Ir ao conteúdo
  • Cadastre-se
lucio.lfv

Invasão com redirecionamento de paginas e lentidão

Recommended Posts

A uns 15 ou 20 dias meu note começou a apresentar anomalias. Excesso de banners durante a navegação e redirecionamento frequente para uma página parecida com "www.gzt.net...". Passei o AV NOD32 e detectou e removeu algumas ameaças, normalizando o comportamento. Dias depois o problema retornou agora redirecionando para "www.ici.resynccdn...". Passei o AV e não detectou. Usei alguns anti-malwares que removeram várias ameaças mas não resolveram o problema. Note absurdamente lento na navegação.

Seguem os resultados solicitados.

Agradeço a atenção.

Lucio.

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2

Run by Lucio at 19:59:03 on 2013-09-18

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3055.2331 [GMT -3:00]

.

AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

============== Running Processes ================

.

F:\ARQUIV~1\GbPlugin\GbpSv.exe

F:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

F:\WINDOWS\system32\spoolsv.exe

F:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

F:\Arquivos de programas\Bonjour\mDNSResponder.exe

F:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

F:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

F:\Arquivos de programas\Java\jre7\bin\jqs.exe

F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

F:\Documents and Settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe

F:\Arquivos de programas\Spyware Terminator\st_rsser.exe

F:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

F:\WINDOWS\System32\alg.exe

F:\WINDOWS\system32\wbem\wmiapsrv.exe

F:\WINDOWS\Explorer.EXE

F:\WINDOWS\RTHDCPL.EXE

F:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

F:\WINDOWS\system32\rundll32.exe

F:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

F:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

F:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

F:\Arquivos de programas\Ahead\InCD\InCD.exe

F:\WINDOWS\system32\rundll32.exe

G:\Programas\Kies\KiesTrayAgent.exe

G:\Programas\Itunes\iTunesHelper.exe

F:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

F:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe

G:\Programas\Kies\Kies.exe

G:\Programas\Kies\External\FirmwareUpdate\KiesPDLR.exe

F:\WINDOWS\system32\ctfmon.exe

F:\Arquivos de programas\iPod\bin\iPodService.exe

F:\WINDOWS\system32\DllHost.exe

F:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

F:\WINDOWS\system32\wscntfy.exe

F:\WINDOWS\system32\wbem\wmiprvse.exe

F:\WINDOWS\system32\svchost.exe -k DcomLaunch

F:\WINDOWS\system32\svchost.exe -k rpcss

F:\WINDOWS\System32\svchost.exe -k netsvcs

F:\WINDOWS\system32\svchost.exe -k NetworkService

F:\WINDOWS\system32\svchost.exe -k LocalService

F:\WINDOWS\system32\svchost.exe -k LocalService

F:\WINDOWS\system32\svchost.exe -k bthsvcs

F:\WINDOWS\system32\svchost.exe -k imgsvc

F:\WINDOWS\system32\svchost.exe -k netsvcs

F:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.br/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - g:\programas\orbitdownloader\orbitcth.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - f:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: ssh2 Class: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - f:\arquivos de programas\scpad\scpsssh2.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - f:\arquivos de programas\java\jre7\bin\ssv.dll

BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - f:\documents and settings\lucio\dados de aplicativos\flashgetbho\FlashGetBHO3.dll

BHO: {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - <orphaned>

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - f:\arquivos de programas\gbplugin\gbieh.dll

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540003} - f:\arquivos de programas\gbplugin\gbiehcef.dll

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540015} - f:\arquivos de programas\gbplugin\gbiehIsg.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - f:\arquivos de programas\java\jre7\bin\jp2ssv.dll

TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - g:\programas\orbitdownloader\GrabPro.dll

TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - g:\programas\orbitdownloader\GrabPro.dll

uRun: [DAEMON Tools Lite] "g:\programas\daemon tools lite\DTLite.exe" -autorun

uRun: [KiesPreload] g:\programas\kies\Kies.exe /preload

uRun: [KiesPDLR] g:\programas\kies\external\firmwareupdate\KiesPDLR.exe

uRun: [NBJ] "f:\arquivos de programas\ahead\nero backitup\NBJ.exe"

uRun: [ctfmon.exe] f:\windows\system32\ctfmon.exe

mRun: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [sMSERIAL] f:\arquivos de programas\motorola\smserial\sm56hlpr.exe

mRun: [bIH] f:\windows\system32\rundll32.exe bih.dll, InitGauge

mRun: [TkBellExe] "f:\arquivos de programas\arquivos comuns\real\update_ob\realsched.exe" -osboot

mRun: [egui] "f:\arquivos de programas\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [RemoteControl] "f:\arquivos de programas\cyberlink dvd solution\powerdvd\PDVDServ.exe"

