergySaving\PwSave.exe
MOD - [2008/01/23 23:53:16 | 000,613,376 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.59\aaCenter.exe
MOD - [2008/01/17 05:46:20 | 000,053,248 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.59\cpuutil.dll
MOD - [2008/01/09 10:17:18 | 000,627,200 | ---- | M] () -- C:\Arquivos de programas\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
MOD - [2008/01/08 00:36:10 | 000,187,904 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.59\aasp.dll
MOD - [2008/01/07 20:38:50 | 000,409,088 | ---- | M] () -- C:\Arquivos de programas\ASUS\Ai Suite\EnergySaving\AnimationView.dll
MOD - [2007/11/30 20:03:28 | 000,881,152 | ---- | M] () -- C:\Arquivos de programas\ASUS\Ai Suite\CpuLevelUpHelp.exe
MOD - [2007/10/11 17:09:50 | 000,582,656 | ---- | M] () -- C:\Arquivos de programas\ASUS\Ai Suite\CpuLevelUpHookLaunch.exe
MOD - [2007/10/11 14:51:00 | 000,053,248 | ---- | M] () -- C:\Arquivos de programas\ASUS\Ai Suite\HookKey32.dll
MOD - [2006/01/10 05:50:20 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2005/06/22 06:39:56 | 000,204,851 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.59\PowerDll.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/14 23:14:36 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/04/16 23:16:31 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/06/06 20:41:54 | 000,089,088 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2011/11/03 15:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/10/06 12:24:52 | 000,084,136 | ---- | M] (FRISK Software International) [Auto | Running] -- C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe -- (FPAVServer)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/19 19:04:40 | 000,822,936 | ---- | M] (BinarySense, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\BinarySense\hldasvc.exe -- (HDDlife HDD Access service)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/24 11:46:26 | 000,994,952 | ---- | M] (Acunetix Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe -- (AcuWVSSchedulerv6)
SRV - [2007/05/28 13:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006/08/11 11:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/11 10:24:56 | 000,842,144 | ---- | M] (FRISK Software International) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\FPAV_RTP.sys -- (FPAV_RTP)
DRV:64bit: - [2009/12/10 03:39:48 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009/09/30 21:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/08/24 00:11:02 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/07/15 01:23:28 | 006,096,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/29 09:59:00 | 000,116,240 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/03/27 01:23:54 | 000,019,432 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)
DRV:64bit: - [2008/04/16 23:14:19 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/03/22 14:12:46 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2007/08/28 23:44:38 | 000,435,200 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2007/05/24 10:15:00 | 000,335,872 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2007/05/11 15:40:58 | 000,412,672 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364)
DRV:64bit: - [2006/10/31 12:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3401796189-860128465-4073613164-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
IE - HKU\S-1-5-21-3401796189-860128465-4073613164-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKU\S-1-5-21-3401796189-860128465-4073613164-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5E 1E 2D E0 56 F6 CC 01 [binary data]
IE - HKU\S-1-5-21-3401796189-860128465-4073613164-1000\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No CLSID value found
IE - HKU\..\SearchScopes,DefaultScope = {18E018C2-36AB-4C2D-B315-8526DB21F4CE}
IE - HKU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\..\SearchScopes\{18E018C2-36AB-4C2D-B315-8526DB21F4CE}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
IE - HKU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727
IE - HKU\S-1-5-21-3401796189-860128465-4073613164-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.9.7.3
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}:5.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: lockerzplayextended@flies:2.5.0
FF - prefs.js..extensions.enabledItems: om.brunolm@gmail.com:3.6.8.5
FF - prefs.js..extensions.enabledItems: {d5ea4520-61a1-11da-8cd6-0800200c9a66}:2009.07.19
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: pt-BR@dellalibera.sf.net:1.7
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.backup.ftp: "210.212.55.194"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "localhost"
FF - prefs.js..network.proxy.backup.gopher_port: 4001
FF - prefs.js..network.proxy.backup.socks: "210.212.55.194"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "210.212.55.194"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "220.227.14.141"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "localhost"
FF - prefs.js..network.proxy.gopher_port: 4001
FF - prefs.js..network.proxy.http: "220.227.14.141"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "220.227.14.141"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "220.227.14.141"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Luís\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Luís\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/03 00:37:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/02 05:21:06 | 000,000,000 | ---D | M]

[2009/08/23 23:18:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luís\AppData\Roaming\mozilla\Extensions
[2012/02/04 14:38:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luís\AppData\Roaming\mozilla\Firefox\Profiles\mickfumw.default\extensions
[2010/08/05 11:45:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Luís\AppData\Roaming\mozilla\Firefox\Profiles\mickfumw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/01 13:38:34 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Luís\AppData\Roaming\mozilla\Firefox\Profiles\mickfumw.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/10/24 15:18:37 | 000,000,000 | ---D | M] (QuickProxy) -- C:\Users\Luís\AppData\Roaming\mozilla\Firefox\Profiles\mickfumw.default\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}
[2010/11/01 20:00:46 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Luís\AppData\Roaming\mozilla\Firefox\Profiles\mickfumw.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011/06/01 13:38:30 | 000,000,000 | ---D | M] (Orkut Manager) -- C:\Users\Luís\AppData\Roaming\mozilla\Firefox\Profiles\mickfumw.default\extensions\om.brunolm@gmail.com
[2011/08/28 03:45:31 | 000,000,000 | ---D | M] (Verificador Ortográfico para Português do Brasil.) -- C:\Users\Luís\AppData\Roaming\mozilla\Firefox\Profiles\mickfumw.default\extensions\pt-BR@dellalibera.sf.net
[2012/02/04 14:38:25 | 000,000,000 | ---D | M] (Echofon) -- C:\Users\Luís\AppData\Roaming\mozilla\Firefox\Profiles\mickfumw.default\extensions\twitternotifier@naan.net
[2011/11/11 11:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) -- C:\USERS\LUÃ*S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MICKFUMW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
File not found (No name found) -- C:\USERS\LUÃ*S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MICKFUMW.DEFAULT\EXTENSIONS\PT-BR@DELLALIBERA.SF.NET
[2012/03/03 00:37:19 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/03 00:37:17 | 000,001,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\buscape.xml
[2012/03/03 00:37:17 | 000,001,212 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mercadolivre.xml
[2012/03/03 00:37:17 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/03/03 00:37:17 | 000,001,168 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-br.xml
[2012/03/03 00:37:17 | 000,000,952 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-br.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lu\u00EDs\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Lu\u00EDs\AppData\Local\Google\Chrome\Application\17.0.963.56\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lu\u00EDs\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Lu\u00EDs\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2006/09/18 18:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-3401796189-860128465-4073613164-1000\..\Toolbar\WebBrowser: (no name) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Arquivos de Programas\ASUS\Ai Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [CPU Power Monitor] C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe ()
O4 - HKLM..\Run: [F-PROT Antivirus Tray application] C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe (FRISK Software International)
O4 - HKLM..\Run: [SoundTray] C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe (Sonic Focus, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3401796189-860128465-4073613164-1000..\Run: [{562F6F29-C526-AD7E-7C56-21126A67020F}] C:\Users\Luís\AppData\Roaming\Ymdypy\wyvy.exe (2q3wet Corporation)
O4 - HKU\S-1-5-21-3401796189-860128465-4073613164-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3401796189-860128465-4073613164-1000\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB336DE1-9B58-4398-9007-7B56EA7DAD45}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D713CBC9-5FB3-428A-936D-5BE1D6F75EBB}: DhcpNameServer = 200.204.0.138
O18:64bit: - Protocol\Handler\hddlife - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\hddlife {BD758015-47D9-477A-8873-4B688A2BC0E2} - C:\Program Files (x86)\Common Files\BinarySense\hlAPP.dll (BinarySense, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Luís\Pictures\Wallpapers\eyeofthestormbyredxen31lz6.jpg
O24 - Desktop BackupWallPaper: C:\Users\Luís\Pictures\Wallpapers\eyeofthestormbyredxen31lz6.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 18:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3956487a-b6bc-11de-9572-002354057333}\Shell\AutoRun\command - "" = y8.exe
O33 - MountPoints2\{3956487a-b6bc-11de-9572-002354057333}\Shell\open\Command - "" = y8.exe
O33 - MountPoints2\{6a5d87f0-904f-11de-a98b-002354057332}\Shell\AutoRun\command - "" = kgji.exe
O33 - MountPoints2\{6a5d87f0-904f-11de-a98b-002354057332}\Shell\open\Command - "" = kgji.exe
O33 - MountPoints2\{73ebb174-93e1-11de-b10d-002354057333}\Shell\AutoRun\command - "" = E:\y8.exe
O33 - MountPoints2\{73ebb174-93e1-11de-b10d-002354057333}\Shell\open\Command - "" = E:\y8.exe
O33 - MountPoints2\{881f1c47-97ee-11de-8e2d-002354057333}\Shell\AutoRun\command - "" = y8.exe
O33 - MountPoints2\{881f1c47-97ee-11de-8e2d-002354057333}\Shell\open\Command - "" = y8.exe
O33 - MountPoints2\{8dd49618-c268-11de-b232-002354057333}\Shell\AutoRun\command - "" = y8.exe
O33 - MountPoints2\{8dd49618-c268-11de-b232-002354057333}\Shell\open\Command - "" = y8.exe
O33 - MountPoints2\{c6b3640c-ce3f-11de-b0fd-002354057333}\Shell\AutoRun\command - "" = F:\Driver\Files\DT.exe
O33 - MountPoints2\{c6b3640c-ce3f-11de-b0fd-002354057333}\Shell\open\command - "" = F:\Driver\Files\DT.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/03 17:10:56 | 000,585,216 | ---- | C] (OldTimer Tools) -- C:\Users\Luís\OTL.exe
[2012/03/03 15:34:33 | 000,178,312 | ---- | C] (Symantec Corporation) -- C:\Users\Luís\FxBgbear.exe
[2012/03/03 01:46:41 | 000,000,000 | ---D | C] -- C:\Users\Luís\AppData\Roaming\FRISK Software
[2012/03/03 01:31:03 | 000,842,144 | ---- | C] (FRISK Software International) -- C:\Windows\SysNative\drivers\FPAV_RTP.sys
[2012/03/03 01:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\FRISK Software
[2012/03/03 01:31:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FRISK Software
[2012/03/02 22:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2012/03/02 22:37:55 | 038,808,920 | ---- | C] (Microsoft Corporation) -- C:\Users\Luís\FileFormatConverters.exe
[2012/03/02 14:35:00 | 000,000,000 | ---D | C] -- C:\Users\Luís\AppData\Roaming\Miva
[2012/03/02 14:35:00 | 000,000,000 | ---D | C] -- C:\Users\Luís\AppData\Roaming\Azudl
[2012/03/02 14:34:45 | 000,000,000 | ---D | C] -- C:\Users\Luís\AppData\Roaming\Ymdypy
[2012/03/02 14:34:45 | 000,000,000 | ---D | C] -- C:\Users\Luís\AppData\Roaming\Heut
[2012/02/17 12:43:58 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/17 12:43:58 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/17 12:43:57 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/17 12:43:57 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/17 12:43:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/17 12:43:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/17 12:43:56 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/17 12:43:56 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/17 12:43:56 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/17 12:43:55 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/17 12:43:55 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/16 12:44:26 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/08 10:37:37 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/02/08 10:37:36 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/02/08 10:37:36 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/02/08 10:37:36 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/02/08 10:37:36 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/02/08 10:37:36 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/02/08 10:37:36 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/02/08 10:37:36 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/02/08 10:37:36 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/02/08 10:37:36 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/02/08 10:37:36 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/02/08 10:37:36 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/02/08 10:37:36 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/02/08 10:37:35 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/02/08 10:37:35 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/02/08 10:37:35 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/02/08 10:37:35 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/02/08 10:37:33 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/02/08 10:37:33 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/02/08 10:37:33 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/02/08 10:37:33 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/02/08 10:37:33 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/02/08 10:37:33 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/02/08 10:37:33 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2012/02/08 10:37:33 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/02/08 10:37:33 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/02/08 10:37:33 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/02/08 10:37:33 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/02/08 10:37:32 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/02/08 10:37:31 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/02/08 10:37:31 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/02/08 10:37:31 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/02/08 10:37:31 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/02/08 10:37:31 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll
[2012/02/08 10:37:31 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/02/08 10:37:31 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/02/08 10:37:31 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/02/08 10:37:31 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/02/08 10:37:31 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/02/08 10:37:31 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/02/08 10:37:30 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/02/08 10:37:30 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/02/08 10:37:30 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/02/08 10:37:30 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/02/08 10:37:30 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/02/08 10:37:30 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/02/08 10:37:30 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/02/08 10:37:29 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/02/08 10:37:29 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/02/08 10:37:29 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/02/08 10:37:29 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/02/08 10:37:29 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/02/08 10:37:29 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/02/08 10:37:29 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/02/08 10:37:29 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/02/08 10:37:29 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/02/08 10:37:29 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/02/08 10:37:28 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/08 10:37:28 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/02/08 10:37:28 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/02/08 10:37:28 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/02/08 10:37:28 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/02/08 10:37:28 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll

========== Files - Modified Within 30 Days ==========

[2012/03/03 17:35:04 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3401796189-860128465-4073613164-1000UA.job
[2012/03/03 17:19:09 | 001,469,844 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/03 17:19:09 | 000,643,338 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2012/03/03 17:19:09 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/03 17:19:09 | 000,124,862 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2012/03/03 17:19:09 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/03 17:13:01 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/03 17:13:01 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/03 17:12:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/03 17:12:54 | 4294,041,600 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/03 17:11:04 | 000,585,216 | ---- | M] (OldTimer Tools) -- C:\Users\Luís\OTL.exe
[2012/03/03 15:34:36 | 000,178,312 | ---- | M] (Symantec Corporation) -- C:\Users\Luís\FxBgbear.exe
[2012/03/03 13:35:00 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3401796189-860128465-4073613164-1000Core.job
[2012/03/03 01:59:44 | 000,047,722 | ---- | M] () -- C:\Users\Luís\f-bugbr.zip
[2012/03/03 01:26:30 | 036,979,200 | ---- | M] () -- C:\Users\Luís\fpav-windows-x64-hc-en.msi
[2012/03/03 01:26:15 | 036,495,872 | ---- | M] () -- C:\Users\Luís\fpav-windows-x86-hc-en.msi
[2012/03/02 22:39:26 | 038,808,920 | ---- | M] (Microsoft Corporation) -- C:\Users\Luís\FileFormatConverters.exe
[2012/03/01 12:40:03 | 000,013,384 | ---- | M] () -- C:\Windows\SysNative\.rsp
[2012/03/01 12:40:03 | 000,001,479 | ---- | M] () -- C:\Windows\SysNative\.lck
[2012/02/18 09:39:58 | 000,353,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/08 10:37:52 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat
[2012/02/08 10:37:52 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat
[2012/02/08 10:37:52 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat
[2012/02/08 10:37:52 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat
[2012/02/08 10:37:37 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/02/08 10:37:36 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/02/08 10:37:36 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/02/08 10:37:36 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/02/08 10:37:36 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/02/08 10:37:36 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/02/08 10:37:36 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/02/08 10:37:36 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/02/08 10:37:36 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/02/08 10:37:36 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/02/08 10:37:36 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/02/08 10:37:36 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/02/08 10:37:36 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/02/08 10:37:36 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/02/08 10:37:35 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/02/08 10:37:35 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/02/08 10:37:35 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/02/08 10:37:35 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/02/08 10:37:33 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/02/08 10:37:33 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/02/08 10:37:33 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/02/08 10:37:33 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/02/08 10:37:33 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/02/08 10:37:33 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/02/08 10:37:33 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2012/02/08 10:37:33 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/02/08 10:37:33 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/02/08 10:37:33 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/02/08 10:37:33 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/02/08 10:37:32 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/02/08 10:37:31 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/02/08 10:37:31 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/02/08 10:37:31 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/02/08 10:37:31 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/02/08 10:37:31 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll
[2012/02/08 10:37:31 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/02/08 10:37:31 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/02/08 10:37:31 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/02/08 10:37:31 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/02/08 10:37:31 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/02/08 10:37:31 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/02/08 10:37:30 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/02/08 10:37:30 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/02/08 10:37:30 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/02/08 10:37:30 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/02/08 10:37:30 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/02/08 10:37:30 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/02/08 10:37:30 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/02/08 10:37:29 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/02/08 10:37:29 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/02/08 10:37:29 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/02/08 10:37:29 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/02/08 10:37:29 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/02/08 10:37:29 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/02/08 10:37:29 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/02/08 10:37:29 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/02/08 10:37:29 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/02/08 10:37:29 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/02/08 10:37:29 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/02/08 10:37:28 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/08 10:37:28 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/02/08 10:37:28 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/02/08 10:37:28 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/02/08 10:37:28 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/02/08 10:37:28 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll

========== Files Created - No Company Name ==========

[2012/03/03 15:06:02 | 000,094,208 | ---- | C] () -- C:\Users\Luís\f-bugbr.exe
[2012/03/03 01:59:38 | 000,047,722 | ---- | C] () -- C:\Users\Luís\f-bugbr.zip
[2012/03/03 01:31:07 | 000,002,094 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F-PROT Antivirus for Windows.lnk
[2012/03/03 01:21:58 | 036,979,200 | ---- | C] () -- C:\Users\Luís\fpav-windows-x64-hc-en.msi
[2012/03/03 01:21:46 | 036,495,872 | ---- | C] () -- C:\Users\Luís\fpav-windows-x86-hc-en.msi
[2012/02/08 10:37:36 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/02/08 10:37:29 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/12/22 10:19:49 | 000,000,000 | ---- | C] () -- C:\ProgramData\12"senha + email"
[2011/12/22 10:19:36 | 000,000,000 | ---- | C] () -- C:\ProgramData\12"senha + email"
[2011/09/22 20:51:39 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2011/09/22 20:51:39 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2011/09/22 20:51:39 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2011/09/22 20:51:39 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2011/09/22 20:51:39 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2011/09/22 20:51:39 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/20 16:31:29 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2010/12/20 20:10:25 | 000,000,140 | ---- | C] () -- C:\Windows\SysWow64\ptl5.dat.{B03B289B-C438-4D0F-B3B0-52F9FE7B661D}
[2010/12/20 19:58:57 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\ptlx55.dat.{5728B11F-B697-47AA-9C1B-8ECB545B5193}

========== LOP Check ==========

[2010/06/06 17:08:01 | 000,000,000 | -HSD | M] -- C:\Users\Luís\AppData\Roaming\.#
[2010/06/08 01:24:26 | 000,000,000 | ---D | M] -- C:\Users\Luís\AppData\Roaming\AnvSoft
[2012/03/02 14:35:00 | 000,000,000 | ---D | M] -- C:\Users\Luís\AppData\Roaming\Azudl
[2009/09/14 01:43:52 | 000,000,000 | ---D | M] -- C:\Users\Luís\AppData\Roaming\BinarySense
[2011/08/31 03:14:18 | 000,000,000 | ---D | M] -- C:\Users\Luís\AppData\Roaming\DAEMON Tools Lite
[2012/03/03 01:46:41 | 000,000,000 | ---D | M] -- C:\Users\Luís\AppData\Roaming\FRISK Software
[2009/10/16 03:25:26 | 000,000,000 | ---D | M] -- C:\Users\Luís\AppData\Roaming\GlobalSCAPE
[2012/03/03 02:01:47 | 000,000,000 | ---D | M] -- C:\Users\Luís\AppData\Roaming\Heut
[2009/10/24 22:31:22 | 000,000,000 | ---D | M] -- C:\Users\Luís\AppData\Roaming\JonDo
[2012/03/02 14:35:00 | 000,000,000 | ---D | M] -- C:\Users\Luís\AppData\Roaming\Miva
[2009/12/11 20:25:28 | 000,000,000 | ---D | M] -- C:\Users\Luís\AppData\Roaming\Publish Providers
[2010/06/08 00:45:58 | 000,000,000 | ---D | M] -- C:\Users\Luís\AppData\Roaming\Sony
[2009/08/23 22:43:25 | 000,000,000 | ---D | M] -- C:\Users\Luís\AppData\Roaming\TMP
[2009/09/05 11:22:07 | 000,000,000 | ---D | M] -- C:\Users\Luís\AppData\Roaming\Ubisoft
[2011/09/22 20:53:11 | 000,000,000 | ---D | M] -- C:\Users\Luís\AppData\Roaming\Ulead Systems
[2009/08/24 02:36:52 | 000,000,000 | ---D | M] -- C:\Users\Luís\AppData\Roaming\VitySoft
[2012/03/02 14:34:45 | 000,000,000 | ---D | M] -- C:\Users\Luís\AppData\Roaming\Ymdypy
[2012/03/03 17:11:41 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 48 bytes -> C:\Windows:6A1469756AEF0BC2
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:2BE9FEFC

< End of report >

Algu´´em pode me dar uma ajuda ?
Estou ficando louco aqui.. hahaha

Abraços.

