Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
leandrolebabo

O que está acontecendo ?

Recommended Posts

Prezados,

Primeiramente, parabéns pela iniciativa de disponibilizar tempo e paciência para ajudar leigos como eu.

Bom, alguns dias após instalar um programa tipo torrent, meu note "enlouqueceu": o antivírus foi desativado e não consegui instalar novamente (kaspersky); não consigo rodar vídeos; o som não funciona; e principalmente, não consigo instalar nenhum programa (só consegui instalar o Malwarebytes). Toda vez que tentava instalar um programa (incluindo um antivirus), a tela de instalação simplesmente fechava.

De início não consegui sequer executar os programas DDS e GMER, mas após utilizar a ferramenta Recovery da HP eu consegui rodar os programas, cujos logs's seguem abaixo.

LOG DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_33

Run by Leandro at 23:52:29 on 2012-07-14

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.3035.2048 [GMT -3:00]

.

AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d9724ca820c3c1e0\aestsrv.exe

C:\Program Files\DigitalPersona\Bin\DpHostW.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\SMINST\BLService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

C:\Windows\system32\vfsFPService.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\rundll32.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.msn.com

mStart Page = hxxp://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No File

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - c:\program files\gbplugin\gbieh.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540017} - c:\program files\gbplugin\gbiehbnt.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [smartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Adicionar ao Antibanner - c:\program files\kaspersky lab\kaspersky internet security 2012\ie_banner_deny.htm

IE: Fazer o download de todos os links usando o IDM - c:\program files\internet download manager\IEGetAll.htm

IE: Fazer o download usando o IDM - c:\program files\internet download manager\IEExt.htm

IE: LG Air Sync (R-Click) - Save as Mobile Image - c:\program files\lg electronics\lg pc suite iv\linkair\IEContextMenu.dll/206

IE: LG Air Sync (R-Click) - Save as Mobile Memo - c:\program files\lg electronics\lg pc suite iv\linkair\IEContextMenu.dll/208

IE: LG Air Sync (R-Click) - Save as Mobile Text file - c:\program files\lg electronics\lg pc suite iv\linkair\IEContextMenu.dll/210

IE: LG Air Sync (R-Click) - Set as Mobile Wallpaper - c:\program files\lg electronics\lg pc suite iv\linkair\IEContextMenu.dll/205

IE: LG Air Sync Option - c:\program files\lg electronics\lg pc suite iv\linkair\IEContextMenu.dll/209

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{0B0D137B-C0D0-4578-872D-87DA953119AF} : DhcpNameServer = 10.100.196.3 10.100.196.120 10.100.196.119

TCP: Interfaces\{D2090FFF-DA95-40AC-A38E-D45200E34E3A} : DhcpNameServer = 192.168.1.1

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

Notify: GbPluginBb - c:\program files\gbplugin\gbieh.dll

Notify: GbPluginBnt - c:\program files\gbplugin\gbiehBnt.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399017} - c:\program files\gbplugin\gbiehbnt.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - c:\program files\gbplugin\gbieh.dll

LSA: Notification Packages = scecli DPPWDFLT

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\leandro\appdata\roaming\mozilla\firefox\profiles\en71jvvd.default\

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll

FF - plugin: c:\users\leandro\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\users\leandro\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\leandro\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 66660767;66660767;c:\windows\system32\drivers\66660767.sys [2012-6-23 133208]

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2009-11-23 46600]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files\hewlett-packard\media\dvd\000.fcl [2008-9-26 59376]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_d9724ca820c3c1e0\AEstSrv.exe [2009-6-19 77824]

R2 GbpSv;Gbp Service;c:\progra~1\gbplugin\GbpSv.exe [2011-4-7 56712]

R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-18 19456]

R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2012-5-3 96056]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-18 654408]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-6-19 365952]

R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\hewlett-packard\media\tv\kernel\tv\TVCapSvc.exe [2008-9-24 296320]

R2 TVSched;TV Task Scheduler (TVTS);c:\program files\hewlett-packard\media\tv\kernel\tv\TVSched.exe [2008-9-24 116096]

R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-9-16 599344]

R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-4-28 54784]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-3-15 127488]

R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-7-21 100184]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-18 22344]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-7-14 40776]

R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-9-16 40752]

S2 gupdate1ca4309e8ce47c0;Google Update Service (gupdate1ca4309e8ce47c0);c:\program files\google\update\GoogleUpdate.exe [2009-10-1 133104]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-6-19 193840]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-8 129976]

S4 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\sdwinsec.exe --> c:\program files\spybot - search & destroy\SDWinSec.exe [?]

.

=============== Created Last 30 ================

.

2012-07-15 02:52:21 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-07-08 19:33:31 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-07-08 19:33:26 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2012-07-08 19:33:25 588728 ----a-w- c:\program files\mozilla firefox\gkmedias.dll

2012-07-08 19:33:25 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll

2012-07-08 19:33:25 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll

2012-07-08 19:33:25 43960 ----a-w- c:\program files\mozilla firefox\mozglue.dll

2012-07-08 19:33:25 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2012-07-08 19:33:25 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe

2012-07-08 19:33:25 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe

2012-07-08 19:33:24 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll

2012-06-23 12:25:47 133208 ----a-w- c:\windows\system32\drivers\66660767.sys

2012-06-21 02:01:07 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 02:00:31 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 01:59:57 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-21 01:59:57 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-19 02:56:48 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS

2012-06-19 02:55:16 -------- d-sh--w- C:\$RECYCLE.BIN

2012-06-19 02:34:58 98816 ----a-w- c:\windows\sed.exe

2012-06-19 02:34:58 518144 ----a-w- c:\windows\SWREG.exe

2012-06-19 02:34:58 256000 ----a-w- c:\windows\PEV.exe

2012-06-19 02:34:58 208896 ----a-w- c:\windows\MBR.exe

2012-06-19 02:34:47 -------- d-----w- C:\LBC

2012-06-19 00:24:15 -------- d-----w- c:\users\leandro\appdata\roaming\Malwarebytes

2012-06-19 00:24:08 -------- d-----w- c:\programdata\Malwarebytes

2012-06-19 00:24:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-19 00:24:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-17 15:35:12 476936 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-06-17 12:38:10 826368 ----a-w- c:\windows\system32\rdpcore.dll

2012-06-17 12:38:10 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-06-17 12:38:10 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-17 12:34:21 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2b4d9027-d769-4874-b996-73f84cc64130}\mpengine.dll

2012-06-15 19:16:50 -------- d-----w- c:\users\leandro\appdata\local\{59199193-EE25-4A57-BCA3-C4EE9BB886B9}

.

==================== Find3M ====================

.

2012-06-17 15:34:53 472840 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-23 11:26:26 96056 ----a-w- c:\windows\system32\drivers\idmwfp.sys

2010-01-26 13:11:08 444283 ----a-w- c:\program files\common files\WinPcapNmap.exe

2009-11-09 00:29:37 6298112 ----a-w- c:\program files\Physical Test 5.1 Español.msi

2009-11-09 00:29:37 1526275 ----a-w- c:\program files\instmsiw.exe

2009-11-09 00:29:37 1513987 ----a-w- c:\program files\instmsia.exe

.

============= FINISH: 23:54:35,42 ===============

LOG ATTACH:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 17/06/2012 09:34:14

System Uptime: 14/07/2012 22:35:31 (1 hours ago)

.

Motherboard: Compal | | 30F7

Processor: Intel® Core2 Duo CPU T6400 @ 2.00GHz | CPU | 1600/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 140 GiB total, 8,631 GiB free.

D: is FIXED (NTFS) - 9 GiB total, 1,142 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP4: 20/06/2012 22:59:33 - Windows Update

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

4660_4680_Help

Adobe Reader 9 - Português

Adobe Shockwave Player

Adobe Shockwave Player 11.5

Agere Systems HDA Modem

Arquivo do WinRAR

BPD_HPSU

bpd_scan

BPDSoftware

BPDSoftware_Ini

Broadcom 802.11 Wireless LAN Adapter

BufferChm

CustomerResearchQFolder

Destination Component

DeviceDiscovery

DeviceManagementQFolder

DigitalPersona Personal 3.1.0

DocMgr

DocProc

DocProcQFolder

ESU for Microsoft Vista

eSupportQFolder

Fax

Free DVD MP3 Ripper 1.12

Google Chrome

Google Earth

Google Update Helper

GPBaseService

Hewlett-Packard Active Check for Health Check

Hewlett-Packard Asset Agent for Health Check

HP Active Support Library

HP Customer Experience Enhancements

HP Customer Participation Program 10.0

HP Doc Viewer

HP Document Manager 1.0

HP Help and Support

HP Imaging Device Functions 10.0

HP Integrated Module with Bluetooth wireless technology 6.0.1.6204

HP MediaSmart DVD

HP MediaSmart Music/Photo/Video

HP MediaSmart SmartMenu

HP MediaSmart TV

HP MediaSmart Webcam

HP MULTIPLE MODEM INSTALLER for VISTA

HP Officejet All-In-One Series

HP Product Detection

HP Quick Launch Buttons 6.40 H2

HP Smart Web Printing

HP Solution Center 10.0

HP Update

HP User Guides 0125

HP Wireless Assistant

HPNetworkAssistant

HPProductAssistant

HPSSupply

HPTCSSetup

IDT Audio

Intel® Graphics Media Accelerator Driver

Intel® TV Wizard

IRPF2010 - Declaração de Ajuste Anual e Final de Espólio

J4660

Java Auto Updater

Java 6 Update 33

Java 6 Update 7

JMicron JMB38X Flash Media Controller

LightScribe System Software 1.14.17.1

Malwarebytes Anti-Malware versão 1.61.0.1400

MarketResearch

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office XP Professional com FrontPage

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Works

Mozilla Firefox 12.0 (x86 pt-BR)

Mozilla Maintenance Service

MSVC80_x86_v2

MSVCRT

Nero 7 Ultra Edition

neroxml

Nokia Connectivity Cable Driver

Nokia PC Suite

OCR Software by I.R.I.S. 10.0

Pacote de Compatibilidade para o sistema Office 2007

Pacote de Driver do Windows - Nokia Modem (06/09/2010 4.5)

Pacote de Driver do Windows - Nokia Modem (06/09/2010 7.01.0.7)

Pacote de Driver do Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)

PC Connectivity Solution

ProductContext

ProtectSmart Hard Drive Protection

Realtek 8169 8168 8101E 8102E Ethernet Driver

Scan

Shop for HP Supplies

Skype™ 3.8

SmartWebPrintingOC

Software Informer 1.0 BETA

SolutionCenter

Status

Toolbox

Touch Pad Driver

TrayApp

Unity Web Player

Validity Sensors software

Vista Codec Package

VIVO Internet e TV Digital

WavePad Sound Editor

WebReg

Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Media Player Firefox Plugin

.

