Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Crish

Ajuda - Remover Malware

Recommended Posts

O Internet Explorer esta abrindo sozinho,

em sites de propagandas de sites conhecidos,

Sempre em meu histórico a parece o site rad.msn.com

com dados de ADSAdcliente31, entre outro.

meu log:

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-08-15 12:18:29

Windows 6.1.7600

Running: gmer.exe; Driver: C:\Users\Meira\AppData\Local\Temp\kxldqpoc.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwClose [0x88E0188E]

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0x88E010EC]

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0x88E00DCE]

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0x88E02938]

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0x88E00ED8]

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0x88E00FC2]

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0x88E01BBC]

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0x88E013F4]

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0x88E01526]

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0x88E00BFC]

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0x88E01B04]

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0x88E0170C]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83034AF8

INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83034104

INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830343F4

INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301D2D8

INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301C898

INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830341DC

INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83034958

INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830346F8

INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83034F2C

INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830351A8

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateFile [0x8936409D]

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0x89363FF8]

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x89364011]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x8DB0A9C0]

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x89364025]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x8DB0AAFA]

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x89364061]

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x893640B1]

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0x89364089]

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0x89364075]

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0x8936404D]

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x89364039]

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x89363FE4]

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtCreateFile

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83094579 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830B8F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text ntkrnlpa.exe!RtlSidHashLookup + 2B8 830C07B8 4 Bytes [8E, 18, E0, 88] {MOV DS, [EAX]; LOOPNZ 0xffffffffffffff8c}

.text ntkrnlpa.exe!RtlSidHashLookup + 2F8 830C07F8 4 Bytes [EC, 10, E0, 88]

.text ntkrnlpa.exe!RtlSidHashLookup + 308 830C0808 4 Bytes [CE, 0D, E0, 88]

.text ntkrnlpa.exe!RtlSidHashLookup + 340 830C0840 4 Bytes [38, 29, E0, 88] {CMP [ECX], CH; LOOPNZ 0xffffffffffffff8c}

.text ntkrnlpa.exe!RtlSidHashLookup + 38C 830C088C 4 Bytes [D8, 0E, E0, 88] {FMUL DWORD [ESI]; LOOPNZ 0xffffffffffffff8c}

.text ...

PAGE ntkrnlpa.exe!ZwLoadDriver 831F2279 7 Bytes JMP 8DB0AAFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE ntkrnlpa.exe!ZwNotifyChangeKey 8324ACE5 5 Bytes JMP 89364065 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ObMakeTemporaryObject 83259F59 5 Bytes JMP 8DB065B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE ntkrnlpa.exe!ObInsertObject + 27 83273C5F 5 Bytes JMP 8DB07FD2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE ntkrnlpa.exe!NtCreateSection 83281CE3 7 Bytes JMP 8DB0A9C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE ntkrnlpa.exe!NtCreateFile 8329BE82 5 Bytes JMP 893640A1 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtSetInformationProcess 8329E409 5 Bytes JMP 8936403D \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwCreateUserProcess 832A6DE0 5 Bytes JMP 89364029 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwTerminateProcess 832B2B3D 5 Bytes JMP 89363FE8 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 832D0C41 7 Bytes JMP 893640B5 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwRestoreKey 832E6F4F 5 Bytes JMP 89364079 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwReplaceKey 832EE0BA 5 Bytes JMP 8936408D \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwCreateProcess 8332BE07 5 Bytes JMP 89363FFC \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwCreateProcessEx 8332BE52 7 Bytes JMP 89364015 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwSetContextThread 8332CD13 5 Bytes JMP 89364051 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

.text peauth.sys 9FC3AC9D 28 Bytes [1E, 93, 1F, 20, 4B, 94, 8D, ...]

.text peauth.sys 9FC3ACC1 28 Bytes [1E, 93, 1F, 20, 4B, 94, 8D, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!CreateWindowExW 76D40E51 5 Bytes JMP 6CF47AA7 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!DialogBoxIndirectParamW 76D64AA7 1 Byte [E9]

.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!DialogBoxIndirectParamW 76D64AA7 5 Bytes JMP 6D0958AB C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!DialogBoxParamW 76D6564A 5 Bytes JMP 6CE6490B C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!DialogBoxParamA 76D7CF6A 5 Bytes JMP 6D095848 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!DialogBoxIndirectParamA 76D7D29C 5 Bytes JMP 6D09590E C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!MessageBoxIndirectA 76D8E8C9 5 Bytes JMP 6D0957DD C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!MessageBoxIndirectW 76D8E9C3 5 Bytes JMP 6D095772 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!MessageBoxExA 76D8EA29 5 Bytes JMP 6D095710 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!MessageBoxExW 76D8EA4D 5 Bytes JMP 6D0956AE C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1316] ole32.dll!OleLoadFromStream 76A35B88 5 Bytes JMP 6D095B74 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4472] USER32.dll!UnhookWindowsHookEx 76D3CC7B 5 Bytes JMP 6CF57E18 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4472] USER32.dll!CallNextHookEx 76D3CC8F 5 Bytes JMP 6CF394EC C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4472] USER32.dll!CreateWindowExW 76D40E51 5 Bytes JMP 6CF47AA7 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4472] USER32.dll!SetWindowsHookExW 76D4210A 5 Bytes JMP 6CEF4243 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4472] USER32.dll!DialogBoxIndirectParamW 76D64AA7 1 Byte [E9]

.text C:\Program Files\Internet Explorer\iexplore.exe[4472] USER32.dll!DialogBoxIndirectParamW 76D64AA7 5 Bytes JMP 6D0958AB C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4472] USER32.dll!DialogBoxParamW 76D6564A 5 Bytes JMP 6CE6490B C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4472] USER32.dll!DialogBoxParamA 76D7CF6A 5 Bytes JMP 6D095848 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4472] USER32.dll!DialogBoxIndirectParamA 76D7D29C 5 Bytes JMP 6D09590E C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4472] USER32.dll!MessageBoxIndirectA 76D8E8C9 5 Bytes JMP 6D0957DD C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4472] USER32.dll!MessageBoxIndirectW 76D8E9C3 5 Bytes JMP 6D095772 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4472] USER32.dll!MessageBoxExA 76D8EA29 5 Bytes JMP 6D095710 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4472] USER32.dll!MessageBoxExW 76D8EA4D 5 Bytes JMP 6D0956AE C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4472] ole32.dll!OleLoadFromStream 76A35B88 5 Bytes JMP 6D095B74 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4472] ole32.dll!CoCreateInstance 76A857FC 5 Bytes JMP 6CF48595 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4472] ws2_32.DLL!getaddrinfo 75696737 5 Bytes JMP 1EEE8950 C:\Windows\system32\vkloeaqvsbsngrw.dll

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe[2388] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [750A5D3D] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe[2388] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [750A5D3D] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe[2388] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [750A5D3D] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe[2388] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [750A5D3D] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe[2388] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [750A5D3D] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Windows\System32\regsvr32.exe[3172] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [750A5D3D] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Windows\System32\regsvr32.exe[3172] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [750A5D3D] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Windows\System32\regsvr32.exe[3172] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [750A5D3D] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Windows\System32\regsvr32.exe[3172] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [750A5D3D] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Windows\System32\regsvr32.exe[3172] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [750A5D3D] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Windows\System32\regsvr32.exe[3172] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress] [750A5D3D] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

Device \Driver\ACPI_HAL \Device\00000050 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Gerenciador de Filtro do Filesystem Microsoft/Microsoft Corporation)

AttachedDevice mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

Device Fs_Rec.sys (File System Recognizer Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcba6cdb0

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcba6cdb0@00256735b9a0 0x8A 0x4C 0xA4 0xA4 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcba6cdb0@148652d66611 0x0C 0x27 0x1E 0x23 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcba6cdb0@001fe365c599 0x49 0xAD 0xC2 0xC1 ...

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcba6cdb0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcba6cdb0@00256735b9a0 0x8A 0x4C 0xA4 0xA4 ...

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcba6cdb0@148652d66611 0x0C 0x27 0x1E 0x23 ...

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcba6cdb0@001fe365c599 0x49 0xAD 0xC2 0xC1 ...

Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Meira\Desktop\McAfee\xae VirusScan Enterprise 8.7i\SetupVSE.Exe 1

---- EOF - GMER 1.0.15 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Como Pegar o log DD:confused:S?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • DDS (Ver_10-03-17.01) - NTFSx86

    Run by Meira at 12:46:02,41 on 16/08/2010

    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21

    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.1974.876 [GMT -3:00]

    AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

    SP: Spyware Terminator *enabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\nvvsvc.exe

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\nvvsvc.exe

    C:\Windows\system32\WUDFHost.exe

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

    C:\Windows\system32\WLANExt.exe

    C:\Windows\system32\conhost.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\taskhost.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe

    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

    C:\Program Files\Dell\Reader 2.1\DVMExportService.exe

    C:\Program Files\Intel\WiFi\bin\EvtEng.exe

    C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe

    C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

    C:\Program Files\McAfee\Common Framework\FrameworkService.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

    C:\Windows\system32\mfevtps.exe

    C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

    c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

    C:\Program Files\McAfee\Common Framework\UdaterUI.exe

    C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

    C:\Program Files\DellTPad\Apoint.exe

    C:\Program Files\IDT\WDM\sttray.exe

    C:\Program Files\McAfee\Common Framework\McTray.exe

    C:\Program Files\DellTPad\ApMsgFwd.exe

    C:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe

    C:\Windows\System32\regsvr32.exe

    C:\Program Files\Alwil Software\Avast5\AvastUI.exe

    C:\Program Files\DellTPad\Apntex.exe

    C:\Windows\system32\conhost.exe

    C:\Program Files\DellTPad\HidFind.exe

    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe

    C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    C:\Program Files\Ares\Ares.exe

    C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

    C:\Users\Meira\AppData\Roaming\Dropbox\bin\Dropbox.exe

    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

    C:\Program Files\Spyware Terminator\sp_rsser.exe

    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

    C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe

    C:\Windows\system32\conhost.exe

    C:\Windows\system32\wbem\unsecapp.exe

    C:\Windows\system32\wbem\unsecapp.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

    C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

    C:\Windows\system32\svchost.exe -k SDRSVC

    C:\Windows\System32\svchost.exe -k secsvcs

    C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

    C:\Windows\system32\wuauclt.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\rundll32.exe

    C:\Windows\system32\vssvc.exe

    C:\Windows\System32\svchost.exe -k swprv

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\Mozilla Firefox\plugin-container.exe

    C:\Users\Meira\Desktop\dds.scr

    C:\Windows\system32\conhost.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = about:blank

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll

    BHO: hotrevenue browser enhancer: {89b0d02c-dec3-a067-aaa0-64261cd0d898} - c:\windows\system32\vkloeaqvsbsngrw.dll

    BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

    BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

    BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

    BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - c:\program files\microsoft visual studio 10.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

    TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

    TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

    EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll

    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

    uRun: [ares] "c:\program files\ares\Ares.exe" -h

    uRun: [spywareTerminatorUpdate] "c:\program files\spyware terminator\SpywareTerminatorUpdate.exe"

    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10h_Plugin.exe -update plugin

    mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey

    mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE

    mRun: [iMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"

    mRun: [Apoint] c:\program files\delltpad\Apoint.exe

    mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

    mRun: [DellBtrEvent] c:\program files\dell\reader 2.1\DellBtrEvent.exe

    mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start

    mRun: [ucqamhreumvpd] c:\windows\system32\regsvr32.exe /s "c:\windows\system32\vkloeaqvsbsngrw.dll"

    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

    mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

    mRun: [spywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"

    StartupFolder: c:\users\meira\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\meira\appdata\roaming\dropbox\bin\Dropbox.exe

    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

    mPolicies-system: EnableLUA = 0 (0x0)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

    IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

    IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

    IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\meira\appdata\roaming\mozilla\firefox\profiles\b1elvyyz.default\

    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

    FF - prefs.js: browser.search.selectedEngine - Ask

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=

    FF - prefs.js: network.proxy.type - 0

    FF - component: c:\program files\microsoft\search enhancement pack\default manager\dmextension\components\FFGlobalExtension.dll

    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

    FF - plugin: c:\program files\mozilla firefox\plugins\npRLCT4Player.dll

    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----

    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

    c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-7-1 340592]

    R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-7-2 17072]

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-3 165456]

    R1 DVMIO;DVMIO;c:\program files\dell\reader 2.1\dvmio.sys [2010-5-4 18320]

    R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-8-14 142592]

    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\AEstSrv.exe [2010-7-1 81920]

    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-3 17744]

    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-8-3 50256]

    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-3 40384]

    R2 DvmMDES;DeviceVM Meta Data Export Service;c:\program files\dell\reader 2.1\DVMExportService.exe [2010-5-4 327680]

    R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-7-2 60928]

    R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2008-9-29 19456]

    R2 McAfeeFramework;Serviço McAfee Framework;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]

    R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-9-29 143088]

    R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-9-29 62800]

    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-7-1 67904]

    R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-7-1 2533400]

    R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-7-2 42672]

    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-3 40384]

    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-3 40384]

    R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-7-1 224424]

    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-7-1 90360]

    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-7-1 42424]

    R3 NETw5s32;Driver do adaptador Intel® Wireless WiFi Link para Windows 7 32 bits;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]

    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-7-22 105576]

    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

    S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-7-1 274472]

    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-7-1 33320]

    S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-7-20 132352]

    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-7-1 64432]

    S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\microsoft visual studio 10.0\team tools\performance tools\VSPerfDrv100.sys [2009-12-8 48128]

    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]

    S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]

    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

    =============== Created Last 30 ================

    2010-08-14 21:49:22 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys

    2010-08-14 21:49:20 0 d-----w- c:\users\meira\appdata\roaming\Spyware Terminator

    2010-08-14 21:49:18 0 d-----w- c:\programdata\Spyware Terminator

    2010-08-14 21:49:16 0 d-----w- c:\program files\Spyware Terminator

    2010-08-09 13:59:14 0 d-----w- c:\program files\Ask Search Assistant

    2010-08-06 18:42:30 0 d-----w- c:\users\meira\appdata\roaming\Charles

    2010-08-06 18:41:51 0 d-----w- c:\program files\Charles

    2010-08-06 16:56:59 0 d-----w- c:\users\meira\appdata\roaming\Auslogics

    2010-08-06 16:56:24 0 d-----w- c:\program files\Auslogics

    2010-08-06 15:16:43 0 d-----w- c:\programdata\Microsoft Visual Studio

    2010-08-06 00:57:23 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll

    2010-08-06 00:57:09 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll

    2010-08-06 00:55:35 0 d-----w- c:\windows\system32\RsFx

    2010-08-06 00:46:31 0 d-----w- c:\program files\Microsoft SQL Server

    2010-08-06 00:45:31 0 d-----w- c:\program files\Microsoft Synchronization Services