 

[Luis_Oliveira]

Desculpem-me pelo flood, mas n~~ao consigo postar os 2 logs no mesmo post, talvez por serem muito grandes.. hahaha

Extras.txt:

Spoiler

OTL Extras logfile created on: 03/03/2012 17:35:27 - Run 1
OTL by OldTimer - Version 3.2.35.0 Folder = C:\Users\Luís
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 51,75% Memory free
8,21 Gb Paging File | 6,03 Gb Available in Paging File | 73,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 285,48 Gb Free Space | 61,29% Space Free | Partition Type: NTFS

Computer Name: LUÍS-PC | User Name: Luís | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3401796189-860128465-4073613164-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 51 09 65 DC 58 24 CA 01 [binary data]
"VistaSp2" = 17 52 86 E3 85 24 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2305EC7A-D338-440D-A756-52C40FFBA8FD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{241AD263-1E88-4A2D-AABF-2B6790554C6A}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D07F998-6276-4DED-8CDD-C57DE3C249F6}" = protocol=17 | dir=in | app=c:\users\luís\downloads\solutoinstaller.exe |
"{1A9CD646-26A0-4C50-A201-9105AB06B1A2}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx10.exe |
"{1CF4E59D-CB6F-4D58-A695-25266E35929C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{1E24C64A-D99D-4609-A766-E453FEF9AB9F}" = protocol=6 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe |
"{21245D21-1DC7-4E61-B085-688466E63B3F}" = protocol=17 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe |
"{2407601B-99E4-4121-8BF3-D6B04E30343E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{286C08E3-B7B1-4C21-829A-D3F0C175CD12}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{2AD05A86-9FE9-4D9B-B66E-EC9A36FB550F}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx9.exe |
"{2F0E714B-C481-467D-8B46-4D30AA04859D}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{488A00CA-4D70-4C55-A329-D4B11FA6B458}" = protocol=6 | dir=in | app=c:\users\luís\downloads\solutoinstaller.exe |
"{4B027700-65BB-4B6B-A39E-BE3A196FC443}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{54B1F75A-8420-4ABF-89DD-D03517930676}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx10.exe |
"{8B8E8D26-8546-4908-A836-DFF4358BB86A}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{8C41F5A8-A5F9-4878-9682-9210EED6BB38}" = protocol=6 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe |
"{9037452B-2594-47B6-AF0C-84BFD3DB56F3}" = protocol=17 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe |
"{92A5578A-E169-4EB0-B080-E32AA4024A3F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{99560D8A-02AA-42D8-882D-222C29239586}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{A6B34C9C-90CC-40AE-BA17-CCA0C3C690BD}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{B8EC75F9-958E-436A-A3D0-03C40899EF81}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{BFEF9F69-68BB-4E81-B7B4-F605EDC46B7C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C0725168-BBF8-4AD2-A7A0-D1435DF830BA}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{D5CCCCD1-A76C-48DB-BD51-6CF0ABCA2A4F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{E0773F2B-64E0-407E-8FC2-A92A7CCC1635}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{EAE4ED6C-EF1A-4CF9-99B4-6ACE8CB3C6CA}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{F32B87EF-0C56-4B75-8837-C300980D986B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F3F33362-8742-4925-9F13-C4D7C671D651}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx9.exe |
"{FEFF58F3-74F7-49BB-819E-87627E1C3C24}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"TCP Query User{017B98FB-DDDC-48F4-8A1B-060551E2F7A1}C:\program files (x86)\vertrigoserv\mysql\bin\v_mysqld.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vertrigoserv\mysql\bin\v_mysqld.exe |
"TCP Query User{0C56DABF-8111-4F71-A456-152C25D803A6}C:\program files (x86)\k-lite codec pack\media player classic\mplayerc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\k-lite codec pack\media player classic\mplayerc.exe |
"TCP Query User{21E4169B-74F0-4319-AAF3-0B2E0F262903}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{3760F7F3-A570-420E-9CF8-F5B3E88D1376}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{5334CE18-BF02-42C2-A8B3-615AC9088F85}C:\users\luís\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\luís\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{56545C6B-E793-4370-AA69-51D9EEFFA8FB}C:\users\luís\appdata\roaming\ymdypy\wyvy.exe" = protocol=6 | dir=in | app=c:\users\luís\appdata\roaming\ymdypy\wyvy.exe |
"TCP Query User{5892A9FB-C5A3-4295-B855-1055448AAD0A}C:\program files (x86)\globalscape\cuteftp 8 professional\ftpte.exe" = protocol=6 | dir=in | app=c:\program files (x86)\globalscape\cuteftp 8 professional\ftpte.exe |
"TCP Query User{65874244-6DAE-4287-BA92-A67007D01459}C:\program files (x86)\vertrigoserv\apache\bin\v_apache.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vertrigoserv\apache\bin\v_apache.exe |
"TCP Query User{75AFBF38-6A5B-4A0B-AD9F-DFFDE3663B07}C:\users\luís\appdata\roaming\ymdypy\wyvy.exe" = protocol=6 | dir=in | app=c:\users\luís\appdata\roaming\ymdypy\wyvy.exe |
"TCP Query User{AFB00A80-7A3B-41C4-A29F-548962796878}C:\program files (x86)\vertrigoserv\mysql\bin\v_mysqld.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vertrigoserv\mysql\bin\v_mysqld.exe |
"TCP Query User{C5B79DA4-4112-41E6-93E0-6B6F328A0EFB}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{DBBE302E-823C-4CB8-B2B6-E952F4361D79}C:\program files (x86)\vertrigoserv\apache\bin\v_apache.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vertrigoserv\apache\bin\v_apache.exe |
"TCP Query User{DC4E1688-F214-43D7-A9A7-4C4BF6017ACD}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{DFF732D6-582E-4C31-AE4F-47ACFDE4F6C8}C:\program files (x86)\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\hl.exe |
"TCP Query User{EEBEEB89-E21F-41D0-9F82-571D441FFEA5}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{2828D5D0-1C5D-410E-B7D0-11FC853AF16C}C:\program files (x86)\vertrigoserv\mysql\bin\v_mysqld.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vertrigoserv\mysql\bin\v_mysqld.exe |
"UDP Query User{3C58B099-6DE3-4ED3-962D-633E914E9477}C:\program files (x86)\vertrigoserv\apache\bin\v_apache.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vertrigoserv\apache\bin\v_apache.exe |
"UDP Query User{4779C7D8-6426-4D5D-99CC-407FC91FB166}C:\users\luís\appdata\roaming\ymdypy\wyvy.exe" = protocol=17 | dir=in | app=c:\users\luís\appdata\roaming\ymdypy\wyvy.exe |
"UDP Query User{4D5D0070-0F7B-4AD5-ABC9-51DC3A566405}C:\users\luís\appdata\roaming\ymdypy\wyvy.exe" = protocol=17 | dir=in | app=c:\users\luís\appdata\roaming\ymdypy\wyvy.exe |
"UDP Query User{5CE48CE9-87D9-4E5B-8462-EEC313019F13}C:\program files (x86)\globalscape\cuteftp 8 professional\ftpte.exe" = protocol=17 | dir=in | app=c:\program files (x86)\globalscape\cuteftp 8 professional\ftpte.exe |
"UDP Query User{70B805EF-D2B5-4C8E-963D-1434E8F562E1}C:\program files (x86)\k-lite codec pack\media player classic\mplayerc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\k-lite codec pack\media player classic\mplayerc.exe |
"UDP Query User{8009EEC1-48D8-4F1D-A77B-056A4C36A417}C:\program files (x86)\vertrigoserv\mysql\bin\v_mysqld.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vertrigoserv\mysql\bin\v_mysqld.exe |
"UDP Query User{8B0B21D3-66DA-4355-B82D-B8E9782844AC}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{9BBCEB36-87CD-4CB7-8D1E-48DEB4B5C52F}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{A36F13CC-9210-40C9-B2F9-123B638DEDEC}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{B1754503-2752-4BEE-9D0D-80EDAB409D70}C:\users\luís\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\luís\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{C7BAE5D5-CC3D-4231-AF7A-96307FBDDD5D}C:\program files (x86)\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\hl.exe |
"UDP Query User{EC2FF78D-191F-4B98-B12D-C8F3E1ABCD2A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{F8326067-498F-4177-89CE-91205501AB53}C:\program files (x86)\vertrigoserv\apache\bin\v_apache.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vertrigoserv\apache\bin\v_apache.exe |
"UDP Query User{FD8EFE74-CF9C-414F-83D3-FE4B0DA4A5F0}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1438B41C-658C-35B7-9253-780F2E0A0B8E}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ptb
"{27B84DEC-78D2-E520-4B4F-DB6CE8CEC318}" = ccc-utility64
"{5254156F-AA77-499A-B7C1-D5581D44E788}" = Marvell Miniport Driver
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B7693CDE-074B-301C-9584-FC4343696C8B}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack
"{B88F5E68-B0FB-950F-EC6F-82FB18DF3E5D}" = ATI Catalyst Install Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2
"Microsoft .NET Framework 3.5 Language Pack SP1 - ptb" = Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
"WinRAR archiver" = Arquivo do WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B141C08-51E5-4224-81BD-5FC967195734}" = LG USB Modem Driver-MDMS
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call
"{66B6D13A-9CC1-417D-B6F2-58AA539D1046}" = Nero 7 Essentials
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D1ACE56-38B1-1055-5926-EADFB056F2F2}" = Catalyst Control Center InstallProxy
"{6F95F0C8-95BA-C742-4518-B0DB5E70C697}" = Catalyst Control Center HydraVision Full
"{6FFDCE15-3ED2-345C-1427-8FA9FD31F00B}" = ccc-core-static
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7FB9B2BA-4D63-2443-449C-636349E19582}" = Catalyst Control Center Graphics Light
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A54169C1-D596-3D2A-545A-FE0F9D0CB02A}" = Catalyst Control Center Core Implementation
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B210130E-835C-4581-A695-CE10616B8B55}_is1" = Driver Sweeper 2.0.5
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BC94ECAE-9957-9F57-5B88-DB9D73252B90}" = Catalyst Control Center Graphics Full New
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BEF74D66-A6EC-B084-68F7-B35DE80F0768}" = CCC Help English
"{CCC4E428-411E-4605-B515-317D50ABD477}" = Ulead DVD MovieFactory 6
"{CF8F115B-A76E-B5EA-9262-E036FF673F97}" = Catalyst Control Center Graphics Previews Common
"{D0C17D81-D40D-4C23-B8FA-95E817D0B7BE}" = F-PROT Antivirus for Windows x64
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
"{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}" = Vegas Movie Studio Platinum 9.0
"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E2C051BE-EFBA-62BE-38D1-B9C703E897B3}" = Catalyst Control Center Graphics Full Existing
"{E303AE56-119E-E516-9C69-960456160E90}" = Catalyst Control Center Graphics Previews Vista
"{E352C82D-3303-4C9B-A64A-5680466996D6}" = HDDlife Pro 3.1
"{E60BFE17-F44C-4A28-9ACF-1DD7362B0278}_is1" = Acunetix Web Vulnerability Scanner 6.0
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Easy GIF Animator_is1" = Easy GIF Animator 5.21
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.02
"Fraps" = Fraps
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"InstallShield_{CCC4E428-411E-4605-B515-317D50ABD477}" = Ulead DVD MovieFactory 6 TBYB
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.0.5
"MediaMonkey_is1" = MediaMonkey 3.1
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox 10.0.2 (x86 pt-BR)" = Mozilla Firefox 10.0.2 (x86 pt-BR)
"NoIPDUC" = No-IP DUC
"OpenAL" = OpenAL
"Polipo" = Polipo 1.0.4.1
"PremiumSoft Navicat 8.2 for MySQL_is1" = PremiumSoft Navicat 8.2 for MySQL
"RealPlayer 12.0" = RealPlayer
"Simple Port Forwarding" = Simple Port Forwarding
"SopCast" = SopCast 3.0.3
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 6" = TeamViewer 6
"ToolBox" = NCH Toolbox
"Tor" = Tor 0.2.1.26
"Uninstall_is1" = Uninstall 1.0.0.1
"VertrigoServ" = VertrigoServ (remove only)
"Vidalia" = Vidalia 0.2.9
"VideoPad" = VideoPad Video Editor
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3401796189-860128465-4073613164-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/03/2011 02:01:27 | Computer Name = Luís-PC | Source = MsiInstaller | ID = 11913
Description =

Error - 04/03/2011 02:01:27 | Computer Name = Luís-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 05/03/2011 14:58:14 | Computer Name = Luís-PC | Source = MsiInstaller | ID = 11913
Description =

Error - 05/03/2011 14:58:18 | Computer Name = Luís-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 05/03/2011 14:58:30 | Computer Name = Luís-PC | Source = MsiInstaller | ID = 11913
Description =

Error - 05/03/2011 14:58:31 | Computer Name = Luís-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 06/03/2011 16:16:02 | Computer Name = Luís-PC | Source = MsiInstaller | ID = 11913
Description =

Error - 06/03/2011 16:16:04 | Computer Name = Luís-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 06/03/2011 16:19:42 | Computer Name = Luís-PC | Source = MsiInstaller | ID = 11913
Description =

Error - 06/03/2011 16:19:42 | Computer Name = Luís-PC | Source = MsiInstaller | ID = 1024
Description =

[ System Events ]
Error - 01/03/2012 11:47:54 | Computer Name = Luís-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 01/03/2012 11:47:54 | Computer Name = Luís-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 01/03/2012 11:47:54 | Computer Name = Luís-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 02/03/2012 02:01:28 | Computer Name = Luís-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 02/03/2012 02:01:47 | Computer Name = Luís-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 02/03/2012 02:02:59 | Computer Name = Luís-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 03/03/2012 02:01:40 | Computer Name = Luís-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 03/03/2012 02:02:09 | Computer Name = Luís-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 03/03/2012 02:03:19 | Computer Name = Luís-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 03/03/2012 16:16:13 | Computer Name = Luís-PC | Source = Service Control Manager | ID = 7034
Description =


< End of report >

 

[glunteer]

Postando para ver se tudo está certinho.

OTL.TXT

http://pastebin.com/XZqUwiH8

 

[andlsa]

andlsa, peço que faça o que o amigo wmh sugeriu -- colocar os logs entre spoilers. Os logs do OTL são demasiadamente grandes. Voltando ao assunto, os logs que você postou são os da primeira vez que você postou aqui no tópico. Muita coisa pode ter mudado no sistema. Por favor, poste um log atualizado do OTL aqui.
A princípio, não vi nenhuma entrada relacionada ao TDSS nos logs. Porém, como trata-se de um rootkit, ele pode estar invisível. Ao invés de criar um log normal do OTL, siga as instruções do spoiler abaixo.

Spoiler

Abra o OTL e marque as opções abaixo:

Verificar All Users
Ignorar Arquivos Microsoft
Usar WhiteList para Nomes de Companhias
Verificar Lop
Verificar Purity

Clique em Verificar e serão criados os relatórios OTL.txt e Extras.txt no desktop. Poste apenas o OTL.Txt.

Beleza, desculpe, sou novato por aqui. Valeu pela dica, wmh!

O Pc Tools Internet Security continua detectando o Rootkit.TDSS.v2, e quando vou ver um video seja qual for sua extensão, o mesmo "congela" durante um minuto. Se eu entro no Windows Explorer ele reinicia, sendo que o S.O. não está mais reiniciando como a um tempo atrás, de cinco em cinco segundos. menos mau.

Spoiler

OTL logfile created on: 04/03/2012 11:19:44 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Anderson Backup\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 68,18% Memory free
6,00 Gb Paging File | 4,18 Gb Available in Paging File | 69,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 54,52 Gb Total Space | 11,66 Gb Free Space | 21,39% Space Free | Partition Type: NTFS
Drive E: | 20,00 Gb Total Space | 0,46 Gb Free Space | 2,31% Space Free | Partition Type: NTFS