==== End Of File ===========================

LOG GMER:

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-07-15 00:54:41

Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM160HI rev.HH100-12

Running: gmer.exe; Driver: C:\Users\Leandro\AppData\Local\Temp\uwdyipod.sys

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 83089569 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830AE092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

PAGE peauth.sys AD80D02C 102 Bytes JMP BA85CD04

C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl entry point in "" section [0xAD8EF41C]

.clc C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl unknown last code section [0xAD8F0000, 0x1000, 0xE0000020]

PAGE spsys.sys!?SPRevision@@3PADA + 4F90 AD9B1000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 50B3 AD9B1123 32 Bytes [C5, 9A, AD, FE, 05, 34, C5, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 50D4 AD9B1144 596 Bytes [9A, AD, A0, 34, C5, 9A, AD, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 5329 AD9B1399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 538F AD9B13FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]

PAGE ...

? C:\Users\Leandro\AppData\Local\Temp\mbr.sys O sistema não pode encontrar o arquivo especificado. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\services.exe[492] kernel32.dll!FreeLibraryAndExitThread 77023474 5 Bytes JMP 00EE7C10 C:\Program Files\GbPlugin\gbiehbnt.dll (Gbieh Module/Banco do Estado do Espirito Santo - BANESTES)

.text C:\Windows\system32\services.exe[492] kernel32.dll!FreeLibrary 77031A09 5 Bytes JMP 00EE7D70 C:\Program Files\GbPlugin\gbiehbnt.dll (Gbieh Module/Banco do Estado do Espirito Santo - BANESTES)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\System32\rundll32.exe[3588] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75765E25] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Windows\System32\rundll32.exe[3588] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75765E25] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Windows\System32\rundll32.exe[3588] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75765E25] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Windows\System32\rundll32.exe[3588] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75765E25] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [72402494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [723E5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [723E56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7240250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [723F8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [723F4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [723F50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [723F51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [723F66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [723F82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [723F8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [723F907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [723FE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [723F4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\BTHUSB \Device\0000008f bthport.sys (Driver de Barramento Bluetooth/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

Device \Driver\BTHUSB \Device\0000008d bthport.sys (Driver de Barramento Bluetooth/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e43bfc8

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e43bfc8 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alac\OpenWithProgids@alacfile

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.anx\OpenWithProgids@oggfile

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ape\OpenWithProgids@apefile

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acha\OpenWithProgids@oggfile

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.axv\OpenWithProgids@oggfile

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dotm\OpenWithProgids@Word.TemplateMacroEnabled.12

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dotx\OpenWithProgids@Word.Template.12

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.moh\OpenWithProgids@mohfile

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpc\OpenWithProgids@mpcfile

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oga\OpenWithProgids@oggfile

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\OpenWithProgids@NeroShowTime.Files7.ogg

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\OpenWithProgids@oggfile

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\OpenWithProgids@Winamp.File.OGG

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogv\OpenWithProgids@oggfile

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.on2\OpenWithProgids@WMP11.AssocFile.AVI

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppam\OpenWithProgids@PowerPoint.Addin.12

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\OpenWithProgids@oggfile

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tta\OpenWithProgids@ttafile

---- Files - GMER 1.0.15 ----

File C:\$WINDOWS.~Q\DATA\Users\Leandro\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com.\settings.sol 86 bytes

---- EOF - GMER 1.0.15 ----

Desde já agradeço pela ajuda.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Boa noite RenatoMejias

    Segui as instruções e executei o ComboFix. Após o programa gerar o log, não consegui acessar a net por nenhum navegador do meu notebook. Estou postando o log do pc de minha mulher.

    Log do ComboFix:

    ComboFix 12-07-16.01 - Leandro 17/07/2012 21:53:07.2.2 - x86

    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.3035.1862 [GMT -3:00]

    Executando de: c:\users\Leandro\Desktop\ComboFix.exe

    AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

    FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

    SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    * Criado um novo ponto de restauração

    .

    ADS - drivers: deleted 304 bytes in 1 streams.

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2012-06-18 to 2012-07-18 ))))))))))))))))))))))))))))

    .

    .

    2012-07-18 01:02 . 2012-07-18 01:02 -------- d-----w- c:\users\Default\AppData\Local\temp

    2012-07-08 19:33 . 2012-07-08 19:33 -------- d-----w- c:\program files\Mozilla Maintenance Service

    2012-07-08 19:33 . 2012-07-08 19:33 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

    2012-07-08 19:33 . 2012-07-08 19:33 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

    2012-07-08 19:33 . 2012-07-08 19:33 588728 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll

    2012-07-08 19:33 . 2012-07-08 19:33 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll

    2012-07-08 19:33 . 2012-07-08 19:33 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll

    2012-07-08 19:33 . 2012-07-08 19:33 43960 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll

    2012-07-08 19:33 . 2012-07-08 19:33 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe

    2012-07-08 19:33 . 2012-07-08 19:33 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe

    2012-07-08 19:33 . 2012-07-08 19:33 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll

    2012-06-23 12:25 . 2012-06-23 17:41 133208 ----a-w- c:\windows\system32\drivers\66660767.sys

    2012-06-21 02:01 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

    2012-06-21 02:01 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

    2012-06-21 02:01 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

    2012-06-21 02:01 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

    2012-06-21 02:00 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

    2012-06-21 02:00 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

    2012-06-21 02:00 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

    2012-06-21 01:59 . 2012-06-02 18:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

    2012-06-21 01:59 . 2012-06-02 18:12 33792 ----a-w- c:\windows\system32\wuapp.exe

    2012-06-19 02:34 . 2012-06-19 02:56 -------- d-----w- C:\LBC

    2012-06-19 00:24 . 2012-06-19 00:24 -------- d-----w- c:\users\Leandro\AppData\Roaming\Malwarebytes

    2012-06-19 00:24 . 2012-06-19 00:24 -------- d-----w- c:\programdata\Malwarebytes

    2012-06-19 00:24 . 2012-06-19 00:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2012-06-19 00:24 . 2012-04-04 18:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

    .

    .

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-06-17 15:34 . 2012-06-17 15:35 476936 ----a-w- c:\windows\system32\npdeployJava1.dll

    2012-06-17 15:34 . 2010-05-27 10:03 472840 ----a-w- c:\windows\system32\deployJava1.dll

    2012-04-23 11:26 . 2012-05-03 19:07 96056 ----a-w- c:\windows\system32\drivers\idmwfp.sys

    2010-01-26 13:11 . 2011-04-06 02:03 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe

    2009-11-09 00:29 . 2009-11-09 00:29 6298112 ----a-w- c:\program files\Physical Test 5.1 Español.msi

    2009-11-09 00:29 . 2009-11-09 00:29 1526275 ----a-w- c:\program files\instmsiw.exe

    2009-11-09 00:29 . 2009-11-09 00:29 1513987 ----a-w- c:\program files\instmsia.exe

    2009-08-28 21:42 . 2009-08-28 21:42 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

    2009-08-28 21:42 . 2009-08-28 21:42 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

    2012-07-08 19:33 . 2011-07-07 08:32 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

    .

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por padrão não são apresentadas.

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

    2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]

    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-09-23 912688]

    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    "{E37CB5F0-51F5-4395-A808-5FA49E399017}"= "c:\program files\GbPlugin\gbiehbnt.dll" [2009-11-18 306664]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

    2011-03-30 12:19 505736 ----a-w- c:\program files\GbPlugin\gbieh.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBnt]

    2009-11-18 18:16 306664 ----a-w- c:\program files\GbPlugin\gbiehbnt.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "aux"=wdmaud.drv

    .

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

    Notification Packages REG_MULTI_SZ scecli DPPWDFLT

    .

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]

    backup=c:\windows\pss\BTTray.lnk.CommonStartup

    backupExtension=.CommonStartup

    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk

    .

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

    backupExtension=.CommonStartup

    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

    .

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]

    backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup

    backupExtension=.CommonStartup

    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

    .

