Remoção de vírus

[rhaizen]

Problema com Vírus!

Boa noite, estou com alguns vírus e por alguns motivos não posso formatar esse PC, gostaria de ajuda para econtra-los e remove-los, hoje quando abro o IE, ou alguma aba dele, aparece uma mensagem dizendo que "GBIEH.DLL está corrompido e que o motivo pode ter sido um virus e etc." Não uso nenhum site de BANCO, e há 1 mês atraz mais ou menos peguei um key logger e tentei remove-lo acho que com sucesso, enfim aqui vai o log do hijackthis. agradeço se alguem puder ajudar

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:58:28, on 7/3/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
C:\Arquivos de programas\iGv6\Discador iG.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe
C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe
C:\Documents and Settings\cliente\Desktop\Mackenzie\VM\hqtray.exe
C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe
C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe
C:\Arquivos de programas\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Documents and Settings\cliente\Dados de aplicativos\Dropbox\bin\Dropbox.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\DOCUME~1\cliente\CONFIG~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.54\deploy\LoLLauncher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.130\deploy\LolClient.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\cliente\Desktop\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = UOL - O melhor conteúdo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = iG - Notícias, Vídeos, Famosos, Esportes, Bate Papo, Infográficos
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.1:8080
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Arquivos de programas\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Discador iG] "C:\Arquivos de programas\iGv6\Discador iG.exe" boot
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Network] rundll32.exe shell32.dll,Control_RunDLL network.cpl
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [VMware hqtray] "C:\Documents and Settings\cliente\Desktop\Mackenzie\VM\hqtray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\cliente\Dados de aplicativos\Dropbox\bin\Dropbox.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: Download with SKDownloader - C:\Documents and Settings\cliente\Desktop\PSP\skdownload.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Arquivos de programas\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\documents and settings\cliente\desktop\mackenzie\vm\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\cliente\desktop\mackenzie\vm\vsocklib.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
O15 - Trusted Zone: http://www.bancobrasil.com.br
O15 - Trusted Zone: http://www.bb.com.br
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Arquivos de programas\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Documents and Settings\cliente\Desktop\Mackenzie\VM\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Documents and Settings\cliente\Desktop\Mackenzie\VM\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Arquivos de programas\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
--
End of file - 14223 bytes

 

[andlsa]

andlsa, de acordo com o log do OTL, não há mais infecções em sua máquina. Posso sugerir apenas um scan online.
Seu sistema definitivamente não está ou estava infectado pelo TDSS porque, como mencionei anteriormente, este malware causa dores de cabeça muito maiores. O PC Tools ainda emite alertas sobre tal ameaça?

Ainda há esse alerta do Pc Tools, acho q algum virus deve ter deixado algum arquivo do sistema corrompido pra causar essa falha do explorer.exe, sei lá... Como eu poderia realizar esse scan online, Mr Wolf?

​

 

[Mr.Wolf]

rhaizen, seu log aponta uma infecção pelo net worm. Se este computador fizer parte de uma rede, é aconselhável que desconecte-o imediatamente.
Baixe o ComboFix e rode-o conforme este tutorial. Ao término do scan, poste o log que estará em C:\ComboFix.txt. Se o PC estiver em rede, rode o ComboFix em modo de segurança.


andlsa, recomendo o ESET Online Scanner. Outra excelente sugestão seria o Kaspersky Rescue Disk para efetuar uma verificação no boot.

 

[rhaizen]

Mr. Wolf, agradeço pela ajuda, eu uso sim esse Pc em REDE, qual a chance de ter infectado os outros computadores conetados a rede? 100%? caso sim, qual a forma de limpar o virus?
Para executar o combo.fix, eu tirei o PC da REDE e coloquei direto no CABO, segue o LOG, agradeço pe ajuda

ComboFix 12-03-08.04 - cliente 08/03/2012 23:48:24.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1790.1142 [GMT -3:00]
Executando de: c:\documents and settings\cliente\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
ADS - system32: deleted 4 bytes in 2 streams.
ADS - drivers: deleted 322 bytes in 2 streams.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dados de aplicativos\TEMP
c:\documents and settings\cliente\Menu Iniciar\Windows Live Messenger .lnk
c:\windows\IsUn0416.exe
c:\windows\system32\kWab.dll
c:\windows\system32\unzip.bat
c:\windows\system32\winsys.txt
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-02-09 to 2012-03-09 ))))))))))))))))))))))))))))
.
.
2012-03-08 20:13 . 2012-03-08 20:13 -------- d-----w- C:\found.010
2012-02-23 21:28 . 2012-02-23 21:32 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-22 02:41 . 2012-02-22 02:41 -------- d-----w- C:\found.009
2012-02-21 17:05 . 2012-02-28 23:14 -------- d-----w- c:\documents and settings\cliente\riotsGamesLogs
2012-02-21 17:04 . 2012-02-21 17:04 -------- d-----w- c:\documents and settings\cliente\Dados de aplicativos\LolClient
2012-02-21 16:21 . 2012-02-21 16:21 -------- d-----w- C:\Riot Games
2012-02-21 15:34 . 2012-03-09 02:17 -------- d-----w- c:\documents and settings\cliente\Configurações locais\Dados de aplicativos\PMB Files
2012-02-21 15:34 . 2012-03-09 02:16 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PMB Files
2012-02-21 15:33 . 2012-02-21 15:33 -------- d-----w- c:\arquivos de programas\Pando Networks
2012-02-16 00:48 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 00:48 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 17:20 . 2004-08-04 00:38 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 17:04 . 2010-02-24 23:05 42584 ----a-w- c:\windows\system32\drivers\gbpkm.sys
2011-12-17 19:42 . 2004-08-04 00:45 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:42 . 2004-08-04 00:45 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2004-08-04 00:45 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-16 12:23 . 2004-08-04 00:37 385024 ----a-w- c:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\cliente\Dados de aplicativos\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\cliente\Dados de aplicativos\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\cliente\Dados de aplicativos\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\cliente\Dados de aplicativos\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-13 68856]
"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Advanced SystemCare 3"="c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" [2010-05-26 2346192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-25 8433664]
"nwiz"="nwiz.exe" [2007-07-25 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-25 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-17 16342528]
"AzMixerSel"="c:\arquivos de programas\Realtek\InstallShield\AzMixerSel.exe" [2007-05-17 53248]
"SynTPEnh"="c:\arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2007-05-07 851968]
"SecurDisc"="c:\arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\arquivos de programas\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"Discador iG"="c:\arquivos de programas\iGv6\Discador iG.exe" [2005-07-25 1329152]
"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-08-31 185896]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-03-22 148888]
"HP Software Update"="c:\arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"HP Component Manager"="c:\arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-04-11 212992]
"DeviceDiscovery"="c:\arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"Network"="shell32.dll" [2011-01-21 8492032]
"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"CloneCDTray"="c:\arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"VMware hqtray"="c:\documents and settings\cliente\Desktop\Mackenzie\VM\hqtray.exe" [2010-08-01 64048]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\cliente\Menu Iniciar\Programas\Inicializar\
Dropbox.lnk - c:\documents and settings\cliente\Dados de aplicativos\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
McAfee Security Scan Plus.lnk - c:\arquivos de programas\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2011-07-18 11:09 1685384 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]
2012-01-11 17:01 726360 ----a-w- c:\arquivos de programas\GbPlugin\gbiehcef.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\cliente\\Dados de aplicativos\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Arquivos de programas\\Ares\\Ares.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56766:TCP"= 56766:TCPando Media Booster
"56766:UDP"= 56766:UDPando Media Booster
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [24/2/2010 20:05 42584]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [5/7/2010 19:39 28552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30/12/2009 12:31 691696]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [12/4/2011 10:02 136360]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [24/2/2010 20:05 194904]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [1/8/2010 12:39 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\arquivos de programas\Common Files\VMware\USB\vmware-usbarbitrator.exe [1/8/2010 11:39 539184]
R3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\drivers\hidshim.sys [14/7/2008 21:36 5632]
R3 winbondhidcir;Winbond HID CIR Receiver;c:\windows\system32\drivers\winbondhidcir.sys [14/7/2008 21:36 21504]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [30/1/2010 17:03 135664]
S3 extrem.sys;extrem;\??\c:\docume~1\cliente\CONFIG~1\Temp\extrem.sys --> c:\docume~1\cliente\CONFIG~1\Temp\extrem.sys [?]
S3 gupdatem;Serviço do Google Update (gupdatem);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [30/1/2010 17:03 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [23/2/2012 18:28 40776]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\arquivos de programas\McAfee Security Scan\2.0.181\McCHSvc.exe [15/1/2010 09:49 227232]
S3 XDva370;XDva370;\??\c:\windows\system32\XDva370.sys --> c:\windows\system32\XDva370.sys [?]
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-01-30 20:03]
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-01-30 20:03]
.
2011-11-14 c:\windows\Tasks\HP DArC Task 2003-04-11 09:53ewlett-PackardHewlett-Packard Companyeskjet3500----a-w-H45J1411976.job
- c:\arquivos de programas\HP\hpcoretech\comp\hpdarc.exe [2003-04-11 18:25]
.
2012-03-09 c:\windows\Tasks\WECPUpdate.job
- c:\arquivos de programas\Essentials Codec Pack\WECPUpdate.exe [2009-02-25 14:28]
.
2012-03-09 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-30 01:18]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.uol.com.br/
mSearch Bar = hxxp://farejador.ig.com.br/ie/
uInternet Settings,ProxyServer = 10.0.0.1:8080
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download with SKDownloader - c:\documents and settings\cliente\Desktop\PSP\skdownload.html
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\documents and settings\cliente\Desktop\Mackenzie\VM\vsocklib.dll
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
TCP: DhcpNameServer = 201.6.2.39 201.6.2.159
.
- - - - ORFÃOS REMOVIDOS - - - -
.
AddRemove-IRPF2009 - Declaração de Ajuste Anual e Final de Espólio - c:\arquiv~2\IRPF2009\UNWISE.EXE
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\cliente\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-03-09 00:01
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]
"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(1000)
c:\arquivos de programas\GbPlugin\gbieh.dll
c:\arquivos de programas\GbPlugin\gbiehcef.dll
.
Tempo para conclusão: 2012-03-09 00:03:33
ComboFix-quarantined-files.txt 2012-03-09 03:03
.
Pré-execução: 16 pasta(s) 11.746.742.272 bytes disponíveis
Pós execução: 28 pasta(s) 13.709.234.176 bytes disponíveis
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - F6F812E9D68B569F4712ADC0687577AD

 

[Mr.Wolf]

Mr. Wolf, agradeço pela ajuda, eu uso sim esse Pc em REDE, qual a chance de ter infectado os outros computadores conetados a rede? 100%? caso sim, qual a forma de limpar o virus?

rhaizen, as chances de o malware ter infecctado os demais PCs da rede são de 50%, no máximo. O net worm é um dos raros worms que necessita de um "coadjuvante" (outro worm) para se alastrar na rede. Este outro worm, por sua vez, não foi apontado no log do HijackThis e nem no do ComboFix, o que potencializa a esperança de que o malware não afetou os outros computadores. Mas só terei certeza disso se eu averiguar os logs dos outros PCs também. Não sei quantos computadores você possui em rede aí, mas se quiser postar os logs deles pode.

Para executar o combo.fix, eu tirei o PC da REDE e coloquei direto no CABO, segue o LOG, agradeço pe ajuda

Ótimo. Sugiro que mantenha-o desconectado, por ora, até saber se os outros computadores foram contaminados.

OBS: só peço, por gentileza, que coloque os logs entre as tags spoilers

Spoiler

[!/spoiler] (a segunda sem o ponto de exclamação) quando for postar.

Siga o spoiler abaixo (clique no botão Mostrar).

Spoiler

Abra o bloco de notas e cole o texto abaixo. Salve no desktop com o nome CFScript.txt

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Network"=-

Arraste o CFScript.txt para o ícone do ComboFix.

A ferramenta será executada novamente e fará o mesmo processo anterior. Apenas aguarde.
Ao término, cole o novo log C:\ComboFix.txt.

Diga como está o PC.

 

[rhaizen]

Mr wolf, segue o log do combofix.