mRun: [inCD] f:\arquivos de programas\ahead\incd\InCD.exe

mRun: [NeroFilterCheck] f:\windows\system32\NeroCheck.exe

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [Adobe Reader Speed Launcher] "f:\arquivos de programas\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "f:\arquivos de programas\arquivos comuns\adobe\arm\1.0\AdobeARM.exe"

mRun: [KiesTrayAgent] g:\programas\kies\KiesTrayAgent.exe

mRun: [APSDaemon] "f:\arquivos de programas\arquivos comuns\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "g:\programas\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "f:\arquivos de programas\arquivos comuns\java\java update\jusched.exe"

mRun: [spywareTerminatorUpdater] f:\arquivos de programas\spyware terminator\SpywareTerminatorUpdate.exe

dRun: [CTFMON.EXE] f:\windows\system32\CTFMON.EXE

StartupFolder: f:\docume~1\lucio\menuin~1\progra~1\inicia~1\limewi~1.lnk - g:\programas\limewire\LimeWire.exe

StartupFolder: f:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\utilit~1.lnk - f:\windows\system32\sistray.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: &Download by Orbit - g:\programas\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - g:\programas\orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - g:\programas\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - g:\programas\orbitdownloader\orbitmxt.dll/202

IE: Download all by FlashGet3 - f:\documents and settings\lucio\dados de aplicativos\flashgetbho\GetAllUrl.htm

IE: Download by FlashGet3 - f:\documents and settings\lucio\dados de aplicativos\flashgetbho\GetUrl.htm

IE: E&xportar para o Microsoft Excel - f:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

IE: ????3?? - <no file>

IE: ????3?????? - <no file>

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - f:\arquivos de programas\pokerstars\PokerStarsUpdate.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\arquivos de programas\messenger\msmsgs.exe

Trusted Zone: caixa.gov.br

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E37CB5F0-51F5-4395-A808-5FA49E399015} - hxxps://www5.infoseg.gov.br/Install/GbPluginIsg.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{5CF76CF3-519B-4C05-968C-77C1665B1C31} : DHCPNameServer = 192.168.42.129

TCP: Interfaces\{78240407-D696-4F6C-B6A0-F520D83EC98C} : DHCPNameServer = 192.168.0.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - f:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - f:\arquivos de programas\arquivos comuns\skype\Skype4COM.dll

Notify: GbPluginBb - f:\arquivos de programas\gbplugin\gbieh.dll

Notify: GbPluginCef - f:\arquivos de programas\gbplugin\gbiehCef.dll

Notify: GbPluginIsg - f:\arquiv~1\gbplugin\gbiehIsg.dll

SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - f:\arquivos de programas\scpad\scpLIB.dll

STS: compIB Class - {A3717295-941D-416F-9384-ED1736729F1C} - f:\arquivos de programas\scpad\scpLIB.dll

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399015} - f:\arquivos de programas\gbplugin\gbiehIsg.dll

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - f:\arquivos de programas\gbplugin\gbieh.dll

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - f:\arquivos de programas\gbplugin\gbiehcef.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - f:\documents and settings\lucio\dados de aplicativos\mozilla\firefox\profiles\vtr7h0vc.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.com.br

FF - prefs.js: keyword.URL - hxxp://br.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_br&p=

FF - prefs.js: network.proxy.type - 0

FF - plugin: f:\arquivos de programas\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: f:\arquivos de programas\google\google earth\plugin\npgeplugin.dll

FF - plugin: f:\arquivos de programas\google\update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: f:\arquivos de programas\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: f:\arquivos de programas\microsoft silverlight\5.1.20513.0\npctrlui.dll

FF - plugin: f:\arquivos de programas\virtools\3d life player\npvirtools.dll

FF - plugin: f:\documents and settings\lucio\configuraã§ãµes locais\dados de aplicativos\gas tecnologia\gbbd\npsf_bb.dll

FF - plugin: f:\documents and settings\lucio\configuraã§ãµes locais\dados de aplicativos\gas tecnologia\gbbd\npsf_cef.dll

FF - plugin: f:\documents and settings\lucio\configuraã§ãµes locais\dados de aplicativos\gas tecnologia\gbbd\npsf_isg.dll

FF - plugin: f:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll

FF - plugin: f:\windows\system32\npdeployJava1.dll

FF - plugin: f:\windows\system32\npptools.dll

FF - plugin: g:\programas\itunes\mozilla plugins\npitunes.dll

FF - plugin: g:\programas\vlc\npvlc.dll

FF - ExtSQL: 2013-08-30 18:21; {87F8774F-B485-47E2-A755-A40A8A5E886D}; f:\documents and settings\lucio\configuraãƒâ§ãƒâµes locais\dados de aplicativos\gas tecnologia\gbbd\cef\xpi