    [HKLM\~\startupfolder\C:^Users^Leandro^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^_uninst_66660767.lnk]

    path=c:\users\Leandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_66660767.lnk

    backup=c:\windows\pss\_uninst_66660767.lnk.Startup

    backupExtension=.Startup

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

    2009-10-03 06:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]

    2009-01-08 09:36 2521464 ----a-w- c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

    2008-01-21 17:09 217088 ----a-w- c:\program files\Apoint2K\Apoint.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

    2007-06-27 21:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer for HP TouchSmart]

    2008-09-25 21:42 189736 ----a-w- c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent]

    2008-09-26 05:36 1148200 ----a-w- c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glary Memory Optimizer]

    2011-03-09 20:24 108344 ----a-w- c:\program files\Glary Utilities\memdefrag.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]

    2008-06-16 11:03 75008 ------w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

    2007-10-15 00:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]

    2012-05-03 19:08 3487128 ----a-w- c:\program files\Internet Download Manager\IDMan.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LG LinkAir]

    2010-09-16 11:58 2440552 ----a-w- c:\program files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

    2008-06-09 13:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

    2010-11-10 05:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

    2007-03-01 17:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]

    2008-08-01 19:14 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer]

    2010-04-23 00:37 2285637 ----a-w- c:\program files\Software Informer\softinfo.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]

    2009-07-22 11:33 458844 ----a-w- c:\program files\IDT\WDM\sttray.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TSMAgent]

    2008-09-25 21:41 1152296 ----a-w- c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVAgent]

    2008-09-24 21:07 206120 ----a-w- c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]

    2008-06-13 21:11 210216 ----a-w- c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

    "DpAgent"=c:\program files\DigitalPersona\Bin\dpagent.exe

    .

    R2 gupdate1ca4309e8ce47c0;Google Update Service (gupdate1ca4309e8ce47c0);c:\program files\Google\Update\GoogleUpdate.exe [x]

    R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]

    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

    R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]

    S0 66660767;66660767;c:\windows\system32\DRIVERS\66660767.sys [x]

    S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [x]

    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

    S2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files\Hewlett-Packard\Media\DVD\000.fcl [x]

    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d9724ca820c3c1e0\aestsrv.exe [x]

    S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [x]

    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]

    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

    S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [x]

    S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [x]

    S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [x]

    S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [x]

    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]

    S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]

    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

    S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [x]

    .

    .

    --- =Outros Serviços/Drivers Na Memória ---

    .

    *NewlyCreated* - UWDYIPOD

    *Deregistered* - uwdyipod

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    .

    2012-06-15 c:\windows\Tasks\GlaryInitialize.job

    - c:\program files\Glary Utilities\initialize.exe [2011-04-07 20:24]

    .

    2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-02 02:41]

    .

    2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-02 02:41]

    .

    2012-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-686748123-1962094964-1396759874-1000Core.job

    - c:\users\Leandro\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-10 03:43]

    .

    2012-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-686748123-1962094964-1396759874-1000UA.job

    - c:\users\Leandro\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-10 03:43]

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = hxxp://www.msn.com

    mStart Page = hxxp://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d

    IE: Adicionar ao Antibanner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

    IE: Fazer o download de todos os links usando o IDM - c:\program files\Internet Download Manager\IEGetAll.htm

    IE: Fazer o download usando o IDM - c:\program files\Internet Download Manager\IEExt.htm

    IE: LG Air Sync (R-Click) - Save as Mobile Image - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/206

    IE: LG Air Sync (R-Click) - Save as Mobile Memo - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/208

    IE: LG Air Sync (R-Click) - Save as Mobile Text file - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/210

    IE: LG Air Sync (R-Click) - Set as Mobile Wallpaper - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/205

    IE: LG Air Sync Option - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/209

    Trusted Zone: bancobrasil.com.br\www

    Trusted Zone: bancobrasil.com.br\www14

    Trusted Zone: bancobrasil.com.br\www2

    Trusted Zone: bb.com.br\www

    TCP: DhcpNameServer = 192.168.1.1

    FF - ProfilePath - c:\users\Leandro\AppData\Roaming\Mozilla\Firefox\Profiles\en71jvvd.default\

    .

    - - - - ORFÃOS REMOVIDOS - - - -

    .

    MSConfigStartUp-uTorrent - c:\program files\uTorrent\uTorrent.exe

    .

    .

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]

    "ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"

    .

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\GNU\ffdshow_audio\default]

    @DACL=(02 0000)

    "mixerNormalizeMatrix"=dword:00000000

    "volNormalize"=dword:00000000

    "ismixer"=dword:00000001

    "mixerOut"=dword:00000001

    "passthroughAC3"=dword:00000000

    "passthroughDTS"=dword:00000000

    "decoderDRC"=dword:00000000

    "decoderDRCLevel"=dword:00000064

    "preferredsfs"=dword:0000000f

    "dithering"=dword:00000000

    "noiseShaping"=dword:00000000

    "autoLoadLogic"=dword:00000000

    "isDolbyDecoder"=dword:00000000

    "showDolbyDecoder"=dword:00000001

    "orderDolbyDecoder"=dword:00000000

    "dolbyDecoderDelay"=dword:00000014

    "isVolume"=dword:00000000

    "orderVolume"=dword:00000001

    "volume"=dword:00000064

    "showVolume"=dword:00000001

    "volNormalizeMax"=dword:00000190

    "volumeL"=dword:00000064

    "volumeC"=dword:00000064

    "volumeR"=dword:00000064

    "volumeSL"=dword:00000064

    "volumeSR"=dword:00000064

    "volumeLFE"=dword:00000064

    "volumeLmute"=dword:00000000

    "volumeCmute"=dword:00000000

    "volumeRmute"=dword:00000000

    "volumeSLmute"=dword:00000000

    "volumeSRmute"=dword:00000000

    "volumeLFEmute"=dword:00000000

    "volNormalizeResetOnSeek"=dword:00000000

    "volumeAL"=dword:00000064

    "volumeAR"=dword:00000064

    "volumeALmute"=dword:00000000

    "volumeARmute"=dword:00000000

    "volNormalizeRegainVolume"=dword:00000000

    "isEQ"=dword:00000000

    "orderEQ"=dword:00000002

    "eq0"=dword:00000064

    "eq1"=dword:00000064

    "eq2"=dword:00000064

    "eq3"=dword:00000064

    "eq4"=dword:00000064

    "eq5"=dword:00000064

    "eq6"=dword:00000064

    "eq7"=dword:00000064

    "eq8"=dword:00000064

    "eq9"=dword:00000064

    "eqLowdb"=dword:fffffb50

    "eqHighdb"=dword:000004b0

    "showEQ"=dword:00000001

    "eq0freq"=dword:00000c35

    "eq1freq"=dword:0000186a

    "eq2freq"=dword:000030d4

    "eq3freq"=dword:000061a8

    "eq4freq"=dword:0000c350

    "eq5freq"=dword:000186a0

    "eq6freq"=dword:00030d40

    "eq7freq"=dword:00061a80

    "eq8freq"=dword:000c3500

    "eq9freq"=dword:00186a00

    "eqSuper"=dword:00000000

    "isFIR"=dword:00000000

    "showFIR"=dword:00000001

    "orderFIR"=dword:00000003

    "firTaps"=dword:00000020

    "firType"=dword:00000000

    "firFreq"=dword:00001770

    "firWidth"=dword:000003e8

    "firWindow"=dword:00000004

    "firKaiserBeta"=dword:000003e8

    "isConvolver"=dword:00000000

    "showConvolver"=dword:00000001

    "orderConvolver"=dword:00000004

    "convolverMixingStrength"=dword:00000064

    "convolverLevelAdjustDB"=dword:00000000

    "convolverLevelAdjustAuto"=dword:00000001

    "convolverMappingMode"=dword:00000000

    "convolverFile"=""

    "convolverFileL"=""

    "convolverFileR"=""

    "convolverFileC"=""

    "convolverFileSL"=""

    "convolverFileSR"=""

    "convolverFileLFE"=""

    "isAudioDenoise"=dword:00000000

    "showAudioDenoise"=dword:00000001

    "orderAudioDenoise"=dword:00000005

    "audioDenoiseThreshold"=dword:00000064

    "isWinamp2"=dword:00000000

    "orderWinamp2"=dword:00000006

    "showWinamp2"=dword:00000001

    "allowMultichannelOnlyIn"="dsp_dfx.dll"

    "winamp2flnm"=""

    "winamp2filtername"=""