Spoiler

ComboFix 12-03-08.04 - cliente 09/03/2012 20:54:43.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1790.1240 [GMT -3:00]
Executando de: c:\documents and settings\cliente\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\cliente\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Criado um novo ponto de restauração
.
ADS - drivers: deleted 310 bytes in 1 streams.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-02-10 to 2012-03-10 ))))))))))))))))))))))))))))
.
.
2012-03-08 20:13 . 2012-03-08 20:13 -------- d-----w- C:\found.010
2012-02-23 21:28 . 2012-02-23 21:32 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-22 02:41 . 2012-02-22 02:41 -------- d-----w- C:\found.009
2012-02-21 17:05 . 2012-02-28 23:14 -------- d-----w- c:\documents and settings\cliente\riotsGamesLogs
2012-02-21 17:04 . 2012-02-21 17:04 -------- d-----w- c:\documents and settings\cliente\Dados de aplicativos\LolClient
2012-02-21 16:21 . 2012-02-21 16:21 -------- d-----w- C:\Riot Games
2012-02-21 15:34 . 2012-03-09 23:47 -------- d-----w- c:\documents and settings\cliente\Configurações locais\Dados de aplicativos\PMB Files
2012-02-21 15:34 . 2012-03-09 23:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PMB Files
2012-02-21 15:33 . 2012-02-21 15:33 -------- d-----w- c:\arquivos de programas\Pando Networks
2012-02-16 00:48 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 00:48 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 17:20 . 2004-08-04 00:38 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 17:04 . 2010-02-24 23:05 42584 ----a-w- c:\windows\system32\drivers\gbpkm.sys
2011-12-17 19:42 . 2004-08-04 00:45 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:42 . 2004-08-04 00:45 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2004-08-04 00:45 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-16 12:23 . 2004-08-04 00:37 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-09_03.01.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-09 22:58 . 2012-03-09 22:58 16384 c:\windows\Temp\Perflib_Perfdata_f44.dat
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\cliente\Dados de aplicativos\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\cliente\Dados de aplicativos\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\cliente\Dados de aplicativos\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\cliente\Dados de aplicativos\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-13 68856]
"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Advanced SystemCare 3"="c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" [2010-05-26 2346192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-25 8433664]
"nwiz"="nwiz.exe" [2007-07-25 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-25 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-17 16342528]
"AzMixerSel"="c:\arquivos de programas\Realtek\InstallShield\AzMixerSel.exe" [2007-05-17 53248]
"SynTPEnh"="c:\arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2007-05-07 851968]
"SecurDisc"="c:\arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\arquivos de programas\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"Discador iG"="c:\arquivos de programas\iGv6\Discador iG.exe" [2005-07-25 1329152]
"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-08-31 185896]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-03-22 148888]
"HP Software Update"="c:\arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"HP Component Manager"="c:\arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-04-11 212992]
"DeviceDiscovery"="c:\arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"CloneCDTray"="c:\arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"VMware hqtray"="c:\documents and settings\cliente\Desktop\Mackenzie\VM\hqtray.exe" [2010-08-01 64048]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\cliente\Menu Iniciar\Programas\Inicializar\
Dropbox.lnk - c:\documents and settings\cliente\Dados de aplicativos\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
McAfee Security Scan Plus.lnk - c:\arquivos de programas\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2011-07-18 11:09 1685384 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]
2012-01-11 17:01 726360 ----a-w- c:\arquivos de programas\GbPlugin\gbiehcef.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\cliente\\Dados de aplicativos\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Arquivos de programas\\Ares\\Ares.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56766:TCP"= 56766:TCPando Media Booster
"56766:UDP"= 56766:UDPando Media Booster
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [24/2/2010 20:05 42584]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [5/7/2010 19:39 28552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30/12/2009 12:31 691696]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [12/4/2011 10:02 136360]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [24/2/2010 20:05 194904]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [1/8/2010 12:39 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\arquivos de programas\Common Files\VMware\USB\vmware-usbarbitrator.exe [1/8/2010 11:39 539184]
R3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\drivers\hidshim.sys [14/7/2008 21:36 5632]
R3 winbondhidcir;Winbond HID CIR Receiver;c:\windows\system32\drivers\winbondhidcir.sys [14/7/2008 21:36 21504]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [30/1/2010 17:03 135664]
S3 extrem.sys;extrem;\??\c:\docume~1\cliente\CONFIG~1\Temp\extrem.sys --> c:\docume~1\cliente\CONFIG~1\Temp\extrem.sys [?]
S3 gupdatem;Serviço do Google Update (gupdatem);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [30/1/2010 17:03 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [23/2/2012 18:28 40776]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\arquivos de programas\McAfee Security Scan\2.0.181\McCHSvc.exe [15/1/2010 09:49 227232]
S3 XDva370;XDva370;\??\c:\windows\system32\XDva370.sys --> c:\windows\system32\XDva370.sys [?]
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-01-30 20:03]
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-01-30 20:03]
.
2011-11-14 c:\windows\Tasks\HP DArC Task 2003-04-11 09:53ewlett-PackardHewlett-Packard Companyeskjet3500----a-w-H45J1411976.job
- c:\arquivos de programas\HP\hpcoretech\comp\hpdarc.exe [2003-04-11 18:25]
.
2012-03-09 c:\windows\Tasks\WECPUpdate.job
- c:\arquivos de programas\Essentials Codec Pack\WECPUpdate.exe [2009-02-25 14:28]
.
2012-03-09 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-30 01:18]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.uol.com.br/
mSearch Bar = hxxp://farejador.ig.com.br/ie/
uInternet Settings,ProxyServer = 10.0.0.1:8080
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download with SKDownloader - c:\documents and settings\cliente\Desktop\PSP\skdownload.html
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\documents and settings\cliente\Desktop\Mackenzie\VM\vsocklib.dll
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
TCP: DhcpNameServer = 201.6.2.39 201.6.2.159
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-03-09 21:03
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]
"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(1008)
c:\arquivos de programas\GbPlugin\gbieh.dll
c:\arquivos de programas\GbPlugin\gbiehcef.dll
.
- - - - - - - > 'explorer.exe'(4452)
c:\windows\system32\WININET.dll
c:\documents and settings\cliente\Dados de aplicativos\Dropbox\bin\DropboxExt.14.dll
c:\arquivos de programas\GbPlugin\gbieh.dll
c:\arquivos de programas\GbPlugin\gbiehcef.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Tempo para conclusão: 2012-03-09 21:05:02
ComboFix-quarantined-files.txt 2012-03-10 00:05
ComboFix2.txt 2012-03-09 03:03
.
Pré-execução: 27 pasta(s) 13.650.399.232 bytes disponíveis
Pós execução: 28 pasta(s) 13.681.811.456 bytes disponíveis
.
- - End Of File - - 5CB87279DF8B52BA10E141AC8705A686

 

[Nexus]

Olá Mr.Wolf. Segue o Log do OTL.

Spoiler

OTL logfile created on: 10/03/2012 09:51:23 - Run 3OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Daniel\Desktop
64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

2,96 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 59,40% Memory free
5,92 Gb Paging File | 4,54 Gb Available in Paging File | 76,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 107,42 Gb Total Space | 80,03 Gb Free Space | 74,50% Space Free | Partition Type: NTFS
Drive E: | 97,66 Gb Total Space | 71,17 Gb Free Space | 72,88% Space Free | Partition Type: NTFS
Drive F: | 201,89 Gb Total Space | 195,74 Gb Free Space | 96,95% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 35,26 Gb Free Space | 72,21% Space Free | Partition Type: NTFS

Computer Name: DANIEL-NOTBOOK | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/22 15:54:14 | 000,404,728 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
PRC - [2012/01/21 11:14:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
PRC - [2011/11/03 17:37:16 | 004,307,320 | ---- | M] (Emsi Software GmbH) -- F:\Programas\Mamutu\mamutu.exe
PRC - [2011/10/17 16:21:08 | 000,208,328 | ---- | M] ( ) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe
PRC - [2011/08/23 12:47:06 | 000,321,864 | ---- | M] (Connectify) -- C:\Program Files (x86)\Connectify\Connectifyd.exe
PRC - [2011/08/20 17:50:56 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\Connectify\ConnectifyService.exe
PRC - [2011/08/12 02:45:18 | 002,433,024 | ---- | M] () -- F:\Programas\Rainlendar2\Rainlendar2.exe
PRC - [2011/07/08 10:01:00 | 002,978,720 | ---- | M] (Emsi Software GmbH) -- F:\Programas\Mamutu\a2service.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- F:\Programas\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/02/29 17:58:43 | 001,750,016 | ---- | M] (NGO Science Center "RightMark") -- F:\Programas\RMClock\RMClock.exe
PRC - [2007/09/02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/12 02:45:26 | 000,198,144 | ---- | M] () -- F:\Programas\Rainlendar2\plugins\iCalendarPlugin.dll
MOD - [2011/08/12 02:45:18 | 002,433,024 | ---- | M] () -- F:\Programas\Rainlendar2\Rainlendar2.exe
MOD - [2010/12/12 07:58:14 | 000,502,784 | ---- | M] () -- F:\Programas\Rainlendar2\wxmsw28u_xrc_vc_rny.dll
MOD - [2010/12/12 07:58:00 | 000,131,584 | ---- | M] () -- F:\Programas\Rainlendar2\wxbase28u_xml_vc_rny.dll
MOD - [2010/12/12 07:57:56 | 000,485,376 | ---- | M] () -- F:\Programas\Rainlendar2\wxmsw28u_html_vc_rny.dll
MOD - [2010/12/12 07:57:44 | 000,707,584 | ---- | M] () -- F:\Programas\Rainlendar2\wxmsw28u_adv_vc_rny.dll
MOD - [2010/12/12 07:57:36 | 002,633,216 | ---- | M] () -- F:\Programas\Rainlendar2\wxmsw28u_core_vc_rny.dll
MOD - [2010/12/12 07:56:46 | 001,205,760 | ---- | M] () -- F:\Programas\Rainlendar2\wxbase28u_vc_rny.dll
MOD - [2010/05/23 15:20:08 | 000,012,288 | ---- | M] () -- F:\Programas\Rainlendar2\lfs.dll
MOD - [2010/05/23 15:20:04 | 000,126,976 | ---- | M] () -- F:\Programas\Rainlendar2\lua51.dll
MOD - [2007/09/02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007/09/02 12:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/12/19 17:59:00 | 002,779,416 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2011/11/23 07:27:10 | 001,267,000 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV:64bit: - [2009/07/17 14:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 22:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/29 17:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/06/09 11:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Disabled | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/02/22 15:54:14 | 000,404,728 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2011/12/29 21:29:04 | 000,497,496 | ---- | M] (IObit) [Disabled | Stopped] -- C:\Program Files (x86)\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/11/23 10:17:26 | 000,094,992 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- F:\Programas\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2011/10/17 16:21:08 | 000,208,328 | ---- | M] ( ) [Unknown | Running] -- C:\Program Files (x86)\GbPlugin\gbpsv.exe -- (GbpSv)
SRV - [2011/08/20 17:50:56 | 000,013,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Connectify\ConnectifyService.exe -- (Connectify)
SRV - [2011/08/14 18:47:13 | 000,026,528 | ---- | M] (Orolix Desenvolvimento de Software LTDA.) [Disabled | Stopped] -- C:\Program Files (x86)\TIM Communicator\module\devicemon.exe -- (OrolixDeviceMonitor)
SRV - [2011/07/08 10:01:00 | 002,978,720 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- F:\Programas\Mamutu\a2service.exe -- (Mamutu)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/06/16 03:11:12 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/11 11:53:00 | 000,660,800 | ---- | M] (SoftThinks) [Disabled | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- F:\Programas\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/02 12:35:45 | 000,031,344 | ---- | M] (Connectify) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\cnnctfy2.sys -- (cnnctfy2)
DRV:64bit: - [2011/12/17 14:10:09 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011/09/21 09:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011/08/15 14:32:10 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011/06/15 08:10:14 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/06/02 02:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/06/02 02:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/06/02 02:47:22 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV:64bit: - [2011/06/02 02:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/05/04 10:36:32 | 000,029,752 | ---- | M] (Resplendence Software Projects Sp.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\rspSanity64.sys -- (rspSanity)
DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 16:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/12/21 02:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/12/21 02:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010/12/21 02:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/12/21 02:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/11/20 10:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 08:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/19 09:18:28 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2010/08/19 09:18:28 | 000,079,360 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:64bit: - [2010/08/19 09:18:28 | 000,076,288 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2009/12/26 20:41:32 | 000,280,624 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/07/17 14:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/17 14:06:16 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/29 17:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/03 16:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/05/20 16:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/08 21:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2008/08/08 14:31:26 | 000,062,960 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\h648103.sys -- (h648103)
DRV:64bit: - [2008/08/08 14:31:22 | 000,065,776 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\h648101.sys -- (h648101)
DRV:64bit: - [2008/08/08 14:31:20 | 000,063,856 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\h647906.sys -- (h647906)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/01/11 15:04:00 | 000,042,584 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\gbpkm.sys -- (GbpKm)
DRV - [2011/11/23 10:17:24 | 000,158,336 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- F:\Programas\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2011/11/02 09:13:26 | 000,041,728 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- F:\Programas\Mamutu\a2dix64.sys -- (a2injectiondriver)
DRV - [2011/11/02 09:13:12 | 000,063,880 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- F:\Programas\Mamutu\a2accx64.sys -- (a2acc)
DRV - [2010/05/05 07:40:54 | 000,014,720 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- F:\Programas\Mamutu\a2util64.sys -- (a2util)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/08 14:31:18 | 000,043,192 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\hid8101.sys -- (hid8101)
DRV - [2008/08/08 14:31:18 | 000,040,856 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\hid8103.sys -- (hid8103)
DRV - [2008/08/08 14:31:16 | 000,041,272 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\hid7906.sys -- (hid7906)
DRV - [2008/05/15 21:59:46 | 000,014,352 | ---- | M] () [Kernel | On_Demand | Running] -- F:\Programas\RMClock\RTCore64.sys -- (RTCore64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Hotmail.fr, Messenger, Actualité, Sport, People, Femmes - MSN France


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2583405121-845317484-362328064-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-2583405121-845317484-362328064-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com.br"

FF - user.js..browser.startup.homepage: "google.com.br"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: F:\Programas\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: F:\Programas\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: F:\Programas\Mozilla Firefox\components [2012/02/01 19:58:57 | 000,000,000 | ---D | M]