    2010-08-06 00:45:30 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition

    2010-08-06 00:42:10 0 d-----w- c:\programdata\PreEmptive Solutions

    2010-08-06 00:32:27 0 d-----w- c:\program files\Microsoft ASP.NET

    2010-08-06 00:32:18 0 d-----w- c:\program files\IIS

    2010-08-06 00:16:37 0 d-----w- c:\windows\system32\1033

    2010-08-06 00:14:40 0 d-----w- c:\program files\Microsoft F#

    2010-08-06 00:14:40 0 d-----w- c:\program files\HTML Help Workshop

    2010-08-06 00:14:39 0 d-----w- c:\program files\Microsoft Help Viewer

    2010-08-06 00:14:39 0 d-----w- c:\program files\common files\Merge Modules

    2010-08-06 00:14:38 0 d-----w- c:\program files\Microsoft Visual Studio 10.0

    2010-08-06 00:01:03 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

    2010-08-06 00:01:02 49472 ----a-w- c:\windows\system32\netfxperf.dll

    2010-08-06 00:01:02 297808 ----a-w- c:\windows\system32\mscoree.dll

    2010-08-06 00:01:02 295264 ----a-w- c:\windows\system32\PresentationHost.exe

    2010-08-06 00:01:02 1130824 ----a-w- c:\windows\system32\dfshim.dll

    2010-08-04 23:30:24 0 d-----w- c:\users\meira\.netbeans

    2010-08-04 23:30:21 0 d-----w- c:\users\meira\.netbeans-registration

    2010-08-04 23:28:41 0 d-----w- c:\program files\glassfish-3.0.1

    2010-08-04 23:19:09 0 ----a-w- c:\users\meira\.javafx_eula_accepted

    2010-08-04 23:12:56 0 d-----w- c:\program files\NetBeans 6.9

    2010-08-04 23:08:41 0 d-----w- c:\program files\Sun

    2010-08-04 23:03:57 0 d-----w- c:\users\meira\.nbi

    2010-08-04 22:40:21 0 d-----w- c:\programdata\Adobe

    2010-08-04 22:30:48 0 d-----w- c:\program files\SSH Communications Security

    2010-08-03 15:02:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

    2010-08-03 15:01:57 38848 ----a-w- c:\windows\avastSS.scr

    2010-08-03 15:01:52 0 d-----w- c:\programdata\Alwil Software

    2010-08-03 00:46:29 0 d-----w- c:\users\meira\appdata\roaming\Dropbox

    2010-07-31 22:47:22 0 d-----w- C:\QUARANTINE

    2010-07-31 22:47:22 0 d-----w- c:\program files\Smart-Ads-Solutions

    2010-07-31 22:47:05 49633 ----a-w- c:\windows\system32\hqczkwgbheg.exe

    2010-07-31 22:47:03 0 d-----w- c:\program files\ezLife

    2010-07-31 20:42:56 130 ----a-w- c:\windows\ODBC.INI

    2010-07-28 13:43:02 0 d-----w- c:\programdata\Google

    2010-07-28 12:47:21 0 d-----w- c:\users\meira\appdata\roaming\PhotoScape

    2010-07-28 12:37:43 0 d-----w- c:\program files\PhotoScape

    2010-07-27 14:29:03 0 d-----w- c:\users\meira\appdata\roaming\tmp

    2010-07-27 14:29:03 0 d-----w- c:\users\meira\appdata\roaming\Reallusion

    2010-07-27 14:24:36 0 d-----w- c:\program files\common files\Reallusion

    2010-07-27 14:23:42 1060864 ------w- c:\windows\system32\MFC71.DLL

    2010-07-27 14:23:36 0 d-----w- c:\program files\Creative Live! Cam

    2010-07-26 20:24:43 0 d-----w- c:\windows\system32\appmgmt

    2010-07-26 16:10:34 0 d-----w- c:\programdata\Sun

    2010-07-26 16:10:14 423656 ----a-w- c:\windows\system32\deployJava1.dll

    2010-07-23 21:53:35 565248 ----a-w- c:\windows\system32\alleg42.dll

    2010-07-23 20:39:53 0 d-----w- c:\program files\IcoFX 1.6

    2010-07-23 19:56:08 0 d-----w- c:\program files\Ask.com

    2010-07-23 19:56:02 0 d-----w- c:\program files\Foxit Software

    2010-07-23 19:28:42 0 d-----w- c:\users\meira\appdata\roaming\Dev-Cpp

    2010-07-23 19:28:12 0 d-----w- C:\Dev-Cpp

    2010-07-22 13:05:48 0 d-----w- c:\programdata\NVIDIA

    2010-07-22 13:01:57 0 d-----w- c:\programdata\NVIDIA Corporation

    2010-07-22 13:01:04 0 d-----w- c:\program files\NVIDIA Corporation

    2010-07-22 13:00:10 26216 ----a-w- c:\windows\system32\nvhdap32.dll

    2010-07-22 13:00:10 232040 ----a-w- c:\windows\system32\nvcohda.dll

    2010-07-22 13:00:10 105576 ----a-w- c:\windows\system32\drivers\nvhda32v.sys

    2010-07-22 13:00:00 9596 ----a-w- c:\windows\system32\nvinfo.pb

    2010-07-22 13:00:00 795104 ----a-w- c:\windows\system32\dpinst.exe

    2010-07-22 13:00:00 56936 ----a-w- c:\windows\system32\OpenCL.dll

    2010-07-22 13:00:00 5107816 ----a-w- c:\windows\system32\nvwgf2um.dll

    2010-07-22 13:00:00 11008040 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

    2010-07-22 13:00:00 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd

    2010-07-22 12:59:58 314984 ----a-w- c:\windows\system32\nvdecodemft.dll

    2010-07-22 12:59:58 14092904 ----a-w- c:\windows\system32\nvoglv32.dll

    2010-07-22 12:59:57 9818728 ----a-w- c:\windows\system32\nvd3dum.dll

    2010-07-22 12:59:57 4553832 ----a-w- c:\windows\system32\nvcuda.dll

    2010-07-22 12:59:57 2892904 ----a-w- c:\windows\system32\nvcuvid.dll

    2010-07-22 12:59:57 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll

    2010-07-22 12:59:55 236136 ----a-w- c:\windows\system32\nvcod1922.dll

    2010-07-22 12:59:55 236136 ----a-w- c:\windows\system32\nvcod.dll

    2010-07-22 12:59:55 1625192 ----a-w- c:\windows\system32\nvapi.dll

    2010-07-22 12:59:55 10267240 ----a-w- c:\windows\system32\nvcompiler.dll

    2010-07-22 12:59:50 0 d-----w- C:\NVIDIA

    2010-07-20 23:57:30 132352 ----a-w- c:\windows\system32\drivers\Impcd.sys

    2010-07-20 22:22:59 0 d-----w- c:\program files\Ares

    2010-07-19 02:04:52 0 d-----w- c:\programdata\Messenger Plus!

    2010-07-19 02:02:48 0 d-----w- c:\program files\Messenger Plus! Live

    2010-07-18 23:51:05 0 d-----w- c:\program files\Windows Live SkyDrive

    ==================== Find3M ====================

    2010-08-16 14:19:48 771296 ----a-w- c:\windows\system32\prfh0416.dat

    2010-08-16 14:19:48 171112 ----a-w- c:\windows\system32\prfc0416.dat

    2010-07-15 12:19:46 396288 ----a-w- c:\windows\system32\vkloeaqvsbsngrw.dll

    2010-07-09 19:20:08 110696 ----a-w- c:\windows\system32\nvmctray.dll

    2010-07-09 19:20:06 66664 ----a-w- c:\windows\system32\nvshext.dll

    2010-07-09 19:20:06 261736 ----a-w- c:\windows\system32\nvhotkey.dll

    2010-07-09 19:20:06 1881704 ----a-w- c:\windows\system32\nvsvcr.dll

    2010-07-09 19:20:06 1469544 ----a-w- c:\windows\system32\nvsvc.dll

    2010-07-09 19:20:06 13939816 ----a-w- c:\windows\system32\nvcpl.dll

    2010-07-09 19:20:06 129640 ----a-w- c:\windows\system32\nvvsvc.exe

    2010-07-02 00:58:24 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01009.Wdf

    2010-07-01 22:49:16 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

    2010-07-01 22:40:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf

    2010-05-21 17:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe

    2009-07-29 18:45:43 38536 ----a-w- c:\windows\inf\perflib\0416\perfd.dat

    2009-07-29 18:45:43 38536 ----a-w- c:\windows\inf\perflib\0416\perfc.dat

    2009-07-29 18:45:43 323154 ----a-w- c:\windows\inf\perflib\0416\perfi.dat

    2009-07-29 18:45:43 323154 ----a-w- c:\windows\inf\perflib\0416\perfh.dat

    2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

    2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

    2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

    2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

    2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini

    2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

    2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

    2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

    2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

    2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

    2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

    ============= FINISH: 12:48:08,71 ===============

    DDS (Ver_10-03-17.01) - NTFSx86

    Run by Meira at 12:50:37,04 on 16/08/2010

    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21

    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.1974.764 [GMT -3:00]

    AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

    SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\nvvsvc.exe

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\nvvsvc.exe

    C:\Windows\system32\WUDFHost.exe

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

    C:\Windows\system32\WLANExt.exe

    C:\Windows\system32\conhost.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\taskhost.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe

    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

    C:\Program Files\Dell\Reader 2.1\DVMExportService.exe

    C:\Program Files\Intel\WiFi\bin\EvtEng.exe

    C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe

    C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

    C:\Program Files\McAfee\Common Framework\FrameworkService.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

    C:\Windows\system32\mfevtps.exe

    C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

    c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

    C:\Program Files\McAfee\Common Framework\UdaterUI.exe

    C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

    C:\Program Files\DellTPad\Apoint.exe

    C:\Program Files\IDT\WDM\sttray.exe

    C:\Program Files\McAfee\Common Framework\McTray.exe

    C:\Program Files\DellTPad\ApMsgFwd.exe

    C:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe

    C:\Windows\System32\regsvr32.exe

    C:\Program Files\Alwil Software\Avast5\AvastUI.exe

    C:\Program Files\DellTPad\Apntex.exe

    C:\Windows\system32\conhost.exe

    C:\Program Files\DellTPad\HidFind.exe

    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    C:\Program Files\Ares\Ares.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

    C:\Users\Meira\AppData\Roaming\Dropbox\bin\Dropbox.exe

    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

    C:\Program Files\Spyware Terminator\sp_rsser.exe

    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

    C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe

    C:\Windows\system32\conhost.exe

    C:\Windows\system32\wbem\unsecapp.exe

    C:\Windows\system32\wbem\unsecapp.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