    "isFreeverb"=dword:00000000

    "showFreeverb"=dword:00000001

    "orderFreeverb"=dword:00000007

    "freeverbRoomsize"=dword:000001f4

    "freeverbDamp"=dword:000000fa

    "freeverbWet"=dword:0000014d

    "freeverbDry"=dword:000002ee

    "freeverbWidth"=dword:000003e8

    "freeverbMode"=dword:00000000

    "isCrystality"=dword:00000000

    "showCrystality"=dword:00000001

    "orderCrystality"=dword:00000008

    "bext_level"=dword:0000001c

    "echo_level"=dword:0000000b

    "stereo_level"=dword:0000000b

    "filter_level"=dword:00000003

    "feedback_level"=dword:0000001e

    "harmonics_level"=dword:0000002b

    "isResample"=dword:00000000

    "showResample"=dword:00000001

    "orderResample"=dword:00000009

    "resampleFreq"=dword:0000ac44

    "resampleMode"=dword:00000000

    "resampleIf"=dword:00000000

    "resampleIfCond"=dword:00000001

    "resampleIfFreq"=dword:0000ac44

    "isDelay"=dword:00000000

    "showDelay"=dword:00000001

    "orderDelay"=dword:0000000a

    "delayL"=dword:00000000

    "delayC"=dword:00000000

    "delayR"=dword:00000000

    "delaySL"=dword:00000000

    "delaySR"=dword:00000000

    "delayAL"=dword:00000000

    "delayLFE"=dword:00000000

    "delayAR"=dword:00000000

    "delayBC"=dword:00000000

    "isLFEcrossover"=dword:00000000

    "showLFEcrossover"=dword:00000001

    "orderLFEcrossover"=dword:0000000b

    "LFEcrossoverFreq"=dword:000000b4

    "LFEcrossoverGain"=dword:ffffff38

    "IDFF_LFEcutLR"=dword:00000000

    "isChannelSwap"=dword:00000000

    "showChannelSwap"=dword:00000001

    "orderChannelSwap"=dword:0000000c

    "channelSwapL"=dword:00000001

    "channelSwapR"=dword:00000002

    "channelSwapC"=dword:00000004

    "channelSwapSL"=dword:00000010

    "channelSwapRear"=dword:00000100

    "channelSwapSR"=dword:00000020

    "channelSwapLFE"=dword:00000008

    "channelSwapAL"=dword:00000200

    "channelSwapAR"=dword:00000400

    "showMixer"=dword:00000001

    "orderMixer"=dword:0000000d

    "mixerMatrix00"=dword:000186a0

    "mixerMatrix02"=dword:00000000

    "mixerMatrix01"=dword:00000000

    "mixerMatrix05"=dword:00000000

    "mixerMatrix03"=dword:00000000

    "mixerMatrix04"=dword:00000000

    "mixerMatrix20"=dword:00000000

    "mixerMatrix22"=dword:000186a0

    "mixerMatrix21"=dword:00000000

    "mixerMatrix25"=dword:00000000

    "mixerMatrix23"=dword:00000000

    "mixerMatrix24"=dword:00000000

    "mixerMatrix10"=dword:00000000

    "mixerMatrix12"=dword:00000000

    "mixerMatrix11"=dword:000186a0

    "mixerMatrix15"=dword:00000000

    "mixerMatrix13"=dword:00000000

    "mixerMatrix14"=dword:00000000

    "mixerMatrix50"=dword:00000000

    "mixerMatrix52"=dword:00000000

    "mixerMatrix51"=dword:00000000

    "mixerMatrix55"=dword:000186a0

    "mixerMatrix53"=dword:00000000

    "mixerMatrix54"=dword:00000000

    "mixerMatrix30"=dword:00000000

    "mixerMatrix32"=dword:00000000

    "mixerMatrix31"=dword:00000000

    "mixerMatrix35"=dword:00000000

    "mixerMatrix33"=dword:000186a0

    "mixerMatrix34"=dword:00000000

    "mixerMatrix40"=dword:00000000

    "mixerMatrix42"=dword:00000000

    "mixerMatrix41"=dword:00000000

    "mixerMatrix45"=dword:00000000

    "mixerMatrix43"=dword:00000000

    "mixerMatrix44"=dword:000186a0

    "mixerCustomMatrix"=dword:00000000

    "mixerExpandStereo2"=dword:00000000

    "mixerVoiceControl2"=dword:00000000

    "headphone_dim"=dword:0000000a

    "mixerClev"=dword:00000064

    "mixerSlev"=dword:00000064

    "mixerLFElev"=dword:00000064

    "mixerMatrix60"=dword:00000000

    "mixerMatrix62"=dword:00000000

    "mixerMatrix61"=dword:00000000

    "mixerMatrix65"=dword:00000000

    "mixerMatrix63"=dword:00000000

    "mixerMatrix64"=dword:00000000

    "mixerMatrix66"=dword:000186a0

    "mixerMatrix67"=dword:00000000

    "mixerMatrix70"=dword:00000000

    "mixerMatrix72"=dword:00000000

    "mixerMatrix71"=dword:00000000

    "mixerMatrix75"=dword:00000000

    "mixerMatrix73"=dword:00000000

    "mixerMatrix74"=dword:00000000

    "mixerMatrix76"=dword:00000000

    "mixerMatrix77"=dword:000186a0

    "mixerMatrix06"=dword:00000000

    "mixerMatrix07"=dword:00000000

    "mixerMatrix26"=dword:00000000

    "mixerMatrix27"=dword:00000000

    "mixerMatrix16"=dword:00000000

    "mixerMatrix17"=dword:00000000

    "mixerMatrix56"=dword:00000000

    "mixerMatrix57"=dword:00000000

    "mixerMatrix36"=dword:00000000

    "mixerMatrix37"=dword:00000000

    "mixerMatrix46"=dword:00000000

    "mixerMatrix47"=dword:00000000

    "mixerMatrix78"=dword:00000000

    "mixerMatrix80"=dword:00000000

    "mixerMatrix82"=dword:00000000

    "mixerMatrix81"=dword:00000000

    "mixerMatrix85"=dword:00000000

    "mixerMatrix83"=dword:00000000

    "mixerMatrix84"=dword:00000000

    "mixerMatrix86"=dword:00000000

    "mixerMatrix87"=dword:00000000

    "mixerMatrix88"=dword:000186a0

    "mixerMatrix08"=dword:00000000

    "mixerMatrix28"=dword:00000000

    "mixerMatrix18"=dword:00000000

    "mixerMatrix58"=dword:00000000

    "mixerMatrix38"=dword:00000000

    "mixerMatrix48"=dword:00000000

    "mixerMatrix68"=dword:00000000

    "outsfs"=dword:00000001

    "outAC3bitrate"=dword:00000280

    "connectTo"=dword:00000000

    "connectToOnlySpdif"=dword:00000001

    "outAC3EncodeMode"=dword:00000000

    "multichannelDevice"=""

    "multichannelDeviceId"=""

    "autoloadExtsNeedFix"=dword:00000001

    "autoloadFlnm"=dword:00000000

    "autoloadExt"=dword:00000000

    "autoloadExts"=""

    "autoloadExe"=dword:00000000

    "autoloadExes"=""

    "autoloadVolumeName"=dword:00000000

    "autoloadVolumeNames"=""

    "autoloadVolumeSerial"=dword:00000000

    "autoloadVolumeSerials"=""

    "autoloadDecoder"=dword:00000000

    "autoloadDecoders"=""

    "autoloadDSfilter"=dword:00000000

    "autoloadDSfilters"=""

    "autoloadNchannel"=dword:00000000

    "autoloadNchannels"=""

    "autoloadFreq"=dword:00000000

    "autoloadFreqs"=""

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\KMPlayer\KMP2.0\AutoVisList]

    @DACL=(02 0000)

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\KMPlayer\KMP2.0\CaptionFolderList]

    @DACL=(02 0000)

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\KMPlayer\KMP2.0\DScaler]

    @DACL=(02 0000)

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\KMPlayer\KMP2.0\EqulizerList]

    @DACL=(02 0000)

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\KMPlayer\KMP2.0\FileAssList]

    @DACL=(02 0000)

    "0"="AVI"

    "1"="DAT"

    "2"="MOV"

    "3"="MPEG"

    "4"="MPG"

    "5"="VOB"

    "6"="MKV"

    "7"="MP4"

    "8"="FLV"

    "9"="3GP"

    "10"="TS"

    "11"="TP"

    "12"="WMV"

    "13"="ASF"

    "14"="OGM"

    "15"="KPL"

    "16"="FLV"

    "17"="SWF"

    "18"="SMI"

    "19"="ASS"

    "20"="SRT"

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\KMPlayer\KMP2.0\FPSConvList]

    @DACL=(02 0000)

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\KMPlayer\KMP2.0\OpenList]

    @DACL=(02 0000)

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\KMPlayer\KMP2.0\OptionArea]

    @DACL=(02 0000)

    "InstallPath"="c:\\Program Files\\The KMPlayer\\KMPlayer.exe"

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\KMPlayer\KMP2.0\OptionList]

    @DACL=(02 0000)

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\KMPlayer\KMP2.0\PanScanList]

    @DACL=(02 0000)

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\KMPlayer\KMP2.0\UseFilterList]

    @DACL=(02 0000)

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\Microsoft\MPEG2Demultiplexer\Transport]

    @DACL=(02 0000)

    "Clock"=dword:00000001

    "ClockSlaveMinSamplingWindowMillis"=dword:000007d0

    "ClockSlaveHistoryMillis"=dword:0003a980

    "ClockSlaveMinSlavable"=dword:0000005f

    "ClockSlaveMaxSlavable"=dword:00000069

    "ShiftMaxGlitchesPerHour"=dword:0000003c

    "SimulatePBDA"=dword:00000000

    "OverPadMillis"=dword:00000032

    "MinDownstreamBufferingMillis"=dword:000000c8

    "ClockSlaveSettlingMillis"=dword:00002710

    "ReportDiscontinuities"=dword:00000001

    "SetSyncPoints"=dword:00000001

    "TimeoutCheckThreshold"=dword:00000064

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alac\OpenWithProgids]

    @DACL=(02 0000)

    "alacfile"=hex(0):

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.anx\OpenWithProgids]

    @DACL=(02 0000)

    "oggfile"=hex(0):

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ape\OpenWithProgids]

    @DACL=(02 0000)

    "apefile"=hex(0):

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acha\OpenWithProgids]

    @DACL=(02 0000)

    "oggfile"=hex(0):

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.axv\OpenWithProgids]

    @DACL=(02 0000)

    "oggfile"=hex(0):

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dotm\OpenWithProgids]

    @DACL=(02 0000)

    "Word.TemplateMacroEnabled.12"=hex(0):

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dotx\OpenWithProgids]

    @DACL=(02 0000)