[2012/01/13 21:28:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions
[2012/02/01 20:35:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4kg3pcmc.default\extensions
[2012/02/01 22:44:14 | 000,000,000 | ---D | M] (Java Console) -- F:\PROGRAMAS\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Free Download Manager Click Catcher Plug-In for Netscape, Opera, Mozilla (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\plugins\npfdm.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Disabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Disabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\plugins\nprpjplug.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: WOT = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.11_0\
CHR - Extension: Speed Dial 2 PT-BR = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkknhggpbobclcpkmmicmllhhjofnnpe\1.5.8.11_0\
CHR - Extension: O QR Code Generator = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb\0.2.2_0\
CHR - Extension: AdBlock = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.20_0\
CHR - Extension: LastPass = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.80.4_0\
CHR - Extension: eBuddy Web Messenger = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkojhhiphdgeliplnclnbmdiofhgnimi\2.0.9_0\
CHR - Extension: Plants vs Zombies = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
CHR - Extension: AntiProtetor.in = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmiaiialpednkdjhgceidgfmfcigphi\1.0.2_0\
CHR - Extension: Bastion = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohphhdkahjlioohbalmicpokoefkgid\0.0.0.4_0\
CHR - Extension: Dark Android\u2122 for Google Chrome\u2122 = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\piplndfepmiipbmideooebblpfneoohj\1_0\
CHR - Extension: Gmail = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/10/31 19:20:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - F:\Programas\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2583405121-845317484-362328064-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [mamutu guard] F:\PROGRAMAS\MAMUTU\mamutu.exe (Emsi Software GmbH)
O4 - HKU\S-1-5-21-2583405121-845317484-362328064-1000..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-2583405121-845317484-362328064-1000..\Run: [Rainlendar2] F:\Programas\Rainlendar2\Rainlendar2.exe ()
O4 - HKU\S-1-5-21-2583405121-845317484-362328064-1000..\Run: [RMClock] F:\Programas\RMClock\RMClockLauncher.exe (NGO Science Center "RightMark")
O4 - HKU\S-1-5-21-2583405121-845317484-362328064-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-2583405121-845317484-362328064-1000..\Run: [SandboxieControl] F:\Programas\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2583405121-845317484-362328064-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2583405121-845317484-362328064-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O7 - HKU\S-1-5-21-2583405121-845317484-362328064-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8:64bit: - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Daniel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Daniel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AA78F92-0651-4EAB-91A7-012426EDB49A}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73FA3DE9-F75F-4DEB-A7C6-4CD292F9A667}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73FA3DE9-F75F-4DEB-A7C6-4CD292F9A667}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8420AC5-9CF9-4C77-A8AE-8E26C19F51D1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8420AC5-9CF9-4C77-A8AE-8E26C19F51D1}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\Userinit.exe) -C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Program Files (x86)\GbPlugin\gbiehCef.dll) - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/02 14:49:21 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/03 10:01:41 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Auslogics
[2012/03/03 10:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2012/03/03 09:11:46 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Mamutu
[2012/03/03 08:50:42 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Battlefield 2 Demo
[2012/03/03 08:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2012/03/01 18:26:03 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~BT
[2012/03/01 12:03:35 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2012/02/22 16:58:31 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\DeepBlackReloaded
[2012/02/22 16:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Black Reloaded Demo
[2012/02/19 20:24:58 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\TempDIR
[2012/02/15 18:37:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/02/15 13:12:46 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\VMware
[2012/02/15 13:12:41 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\VMware
[2012/02/15 13:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2012/02/14 19:59:20 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/14 19:24:01 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/14 19:24:01 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/14 19:24:00 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/14 19:24:00 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/14 19:24:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/14 19:23:59 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/14 19:23:59 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/14 19:23:59 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/14 19:23:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/14 19:23:58 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/14 19:23:58 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/14 19:13:20 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/14 19:12:55 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/14 19:12:55 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/13 11:14:52 | 000,000,000 | -H-D | C] -- C:\VritualRoot

========== Files - Modified Within 30 Days ==========

[2012/03/10 09:41:41 | 000,001,894 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012/03/10 08:14:18 | 001,517,030 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/10 08:14:18 | 000,663,804 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2012/03/10 08:14:18 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/10 08:14:18 | 000,128,094 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2012/03/10 08:14:18 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/10 07:47:15 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/10 07:47:15 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/10 07:39:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/10 07:39:41 | 2384,744,448 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/08 18:34:29 | 000,000,274 | ---- | M] () -- C:\Windows\SysWow64\CALL.INI
[2012/03/03 17:45:10 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2583405121-845317484-362328064-1000UA.job
[2012/03/03 17:45:10 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2583405121-845317484-362328064-1000Core.job
[2012/03/01 18:25:57 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/03/01 18:25:57 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/02/18 18:32:03 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/02/15 13:11:36 | 001,534,676 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2012/03/01 18:04:34 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012/03/01 18:04:34 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2012/02/22 16:54:12 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/02/22 16:54:12 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/02/15 13:11:36 | 001,534,676 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/21 11:48:04 | 000,008,063 | ---- | C] () -- C:\Users\Daniel\AppData\Local\Temp24.html
[2012/01/21 11:41:48 | 000,008,063 | ---- | C] () -- C:\Users\Daniel\AppData\Local\Temp42.html
[2012/01/21 11:40:37 | 000,001,293 | ---- | C] () -- C:\Users\Daniel\AppData\Local\Temp1.html
[2011/12/27 09:36:51 | 000,000,317 | ---- | C] () -- C:\Windows\game.ini
[2011/12/13 23:25:37 | 000,001,894 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/11/12 16:51:59 | 000,017,408 | ---- | C] () -- C:\Users\Daniel\AppData\Local\WebpageIcons.db
[2011/10/31 10:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/09/15 09:50:54 | 000,000,274 | ---- | C] () -- C:\Windows\SysWow64\CALL.INI
[2011/08/14 19:12:03 | 000,007,610 | ---- | C] () -- C:\Users\Daniel\AppData\Local\Resmon.ResmonCfg
[2011/08/14 19:04:19 | 000,088,280 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/06/07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/06/07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/06/07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/06/07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010/06/16 07:38:16 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/06/16 07:38:15 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2010/06/16 07:38:15 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/06/16 07:38:14 | 000,433,024 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/06/16 03:23:38 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/07/14 02:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 23:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 21:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 20:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 18:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[1998/09/23 03:07:00 | 000,061,952 | ---- | C] () -- C:\Windows\SysWow64\MMRegOCX.EXE
[1998/09/23 02:38:00 | 000,037,376 | ---- | C] () -- C:\Windows\SysWow64\AXDIST.EXE

========== LOP Check ==========

[2012/01/02 13:51:31 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Ashampoo
[2012/03/03 10:01:41 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Auslogics
[2012/01/27 15:11:53 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\BlueSprig
[2011/09/17 15:54:07 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DMCache
[2012/02/22 13:37:20 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Dropbox
[2011/12/24 14:02:53 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DVDVideoSoft
[2011/10/29 21:58:08 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/01/26 20:43:48 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\FileZilla
[2012/03/03 10:35:08 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Free Download Manager
[2012/01/24 17:04:39 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\gtk-2.0
[2012/02/07 22:09:53 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\IObit
[2011/12/14 19:45:38 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LibreOffice
[2011/12/20 12:40:32 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\MrBree
[2011/12/11 12:55:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Opera
[2011/11/12 15:31:11 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Samsung
[2012/01/13 21:28:16 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Thunderbird
[2011/12/18 17:57:18 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TrueCrypt
[2012/01/30 13:57:01 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TS3Client
[2012/01/27 15:24:52 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Wise Registry Cleaner
[2012/01/02 18:43:06 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 208 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:5C321E34


< End of report >

------------
Sempre que estou no SandBoxie aparece um alerta sobre um download de bytes.

Quando faço o Scan com o MalwareBytes ele acha isso

Arquivos Detectados: 1C:\Users\Daniel\AppData\Local\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Enviado para a Quarentena e deletado com sucesso.

Passei o SpyBoot e mostrou umas 17 chaves contaminadas ...
Executei ele algumas vezes mais não sei se resolveu ...

Abraço.

 

[Mr.Wolf]

rhaizen, o log está limpo. Vá em Iniciar > Executar > Digite combofix /uninstall e dê OK.
A máquina ainda apresenta problemas?


Nexus, se puder postar uma screen desse alerta do SandBoxie seria interessante. Siga o spoiler.

Spoiler

1. Abra o OTL e no campo inferior azul "Exames Personalizados/Correções" cole o script abaixo.

:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
:Files
C:\Users\Daniel\AppData\Local\TempDIR
:Commands
[emptytemp]
[emptyjava]

2. Clique em Consertar em aguarde.
3. O OTL vai gerar o log do resultado.

Efetue um novo scan com o OTL e poste ambos os logs (resultado + scan).

 

[Nexus]

Mr.Wolf, não deu pra tirar print na hora.
Foi mal, mas quando tiver o problema de novo eu tiro.

Script fail ou foi corretamente ?

Spoiler

All processes killed========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Error: Unable to interpret <:Files C:\Users\Daniel\AppData\Local\TempDIR> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrador

User: All Users

User: Convidado

User: Daniel
->Temp folder emptied: 2921193 bytes
->Temporary Internet Files folder emptied: 110680 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 29479301 bytes
->Google Chrome cache emptied: 6099312 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 470 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Todos os Usuários

User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24606 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 215650 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 668 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 37,00 mb


[EMPTYJAVA]

User: Administrador

User: All Users

User: Convidado

User: Daniel
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: Todos os Usuários

User: Usuário Padrão

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 03102012_154514


Files\Folders moved on Reboot...
C:\Users\Daniel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.


Registry entries deleted on Reboot...

Log do OTL

Spoiler

OTL logfile created on: 10/03/2012 15:55:07 - Run 4OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Daniel\Desktop
64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

2,96 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 60,13% Memory free
5,92 Gb Paging File | 4,53 Gb Available in Paging File | 76,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 107,42 Gb Total Space | 79,93 Gb Free Space | 74,41% Space Free | Partition Type: NTFS
Drive E: | 97,66 Gb Total Space | 71,17 Gb Free Space | 72,88% Space Free | Partition Type: NTFS
Drive F: | 201,89 Gb Total Space | 196,42 Gb Free Space | 97,29% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 35,25 Gb Free Space | 72,20% Space Free | Partition Type: NTFS
Drive H: | 34,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: DANIEL-NOTBOOK | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/21 11:14:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
PRC - [2011/12/29 15:43:30 | 000,620,376 | ---- | M] (IObit) -- C:\Program Files (x86)\Advanced SystemCare 5\ASCTray.exe
PRC - [2011/11/03 17:37:16 | 004,307,320 | ---- | M] (Emsi Software GmbH) -- F:\Programas\Mamutu\mamutu.exe
PRC - [2011/10/17 16:21:08 | 000,208,328 | ---- | M] ( ) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe
PRC - [2011/08/23 12:47:06 | 000,321,864 | ---- | M] (Connectify) -- C:\Program Files (x86)\Connectify\Connectifyd.exe
PRC - [2011/08/20 17:50:56 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\Connectify\ConnectifyService.exe
PRC - [2011/08/12 02:45:18 | 002,433,024 | ---- | M] () -- F:\Programas\Rainlendar2\Rainlendar2.exe
PRC - [2011/07/08 10:01:00 | 002,978,720 | ---- | M] (Emsi Software GmbH) -- F:\Programas\Mamutu\a2service.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- F:\Programas\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/02/29 17:58:43 | 001,750,016 | ---- | M] (NGO Science Center "RightMark") -- F:\Programas\RMClock\RMClock.exe
PRC - [2007/09/02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/12 02:45:26 | 000,198,144 | ---- | M] () -- F:\Programas\Rainlendar2\plugins\iCalendarPlugin.dll
MOD - [2011/08/12 02:45:18 | 002,433,024 | ---- | M] () -- F:\Programas\Rainlendar2\Rainlendar2.exe
MOD - [2011/04/21 15:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files (x86)\Advanced SystemCare 5\madexcept_.bpl
MOD - [2011/04/21 15:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files (x86)\Advanced SystemCare 5\madbasic_.bpl
MOD - [2011/04/21 15:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files (x86)\Advanced SystemCare 5\maddisAsm_.bpl
MOD - [2010/12/12 07:58:14 | 000,502,784 | ---- | M] () -- F:\Programas\Rainlendar2\wxmsw28u_xrc_vc_rny.dll
MOD - [2010/12/12 07:58:00 | 000,131,584 | ---- | M] () -- F:\Programas\Rainlendar2\wxbase28u_xml_vc_rny.dll
MOD - [2010/12/12 07:57:56 | 000,485,376 | ---- | M] () -- F:\Programas\Rainlendar2\wxmsw28u_html_vc_rny.dll
MOD - [2010/12/12 07:57:44 | 000,707,584 | ---- | M] () -- F:\Programas\Rainlendar2\wxmsw28u_adv_vc_rny.dll
MOD - [2010/12/12 07:57:36 | 002,633,216 | ---- | M] () -- F:\Programas\Rainlendar2\wxmsw28u_core_vc_rny.dll
MOD - [2010/12/12 07:56:46 | 001,205,760 | ---- | M] () -- F:\Programas\Rainlendar2\wxbase28u_vc_rny.dll
MOD - [2010/05/23 15:20:08 | 000,012,288 | ---- | M] () -- F:\Programas\Rainlendar2\lfs.dll
MOD - [2010/05/23 15:20:04 | 000,126,976 | ---- | M] () -- F:\Programas\Rainlendar2\lua51.dll
MOD - [2007/09/02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007/09/02 12:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/12/19 17:59:00 | 002,779,416 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2011/11/23 07:27:10 | 001,267,000 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV:64bit: - [2009/07/17 14:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 22:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/29 17:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/06/09 11:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Disabled | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/12/29 21:29:04 | 000,497,496 | ---- | M] (IObit) [Disabled | Stopped] -- C:\Program Files (x86)\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/11/23 10:17:26 | 000,094,992 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- F:\Programas\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2011/10/17 16:21:08 | 000,208,328 | ---- | M] ( ) [Unknown | Running] -- C:\Program Files (x86)\GbPlugin\gbpsv.exe -- (GbpSv)
SRV - [2011/08/20 17:50:56 | 000,013,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Connectify\ConnectifyService.exe -- (Connectify)
SRV - [2011/08/14 18:47:13 | 000,026,528 | ---- | M] (Orolix Desenvolvimento de Software LTDA.) [Disabled | Stopped] -- C:\Program Files (x86)\TIM Communicator\module\devicemon.exe -- (OrolixDeviceMonitor)
SRV - [2011/07/08 10:01:00 | 002,978,720 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- F:\Programas\Mamutu\a2service.exe -- (Mamutu)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/06/16 03:11:12 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/11 11:53:00 | 000,660,800 | ---- | M] (SoftThinks) [Disabled | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- F:\Programas\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/02 12:35:45 | 000,031,344 | ---- | M] (Connectify) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\cnnctfy2.sys -- (cnnctfy2)
DRV:64bit: - [2011/12/17 14:10:09 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011/09/21 09:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011/08/15 14:32:10 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011/06/15 08:10:14 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/06/02 02:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/06/02 02:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/06/02 02:47:22 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV:64bit: - [2011/06/02 02:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/05/04 10:36:32 | 000,029,752 | ---- | M] (Resplendence Software Projects Sp.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\rspSanity64.sys -- (rspSanity)
DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 16:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/12/21 02:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/12/21 02:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010/12/21 02:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/12/21 02:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/11/20 10:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 08:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/19 09:18:28 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2010/08/19 09:18:28 | 000,079,360 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:64bit: - [2010/08/19 09:18:28 | 000,076,288 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2009/12/26 20:41:32 | 000,280,624 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/07/17 14:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/17 14:06:16 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/29 17:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/03 16:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/05/20 16:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/08 21:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2008/08/08 14:31:26 | 000,062,960 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\h648103.sys -- (h648103)
DRV:64bit: - [2008/08/08 14:31:22 | 000,065,776 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\h648101.sys -- (h648101)
DRV:64bit: - [2008/08/08 14:31:20 | 000,063,856 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\h647906.sys -- (h647906)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/01/11 15:04:00 | 000,042,584 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\gbpkm.sys -- (GbpKm)
DRV - [2011/11/23 10:17:24 | 000,158,336 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- F:\Programas\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2011/11/02 09:13:26 | 000,041,728 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- F:\Programas\Mamutu\a2dix64.sys -- (a2injectiondriver)
DRV - [2011/11/02 09:13:12 | 000,063,880 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- F:\Programas\Mamutu\a2accx64.sys -- (a2acc)
DRV - [2010/05/05 07:40:54 | 000,014,720 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- F:\Programas\Mamutu\a2util64.sys -- (a2util)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/08 14:31:18 | 000,043,192 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\hid8101.sys -- (hid8101)
DRV - [2008/08/08 14:31:18 | 000,040,856 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\hid8103.sys -- (hid8103)
DRV - [2008/08/08 14:31:16 | 000,041,272 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\hid7906.sys -- (hid7906)
DRV - [2008/05/15 21:59:46 | 000,014,352 | ---- | M] () [Kernel | On_Demand | Running] -- F:\Programas\RMClock\RTCore64.sys -- (RTCore64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2583405121-845317484-362328064-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
IE - HKU\S-1-5-21-2583405121-845317484-362328064-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com.br"