Computer Name: AND-PC | User Name: Anderson Backup | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/17 18:29:59 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/02/15 18:21:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Anderson Backup\Desktop\OTL.exe
PRC - [2012/02/01 21:39:53 | 000,499,312 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2012/02/01 21:39:52 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/01/29 19:29:10 | 000,341,920 | ---- | M] () -- C:\Program Files\TIM Communicator\orolixcommunicator.exe
PRC - [2012/01/27 21:49:39 | 000,026,528 | ---- | M] (Orolix Desenvolvimento de Software LTDA.) -- C:\Program Files\TIM Communicator\module\devicemon.exe
PRC - [2012/01/16 15:28:30 | 000,546,768 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2012/01/11 15:18:14 | 002,659,768 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
PRC - [2012/01/11 15:18:14 | 001,117,624 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
PRC - [2012/01/11 13:56:12 | 000,402,336 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
PRC - [2012/01/11 13:56:08 | 000,071,008 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\TFEngine\TFService.exe
PRC - [2011/10/15 05:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/15 05:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/10/15 05:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/10/14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/08/15 14:16:42 | 001,051,968 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\Integrator.exe
PRC - [2011/08/15 14:11:40 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011/08/15 14:09:06 | 001,526,080 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/06 17:33:00 | 000,393,112 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 03:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/12/23 18:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009/08/10 14:59:50 | 000,178,720 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2009/08/10 14:59:48 | 000,387,616 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2009/08/04 16:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/08/04 16:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/07/31 15:00:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Jdownloader\CommonFiles\Java\bin\javaw.exe
PRC - [2008/06/25 02:08:20 | 001,855,488 | ---- | M] (C-Media Electronic Inc. (C-Media Electronics, Inc.)) -- C:\Windows\mixer.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/17 18:29:59 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/01 21:40:30 | 000,020,992 | ---- | M] () -- c:\Program Files\Real\RealPlayer\lang\pdgenxfer_br.dll
MOD - [2012/01/29 19:29:10 | 000,341,920 | ---- | M] () -- C:\Program Files\TIM Communicator\orolixcommunicator.exe
MOD - [2012/01/29 19:24:34 | 000,032,160 | ---- | M] () -- C:\Program Files\TIM Communicator\module\modqoscommunicator.dll
MOD - [2012/01/27 20:32:02 | 000,968,704 | ---- | M] () -- C:\Users\Anderson Backup\AppData\Roaming\Mozilla\Firefox\Profiles\ce9qzd59.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2012/01/11 15:18:42 | 000,861,112 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\SpamMonitor\SMPlugin.dll
MOD - [2012/01/11 15:18:16 | 000,376,248 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\PCTUI\PCTUI.dll
MOD - [2012/01/09 15:56:56 | 000,079,872 | ---- | M] () -- C:\Users\Anderson Backup\AppData\Roaming\Mozilla\Firefox\Profiles\ce9qzd59.default\extensions\{8c311d0a-7d76-4f96-a7b6-0a2758dee5a4}\components\RadioWMPCoreGecko10.dll
MOD - [2011/10/14 23:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/09/29 17:50:14 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/08/15 14:14:16 | 000,544,064 | ---- | M] () -- C:\Program Files\TuneUp Utilities 2011\TUSqlDB32.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/06/29 18:15:40 | 000,337,312 | ---- | M] () -- C:\Program Files\TIM Communicator\module\plugins\sqldrivers\qsqlite4.dll
MOD - [2010/06/29 18:15:40 | 000,222,624 | ---- | M] () -- C:\Program Files\TIM Communicator\module\plugins\phonon_backend\phonon_ds94.dll
MOD - [2010/06/29 18:15:40 | 000,189,856 | ---- | M] () -- C:\Program Files\TIM Communicator\module\plugins\imageformats\qjpeg4.dll
MOD - [2010/06/29 18:15:40 | 000,075,168 | ---- | M] () -- C:\Program Files\TIM Communicator\module\plugins\imageformats\qico4.dll
MOD - [2010/06/29 18:15:40 | 000,075,168 | ---- | M] () -- C:\Program Files\TIM Communicator\module\plugins\imageformats\qgif4.dll
MOD - [2010/06/29 10:15:56 | 007,796,128 | ---- | M] () -- C:\Program Files\TIM Communicator\module\QtWebKit4.dll
MOD - [2010/06/29 10:15:56 | 006,350,240 | ---- | M] () -- C:\Program Files\TIM Communicator\module\QtGui4.dll
MOD - [2010/06/29 10:15:56 | 001,770,912 | ---- | M] () -- C:\Program Files\TIM Communicator\module\QtCore4.dll
MOD - [2010/06/29 10:15:56 | 001,451,424 | ---- | M] () -- C:\Program Files\TIM Communicator\module\QtNetwork4.dll
MOD - [2010/06/29 10:15:56 | 000,263,584 | ---- | M] () -- C:\Program Files\TIM Communicator\module\QtXml4.dll
MOD - [2010/06/29 10:15:56 | 000,206,240 | ---- | M] () -- C:\Program Files\TIM Communicator\module\phonon4.dll
MOD - [2010/06/29 10:15:56 | 000,152,992 | ---- | M] () -- C:\Program Files\TIM Communicator\module\QtSql4.dll
MOD - [2009/07/30 17:15:32 | 000,503,202 | ---- | M] () -- C:\Program Files\DeviceVM\Browser Configuration Utility\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/02/11 21:26:26 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/27 21:49:39 | 000,026,528 | ---- | M] (Orolix Desenvolvimento de Software LTDA.) [Auto | Running] -- C:\Program Files\TIM Communicator\module\devicemon.exe -- (OrolixDeviceMonitor)
SRV - [2012/01/16 15:28:30 | 000,546,768 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012/01/11 15:18:14 | 001,117,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/01/11 13:56:12 | 000,402,336 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/01/11 13:56:08 | 000,071,008 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\PC Tools\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2011/10/15 05:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/15 14:09:06 | 001,526,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/08/15 14:03:24 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/06 17:33:00 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/01/24 13:49:34 | 000,310,640 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2011/01/08 12:44:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/12/23 18:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/08/10 14:59:50 | 000,178,720 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009/08/10 14:59:48 | 000,387,616 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2009/08/04 16:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 22:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2012/02/13 19:01:42 | 000,054,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\0ca6E9B.sys -- (0ca6E9B)
DRV - [2012/02/13 18:47:57 | 000,054,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\6c3223.sys -- (6c3223)
DRV - [2012/02/13 18:37:05 | 000,054,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\6c67A4E.sys -- (6c67A4E)
DRV - [2012/02/13 18:28:17 | 000,054,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\19bB13E.sys -- (19bB13E)
DRV - [2012/01/11 15:19:24 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2012/01/11 15:19:12 | 000,125,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2012/01/11 15:19:02 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2012/01/11 15:14:30 | 000,253,352 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2012/01/11 13:56:12 | 000,574,424 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfSysMon.sys -- (TFSysMon)
DRV - [2012/01/11 13:56:12 | 000,054,328 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2012/01/11 13:56:12 | 000,035,264 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2011/12/01 15:07:06 | 000,909,728 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2011/12/01 15:07:06 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2011/11/30 08:19:48 | 000,058,400 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctNdisLW.sys -- (pctNdisLW)
DRV - [2011/11/14 14:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011/11/14 14:12:24 | 000,162,584 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2011/11/09 15:33:30 | 000,091,136 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2011/10/15 05:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/09/28 12:14:02 | 000,056,840 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2011/05/31 14:03:04 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/01/08 15:57:36 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/11/20 03:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 03:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 03:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 01:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 01:21:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 00:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 00:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 00:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/08/30 10:19:54 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2010/08/12 11:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010/07/14 12:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2010/06/02 09:50:36 | 000,105,088 | ---- | M] (Onda Communication) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ONDAusbvoice.sys -- (ONDAusbvoice)
DRV - [2010/06/02 09:50:36 | 000,105,088 | ---- | M] (Onda Communication) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ondausbser6k.sys -- (ONDAusbser6k)
DRV - [2010/06/02 09:50:36 | 000,105,088 | ---- | M] (Onda Communication) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ondausbnmea.sys -- (ONDAusbnmea)
DRV - [2010/06/02 09:50:36 | 000,105,088 | ---- | M] (Onda Communication) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ondausbmdm6k.sys -- (ONDAusbmdm6k)
DRV - [2009/08/04 16:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2009/07/13 19:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/04/29 14:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)
DRV - [2008/06/25 02:08:20 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2007/11/08 10:30:08 | 000,454,656 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.sys -- (PAC7302)
DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-497863422-237361048-368514812-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = A maioria dos profissionais diretório websites, mais próximos os serviços vivos
IE - HKU\S-1-5-21-497863422-237361048-368514812-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
IE - HKU\S-1-5-21-497863422-237361048-368514812-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 CE EF 32 65 4E CC 01 [binary data]
IE - HKU\S-1-5-21-497863422-237361048-368514812-1007\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-497863422-237361048-368514812-1007\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-497863422-237361048-368514812-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "socialbrowser Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3083266&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: iobit@mybrowserbar.com:4.4
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.5
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:4.0.1
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.74.0
FF - prefs.js..extensions.enabledItems: glasser@sixxgate.com:3.5.2
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.2
FF - prefs.js..extensions.enabledItems: {d3f4b70a-92e0-4393-a0f3-976d03b1ebf5}:3.5.0.12
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1203
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3083266&SearchSource=2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ma-config.com/HardwareDetection: C:\Program Files\ma-config.com\nphardwaredetection.dll (Cybelsoft)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/01 21:40:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2012/02/11 16:00:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/17 18:29:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/01 21:40:27 | 000,000,000 | ---D | M]

[2011/07/28 20:49:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anderson Backup\AppData\Roaming\mozilla\Extensions
[2012/02/28 18:59:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anderson Backup\AppData\Roaming\mozilla\Firefox\Profiles\ce9qzd59.default\extensions
[2012/01/30 21:19:36 | 000,000,000 | ---D | M] (socialbrowser Community Toolbar) -- C:\Users\Anderson Backup\AppData\Roaming\mozilla\Firefox\Profiles\ce9qzd59.default\extensions\{8c311d0a-7d76-4f96-a7b6-0a2758dee5a4}
[2012/01/29 22:29:21 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Anderson Backup\AppData\Roaming\mozilla\Firefox\Profiles\ce9qzd59.default\extensions\foxmarks@kei.com
[2012/01/29 22:29:23 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Anderson Backup\AppData\Roaming\mozilla\Firefox\Profiles\ce9qzd59.default\extensions\support@lastpass.com
[2011/08/02 06:15:01 | 000,002,394 | ---- | M] () -- C:\Users\Anderson Backup\AppData\Roaming\Mozilla\Firefox\Profiles\ce9qzd59.default\searchplugins\askcom.xml
[2011/09/01 01:35:48 | 000,000,929 | ---- | M] () -- C:\Users\Anderson Backup\AppData\Roaming\Mozilla\Firefox\Profiles\ce9qzd59.default\searchplugins\conduit.xml
[2012/01/31 18:34:42 | 000,001,390 | ---- | M] () -- C:\Users\Anderson Backup\AppData\Roaming\Mozilla\Firefox\Profiles\ce9qzd59.default\searchplugins\yahoo-zugo.xml
[2012/02/01 21:17:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\ANDERSON BACKUP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CE9QZD59.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\ANDERSON BACKUP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CE9QZD59.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\USERS\ANDERSON BACKUP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CE9QZD59.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/02/17 18:29:59 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/12 16:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 16:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 16:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/10/12 16:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/12 18:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2010/10/12 16:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012/02/01 21:17:18 | 000,001,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\buscape.xml
[2012/02/01 21:17:18 | 000,001,212 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml
[2012/02/01 21:17:18 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/02/01 21:17:18 | 000,001,168 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-br.xml
[2012/02/01 21:17:18 | 000,000,952 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: ([2012/02/02 20:05:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-497863422-237361048-368514812-1007\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [C-Media Mixer] C:\Windows\mixer.exe (C-Media Electronic Inc. (C-Media Electronics, Inc.))
O4 - HKLM..\Run: [C-Media Speaker Configuration] C:\Program Files\C-Media\WIN_ME\Setup.exe ()
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKU\S-1-5-21-497863422-237361048-368514812-1007..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-497863422-237361048-368514812-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-497863422-237361048-368514812-1007..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10x_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-497863422-237361048-368514812-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-497863422-237361048-368514812-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-497863422-237361048-368514812-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-497863422-237361048-368514812-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-497863422-237361048-368514812-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-497863422-237361048-368514812-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Enviar para o OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.13.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DF936A8-3AA1-425E-BE05-C82D535A9FEE}: NameServer = 200.220.227.56 200.142.130.202
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/28 19:33:13 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/28 19:28:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/28 19:28:03 | 000,000,000 | --SD | C] -- C:\60329_combofix_12222178346
[2012/02/28 19:27:16 | 000,000,000 | --SD | C] -- C:\60329_combofix_12222183806
[2012/02/28 19:24:15 | 000,000,000 | --SD | C] -- C:\60329_combofix_122221177186
[2012/02/28 19:23:43 | 000,000,000 | --SD | C] -- C:\60329_combofix_122221100616
[2012/02/28 19:20:16 | 000,000,000 | --SD | C] -- C:\60329_combofix_122221183956
[2012/02/28 19:19:54 | 000,000,000 | --SD | C] -- C:\60329_combofix_122221
[2012/02/21 23:45:31 | 000,000,000 | ---D | C] -- C:\01d0815344442e0fd540
[2012/02/20 21:06:53 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\AppData\Local\{249B6E2E-CF46-4CAB-8EB8-6DE5804CE1E6}
[2012/02/20 21:06:19 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\AppData\Local\{CDBBD1EB-391B-4DBC-AE33-0A2E5CD4EEFB}
[2012/02/20 13:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Fire Screensaver
[2012/02/20 13:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\Free Fire Screensaver
[2012/02/20 13:26:13 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\AppData\Roaming\Laconic Software
[2012/02/20 13:17:51 | 005,223,122 | ---- | C] (Laconic Software) -- C:\Users\Anderson Backup\Desktop\free-fire-screensaver-downloadcom.exe
[2012/02/15 18:23:46 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Anderson Backup\Desktop\TDSSKiller.exe
[2012/02/15 18:21:17 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Anderson Backup\Desktop\OTL.exe
[2012/02/13 21:26:01 | 003,932,160 | ---- | C] (PC Tools ) -- C:\Users\Anderson Backup\Desktop\tfinstall(1).exe
[2012/02/13 20:29:18 | 002,901,264 | ---- | C] (PC Tools ) -- C:\Users\Anderson Backup\Desktop\tfinstall.exe
[2012/02/13 18:53:19 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/02/13 18:27:41 | 001,774,432 | ---- | C] (McAfee, Inc.) -- C:\Users\Anderson Backup\Desktop\Rootkit_Detective.exe
[2012/02/12 12:00:12 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\Desktop\explorer++_1.3.4_x86
[2012/02/12 02:00:44 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\Desktop\captchatrader
[2012/02/12 01:38:29 | 000,000,000 | ---D | C] -- C:\!KillBox
[2012/02/12 01:37:22 | 000,092,672 | ---- | C] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Users\Anderson Backup\Desktop\KillBox.exe
[2012/02/12 01:26:31 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Anderson Backup\Desktop\HijackThis.exe
[2012/02/12 00:49:34 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/02/12 00:49:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/12 00:39:59 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/12 00:29:21 | 000,000,000 | ---D | C] -- C:\60329_combofix_1112282301016
[2012/02/11 16:44:57 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\AppData\Roaming\PC Tools
[2012/02/11 16:44:54 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\AppData\Roaming\Spam Monitor
[2012/02/11 16:00:50 | 000,056,840 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTBD.sys
[2012/02/11 16:00:49 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012/02/11 16:00:48 | 002,246,608 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012/02/11 16:00:48 | 001,681,360 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012/02/11 15:59:50 | 000,253,352 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2012/02/11 15:59:50 | 000,107,864 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2012/02/11 15:59:36 | 000,017,848 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys
[2012/02/11 15:59:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/02/11 15:59:34 | 000,574,424 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
[2012/02/11 15:59:34 | 000,054,328 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
[2012/02/11 15:59:34 | 000,035,264 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys
[2012/02/11 15:59:24 | 000,091,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys
[2012/02/11 15:59:24 | 000,058,400 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdisLW.sys
[2012/02/11 15:59:23 | 000,125,888 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplfw.sys
[2012/02/11 15:59:23 | 000,032,936 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-DNS.sys
[2012/02/11 15:59:20 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2012/02/11 15:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/02/11 12:53:23 | 000,909,728 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2012/02/11 12:53:22 | 000,342,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2012/02/11 12:53:21 | 000,331,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2012/02/11 12:53:21 | 000,162,584 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2012/02/11 12:53:19 | 000,185,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012/02/11 12:40:12 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\AppData\Roaming\TestApp
[2012/02/11 06:39:38 | 000,000,000 | ---D | C] -- C:\60329_combofix_1112282219266
[2012/02/11 06:19:40 | 000,000,000 | ---D | C] -- C:\60329_combofix_1112282
[2012/02/08 18:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/02/08 18:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2012/02/06 19:34:38 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\AppData\Local\Ubisoft Game Launcher
[2012/02/06 18:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assassins Creed Revelations
[2012/02/06 18:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\AC Revelations
[2012/02/04 10:24:27 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\Documents\Assassin's Creed Revelations
[2011/08/01 22:06:39 | 003,486,088 | ---- | C] (Ask) -- C:\Program Files\Common Files\ApnToolbarInstaller.exe
[2011/08/01 22:06:39 | 000,143,240 | ---- | C] (Ask.com) -- C:\Program Files\Common Files\ApnStub.exe
[7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/04 11:01:39 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/04 11:01:39 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/04 10:59:15 | 000,675,200 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2012/03/04 10:59:15 | 000,626,678 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/04 10:59:15 | 000,133,936 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2012/03/04 10:59:15 | 000,111,216 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/04 10:56:12 | 001,856,693 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012/03/04 10:51:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/03 10:26:52 | 000,053,735 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\Tabela De Dieta.zip
[2012/03/01 19:21:25 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/02/29 23:53:30 | 000,077,312 | ---- | M] () -- C:\Users\Anderson Backup\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/28 19:31:22 | 002,044,186 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\tdsskiller(1).zip
[2012/02/27 12:59:34 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Anderson Backup\Desktop\TDSSKiller.exe
[2012/02/20 23:09:04 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/20 23:09:04 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/20 13:26:38 | 000,001,043 | ---- | M] () -- C:\Users\Public\Desktop\Configure Free Fire Screensaver.lnk
[2012/02/20 13:26:38 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\Launch Free Fire Screensaver.lnk
[2012/02/20 13:24:36 | 005,223,122 | ---- | M] (Laconic Software) -- C:\Users\Anderson Backup\Desktop\free-fire-screensaver-downloadcom.exe
[2012/02/16 22:00:29 | 000,000,868 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\TIM Communicator.lnk
[2012/02/16 18:12:35 | 002,041,519 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\tdsskiller.zip
[2012/02/16 06:09:34 | 000,413,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/15 18:21:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Anderson Backup\Desktop\OTL.exe
[2012/02/13 21:33:10 | 003,932,160 | ---- | M] (PC Tools ) -- C:\Users\Anderson Backup\Desktop\tfinstall(1).exe
[2012/02/13 21:20:08 | 002,901,264 | ---- | M] (PC Tools ) -- C:\Users\Anderson Backup\Desktop\tfinstall.exe
[2012/02/13 19:01:42 | 000,054,624 | ---- | M] () -- C:\Windows\System32\0ca6E9B.sys
[2012/02/13 19:01:39 | 002,335,270 | ---- | M] () -- C:\Windows\System32\9f96547.mht
[2012/02/13 18:47:57 | 000,054,624 | ---- | M] () -- C:\Windows\System32\6c3223.sys
[2012/02/13 18:47:49 | 002,335,270 | ---- | M] () -- C:\Windows\System32\88eE06F.mht
[2012/02/13 18:37:05 | 000,054,624 | ---- | M] () -- C:\Windows\System32\6c67A4E.sys
[2012/02/13 18:36:52 | 002,335,270 | ---- | M] () -- C:\Windows\System32\0404826.mht
[2012/02/13 18:28:17 | 000,054,624 | ---- | M] () -- C:\Windows\System32\19bB13E.sys
[2012/02/13 18:28:14 | 002,335,270 | ---- | M] () -- C:\Windows\System32\a77A5D8.mht
[2012/02/13 18:27:59 | 002,335,270 | ---- | M] () -- C:\Windows\System32\e096ABC.mht
[2012/02/13 18:22:07 | 000,744,853 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\PAVARK.exe
[2012/02/12 17:47:04 | 000,097,953 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\and.jpg
[2012/02/12 02:14:18 | 000,000,038 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\captchatrader.properties
[2012/02/12 02:08:24 | 000,592,189 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\explorer++_1.3.4_x86.zip
[2012/02/12 01:59:58 | 000,382,525 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\captchatrader4jdownloader_win.zip
[2012/02/12 01:36:29 | 000,090,350 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\Killbox 2.0.0.881.rar
[2012/02/12 01:27:47 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Anderson Backup\Desktop\HijackThis.exe
[2012/02/11 16:34:52 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SM.lock
[2012/02/11 15:59:42 | 000,002,159 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Internet Security.lnk
[2012/02/11 12:40:13 | 000,001,544 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\sdsetup.exe.lnk
[2012/02/09 17:36:25 | 000,001,634 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\Dungeon Siege III.exe - Atalho.lnk
[2012/02/09 05:43:36 | 000,002,664 | ---- | M] () -- C:\Users\Anderson Backup\Documents\ax_files.xml
[2012/02/08 18:42:26 | 000,000,835 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/02/06 19:33:55 | 000,001,124 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\UbisoftGameLauncher.exe - Atalho.lnk
[2012/02/06 18:41:03 | 000,001,884 | ---- | M] () -- C:\Users\Public\Desktop\Ñêà÷àòü Åùå Èãðû.lnk
[2012/02/06 18:41:03 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Assassin's Creed Revelations.lnk
[7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/03 10:26:27 | 000,053,735 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\Tabela De Dieta.zip
[2012/02/28 19:28:33 | 002,044,186 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\tdsskiller(1).zip
[2012/02/20 13:26:38 | 000,001,043 | ---- | C] () -- C:\Users\Public\Desktop\Configure Free Fire Screensaver.lnk
[2012/02/20 13:26:38 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\Launch Free Fire Screensaver.lnk
[2012/02/16 22:00:29 | 000,000,868 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\TIM Communicator.lnk
[2012/02/16 18:10:00 | 002,041,519 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\tdsskiller.zip
[2012/02/13 19:01:42 | 000,054,624 | ---- | C] () -- C:\Windows\System32\0ca6E9B.sys
[2012/02/13 19:01:39 | 002,335,270 | ---- | C] () -- C:\Windows\System32\9f96547.mht
[2012/02/13 18:47:57 | 000,054,624 | ---- | C] () -- C:\Windows\System32\6c3223.sys
[2012/02/13 18:47:49 | 002,335,270 | ---- | C] () -- C:\Windows\System32\88eE06F.mht
[2012/02/13 18:37:05 | 000,054,624 | ---- | C] () -- C:\Windows\System32\6c67A4E.sys
[2012/02/13 18:36:52 | 002,335,270 | ---- | C] () -- C:\Windows\System32\0404826.mht
[2012/02/13 18:28:17 | 000,054,624 | ---- | C] () -- C:\Windows\System32\19bB13E.sys
[2012/02/13 18:28:14 | 002,335,270 | ---- | C] () -- C:\Windows\System32\a77A5D8.mht
[2012/02/13 18:27:59 | 002,335,270 | ---- | C] () -- C:\Windows\System32\e096ABC.mht
[2012/02/13 18:19:54 | 000,744,853 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\PAVARK.exe
[2012/02/12 17:47:01 | 000,097,953 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\and.jpg
[2012/02/12 12:01:13 | 001,479,168 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\Explorer++.exe
[2012/02/12 02:14:17 | 000,000,038 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\captchatrader.properties
[2012/02/12 02:07:15 | 000,592,189 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\explorer++_1.3.4_x86.zip
[2012/02/12 01:59:31 | 000,382,525 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\captchatrader4jdownloader_win.zip
[2012/02/12 01:37:22 | 000,001,710 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\Mina de Download.url
[2012/02/12 01:35:30 | 000,090,350 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\Killbox 2.0.0.881.rar
[2012/02/11 16:34:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SM.lock
[2012/02/11 16:00:49 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012/02/11 16:00:49 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip
[2012/02/11 16:00:49 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2012/02/11 16:00:49 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2012/02/11 16:00:49 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2012/02/11 15:59:42 | 000,002,159 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Internet Security.lnk
[2012/02/11 12:40:13 | 000,001,544 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\sdsetup.exe.lnk
[2012/02/09 17:36:25 | 000,001,634 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\Dungeon Siege III.exe - Atalho.lnk
[2012/02/08 18:42:26 | 000,000,835 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/02/06 19:33:55 | 000,001,124 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\UbisoftGameLauncher.exe - Atalho.lnk
[2012/02/06 18:41:03 | 000,001,884 | ---- | C] () -- C:\Users\Public\Desktop\Ñêà÷àòü Åùå Èãðû.lnk
[2012/02/06 18:41:03 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Assassin's Creed Revelations.lnk
[2012/01/31 18:34:26 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/01/31 18:34:26 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/01/31 18:34:15 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/10/14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/09/27 19:12:00 | 000,637,215 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011/07/31 11:50:06 | 000,007,887 | ---- | C] () -- C:\Users\Anderson Backup\AppData\Roaming\pcouffin.cat
[2011/07/31 11:50:06 | 000,001,144 | ---- | C] () -- C:\Users\Anderson Backup\AppData\Roaming\pcouffin.inf
[2011/07/28 22:59:51 | 000,077,312 | ---- | C] () -- C:\Users\Anderson Backup\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/28 21:45:44 | 000,000,272 | ---- | C] () -- C:\Windows\reimage.ini
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/04/09 16:09:20 | 000,000,022 | ---- | C] () -- C:\Windows\cmm.dat
[2011/04/09 16:09:11 | 000,000,186 | ---- | C] () -- C:\Windows\System32\CleanMem.ini
[2011/04/05 08:54:49 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2011/04/05 08:54:49 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2011/02/27 18:52:39 | 000,286,208 | ---- | C] () -- C:\Windows\System32\binkw32.dll
[2011/02/06 00:53:19 | 000,101,072 | ---- | C] () -- C:\Windows\UTP.exe
[2011/01/22 16:36:42 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011/01/20 20:17:05 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/01/20 20:16:47 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/01/08 16:24:00 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/01/08 14:46:49 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2011/01/08 14:46:47 | 000,004,333 | ---- | C] () -- C:\Windows\mixerdef.ini
[2011/01/08 14:46:27 | 000,039,279 | ---- | C] () -- C:\Windows\cmijack.dat
[2011/01/08 14:46:27 | 000,028,165 | ---- | C] () -- C:\Windows\cmijack.ini
[2011/01/08 14:46:27 | 000,023,041 | ---- | C] () -- C:\Windows\cmaudio.dat
[2011/01/08 14:46:27 | 000,018,240 | ---- | C] () -- C:\Windows\cmaudio.ini
[2011/01/08 14:46:26 | 000,000,462 | ---- | C] () -- C:\Windows\CMISETUP.INI
[2011/01/08 14:10:37 | 000,006,136 | R--- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/01/08 11:58:28 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/01/26 23:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/07/14 05:31:12 | 000,675,200 | ---- | C] () -- C:\Windows\System32\prfh0416.dat
[2009/07/14 05:31:12 | 000,323,154 | ---- | C] () -- C:\Windows\System32\prfi0416.dat
[2009/07/14 05:31:12 | 000,133,936 | ---- | C] () -- C:\Windows\System32\prfc0416.dat
[2009/07/14 05:31:12 | 000,038,536 | ---- | C] () -- C:\Windows\System32\prfd0416.dat
[2009/07/14 01:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 01:33:53 | 000,413,000 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 23:05:48 | 000,626,678 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 23:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 23:05:48 | 000,111,216 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 23:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 23:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 23:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 20:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 20:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 20:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 18:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/06/21 03:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2007/01/31 13:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll
[2005/02/05 16:46:00 | 000,004,608 | ---- | C] () -- C:\Windows\fgexec.dll