    "Word.Template.12"=hex(0):

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.moh\OpenWithProgids]

    @DACL=(02 0000)

    "mohfile"=hex(0):

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpc\OpenWithProgids]

    @DACL=(02 0000)

    "mpcfile"=hex(0):

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oga\OpenWithProgids]

    @DACL=(02 0000)

    "oggfile"=hex(0):

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\OpenWithProgids]

    @DACL=(02 0000)

    "NeroShowTime.Files7.ogg"=hex(0):

    "oggfile"=hex(0):

    "Winamp.File.OGG"=hex(0):

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogv\OpenWithProgids]

    @DACL=(02 0000)

    "oggfile"=hex(0):

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.on2\OpenWithProgids]

    @DACL=(02 0000)

    "WMP11.AssocFile.AVI"=hex(0):

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppam\OpenWithProgids]

    @DACL=(02 0000)

    "PowerPoint.Addin.12"=hex(0):

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\OpenWithProgids]

    @DACL=(02 0000)

    "oggfile"=hex(0):

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tta\OpenWithProgids]

    @DACL=(02 0000)

    "ttafile"=hex(0):

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\MiniTool Solution Ltd.\MiniTool Power Data Recovery]

    @DACL=(02 0000)

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\MLSync\SyncControl]

    @DACL=(02 0000)

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000_Classes\callto\DefaultIcon]

    @DACL=(02 0000)

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000_Classes\callto\shell]

    @DACL=(02 0000)

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000_Classes\CLSID\{38753908-bf82-4baa-805b-422049ac23c6}]

    @Denied: (Full) (Everyone)

    @Allowed: (Read) (RestrictedCode)

    "Model"=dword:000000aa

    "Therad"=dword:00000012

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

    @Denied: (Full) (Everyone)

    @Allowed: (Read) (RestrictedCode)

    "scansk"=hex(0):56,ce,4e,76,64,7b,76,06,a7,a0,54,c6,2e,40,ad,76,f3,b1,10,4c,58,

    cb,74,1b,46,31,69,c9,d2,46,f0,0f,0b,a0,6e,5b,85,ee,93,dc,00,00,00,00,00,00,\

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000_Classes\ed2k\DefaultIcon]

    @DACL=(02 0000)

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000_Classes\ed2k\shell]

    @DACL=(02 0000)

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    "MSCurrentCountry"=dword:000000b5

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

    .

    - - - - - - - > 'lsass.exe'(512)

    c:\windows\system32\DPPWDFLT.DLL

    .

    Tempo para conclusão: 2012-07-17 22:08:37

    ComboFix-quarantined-files.txt 2012-07-18 01:08

    ComboFix2.txt 2012-06-19 02:56

    .

    Pré-execução: 9.092.796.416 bytes disponíveis

    Pós execução: 9.334.439.936 bytes disponíveis

    .

    - - End Of File - - BE60D83CECA3F07BC29225DFBDCDB29A

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Por que o ComboFix foi executado duas vezes?

    Como sua internet é configurada?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Bom dia Renato Mejias,

    Não sei o porque do ComboFix ter sido executado duas vezes. Eu segui as instruções e deixei o programa rodando. Após ele gerar o log, postei-o conforme disse acima.

    Não sei se tem algo a ver com isso, mas anteriormente, e imaginando eu que o ComboFix fosse um programa antimalware que pudesse ser utilizado sem supervisão, tentei executá-lo, mas não consegui. Piscava uma tela preta e não acontecia mais nada, assim como todos os programas que eu tentava executar (kaspersky, antivirus online). O único que rodou foi o antimalwarebytes. Depois disso, procurei ajuda no site.

    Uso no notebook internet wireles. O modem fica conectado ao pc de minha mulher, e uso o note pela casa. Eu só "ligo" o wireless e a conexão é feita automaticamente, pois já estava configurada.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Procure e poste o conteúdo do arquivo:

    C:\Qoobox\ComboFix2.txt

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Boa noite,

    Segue abaixo o log solicitado (ComboFix2.txt). Verifiquei que além dos navegadores de internet, outros programas e arquivos não estão abrindo. Aparece a seguinte mensagem: "Tentativa de operação ilegal em uma chave de registro marcada para exclusão".

    LOG COMBOFIX2:

    ComboFix 12-06-16.02 - Leandro 18/06/2012 23:36:43.1.2 - x86

    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.3035.1997 [GMT -3:00]

    Executando de: c:\users\Leandro\Desktop\LBC.exe

    AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

    FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

    SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    ADS - system32: deleted 2 bytes in 1 streams.

    ADS - drivers: deleted 404 bytes in 1 streams.

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\program files\autorun.inf

    c:\program files\Setup.exe

    c:\windows\IsUn0416.exe

    c:\windows\system32\ijl11.dll

    c:\windows\system32\spsys.log

    c:\windows\system32\Temp

    .

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2012-05-19 to 2012-06-19 ))))))))))))))))))))))))))))

    .

    .

    2012-06-19 02:45 . 2012-06-19 02:45 -------- d-----w- c:\users\Default\AppData\Local\temp

    2012-06-19 00:24 . 2012-06-19 00:24 -------- d-----w- c:\users\Leandro\AppData\Roaming\Malwarebytes

    2012-06-19 00:24 . 2012-06-19 00:24 -------- d-----w- c:\programdata\Malwarebytes

    2012-06-19 00:24 . 2012-06-19 00:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2012-06-19 00:24 . 2012-04-04 18:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

    2012-06-17 15:35 . 2012-06-17 15:34 476936 ----a-w- c:\windows\system32\npdeployJava1.dll

    2012-06-17 12:38 . 2012-02-15 05:44 826368 ----a-w- c:\windows\system32\rdpcore.dll

    2012-06-17 12:38 . 2012-02-15 04:22 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys

    2012-06-17 12:38 . 2012-02-15 04:22 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys

    2012-06-17 12:34 . 2011-05-18 15:37 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B4D9027-D769-4874-B996-73F84CC64130}\mpengine.dll

    2012-06-07 01:22 . 2012-06-07 01:22 -------- d-----w- c:\program files\1ClickDownload

    2012-06-06 03:18 . 2012-06-06 03:18 -------- d-----w- c:\program files\uTorrent

    2012-06-06 03:13 . 2012-06-19 02:49 -------- d-----w- c:\users\Leandro\AppData\Roaming\uTorrent

    2012-06-03 14:32 . 2012-06-03 14:32 -------- d-----w- c:\program files\Recuva

    2012-06-03 14:17 . 2012-06-03 14:26 -------- d-----w- c:\program files\PowerDataRecovery

    2012-06-03 03:19 . 2012-06-03 03:20 -------- d-----w- c:\users\Leandro\AppData\Roaming\ImgBurn

    2012-06-03 02:51 . 2012-06-03 02:51 -------- d-----w- c:\program files\ImgBurn

    2012-06-03 02:44 . 2012-06-03 02:44 -------- d-----w- c:\users\Leandro\AppData\Local\MulletPower

    2012-06-02 21:36 . 2012-06-19 02:45 -------- d-----w- c:\users\Leandro\AppData\Roaming\DMCache

    2012-06-02 21:36 . 2012-06-03 02:41 -------- d-----w- c:\users\Leandro\AppData\Roaming\IDM

    2012-06-02 21:36 . 2012-06-02 21:40 -------- d-----w- c:\program files\Internet Download Manager

    2012-05-30 04:02 . 2012-05-30 04:02 -------- d-----w- c:\users\Leandro\AppData\Local\XBOX360_ISO_Extract

    2012-05-26 17:57 . 2012-05-26 17:57 -------- d-----w- c:\program files\Team360h

    2012-05-26 17:35 . 2002-07-17 13:03 45056 ----a-w- c:\windows\system32\WNASPI32.DLL

    2012-05-26 17:35 . 2002-07-17 11:53 16877 ----a-w- c:\windows\system32\drivers\ASPI32.SYS

    .

    .

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-06-17 15:34 . 2010-05-27 10:03 472840 ----a-w- c:\windows\system32\deployJava1.dll

    2012-04-23 11:26 . 2012-05-03 19:07 96056 ----a-w- c:\windows\system32\drivers\idmwfp.sys

    2010-01-26 13:11 . 2011-04-06 02:03 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe

    2009-11-09 00:29 . 2009-11-09 00:29 6298112 ----a-w- c:\program files\Physical Test 5.1 Español.msi

    2009-11-09 00:29 . 2009-11-09 00:29 1526275 ----a-w- c:\program files\instmsiw.exe

    2009-11-09 00:29 . 2009-11-09 00:29 1513987 ----a-w- c:\program files\instmsia.exe

    2009-08-28 21:42 . 2009-08-28 21:42 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

    2009-08-28 21:42 . 2009-08-28 21:42 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

    2011-04-14 16:59 . 2011-07-07 08:32 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

    .

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por padrão não são apresentadas.

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

    2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]

    "Glary Memory Optimizer"="c:\program files\Glary Utilities\memdefrag.exe" [2011-03-09 108344]

    "LG LinkAir"="c:\program files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe" [2010-09-16 2440552]

    "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-05-03 3487128]

    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-06-06 880528]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-22 458844]

    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-21 217088]

    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]

    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]

    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-09-23 912688]

    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    "{E37CB5F0-51F5-4395-A808-5FA49E399017}"= "c:\program files\GbPlugin\gbiehbnt.dll" [2009-11-18 306664]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

    2011-03-30 12:19 505736 ----a-w- c:\program files\GbPlugin\gbieh.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBnt]

    2009-11-18 18:16 306664 ----a-w- c:\program files\GbPlugin\gbiehbnt.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "aux"=wdmaud.drv

    .