    C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

    C:\Windows\system32\svchost.exe -k SDRSVC

    C:\Windows\System32\svchost.exe -k secsvcs

    C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

    C:\Windows\system32\wuauclt.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\rundll32.exe

    C:\Windows\system32\vssvc.exe

    C:\Windows\System32\svchost.exe -k swprv

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\Mozilla Firefox\plugin-container.exe

    C:\Windows\system32\notepad.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\System32\svchost.exe -k WerSvcGroup

    C:\Users\Meira\Desktop\dds.scr

    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uStart Page = about:blank

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll

    BHO: hotrevenue browser enhancer: {89b0d02c-dec3-a067-aaa0-64261cd0d898} - c:\windows\system32\vkloeaqvsbsngrw.dll

    BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

    BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

    BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

    BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - c:\program files\microsoft visual studio 10.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

    TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

    TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

    EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll

    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

    uRun: [ares] "c:\program files\ares\Ares.exe" -h

    uRun: [spywareTerminatorUpdate] "c:\program files\spyware terminator\SpywareTerminatorUpdate.exe"

    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10h_Plugin.exe -update plugin

    mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey

    mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE

    mRun: [iMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"

    mRun: [Apoint] c:\program files\delltpad\Apoint.exe

    mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

    mRun: [DellBtrEvent] c:\program files\dell\reader 2.1\DellBtrEvent.exe

    mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start

    mRun: [ucqamhreumvpd] c:\windows\system32\regsvr32.exe /s "c:\windows\system32\vkloeaqvsbsngrw.dll"

    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

    mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

    mRun: [spywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"

    StartupFolder: c:\users\meira\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\meira\appdata\roaming\dropbox\bin\Dropbox.exe

    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

    mPolicies-system: EnableLUA = 0 (0x0)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

    IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

    IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

    IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\meira\appdata\roaming\mozilla\firefox\profiles\b1elvyyz.default\

    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

    FF - prefs.js: browser.search.selectedEngine - Ask

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=

    FF - prefs.js: network.proxy.type - 0

    FF - component: c:\program files\microsoft\search enhancement pack\default manager\dmextension\components\FFGlobalExtension.dll

    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

    FF - plugin: c:\program files\mozilla firefox\plugins\npRLCT4Player.dll

    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----

    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

    c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-7-1 340592]

    R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-7-2 17072]

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-3 165456]

    R1 DVMIO;DVMIO;c:\program files\dell\reader 2.1\dvmio.sys [2010-5-4 18320]

    R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-8-14 142592]

    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\AEstSrv.exe [2010-7-1 81920]

    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-3 17744]

    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-8-3 50256]

    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-3 40384]

    R2 DvmMDES;DeviceVM Meta Data Export Service;c:\program files\dell\reader 2.1\DVMExportService.exe [2010-5-4 327680]

    R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-7-2 60928]

    R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2008-9-29 19456]

    R2 McAfeeFramework;Serviço McAfee Framework;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]

    R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-9-29 143088]

    R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-9-29 62800]

    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-7-1 67904]

    R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-7-1 2533400]

    R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-7-2 42672]

    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-3 40384]

    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-3 40384]

    R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-7-1 224424]

    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-7-1 90360]

    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-7-1 42424]

    R3 NETw5s32;Driver do adaptador Intel® Wireless WiFi Link para Windows 7 32 bits;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]

    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-7-22 105576]

    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

    S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-7-1 274472]

    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-7-1 33320]

    S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-7-20 132352]

    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-7-1 64432]

    S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\microsoft visual studio 10.0\team tools\performance tools\VSPerfDrv100.sys [2009-12-8 48128]

    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]

    S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]

    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

    =============== Created Last 30 ================

    2010-08-14 21:49:22 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys

    2010-08-14 21:49:20 0 d-----w- c:\users\meira\appdata\roaming\Spyware Terminator

    2010-08-14 21:49:18 0 d-----w- c:\programdata\Spyware Terminator

    2010-08-14 21:49:16 0 d-----w- c:\program files\Spyware Terminator

    2010-08-09 13:59:14 0 d-----w- c:\program files\Ask Search Assistant

    2010-08-06 18:42:30 0 d-----w- c:\users\meira\appdata\roaming\Charles

    2010-08-06 18:41:51 0 d-----w- c:\program files\Charles

    2010-08-06 16:56:59 0 d-----w- c:\users\meira\appdata\roaming\Auslogics

    2010-08-06 16:56:24 0 d-----w- c:\program files\Auslogics

    2010-08-06 15:16:43 0 d-----w- c:\programdata\Microsoft Visual Studio

    2010-08-06 00:57:23 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll

    2010-08-06 00:57:09 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll

    2010-08-06 00:55:35 0 d-----w- c:\windows\system32\RsFx

    2010-08-06 00:46:31 0 d-----w- c:\program files\Microsoft SQL Server

    2010-08-06 00:45:31 0 d-----w- c:\program files\Microsoft Synchronization Services