========== LOP Check ==========

[2011/12/08 20:07:49 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\Activision
[2012/02/10 21:31:55 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\Azureus
[2011/08/17 21:16:22 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\bizarre creations
[2011/08/10 20:27:36 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\FreeArc
[2011/08/04 19:36:11 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\ICAClient
[2012/02/10 21:13:19 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\IObit
[2012/02/20 13:26:13 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\Laconic Software
[2011/09/18 20:06:51 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\Need for Speed World
[2011/09/27 19:12:25 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\QuickScan
[2012/02/11 16:44:54 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\Spam Monitor
[2012/02/11 12:40:12 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\TestApp
[2011/10/10 22:54:08 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\TuneUp Software
[2012/02/01 22:14:53 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\Vso
[2012/02/10 19:20:46 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/10/11 19:33:39 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
[2011/10/11 19:28:28 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污

========== Alternate Data Streams ==========

@Alternate Data Stream - 272 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 20 bytes -> C:\Users\Anderson Backup\Desktop\PAVARK.exe:License
@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMPE406C3E
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >

[/QUOTE]

 

[Mr.Wolf]

Luis Oliveira, a infecção que está em seu sistema não associa-se ao BugBear. Trata-se de uma variante do backdoor zeroacess, em conjunto com um keylogger PSW (principal responsável pelo problema com os acentos).

Siga as instruções do spoiler abaixo.

Spoiler

1. Baixe o SystemLook e salve no desktop.
2. Execute a ferramenta como administrador.
3. Cole o comando abaixo (que está no QUOTE) no campo em branco do programa e clique no botão Look.

:dir
C:\Users\Luís\AppData\Roaming\Miva /s
C:\Users\Luís\AppData\Roaming\Azud /s
C:\Users\Luís\AppData\Roaming\Ymdypy /s
C:\Users\Luís\AppData\Roaming\Heut /s

4. Um log será aberto automaticamente no bloco de notas.
5. Ele estará salvo no desktop como SystemLook.txt.

Poste todo conteúdo deste log em sua próxima resposta.

glunteer, log limpo.


andlsa, se pudesse postar uma screenshot da detecção do PC Tools aqui seria interessante. Muitas soluções de segurança classificam inúmeras ameaças como TDSS, sendo que, na realidade, não tem nada a ver com tal infecção.

Siga o spoiler abaixo.

Spoiler

1. Ative a opção de ver pastas e arquivos ocultos no Windows.
2. Acesse o VirusTotal e clique em Choose File.
3. Na janelinha que será aberta, no campo nome, cole o caminho abaixo. Ou se preferir, apenas localize o arquivo em vermelho.

C:\Windows\System32\0ca6E9B.sys

4. Clique no botão Scan it e aguarde.
5. Se aparecer uma mensagem dizendo "File already analysed", clique em Reanalyse.
5. Ao término do scan, copie a URL do resultado e poste aqui.

Repita este mesmo procedimento acima para os arquivos abaixo.

C:\Windows\System32\9f96547.mht
C:\Windows\System32\6c3223.sys
C:\Windows\System32\88eE06F.mht
C:\Windows\System32\6c67A4E.sys

No final, poste as cinco URLs dos resultados.

 

[andlsa]

Luis Oliveira, a infecção que está em seu sistema não associa-se ao BugBear. Trata-se de uma variante do backdoor zeroacess, em conjunto com um keylogger PSW (principal responsável pelo problema com os acentos).

Siga as instruções do spoiler abaixo.

Spoiler

1. Baixe o SystemLook e salve no desktop.
2. Execute a ferramenta como administrador.
3. Cole o comando abaixo (que está no QUOTE) no campo em branco do programa e clique no botão Look.



4. Um log será aberto automaticamente no bloco de notas.
5. Ele estará salvo no desktop como SystemLook.txt.

Poste todo conteúdo deste log em sua próxima resposta.

glunteer, log limpo.


andlsa, se pudesse postar uma screenshot da detecção do PC Tools aqui seria interessante. Muitas soluções de segurança classificam inúmeras ameaças como TDSS, sendo que, na realidade, não tem nada a ver com tal infecção.

Siga o spoiler abaixo.

Spoiler

1. Ative a opção de ver pastas e arquivos ocultos no Windows.
2. Acesse o VirusTotal e clique em Choose File.
3. Na janelinha que será aberta, no campo nome, cole o caminho abaixo. Ou se preferir, apenas localize o arquivo em vermelho.

C:\Windows\System32\0ca6E9B.sys

4. Clique no botão Scan it e aguarde.
5. Se aparecer uma mensagem dizendo "File already analysed", clique em Reanalyse.
5. Ao término do scan, copie a URL do resultado e poste aqui.

Repita este mesmo procedimento acima para os arquivos abaixo.

C:\Windows\System32\9f96547.mht
C:\Windows\System32\6c3223.sys
C:\Windows\System32\88eE06F.mht
C:\Windows\System32\6c67A4E.sys

No final, poste as cinco URLs dos resultados.

É realmente é estranho... Mais deve ter algum tipo de malware pq o sistema se comporta daquela forma q eu descrevi acima sem contar que as vezes fica lento tbm...


Seguem as informações:

Spoiler

https://www.virustotal.com/file/578...3b960a21ac52eb2d25ad3259/analysis/1330889390/

https://www.virustotal.com/file/85e...7d4bb9ec14e8f1d17e3c75bc/analysis/1330889508/

https://www.virustotal.com/file/578...3b960a21ac52eb2d25ad3259/analysis/1330889634/

https://www.virustotal.com/file/8f7...b71f61c892aea73bd1d1f103/analysis/1330890400/

https://www.virustotal.com/file/578...3b960a21ac52eb2d25ad3259/analysis/1330890525/

Valeu pela ajuda!

 

[Mr.Wolf]

andlsa, o PC Tools não exibe nenhuma informação convincente da ameaça. Dificilmente está relacionado ao TDSS pois este malware causa outros tipos de problemas, e não os que você descreveu. Aliás, o problema do seu sistema pode nem estar vinculado aos malwares presentes aí!

1. Baixe o AdwCleaner (para baixar clique no botão com a setinha verde à direita) e salve-o no desktop.
2. Execute o programa.
3. Clique em Delete e aguarde a rápida verificação.
4. No final, um log será aberto automaticamente. Ele será salvo em C:\AdwCleaner[R1].txt.

Cole este log em sua próxima resposta.

 

[Luis_Oliveira]

Luis Oliveira, a infecção que está em seu sistema não associa-se ao BugBear. Trata-se de uma variante do backdoor zeroacess, em conjunto com um keylogger PSW (principal responsável pelo problema com os acentos).

Siga as instruções do spoiler abaixo.

Spoiler

1. Baixe o SystemLook e salve no desktop.
2. Execute a ferramenta como administrador.
3. Cole o comando abaixo (que está no QUOTE) no campo em branco do programa e clique no botão Look.



4. Um log será aberto automaticamente no bloco de notas.
5. Ele estará salvo no desktop como SystemLook.txt.

Poste todo conteúdo deste log em sua próxima resposta.

Mr.Wolf, muito obrigado pela ajuda !

Segue o log:

Spoiler

SystemLook 30.07.11 by jpshortstuff
Log created at 18:05 on 04/03/2012 by Luís
Administrator - Elevation successful

========== dir ==========

C:\Users\Luís\AppData\Roaming\Miva - Parameters: "/s"

---Files---
uple.exe --a---- 297472 bytes [23:26 07/12/2010] [23:26 07/12/2010]

No folders found.

C:\Users\Luís\AppData\Roaming\Azud - Unable to find folder.

C:\Users\Luís\AppData\Roaming\Ymdypy - Parameters: "/s"

---Files---
wyvy.exe --a---- 297472 bytes [12:10 29/11/2009] [12:10 29/11/2009]

No folders found.

C:\Users\Luís\AppData\Roaming\Heut - Parameters: "/s"

---Files---
None found.

No folders found.

-= EOF =-

Grande abraço.

 

[Mr.Wolf]

Luis, siga o spoiler.

Spoiler

1. Baixe o OTM e salve no desktop.
2. Execute-o como administrador.
3. No campo amarelo à esquerda, Paste Instructions for Items to be Moved, cole o script dentro do CODE abaixo (sem pular nenhum caractere).

:Processes
explorer.exe
wyvy.exe

:Files
C:\Users\Luís\AppData\Roaming\.#
C:\Users\Luís\AppData\Roaming\Miva
C:\Users\Luís\AppData\Roaming\Azud 
C:\Users\Luís\AppData\Roaming\Ymdypy 
C:\Users\Luís\AppData\Roaming\Heut

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"TCP Query User{56545C6B-E793-4370-AA69-51D9EEFFA8FB}C:\users\luís\appdata\roaming\ymdypy\wyvy.exe"=-
"TCP Query User{75AFBF38-6A5B-4A0B-AD9F-DFFDE3663B07}C:\users\luís\appdata\roaming\ymdypy\wyvy.exe"=-
"UDP Query User{4779C7D8-6426-4D5D-99CC-407FC91FB166}C:\users\luís\appdata\roaming\ymdypy\wyvy.exe"=- 
"UDP Query User{4D5D0070-0F7B-4AD5-ABC9-51DC3A566405}C:\users\luís\appdata\roaming\ymdypy\wyvy.exe"=-

:Commands
[start explorer]
[purity]
[emptytemp]
[Reboot]

4. Clique no botão MoveIt e aguarde o script ser executado.
5. Se aparecer uma mensagem perguntando se deseja reiniciar o PC, confirme e espere reiniciar.
6. Após a reinicialização, poste o log do OTM que estará em C:\_OTMoveIt\MovedFiles\[arquivo .txt com data e hora].

 

[Luis_Oliveira]

Luis, siga o spoiler.

Spoiler

1. Baixe o OTM e salve no desktop.
2. Execute-o como administrador.
3. No campo amarelo à esquerda, Paste Instructions for Items to be Moved, cole o script dentro do CODE abaixo (sem pular nenhum caractere).

:Processes
explorer.exe
wyvy.exe

:Files
C:\Users\Luís\AppData\Roaming\.#
C:\Users\Luís\AppData\Roaming\Miva
C:\Users\Luís\AppData\Roaming\Azud 
C:\Users\Luís\AppData\Roaming\Ymdypy 
C:\Users\Luís\AppData\Roaming\Heut
C:\ProgramData\12"senha + email"
C:\ProgramData\12"senha + email"

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"TCP Query User{56545C6B-E793-4370-AA69-51D9EEFFA8FB}C:\users\luís\appdata\roaming\ymdypy\wyvy.exe"=-
"TCP Query User{75AFBF38-6A5B-4A0B-AD9F-DFFDE3663B07}C:\users\luís\appdata\roaming\ymdypy\wyvy.exe"=-
"UDP Query User{4779C7D8-6426-4D5D-99CC-407FC91FB166}C:\users\luís\appdata\roaming\ymdypy\wyvy.exe"=- 
"UDP Query User{4D5D0070-0F7B-4AD5-ABC9-51DC3A566405}C:\users\luís\appdata\roaming\ymdypy\wyvy.exe"=-

:Commands
[start explorer]
[purity]
[emptytemp]
[Reboot]

4. Clique no botão MoveIt e aguarde o script ser executado.
5. Se aparecer uma mensagem perguntando se deseja reiniciar o PC, confirme e espere reiniciar.
6. Após a reinicialização, poste o log do OTM que estará em C:\_OTMoveIt\MovedFiles\[arquivo .txt com data e hora].

Mais uma vez, muito obrigado pela ajuda, Mr.Wolf !
Tomei a liberdade de apagar alguns dados do log (senha + email) e substitui os dados por "senha + email", ok ?!
Era/é um KL ?
Isso quer dizer que essas senhas e email's que aparecem no log foram enviados para alguém ?
Quando o pc estiver limpo novamente, vou tratar de alterar minhas senhas.. rsrs

Segue o log:

Spoiler

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named wyvy.exe was found!
========== FILES ==========
C:\Users\Luís\AppData\Roaming\.# folder moved successfully.
C:\Users\Luís\AppData\Roaming\Miva folder moved successfully.
File/Folder C:\Users\Luís\AppData\Roaming\Azud not found.
C:\Users\Luís\AppData\Roaming\Ymdypy folder moved successfully.
C:\Users\Luís\AppData\Roaming\Heut folder moved successfully.
File/Folder C:\ProgramData\12"senha + email" not found.
C:\ProgramData\12"senha + email" moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Firewall Rules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Firewall Rules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Firewall Rules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Firewall Rules not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Luís
->Temp folder emptied: 1066051 bytes
->Temporary Internet Files folder emptied: 6777768 bytes
->Java cache emptied: 76682739 bytes
->FireFox cache emptied: 52540806 bytes
->Google Chrome cache emptied: 9004620 bytes
->Flash cache emptied: 16145 bytes

User: Lu�s
->Temp folder emptied: 12650555 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1507908 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33176 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 35787779 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 187,00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 03042012_190212

Files moved on Reboot...

Registry entries deleted on Reboot...

 

[andlsa]

andlsa, o PC Tools não exibe nenhuma informação convincente da ameaça. Dificilmente está relacionado ao TDSS pois este malware causa outros tipos de problemas, e não os que você descreveu. Aliás, o problema do seu sistema pode nem estar vinculado aos malwares presentes aí!

1. Baixe o AdwCleaner (para baixar clique no botão com a setinha verde à direita) e salve-o no desktop.
2. Execute o programa.
3. Clique em Delete e aguarde a rápida verificação.
4. No final, um log será aberto automaticamente. Ele será salvo em C:\AdwCleaner[R1].txt.

Cole este log em sua próxima resposta.

Entendi. Segue o log do Adwcleaner Mr. Wolf:

Spoiler

# AdwCleaner v1.501 - Logfile created 03/04/2012 at 19:38:48
# Updated 04/03/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Anderson Backup - AND-PC
# Running from : C:\Users\Anderson Backup\Desktop\adwcleaner(1).exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : : Application Updater

***** [Files / Folders] *****

Folder Deleted : C:\Users\Anderson Backup\AppData\Local\Conduit
Folder Deleted : C:\Users\Anderson Backup\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Anderson Backup\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Anderson Backup\AppData\LocalLow\Search Settings
Deleted on reboot : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\Users\Anderson Backup\AppData\Roaming\Mozilla\Firefox\Profiles\ce9qzd59.default\ConduitCommon
File Deleted : C:\Program Files\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com
File Deleted : C:\Users\Anderson Backup\AppData\Roaming\Mozilla\Firefox\Profiles\ce9qzd59.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Anderson Backup\AppData\Roaming\Mozilla\Firefox\Profiles\ce9qzd59.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Anderson Backup\AppData\Roaming\Mozilla\Firefox\Profiles\ce9qzd59.default\searchplugins\yahoo-zugo.xml

***** [H. Navipromo] *****


***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\Application Updater
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Search Settings
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0.2 (pt-BR)

Profile : ce9qzd59.default
File : C:\Users\Anderson Backup\AppData\Roaming\Mozilla\Firefox\Profiles\ce9qzd59.default\prefs.js

C:\Users\Anderson Backup\AppData\Roaming\Mozilla\Firefox\Profiles\ce9qzd59.default\user.js ... Deleted !