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

    Notification Packages REG_MULTI_SZ scecli DPPWDFLT

    .

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]

    backup=c:\windows\pss\BTTray.lnk.CommonStartup

    backupExtension=.CommonStartup

    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk

    .

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

    backupExtension=.CommonStartup

    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

    .

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]

    backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup

    backupExtension=.CommonStartup

    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

    2009-10-03 06:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]

    2009-01-08 09:36 2521464 ----a-w- c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

    2008-01-21 17:09 217088 ----a-w- c:\program files\Apoint2K\Apoint.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

    2007-06-27 21:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer for HP TouchSmart]

    2008-09-25 21:42 189736 ----a-w- c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent]

    2008-09-26 05:36 1148200 ----a-w- c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]

    2008-06-16 11:03 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

    2008-06-09 13:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

    2010-11-10 05:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

    2007-03-01 17:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]

    2008-08-01 19:14 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer]

    2010-04-23 00:37 2285637 ----a-w- c:\program files\Software Informer\softinfo.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TSMAgent]

    2008-09-25 21:41 1152296 ----a-w- c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVAgent]

    2008-09-24 21:07 206120 ----a-w- c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]

    2008-06-13 21:11 210216 ----a-w- c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

    "DpAgent"=c:\program files\DigitalPersona\Bin\dpagent.exe

    .

    R2 gupdate1ca4309e8ce47c0;Google Update Service (gupdate1ca4309e8ce47c0);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-02 133104]

    R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]

    R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]

    S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2011-03-30 46600]

    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

    S2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-09-26 59376]

    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d9724ca820c3c1e0\aestsrv.exe [2008-06-27 77824]

    S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2011-03-30 56712]

    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]

    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-04-23 96056]

    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

    S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]

    S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-09-24 296320]

    S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-09-24 116096]

    S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-09-16 599344]

    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-04-29 54784]

    S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-15 127488]

    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-21 100184]

    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]

    S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-09-16 40752]

    .

    .

    --- =Outros Serviços/Drivers Na Memória ---

    .

    *NewlyCreated* - WS2IFSL

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    .

    2012-06-15 c:\windows\Tasks\GlaryInitialize.job

    - c:\program files\Glary Utilities\initialize.exe [2011-04-07 20:24]

    .

    2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-02 02:41]

    .

    2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-02 02:41]

    .

    2012-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-686748123-1962094964-1396759874-1000Core.job

    - c:\users\Leandro\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-10 03:43]

    .

    2012-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-686748123-1962094964-1396759874-1000UA.job

    - c:\users\Leandro\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-10 03:43]

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = hxxp://www.msn.com

    mStart Page = hxxp://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d

    IE: Adicionar ao Antibanner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

    IE: Fazer o download de todos os links usando o IDM - c:\program files\Internet Download Manager\IEGetAll.htm

    IE: Fazer o download usando o IDM - c:\program files\Internet Download Manager\IEExt.htm

    IE: LG Air Sync (R-Click) - Save as Mobile Image - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/206

    IE: LG Air Sync (R-Click) - Save as Mobile Memo - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/208

    IE: LG Air Sync (R-Click) - Save as Mobile Text file - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/210

    IE: LG Air Sync (R-Click) - Set as Mobile Wallpaper - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/205

    IE: LG Air Sync Option - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/209

    Trusted Zone: bancobrasil.com.br\www

    Trusted Zone: bancobrasil.com.br\www14

    Trusted Zone: bancobrasil.com.br\www2

    Trusted Zone: bb.com.br\www

    TCP: DhcpNameServer = 192.168.1.1

    FF - ProfilePath - c:\users\Leandro\AppData\Roaming\Mozilla\Firefox\Profiles\en71jvvd.default\

    .

    - - - - ORFÃOS REMOVIDOS - - - -

    .

    MSConfigStartUp-eSnips_Downloader - c:\program files\Logia\eSnipsDownloader\eSnips_Downloader.exe

    MSConfigStartUp-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

    MSConfigStartUp-Regedit32 - c:\windows\system32\regedit.exe

    MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe

    MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    MSConfigStartUp-UpdateLBPShortCut - c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe

    MSConfigStartUp-UpdateP2GoShortCut - c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

    MSConfigStartUp-UpdatePDIRShortCut - c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe

    MSConfigStartUp-UpdatePSTShortCut - c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe

    AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\uninstall_activeX.exe

    AddRemove-Adobe Flash Player Plugin - c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

    AddRemove-bookTome - c:\program files\saSoftware\bookTome\bookTome-uninst.exe

    AddRemove-Catalencoder - c:\program files\Catalencoder\uninst.exe

    AddRemove-InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} - c:\program files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe

    AddRemove-InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658} - c:\program files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe

    AddRemove-InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243} - c:\program files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe

    AddRemove-InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1} - c:\program files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe

    AddRemove-Receitanet Java 2010.02a - c:\progra~1\PROGRA~1\RECEIT~1\DesinstJ.exe

    AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe

    AddRemove-WinX Free DVD to DivX Ripper_is1 - c:\program files\Digiarty\WinX_Free_DVD_to_DivX_Ripper\unins000.exe

    AddRemove-{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} - c:\program files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe

    AddRemove-{40BF1E83-20EB-11D8-97C5-0009C5020658} - c:\program files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe

    AddRemove-{4822DF0D-087B-435C-843D-ADAB239CCA13}_is1 - c:\program files\Boilsoft Video Converter\unins000.exe

    AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 - c:\program files\Spybot - Search & Destroy\unins000.exe

    AddRemove-{C59C179C-668D-49A9-B6EA-0121CCFC1243} - c:\program files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe

    AddRemove-{CB099890-1D5F-11D5-9EA9-0050BAE317E1} - c:\program files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe

    .

    .

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]

    "ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"

    .

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\GNU\ffdshow_audio\default]

    @DACL=(02 0000)

    "mixerNormalizeMatrix"=dword:00000000

    "volNormalize"=dword:00000000

    "ismixer"=dword:00000001

    "mixerOut"=dword:00000001

    "passthroughAC3"=dword:00000000

    "passthroughDTS"=dword:00000000

    "decoderDRC"=dword:00000000

    "decoderDRCLevel"=dword:00000064

    "preferredsfs"=dword:0000000f

    "dithering"=dword:00000000

    "noiseShaping"=dword:00000000

    "autoLoadLogic"=dword:00000000

    "isDolbyDecoder"=dword:00000000

    "showDolbyDecoder"=dword:00000001

    "orderDolbyDecoder"=dword:00000000

    "dolbyDecoderDelay"=dword:00000014

    "isVolume"=dword:00000000

    "orderVolume"=dword:00000001

    "volume"=dword:00000064

    "showVolume"=dword:00000001

    "volNormalizeMax"=dword:00000190

    "volumeL"=dword:00000064

    "volumeC"=dword:00000064

    "volumeR"=dword:00000064

    "volumeSL"=dword:00000064

    "volumeSR"=dword:00000064

    "volumeLFE"=dword:00000064

    "volumeLmute"=dword:00000000

    "volumeCmute"=dword:00000000

    "volumeRmute"=dword:00000000

    "volumeSLmute"=dword:00000000

    "volumeSRmute"=dword:00000000

    "volumeLFEmute"=dword:00000000

    "volNormalizeResetOnSeek"=dword:00000000

    "volumeAL"=dword:00000064

    "volumeAR"=dword:00000064

    "volumeALmute"=dword:00000000

    "volumeARmute"=dword:00000000

    "volNormalizeRegainVolume"=dword:00000000

    "isEQ"=dword:00000000

    "orderEQ"=dword:00000002

    "eq0"=dword:00000064

    "eq1"=dword:00000064

    "eq2"=dword:00000064

    "eq3"=dword:00000064

    "eq4"=dword:00000064

    "eq5"=dword:00000064

    "eq6"=dword:00000064

    "eq7"=dword:00000064

    "eq8"=dword:00000064

    "eq9"=dword:00000064

    "eqLowdb"=dword:fffffb50

    "eqHighdb"=dword:000004b0

    "showEQ"=dword:00000001

    "eq0freq"=dword:00000c35

    "eq1freq"=dword:0000186a

    "eq2freq"=dword:000030d4

    "eq3freq"=dword:000061a8

    "eq4freq"=dword:0000c350

    "eq5freq"=dword:000186a0

    "eq6freq"=dword:00030d40

    "eq7freq"=dword:00061a80

    "eq8freq"=dword:000c3500

    "eq9freq"=dword:00186a00

    "eqSuper"=dword:00000000

    "isFIR"=dword:00000000

    "showFIR"=dword:00000001

    "orderFIR"=dword:00000003

    "firTaps"=dword:00000020

    "firType"=dword:00000000

    "firFreq"=dword:00001770

    "firWidth"=dword:000003e8

    "firWindow"=dword:00000004

    "firKaiserBeta"=dword:000003e8

    "isConvolver"=dword:00000000

    "showConvolver"=dword:00000001

    "orderConvolver"=dword:00000004

    "convolverMixingStrength"=dword:00000064

    "convolverLevelAdjustDB"=dword:00000000

    "convolverLevelAdjustAuto"=dword:00000001

    "convolverMappingMode"=dword:00000000

    "convolverFile"=""

    "convolverFileL"=""

    "convolverFileR"=""

    "convolverFileC"=""

    "convolverFileSL"=""

    "convolverFileSR"=""

    "convolverFileLFE"=""