    2010-08-06 00:45:30 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition

    2010-08-06 00:42:10 0 d-----w- c:\programdata\PreEmptive Solutions

    2010-08-06 00:32:27 0 d-----w- c:\program files\Microsoft ASP.NET

    2010-08-06 00:32:18 0 d-----w- c:\program files\IIS

    2010-08-06 00:16:37 0 d-----w- c:\windows\system32\1033

    2010-08-06 00:14:40 0 d-----w- c:\program files\Microsoft F#

    2010-08-06 00:14:40 0 d-----w- c:\program files\HTML Help Workshop

    2010-08-06 00:14:39 0 d-----w- c:\program files\Microsoft Help Viewer

    2010-08-06 00:14:39 0 d-----w- c:\program files\common files\Merge Modules

    2010-08-06 00:14:38 0 d-----w- c:\program files\Microsoft Visual Studio 10.0

    2010-08-06 00:01:03 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

    2010-08-06 00:01:02 49472 ----a-w- c:\windows\system32\netfxperf.dll

    2010-08-06 00:01:02 297808 ----a-w- c:\windows\system32\mscoree.dll

    2010-08-06 00:01:02 295264 ----a-w- c:\windows\system32\PresentationHost.exe

    2010-08-06 00:01:02 1130824 ----a-w- c:\windows\system32\dfshim.dll

    2010-08-04 23:30:24 0 d-----w- c:\users\meira\.netbeans

    2010-08-04 23:30:21 0 d-----w- c:\users\meira\.netbeans-registration

    2010-08-04 23:28:41 0 d-----w- c:\program files\glassfish-3.0.1

    2010-08-04 23:19:09 0 ----a-w- c:\users\meira\.javafx_eula_accepted

    2010-08-04 23:12:56 0 d-----w- c:\program files\NetBeans 6.9

    2010-08-04 23:08:41 0 d-----w- c:\program files\Sun

    2010-08-04 23:03:57 0 d-----w- c:\users\meira\.nbi

    2010-08-04 22:40:21 0 d-----w- c:\programdata\Adobe

    2010-08-04 22:30:48 0 d-----w- c:\program files\SSH Communications Security

    2010-08-03 15:02:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

    2010-08-03 15:01:57 38848 ----a-w- c:\windows\avastSS.scr

    2010-08-03 15:01:52 0 d-----w- c:\programdata\Alwil Software

    2010-08-03 00:46:29 0 d-----w- c:\users\meira\appdata\roaming\Dropbox

    2010-07-31 22:47:22 0 d-----w- C:\QUARANTINE

    2010-07-31 22:47:22 0 d-----w- c:\program files\Smart-Ads-Solutions

    2010-07-31 22:47:05 49633 ----a-w- c:\windows\system32\hqczkwgbheg.exe

    2010-07-31 22:47:03 0 d-----w- c:\program files\ezLife

    2010-07-31 20:42:56 130 ----a-w- c:\windows\ODBC.INI

    2010-07-28 13:43:02 0 d-----w- c:\programdata\Google

    2010-07-28 12:47:21 0 d-----w- c:\users\meira\appdata\roaming\PhotoScape

    2010-07-28 12:37:43 0 d-----w- c:\program files\PhotoScape

    2010-07-27 14:29:03 0 d-----w- c:\users\meira\appdata\roaming\tmp

    2010-07-27 14:29:03 0 d-----w- c:\users\meira\appdata\roaming\Reallusion

    2010-07-27 14:24:36 0 d-----w- c:\program files\common files\Reallusion

    2010-07-27 14:23:42 1060864 ------w- c:\windows\system32\MFC71.DLL

    2010-07-27 14:23:36 0 d-----w- c:\program files\Creative Live! Cam

    2010-07-26 20:24:43 0 d-----w- c:\windows\system32\appmgmt

    2010-07-26 16:10:34 0 d-----w- c:\programdata\Sun

    2010-07-26 16:10:14 423656 ----a-w- c:\windows\system32\deployJava1.dll

    2010-07-23 21:53:35 565248 ----a-w- c:\windows\system32\alleg42.dll

    2010-07-23 20:39:53 0 d-----w- c:\program files\IcoFX 1.6

    2010-07-23 19:56:08 0 d-----w- c:\program files\Ask.com

    2010-07-23 19:56:02 0 d-----w- c:\program files\Foxit Software

    2010-07-23 19:28:42 0 d-----w- c:\users\meira\appdata\roaming\Dev-Cpp

    2010-07-23 19:28:12 0 d-----w- C:\Dev-Cpp

    2010-07-22 13:05:48 0 d-----w- c:\programdata\NVIDIA

    2010-07-22 13:01:57 0 d-----w- c:\programdata\NVIDIA Corporation

    2010-07-22 13:01:04 0 d-----w- c:\program files\NVIDIA Corporation

    2010-07-22 13:00:10 26216 ----a-w- c:\windows\system32\nvhdap32.dll

    2010-07-22 13:00:10 232040 ----a-w- c:\windows\system32\nvcohda.dll

    2010-07-22 13:00:10 105576 ----a-w- c:\windows\system32\drivers\nvhda32v.sys

    2010-07-22 13:00:00 9596 ----a-w- c:\windows\system32\nvinfo.pb

    2010-07-22 13:00:00 795104 ----a-w- c:\windows\system32\dpinst.exe

    2010-07-22 13:00:00 56936 ----a-w- c:\windows\system32\OpenCL.dll

    2010-07-22 13:00:00 5107816 ----a-w- c:\windows\system32\nvwgf2um.dll

    2010-07-22 13:00:00 11008040 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

    2010-07-22 13:00:00 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd

    2010-07-22 12:59:58 314984 ----a-w- c:\windows\system32\nvdecodemft.dll

    2010-07-22 12:59:58 14092904 ----a-w- c:\windows\system32\nvoglv32.dll

    2010-07-22 12:59:57 9818728 ----a-w- c:\windows\system32\nvd3dum.dll

    2010-07-22 12:59:57 4553832 ----a-w- c:\windows\system32\nvcuda.dll

    2010-07-22 12:59:57 2892904 ----a-w- c:\windows\system32\nvcuvid.dll

    2010-07-22 12:59:57 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll

    2010-07-22 12:59:55 236136 ----a-w- c:\windows\system32\nvcod1922.dll

    2010-07-22 12:59:55 236136 ----a-w- c:\windows\system32\nvcod.dll

    2010-07-22 12:59:55 1625192 ----a-w- c:\windows\system32\nvapi.dll

    2010-07-22 12:59:55 10267240 ----a-w- c:\windows\system32\nvcompiler.dll

    2010-07-22 12:59:50 0 d-----w- C:\NVIDIA

    2010-07-20 23:57:30 132352 ----a-w- c:\windows\system32\drivers\Impcd.sys

    2010-07-20 22:22:59 0 d-----w- c:\program files\Ares

    2010-07-19 02:04:52 0 d-----w- c:\programdata\Messenger Plus!

    2010-07-19 02:02:48 0 d-----w- c:\program files\Messenger Plus! Live

    2010-07-18 23:51:05 0 d-----w- c:\program files\Windows Live SkyDrive

    ==================== Find3M ====================

    2010-08-16 14:19:48 771296 ----a-w- c:\windows\system32\prfh0416.dat

    2010-08-16 14:19:48 171112 ----a-w- c:\windows\system32\prfc0416.dat

    2010-07-15 12:19:46 396288 ----a-w- c:\windows\system32\vkloeaqvsbsngrw.dll

    2010-07-09 19:20:08 110696 ----a-w- c:\windows\system32\nvmctray.dll

    2010-07-09 19:20:06 66664 ----a-w- c:\windows\system32\nvshext.dll

    2010-07-09 19:20:06 261736 ----a-w- c:\windows\system32\nvhotkey.dll

    2010-07-09 19:20:06 1881704 ----a-w- c:\windows\system32\nvsvcr.dll

    2010-07-09 19:20:06 1469544 ----a-w- c:\windows\system32\nvsvc.dll

    2010-07-09 19:20:06 13939816 ----a-w- c:\windows\system32\nvcpl.dll

    2010-07-09 19:20:06 129640 ----a-w- c:\windows\system32\nvvsvc.exe

    2010-07-02 00:58:24 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01009.Wdf

    2010-07-01 22:49:16 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

    2010-07-01 22:40:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf

    2010-05-21 17:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe

    2009-07-29 18:45:43 38536 ----a-w- c:\windows\inf\perflib\0416\perfd.dat

    2009-07-29 18:45:43 38536 ----a-w- c:\windows\inf\perflib\0416\perfc.dat

    2009-07-29 18:45:43 323154 ----a-w- c:\windows\inf\perflib\0416\perfi.dat

    2009-07-29 18:45:43 323154 ----a-w- c:\windows\inf\perflib\0416\perfh.dat

    2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

    2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

    2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

    2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

    2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini

    2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

    2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

    2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

    2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

    2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

    2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

    ============= FINISH: 12:51:27,18 ===============

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows 7 Ultimate

    Boot Device: \Device\HarddiskVolume1

    Install Date: 01/07/2010 19:46:54

    System Uptime: 16/08/2010 11:10:18 (1 hours ago)

    Motherboard: Dell Inc. | | 07XJP9

    Processor: Intel® Core i5 CPU M 540 @ 2.53GHz | CPU 1 | 2381/533mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 231 GiB total, 186,874 GiB free.

    D: is FIXED (FAT32) - 2 GiB total, 1,898 GiB free.

    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID:

    Description: Broadcom USH w/swipe sensor

    Device ID: USB\VID_0A5C&PID_5801&MI_00\7&1EB0F4E8&0&0000

    Manufacturer:

    Name: Broadcom USH w/swipe sensor

    PNP Device ID: USB\VID_0A5C&PID_5801&MI_00\7&1EB0F4E8&0&0000

    Service:

    Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}

    Description: Dell Wireless 375 Bluetooth Module with AMP

    Device ID: USB\VID_413C&PID_8187\F07BCBA6CDB0

    Manufacturer: Broadcom

    Name: Dell Wireless 375 Bluetooth Module with AMP

    PNP Device ID: USB\VID_413C&PID_8187\F07BCBA6CDB0

    Service: BTHUSB

    ==== System Restore Points ===================

    RP56: 05/08/2010 10:00:19 - Spyware Terminator - restore point

    RP57: 05/08/2010 21:00:28 - Windows Update

    RP58: 06/08/2010 15:33:55 - Installed Java 6 Update 21

    RP59: 09/08/2010 09:43:10 - Backup do Windows

    RP60: 09/08/2010 14:32:31 - Removed Windows Live Provider for Microsoft Outlook Social Connector 32-bit

    RP61: 16/08/2010 11:20:57 - Backup do Windows

    ==== Installed Programs ======================

    AccelerometerP11

    Adobe Flash Player 10 ActiveX

    Adobe Flash Player 10 Plugin

    Adobe Reader 9.3 - Português

    Advanced Audio FX Engine

    Advanced Video FX Engine

    Ares 2.1.6

    Arquivo do WinRAR

    Ask Toolbar

    Ask.com Search Assistant 1.0.2

    Assistente de Conexão do Windows Live

    Auslogics Disk Defrag

    avast! Free Antivirus

    Charles Proxy

    Crystal Reports for Visual Studio

    Dell Touchpad

    Dev-C++ 5 beta 9 release (4.9.9.2)