Deleted : user_pref("CT3083266..clientLogIsEnabled", true);
Deleted : user_pref("CT3083266..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3083266..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3083266.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3083266.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3083266.AppTrackingLastCheckTime", "Wed Feb 29 2012 18:35:59 GMT-0300 (Hora oficial do [...]
Deleted : user_pref("CT3083266.BrowserCompStateIsOpen_129585235087958969", true);
Deleted : user_pref("CT3083266.BrowserCompStateIsOpen_129648302413122715", true);
Deleted : user_pref("CT3083266.BrowserCompStateIsOpen_129648302453886000", true);
Deleted : user_pref("CT3083266.CT3083266", "CT3083266");
Deleted : user_pref("CT3083266.CurrentServerDate", "5-3-2012");
Deleted : user_pref("CT3083266.DSChangedManually", true);
Deleted : user_pref("CT3083266.DSInstall", true);
Deleted : user_pref("CT3083266.DSProtectChoice", true);
Deleted : user_pref("CT3083266.DSProtectCount", 1);
Deleted : user_pref("CT3083266.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3083266.DialogsGetterLastCheckTime", "Sun Mar 04 2012 18:20:40 GMT-0300 (Hora oficial d[...]
Deleted : user_pref("CT3083266.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Deleted : user_pref("CT3083266.EMailNotifierCheckInterval", "1");
Deleted : user_pref("CT3083266.EMailNotifierLabelLength", 7);
Deleted : user_pref("CT3083266.EMailNotifierPollDate", "Sun Mar 04 2012 19:30:19 GMT-0300 (Hora oficial do Bra[...]
Deleted : user_pref("CT3083266.EMailNotifierSound", "DEFAULT");
Deleted : user_pref("CT3083266.FirstServerDate", "18-9-2011");
Deleted : user_pref("CT3083266.FirstTime", true);
Deleted : user_pref("CT3083266.FirstTimeFF3", true);
Deleted : user_pref("CT3083266.FixPageNotFoundErrors", false);
Deleted : user_pref("CT3083266.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3083266.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3083266.HPChangedManually", false);
Deleted : user_pref("CT3083266.HPInstall", true);
Deleted : user_pref("CT3083266.HPProtectChoice", true);
Deleted : user_pref("CT3083266.HPProtectCount", 1);
Deleted : user_pref("CT3083266.HasUserGlobalKeys", true);
Deleted : user_pref("CT3083266.HomePageProtectorEnabled", false);
Deleted : user_pref("CT3083266.HomepageBeforeUnload", "hxxps://www.facebook.com/");
Deleted : user_pref("CT3083266.Initialize", true);
Deleted : user_pref("CT3083266.InitializeCommonPrefs", true);
Deleted : user_pref("CT3083266.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT3083266.InstallationType", "DirectDownload");
Deleted : user_pref("CT3083266.InstalledDate", "Sun Sep 18 2011 15:24:04 GMT-0300 (Hora oficial do Brasil)");
Deleted : user_pref("CT3083266.InvalidateCache", false);
Deleted : user_pref("CT3083266.IsAlertDBUpdated", true);
Deleted : user_pref("CT3083266.IsGrouping", false);
Deleted : user_pref("CT3083266.IsInitSetupIni", true);
Deleted : user_pref("CT3083266.IsMulticommunity", false);
Deleted : user_pref("CT3083266.IsOpenThankYouPage", true);
Deleted : user_pref("CT3083266.IsOpenUninstallPage", true);
Deleted : user_pref("CT3083266.IsProtectorsInit", true);
Deleted : user_pref("CT3083266.LanguagePackLastCheckTime", "Sun Mar 04 2012 16:27:24 GMT-0300 (Hora oficial do[...]
Deleted : user_pref("CT3083266.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3083266.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3083266.LastLogin_3.7.0.6", "Mon Oct 10 2011 21:59:11 GMT-0300 (Hora oficial do Brasil)[...]
Deleted : user_pref("CT3083266.LastLogin_3.8.0.8", "Mon Jan 30 2012 22:12:14 GMT-0200");
Deleted : user_pref("CT3083266.LastLogin_3.9.0.3", "Sun Mar 04 2012 18:55:02 GMT-0300 (Hora oficial do Brasil)[...]
Deleted : user_pref("CT3083266.LatestVersion", "3.9.0.3");
Deleted : user_pref("CT3083266.Locale", "en");
Deleted : user_pref("CT3083266.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3083266.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3083266.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3083266.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3083266.OriginalFirstVersion", "3.7.0.6");
Deleted : user_pref("CT3083266.RadioIsPodcast", false);
Deleted : user_pref("CT3083266.RadioLastCheckTime", "Fri Feb 03 2012 22:11:27 GMT-0200");
Deleted : user_pref("CT3083266.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT3083266.RadioLastUpdateServer", "0");
Deleted : user_pref("CT3083266.RadioMediaID", "6827");
Deleted : user_pref("CT3083266.RadioMediaType", "Media Player");
Deleted : user_pref("CT3083266.RadioMenuSelectedID", "EBRadioMenu_CT30832666827");
Deleted : user_pref("CT3083266.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT3083266.RadioStationName", "Boa%20Vista");
Deleted : user_pref("CT3083266.RadioStationURL", "hxxp://200.202.254.131/radio/radio.asx");
Deleted : user_pref("CT3083266.SavedHomepage", "hxxps://www.facebook.com/?ref=logo");
Deleted : user_pref("CT3083266.SearchCaption", "socialbrowser Customized Web Search");
Deleted : user_pref("CT3083266.SearchEngineBeforeUnload", "socialbrowser Customized Web Search");
Deleted : user_pref("CT3083266.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3083266.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT308[...]
Deleted : user_pref("CT3083266.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3083266.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3083266.SearchInNewTabLastCheckTime", "Sun Mar 04 2012 16:26:59 GMT-0300 (Hora oficial [...]
Deleted : user_pref("CT3083266.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3083266.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT3083266.SearchProtectorEnabled", false);
Deleted : user_pref("CT3083266.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT3083266.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3083266.ServiceMapLastCheckTime", "Sun Mar 04 2012 16:27:19 GMT-0300 (Hora oficial do B[...]
Deleted : user_pref("CT3083266.SettingsLastCheckTime", "Sun Mar 04 2012 19:30:19 GMT-0300 (Hora oficial do Bra[...]
Deleted : user_pref("CT3083266.SettingsLastUpdate", "1326723880");
Deleted : user_pref("CT3083266.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3083266&SearchSource=13");
Deleted : user_pref("CT3083266.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3083266.ThirdPartyComponentsLastCheck", "Sat Feb 18 2012 12:19:16 GMT-0200");
Deleted : user_pref("CT3083266.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT3083266.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3083266.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3083266");
Deleted : user_pref("CT3083266.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3083266.UserID", "UN92399670980808043");
Deleted : user_pref("CT3083266.ValidationData_Search", 1);
Deleted : user_pref("CT3083266.ValidationData_Toolbar", 2);
Deleted : user_pref("CT3083266.WeatherNetwork", "");
Deleted : user_pref("CT3083266.WeatherPollDate", "Sun Mar 04 2012 19:26:05 GMT-0300 (Hora oficial do Brasil)")[...]
Deleted : user_pref("CT3083266.WeatherUnit", "C");
Deleted : user_pref("CT3083266.alertChannelId", "1474655");
Deleted : user_pref("CT3083266.backendstorage.facebbok_user_cuid_100000937453752", "61386238303030312D34383561[...]
Deleted : user_pref("CT3083266.backendstorage.facebbok_user_id", "313030303030393337343533373532");
Deleted : user_pref("CT3083266.backendstorage.facebook_conduit_social_sskey_100000937453752", "7133584946444F7[...]
Deleted : user_pref("CT3083266.backendstorage.facebook_ctid_connect_send_n", "73656E646564");
Deleted : user_pref("CT3083266.backendstorage.facebook_ctid_connect_send_new", "73656E646564");
Deleted : user_pref("CT3083266.backendstorage.facebook_first_visit", "6E6F744669727374");
Deleted : user_pref("CT3083266.backendstorage.facebook_last_message_choice", "616C6C");
Deleted : user_pref("CT3083266.backendstorage.facebook_loggedin", "796573");
Deleted : user_pref("CT3083266.backendstorage.facebook_login_refresh", "302E363532333835373835323038313539");
Deleted : user_pref("CT3083266.backendstorage.facebook_login_status", "33");
Deleted : user_pref("CT3083266.backendstorage.facebook_lust_recievegadet", "");
Deleted : user_pref("CT3083266.backendstorage.facebook_mode", "32");
Deleted : user_pref("CT3083266.backendstorage.facebook_permission_allow_100000937453752", "31");
Deleted : user_pref("CT3083266.backendstorage.facebook_toolbar_not_numer", "3331");
Deleted : user_pref("CT3083266.backendstorage.facebook_user_locale", "7074");
Deleted : user_pref("CT3083266.backendstorage.facebook_user_name", "3078303034312C3078303036452C3078303036342C[...]
Deleted : user_pref("CT3083266.backendstorage.facebook_user_token", "3230393834353033353330347C373233303438316[...]
Deleted : user_pref("CT3083266.backendstorage.facebooknotifications", "31");
Deleted : user_pref("CT3083266.backendstorage.hxxp://facebook_conduitapps_com/v3_8.facebook_last_visit_tab", "[...]
Deleted : user_pref("CT3083266.backendstorage.hxxp://facebook_conduitapps_com/v3_9.facebook_last_visit_tab", "[...]
Deleted : user_pref("CT3083266.backendstorage.myfriendsvideo_install", "6F70656E6564");
Deleted : user_pref("CT3083266.backendstorage.photoapp_first_lunch", "6E6F");
Deleted : user_pref("CT3083266.backendstorage.photoapp_firsttimenotification", "6E6F");
Deleted : user_pref("CT3083266.backendstorage.photoapp_getstarted", "436865636B204974204F757421");
Deleted : user_pref("CT3083266.backendstorage.photoapp_install_app", "31333237373139353336313435");
Deleted : user_pref("CT3083266.backendstorage.photoapp_lang", "454E");
Deleted : user_pref("CT3083266.backendstorage.photoapp_remindertitle1", "4E65766572204D697373206120536D696C652[...]
Deleted : user_pref("CT3083266.backendstorage.photoapp_remindertitle2", "436C69636B20746F207669657720796F75722[...]
Deleted : user_pref("CT3083266.backendstorage.photoapp_showreminder", "74727565");
Deleted : user_pref("CT3083266.backendstorage.photoapp_showwelcome", "66616C7365");
Deleted : user_pref("CT3083266.backendstorage.photoapp_sing_out_graaber_count", "31");
Deleted : user_pref("CT3083266.backendstorage.photoapp_sing_out_graaber_count_date", "32385F305F32303132");
Deleted : user_pref("CT3083266.backendstorage.photoapp_sing_out_graaber_show", "31333238333630343336363139");
Deleted : user_pref("CT3083266.backendstorage.photoapp_unique_active_users", "31333238333535313630393639");
Deleted : user_pref("CT3083266.backendstorage.photoapp_wakeuptitle1", "446F6E2774204D69737320596F7572204672696[...]
Deleted : user_pref("CT3083266.backendstorage.photoapp_welcometitle1", "596F75204A75737420476F743C6272202F3E61[...]
Deleted : user_pref("CT3083266.backendstorage.photoapp_welcometitle2", "506C6561736520636865636B206974");
Deleted : user_pref("CT3083266.backendstorage.toolbarnotificationqueue", "5B7B22617070223A224D79467269656E6473[...]
Deleted : user_pref("CT3083266.backendstorage.twitter_v1.8.0_twitter_app_open_t_f", "66616C7365");
Deleted : user_pref("CT3083266.components.1000034", true);
Deleted : user_pref("CT3083266.components.1000082", false);
Deleted : user_pref("CT3083266.components.1000234", true);
Deleted : user_pref("CT3083266.components.129585232966920491", false);
Deleted : user_pref("CT3083266.components.129585235087958969", false);
Deleted : user_pref("CT3083266.components.129648302413122715", false);
Deleted : user_pref("CT3083266.components.129648302453886000", false);
Deleted : user_pref("CT3083266.components.129648302657888003", false);
Deleted : user_pref("CT3083266.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3083266.globalFirstTimeInfoLastCheckTime", "Thu Mar 01 2012 22:12:07 GMT-0300 (Hora ofi[...]
Deleted : user_pref("CT3083266.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3083266.initDone", true);
Deleted : user_pref("CT3083266.isAppTrackingManagerOn", true);
Deleted : user_pref("CT3083266.isFirstRadioInstallation", false);
Deleted : user_pref("CT3083266.myStuffEnabled", true);
Deleted : user_pref("CT3083266.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3083266.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3083266.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3083266.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3083266.oldAppsList", "10000001,129585230172877632,111,129585232966920491,1296483026578[...]
Deleted : user_pref("CT3083266.revertSettingsEnabled", true);
Deleted : user_pref("CT3083266.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3083266.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3083266.testingCtid", "");
Deleted : user_pref("CT3083266.toolbarAppMetaDataLastCheckTime", "Sun Mar 04 2012 16:27:19 GMT-0300 (Hora ofic[...]
Deleted : user_pref("CT3083266.toolbarContextMenuLastCheckTime", "Thu Mar 01 2012 22:01:38 GMT-0300 (Hora ofic[...]
Deleted : user_pref("CT3083266.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT1434207&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Hunt TB Customized Web Search,socialbrowser Customi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3083266/CT3083266[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1474655/1470307/BR", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/8987/8782/BR", "\"0\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1434207", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3083266", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2504091", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1434207",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3083266",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT1434207&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2504091&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3083266&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3083266&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2504091&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/bankimages/RadioSkins/Tapuz/idel.gif", "[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/bankimages/RadioSkins/Tapuz/minimize.gif[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/bankimages/RadioSkins/Tapuz/play.gif", "[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/bankimages/RadioSkins/Tapuz/stop.gif", "[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/bankimages/RadioSkins/Tapuz/vol.gif", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"15c[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Anderson Backup\\AppData\\Roaming\\[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.9.0.3");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://twitter.conduitapps.com/v1.8.0/gadget.html", [...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://br.search.yahoo.com/search?fr=gre[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3083266");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3083266");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3083266");
Deleted : user_pref("CommunityToolbar.globalUserId", "5048d1a0-2997-4224-8a87-5a67a0894228");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3083266");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Mar 02 2012 19:44:5[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Mar 04 2012 17:27:09 GMT-030[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Mar 04 2012 19:23:10 GMT-0300 (H[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "7083ed9a-d7d5-4c25-b803-06788553da82");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxps://www.facebook.com/?ref=logo");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Google");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.defaultthis.engineName", "socialbrowser Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3083266&Sea[...]
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3083266&SearchSource=2&q=[...]
Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.homepage_url", "hxxp://klit.startnow.com/?src=star[...]
Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.keyword_search_url", "hxxp://klit.startnow.com/s/?[...]
Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.lastSearchProtectAction", "hxxp://klit.startnow.co[...]
Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.name", "StartNow Toolbar");
Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.startpage", "klit.startnow.com");

*************************

AdwCleaner[S1].txt - [24740 octets] - [04/03/2012 19:38:48]

########## EOF - C:\AdwCleaner[S1].txt - [24869 octets] ##########

 

[Mr.Wolf]

Era/é um KL ?

Sim. Mas já foi removido pelo OTM.

Isso quer dizer que essas senhas e email's que aparecem no log foram enviados para alguém ?

Não, estas informações constarem no log não quer dizer que foram enviadas a terceiros. Aliás, não há como saber isso. Os logs também nunca exibem senhas do usuário.

O keylogger foi eliminado e o arquivo principal do backdoor também. Porém, as chaves que o backdoor criou no registro permanecem.

Siga o spoiler abaixo Luis.

Spoiler

Delete a pasta C:\_OTMoveIt.

Baixe o ComboFix, salve no desktop (isso é importante) e utilize-o conforme este tutorial.
Ao término do scan do ComboFix, um log estará em C:\ComboFix.txt. Deixe-o lá por ora.



1. Abra o OTL e no campo inferior azul "Exames Personalizados/Correções" cole o script abaixo.

netsvcs
%SYSTEMDRIVE%\*.*
%userprofile%\*.*
%USERPROFILE%\AppData\Roaming /S
%USERPROFILE%\AppData\Roaming\*.*
%systemroot%\system32\drivers\*.* /90
%ALLUSERSPROFILE%\*.*
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Firewall Rules

2. Clique em Verificar em aguarde.

Poste os logs OTL.Txt e ComboFix.txt.

Diga se o problema com os acentos persiste ainda.

andlsa, siga o spoiler.

Spoiler

1. Faça o download do Malwarebytes Anti-Malware e salve-o no desktop;

2. Execute o programa para iniciar a instalação. Selecione o idioma Português (Brasil);
3. Ao final da instalação, marque as opções "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em Concluir;
4. Após a instalação execute o programa;
5. Marque a opção Verificação Completa e depois clique em Verificar. Selecione sua unidade C: e clique no botão Iniciar Verificação;
6. Quando o scan terminar, clique em OK e o log será automaticamente aberto para você;
7. Se algo for detectado, verifique se todos os itens estão marcados e clique no botão Remover Tudo.
OBS: Caso apareça uma mensagem pedindo para que você reinicie o computador para completar o processo de remoção, reinicie-o imediatamente;
8. O log pode ser consultado clicando em Logs do menu principal também;

Copie e cole o conteúdo desse log na sua próxima resposta, juntamente com um novo log do OTL.

 

[Luis_Oliveira]

Sim. Mas já foi removido pelo OTM.


Não, estas informações constarem no log não quer dizer que foram enviadas a terceiros. Aliás, não há como saber isso. Os logs também nunca exibem senhas do usuário.

O keylogger foi eliminado e o arquivo principal do backdoor também. Porém, as chaves que o backdoor criou no registro permanecem.

Siga o spoiler abaixo Luis.

Spoiler

Delete a pasta C:\_OTMoveIt.

Baixe o ComboFix, salve no desktop (isso é importante) e utilize-o conforme este tutorial.
Ao término do scan do ComboFix, um log estará em C:\ComboFix.txt. Deixe-o lá por ora.



1. Abra o OTL e no campo inferior azul "Exames Personalizados/Correções" cole o script abaixo.

netsvcs
%SYSTEMDRIVE%\*.*
%userprofile%\*.*
%USERPROFILE%\AppData\Roaming /S
%USERPROFILE%\AppData\Roaming\*.*
%systemroot%\system32\drivers\*.* /90
%ALLUSERSPROFILE%\*.*
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Firewall Rules

2. Clique em Verificar em aguarde.

Poste os logs OTL.Txt e ComboFix.txt.

Diga se o problema com os acentos persiste ainda.

Mr. Wolf, mais uma vez, muito obrigado pela ajuda !
O problema com os acentos acabou, mas tenho notado um problema diferente, as vezes meu mouse da um duplo clique sozihno ! hahaha
Tento apenas selecionar um icone por exemplo, e ele da um duplo clique ! rs

Segue os logs,

OTL.txt:

Spoiler

OTL logfile created on: 05/03/2012 17:18:37 - Run 2
OTL by OldTimer - Version 3.2.35.0 Folder = C:\Users\Luís\Virus
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 50,56% Memory free
8,22 Gb Paging File | 6,11 Gb Available in Paging File | 74,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 287,52 Gb Free Space | 61,73% Space Free | Partition Type: NTFS

Computer Name: LUÍS-PC | User Name: Luís | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/03 17:11:04 | 000,585,216 | ---- | M] (OldTimer Tools) -- C:\Users\Luís\Virus\OTL.exe
PRC - [2012/03/03 00:37:19 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/11/03 15:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2009/08/19 19:04:40 | 000,822,936 | ---- | M] (BinarySense, Inc.) -- C:\Program Files (x86)\Common Files\BinarySense\hldasvc.exe
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/11/24 11:46:26 | 000,994,952 | ---- | M] (Acunetix Ltd.) -- C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe
PRC - [2008/01/28 10:42:10 | 001,352,704 | ---- | M] () -- C:\Arquivos de programas\ASUS\Ai Suite\EnergySaving\PwSave.exe
PRC - [2008/01/23 23:53:16 | 000,613,376 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.59\aaCenter.exe
PRC - [2008/01/09 10:17:18 | 000,627,200 | ---- | M] () -- C:\Arquivos de programas\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
PRC - [2007/11/30 20:03:28 | 000,881,152 | ---- | M] () -- C:\Arquivos de programas\ASUS\Ai Suite\CpuLevelUpHelp.exe
PRC - [2007/10/11 17:09:50 | 000,582,656 | ---- | M] () -- C:\Arquivos de programas\ASUS\Ai Suite\CpuLevelUpHookLaunch.exe
PRC - [2007/08/02 17:45:50 | 000,053,248 | ---- | M] (Sonic Focus, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe
PRC - [2007/05/28 13:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2006/08/11 11:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/03 00:37:19 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/08/25 20:20:25 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2008/01/28 10:42:10 | 001,352,704 | ---- | M] () -- C:\Arquivos de programas\ASUS\Ai Suite\EnergySaving\PwSave.exe
MOD - [2008/01/23 23:53:16 | 000,613,376 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.59\aaCenter.exe
MOD - [2008/01/17 05:46:20 | 000,053,248 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.59\cpuutil.dll
MOD - [2008/01/09 10:17:18 | 000,627,200 | ---- | M] () -- C:\Arquivos de programas\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
MOD - [2008/01/08 00:36:10 | 000,187,904 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.59\aasp.dll
MOD - [2008/01/07 20:38:50 | 000,409,088 | ---- | M] () -- C:\Arquivos de programas\ASUS\Ai Suite\EnergySaving\AnimationView.dll
MOD - [2007/11/30 20:03:28 | 000,881,152 | ---- | M] () -- C:\Arquivos de programas\ASUS\Ai Suite\CpuLevelUpHelp.exe
MOD - [2007/10/11 17:09:50 | 000,582,656 | ---- | M] () -- C:\Arquivos de programas\ASUS\Ai Suite\CpuLevelUpHookLaunch.exe
MOD - [2006/01/10 05:50:20 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2005/06/22 06:39:56 | 000,204,851 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.59\PowerDll.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/14 23:14:36 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/04/16 23:16:31 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/06/06 20:41:54 | 000,089,088 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/03 15:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/19 19:04:40 | 000,822,936 | ---- | M] (BinarySense, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\BinarySense\hldasvc.exe -- (HDDlife HDD Access service)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/24 11:46:26 | 000,994,952 | ---- | M] (Acunetix Ltd.) [Auto | Running] -- C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe -- (AcuWVSSchedulerv6)
SRV - [2007/05/28 13:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006/08/11 11:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2009/12/10 03:39:48 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009/09/30 21:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/08/24 00:11:02 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/07/15 01:23:28 | 006,096,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/29 09:59:00 | 000,116,240 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/03/27 01:23:54 | 000,019,432 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)
DRV:64bit: - [2008/04/16 23:14:19 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/03/22 14:12:46 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2007/08/28 23:44:38 | 000,435,200 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2007/05/24 10:15:00 | 000,335,872 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2007/05/11 15:40:58 | 000,412,672 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364)
DRV:64bit: - [2006/10/31 12:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5E 1E 2D E0 56 F6 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {18E018C2-36AB-4C2D-B315-8526DB21F4CE}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{18E018C2-36AB-4C2D-B315-8526DB21F4CE}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.9.7.3
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}:5.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: lockerzplayextended@flies:2.5.0
FF - prefs.js..extensions.enabledItems: om.brunolm@gmail.com:3.6.8.5
FF - prefs.js..extensions.enabledItems: {d5ea4520-61a1-11da-8cd6-0800200c9a66}:2009.07.19
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: pt-BR@dellalibera.sf.net:1.7
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.backup.ftp: "210.212.55.194"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "localhost"
FF - prefs.js..network.proxy.backup.gopher_port: 4001
FF - prefs.js..network.proxy.backup.socks: "210.212.55.194"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "210.212.55.194"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "220.227.14.141"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "localhost"
FF - prefs.js..network.proxy.gopher_port: 4001
FF - prefs.js..network.proxy.http: "220.227.14.141"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "220.227.14.141"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "220.227.14.141"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Luís\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Luís\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/03 00:37:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/02 05:21:06 | 000,000,000 | ---D | M]