    "isAudioDenoise"=dword:00000000

    "showAudioDenoise"=dword:00000001

    "orderAudioDenoise"=dword:00000005

    "audioDenoiseThreshold"=dword:00000064

    "isWinamp2"=dword:00000000

    "orderWinamp2"=dword:00000006

    "showWinamp2"=dword:00000001

    "allowMultichannelOnlyIn"="dsp_dfx.dll"

    "winamp2flnm"=""

    "winamp2filtername"=""

    "isFreeverb"=dword:00000000

    "showFreeverb"=dword:00000001

    "orderFreeverb"=dword:00000007

    "freeverbRoomsize"=dword:000001f4

    "freeverbDamp"=dword:000000fa

    "freeverbWet"=dword:0000014d

    "freeverbDry"=dword:000002ee

    "freeverbWidth"=dword:000003e8

    "freeverbMode"=dword:00000000

    "isCrystality"=dword:00000000

    "showCrystality"=dword:00000001

    "orderCrystality"=dword:00000008

    "bext_level"=dword:0000001c

    "echo_level"=dword:0000000b

    "stereo_level"=dword:0000000b

    "filter_level"=dword:00000003

    "feedback_level"=dword:0000001e

    "harmonics_level"=dword:0000002b

    "isResample"=dword:00000000

    "showResample"=dword:00000001

    "orderResample"=dword:00000009

    "resampleFreq"=dword:0000ac44

    "resampleMode"=dword:00000000

    "resampleIf"=dword:00000000

    "resampleIfCond"=dword:00000001

    "resampleIfFreq"=dword:0000ac44

    "isDelay"=dword:00000000

    "showDelay"=dword:00000001

    "orderDelay"=dword:0000000a

    "delayL"=dword:00000000

    "delayC"=dword:00000000

    "delayR"=dword:00000000

    "delaySL"=dword:00000000

    "delaySR"=dword:00000000

    "delayAL"=dword:00000000

    "delayLFE"=dword:00000000

    "delayAR"=dword:00000000

    "delayBC"=dword:00000000

    "isLFEcrossover"=dword:00000000

    "showLFEcrossover"=dword:00000001

    "orderLFEcrossover"=dword:0000000b

    "LFEcrossoverFreq"=dword:000000b4

    "LFEcrossoverGain"=dword:ffffff38

    "IDFF_LFEcutLR"=dword:00000000

    "isChannelSwap"=dword:00000000

    "showChannelSwap"=dword:00000001

    "orderChannelSwap"=dword:0000000c

    "channelSwapL"=dword:00000001

    "channelSwapR"=dword:00000002

    "channelSwapC"=dword:00000004

    "channelSwapSL"=dword:00000010

    "channelSwapRear"=dword:00000100

    "channelSwapSR"=dword:00000020

    "channelSwapLFE"=dword:00000008

    "channelSwapAL"=dword:00000200

    "channelSwapAR"=dword:00000400

    "showMixer"=dword:00000001

    "orderMixer"=dword:0000000d

    "mixerMatrix00"=dword:000186a0

    "mixerMatrix02"=dword:00000000

    "mixerMatrix01"=dword:00000000

    "mixerMatrix05"=dword:00000000

    "mixerMatrix03"=dword:00000000

    "mixerMatrix04"=dword:00000000

    "mixerMatrix20"=dword:00000000

    "mixerMatrix22"=dword:000186a0

    "mixerMatrix21"=dword:00000000

    "mixerMatrix25"=dword:00000000

    "mixerMatrix23"=dword:00000000

    "mixerMatrix24"=dword:00000000

    "mixerMatrix10"=dword:00000000

    "mixerMatrix12"=dword:00000000

    "mixerMatrix11"=dword:000186a0

    "mixerMatrix15"=dword:00000000

    "mixerMatrix13"=dword:00000000

    "mixerMatrix14"=dword:00000000

    "mixerMatrix50"=dword:00000000

    "mixerMatrix52"=dword:00000000

    "mixerMatrix51"=dword:00000000

    "mixerMatrix55"=dword:000186a0

    "mixerMatrix53"=dword:00000000

    "mixerMatrix54"=dword:00000000

    "mixerMatrix30"=dword:00000000

    "mixerMatrix32"=dword:00000000

    "mixerMatrix31"=dword:00000000

    "mixerMatrix35"=dword:00000000

    "mixerMatrix33"=dword:000186a0

    "mixerMatrix34"=dword:00000000

    "mixerMatrix40"=dword:00000000

    "mixerMatrix42"=dword:00000000

    "mixerMatrix41"=dword:00000000

    "mixerMatrix45"=dword:00000000

    "mixerMatrix43"=dword:00000000

    "mixerMatrix44"=dword:000186a0

    "mixerCustomMatrix"=dword:00000000

    "mixerExpandStereo2"=dword:00000000

    "mixerVoiceControl2"=dword:00000000

    "headphone_dim"=dword:0000000a

    "mixerClev"=dword:00000064

    "mixerSlev"=dword:00000064

    "mixerLFElev"=dword:00000064

    "mixerMatrix60"=dword:00000000

    "mixerMatrix62"=dword:00000000

    "mixerMatrix61"=dword:00000000

    "mixerMatrix65"=dword:00000000

    "mixerMatrix63"=dword:00000000

    "mixerMatrix64"=dword:00000000

    "mixerMatrix66"=dword:000186a0

    "mixerMatrix67"=dword:00000000

    "mixerMatrix70"=dword:00000000

    "mixerMatrix72"=dword:00000000

    "mixerMatrix71"=dword:00000000

    "mixerMatrix75"=dword:00000000

    "mixerMatrix73"=dword:00000000

    "mixerMatrix74"=dword:00000000

    "mixerMatrix76"=dword:00000000

    "mixerMatrix77"=dword:000186a0

    "mixerMatrix06"=dword:00000000

    "mixerMatrix07"=dword:00000000

    "mixerMatrix26"=dword:00000000

    "mixerMatrix27"=dword:00000000

    "mixerMatrix16"=dword:00000000

    "mixerMatrix17"=dword:00000000

    "mixerMatrix56"=dword:00000000

    "mixerMatrix57"=dword:00000000

    "mixerMatrix36"=dword:00000000

    "mixerMatrix37"=dword:00000000

    "mixerMatrix46"=dword:00000000

    "mixerMatrix47"=dword:00000000

    "mixerMatrix78"=dword:00000000

    "mixerMatrix80"=dword:00000000

    "mixerMatrix82"=dword:00000000

    "mixerMatrix81"=dword:00000000

    "mixerMatrix85"=dword:00000000

    "mixerMatrix83"=dword:00000000

    "mixerMatrix84"=dword:00000000

    "mixerMatrix86"=dword:00000000

    "mixerMatrix87"=dword:00000000

    "mixerMatrix88"=dword:000186a0

    "mixerMatrix08"=dword:00000000

    "mixerMatrix28"=dword:00000000

    "mixerMatrix18"=dword:00000000

    "mixerMatrix58"=dword:00000000

    "mixerMatrix38"=dword:00000000

    "mixerMatrix48"=dword:00000000

    "mixerMatrix68"=dword:00000000

    "outsfs"=dword:00000001

    "outAC3bitrate"=dword:00000280

    "connectTo"=dword:00000000

    "connectToOnlySpdif"=dword:00000001

    "outAC3EncodeMode"=dword:00000000

    "multichannelDevice"=""

    "multichannelDeviceId"=""

    "autoloadExtsNeedFix"=dword:00000001

    "autoloadFlnm"=dword:00000000

    "autoloadExt"=dword:00000000

    "autoloadExts"=""

    "autoloadExe"=dword:00000000

    "autoloadExes"=""

    "autoloadVolumeName"=dword:00000000

    "autoloadVolumeNames"=""

    "autoloadVolumeSerial"=dword:00000000

    "autoloadVolumeSerials"=""

    "autoloadDecoder"=dword:00000000

    "autoloadDecoders"=""

    "autoloadDSfilter"=dword:00000000

    "autoloadDSfilters"=""

    "autoloadNchannel"=dword:00000000

    "autoloadNchannels"=""

    "autoloadFreq"=dword:00000000

    "autoloadFreqs"=""

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\KMPlayer\KMP2.0\AutoVisList]

    @DACL=(02 0000)

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\KMPlayer\KMP2.0\CaptionFolderList]

    @DACL=(02 0000)

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\KMPlayer\KMP2.0\DScaler]

    @DACL=(02 0000)

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\KMPlayer\KMP2.0\EqulizerList]

    @DACL=(02 0000)

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\KMPlayer\KMP2.0\FileAssList]

    @DACL=(02 0000)

    "0"="AVI"

    "1"="DAT"

    "2"="MOV"

    "3"="MPEG"

    "4"="MPG"

    "5"="VOB"

    "6"="MKV"

    "7"="MP4"

    "8"="FLV"

    "9"="3GP"

    "10"="TS"

    "11"="TP"

    "12"="WMV"

    "13"="ASF"

    "14"="OGM"

    "15"="KPL"

    "16"="FLV"

    "17"="SWF"

    "18"="SMI"

    "19"="ASS"

    "20"="SRT"

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\KMPlayer\KMP2.0\FPSConvList]

    @DACL=(02 0000)

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\KMPlayer\KMP2.0\OpenList]

    @DACL=(02 0000)

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\KMPlayer\KMP2.0\OptionArea]

    @DACL=(02 0000)

    "InstallPath"="c:\\Program Files\\The KMPlayer\\KMPlayer.exe"

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\KMPlayer\KMP2.0\OptionList]