    Dotfuscator Software Services - Community Edition

    Dropbox

    Ferramenta de Carregamento do Windows Live

    GlassFish Server Open Source Edition 3.0.1

    IDT Audio

    Intel PROSet Wireless

    Intel® Management Engine Components

    Intel® Network Connections Drivers

    Java Auto Updater

    Java DB 10.5.3.0

    Java 6 Update 21

    Java SE Development Kit 6 Update 18

    McAfee Agent

    McAfee VirusScan Enterprise

    Messenger Plus! Live

    Microsoft .NET Framework 4 Client Profile

    Microsoft .NET Framework 4 Extended

    Microsoft .NET Framework 4 Multi-Targeting Pack

    Microsoft Application Error Reporting

    Microsoft ASP.NET MVC 2

    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools

    Microsoft Choice Guard

    Microsoft Default Manager

    Microsoft Help Viewer 1.0

    Microsoft Office Access MUI (Portuguese (Brazil)) 2007

    Microsoft Office Enterprise 2007

    Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

    Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

    Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

    Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

    Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

    Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

    Microsoft Office Proof (English) 2007

    Microsoft Office Proof (Portuguese (Brazil)) 2007

    Microsoft Office Proof (Spanish) 2007

    Microsoft Office Proofing (Portuguese (Brazil)) 2007

    Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

    Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

    Microsoft Office Word MUI (Portuguese (Brazil)) 2007

    Microsoft Silverlight

    Microsoft Silverlight 3 SDK

    Microsoft SQL Server 2008

    Microsoft SQL Server 2008 Browser

    Microsoft SQL Server 2008 Common Files

    Microsoft SQL Server 2008 Database Engine Services

    Microsoft SQL Server 2008 Database Engine Shared

    Microsoft SQL Server 2008 Native Client

    Microsoft SQL Server 2008 R2 Data-Tier Application Framework

    Microsoft SQL Server 2008 R2 Data-Tier Application Project

    Microsoft SQL Server 2008 R2 Management Objects

    Microsoft SQL Server 2008 R2 Transact-SQL Language Service

    Microsoft SQL Server 2008 RsFx Driver

    Microsoft SQL Server 2008 Setup Support Files

    Microsoft SQL Server Compact 3.5 SP2 ENU

    Microsoft SQL Server Database Publishing Wizard 1.4

    Microsoft SQL Server System CLR Types

    Microsoft SQL Server VSS Writer

    Microsoft Sync Framework Runtime v1.0 SP1 (x86)

    Microsoft Sync Framework SDK v1.0 SP1

    Microsoft Sync Framework Services v1.0 SP1 (x86)

    Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)

    Microsoft Team Foundation Server 2010 Object Model - ENU

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

    Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319

    Microsoft Visual F# 2.0 Runtime

    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

    Microsoft Visual Studio 2010 Office Developer Tools (x86)

    Microsoft Visual Studio 2010 Performance Collection Tools - ENU

    Microsoft Visual Studio 2010 SharePoint Developer Tools

    Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

    Microsoft Visual Studio 2010 Ultimate - ENU

    Microsoft Visual Studio Macro Tools

    Mozilla Firefox (3.6.8)

    MSVCRT

    NetBeans IDE 6.9

    Netwaiting

    NVIDIA Display Control Panel

    NVIDIA Drivers

    Performance Solution Hotrevenue

    PhotoScape

    Reader 2.1

    Service Pack 1 for SQL Server 2008 (KB968369)

    Software Intel® PROSet/Wireless WiFi

    Spyware Terminator

    Sql Server Customer Experience Improvement Program

    SSH Secure Shell

    Versão de 32 bits do Microsoft Outlook Hotmail Connector

    Versão de 32 bits do Microsoft Outlook Social Connector

    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

    Web Deployment Tool

    WIDCOMM Bluetooth Software

    Windows Live Call

    Windows Live Communications Platform

    Windows Live Essentials

    Windows Live Messenger

    ==== End Of File ===========================

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Leia as instruções contidas neste link:

    Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

    1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

    [*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

    • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
    • Clique em "OK" ao EULA.
    • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

    [*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

    NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

    NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

    • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
    • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
    • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Mas os logs postados acima , não ajudam a verificar se meu pc esta infectado?

    segui as instruções me passada antes de postar

    Brigado

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Crish,

    Como acha que as infecções são removidas? Execute as instruções do post #5, por gentileza.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ComboFix 10-08-17.04 - Meira 19/08/2010 17:08:00.1.4 - x86

    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.1974.1039 [GMT -3:00]

    Executando de: c:\users\Meira\Desktop\ComboFix.exe

    AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

    * Criado um novo ponto de restauração

    * AV residente está ativo

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    c:\program files\ezLife

    c:\program files\Smart-Ads-Solutions

    c:\windows\system32\st326274.dll

    c:\windows\system32\vkloeaqvsbsngrw.dll

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2010-07-19 to 2010-08-19 ))))))))))))))))))))))))))))

    .

    2010-08-19 20:16 . 2010-08-19 20:16 -------- d-----w- c:\users\Default\AppData\Local\temp

    2010-08-19 19:48 . 2010-08-19 02:16 -------- d-----r- C:\32788R22FWJFW

    2010-08-09 13:59 . 2010-08-09 13:59 -------- d-----w- c:\program files\Ask Search Assistant

    2010-08-06 18:42 . 2010-08-06 18:47 -------- d-----w- c:\users\Meira\AppData\Roaming\Charles

    2010-08-06 18:41 . 2010-08-06 18:41 -------- d-----w- c:\program files\Charles

    2010-08-06 18:36 . 2010-08-06 18:36 -------- d-----w- c:\program files\Common Files\Java

    2010-08-06 16:56 . 2010-08-06 16:56 -------- d-----w- c:\users\Meira\AppData\Roaming\Auslogics

    2010-08-06 16:56 . 2010-08-06 16:56 -------- d-----w- c:\program files\Auslogics

    2010-08-06 15:20 . 2010-08-06 15:20 -------- d-----w- c:\users\Meira\AppData\Local\PreEmptive Solutions

    2010-08-06 15:16 . 2010-08-06 15:16 -------- d-----w- c:\programdata\Microsoft Visual Studio

    2010-08-06 00:57 . 2009-07-23 03:08 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll

    2010-08-06 00:57 . 2009-07-23 03:08 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll

    2010-08-06 00:55 . 2010-08-06 00:55 -------- d-----w- c:\windows\system32\RsFx

    2010-08-06 00:14 . 2010-08-06 00:21 -------- d-----w- c:\program files\Common Files\Merge Modules

    2010-08-06 00:14 . 2010-08-06 00:14 -------- d-----w- c:\program files\Microsoft Help Viewer

    2010-08-06 00:14 . 2010-08-06 00:42 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0

    2010-08-06 00:10 . 2010-08-06 00:10 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0

    2010-08-06 00:01 . 2009-11-25 15:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

    2010-08-06 00:01 . 2009-11-25 15:47 49472 ----a-w- c:\windows\system32\netfxperf.dll

    2010-08-06 00:01 . 2009-11-25 15:47 297808 ----a-w- c:\windows\system32\mscoree.dll

    2010-08-06 00:01 . 2009-11-25 15:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe

    2010-08-06 00:01 . 2009-11-25 15:47 1130824 ----a-w- c:\windows\system32\dfshim.dll

    2010-08-04 23:30 . 2010-08-05 01:28 -------- d-----w- c:\users\Meira\.netbeans

    2010-08-04 23:30 . 2010-08-04 23:30 -------- d-----w- c:\users\Meira\.netbeans-registration

    2010-08-04 23:28 . 2010-08-04 23:30 -------- d-----w- c:\program files\glassfish-3.0.1

    2010-08-04 23:12 . 2010-08-04 23:28 -------- d-----w- c:\program files\NetBeans 6.9

    2010-08-04 23:08 . 2010-08-04 23:08 -------- d-----w- c:\program files\Sun

    2010-08-04 23:03 . 2010-08-04 23:30 -------- d-----w- c:\users\Meira\.nbi

    2010-08-04 22:48 . 2010-08-04 22:54 -------- d-----w- c:\users\Meira\AppData\Local\Adobe

    2010-08-04 22:40 . 2010-08-04 22:40 -------- d-----w- c:\program files\Common Files\Adobe

    2010-08-04 22:30 . 2010-08-04 22:30 -------- d-----w- c:\program files\SSH Communications Security

    2010-08-03 15:02 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

    2010-08-03 15:02 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys

    2010-08-03 15:02 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

    2010-08-03 15:02 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

    2010-08-03 15:02 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

    2010-08-03 15:01 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr

    2010-08-03 15:01 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe

    2010-08-03 15:01 . 2010-08-03 15:01 -------- d-----w- c:\programdata\Alwil Software

    2010-08-03 00:46 . 2010-08-03 00:46 89831 ----a-w- c:\users\Meira\AppData\Roaming\Dropbox\bin\Uninstall.exe

    2010-08-03 00:46 . 2010-08-19 19:44 -------- d-----w- c:\users\Meira\AppData\Roaming\Dropbox

    2010-07-31 22:47 . 2010-08-19 20:08 -------- d-----w- C:\QUARANTINE

    2010-07-31 22:47 . 2010-07-31 22:49 49633 ----a-w- c:\windows\system32\hqczkwgbheg.exe

    2010-07-31 20:19 . 2010-08-03 15:01 -------- d-----w- c:\program files\Alwil Software

    2010-07-30 23:26 . 2010-07-30 23:26 -------- d-----w- c:\users\Meira\AppData\Roaming\InstallShield