[2009/08/23 23:18:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luís\AppData\Roaming\mozilla\Extensions
[2012/02/04 14:38:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luís\AppData\Roaming\mozilla\Firefox\Profiles\mickfumw.default\extensions
[2010/08/05 11:45:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Luís\AppData\Roaming\mozilla\Firefox\Profiles\mickfumw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/01 13:38:34 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Luís\AppData\Roaming\mozilla\Firefox\Profiles\mickfumw.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/10/24 15:18:37 | 000,000,000 | ---D | M] (QuickProxy) -- C:\Users\Luís\AppData\Roaming\mozilla\Firefox\Profiles\mickfumw.default\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}
[2010/11/01 20:00:46 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Luís\AppData\Roaming\mozilla\Firefox\Profiles\mickfumw.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011/06/01 13:38:30 | 000,000,000 | ---D | M] (Orkut Manager) -- C:\Users\Luís\AppData\Roaming\mozilla\Firefox\Profiles\mickfumw.default\extensions\om.brunolm@gmail.com
[2011/08/28 03:45:31 | 000,000,000 | ---D | M] (Verificador Ortográfico para Português do Brasil.) -- C:\Users\Luís\AppData\Roaming\mozilla\Firefox\Profiles\mickfumw.default\extensions\pt-BR@dellalibera.sf.net
[2012/02/04 14:38:25 | 000,000,000 | ---D | M] (Echofon) -- C:\Users\Luís\AppData\Roaming\mozilla\Firefox\Profiles\mickfumw.default\extensions\twitternotifier@naan.net
[2011/11/11 11:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) -- C:\USERS\LUÃ*S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MICKFUMW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
File not found (No name found) -- C:\USERS\LUÃ*S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MICKFUMW.DEFAULT\EXTENSIONS\PT-BR@DELLALIBERA.SF.NET
[2012/03/03 00:37:19 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/03 00:37:17 | 000,001,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\buscape.xml
[2012/03/03 00:37:17 | 000,001,212 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mercadolivre.xml
[2012/03/03 00:37:17 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/03/03 00:37:17 | 000,001,168 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-br.xml
[2012/03/03 00:37:17 | 000,000,952 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-br.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lu\u00EDs\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Lu\u00EDs\AppData\Local\Google\Chrome\Application\17.0.963.56\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lu\u00EDs\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Lu\u00EDs\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/03/05 16:58:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Arquivos de Programas\ASUS\Ai Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [CPU Power Monitor] C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SoundTray] C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe (Sonic Focus, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.204.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB336DE1-9B58-4398-9007-7B56EA7DAD45}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D713CBC9-5FB3-428A-936D-5BE1D6F75EBB}: DhcpNameServer = 200.204.0.138
O18:64bit: - Protocol\Handler\hddlife - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\hddlife {BD758015-47D9-477A-8873-4B688A2BC0E2} - C:\Program Files (x86)\Common Files\BinarySense\hlAPP.dll (BinarySense, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Luís\Pictures\Wallpapers\eyeofthestormbyredxen31lz6.jpg
O24 - Desktop BackupWallPaper: C:\Users\Luís\Pictures\Wallpapers\eyeofthestormbyredxen31lz6.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 18:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2012/03/05 17:13:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/05 17:13:31 | 000,000,000 | ---D | C] -- C:\Users\Luís\AppData\Local\temp
[2012/03/05 16:58:14 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/03/05 16:23:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/05 16:23:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/05 16:23:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/05 16:23:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/05 16:23:08 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/03/05 16:21:24 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/03/05 16:14:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/05 16:08:25 | 004,427,148 | R--- | C] (Swearware) -- C:\Users\Luís\Desktop\ComboFix.exe
[2012/03/04 21:13:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/04 21:13:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/03 21:01:45 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/03/03 21:00:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
[2012/03/03 20:57:09 | 000,000,000 | ---D | C] -- C:\Users\Luís\Virus
[2012/03/03 01:46:41 | 000,000,000 | ---D | C] -- C:\Users\Luís\AppData\Roaming\FRISK Software
[2012/03/03 01:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\FRISK Software
[2012/03/02 22:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2012/03/02 14:35:00 | 000,000,000 | ---D | C] -- C:\Users\Luís\AppData\Roaming\Azudl
[2012/02/17 12:43:58 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/17 12:43:58 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/17 12:43:57 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/17 12:43:57 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/17 12:43:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/17 12:43:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/17 12:43:56 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/17 12:43:56 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/17 12:43:56 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/17 12:43:55 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/17 12:43:55 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/16 12:44:26 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/08 10:37:37 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/02/08 10:37:36 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/02/08 10:37:36 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/02/08 10:37:36 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/02/08 10:37:36 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/02/08 10:37:36 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/02/08 10:37:36 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/02/08 10:37:36 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/02/08 10:37:36 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/02/08 10:37:36 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/02/08 10:37:36 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/02/08 10:37:36 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/02/08 10:37:36 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/02/08 10:37:35 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/02/08 10:37:35 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/02/08 10:37:35 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/02/08 10:37:35 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/02/08 10:37:33 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/02/08 10:37:33 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/02/08 10:37:33 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/02/08 10:37:33 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/02/08 10:37:33 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/02/08 10:37:33 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/02/08 10:37:33 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2012/02/08 10:37:33 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/02/08 10:37:33 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/02/08 10:37:33 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/02/08 10:37:33 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/02/08 10:37:32 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/02/08 10:37:31 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/02/08 10:37:31 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/02/08 10:37:31 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/02/08 10:37:31 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/02/08 10:37:31 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll
[2012/02/08 10:37:31 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/02/08 10:37:31 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/02/08 10:37:31 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/02/08 10:37:31 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/02/08 10:37:31 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/02/08 10:37:31 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/02/08 10:37:30 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/02/08 10:37:30 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/02/08 10:37:30 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/02/08 10:37:30 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/02/08 10:37:30 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/02/08 10:37:30 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/02/08 10:37:30 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/02/08 10:37:29 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/02/08 10:37:29 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/02/08 10:37:29 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/02/08 10:37:29 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/02/08 10:37:29 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/02/08 10:37:29 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/02/08 10:37:29 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/02/08 10:37:29 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/02/08 10:37:29 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/02/08 10:37:29 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/02/08 10:37:28 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/08 10:37:28 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/02/08 10:37:28 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/02/08 10:37:28 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/02/08 10:37:28 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/02/08 10:37:28 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll

========== Files - Modified Within 30 Days ==========

[2012/03/05 16:58:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/05 16:40:30 | 001,469,844 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/05 16:40:30 | 000,643,338 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2012/03/05 16:40:30 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/05 16:40:30 | 000,124,862 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2012/03/05 16:40:30 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/05 16:33:33 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/05 16:33:33 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/05 16:33:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/05 16:33:26 | 4294,041,600 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/05 16:09:18 | 004,427,148 | R--- | M] (Swearware) -- C:\Users\Luís\Desktop\ComboFix.exe
[2012/03/03 22:59:09 | 000,002,372 | ---- | M] () -- C:\Users\Luís\Documents\Dieta.rar
[2012/03/03 21:37:11 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/03/01 12:40:03 | 000,013,384 | ---- | M] () -- C:\Windows\SysNative\.rsp
[2012/03/01 12:40:03 | 000,001,479 | ---- | M] () -- C:\Windows\SysNative\.lck
[2012/02/18 09:39:58 | 000,353,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/08 10:37:52 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat
[2012/02/08 10:37:52 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat
[2012/02/08 10:37:52 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat
[2012/02/08 10:37:52 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat
[2012/02/08 10:37:37 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/02/08 10:37:36 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/02/08 10:37:36 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/02/08 10:37:36 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/02/08 10:37:36 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/02/08 10:37:36 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/02/08 10:37:36 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/02/08 10:37:36 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/02/08 10:37:36 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/02/08 10:37:36 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/02/08 10:37:36 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/02/08 10:37:36 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/02/08 10:37:36 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/02/08 10:37:36 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/02/08 10:37:35 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/02/08 10:37:35 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/02/08 10:37:35 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/02/08 10:37:35 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/02/08 10:37:33 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/02/08 10:37:33 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/02/08 10:37:33 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/02/08 10:37:33 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/02/08 10:37:33 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/02/08 10:37:33 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/02/08 10:37:33 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2012/02/08 10:37:33 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/02/08 10:37:33 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/02/08 10:37:33 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/02/08 10:37:33 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/02/08 10:37:32 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/02/08 10:37:31 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/02/08 10:37:31 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/02/08 10:37:31 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/02/08 10:37:31 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/02/08 10:37:31 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll
[2012/02/08 10:37:31 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/02/08 10:37:31 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/02/08 10:37:31 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/02/08 10:37:31 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/02/08 10:37:31 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/02/08 10:37:31 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/02/08 10:37:30 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/02/08 10:37:30 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/02/08 10:37:30 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/02/08 10:37:30 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/02/08 10:37:30 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/02/08 10:37:30 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/02/08 10:37:30 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/02/08 10:37:29 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/02/08 10:37:29 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/02/08 10:37:29 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/02/08 10:37:29 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/02/08 10:37:29 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/02/08 10:37:29 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/02/08 10:37:29 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/02/08 10:37:29 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/02/08 10:37:29 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/02/08 10:37:29 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/02/08 10:37:29 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/02/08 10:37:28 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/08 10:37:28 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/02/08 10:37:28 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/02/08 10:37:28 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/02/08 10:37:28 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/02/08 10:37:28 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll

========== Files Created - No Company Name ==========

[2012/03/05 16:23:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/05 16:23:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/05 16:23:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/05 16:23:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/05 16:23:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/03 22:58:57 | 000,002,372 | ---- | C] () -- C:\Users\Luís\Documents\Dieta.rar
[2012/02/08 10:37:36 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/02/08 10:37:29 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/12/22 10:19:49 | 000,000,000 | ---- | C] () -- C:\ProgramData\12"senha + email"
[2011/09/22 20:51:39 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2011/09/22 20:51:39 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2011/09/22 20:51:39 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2011/09/22 20:51:39 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2011/09/22 20:51:39 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2011/09/22 20:51:39 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/20 16:31:29 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2010/12/20 20:10:25 | 000,000,140 | ---- | C] () -- C:\Windows\SysWow64\ptl5.dat.{B03B289B-C438-4D0F-B3B0-52F9FE7B661D}
[2010/12/20 19:58:57 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\ptlx55.dat.{5728B11F-B697-47AA-9C1B-8ECB545B5193}

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 18:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/08/23 22:12:11 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2012/03/05 17:13:30 | 000,162,465 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 18:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/04/14 19:51:45 | 000,171,136 | RHS- | M] () -- C:\grldr
[2012/03/05 16:33:26 | 4294,041,600 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2002/01/05 03:38:38 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\msvci70.dll
[2009/09/18 21:23:27 | 000,000,767 | -H-- | M] () -- C:\os907941.bin
[2012/03/05 16:33:25 | 312,664,063 | -HS- | M] () -- C:\pagefile.sys
[2009/08/21 22:50:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/08/21 22:50:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/08/23 22:45:51 | 000,018,108 | ---- | M] () -- C:\YukonInstall.log
[2011/10/14 18:33:51 | 000,002,519 | ---- | M] () -- C:\ZendOptimizer_errors.txt

< %userprofile%\*.* >
[2012/03/05 17:21:54 | 010,485,760 | -HS- | M] () -- C:\Users\Luís\ntuser.dat
[2012/03/05 17:21:54 | 000,262,144 | -H-- | M] () -- C:\Users\Luís\ntuser.dat.LOG1
[2009/08/23 22:29:39 | 000,000,000 | -H-- | M] () -- C:\Users\Luís\ntuser.dat.LOG2
[2011/01/26 00:41:50 | 000,065,536 | -HS- | M] () -- C:\Users\Luís\ntuser.dat{27aa4949-28d9-11e0-b854-002354057333}.TM.blf
[2011/01/26 00:41:50 | 000,524,288 | -HS- | M] () -- C:\Users\Luís\ntuser.dat{27aa4949-28d9-11e0-b854-002354057333}.TMContainer00000000000000000001.regtrans-ms
[2011/01/26 00:41:50 | 000,524,288 | -HS- | M] () -- C:\Users\Luís\ntuser.dat{27aa4949-28d9-11e0-b854-002354057333}.TMContainer00000000000000000002.regtrans-ms
[2011/01/25 20:14:39 | 000,065,536 | -HS- | M] () -- C:\Users\Luís\NTUSER.DAT{47de919e-904b-11de-b4aa-806e6f6e6963}.TM.blf
[2011/01/25 20:14:39 | 000,524,288 | -HS- | M] () -- C:\Users\Luís\NTUSER.DAT{47de919e-904b-11de-b4aa-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/08/23 22:36:08 | 000,524,288 | -HS- | M] () -- C:\Users\Luís\NTUSER.DAT{47de919e-904b-11de-b4aa-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2012/03/05 16:32:22 | 000,065,536 | -HS- | M] () -- C:\Users\Luís\ntuser.dat{7ef9260d-28dc-11e0-a3d7-002354057333}.TM.blf
[2012/03/05 16:32:22 | 000,524,288 | -HS- | M] () -- C:\Users\Luís\ntuser.dat{7ef9260d-28dc-11e0-a3d7-002354057333}.TMContainer00000000000000000001.regtrans-ms
[2011/01/26 07:42:22 | 000,524,288 | -HS- | M] () -- C:\Users\Luís\ntuser.dat{7ef9260d-28dc-11e0-a3d7-002354057333}.TMContainer00000000000000000002.regtrans-ms
[2011/01/25 20:37:29 | 000,065,536 | -HS- | M] () -- C:\Users\Luís\ntuser.dat{b1a54524-28d2-11e0-bc52-002354057333}.TM.blf
[2011/01/25 20:37:29 | 000,524,288 | -HS- | M] () -- C:\Users\Luís\ntuser.dat{b1a54524-28d2-11e0-bc52-002354057333}.TMContainer00000000000000000001.regtrans-ms
[2011/01/25 20:37:29 | 000,524,288 | -HS- | M] () -- C:\Users\Luís\ntuser.dat{b1a54524-28d2-11e0-bc52-002354057333}.TMContainer00000000000000000002.regtrans-ms
[2009/08/23 22:29:39 | 000,000,020 | -HS- | M] () -- C:\Users\Luís\ntuser.ini

< %USERPROFILE%\AppData\Roaming /S >

< %USERPROFILE%\AppData\Roaming\*.* >

< %systemroot%\system32\drivers\*.* /90 >

< %ALLUSERSPROFILE%\*.* >
[2009/08/24 01:57:41 | 000,000,085 | -HS- | M] () -- C:\ProgramData\.zreglib
[2011/12/22 10:19:49 | 000,000,000 | ---- | M] () -- C:\ProgramData\12"senha + email"
[2011/06/04 08:56:27 | 000,000,193 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2009/09/14 00:56:05 | 000,000,446 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Firewall Rules >

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:2BE9FEFC

< End of report >

------------
ComboFix.txt:

http://pastebin.com/0BWthLDs

 

[andlsa]

Sim. Mas já foi removido pelo OTM.


Não, estas informações constarem no log não quer dizer que foram enviadas a terceiros. Aliás, não há como saber isso. Os logs também nunca exibem senhas do usuário.

O keylogger foi eliminado e o arquivo principal do backdoor também. Porém, as chaves que o backdoor criou no registro permanecem.

Siga o spoiler abaixo Luis.

Spoiler

Delete a pasta C:\_OTMoveIt.

Baixe o ComboFix, salve no desktop (isso é importante) e utilize-o conforme este tutorial.
Ao término do scan do ComboFix, um log estará em C:\ComboFix.txt. Deixe-o lá por ora.



1. Abra o OTL e no campo inferior azul "Exames Personalizados/Correções" cole o script abaixo.

netsvcs
%SYSTEMDRIVE%\*.*
%userprofile%\*.*
%USERPROFILE%\AppData\Roaming /S
%USERPROFILE%\AppData\Roaming\*.*
%systemroot%\system32\drivers\*.* /90
%ALLUSERSPROFILE%\*.*
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Firewall Rules

2. Clique em Verificar em aguarde.

Poste os logs OTL.Txt e ComboFix.txt.

Diga se o problema com os acentos persiste ainda.

andlsa, siga o spoiler.

Spoiler

1. Faça o download do Malwarebytes Anti-Malware e salve-o no desktop;

2. Execute o programa para iniciar a instalação. Selecione o idioma Português (Brasil);
3. Ao final da instalação, marque as opções "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em Concluir;
4. Após a instalação execute o programa;
5. Marque a opção Verificação Completa e depois clique em Verificar. Selecione sua unidade C: e clique no botão Iniciar Verificação;
6. Quando o scan terminar, clique em OK e o log será automaticamente aberto para você;
7. Se algo for detectado, verifique se todos os itens estão marcados e clique no botão Remover Tudo.
OBS: Caso apareça uma mensagem pedindo para que você reinicie o computador para completar o processo de remoção, reinicie-o imediatamente;
8. O log pode ser consultado clicando em Logs do menu principal também;

Copie e cole o conteúdo desse log na sua próxima resposta, juntamente com um novo log do OTL.