    @DACL=(02 0000)

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\KMPlayer\KMP2.0\PanScanList]

    @DACL=(02 0000)

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\KMPlayer\KMP2.0\UseFilterList]

    @DACL=(02 0000)

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\Microsoft\MPEG2Demultiplexer\Transport]

    @DACL=(02 0000)

    "Clock"=dword:00000001

    "ClockSlaveMinSamplingWindowMillis"=dword:000007d0

    "ClockSlaveHistoryMillis"=dword:0003a980

    "ClockSlaveMinSlavable"=dword:0000005f

    "ClockSlaveMaxSlavable"=dword:00000069

    "ShiftMaxGlitchesPerHour"=dword:0000003c

    "SimulatePBDA"=dword:00000000

    "OverPadMillis"=dword:00000032

    "MinDownstreamBufferingMillis"=dword:000000c8

    "ClockSlaveSettlingMillis"=dword:00002710

    "ReportDiscontinuities"=dword:00000001

    "SetSyncPoints"=dword:00000001

    "TimeoutCheckThreshold"=dword:00000064

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alac\OpenWithProgids]

    @DACL=(02 0000)

    "alacfile"=hex(0):

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.anx\OpenWithProgids]

    @DACL=(02 0000)

    "oggfile"=hex(0):

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ape\OpenWithProgids]

    @DACL=(02 0000)

    "apefile"=hex(0):

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acha\OpenWithProgids]

    @DACL=(02 0000)

    "oggfile"=hex(0):

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.axv\OpenWithProgids]

    @DACL=(02 0000)

    "oggfile"=hex(0):

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dotm\OpenWithProgids]

    @DACL=(02 0000)

    "Word.TemplateMacroEnabled.12"=hex(0):

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dotx\OpenWithProgids]

    @DACL=(02 0000)

    "Word.Template.12"=hex(0):

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.moh\OpenWithProgids]

    @DACL=(02 0000)

    "mohfile"=hex(0):

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpc\OpenWithProgids]

    @DACL=(02 0000)

    "mpcfile"=hex(0):

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oga\OpenWithProgids]

    @DACL=(02 0000)

    "oggfile"=hex(0):

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\OpenWithProgids]

    @DACL=(02 0000)

    "NeroShowTime.Files7.ogg"=hex(0):

    "oggfile"=hex(0):

    "Winamp.File.OGG"=hex(0):

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogv\OpenWithProgids]

    @DACL=(02 0000)

    "oggfile"=hex(0):

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.on2\OpenWithProgids]

    @DACL=(02 0000)

    "WMP11.AssocFile.AVI"=hex(0):

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppam\OpenWithProgids]

    @DACL=(02 0000)

    "PowerPoint.Addin.12"=hex(0):

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\OpenWithProgids]

    @DACL=(02 0000)

    "oggfile"=hex(0):

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tta\OpenWithProgids]

    @DACL=(02 0000)

    "ttafile"=hex(0):

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\MiniTool Solution Ltd.\MiniTool Power Data Recovery]

    @DACL=(02 0000)

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000\Software\MLSync\SyncControl]

    @DACL=(02 0000)

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000_Classes\callto\DefaultIcon]

    @DACL=(02 0000)

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000_Classes\callto\shell]

    @DACL=(02 0000)

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000_Classes\CLSID\{38753908-bf82-4baa-805b-422049ac23c6}]

    @Denied: (Full) (Everyone)

    @Allowed: (Read) (RestrictedCode)

    "Model"=dword:000000aa

    "Therad"=dword:00000012

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

    @Denied: (Full) (Everyone)

    @Allowed: (Read) (RestrictedCode)

    "scansk"=hex(0):56,ce,4e,76,64,7b,76,06,a7,a0,54,c6,2e,40,ad,76,f3,b1,10,4c,58,

    cb,74,1b,46,31,69,c9,d2,46,f0,0f,0b,a0,6e,5b,85,ee,93,dc,00,00,00,00,00,00,\

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000_Classes\ed2k\DefaultIcon]

    @DACL=(02 0000)

    .

    [HKEY_USERS\S-1-5-21-686748123-1962094964-1396759874-1000_Classes\ed2k\shell]

    @DACL=(02 0000)

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    "MSCurrentCountry"=dword:000000b5

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

    .

    - - - - - - - > 'lsass.exe'(508)

    c:\windows\system32\DPPWDFLT.DLL

    .

    - - - - - - - > 'Explorer.exe'(3784)

    c:\windows\system32\btncopy.dll

    c:\program files\Internet Download Manager\idmmkb.dll

    c:\program files\GBPLUGIN\gbieh.dll

    c:\program files\GbPlugin\gbiehbnt.dll

    c:\program files\Common Files\Ahead\Lib\MediaLibraryNSE.dll

    c:\program files\Common Files\Ahead\Lib\MFC71U.DLL

    .

    ------------------------ Outros Processos em Execução ------------------------

    .

    c:\windows\system32\taskhost.exe

    c:\program files\DigitalPersona\Bin\DpHostW.exe

    c:\program files\Common Files\LightScribe\LSSrvc.exe

    c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

    c:\windows\system32\sppsvc.exe

    c:\windows\System32\rundll32.exe

    c:\windows\system32\conhost.exe

    c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

    c:\windows\ehome\ehmsas.exe

    c:\program files\Apoint2K\ApMsgFwd.exe

    c:\program files\Apoint2K\Apntex.exe

    c:\windows\system32\conhost.exe

    c:\program files\Hewlett-Packard\Shared\HpqToaster.exe

    c:\program files\Windows Media Player\wmpnetwk.exe

    c:\program files\Internet Download Manager\IEMonitor.exe

    c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

    c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe

    .

    **************************************************************************

    .

    Tempo para conclusão: 2012-06-18 23:56:43 - Máquina reiniciou

    ComboFix-quarantined-files.txt 2012-06-19 02:56

    .

    Pré-execução: 11.580.772.352 bytes disponíveis

    Pós execução: 11.600.916.480 bytes disponíveis

    .

    - - End Of File - - B94682B7E01861F7D4756238AB41B299

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Configure o Windows para mostrar todos os arquivos

    Acesse este site: http://virustotal.com/

    Em Choose File coloque: c:\program files\instmsia.exe

    Em seguida clique em Submit

    Copie e poste o resultado deste exame.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Renato,

    Depois de executar o ComboFix, eu não estou acessando a internet. Meu note encontra a rede wireless e faz a conexão à internet. No entanto, quando eu tento abrir o chrome ou o firefox, aparece a mensagem que descrevi acima: "Tentativa de operação ilegal em uma chave de registro marcada para exclusão". Outros aplicativos e mesmo arquivos de texto / áudio / vídeo apresentam a mesma mensagem quando tento abrir.

    Posso fazer a verificação do arquivo que você citou acima por intermédio de outro computador (minha mulher) sem risco de infectá-lo ?

    Caso seja necessário fazer a verificação a partir do note infectado, posso baixar um navegador qualquer pelo pc de minha esposa e instalar no notebook para fazer a verificação que você pediu ?

    Fico no aguardo de suas instruções.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Segue abaixo o log solicitado (ComboFix2.txt). Verifiquei que além dos navegadores de internet, outros programas e arquivos não estão abrindo. Aparece a seguinte mensagem: "Tentativa de operação ilegal em uma chave de registro marcada para exclusão".

    Em uma pesquisa rápida aqui, ví vários casos assim, mas bastou reiniciar o computador que resolveu, você já fez isso?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Renato,

    De fato foi só reiniciar o note que a tal mensagem não mais apareceu (apesar de que o note levou mais de 10 minutos para reiniciar). Segue abaixo o resultado da verificação que você pediu:

    File already analysed

    This file was already analysed by VirusTotal on 2012-05-29 15:12:59.

    Detection ratio: 0/41

    You can take a look at the last analysis or analyse it again now.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Por gentileza, passe o link da análise do Virus Total no arquivo que pedi acima.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Baixe o Kaspersky AVP Tool de um desses 2 links:

    http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

    http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/

    Você será conduzido a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. Somente o campo "email" é obrigatório.

    Informe seu email depois clique no botão Submit Form.

    A página será recarregada. Clique no botão Download

    Salve-o em sua área de trabalho.

    Execute o arquivo e aguarde a instalação.

    ** Usuários do Windows Vista e Windows 7:

    Clique com o direito sobre o arquivo, depois clique em Executar como administrador

    Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start. Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

    KRT_settings.png

    Nesta tela, marque a caixa ao lado de:

    • Meu Computador
    • Disco local (C:)

    Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem. Depois clique na aba Automatic Scan

    KRT_install2_.png

    De volta à tela inicial do programa, clique no botão Start scanning

    Tenha paciência, é um pouco demorado.

    Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer.

    Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

    KRT_detection_.png

    Enquanto durar o exame, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor laranja, caso nada tenha sido detectado, e na cor vermelha, caso tenha encontrado algo.

    Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão No, thanks.

    De volta à tela principal, caso tenha sido detectado algo, então salve o log. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.

    Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings"). Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.

    Escolha um local de fácil acesso e salve como log.txt

    Copie todo o conteúdo desse bloco de notas e cole na sua próxima resposta.

    Se nada for detectado, então não precisa salvar o log. Apenas poste aqui avisando.

    Para sair do programa, basta clicar no X no canto superior direito.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Renato,

    Fiz o procedimento acima e não foi encontrado nada (no threats detected). Isso significa que o note está limpo ? Posso instalar o kaspersky antivirus que o malware havia removido ?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Instale o antivírus desejado e monitore o estado do computador.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×