FF - user.js..browser.startup.homepage: "google.com.br"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: F:\Programas\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: F:\Programas\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: F:\Programas\Mozilla Firefox\components [2012/02/01 19:58:57 | 000,000,000 | ---D | M]

[2012/01/13 21:28:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions
[2012/02/01 20:35:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4kg3pcmc.default\extensions
[2012/02/01 22:44:14 | 000,000,000 | ---D | M] (Java Console) -- F:\PROGRAMAS\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Free Download Manager Click Catcher Plug-In for Netscape, Opera, Mozilla (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\plugins\npfdm.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Disabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Disabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\plugins\nprpjplug.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: WOT = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.11_0\
CHR - Extension: Speed Dial 2 PT-BR = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkknhggpbobclcpkmmicmllhhjofnnpe\1.5.8.11_0\
CHR - Extension: O QR Code Generator = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb\0.2.2_0\
CHR - Extension: AdBlock = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.20_0\
CHR - Extension: LastPass = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.80.4_0\
CHR - Extension: eBuddy Web Messenger = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkojhhiphdgeliplnclnbmdiofhgnimi\2.0.9_0\
CHR - Extension: Plants vs Zombies = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
CHR - Extension: AntiProtetor.in = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmiaiialpednkdjhgceidgfmfcigphi\1.0.2_0\
CHR - Extension: Bastion = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohphhdkahjlioohbalmicpokoefkgid\0.0.0.4_0\
CHR - Extension: Dark Android\u2122 for Google Chrome\u2122 = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\piplndfepmiipbmideooebblpfneoohj\1_0\
CHR - Extension: Gmail = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/10/31 19:20:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - F:\Programas\Free Download Manager\iefdm2.dll ()
O3 - HKU\S-1-5-21-2583405121-845317484-362328064-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [mamutu guard] F:\PROGRAMAS\MAMUTU\mamutu.exe (Emsi Software GmbH)
O4 - HKU\S-1-5-21-2583405121-845317484-362328064-1000..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-2583405121-845317484-362328064-1000..\Run: [Rainlendar2] F:\Programas\Rainlendar2\Rainlendar2.exe ()
O4 - HKU\S-1-5-21-2583405121-845317484-362328064-1000..\Run: [RMClock] F:\Programas\RMClock\RMClockLauncher.exe (NGO Science Center "RightMark")
O4 - HKU\S-1-5-21-2583405121-845317484-362328064-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-2583405121-845317484-362328064-1000..\Run: [SandboxieControl] F:\Programas\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2583405121-845317484-362328064-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2583405121-845317484-362328064-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O7 - HKU\S-1-5-21-2583405121-845317484-362328064-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8:64bit: - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Daniel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Daniel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AA78F92-0651-4EAB-91A7-012426EDB49A}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AA78F92-0651-4EAB-91A7-012426EDB49A}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{261CD774-0DB2-433D-9D7B-23AC712B2A43}: NameServer = 189.40.226.80 189.40.224.80
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73FA3DE9-F75F-4DEB-A7C6-4CD292F9A667}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73FA3DE9-F75F-4DEB-A7C6-4CD292F9A667}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8420AC5-9CF9-4C77-A8AE-8E26C19F51D1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8420AC5-9CF9-4C77-A8AE-8E26C19F51D1}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\Userinit.exe) -C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Program Files (x86)\GbPlugin\gbiehCef.dll) - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/02 14:49:21 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/08/16 18:00:20 | 000,336,384 | R--- | M] (Orolix Desenvolvimento de Software LTDA.) - H:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/07/28 11:47:07 | 000,000,172 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/10 15:45:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/03 10:01:41 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Auslogics
[2012/03/03 10:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2012/03/03 09:11:46 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Mamutu
[2012/03/03 08:50:42 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Battlefield 2 Demo
[2012/03/03 08:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2012/03/01 18:26:03 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~BT
[2012/03/01 12:03:35 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2012/02/19 20:24:58 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\TempDIR
[2012/02/15 18:37:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/02/15 13:12:46 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\VMware
[2012/02/15 13:12:41 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\VMware
[2012/02/15 13:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2012/02/14 19:59:20 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/14 19:24:01 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/14 19:24:01 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/14 19:24:00 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/14 19:24:00 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/14 19:24:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/14 19:23:59 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/14 19:23:59 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/14 19:23:59 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/14 19:23:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/14 19:23:58 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/14 19:23:58 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/14 19:13:20 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/14 19:12:55 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/14 19:12:55 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/13 11:14:52 | 000,000,000 | -H-D | C] -- C:\VritualRoot

========== Files - Modified Within 30 Days ==========

[2012/03/10 15:56:10 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/10 15:56:10 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/10 15:55:20 | 001,517,030 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/10 15:55:20 | 000,663,804 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2012/03/10 15:55:20 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/10 15:55:20 | 000,128,094 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2012/03/10 15:55:20 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/10 15:48:54 | 000,445,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/10 15:48:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/10 15:48:03 | 2384,744,448 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/10 11:48:47 | 000,001,894 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012/03/08 18:34:29 | 000,000,274 | ---- | M] () -- C:\Windows\SysWow64\CALL.INI
[2012/03/03 17:45:10 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2583405121-845317484-362328064-1000UA.job
[2012/03/03 17:45:10 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2583405121-845317484-362328064-1000Core.job
[2012/03/01 18:25:57 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/03/01 18:25:57 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/02/18 18:32:03 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/02/15 13:11:36 | 001,534,676 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2012/03/10 15:48:06 | 000,445,520 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/01 18:04:34 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012/03/01 18:04:34 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2012/02/22 16:54:12 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/02/22 16:54:12 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/02/15 13:11:36 | 001,534,676 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/21 11:48:04 | 000,008,063 | ---- | C] () -- C:\Users\Daniel\AppData\Local\Temp24.html
[2012/01/21 11:41:48 | 000,008,063 | ---- | C] () -- C:\Users\Daniel\AppData\Local\Temp42.html
[2012/01/21 11:40:37 | 000,001,293 | ---- | C] () -- C:\Users\Daniel\AppData\Local\Temp1.html
[2011/12/27 09:36:51 | 000,000,317 | ---- | C] () -- C:\Windows\game.ini
[2011/12/13 23:25:37 | 000,001,894 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/11/12 16:51:59 | 000,017,408 | ---- | C] () -- C:\Users\Daniel\AppData\Local\WebpageIcons.db
[2011/10/31 10:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/09/15 09:50:54 | 000,000,274 | ---- | C] () -- C:\Windows\SysWow64\CALL.INI
[2011/08/14 19:12:03 | 000,007,610 | ---- | C] () -- C:\Users\Daniel\AppData\Local\Resmon.ResmonCfg
[2011/08/14 19:04:19 | 000,088,280 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/06/07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/06/07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/06/07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/06/07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010/06/16 07:38:16 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/06/16 07:38:15 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2010/06/16 07:38:15 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/06/16 07:38:14 | 000,433,024 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/06/16 03:23:38 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/07/14 02:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 23:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 21:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 20:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 18:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[1998/09/23 03:07:00 | 000,061,952 | ---- | C] () -- C:\Windows\SysWow64\MMRegOCX.EXE
[1998/09/23 02:38:00 | 000,037,376 | ---- | C] () -- C:\Windows\SysWow64\AXDIST.EXE

========== LOP Check ==========

[2012/01/02 13:51:31 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Ashampoo
[2012/03/03 10:01:41 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Auslogics
[2012/01/27 15:11:53 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\BlueSprig
[2011/09/17 15:54:07 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DMCache
[2012/02/22 13:37:20 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Dropbox
[2011/12/24 14:02:53 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DVDVideoSoft
[2011/10/29 21:58:08 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/01/26 20:43:48 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\FileZilla
[2012/03/03 10:35:08 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Free Download Manager
[2012/01/24 17:04:39 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\gtk-2.0
[2012/02/07 22:09:53 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\IObit
[2011/12/14 19:45:38 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LibreOffice
[2011/12/20 12:40:32 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\MrBree
[2011/12/11 12:55:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Opera
[2011/11/12 15:31:11 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Samsung
[2012/01/13 21:28:16 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Thunderbird
[2011/12/18 17:57:18 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TrueCrypt
[2012/01/30 13:57:01 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TS3Client
[2012/01/27 15:24:52 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Wise Registry Cleaner
[2012/01/02 18:43:06 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 208 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:5C321E34


< End of report >

Essa semana peguei um vírus navegando no Game Vício, tal de Setup.exe, fiquei puto na hora, pois o vírus baixou automaticamente, mais o sandboxie conteve ele.
Agora essa bosta ai eu não sei onde peguei. Acho que também foi lá, só que esse passou pelo sandboxie . No fórum deles á reclamações sobre esse vírus mais eles não fazem nada.

Agora, esse vírus era um Toolbar mesmo ?

Abraço.

 

[rhaizen]

Ok. feito, o computador está normal, aquele problema que eu relatei no primeiro topico aconteceu porem parou quando reinciei o computador. agradeço pela ajuda.

 

[Laptosh]

Fala gente, blz?

Meu Avira não para de achar esse "Objeto não identificado" e eu não sei o que fazer. Já pesquisei no Nosso pai Google mas não achei nada a respeito. Não sei se tem algo haver mais depois que o Avira encontrou ele meu MSN ta caindo toda hora, de 3 em 3 min.

Alguém faz ideia do que seja?

O Megadeeth me deu a dica de usar o Malwarebytes, mas não adiantou =/

Estou desesperado já. Minha internet fica muito ruin, o tempo todo. Quero tentar resolver sem precisar formatar nada.

 

[Nexus]

Laptosh poste o log do OTL.
Siga o mini tutorial de como executar ele da 1° página.
http://adrenaline.uol.com.br/forum/area-windows/207948-remocao-de-virus.html
VLW.

 

[Laptosh]

OTL:

Spoiler

OTL logfile created on: 14/03/2012 08:54:15 - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Felipe\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 48,11% Memory free
8,00 Gb Paging File | 5,21 Gb Available in Paging File | 65,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 73,20 Gb Free Space | 24,56% Space Free | Partition Type: NTFS