    2010-07-28 12:47 . 2010-07-28 23:57 -------- d-----w- c:\users\Meira\AppData\Roaming\PhotoScape

    2010-07-28 12:38 . 2010-07-28 12:48 -------- d-----w- c:\users\Meira\AppData\Local\Google

    2010-07-28 12:38 . 2010-07-28 13:43 -------- d-----w- c:\program files\Google

    2010-07-28 12:37 . 2010-07-28 12:38 -------- d-----w- c:\program files\PhotoScape

    2010-07-27 14:32 . 2010-07-27 14:32 -------- d-----w- c:\windows\Sun

    2010-07-27 14:29 . 2010-07-27 14:29 -------- d-----w- c:\users\Meira\AppData\Roaming\tmp

    2010-07-27 14:29 . 2010-07-27 14:29 -------- d-----w- c:\users\Meira\AppData\Roaming\Reallusion

    2010-07-27 14:27 . 2010-07-27 14:27 -------- d-----w- c:\users\Meira\AppData\Roaming\Creative

    2010-07-27 14:24 . 2010-07-27 14:24 -------- d-----w- c:\program files\Common Files\Reallusion

    2010-07-27 14:23 . 2003-03-19 11:19 1060864 ------w- c:\windows\system32\MFC71.DLL

    2010-07-27 14:23 . 2010-07-27 14:23 -------- d-----w- c:\program files\Creative Live! Cam

    2010-07-27 14:22 . 2010-08-04 22:30 -------- d-----w- c:\program files\Common Files\InstallShield

    2010-07-26 16:50 . 2010-07-26 16:50 -------- d-----w- c:\users\Meira\AppData\Local\AskToolbar

    2010-07-26 16:10 . 2010-07-17 08:00 423656 ----a-w- c:\windows\system32\deployJava1.dll

    2010-07-26 16:09 . 2010-08-06 18:35 -------- d-----w- c:\program files\Java

    2010-07-23 21:53 . 2010-07-23 21:49 565248 ----a-w- c:\windows\system32\alleg42.dll

    2010-07-23 20:39 . 2010-07-27 15:14 -------- d-----w- c:\program files\IcoFX 1.6

    2010-07-23 19:57 . 2010-07-23 19:57 -------- d--h--w- c:\users\Meira\AppData\Local\dvmexptemp

    2010-07-23 19:57 . 2010-07-23 19:57 -------- d--h--w- c:\users\Meira\AppData\Local\dvmexp

    2010-07-23 19:56 . 2010-07-23 19:56 -------- d-----w- c:\program files\Ask.com

    2010-07-23 19:56 . 2010-08-04 22:49 -------- d-----w- c:\program files\Foxit Software

    2010-07-23 19:28 . 2010-08-14 17:31 -------- d-----w- c:\users\Meira\AppData\Roaming\Dev-Cpp

    2010-07-23 19:28 . 2010-07-23 20:17 -------- d-----w- C:\Dev-Cpp

    2010-07-22 13:05 . 2010-07-22 13:05 -------- d-----w- c:\programdata\NVIDIA

    2010-07-22 13:01 . 2010-08-09 17:55 -------- d-----w- c:\programdata\NVIDIA Corporation

    2010-07-22 13:01 . 2010-07-22 13:02 -------- d-----w- c:\program files\NVIDIA Corporation

    2010-07-22 13:00 . 2010-06-21 22:07 26216 ----a-w- c:\windows\system32\nvhdap32.dll

    2010-07-22 13:00 . 2010-06-21 22:07 232040 ----a-w- c:\windows\system32\nvcohda.dll

    2010-07-22 13:00 . 2010-06-21 22:07 105576 ----a-w- c:\windows\system32\drivers\nvhda32v.sys

    2010-07-22 13:00 . 2010-07-09 22:37 795104 ----a-w- c:\windows\system32\dpinst.exe

    2010-07-22 13:00 . 2010-07-09 22:37 56936 ----a-w- c:\windows\system32\OpenCL.dll

    2010-07-22 13:00 . 2010-07-09 22:37 5107816 ----a-w- c:\windows\system32\nvwgf2um.dll

    2010-07-22 13:00 . 2010-07-09 22:37 11008040 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

    2010-07-22 12:59 . 2010-07-09 22:37 314984 ----a-w- c:\windows\system32\nvdecodemft.dll

    2010-07-22 12:59 . 2010-07-09 22:37 14092904 ----a-w- c:\windows\system32\nvoglv32.dll

    2010-07-22 12:59 . 2010-07-09 22:37 9818728 ----a-w- c:\windows\system32\nvd3dum.dll

    2010-07-22 12:59 . 2010-07-09 22:37 4553832 ----a-w- c:\windows\system32\nvcuda.dll

    2010-07-22 12:59 . 2010-07-09 22:37 2892904 ----a-w- c:\windows\system32\nvcuvid.dll

    2010-07-22 12:59 . 2010-07-09 22:37 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll

    2010-07-22 12:59 . 2010-07-09 22:37 236136 ----a-w- c:\windows\system32\nvcod1922.dll

    2010-07-22 12:59 . 2010-07-09 22:37 236136 ----a-w- c:\windows\system32\nvcod.dll

    2010-07-22 12:59 . 2010-07-09 22:37 1625192 ----a-w- c:\windows\system32\nvapi.dll

    2010-07-22 12:59 . 2010-07-09 22:37 10267240 ----a-w- c:\windows\system32\nvcompiler.dll

    2010-07-22 12:59 . 2010-07-22 12:59 -------- d-----w- C:\NVIDIA

    2010-07-20 23:57 . 2010-01-07 08:32 132352 ----a-w- c:\windows\system32\drivers\Impcd.sys

    2010-07-20 22:23 . 2010-07-29 00:36 -------- d-----w- c:\users\Meira\AppData\Local\Ares

    2010-07-20 22:22 . 2010-07-20 22:23 -------- d-----w- c:\program files\Ares

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2010-08-19 19:49 . 2009-07-29 18:46 771296 ----a-w- c:\windows\system32\prfh0416.dat

    2010-08-19 19:49 . 2009-07-29 18:46 171112 ----a-w- c:\windows\system32\prfc0416.dat

    2010-08-16 23:50 . 2010-07-02 16:35 -------- d-----w- c:\program files\Microsoft Silverlight

    2010-08-09 13:59 . 2010-07-19 02:02 -------- d-----w- c:\program files\Messenger Plus! Live

    2010-08-06 01:08 . 2010-08-06 00:30 2478272 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

    2010-08-06 00:55 . 2010-08-06 00:46 -------- d-----w- c:\program files\Microsoft SQL Server

    2010-08-06 00:53 . 2010-07-02 16:18 -------- d-----w- c:\program files\Microsoft.NET

    2010-08-06 00:46 . 2010-08-06 00:14 -------- d-----w- c:\program files\Microsoft SDKs

    2010-08-06 00:45 . 2010-08-06 00:45 -------- d-----w- c:\program files\Microsoft Sync Framework

    2010-08-06 00:45 . 2010-08-06 00:45 -------- d-----w- c:\program files\Microsoft Synchronization Services

    2010-08-06 00:45 . 2010-08-06 00:45 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

    2010-08-06 00:42 . 2010-08-06 00:42 -------- d-----w- c:\programdata\PreEmptive Solutions

    2010-08-06 00:38 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild

    2010-08-06 00:32 . 2010-08-06 00:32 -------- d-----w- c:\program files\Microsoft ASP.NET

    2010-08-06 00:32 . 2010-08-06 00:32 -------- d-----w- c:\program files\IIS

    2010-08-06 00:23 . 2010-08-06 00:14 -------- d-----w- c:\program files\Microsoft F#

    2010-08-06 00:19 . 2010-08-06 00:14 -------- d-----w- c:\program files\HTML Help Workshop

    2010-08-04 22:30 . 2010-07-02 00:32 -------- d--h--w- c:\program files\InstallShield Installation Information

    2010-07-30 23:29 . 2010-07-02 19:24 -------- d-----w- c:\program files\Dell

    2010-07-21 12:37 . 2010-07-02 00:33 -------- d-----w- c:\program files\Intel

    2010-07-19 02:04 . 2010-07-19 02:04 -------- d-----w- c:\programdata\Messenger Plus!