Mr Wolf, O Malwarebytes encontrou um Keygen e considerou o mesmo como um Riskware. Seguem os logs:

OTL:

Spoiler

OTL logfile created on: 06/03/2012 10:28:53 - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Anderson Backup\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 61,80% Memory free
6,00 Gb Paging File | 4,66 Gb Available in Paging File | 77,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 54,52 Gb Total Space | 11,29 Gb Free Space | 20,71% Space Free | Partition Type: NTFS
Drive E: | 20,00 Gb Total Space | 2,33 Gb Free Space | 11,64% Space Free | Partition Type: NTFS

Computer Name: AND-PC | User Name: Anderson Backup | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/17 18:29:59 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/02/15 18:21:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Anderson Backup\Desktop\OTL.exe
PRC - [2012/01/29 19:29:10 | 000,341,920 | ---- | M] () -- C:\Program Files\TIM Communicator\orolixcommunicator.exe
PRC - [2012/01/27 21:49:39 | 000,026,528 | ---- | M] (Orolix Desenvolvimento de Software LTDA.) -- C:\Program Files\TIM Communicator\module\devicemon.exe
PRC - [2012/01/16 15:28:30 | 000,546,768 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2012/01/11 15:18:14 | 002,659,768 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
PRC - [2012/01/11 15:18:14 | 001,117,624 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
PRC - [2012/01/11 13:56:12 | 000,402,336 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
PRC - [2012/01/11 13:56:08 | 000,071,008 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\TFEngine\TFService.exe
PRC - [2011/10/15 05:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/15 05:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/10/15 05:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/10/14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/08/15 14:11:40 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011/08/15 14:09:06 | 001,526,080 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 03:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/12/23 18:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009/08/10 14:59:50 | 000,178,720 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2009/08/10 14:59:48 | 000,387,616 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2009/08/04 16:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/08/04 16:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2008/06/25 02:08:20 | 001,855,488 | ---- | M] (C-Media Electronic Inc. (C-Media Electronics, Inc.)) -- C:\Windows\mixer.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/17 18:29:59 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/01/29 19:29:10 | 000,341,920 | ---- | M] () -- C:\Program Files\TIM Communicator\orolixcommunicator.exe
MOD - [2012/01/29 19:24:34 | 000,032,160 | ---- | M] () -- C:\Program Files\TIM Communicator\module\modqoscommunicator.dll
MOD - [2012/01/27 20:32:02 | 000,968,704 | ---- | M] () -- C:\Users\Anderson Backup\AppData\Roaming\Mozilla\Firefox\Profiles\ce9qzd59.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2012/01/11 15:18:42 | 000,861,112 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\SpamMonitor\SMPlugin.dll
MOD - [2012/01/11 15:18:16 | 000,376,248 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\PCTUI\PCTUI.dll
MOD - [2012/01/09 15:56:56 | 000,079,872 | ---- | M] () -- C:\Users\Anderson Backup\AppData\Roaming\Mozilla\Firefox\Profiles\ce9qzd59.default\extensions\{8c311d0a-7d76-4f96-a7b6-0a2758dee5a4}\components\RadioWMPCoreGecko10.dll
MOD - [2011/10/14 23:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/06/29 18:15:40 | 000,337,312 | ---- | M] () -- C:\Program Files\TIM Communicator\module\plugins\sqldrivers\qsqlite4.dll
MOD - [2010/06/29 18:15:40 | 000,222,624 | ---- | M] () -- C:\Program Files\TIM Communicator\module\plugins\phonon_backend\phonon_ds94.dll
MOD - [2010/06/29 18:15:40 | 000,189,856 | ---- | M] () -- C:\Program Files\TIM Communicator\module\plugins\imageformats\qjpeg4.dll
MOD - [2010/06/29 18:15:40 | 000,075,168 | ---- | M] () -- C:\Program Files\TIM Communicator\module\plugins\imageformats\qico4.dll
MOD - [2010/06/29 18:15:40 | 000,075,168 | ---- | M] () -- C:\Program Files\TIM Communicator\module\plugins\imageformats\qgif4.dll
MOD - [2010/06/29 10:15:56 | 007,796,128 | ---- | M] () -- C:\Program Files\TIM Communicator\module\QtWebKit4.dll
MOD - [2010/06/29 10:15:56 | 006,350,240 | ---- | M] () -- C:\Program Files\TIM Communicator\module\QtGui4.dll
MOD - [2010/06/29 10:15:56 | 001,770,912 | ---- | M] () -- C:\Program Files\TIM Communicator\module\QtCore4.dll
MOD - [2010/06/29 10:15:56 | 001,451,424 | ---- | M] () -- C:\Program Files\TIM Communicator\module\QtNetwork4.dll
MOD - [2010/06/29 10:15:56 | 000,263,584 | ---- | M] () -- C:\Program Files\TIM Communicator\module\QtXml4.dll
MOD - [2010/06/29 10:15:56 | 000,206,240 | ---- | M] () -- C:\Program Files\TIM Communicator\module\phonon4.dll
MOD - [2010/06/29 10:15:56 | 000,152,992 | ---- | M] () -- C:\Program Files\TIM Communicator\module\QtSql4.dll
MOD - [2010/03/15 10:28:24 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/07/30 17:15:32 | 000,503,202 | ---- | M] () -- C:\Program Files\DeviceVM\Browser Configuration Utility\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/02/11 21:26:26 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/27 21:49:39 | 000,026,528 | ---- | M] (Orolix Desenvolvimento de Software LTDA.) [Auto | Running] -- C:\Program Files\TIM Communicator\module\devicemon.exe -- (OrolixDeviceMonitor)
SRV - [2012/01/16 15:28:30 | 000,546,768 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012/01/11 15:18:14 | 001,117,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/01/11 13:56:12 | 000,402,336 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/01/11 13:56:08 | 000,071,008 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\PC Tools\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2011/10/15 05:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/15 14:09:06 | 001,526,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/08/15 14:03:24 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/24 13:49:34 | 000,310,640 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2011/01/08 12:44:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/12/23 18:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/08/10 14:59:50 | 000,178,720 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009/08/10 14:59:48 | 000,387,616 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2009/08/04 16:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 22:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2012/02/13 19:01:42 | 000,054,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\0ca6E9B.sys -- (0ca6E9B)
DRV - [2012/02/13 18:47:57 | 000,054,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\6c3223.sys -- (6c3223)
DRV - [2012/02/13 18:37:05 | 000,054,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\6c67A4E.sys -- (6c67A4E)
DRV - [2012/02/13 18:28:17 | 000,054,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\19bB13E.sys -- (19bB13E)
DRV - [2012/01/11 15:19:24 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2012/01/11 15:19:12 | 000,125,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2012/01/11 15:19:02 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2012/01/11 15:14:30 | 000,253,352 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2012/01/11 13:56:12 | 000,574,424 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfSysMon.sys -- (TFSysMon)
DRV - [2012/01/11 13:56:12 | 000,054,328 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2012/01/11 13:56:12 | 000,035,264 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2011/12/01 15:07:06 | 000,909,728 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2011/12/01 15:07:06 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2011/11/30 08:19:48 | 000,058,400 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctNdisLW.sys -- (pctNdisLW)
DRV - [2011/11/14 14:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011/11/14 14:12:24 | 000,162,584 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2011/11/09 15:33:30 | 000,091,136 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2011/10/15 05:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/09/28 12:14:02 | 000,056,840 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2011/05/31 14:03:04 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/01/08 15:57:36 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/11/20 03:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 03:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 03:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 01:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 01:21:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 00:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 00:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 00:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/08/30 10:19:54 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2010/08/12 11:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010/07/14 12:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2010/06/02 09:50:36 | 000,105,088 | ---- | M] (Onda Communication) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ONDAusbvoice.sys -- (ONDAusbvoice)
DRV - [2010/06/02 09:50:36 | 000,105,088 | ---- | M] (Onda Communication) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ondausbser6k.sys -- (ONDAusbser6k)
DRV - [2010/06/02 09:50:36 | 000,105,088 | ---- | M] (Onda Communication) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ondausbnmea.sys -- (ONDAusbnmea)
DRV - [2010/06/02 09:50:36 | 000,105,088 | ---- | M] (Onda Communication) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ondausbmdm6k.sys -- (ONDAusbmdm6k)
DRV - [2009/08/04 16:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2009/07/13 19:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/04/29 14:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)
DRV - [2008/06/25 02:08:20 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2007/11/08 10:30:08 | 000,454,656 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.sys -- (PAC7302)
DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-497863422-237361048-368514812-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = A maioria dos profissionais diretório websites, mais próximos os serviços vivos
IE - HKU\S-1-5-21-497863422-237361048-368514812-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
IE - HKU\S-1-5-21-497863422-237361048-368514812-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 CE EF 32 65 4E CC 01 [binary data]
IE - HKU\S-1-5-21-497863422-237361048-368514812-1007\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-497863422-237361048-368514812-1007\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-497863422-237361048-368514812-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "socialbrowser Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3083266&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: iobit@mybrowserbar.com:4.4
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.5
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:4.0.1
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.74.0
FF - prefs.js..extensions.enabledItems: glasser@sixxgate.com:3.5.2
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.2
FF - prefs.js..extensions.enabledItems: {d3f4b70a-92e0-4393-a0f3-976d03b1ebf5}:3.5.0.12
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1203
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3083266&SearchSource=2&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ma-config.com/HardwareDetection: C:\Program Files\ma-config.com\nphardwaredetection.dll (Cybelsoft)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/01 21:40:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2012/02/11 16:00:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/17 18:29:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/01 21:40:27 | 000,000,000 | ---D | M]

[2011/07/28 20:49:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anderson Backup\AppData\Roaming\mozilla\Extensions
[2012/02/28 18:59:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anderson Backup\AppData\Roaming\mozilla\Firefox\Profiles\ce9qzd59.default\extensions
[2012/01/30 21:19:36 | 000,000,000 | ---D | M] (socialbrowser Community Toolbar) -- C:\Users\Anderson Backup\AppData\Roaming\mozilla\Firefox\Profiles\ce9qzd59.default\extensions\{8c311d0a-7d76-4f96-a7b6-0a2758dee5a4}
[2012/01/29 22:29:21 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Anderson Backup\AppData\Roaming\mozilla\Firefox\Profiles\ce9qzd59.default\extensions\foxmarks@kei.com
[2012/01/29 22:29:23 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Anderson Backup\AppData\Roaming\mozilla\Firefox\Profiles\ce9qzd59.default\extensions\support@lastpass.com
[2012/01/09 15:56:56 | 000,000,929 | ---- | M] () -- C:\Users\Anderson Backup\AppData\Roaming\Mozilla\Firefox\Profiles\ce9qzd59.default\searchplugins\conduit.xml
[2012/03/04 19:39:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\ANDERSON BACKUP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CE9QZD59.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\ANDERSON BACKUP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CE9QZD59.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\USERS\ANDERSON BACKUP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CE9QZD59.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/02/17 18:29:59 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/12 16:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 16:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 16:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/10/12 16:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/12 18:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2010/10/12 16:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012/02/01 21:17:18 | 000,001,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\buscape.xml
[2012/02/01 21:17:18 | 000,001,212 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml
[2012/02/01 21:17:18 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/02/01 21:17:18 | 000,001,168 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-br.xml
[2012/02/01 21:17:18 | 000,000,952 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: ([2012/02/02 20:05:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-497863422-237361048-368514812-1007\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [C-Media Mixer] C:\Windows\mixer.exe (C-Media Electronic Inc. (C-Media Electronics, Inc.))
O4 - HKLM..\Run: [C-Media Speaker Configuration] C:\Program Files\C-Media\WIN_ME\Setup.exe ()
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKU\S-1-5-21-497863422-237361048-368514812-1007..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-497863422-237361048-368514812-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-497863422-237361048-368514812-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-497863422-237361048-368514812-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-497863422-237361048-368514812-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-497863422-237361048-368514812-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-497863422-237361048-368514812-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-497863422-237361048-368514812-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Enviar para o OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.13.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DF936A8-3AA1-425E-BE05-C82D535A9FEE}: NameServer = 200.220.227.56 200.142.130.202
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/05 20:52:44 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\AppData\Roaming\Malwarebytes
[2012/03/05 20:48:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/05 20:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/05 20:48:05 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/05 20:48:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/05 17:41:15 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Anderson Backup\Desktop\mbam-setup-1.60.1.1000.exe
[2012/03/04 21:35:28 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\Desktop\page__p__830569_arquivos
[2012/02/28 19:33:13 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/28 19:28:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/28 19:28:03 | 000,000,000 | --SD | C] -- C:\60329_combofix_12222178346
[2012/02/28 19:27:16 | 000,000,000 | --SD | C] -- C:\60329_combofix_12222183806
[2012/02/28 19:24:15 | 000,000,000 | --SD | C] -- C:\60329_combofix_122221177186
[2012/02/28 19:23:43 | 000,000,000 | --SD | C] -- C:\60329_combofix_122221100616
[2012/02/28 19:20:16 | 000,000,000 | --SD | C] -- C:\60329_combofix_122221183956
[2012/02/28 19:19:54 | 000,000,000 | --SD | C] -- C:\60329_combofix_122221
[2012/02/21 23:45:31 | 000,000,000 | ---D | C] -- C:\01d0815344442e0fd540
[2012/02/20 21:06:53 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\AppData\Local\{249B6E2E-CF46-4CAB-8EB8-6DE5804CE1E6}
[2012/02/20 21:06:19 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\AppData\Local\{CDBBD1EB-391B-4DBC-AE33-0A2E5CD4EEFB}
[2012/02/20 13:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Fire Screensaver
[2012/02/20 13:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\Free Fire Screensaver
[2012/02/20 13:26:13 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\AppData\Roaming\Laconic Software
[2012/02/15 18:23:46 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Anderson Backup\Desktop\TDSSKiller.exe
[2012/02/15 18:21:17 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Anderson Backup\Desktop\OTL.exe
[2012/02/13 18:53:19 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/02/12 12:00:12 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\Desktop\explorer++_1.3.4_x86
[2012/02/12 02:00:44 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\Desktop\captchatrader
[2012/02/12 01:38:29 | 000,000,000 | ---D | C] -- C:\!KillBox
[2012/02/12 01:26:31 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Anderson Backup\Desktop\HijackThis.exe
[2012/02/12 00:49:34 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/02/12 00:49:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/12 00:39:59 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/12 00:29:21 | 000,000,000 | ---D | C] -- C:\60329_combofix_1112282301016
[2012/02/11 16:44:57 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\AppData\Roaming\PC Tools
[2012/02/11 16:44:54 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\AppData\Roaming\Spam Monitor
[2012/02/11 16:00:50 | 000,056,840 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTBD.sys
[2012/02/11 16:00:49 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012/02/11 16:00:48 | 002,246,608 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012/02/11 16:00:48 | 001,681,360 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012/02/11 15:59:50 | 000,253,352 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2012/02/11 15:59:50 | 000,107,864 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2012/02/11 15:59:36 | 000,017,848 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys
[2012/02/11 15:59:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/02/11 15:59:34 | 000,574,424 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
[2012/02/11 15:59:34 | 000,054,328 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
[2012/02/11 15:59:34 | 000,035,264 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys
[2012/02/11 15:59:24 | 000,091,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys
[2012/02/11 15:59:24 | 000,058,400 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdisLW.sys
[2012/02/11 15:59:23 | 000,125,888 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplfw.sys
[2012/02/11 15:59:23 | 000,032,936 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-DNS.sys
[2012/02/11 15:59:20 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2012/02/11 15:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/02/11 12:53:23 | 000,909,728 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2012/02/11 12:53:22 | 000,342,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2012/02/11 12:53:21 | 000,331,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2012/02/11 12:53:21 | 000,162,584 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2012/02/11 12:53:19 | 000,185,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012/02/11 12:40:12 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\AppData\Roaming\TestApp
[2012/02/11 06:39:38 | 000,000,000 | ---D | C] -- C:\60329_combofix_1112282219266
[2012/02/11 06:19:40 | 000,000,000 | ---D | C] -- C:\60329_combofix_1112282
[2012/02/08 18:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/02/08 18:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2012/02/06 19:34:38 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\AppData\Local\Ubisoft Game Launcher
[2012/02/06 18:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assassins Creed Revelations
[2012/02/06 18:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\AC Revelations
[2011/08/01 22:06:39 | 003,486,088 | ---- | C] (Ask) -- C:\Program Files\Common Files\ApnToolbarInstaller.exe
[2011/08/01 22:06:39 | 000,143,240 | ---- | C] (Ask.com) -- C:\Program Files\Common Files\ApnStub.exe
[7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/06 10:29:44 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/06 10:29:44 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/06 10:23:17 | 001,856,693 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012/03/06 10:19:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/05 23:19:34 | 000,675,200 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2012/03/05 23:19:34 | 000,626,678 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/05 23:19:34 | 000,133,936 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2012/03/05 23:19:34 | 000,111,216 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/05 20:48:08 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/05 17:52:19 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Anderson Backup\Desktop\mbam-setup-1.60.1.1000.exe
[2012/03/05 08:35:38 | 000,040,324 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\dica de treino.jpg
[2012/03/04 21:35:40 | 000,087,266 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\page__p__830569.htm
[2012/03/04 19:39:05 | 000,000,052 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2012/03/04 19:38:41 | 000,605,989 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\adwcleaner(1).exe
[2012/03/04 19:35:57 | 000,519,120 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\adwcleaner.exe
[2012/03/04 17:12:48 | 000,044,469 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\xpctools.png
[2012/03/03 10:26:52 | 000,053,735 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\Tabela De Dieta.zip
[2012/03/01 19:21:25 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/02/29 23:53:30 | 000,077,312 | ---- | M] () -- C:\Users\Anderson Backup\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/28 19:31:22 | 002,044,186 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\tdsskiller(1).zip
[2012/02/27 12:59:34 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Anderson Backup\Desktop\TDSSKiller.exe
[2012/02/20 23:09:04 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/20 23:09:04 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/20 13:26:38 | 000,001,043 | ---- | M] () -- C:\Users\Public\Desktop\Configure Free Fire Screensaver.lnk
[2012/02/20 13:26:38 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\Launch Free Fire Screensaver.lnk
[2012/02/16 22:00:29 | 000,000,868 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\TIM Communicator.lnk
[2012/02/16 18:12:35 | 002,041,519 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\tdsskiller.zip
[2012/02/16 06:09:34 | 000,413,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/15 18:21:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Anderson Backup\Desktop\OTL.exe
[2012/02/13 19:01:42 | 000,054,624 | ---- | M] () -- C:\Windows\System32\0ca6E9B.sys
[2012/02/13 19:01:39 | 002,335,270 | ---- | M] () -- C:\Windows\System32\9f96547.mht
[2012/02/13 18:47:57 | 000,054,624 | ---- | M] () -- C:\Windows\System32\6c3223.sys
[2012/02/13 18:47:49 | 002,335,270 | ---- | M] () -- C:\Windows\System32\88eE06F.mht
[2012/02/13 18:37:05 | 000,054,624 | ---- | M] () -- C:\Windows\System32\6c67A4E.sys
[2012/02/13 18:36:52 | 002,335,270 | ---- | M] () -- C:\Windows\System32\0404826.mht
[2012/02/13 18:28:17 | 000,054,624 | ---- | M] () -- C:\Windows\System32\19bB13E.sys
[2012/02/13 18:28:14 | 002,335,270 | ---- | M] () -- C:\Windows\System32\a77A5D8.mht
[2012/02/13 18:27:59 | 002,335,270 | ---- | M] () -- C:\Windows\System32\e096ABC.mht
[2012/02/12 17:47:04 | 000,097,953 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\and.jpg
[2012/02/12 02:14:18 | 000,000,038 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\captchatrader.properties
[2012/02/12 02:08:24 | 000,592,189 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\explorer++_1.3.4_x86.zip
[2012/02/12 01:59:58 | 000,382,525 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\captchatrader4jdownloader_win.zip
[2012/02/12 01:36:29 | 000,090,350 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\Killbox 2.0.0.881.rar
[2012/02/12 01:27:47 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Anderson Backup\Desktop\HijackThis.exe
[2012/02/11 16:34:52 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SM.lock
[2012/02/11 15:59:42 | 000,002,159 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Internet Security.lnk
[2012/02/11 12:40:13 | 000,001,544 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\sdsetup.exe.lnk
[2012/02/09 17:36:25 | 000,001,634 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\Dungeon Siege III.exe - Atalho.lnk
[2012/02/09 05:43:36 | 000,002,664 | ---- | M] () -- C:\Users\Anderson Backup\Documents\ax_files.xml
[2012/02/08 18:42:26 | 000,000,835 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/02/06 19:33:55 | 000,001,124 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\UbisoftGameLauncher.exe - Atalho.lnk
[2012/02/06 18:41:03 | 000,001,884 | ---- | M] () -- C:\Users\Public\Desktop\Ñêà÷àòü Åùå Èãðû.lnk
[2012/02/06 18:41:03 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Assassin's Creed Revelations.lnk
[7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/05 20:48:08 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/05 08:35:36 | 000,040,324 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\dica de treino.jpg
[2012/03/04 21:35:27 | 000,087,266 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\page__p__830569.htm
[2012/03/04 19:39:05 | 000,000,052 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2012/03/04 19:38:05 | 000,605,989 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\adwcleaner(1).exe
[2012/03/04 19:35:15 | 000,519,120 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\adwcleaner.exe
[2012/03/04 17:02:37 | 000,044,469 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\xpctools.png
[2012/03/03 10:26:27 | 000,053,735 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\Tabela De Dieta.zip
[2012/02/28 19:28:33 | 002,044,186 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\tdsskiller(1).zip
[2012/02/20 13:26:38 | 000,001,043 | ---- | C] () -- C:\Users\Public\Desktop\Configure Free Fire Screensaver.lnk
[2012/02/20 13:26:38 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\Launch Free Fire Screensaver.lnk
[2012/02/16 22:00:29 | 000,000,868 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\TIM Communicator.lnk
[2012/02/16 18:10:00 | 002,041,519 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\tdsskiller.zip
[2012/02/13 19:01:42 | 000,054,624 | ---- | C] () -- C:\Windows\System32\0ca6E9B.sys
[2012/02/13 19:01:39 | 002,335,270 | ---- | C] () -- C:\Windows\System32\9f96547.mht
[2012/02/13 18:47:57 | 000,054,624 | ---- | C] () -- C:\Windows\System32\6c3223.sys
[2012/02/13 18:47:49 | 002,335,270 | ---- | C] () -- C:\Windows\System32\88eE06F.mht
[2012/02/13 18:37:05 | 000,054,624 | ---- | C] () -- C:\Windows\System32\6c67A4E.sys
[2012/02/13 18:36:52 | 002,335,270 | ---- | C] () -- C:\Windows\System32\0404826.mht
[2012/02/13 18:28:17 | 000,054,624 | ---- | C] () -- C:\Windows\System32\19bB13E.sys
[2012/02/13 18:28:14 | 002,335,270 | ---- | C] () -- C:\Windows\System32\a77A5D8.mht
[2012/02/13 18:27:59 | 002,335,270 | ---- | C] () -- C:\Windows\System32\e096ABC.mht
[2012/02/12 17:47:01 | 000,097,953 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\and.jpg
[2012/02/12 02:14:17 | 000,000,038 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\captchatrader.properties
[2012/02/12 02:07:15 | 000,592,189 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\explorer++_1.3.4_x86.zip
[2012/02/12 01:59:31 | 000,382,525 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\captchatrader4jdownloader_win.zip
[2012/02/12 01:37:22 | 000,001,710 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\Mina de Download.url
[2012/02/12 01:35:30 | 000,090,350 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\Killbox 2.0.0.881.rar
[2012/02/11 16:34:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SM.lock
[2012/02/11 16:00:49 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012/02/11 16:00:49 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip
[2012/02/11 16:00:49 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2012/02/11 16:00:49 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2012/02/11 16:00:49 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2012/02/11 15:59:42 | 000,002,159 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Internet Security.lnk
[2012/02/11 12:40:13 | 000,001,544 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\sdsetup.exe.lnk
[2012/02/09 17:36:25 | 000,001,634 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\Dungeon Siege III.exe - Atalho.lnk
[2012/02/08 18:42:26 | 000,000,835 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/02/06 19:33:55 | 000,001,124 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\UbisoftGameLauncher.exe - Atalho.lnk
[2012/02/06 18:41:03 | 000,001,884 | ---- | C] () -- C:\Users\Public\Desktop\Ñêà÷àòü Åùå Èãðû.lnk
[2012/02/06 18:41:03 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Assassin's Creed Revelations.lnk
[2012/01/31 18:34:26 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/01/31 18:34:26 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/01/31 18:34:15 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/10/14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/09/27 19:12:00 | 000,637,215 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011/07/31 11:50:06 | 000,007,887 | ---- | C] () -- C:\Users\Anderson Backup\AppData\Roaming\pcouffin.cat
[2011/07/31 11:50:06 | 000,001,144 | ---- | C] () -- C:\Users\Anderson Backup\AppData\Roaming\pcouffin.inf
[2011/07/28 22:59:51 | 000,077,312 | ---- | C] () -- C:\Users\Anderson Backup\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/28 21:45:44 | 000,000,272 | ---- | C] () -- C:\Windows\reimage.ini
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/04/09 16:09:20 | 000,000,022 | ---- | C] () -- C:\Windows\cmm.dat
[2011/04/09 16:09:11 | 000,000,186 | ---- | C] () -- C:\Windows\System32\CleanMem.ini
[2011/04/05 08:54:49 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2011/04/05 08:54:49 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2011/02/27 18:52:39 | 000,286,208 | ---- | C] () -- C:\Windows\System32\binkw32.dll
[2011/02/06 00:53:19 | 000,101,072 | ---- | C] () -- C:\Windows\UTP.exe
[2011/01/22 16:36:42 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011/01/20 20:17:05 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/01/20 20:16:47 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/01/08 16:24:00 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/01/08 14:46:49 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2011/01/08 14:46:47 | 000,004,333 | ---- | C] () -- C:\Windows\mixerdef.ini
[2011/01/08 14:46:27 | 000,039,279 | ---- | C] () -- C:\Windows\cmijack.dat
[2011/01/08 14:46:27 | 000,028,165 | ---- | C] () -- C:\Windows\cmijack.ini
[2011/01/08 14:46:27 | 000,023,041 | ---- | C] () -- C:\Windows\cmaudio.dat
[2011/01/08 14:46:27 | 000,018,240 | ---- | C] () -- C:\Windows\cmaudio.ini
[2011/01/08 14:46:26 | 000,000,462 | ---- | C] () -- C:\Windows\CMISETUP.INI
[2011/01/08 14:10:37 | 000,006,136 | R--- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/01/08 11:58:28 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/01/26 23:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/07/14 05:31:12 | 000,675,200 | ---- | C] () -- C:\Windows\System32\prfh0416.dat
[2009/07/14 05:31:12 | 000,323,154 | ---- | C] () -- C:\Windows\System32\prfi0416.dat
[2009/07/14 05:31:12 | 000,133,936 | ---- | C] () -- C:\Windows\System32\prfc0416.dat
[2009/07/14 05:31:12 | 000,038,536 | ---- | C] () -- C:\Windows\System32\prfd0416.dat
[2009/07/14 01:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 01:33:53 | 000,413,000 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 23:05:48 | 000,626,678 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 23:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 23:05:48 | 000,111,216 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 23:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 23:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 23:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 20:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 20:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 20:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 18:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/06/21 03:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2007/01/31 13:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll
[2005/02/05 16:46:00 | 000,004,608 | ---- | C] () -- C:\Windows\fgexec.dll