Computer Name: FELIPEPC | User Name: Felipe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/14 08:52:47 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Felipe\Desktop\OTL.exe
PRC - [2012/02/17 18:15:17 | 000,399,512 | ---- | M] (Mozilla Messaging) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2012/02/15 12:19:13 | 000,738,680 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2012/02/14 20:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Felipe\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/12/21 16:31:24 | 000,204,872 | ---- | M] ( ) -- C:\PROGRA~2\GbPlugin\GbpSv.exe
PRC - [2011/12/16 10:00:25 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/12/16 10:00:14 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2011/12/16 10:00:13 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011/12/16 10:00:13 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/12/16 10:00:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/28 01:39:52 | 000,404,568 | ---- | M] (LG Electronics) -- C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
PRC - [2011/04/06 00:20:12 | 000,209,280 | ---- | M] (Corel Corporation) -- C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X5\Programs\CorelDRW.exe
PRC - [2011/04/01 23:24:09 | 006,469,176 | ---- | M] (Foxit Corporation) -- C:\Program Files (x86)\Foxit Software\PDF Editor\PDFEdit.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008/06/13 14:24:04 | 000,081,920 | ---- | M] (Firebird Project) -- C:\BancoBrasil\Firebird\bin\fbguard.exe
PRC - [2008/06/13 14:22:52 | 002,723,840 | ---- | M] (Firebird Project) -- C:\BancoBrasil\Firebird\bin\fbserver.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/08 11:28:52 | 000,429,040 | ---- | M] () -- C:\Users\Felipe\AppData\Local\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll
MOD - [2012/03/08 11:28:51 | 003,772,912 | ---- | M] () -- C:\Users\Felipe\AppData\Local\Google\Chrome\Application\17.0.963.78\pdf.dll
MOD - [2012/03/08 11:27:26 | 000,122,880 | ---- | M] () -- C:\Users\Felipe\AppData\Local\Google\Chrome\Application\17.0.963.78\avutil-51.dll
MOD - [2012/03/08 11:27:24 | 000,220,672 | ---- | M] () -- C:\Users\Felipe\AppData\Local\Google\Chrome\Application\17.0.963.78\avformat-53.dll
MOD - [2012/03/08 11:27:23 | 001,747,456 | ---- | M] () -- C:\Users\Felipe\AppData\Local\Google\Chrome\Application\17.0.963.78\avcodec-53.dll
MOD - [2012/03/08 06:39:20 | 008,593,056 | ---- | M] () -- C:\Users\Felipe\AppData\Local\Google\Chrome\Application\17.0.963.78\gcswf32.dll
MOD - [2012/03/08 06:39:20 | 008,593,056 | ---- | M] () -- C:\Users\Felipe\AppData\Local\Google\Chrome\APPLIC~1\170963~1.78\gcswf32.dll
MOD - [2012/02/18 11:25:28 | 000,198,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\bcded47b72178211b6be4717d67130c2\Microsoft.VisualStudio.Tools.Applications.DesignTime.v9.0.ni.dll
MOD - [2012/02/17 18:35:03 | 000,133,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\0e6685fa21a5e598c0ebdee764af7a7f\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.ni.dll
MOD - [2012/02/17 18:34:56 | 000,633,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\05c4011ad0068d0af722b4b52677d915\System.AddIn.ni.dll
MOD - [2012/02/17 18:17:53 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
MOD - [2012/02/17 18:17:19 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/17 18:16:58 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
MOD - [2012/02/17 18:15:45 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
MOD - [2012/02/17 18:15:23 | 001,910,936 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2012/02/17 18:15:23 | 000,161,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
MOD - [2012/02/17 18:15:23 | 000,021,144 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
MOD - [2012/02/17 18:15:17 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/17 18:15:05 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/17 18:14:28 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/01/13 19:50:10 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll
MOD - [2012/01/13 17:58:59 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2012/01/13 17:58:58 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/10/17 15:08:34 | 000,015,752 | ---- | M] () -- C:\Windows\assembly\GAC_32\Corel.VstaMarshaler\15.2.0.686__e4835428e22ad6f9\Corel.VstaMarshaler.dll
MOD - [2010/05/21 07:41:46 | 000,431,392 | ---- | M] () -- c:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X5\Draw\PsiClient.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/29 14:10:40 | 000,127,800 | ---- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
SRV:64bit: - [2009/07/13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/12/21 16:31:24 | 000,204,872 | ---- | M] ( ) [Auto | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv)
SRV - [2011/12/16 10:00:25 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/12/16 10:00:14 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/12/16 10:00:13 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/12/16 10:00:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/06/13 14:24:04 | 000,081,920 | ---- | M] (Firebird Project) [Auto | Running] -- C:\BancoBrasil\Firebird\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2008/06/13 14:22:52 | 002,723,840 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\BancoBrasil\Firebird\bin\fbserver.exe -- (FirebirdServerDefaultInstance)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/15 09:30:39 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/01/12 23:07:03 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/12/16 10:00:37 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/12/16 10:00:37 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/07 14:23:02 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)
DRV:64bit: - [2010/12/07 14:23:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)
DRV:64bit: - [2010/12/07 14:23:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)
DRV:64bit: - [2010/12/07 14:22:58 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2010/11/20 10:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 08:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 08:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/04/28 12:49:50 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews)
DRV:64bit: - [2009/09/29 08:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort)
DRV:64bit: - [2009/09/29 08:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM)
DRV:64bit: - [2009/09/29 08:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtbs64.sys -- (lgbusenum)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/10 18:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 18:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 18:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 17:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Driver de adaptador Intel(R)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2007/09/27 21:13:32 | 000,060,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.sys -- (RTSTOR)
DRV - [2011/12/21 16:32:06 | 000,045,896 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\gbpkm.sys -- (GbpKm)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC






IE - HKU\S-1-5-21-2619323572-2013549134-2282759808-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-2619323572-2013549134-2282759808-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
IE - HKU\S-1-5-21-2619323572-2013549134-2282759808-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKU\S-1-5-21-2619323572-2013549134-2282759808-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B6 C4 9B A9 89 8C CC 01 [binary data]
IE - HKU\S-1-5-21-2619323572-2013549134-2282759808-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2619323572-2013549134-2282759808-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2619323572-2013549134-2282759808-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Felipe\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Felipe\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/10/17 07:38:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011/10/17 07:38:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Felipe\AppData\Roaming\mozilla\Extensions
() (No name found) -- C:\USERS\FELIPE\APPDATA\ROAMING\THUNDERBIRD\PROFILES\DXMSOQB6.DEFAULT\EXTENSIONS\TBTESTPILOT@LABS.MOZILLA.COM.XPI

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Felipe\AppData\Local\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Felipe\AppData\Local\Google\Chrome\Application\17.0.963.78\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Felipe\AppData\Local\Google\Chrome\Application\17.0.963.78\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Users\Felipe\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Pesquisa do Google = C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Google Calendar Checker (do Google) = C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek\1.2.2_0\
CHR - Extension: Capturador Web do Evernote = C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.1.22.1457_0\
CHR - Extension: Gmail = C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/12/27 15:38:56 | 000,000,864 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2619323572-2013549134-2282759808-1001..\Run: [LG LinkAir] File not found
O4 - HKU\S-1-5-21-2619323572-2013549134-2282759808-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Felipe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Enviar para o OneNote - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: &Enviar para o OneNote - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2619323572-2013549134-2282759808-1001\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-2619323572-2013549134-2282759808-1001\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)
O15 - HKU\S-1-5-21-2619323572-2013549134-2282759808-1001\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)
O15 - HKU\S-1-5-21-2619323572-2013549134-2282759808-1001\..Trusted Domains: bb.com.br ([www] * in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CD1CADC-9493-482A-AF2A-B9FE901D9B0E}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CD1CADC-9493-482A-AF2A-B9FE901D9B0E}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA66D54B-8BB3-4CE5-958C-560563499D5C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA66D54B-8BB3-4CE5-958C-560563499D5C}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files (x86)\GbPlugin\gbieh.dll) - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b642d3dc-3d0a-11e1-9ef7-000325274621}\Shell - "" = AutoRun
O33 - MountPoints2\{b642d3dc-3d0a-11e1-9ef7-000325274621}\Shell\AutoRun\command - "" = E:\autoplay.exe
O33 - MountPoints2\{c4b381e8-183a-11e1-b260-000325274621}\Shell - "" = AutoRun
O33 - MountPoints2\{c4b381e8-183a-11e1-b260-000325274621}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{c4b381e8-183a-11e1-b260-000325274621}\Shell\directx\command - "" = F:\DirectX9\dxsetup.exe
O33 - MountPoints2\{c4b381e8-183a-11e1-b260-000325274621}\Shell\setup\command - "" = F:\setup.exe
O33 - MountPoints2\{c4b381f6-183a-11e1-b260-000325274621}\Shell - "" = AutoRun
O33 - MountPoints2\{c4b381f6-183a-11e1-b260-000325274621}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{c4b381f6-183a-11e1-b260-000325274621}\Shell\directx\command - "" = F:\DirectX9\dxsetup.exe
O33 - MountPoints2\{c4b381f6-183a-11e1-b260-000325274621}\Shell\setup\command - "" = F:\setup.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\F\Shell\directx\command - "" = F:\DirectX9\dxsetup.exe
O33 - MountPoints2\F\Shell\setup\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/14 08:52:44 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Felipe\Desktop\OTL.exe
[2012/03/13 09:05:01 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{D11C6AAA-35BC-46F4-938F-39BD1AE9C6EB}
[2012/03/13 09:04:34 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{01CCA46C-A781-4F2D-98CF-5DE5B778C44A}
[2012/03/12 08:30:31 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{1B949164-4878-4C95-BE31-A4E46918A0A4}
[2012/03/11 20:30:06 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{B58D6BF5-1192-4B7E-AED7-B97B2700F193}
[2012/03/11 08:29:40 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{F1E98F73-D9F9-4095-ABD4-586D45A656EF}
[2012/03/10 20:29:13 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{CF8BFAE8-E99A-4394-9FE3-4E1961312AA7}
[2012/03/10 20:28:58 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{8840DE97-3985-44B1-9C9E-280F0416EFE4}
[2012/03/09 16:33:07 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{42B964D9-67AB-47F5-9269-B5D54E34F5EF}
[2012/03/09 16:32:54 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{405F4229-4EC8-4B54-99D7-936E4DD00CEC}
[2012/03/08 06:04:04 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{630FDCBE-D253-492D-BCA1-5EABB552C907}
[2012/03/08 06:03:51 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{5F512A07-3299-45B7-968C-5CAE2999B52C}
[2012/03/07 18:03:37 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{72D66807-1EB7-4B4F-B56C-719178A5394F}
[2012/03/07 18:03:15 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{33E11293-A090-46F7-90CD-4D234AC00DCB}
[2012/03/06 10:16:58 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Roaming\Malwarebytes
[2012/03/06 10:16:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/06 10:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/06 10:16:51 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/06 10:16:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/06 08:12:54 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{1F582832-D7C9-4607-9DC8-2A2478149B6B}
[2012/03/06 08:12:36 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{280C9B1F-79EB-491D-AFF4-BE663799F5D9}
[2012/03/05 09:11:55 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{B7ECEEA4-71C1-41AB-8D6C-21DC6274B4B3}
[2012/03/05 09:11:27 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{8F38D0F7-D5AC-4D05-AFD7-76822C81D35B}
[2012/03/03 10:44:14 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{6BBCC59B-5625-4DA3-8A5A-EB5C65A42D43}
[2012/03/02 08:34:46 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{668417CA-D391-49DE-89F8-80AAB2DD7C22}
[2012/03/02 08:34:19 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{5D82CFD2-F700-41EC-A0F1-DCDAC7EA7550}
[2012/03/01 10:17:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/03/01 09:54:52 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{A75D38CE-6D38-4F5A-9A2D-964E7758DFE5}
[2012/03/01 09:54:35 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{5A82B653-A43F-4D3D-9B88-3E67F573F806}
[2012/02/29 08:09:35 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{ADC74AFC-C4E2-4E8A-93E9-B25CCB81C920}
[2012/02/28 10:38:38 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{83911A67-3E77-4511-AF80-FF8FF743BBC3}
[2012/02/28 10:38:25 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{DE1DCCFA-0785-4A65-A2EE-2CF9BCF97C7D}
[2012/02/27 22:37:50 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{AC98A5C2-7DF5-43AF-B07D-C2AD1E50AA26}
[2012/02/27 22:37:28 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{AAA3B919-E385-456F-AAA1-127100CC111D}
[2012/02/27 18:53:44 | 000,525,544 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2012/02/27 18:53:44 | 000,191,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012/02/27 18:53:44 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012/02/27 18:53:44 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012/02/27 18:52:41 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/02/27 08:41:44 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{62CAA75B-C5F3-4202-A30A-072A76A498F7}
[2012/02/27 08:41:04 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{38EE2A29-6842-4405-B7E9-66064C9AD735}
[2012/02/26 10:03:27 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{9A10851D-1FAC-4712-902D-41BD2C4304E4}
[2012/02/26 10:02:52 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{C235624D-1553-4072-BC20-C2B35E56A367}
[2012/02/24 08:27:23 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{2B779432-4AD5-41CF-9152-7031F2A659F1}
[2012/02/24 08:26:56 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{896DBFC5-1E4A-4DB4-A096-6A46597F4AB2}
[2012/02/23 14:51:36 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{6756533B-841E-4B52-A9EB-DE3A2F32AE2F}
[2012/02/23 14:51:18 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{318548D0-969E-4010-AF42-F8C9E72745E3}
[2012/02/22 08:25:24 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{508EEE06-8FD2-4681-AC69-0C5B2E950366}
[2012/02/22 08:25:04 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{CD0EBA8E-F455-44D7-9AFA-B404EF808100}
[2012/02/18 12:23:14 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{A525B37C-22E1-419B-B57C-292E445DEE7B}
[2012/02/18 12:22:58 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{9D78B810-F7CF-4619-AB1D-3A5B3E4E7C2F}
[2012/02/17 10:44:02 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/17 10:44:02 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/17 10:44:00 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/17 10:43:59 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/17 10:43:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/17 10:43:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/17 10:43:58 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/17 10:43:57 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/17 10:43:57 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/17 10:43:56 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/17 10:43:55 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/17 10:38:05 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/17 10:37:30 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/17 10:37:30 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/17 10:37:26 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/17 08:58:36 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{60BFE2F0-8704-46E9-BAEE-107713CC64AD}
[2012/02/17 08:58:23 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{1A33577F-2CA4-4378-AB0E-65B7A4210A07}
[2012/02/16 11:13:33 | 000,057,436 | ---- | C] (Microsoft Corporation) -- C:\Windows\DASShp.dll
[2012/02/16 11:13:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Reader
[2012/02/16 10:25:02 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{9F7B82E0-29A2-4CE1-9D2B-319C4BB8D80A}
[2012/02/16 10:24:45 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{73B91884-4A45-4B7B-89DC-2DADCDB2FB78}
[2012/02/15 09:30:05 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{43B88EFB-1074-44AF-938D-5B4EB55D79AA}
[2012/02/15 09:29:41 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{4375E8E9-940C-4C2A-B888-36AEF9570259}
[2012/02/14 09:26:43 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{936AA095-15BC-4AE3-AB40-7B918F77F54F}
[2012/02/14 09:26:30 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{313F998D-3851-49D3-ADAD-25AB473198CB}
[2012/02/13 21:26:17 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{0CF8D908-CDC5-4CFD-B7F0-F9C421334F82}
[2012/02/13 21:26:02 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{DF8C1E0A-69C3-41EC-A822-D91962C7C493}
[2012/02/13 09:25:45 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{9FE9E481-B615-4059-8CAD-3E63656F2FA7}
[2012/02/13 09:25:31 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{0E27A950-FBB2-4337-B9F3-5330771277EE}