    2010-07-18 23:51 . 2010-07-02 16:36 -------- d-----w- c:\program files\Windows Live

    2010-07-18 23:51 . 2010-07-18 23:51 -------- d-----w- c:\program files\Windows Live SkyDrive

    2010-07-18 22:25 . 2010-07-18 22:25 0 ----a-w- c:\windows\nsreg.dat

    2010-07-09 22:37 . 2010-07-22 13:00 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd

    2010-07-09 19:20 . 2010-07-09 19:20 110696 ----a-w- c:\windows\system32\nvmctray.dll

    2010-07-09 19:20 . 2010-07-09 19:20 66664 ----a-w- c:\windows\system32\nvshext.dll

    2010-07-09 19:20 . 2010-07-09 19:20 261736 ----a-w- c:\windows\system32\nvhotkey.dll

    2010-07-09 19:20 . 2010-07-09 19:20 1881704 ----a-w- c:\windows\system32\nvsvcr.dll

    2010-07-09 19:20 . 2010-07-09 19:20 1469544 ----a-w- c:\windows\system32\nvsvc.dll

    2010-07-09 19:20 . 2010-07-09 19:20 13939816 ----a-w- c:\windows\system32\nvcpl.dll

    2010-07-09 19:20 . 2010-07-09 19:20 129640 ----a-w- c:\windows\system32\nvvsvc.exe

    2010-07-03 21:35 . 2010-07-03 09:00 -------- d-----w- c:\users\Meira\AppData\Roaming\WirelessManager

    2010-07-02 19:32 . 2010-07-02 19:32 -------- d-----w- c:\programdata\Dell

    2010-07-02 19:32 . 2010-07-01 22:53 85368 ----a-w- c:\users\Meira\AppData\Local\GDIPFONTCACHEV1.DAT

    2010-07-02 19:28 . 2010-07-02 19:28 -------- d-----w- c:\program files\STMicroelectronics

    2010-07-02 19:21 . 2010-07-02 19:21 -------- d-----w- c:\programdata\{D499C757-18A6-4CC3-9B9E-7EC7DDB5E414}

    2010-07-02 16:34 . 2010-07-02 16:34 -------- d-----w- c:\program files\Microsoft

    2010-07-02 16:32 . 2010-07-02 16:32 -------- d-----w- c:\program files\Common Files\Windows Live

    2010-07-02 16:20 . 2010-07-02 16:16 -------- d-----w- c:\programdata\Microsoft Help

    2010-07-02 16:19 . 2010-07-02 16:19 -------- d-----w- c:\program files\Microsoft Works

    2010-07-02 01:09 . 2010-07-02 01:08 -------- d-----w- c:\program files\IDT

    2010-07-02 00:58 . 2010-07-02 00:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01009.Wdf

    2010-07-02 00:58 . 2010-07-02 00:58 -------- d-----w- c:\program files\DellTPad

    2010-07-02 00:46 . 2010-07-02 00:46 -------- d-----w- c:\program files\WIDCOMM

    2010-07-02 00:44 . 2010-07-02 00:44 -------- d-----w- c:\users\Meira\AppData\Roaming\Intel

    2010-07-02 00:43 . 2010-07-02 00:43 -------- d-----w- c:\program files\Cisco

    2010-07-02 00:43 . 2010-07-02 00:43 -------- d-----w- c:\program files\Common Files\Intel

    2010-07-02 00:43 . 2010-07-02 00:43 -------- d-----w- c:\programdata\Intel

    2010-07-02 00:34 . 2010-07-02 00:34 -------- d-----w- c:\program files\Common Files\postureAgent

    2010-07-02 00:32 . 2010-07-02 00:32 -------- d-----w- c:\program files\Netwaiting

    2010-07-01 22:58 . 2010-07-01 22:58 -------- d-----w- c:\programdata\McAfee

    2010-07-01 22:58 . 2010-07-01 22:58 -------- d-----w- c:\program files\Common Files\Cisco Systems

    2010-07-01 22:58 . 2010-07-01 22:58 -------- d-----w- c:\program files\McAfee

    2010-07-01 22:58 . 2010-07-01 22:58 -------- d-----w- c:\program files\Common Files\McAfee

    2010-07-01 22:49 . 2010-07-01 22:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

    2010-07-01 22:46 . 2010-07-01 22:46 -------- d-sh--we c:\programdata\Modelos

    2010-07-01 22:46 . 2010-07-01 22:46 -------- d-sh--we c:\programdata\Menu Iniciar

    2010-07-01 22:46 . 2010-07-01 22:46 -------- d-sh--we c:\programdata\Favoritos

    2010-07-01 22:46 . 2010-07-01 22:46 -------- d-sh--we c:\programdata\Documentos

    2010-07-01 22:46 . 2010-07-01 22:46 -------- d-sh--we c:\programdata\Dados de aplicativos

    2010-07-01 22:46 . 2010-07-01 22:46 -------- d-sh--we c:\program files\Common Files\Sistema

    2010-07-01 22:46 . 2010-07-01 22:46 -------- d-sh--we c:\program files\Arquivos Comuns

    2010-07-01 22:40 . 2010-07-01 22:40 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf

    2006-06-15 23:33 . 2010-07-27 14:25 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll

    2006-05-25 21:43 . 2010-07-27 14:25 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll

    2005-09-29 17:41 . 2010-07-27 14:25 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll

    2006-06-19 16:10 . 2010-07-27 14:25 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll

    2005-02-02 15:19 . 2010-07-27 14:24 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll

    2006-04-10 21:35 . 2010-07-27 14:25 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll

    2005-11-09 14:10 . 2010-07-27 14:24 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll

    2005-11-09 14:42 . 2010-07-27 14:24 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll

    2006-01-04 14:22 . 2010-07-27 14:24 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll

    2006-01-04 14:21 . 2010-07-27 14:24 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll

    2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

    2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

    2010-02-04 19:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

    2009-12-09 01:19 94208 ----a-w- c:\users\Meira\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

    2009-12-09 01:19 94208 ----a-w- c:\users\Meira\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

    2009-12-09 01:19 94208 ----a-w- c:\users\Meira\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

    "ares"="c:\program files\Ares\Ares.exe" [2010-07-10 1015808]

    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]

    "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]

    "IMSS"="c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-04-15 112152]

    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-05-12 288112]

    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-05 495708]

    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

    "DellBtrEvent"="c:\program files\Dell\Reader 2.1\DellBtrEvent.exe" [2010-05-13 160768]

    "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-07-09 261736]

    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-06-28 2837864]

    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

    c:\users\Meira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    Dropbox.lnk - c:\users\Meira\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-1-8 828704]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 0 (0x0)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableLUA"= 0 (0x0)

    "EnableUIADesktopToggle"= 0 (0x0)

    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

    @="Driver"

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

    R2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [2010-01-10 60928]

    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2008-09-29 67904]

    R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-01-11 274472]

    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-11 33320]

    R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-01-07 132352]

    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2008-09-29 64432]

    R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-09 48128]

    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]

    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]

    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]

    S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdfltn.sys [2010-01-18 17072]

    S1 aswSP;aswSP; [x]

    S1 DVMIO;DVMIO;c:\program files\Dell\Reader 2.1\dvmio.sys [2010-05-04 18320]

    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe [2010-04-05 81920]

    S2 aswFsBlk;aswFsBlk; [x]

    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]

    S2 DvmMDES;DeviceVM Meta Data Export Service;c:\program files\Dell\Reader 2.1\DVMExportService.exe [2010-05-04 327680]

    S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [2008-09-29 19456]

    S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-04-15 2533400]

    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-01-18 42672]

    S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-04-06 224424]

    S3 NETw5s32;Driver do adaptador Intel® Wireless WiFi Link para Windows 7 32 bits;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]

    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576]

    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = about:blank

    IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

    IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

    IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

    FF - ProfilePath - c:\users\Meira\AppData\Roaming\Mozilla\Firefox\Profiles\b1elvyyz.default\

    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

    FF - prefs.js: browser.search.selectedEngine - Ask

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=

    FF - prefs.js: network.proxy.type - 0

    FF - component: c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\components\FFGlobalExtension.dll

    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

    FF - plugin: c:\program files\Mozilla Firefox\plugins\npRLCT4Player.dll

    ---- FIREFOX POLICIES ----

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

    c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

    .

    - - - - ORFÃOS REMOVIDOS - - - -

    HKLM-Run-ucqamhreumvpd - c:\windows\system32\vkloeaqvsbsngrw.dll

    .

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    "MSCurrentCountry"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    Tempo para conclusão: 2010-08-19 17:20:20

    ComboFix-quarantined-files.txt 2010-08-19 20:20

    Pré-execução: 203.509.104.640 bytes disponíveis

    Pós execução: 203.518.763.008 bytes disponíveis

    - - End Of File - - C75D8EDBB293E6F38BBFDABBAEBEDDE9

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Esse computador é pessoal? Você é o dono dele?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×