========== LOP Check ==========

[2011/12/08 20:07:49 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\Activision
[2012/02/10 21:31:55 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\Azureus
[2011/08/17 21:16:22 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\bizarre creations
[2011/08/10 20:27:36 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\FreeArc
[2011/08/04 19:36:11 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\ICAClient
[2012/02/10 21:13:19 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\IObit
[2012/02/20 13:26:13 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\Laconic Software
[2011/09/18 20:06:51 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\Need for Speed World
[2011/09/27 19:12:25 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\QuickScan
[2012/02/11 16:44:54 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\Spam Monitor
[2012/02/11 12:40:12 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\TestApp
[2011/10/10 22:54:08 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\TuneUp Software
[2012/02/01 22:14:53 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\Vso
[2012/02/10 19:20:46 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/10/11 19:33:39 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
[2011/10/11 19:28:28 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污

========== Alternate Data Streams ==========

@Alternate Data Stream - 245 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMPE406C3E
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >

Malwarebytes

Spoiler

Malwarebytes Anti-Malware 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Versão da Base de Dados: v2012.03.05.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Anderson Backup :: AND-PC [administrador]

05/03/2012 21:04:33
mbam-log-2012-03-05 (21-04-33).txt

Tipo de Verificação: Verificação Completa
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 326874
Tempo decorrido: 3 hora(s), 3 minuto(s), 12 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 1
E:\Jdownloader\Keygen - TuneUp 2011\Keygen - TuneUp 2011\keygen.exe (RiskWare.Tool.CK) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

 

[leonardovit]

Pessoal, há alguém que possa me ajudar a resolver um log do ComboFix? Ele criou o relatório, mas não entendo nadinha disso, e tô achando que andei pegando uns vírus por aí hehehe.

Segue o relatório:

Combofix.txt - Pastebin.com

 

[Mr.Wolf]

Luis_Oliveira, siga o spoiler.

Spoiler

Abra o bloco de notas e cole o texto abaixo dentro. Salve no desktop com o nome CFScript.txt

Folder::
c:\users\Luís\AppData\Roaming\Azudl
File::
C:\ProgramData\TEMP:2BE9FEFC
C:\sqmdata00.sqm
C:\sqmnoopt00.sqm

Arraste o CFScript.txt para o ícone do ComboFix.

A ferramenta será executada mais uma vez. Apenas siga os mesmos passos anteriores.
Ao término, poste o novo log C:\ComboFix.txt para uma última análise.

Os logs estão limpos, Luis. Se quiser, pode providenciar a alteração da(s) senha(s).

O problema com o 'duplo clique' começou agora ou já faz um tempo? Acredito que não esteja relacionado com as infecções que haviam aí.

Abraços

andlsa, de acordo com o log do OTL, não há mais infecções em sua máquina. Posso sugerir apenas um scan online.
Seu sistema definitivamente não está ou estava infectado pelo TDSS porque, como mencionei anteriormente, este malware causa dores de cabeça muito maiores. O PC Tools ainda emite alertas sobre tal ameaça?


leonardovit, o log está limpo. Cautela ao rodar o ComboFix sem ter a absoluta certeza de que seu computador está contaminado.

 

[J. Augusto F]

Não sei se é o tópico certo, mas preciso de conselho sobre um PC que vou mexer aqui. O irmão da minha cunhada fez a besteira de aceitar a mensagem de atualizar o Itoken, quando acessou o Itaú. Resultado, PC e conta invadidas. Bom, ele quer que eu resolva isso e preciso saber se a formatação é a melhor opção ou uso algum tipo de programa para resolver esse problema.
Pode me ajudar Mr. Wolf?

 

[leonardovit]

Ou seja, não contém nenhum virus? Ou pode conter e o ComboFix não ter relatado?! Pergunto pois meu Chrome está congelando muitas vezes, de uns dias pra cá, considerando que eu tenho acessado uns sites estranhos nos últimos dias.

O que pode ser esse congelamento? Posso rodar outros testes para detectar malwares, etc?

Grato pelo auxílio Mr.Wolf!

 

[Luis_Oliveira]

Mr.Wolf

Muito obrigado pela ajuda !
O problema com o duplo clique começou faz 2 dias +ou-..

Segue o log:

ComboFix.txt

Spoiler

ComboFix 12-03-04.02 - Luís 06/03/2012 17:05:36.2.4 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.55.1046.18.4094.2486 [GMT -3:00]
Executando de: c:\users\LuÝs\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\LuÝs\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-02-06 to 2012-03-06 ))))))))))))))))))))))))))))
.
.
2012-03-06 20:12 . 2012-03-06 20:12 -------- d-----w- c:\users\LUS~2\AppData\Local\temp
2012-03-06 20:12 . 2012-03-06 20:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-05 00:13 . 2012-03-05 00:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-04 00:01 . 2012-03-04 00:37 16200 ----a-w- c:\windows\stinger.sys
2012-03-04 00:00 . 2012-03-04 08:15 -------- d-----w- c:\program files (x86)\stinger
2012-03-03 23:57 . 2012-03-05 20:45 -------- d-----w- c:\users\Luís\Virus
2012-03-03 04:46 . 2012-03-03 04:46 -------- d-----w- c:\users\Luís\AppData\Roaming\FRISK Software
2012-03-03 04:31 . 2012-03-03 04:31 -------- d-----w- c:\programdata\FRISK Software
2012-03-03 01:41 . 2012-03-03 01:41 -------- d-----w- c:\program files (x86)\MSECache
2012-03-02 17:35 . 2012-03-02 17:35 -------- d-----w- c:\users\Luís\AppData\Roaming\Azudl
2012-03-02 15:35 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{125CE281-981A-4782-AC93-0A28F7F0D75C}\mpengine.dll
2012-02-21 21:04 . 2012-03-03 03:37 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-02-21 21:04 . 2012-03-03 03:37 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-02-21 21:04 . 2012-03-03 03:37 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-02-21 21:04 . 2012-03-03 03:37 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-02-16 15:44 . 2011-12-14 16:38 621056 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 15:44 . 2011-12-14 16:17 680448 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-16 15:44 . 2012-01-12 20:16 2765824 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 15:44 . 2012-01-03 14:25 404992 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-16 15:44 . 2011-12-20 10:56 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-02-16 15:44 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 07:10 . 2009-10-03 19:13 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-10 18:24 . 2009-11-09 11:53 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-05_19.58.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-24 01:20 . 2012-03-06 00:43 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-24 01:20 . 2012-03-05 01:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-04 22:06 . 2012-03-06 00:43 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-03-04 22:06 . 2012-03-05 01:35 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-24 01:20 . 2012-03-05 01:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-24 01:20 . 2012-03-06 00:43 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-24 01:39 . 2012-03-06 20:15 53656 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-08-24 01:31 . 2012-03-06 20:16 12470 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3401796189-860128465-4073613164-1000_UserData.bin
+ 2009-08-24 02:00 . 2012-03-06 06:50 1580 c:\windows\system32\WDI\ERCQueuedResolutions.dat
- 2012-03-05 19:33 . 2012-03-05 19:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-06 20:14 . 2012-03-06 20:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-05 19:33 . 2012-03-05 19:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-06 20:14 . 2012-03-06 20:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 15:44 . 2012-03-06 20:16 172906 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-06 02:48 . 2012-03-06 08:37 643338 c:\windows\system32\prfh0416.dat
- 2006-11-06 02:48 . 2012-03-05 19:40 643338 c:\windows\system32\prfh0416.dat
- 2006-11-06 02:48 . 2012-03-05 19:40 124862 c:\windows\system32\prfc0416.dat
+ 2006-11-06 02:48 . 2012-03-06 08:37 124862 c:\windows\system32\prfc0416.dat
- 2006-11-02 12:46 . 2012-03-05 19:40 595798 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-03-06 08:37 595798 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-03-06 08:37 103872 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2012-03-05 19:40 103872 c:\windows\system32\perfc009.dat
+ 2010-11-01 23:59 . 2012-03-06 20:12 331944 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-11-01 23:59 . 2012-03-05 19:32 331944 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-11-01 23:59 . 2012-03-06 20:12 2017434 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3401796189-860128465-4073613164-1000-8192.dat
- 2010-11-01 23:59 . 2012-03-05 19:32 2017434 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3401796189-860128465-4073613164-1000-8192.dat
- 2012-02-13 04:06 . 2012-03-04 22:02 2778912 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3401796189-860128465-4073613164-1000-4096.dat
+ 2012-02-13 04:06 . 2012-03-06 06:50 2778912 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3401796189-860128465-4073613164-1000-4096.dat
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundTray"="c:\program files (x86)\Analog Devices\SoundMAX\SoundTray.exe" [2007-08-02 53248]
"CPU Power Monitor"="c:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]
"Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2007-08-28 1282048]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-15 98304]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
S2 AcuWVSSchedulerv6;Acunetix WVS Scheduler v6;c:\program files (x86)\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe [2008-11-24 994952]
.
.
.
--------- x86-64 -----------
.
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 127.0.0.1:4001
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 200.204.0.138
TCP: Interfaces\{AB336DE1-9B58-4398-9007-7B56EA7DAD45}: NameServer = 200.204.0.10 200.204.0.138
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Luís\AppData\Roaming\Mozilla\Firefox\Profiles\mickfumw.default\
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.ftp - 220.227.14.141
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - localhost
FF - prefs.js: network.proxy.gopher_port - 4001
FF - prefs.js: network.proxy.http - 220.227.14.141
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 220.227.14.141
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 220.227.14.141
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-3401796189-860128465-4073613164-1000\Software\SecuROM\License information*]
"datasecu"=hex:5f,e8,6f,8d,3d,03,0a,6f,1e,91,82,75,71,e5,33,4d,f2,ad,7e,9f,0f,
74,a0,a4,f2,07,d5,0e,de,77,65,c5,0f,41,00,08,7c,8c,67,2f,ad,44,cb,da,a2,ee,\
"rkeysecu"=hex:33,c3,c0,b2,4c,97,1f,3f,e2,61,63,d2,55,ca,1c,04
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\ASUS\AASP\1.00.59\aaCenter.exe
c:\program files\ASUS\Ai Suite\CpuLevelUpHookLaunch.exe
c:\program files\ASUS\Ai Suite\EnergySaving\PwSave.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files (x86)\Common Files\BinarySense\hldasvc.exe
c:\program files (x86)\Common Files\BinarySense\hldasvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Tempo para conclusão: 2012-03-06 17:19:30 - Máquina reiniciou
ComboFix-quarantined-files.txt 2012-03-06 20:19
ComboFix2.txt 2012-03-05 20:13
.
Pré-execução: 307.371.327.488 bytes disponíveis
Pós execução: 307.315.769.344 bytes disponíveis
.
- - End Of File - - 6A1A1C18FEE12B001E57B395D89DFE21

 

[Mr.Wolf]

Não sei se é o tópico certo, mas preciso de conselho sobre um PC que vou mexer aqui. O irmão da minha cunhada fez a besteira de aceitar a mensagem de atualizar o Itoken, quando acessou o Itaú. Resultado, PC e conta invadidas. Bom, ele quer que eu resolva isso e preciso saber se a formatação é a melhor opção ou uso algum tipo de programa para resolver esse problema.
Pode me ajudar Mr. Wolf?

NascarBR, honestamente? Essa é uma decisão bem pessoal, ao meu ver. Como a conta já foi invadida, segundo seu relato, creio que a formatação seja a opção mais aconselhada no momento, embora haja ferramentas capazes de lidar com circunstâncias dessa magnitude. Mas, dando minha opinião pessoal, eu, se estivesse no lugar do irmão de sua cunhada, formataria!
Porém, ele já entrou em contato com o gerente da conta para relatar o ocorrido?

Ou pode conter e o ComboFix não ter relatado?!

leonardovit, sim, isso é possível. Afinal, nenhum log é perfeito.

Agora, quanto ao Chrome estar congelando, você pode fazer o teste básico: observar se isso ocorre em outro browser também. Contudo, o log do OTL (descrito no primeiro post deste tópico) é bem mais objetivo e melhor que o do ComboFix. Se quiser que eu o analise, fique à vontade.


Luis_Oliveira, desinstale o ComboFix indo em Iniciar > Executar e digitando: combofix /uninstall. Em seguida, abra o OTL e clique em Limpeza para excluir os arquivos das demais ferramentas.

Já testou outro mouse só para checar, Luis? De qualquer forma, deixa eu verificar uma coisa.

1. Baixe o SecurityCheck e salve no desktop.
2. Execute como administrador.
3. Tecle Enter e aguarde.

Cole o relatório apresentado.

 

[J. Augusto F]

NascarBR, honestamente? Essa é uma decisão bem pessoal, ao meu ver. Como a conta já foi invadida, segundo seu relato, creio que a formatação seja a opção mais aconselhada no momento, embora haja ferramentas capazes de lidar com circunstâncias dessa magnitude. Mas, dando minha opinião pessoal, eu, se estivesse no lugar do irmão de sua cunhada, formataria!
Porém, ele já entrou em contato com o gerente da conta para relatar o ocorrido?

Leia mais: http://adrenaline.uol.com.br/forum/area-windows/207948-remocao-de-virus-217.html#ixzz1oNEfMOhO
​

Sim, ainda bem que conseguiu reaver o dinheiro. Mas foi bobeira mesmo da parte dele, já que basta estar informado do mundo, para não cair nessas.:trollfail:
Vou formatar então. Agradeço muito a sua ajuda Mr. Wolf.
PS: Caso não formatasse, quais os procedimentos indicados?

 

[Mr.Wolf]

PS: Caso não formatasse, quais os procedimentos indicados?

Bom, nestes casos, pessoalmente, utilizo meios alternativos quando tenho acesso físico à máquina comprometida.
Mas, no seu caso, iria recomendar as seguintes medidas:

1) Descobrir a fonte do ataque (malware) e monitorar as conexões que ele está enviando/recebendo, pois geralmente usam processos legítimos do Windows para "dar suporte" ao ataque. E nesta situação, dependendo da variante do malware, o processo poderá permanecer contaminado pelos códigos maliciosos que a infecção injetou. O que, de fato, não resolverá o problema simplesmente removendo o malware, visto que em poucos minutos o processo afetado influenciará no download de pragas do mesmo tipo.
2) Encontrar a brecha que o malware criou/aproveitou no sistema (porta(s) do Windows) para que as informações fossem enviadas ao atacante.
3) Remover o malware e tentar corrigir a brecha (porque continuará exposta mesmo após remover a praga, podendo ser foco de ataques futuros).

Existem ferramentas apropriadas para cada uma destas tarefas. No entanto, como nem tudo são flores, pelo menos as que eu conheço, são ferramentas avançadas, isto é, exigem ação totalmente manual, preparação de linhas de comando e conhecimento na leitura dos relatórios finais. Contudo, para indicar as ferramentas eu precisaria saber qual a versão do Windows instalada no computador.

Todavia, francamente, a formatação resolve tudo isso muito mais rápido e é até mais seguro. Por isso a recomendei.

Abraços

 

[J. Augusto F]

Bom, nestes casos, pessoalmente, utilizo meios alternativos quando tenho acesso físico à máquina comprometida.
Mas, no seu caso, iria recomendar as seguintes medidas:

1) Descobrir a fonte do ataque (malware) e monitorar as conexões que ele está enviando/recebendo, pois geralmente usam processos legítimos do Windows para "dar suporte" ao ataque. E nesta situação, dependendo da variante do malware, o processo poderá permanecer contaminado pelos códigos maliciosos que a infecção injetou. O que, de fato, não resolverá o problema simplesmente removendo o malware, visto que em poucos minutos o processo afetado influenciará no download de pragas do mesmo tipo.
2) Encontrar a brecha que o malware criou/aproveitou no sistema (porta(s) do Windows) para que as informações fossem enviadas ao atacante.
3) Remover o malware e tentar corrigir a brecha (porque continuará exposta mesmo após remover a praga, podendo ser foco de ataques futuros).

Existem ferramentas apropriadas para cada uma destas tarefas. No entanto, como nem tudo são flores, pelo menos as que eu conheço, são ferramentas avançadas, isto é, exigem ação totalmente manual, preparação de linhas de comando e conhecimento na leitura dos relatórios finais. Contudo, para indicar as ferramentas eu precisaria saber qual a versão do Windows instalada no computador.

Todavia, francamente, a formatação resolve tudo isso muito mais rápido e é até mais seguro. Por isso a recomendei.

Abraços

Ele usa o Windows XP. Mas vejo que a melhor solução mesmo é a formatação. É um cara descuidado, não entende muito e ainda por cima usa Emule e utorrent.
Muito obrigado pela ajuda.