========== Files - Modified Within 30 Days ==========

[2012/03/14 08:56:01 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2619323572-2013549134-2282759808-1001Core.job
[2012/03/14 08:52:47 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Felipe\Desktop\OTL.exe
[2012/03/14 08:45:31 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2619323572-2013549134-2282759808-1001UA.job
[2012/03/14 08:45:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/13 16:53:49 | 006,619,184 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/13 16:53:49 | 000,694,430 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012/03/13 16:53:49 | 000,689,726 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2012/03/13 16:53:49 | 000,663,804 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2012/03/13 16:53:49 | 000,632,180 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat
[2012/03/13 16:53:49 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/13 16:53:49 | 000,551,770 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2012/03/13 16:53:49 | 000,448,586 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat
[2012/03/13 16:53:49 | 000,434,486 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat
[2012/03/13 16:53:49 | 000,433,388 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat
[2012/03/13 16:53:49 | 000,388,518 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2012/03/13 16:53:49 | 000,148,310 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat
[2012/03/13 16:53:49 | 000,134,840 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2012/03/13 16:53:49 | 000,130,140 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012/03/13 16:53:49 | 000,128,094 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2012/03/13 16:53:49 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2012/03/13 16:53:49 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/13 16:53:49 | 000,089,436 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2012/03/13 16:53:49 | 000,082,148 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat
[2012/03/13 16:53:49 | 000,078,984 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat
[2012/03/13 16:53:49 | 000,077,096 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat
[2012/03/13 09:19:08 | 000,014,544 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/13 09:19:08 | 000,014,544 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/10 20:28:17 | 000,002,413 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012/03/10 20:26:00 | 3219,988,480 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/06 10:52:06 | 000,001,000 | ---- | M] () -- C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/03/06 08:13:38 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/03/05 19:12:37 | 002,122,773 | ---- | M] () -- C:\Users\Felipe\Simplesmente mulher.cdr
[2012/03/02 15:57:41 | 005,546,723 | ---- | M] () -- C:\Users\Felipe\Backup_of_Simplesmente mulher.cdr
[2012/03/01 12:39:22 | 000,054,222 | ---- | M] () -- C:\Users\Felipe\Simplesmente mulher.gif
[2012/02/27 18:52:45 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2012/02/27 18:52:45 | 000,191,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012/02/27 18:52:45 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012/02/27 18:52:45 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012/02/17 18:10:51 | 000,538,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/17 18:07:03 | 665,223,933 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/15 09:30:39 | 000,132,320 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

========== Files Created - No Company Name ==========

[2012/03/05 19:12:31 | 002,122,773 | ---- | C] () -- C:\Users\Felipe\Simplesmente mulher.cdr
[2012/03/02 15:56:52 | 005,546,723 | ---- | C] () -- C:\Users\Felipe\Backup_of_Simplesmente mulher.cdr
[2012/03/01 12:39:21 | 000,054,222 | ---- | C] () -- C:\Users\Felipe\Simplesmente mulher.gif
[2012/02/16 11:13:33 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Reader.lnk
[2012/01/12 23:11:47 | 000,051,270 | ---- | C] () -- C:\Users\Felipe\AppData\Roaming\room_v3.dat
[2012/01/04 18:50:44 | 000,084,464 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011/12/29 16:40:17 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011/12/29 16:40:17 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011/10/17 10:10:11 | 006,585,162 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/17 00:48:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/10/04 20:59:32 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\StarOpen.sys

========== LOP Check ==========

[2011/12/31 19:08:55 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\BSplayer
[2011/12/31 16:54:31 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\BSplayer Pro
[2011/12/01 22:08:54 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\DAEMON Tools Lite
[2012/03/10 20:28:16 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\Dropbox
[2011/10/28 11:12:38 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\Foxit Software
[2012/01/12 22:35:38 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\GarenaPlus
[2011/10/17 07:38:21 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\Thunderbird
[2012/03/14 08:59:41 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\uTorrent
[2009/07/14 02:08:49 | 000,016,822 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 208 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst

< End of report >

EXTRAS:

Spoiler

OTL Extras logfile created on: 14/03/2012 08:54:15 - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Felipe\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 48,11% Memory free
8,00 Gb Paging File | 5,21 Gb Available in Paging File | 65,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 73,20 Gb Free Space | 24,56% Space Free | Partition Type: NTFS

Computer Name: FELIPEPC | User Name: Felipe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}" = Corel Graphics - Windows Shell Extension 64 Bit
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0416-1000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2010
"{90140000-0015-0416-1000-0000000FF1CE}_Office14.PROPLUS_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0416-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
"{90140000-0016-0416-1000-0000000FF1CE}_Office14.PROPLUS_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0416-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
"{90140000-0018-0416-1000-0000000FF1CE}_Office14.PROPLUS_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0416-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
"{90140000-0019-0416-1000-0000000FF1CE}_Office14.PROPLUS_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0416-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
"{90140000-001A-0416-1000-0000000FF1CE}_Office14.PROPLUS_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0416-1000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2010
"{90140000-001B-0416-1000-0000000FF1CE}_Office14.PROPLUS_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0416-1000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-0416-1000-0000000FF1CE}_Office14.PROPLUS_{5A876683-AEAB-45E2-BA33-A767B54DB7E2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0416-1000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2010
"{90140000-002C-0416-1000-0000000FF1CE}_Office14.PROPLUS_{0FDF2566-665E-4F8A-B1AD-A0FE52B4224E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0416-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010
"{90140000-0043-0416-1000-0000000FF1CE}_Office14.PROPLUS_{0C40F8A4-7695-48F7-8CAE-634D3882009B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0416-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
"{90140000-0044-0416-1000-0000000FF1CE}_Office14.PROPLUS_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0416-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
"{90140000-006E-0416-1000-0000000FF1CE}_Office14.PROPLUS_{8F2AC896-0A49-4054-83BF-3B03E6FBE7CD}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0416-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
"{90140000-00A1-0416-1000-0000000FF1CE}_Office14.PROPLUS_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0416-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
"{90140000-00BA-0416-1000-0000000FF1CE}_Office14.PROPLUS_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{E8A34AC8-0137-4515-A94B-0A0946DDC251}" = Scan To
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"HP LaserJet Professional M1130-M1210 MFP Series" = HP LaserJet Professional M1130-M1210 MFP Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13E92303-C1AC-4012-9E22-54EACBF54888}" = MCCI(r)Firmware Update Driver for MTK
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CCE6EF6F-D3D5-4CC7-800C-CFB013431537}" = BB Cobranca
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FABB02D6-A7FD-4845-A6FA-60C565516712}" = Age of Empires III
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"BSPlayerf" = BS.Player FREE
"DAEMON Tools Lite" = DAEMON Tools Lite
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader_is1" = Foxit Reader 5.0
"im" = Garena Plus
"InstallShield_{FABB02D6-A7FD-4845-A6FA-60C565516712}" = Age of Empires III
"LG PC Suite IV" = LG PC Suite IV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.60.1.1000
"Módulo Integrado Locação de Máquinas e Equipamen~65A0594A_is1" = Módulo Integrado Locação de Máquinas e Equipamentos com Operado
"Mozilla Thunderbird 10.0.2 (x86 pt-BR)" = Mozilla Thunderbird 10.0.2 (x86 pt-BR)
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2619323572-2013549134-2282759808-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AndroidPC" = AndroidPC
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

 

[Mr.Wolf]

Nexus, o script rodou corretamente. O erro do resultado é comum no OTL. O malware presente em seu log é um adware (responsável pela toolbar), porém, há um worm também. O adware nem é problema, agora, se o worm foi proveniente da Game Vício realmente é um absurdo a equipe de suporte do site não fazer nada a respeito.

Baixe e utilize o ComboFix conforme este tutorial. Ao término, poste o log em C:\ComboFix.txt.


Laptosh, não há nada de errado em seu log. O alerta do Avira faz referência a um ataque DDoS vindo do site Dididave. Já acessou ou costuma acessar tal website?

Siga o spoiler.

Spoiler

1. Baixe o Report Antivir e salve-o no desktop.
2. Execute-o como administrador.
3. Onde está escrito Choisis le nombre de jours, escolha a opção 3.
4. Clique no botão Executer.
5. Caso receba alguma notificação como "COM Error Notification" clique em Sim.
6. Cole o relatório apresentado.

1. Baixe o SecurityCheck e salve no desktop.
2. Execute como administrador.
3. Tecle Enter e aguarde.
4. Cole o relatório gerado.

 

[Laptosh]

Mr. Wolf

Quando vi o alerta no avira eu observei que vinha desse site e entrei pra ver se descobria algo, mas não sei do que se trata o site e nunca havia entrado antes.

O Report não apresentou nenhum erro, segue o log:

Spoiler

Report_Antivir v1.0 BY Laddy - [1]
Début le 15/03/2012 à 15:48.
OS : Windows 7 Ultimate - 64bits
Utilisateur Felipe : Utilisateur compte limité
Lancement : C:\Users\Felipe\Desktop\Report_Antivir.exe
Antivirus : Avira Antivirus Premium 2012 v. 12.00.00.147 Derniere maj : (08/03/2012 04:06:56) [(!) Mettre a jour]
Mode : 3 jours

################ Début du rapport

Segue o do Security

Spoiler

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Avira Antivirus Premium 2012
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 29
Mozilla Thunderbird (x86 pt-BR..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

 

[Nexus]

Nexus, o script rodou corretamente. O erro do resultado é comum no OTL. O malware presente em seu log é um adware (responsável pela toolbar), porém, há um worm também. O adware nem é problema, agora, se o worm foi proveniente da Game Vício realmente é um absurdo a equipe de suporte do site não fazer nada a respeito.

Baixe e utilize o ComboFix conforme este tutorial. Ao término, poste o log em C:\ComboFix.txt.

Estou pUt0, nem o avira instalou aqui ... "faz uns 2 dias que tentei instalar e ele nem atualiza".

Andei observando nos outros fóruns "Linha Defensiva e no Clube do Hardware" que muitas usuários estão se infectando com essa ***** de Adware "Toolbar".

Agora esse Worm ............................... nem sabia que estava com ele
" HijackThis não mostrou essa chave "

Parei de acessar a Game Vício, só tive aborrecimentos entrando naquela ***** cheia de vírus.

Log ComboFix

Spoiler

ComboFix 12-03-12.03 - Daniel 15/03/2012 20:12:33.2.2 - x64
Microsoft Windows 7 Home Basic 6.1.7601.1.1252.55.1046.18.3032.2011 [GMT -3:00]
Executando de: c:\users\Daniel\Desktop\60329_combofix_123123.exe
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Criado um novo ponto de restauração
.
ADS - drivers: deleted 208 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Daniel\AppData\Local\TempDIR
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-02-15 to 2012-03-15 ))))))))))))))))))))))))))))
.
.
2012-03-15 23:19 . 2012-03-15 23:19 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-15 23:19 . 2012-03-15 23:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-14 00:53 . 2012-03-14 00:53 -------- d-----w- c:\users\Daniel\AppData\Roaming\Avira
2012-03-14 00:48 . 2012-02-03 18:29 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-03-14 00:48 . 2012-02-03 18:29 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-03-14 00:48 . 2012-02-03 18:29 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-03-14 00:48 . 2012-03-14 00:48 -------- d-----w- c:\programdata\Avira
2012-03-14 00:48 . 2012-03-14 00:48 -------- d-----w- c:\program files (x86)\Avira
2012-03-10 18:45 . 2012-03-10 18:45 -------- d-----w- C:\_OTL
2012-03-03 13:01 . 2012-03-03 13:01 -------- d-----w- c:\users\Daniel\AppData\Roaming\Auslogics
2012-03-03 11:46 . 2004-10-22 05:17 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-03-03 11:46 . 2004-10-22 05:17 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-03-03 11:46 . 2004-10-22 05:16 180224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-03-03 11:46 . 2004-10-22 05:16 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-03-03 11:46 . 2012-03-03 11:46 192644 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-03-03 11:46 . 2004-10-22 05:18 749568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-03-03 11:46 . 2012-03-03 11:46 323716 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-03-01 21:26 . 2012-03-01 21:26 -------- d-----w- C:\$WINDOWS.~BT
2012-02-22 19:54 . 2010-08-03 10:41 819200 ----a-w- c:\windows\SysWow64\xvidcore.dll
2012-02-22 19:54 . 2010-08-03 10:41 180224 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2012-02-15 21:37 . 2012-02-15 21:37 -------- d-----w- c:\programdata\Kaspersky Lab
2012-02-15 16:12 . 2012-02-15 16:28 -------- d-----w- c:\users\Daniel\AppData\Local\VMware
2012-02-15 16:12 . 2012-02-15 16:28 -------- d-----w- c:\users\Daniel\AppData\Roaming\VMware
2012-02-15 16:11 . 2012-02-15 16:28 -------- d-----w- c:\programdata\VMware
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-18 21:32 . 2012-01-22 00:24 25160 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-02-02 01:48 . 2011-09-18 00:59 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-02 01:44 . 2011-09-17 13:05 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-24 17:58 . 2012-01-24 17:58 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-01-17 23:00 . 2012-01-17 23:00 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-01-14 04:06 . 2012-02-14 22:59 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 18:04 . 2011-09-07 21:12 42584 ----a-w- c:\windows\SysWow64\drivers\gbpkm.sys
2012-01-04 10:44 . 2012-02-14 22:13 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-14 22:13 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-01-02 15:35 . 2012-01-02 15:35 31344 ----a-w- c:\windows\system32\drivers\cnnctfy2.sys
2011-12-30 19:02 . 2012-02-03 20:47 23896 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-12-30 06:26 . 2012-02-14 22:12 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-14 22:12 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-14 22:12 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-19 20:59 . 2011-12-19 20:59 93200 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-12-19 20:59 . 2011-12-19 20:59 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-19 20:59 . 2011-12-19 20:59 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-19 20:58 . 2011-12-19 20:58 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2011-12-19 20:58 . 2011-12-19 20:58 389840 ----a-w- c:\windows\system32\guard64.dll
2011-12-19 20:58 . 2011-12-19 20:58 301224 ----a-w- c:\windows\SysWow64\guard32.dll
2011-12-17 17:10 . 2011-12-17 17:10 230864 ----a-w- c:\windows\system32\drivers\truecrypt.sys
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="f:\programas\Sandboxie\SbieCtrl.exe" [2011-11-23 652048]
"Rainlendar2"="f:\programas\Rainlendar2\Rainlendar2.exe" [2011-08-12 2433024]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"RMClock"="f:\programas\RMClock\RMClockLauncher.exe" [2008-02-29 61440]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Advanced SystemCare 5"="c:\program files (x86)\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mamutu guard"="f:\programas\MAMUTU\mamutu.exe" [2011-11-03 4307320]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-02-03 258512]
.
c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]
2012-01-11 18:01 726360 ----a-w- c:\program files (x86)\GbPlugin\gbiehcef.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Classic\safedrv.sys [x]
R3 h647906;DragonRise H647906 AMD64 Driver;c:\windows\system32\drivers\h647906.sys [x]
R3 h648101;DragonRise H648101 AMD64 Driver;c:\windows\system32\drivers\h648101.sys [x]
R3 h648103;DragonRise H648103 AMD64 Driver;c:\windows\system32\drivers\h648103.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
R3 rspSanity;rspSanity;c:\windows\system32\DRIVERS\rspSanity64.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;f:\programas\RealTemp_3691\WinRing0x64.sys [x]
R3 X6va005;X6va005;c:\users\Daniel\AppData\Local\Temp\005ADE2.tmp [x]
R3 X6va006;X6va006;c:\users\Daniel\AppData\Local\Temp\006E74D.tmp [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\Advanced SystemCare 5\ASCService.exe [2011-12-30 497496]
R4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
R4 OrolixDeviceMonitor;Orolix Device Monitor;c:\program files (x86)\TIM Communicator\module\devicemon.exe [2011-08-14 26528]
R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-02-11 660800]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 a2injectiondriver;a2injectiondriver;f:\programas\Mamutu\a2dix64.sys [2011-11-02 41728]
S1 a2util;a-squared Malware-IDS utility driver;f:\programas\Mamutu\a2util64.sys [2010-05-05 14720]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy2.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
S2 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe [2011-08-20 13312]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe [2011-10-17 208328]
S2 Mamutu;Mamutu Service;f:\programas\Mamutu\a2service.exe [2011-07-08 2978720]
S2 SBSDWSCService;SBSD Security Center Service;f:\programas\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 a2acc;a2acc;f:\programas\MAMUTU\a2accx64.sys [2011-11-02 63880]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2583405121-845317484-362328064-1000Core.job
- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-15 01:36]
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2583405121-845317484-362328064-1000UA.job
- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-15 01:36]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-01-18 368640]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 9454920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.br/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Enviar para o OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Daniel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.42.129
TCP: Interfaces\{1AA78F92-0651-4EAB-91A7-012426EDB49A}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{73FA3DE9-F75F-4DEB-A7C6-4CD292F9A667}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{F8420AC5-9CF9-4C77-A8AE-8E26C19F51D1}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4kg3pcmc.default\
FF - prefs.js: browser.startup.homepage - google.com.br
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1328137764
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1328137764
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1328137764
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1328205640
FF - user.js: browser.bookmarks.restore_default_bookmarks - false
FF - user.js: browser.cache.disk.capacity - 1048576
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 962560
FF - user.js: browser.migration.version - 5
FF - user.js: browser.places.smartBookmarksVersion - 2
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.shell.checkDefaultBrowser - false
FF - user.js: browser.startup.homepage - google.com.br
FF - user.js: browser.startup.homepage_override.buildID - 20120129021758
FF - user.js: browser.startup.homepage_override.mstone - rv:10.0
FF - user.js: browser.taskbar.lastgroupid - 542292874D91F880
FF - user.js: extensions.blocklist.pingCountVersion - 0
FF - user.js: extensions.bootstrappedAddons - {}
FF - user.js: extensions.databaseSchema - 11
FF - user.js: extensions.enabledAddons - {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30,{972ce4c6-7e08-4474-a285-3208198ce6fd}:10.0
FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{BBDA0591-3099-440a-AA10-41764D9DB4DB}\:{\descriptor\:\c:\\\\ProgramData\\\\Norton\\\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\\\\NIS_19.1.0.28\\\\IPSFFPlgn\,\mtime\:1328187055487},\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}\:{\descriptor\:\c:\\\\ProgramData\\\\Norton\\\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\\\\NIS_19.1.0.28\\\\coFFPlgn\,\mtime\:1328187042789}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\f:\\\\Programas\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1328137137704},\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\:{\descriptor\:\f:\\\\Programas\\\\Mozilla Firefox\\\\extensions\\\\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\,\mtime\:1328147054038}}},{\name\:\app-profile\,\addons\:{\fdm_ffext@freedownloadmanager.org\:{\descriptor\:\f:\\\\Programas\\\\Free Download Manager\\\\Firefox\\\\Extension\,\mtime\:1325119130630}}}]
FF - user.js: extensions.lastAppVersion - 10.0
FF - user.js: extensions.lastPlatformVersion - 10.0
FF - user.js: extensions.pendingOperations - false
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: gfx.blacklist.direct2d - 2
FF - user.js: gfx.blacklist.layers.direct3d10 - 2
FF - user.js: gfx.blacklist.layers.direct3d10-1 - 2
FF - user.js: gfx.blacklist.layers.direct3d9 - 2
FF - user.js: gfx.blacklist.layers.opengl - 2
FF - user.js: gfx.blacklist.suggested-driver-version - 8.15.10.2202
FF - user.js: gfx.blacklist.webgl.angle - 2
FF - user.js: gfx.blacklist.webgl.msaa - 2
FF - user.js: gfx.blacklist.webgl.opengl - 2
FF - user.js: intl.charsetmenu.browser.cache - ISO-8859-1, UTF-8
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: places.history.expiration.transient_current_max_pages - 79492
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: toolkit.telemetry.prompted - 2
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1330729160
FF - user.js: xpinstall.whitelist.add -
FF - user.js: xpinstall.whitelist.add.36 -
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Daniel\AppData\Local\Temp\005ADE2.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\Daniel\AppData\Local\Temp\006E74D.tmp"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-2583405121-845317484-362328064-1000_Classes\Wow6432Node\CLSID\{4b4334a1-bba0-40a6-8bd9-7dbb2ab27657}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000103
"Therad"=dword:0000001f
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,53,4e,1a,5b,76,50,55,59,06,77,9b,8c,b3,32,fc,61,38,ce,6e,86,6a,2a,\
.
[HKEY_USERS\S-1-5-21-2583405121-845317484-362328064-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):ff,74,f9,b2,9f,eb,b6,da,38,b5,b7,ed,d3,90,ee,e3,ec,c2,1f,55,b0,
dc,72,68,16,1c,7e,b6,81,d8,1f,c2,e9,c1,cb,30,af,78,be,78,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files (x86)\Connectify\ConnectifyD.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Tempo para conclusão: 2012-03-15 20:25:18 - Máquina reiniciou
ComboFix-quarantined-files.txt 2012-03-15 23:25
.
Pré-execução: 82.888.126.464 bytes disponíveis
Pós execução: 82.542.260.224 bytes disponíveis
.
- - End Of File - - B3DDB89F9B8C920ACA52C1B03B60E46F

Abraço.

Edit - Sabe o que pode ser isso ?

Spoiler

 

[Laptosh]

Nexus,

o Mr.Wolf deve ta meio corrido e não ta conseguindo acessar o fórum, será que você não faz ideia de como resolver esse meu problema? Isso ta me matando! =/

Não to querendo formatar isso aqui por que são muitos programas que uso, principalmente os de Banco que são os que dão mais canseira.

Ou mais alguém que poderia ajudar, qualquer dica é bem vinda e eu iria agradecer.


Abraço!

 

[Nexus]

Laptosh seu Avira é versão paga, ele tem firewall. Entre nas configurações do firewall e tente bloquear permanentemente essa entrada.
Ataque DDoS não tem uma vacina, o jeito é ir bloqueando.

Pode tentar dar o reset no Modem e mudar o DNS no seu Windows.

DNS COMODO - DNS NORTON Primário 8.26.56.26 - 198.153.192.1
Secundário 8.20.247.20 - 198.153.194.1


Para alterar faz o seguinte:


Windows XP


1. Vá em Iniciar > Painel de Controle
2. Vá em Conexões de Rede
3. Selecione a Conexão local e clique em Propriedades
4. Selecione a Protocolo TCP/IP e clique em Propriedades
5. Selecione a última opção. No primeiro campo, digite xxx.xxx.xxx.xxx* e no campo seguinte, digite xxx.xxx.xxx.xxx*


Windows Vista


Entre em Central de Redes e Compartilhamento e, em conexão local, clique em exibir status. Procure por protocolo TCP/IP 4 e clique em propriedades.
Marque usar os seguintes servidores DNS e escreva: xxx.xxx.xxx.xxx* e xxx.xxx.xxx.xxx*, respectivamente.


Windows Seven


Entre em Central de Redes e clique sobre “conexão local”. Na janela seguinte, clique em propriedades e siga os mesmos procedimentos para o Windows Vista.


* Você irá trocar o xxx de acordo com o Servidor DNS que escolheu usar!

[FONT=Verdana, Tahoma, Arial, sans-serif]
[/FONT]​

 

[anderson_act]

Galera estou com um trojan enchendo o saco já e tudo que tentei não funcionou se puderam ajudar
JS:downloader-BJD todo aplicativo que inicio, email - msn - internet - o avast alerta

Log Hijackthis

Spoiler

Logfile of HijackThis v1.99.1
Scan saved at 08:04:22, on 27/03/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Running processes:
C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
C:\Program Files (x86)\ASUS\AI Suite\CPU Level UpEx\CpuLevelUp.exe
C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\ASUS\TurboV\TurboV.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\LinhaDefensiva\exec\md5.exe
C:\Users\Anderson\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=4.0007002"
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=4.0007002"
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.updatingsystem361.com/dl03.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 203.232.208.116:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 89.149.244.103 l2authd.lineage2.com
O1 - Hosts: 209.222.96.92 aapj.bb.com.br
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\Microsoft Office\Office14\GROOVEEX.DLL
O2 - BHO: Defender - {7AA95021-4069-4850-BD49-D42EC24BB63A} - C:\Users\Anderson\AppData\Roaming\TI\epcc.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\Microsoft Office\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~2\GbPlugin\gbiehUni.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)
O3 - Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [Cpu Level Up] "C:\Program Files (x86)\ASUS\AI Suite\CPU Level UPEx\CpuLevelUp.exe" -r
O4 - HKLM\..\Run: [TweakIt Help] "C:\Program Files (x86)\ASUS\TweakIt\TweakIt.exe" -r
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TurboV] "C:\Program Files (x86)\ASUS\TurboV\TurboV.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &B&aixar &com o BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &B&aixar tudo usando o BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\Microsoft Office\Office14\ONBttnIE.dll/105
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\bonjour\mdnsnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GBPCEF.CAB
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D2C37FC-987C-4299-9EE1-A0CE00CCF4ED}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A296ECC-31FD-4810-89A7-8A9380AC1CBC}: NameServer = 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D2C37FC-987C-4299-9EE1-A0CE00CCF4ED}: NameServer = 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{1D2C37FC-987C-4299-9EE1-A0CE00CCF4ED}: NameServer = 8.8.8.8
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\Windows
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~2\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - BitComet - A free C++ BitTorrent/HTTP/FTP Download Client - C:\Program Files (x86)\BitComet\tools\BitCometService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Desura Install Service - Desura Pty Ltd - C:\Program Files (x86)\Common Files\Desura\desura_service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: ICM_UpdaterService Disp (ICM_UpdaterService) - Unknown owner - C:\Program Files (x86)\SAMSUNG\Samsung Networking Wizard\ICM_Service.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Microsoft SharePoint Workspace Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PS3 Media Server - Unknown owner - C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe" -s "C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.conf (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung AllShare PC (SamsungAllShareV2.0) - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SimpleSlideShowServer - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sound Blaster X-Fi MB Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Log Combofix

Spoiler

ComboFix 12-03-27.02 - Anderson 27/03/2012 8:19.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.6135.3157 [GMT -3:00]
Executando de: c:\users\Anderson\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - drivers: deleted 412 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Anderson\AppData\Local\TempDIR
c:\users\Anderson\AppData\Roaming\chrtmp
c:\users\Anderson\AppData\Roaming\Driver.exe
c:\users\Anderson\AppData\Roaming\Roaming
c:\users\Anderson\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst
c:\users\Anderson\AppData\Roaming\safe.ws
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\swsystem.dll
c:\windows\SysWow64\tmp33B9.tmp
c:\windows\SysWow64\tmp33BA.tmp
c:\windows\SysWow64\tmp3E66.tmp
c:\windows\SysWow64\tmp3ED4.tmp
c:\windows\SysWow64\tmp5215.tmp
c:\windows\SysWow64\tmp52D1.tmp
c:\windows\SysWow64\tmpDB8F.tmp
c:\windows\SysWow64\tmpDCD7.tmp
c:\windows\SysWow64\tmpE5EB.tmp
c:\windows\SysWow64\tmpE5EC.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RkHit
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-02-27 to 2012-03-27 ))))))))))))))))))))))))))))
.
.
2012-03-27 10:04 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B220671-C921-4083-A3CA-D5E74D41F546}\mpengine.dll
2012-03-26 22:58 . 2012-03-26 22:58 -------- d-----w- C:\NVIDIA
2012-03-24 22:36 . 2012-03-24 22:38 -------- d-----w- c:\users\Anderson\AppData\Local\Trapped Dead
2012-03-22 23:17 . 2012-03-22 23:17 -------- d-----w- c:\users\Anderson\AppData\Local\Geckofx
2012-03-22 23:17 . 2012-03-22 23:17 -------- d-----w- c:\users\Anderson\AppData\Roaming\Firefly Studios
2012-03-21 21:04 . 2012-03-21 21:05 -------- d-----w- c:\users\Anderson\AppData\Roaming\HD Tune Pro
2012-03-21 16:22 . 2012-03-21 16:22 -------- d-----w- c:\users\Anderson\AppData\Local\76561197994295943
2012-03-17 23:22 . 2012-03-17 23:22 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-17 23:22 . 2012-03-17 23:22 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 13:51 . 2012-03-14 13:51 -------- d-----w- c:\users\Anderson\AppData\Roaming\Easy MP3 Recorder
2012-03-14 12:20 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 12:20 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 12:20 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-14 12:20 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 12:20 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 12:20 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 12:20 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 12:20 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 12:20 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 12:20 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 12:20 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 21:41 . 2012-03-25 12:04 -------- d-----w- c:\users\UpdatusUser
2012-03-13 21:40 . 2012-03-26 22:53 -------- d-----w- c:\programdata\NVIDIA
2012-03-13 21:40 . 2012-02-29 21:00 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-03-13 21:40 . 2012-02-29 20:59 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-03-13 21:40 . 2012-02-29 20:59 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-03-13 21:40 . 2012-02-29 20:59 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-03-13 21:40 . 2012-02-29 20:59 2515790 ----a-w- c:\windows\system32\nvcoproc.bin
2012-03-13 21:40 . 2012-02-29 21:00 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-03-13 21:40 . 2012-02-29 20:59 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-03-13 21:40 . 2012-03-13 21:40 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-03-13 13:32 . 2012-03-13 13:32 -------- d-----w- c:\users\Anderson\AppData\Roaming\Need for Speed World
2012-03-13 03:08 . 2012-03-13 03:08 -------- d-----w- c:\users\Anderson\AppData\Local\Electronic_Arts_Inc
2012-03-12 21:48 . 2012-03-12 21:48 -------- d-----w- c:\users\Anderson\AppData\Roaming\PACE Anti-Piracy
2012-03-12 21:48 . 2012-03-12 21:48 -------- d-----w- c:\users\Anderson\AppData\Local\PACE Anti-Piracy
2012-03-12 21:48 . 2012-03-12 21:48 -------- d-----w- c:\programdata\PACE Anti-Piracy
2012-03-12 21:48 . 2012-03-12 21:48 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2012-03-12 21:38 . 2012-03-12 21:38 -------- d-----w- c:\program files (x86)\Adobe Story
2012-03-10 20:44 . 2012-03-10 20:44 -------- d-----w- c:\users\Anderson\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-03-10 19:48 . 2012-03-10 19:48 -------- d-----w- c:\programdata\Pinnacle
2012-03-04 15:57 . 2012-03-04 15:58 -------- d-----w- c:\programdata\Logitech
2012-03-04 15:52 . 2012-03-04 15:52 53248 ----a-r- c:\users\Anderson\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-03-02 13:09 . 2012-03-02 13:09 -------- d-----w- c:\program files (x86)\Microsoft Games
2012-03-01 11:43 . 2012-03-01 11:46 -------- d-----w- c:\program files (x86)\Velvet Assassin
2012-02-29 19:26 . 2012-02-29 19:26 28056 ----a-w- c:\windows\system32\xfcodec64.dll
2012-02-29 16:26 . 2012-02-29 16:26 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-02-28 18:27 . 2005-01-12 16:18 44544 ----a-r- c:\windows\SysWow64\msxml4a.dll
2012-02-28 18:19 . 2012-03-17 16:19 -------- d-----w- c:\programdata\FLEXnet
2012-02-28 18:13 . 2012-02-28 18:13 -------- d-----w- c:\program files (x86)\Bonjour
2012-02-28 18:11 . 2012-02-28 18:11 -------- d-----w- c:\windows\SysWow64\spool
2012-02-28 18:10 . 2012-02-28 18:10 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2012-02-26 19:21 . 2012-02-26 19:21 -------- d-----w- c:\users\Anderson\AppData\Roaming\Intel Corporation
2012-02-26 18:59 . 2012-02-26 18:59 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2012-02-26 18:36 . 2011-10-17 17:55 559384 ----a-w- c:\windows\system32\drivers\iaStor.sys
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-24 20:48 . 2010-06-04 03:28 111928 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-24 20:48 . 2010-06-04 03:28 111928 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-03-24 18:13 . 2010-06-04 12:47 270776 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-20 13:30 . 2010-06-03 16:45 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-03-20 13:30 . 2010-06-03 16:45 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-03-09 20:25 . 2010-11-04 19:07 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-03-07 00:15 . 2010-07-20 00:42 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2010-06-07 13:51 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-07 00:15 . 2011-01-25 19:21 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:04 . 2011-02-24 15:36 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:04 . 2010-06-07 13:52 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2012-02-26 03:28 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-07 00:01 . 2010-06-07 13:52 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2010-06-07 13:52 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-07 00:01 . 2010-06-07 13:52 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-29 01:27 . 2011-05-17 12:43 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-24 22:35 . 2010-06-04 03:27 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-02-23 12:18 . 2010-06-03 16:30 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-03 10:52 . 2012-02-03 10:52 521448 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-11 17:04 . 2010-06-03 19:08 42584 ----a-w- c:\windows\SysWow64\drivers\gbpkm.sys
2012-01-06 14:28 . 2010-06-06 13:37 3123272 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-01-04 10:44 . 2012-02-15 10:12 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 10:12 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-15 10:12 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-15 10:12 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7AA95021-4069-4850-BD49-D42EC24BB63A}]
2011-03-20 23:13 839168 ----a-w- c:\users\Anderson\AppData\Roaming\TI\epcc.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-10-13 1242448]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="c:\program files (x86)\ASUS\AI Suite\AiNap\AiNap.exe" [2009-07-01 1435136]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-07-01 601088]
"Cpu Level Up"="c:\program files (x86)\ASUS\AI Suite\CPU Level UPEx\CpuLevelUp.exe" [2009-04-07 1169408]
"TweakIt Help"="c:\program files (x86)\ASUS\TweakIt\TweakIt.exe" [2009-03-13 817152]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2008-02-11 221288]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2008-03-16 1302528]
"TurboV"="c:\program files (x86)\ASUS\TurboV\TurboV.exe" [2009-05-25 5391872]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-07 4241512]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"AllShareAgent"="c:\program files (x86)\Samsung\AllShare\AllShareAgent.exe" [2012-01-19 285072]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-10-17 284440]
.
c:\users\Anderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDock\ObjectDock.exe [2010-6-3 3450608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\progra~2\GbPlugin\gbiehUni.dll" [2011-12-20 732072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2011-07-18 11:09 1685384 ----a-w- c:\program files (x86)\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]
2012-01-11 17:01 726360 ----a-w- c:\program files (x86)\GbPlugin\gbiehcef.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
2011-12-20 17:32 732072 ----a-w- c:\progra~2\GbPlugin\gbiehUni.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a??
\0????????????????????????
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Serviço Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-25 136176]
R2 ICM_UpdaterService;ICM_UpdaterService Disp;c:\program files (x86)\SAMSUNG\Samsung Networking Wizard\ICM_Service.exe [x]
R3 ALSysIO;ALSysIO;c:\users\Anderson\AppData\Local\Temp\ALSysIO64.sys [x]
R3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [x]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 cpuz130;cpuz130;c:\users\Anderson\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2011-12-12 131912]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\Steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-25 136176]
R3 MCfilt;MCfilt;c:\windows\system32\drivers\MCfilt64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
R3 MSICDSetup;MSICDSetup;E:\CDriver64.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 PS3 Media Server;PS3 Media Server;c:\program files (x86)\PS3 Media Server\win32\service\wrapper.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-01-19 27584]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-06-03 79360]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe [2012-01-11 194904]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13592]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-01-19 25504]
S3 gttap1;GoTrusted-x64 Adapter;c:\windows\system32\DRIVERS\gttap1.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2012-02-20 13368]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-25 13:35]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-25 13:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 135408 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"combofix"="c:\combofix\CF9873.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://home.sweetim.com/?crg=4.0007002"
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com/?crg=4.0007002"
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 203.232.208.116:8080
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &B&aixar &com o BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &B&aixar tudo usando o BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\Office14\EXCEL.EXE/3000
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\Microsoft Office\Office14\ONBttnIE.dll/105
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 8.8.8.8 200.222.123.102
TCP: Interfaces\{1D2C37FC-987C-4299-9EE1-A0CE00CCF4ED}: NameServer = 8.8.8.8
TCP: Interfaces\{5A296ECC-31FD-4810-89A7-8A9380AC1CBC}: NameServer = 8.8.8.8
DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab
FF - ProfilePath - c:\users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\w2cjncg0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.globo.com/
FF - prefs.js: network.proxy.ftp - 91.231.120.198
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 91.231.120.198
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 91.231.120.198
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 91.231.120.198
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-10 - (no file)
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2518437256-3161149121-1769360393-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:16,44,49,ab,f0,72,26,0f,62,8b,02,84,b8,3c,8b,ca,58,bc,1f,1b,fc,85,92,
66,fd,bf,63,fa,00,41,09,69,9b,c8,f7,4b,c6,08,e7,81,f7,2f,89,93,98,5d,b0,d7,\
"??"=hex:12,55,71,1d,c1,f1,ec,3a,06,20,ca,15,f3,c0,5b,49
.
[HKEY_USERS\S-1-5-21-2518437256-3161149121-1769360393-1001\Software\SecuROM\License information*]
"datasecu"=hex:8c,06,0f,0a,15,9d,76,35,4f,31,88,52,cd,f6,02,42,94,27,21,89,c5,
d4,be,14,c2,e0,73,8d,09,af,f1,be,22,56,46,08,0b,95,a1,09,58,7a,a6,47,23,da,\
"rkeysecu"=hex:0b,e1,bd,c6,c0,c0,6d,0e,20,37,7d,ba,c6,8b,ef,56
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:06,a8,f8,b0,bf,ce,b0,bb,1d,68,62,43,5b,d8,83,ad,69,16,1f,35,c5,
5b,eb,21,2c,d0,b3,b3,3e,39,76,22,b0,47,e5,eb,41,35,21,bf,69,04,d6,57,02,8c,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:06,a8,f8,b0,bf,ce,b0,bb,1d,68,62,43,5b,d8,83,ad,69,16,1f,35,c5,
5b,eb,21,2c,d0,b3,b3,3e,39,76,22,b0,47,e5,eb,41,35,21,bf,69,04,d6,57,02,8c,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Tempo para conclusão: 2012-03-27 08:39:00 - Máquina reiniciou
ComboFix-quarantined-files.txt 2012-03-27 11:39
.
Pré-execução: 99.885.916.160 bytes disponíveis
Pós execução: 99.235.418.112 bytes disponíveis
.
- - End Of File - - 54FB5AAAE6AC7F9AF04F01F8B6C617E3

 

[Dago]

Gostaria de saber se meu PC está infectado com algum vírus, pois ao tentar abrir uma página apareceu uma outra que só consegui sair desligando o PC. Depois disso não conseguia mais abrir o Gerenciador de Tarefas (já resolvido). Meu Log Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:11:08, on 31/3/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe
C:\Arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Jorge\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Jorge\Dados de aplicativos\FlashGetBHO\FlashGetBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QT Lite\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\ARQUIV~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Adicionar ao Antibanner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O8 - Extra context menu item: Download all links by FlashGet3 - C:\Arquivos de programas\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Arquivos de programas\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: &Teclado Virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.16.0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BE60A84-BED3-4017-80C0-94A06B2244A5}: NameServer = 200.204.0.10 200.204.0.138
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Arquivos de programas\Arquivos comuns\BinarySense\hlAPP.dll" (file missing)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Serviço do Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Arquivos de programas\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7003 bytes

 

[spect]

Mas nao entendi ao certo

é para algum virus especifico?

desculpe a ignorancia

 

[Mchawk]

Boa tarde, gallera do Adrena!

De um tempo pra cá (3 dias), toda a vez que eu acesso o site do Banco do Brasil pelo Firefox, sou recebido com um erro 404. Quando eu tento acessar o www.bb.com.br pelo Internet Explorer 9, eu sou levado a um site de pishing bem feitinho até, mas que a pessoa sabe que não é verdadeiro pois os links não abrem e os avisos de erro de senha, por exemplo, são diferentes do site original. O pior é que toda a minha rede doméstica tá apresentando o mesmo problema.



Poderiam, por gentileza, dar um olhada no meu log do HijackThis para verificar se eu peguei algum trojan? Obrigado!

Spoiler

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:48:36, on 09/04/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
D:\Programas\Fraps\fraps.exe
D:\Programas\Hamachi\hamachi-2-ui.exe
D:\Jogos\Steam\Steam.exe
C:\Program Files (x86)\Connectify\Connectify.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
D:\Programas\TightVNC\tvnserver.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
D:\Programas\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
D:\Programas\Firefox\firefox.exe
D:\Programas\Firefox\plugin-container.exe
D:\Programas\Easy SpyRemover\EasySpyRemover.exe
D:\Downloads Web Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [tvncontrol] "D:\Programas\TightVNC\tvnserver.exe" -controlservice -slave
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "D:\Programas\Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Steam] "D:\Jogos\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Global Startup: AML Device Install.lnk = C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C359241C-EA99-4531-847D-BA0FCC878D88}: NameServer = 192.168.182.1
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Connectify - Unknown owner - C:\Program Files (x86)\Connectify\ConnectifyService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - D:\Programas\Hamachi\hamachi-2.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - D:\Programas\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - D:\Programas\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - D:\Programas\TightVNC\tvnserver.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VMware Workstation Server (VMwareHostd) - Unknown owner - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11136 bytes

 

[Kawasaki_-]

Qual o melhro antivirus da atualidade FREE?

 

[flavio-sp]

olá galera
to com um problemao chato no note e to achando que é virus.
o msconfig,gerenciador de tarefas e gpedit naum estão mais abrindo pq aparece a msgem de que o admin desativou..mais eu sou o admin do note e nao desativei nada lá.
sempre que o note inicia ele diz que naum encontrou um arquivo cheio de numeros tipo 000838749.sys e dai quando eu dou ok o explorer demora 100 horas pra carregar.
abaixo deixo meu logfile do hijackthis


desde ja agradeço


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:25:59, on 26/04/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal


Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Flavio\Desktop\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Flavio\AppData\Local\Google\Update\Googl eUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-21-1205016399-1225335468-1279116189-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres')
O4 - HKUS\S-1-5-21-1205016399-1225335468-1279116189-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avenu - SOTHAS - C:\Windows\System32\drivers\9835455.sys
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: postgresql-9.1 - PostgreSQL Server 9.1 (postgresql-9.1) - PostgreSQL Global Development Group - C:/Program Files/PostgreSQL/9.1/bin/pg_ctl.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe


--
End of file - 4369 bytes

 

[Mr.Wolf]

flavio-sp,

Há a presença de um rootkit em seu log.

- Baixe o Rooter e salve-o no desktop.
- Execute-o como administrador.
- Clique em Scan e aguarde a conclusão da ferramenta.
- Ao término, um log será aberto automaticamente. Este log estará salvo em C:\Rooter_1.txt também.

Copie o conteúdo deste log e cole-o em sua próxima resposta.