FF - ExtSQL: 2013-09-12 00:11; {0303e6fc-c062-47f1-825d-73e5e97d1d43}; f:\arquivos de programas\lyricsseeker\133.xpi

FF - ExtSQL: 2013-09-12 13:55; {87F8774F-B485-47E2-A755-A40A8A5E886C}; f:\documents and settings\lucio\configuraãƒâ§ãƒâµes locais\dados de aplicativos\gas tecnologia\gbbd\bb\xpi

FF - ExtSQL: !HIDDEN! 2011-01-10 16:17; {20a82645-c095-46ed-80e3-08825760534b}; f:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

============= SERVICES / DRIVERS ===============

.

R0 GbpKm;Gbp KernelMode;f:\windows\system32\drivers\GbpKm.sys [2009-10-7 47688]

R1 ehdrv;ehdrv;f:\windows\system32\drivers\ehdrv.sys [2009-3-19 107256]

R1 epfwtdir;epfwtdir;f:\windows\system32\drivers\epfwtdir.sys [2009-3-19 93848]

R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;f:\windows\system32\drivers\sp_rsdrv2.sys [2013-9-12 32768]

R2 ekrn;ESET Service;f:\arquivos de programas\eset\eset nod32 antivirus\ekrn.exe [2009-3-19 731840]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;f:\arquivos de programas\firebird\firebird_2_1\bin\fbguard.exe [2012-12-12 81920]

R2 GbpSv;Gbp Service;f:\arquiv~1\gbplugin\GbpSv.exe [2009-10-7 409640]

R2 Skype C2C Service;Skype C2C Service;f:\documents and settings\all users\dados de aplicativos\skype\toolbars\skype c2c service\c2c_service.exe [2012-10-2 3064000]

R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;f:\arquivos de programas\spyware terminator\st_rsser.exe [2013-9-12 587912]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;f:\arquivos de programas\firebird\firebird_2_1\bin\fbserver.exe [2012-12-12 2764800]

R3 NdisrdMP;NdisrdMP;f:\windows\system32\drivers\GbpNdisrd.sys [2012-1-29 31088]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;f:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;f:\arquivos de programas\skype\updater\Updater.exe [2012-2-29 158856]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);f:\windows\system32\drivers\ssudbus.sys [2012-9-23 83168]

S3 GNOME_R;GNOME_R;f:\windows\system32\drivers\gnome.sys [2010-3-2 10496]

S3 Ndisrd;GAS Tecnologia Service;f:\windows\system32\drivers\GbpNdisrd.sys [2012-1-29 31088]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;f:\windows\system32\drivers\nmwcdnsu.sys [2010-1-26 136704]

S3 nmwcdnsuc;Nokia USB Flashing Generic;f:\windows\system32\drivers\nmwcdnsuc.sys [2010-1-26 8320]

S3 pwdrvio;pwdrvio;f:\windows\system32\pwdrvio.sys [2010-7-1 15576]

S3 pwdspio;pwdspio;f:\windows\system32\pwdspio.sys [2010-7-1 10200]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);f:\windows\system32\drivers\ssudmdm.sys [2012-9-23 181344]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;f:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2013-09-18 16:19:30 -------- d-sha-r- F:\cmdcons

2013-09-18 16:14:06 98816 ----a-w- f:\windows\sed.exe

2013-09-18 16:14:06 256000 ----a-w- f:\windows\PEV.exe

2013-09-18 16:14:06 208896 ----a-w- f:\windows\MBR.exe

2013-09-17 22:53:41 -------- d-----w- f:\windows\ERUNT

2013-09-17 22:27:42 -------- d-----w- F:\AdwCleaner

2013-09-17 21:30:50 -------- d-----w- f:\documents and settings\lucio\dados de aplicativos\Malwarebytes

2013-09-17 21:30:33 -------- d-----w- f:\documents and settings\all users\dados de aplicativos\Malwarebytes

2013-09-17 21:30:31 22856 ----a-w- f:\windows\system32\drivers\mbam.sys

2013-09-17 21:30:31 -------- d-----w- f:\arquivos de programas\Malwarebytes' Anti-Malware

2013-09-17 20:12:01 -------- d-----w- F:\TDSSKiller_Quarantine

2013-09-12 23:26:39 32768 ----a-w- f:\windows\system32\drivers\sp_rsdrv2.sys

2013-09-12 23:26:38 -------- d-----w- f:\documents and settings\lucio\dados de aplicativos\Spyware Terminator

2013-09-12 23:26:38 -------- d-----w- f:\documents and settings\all users\dados de aplicativos\Spyware Terminator

2013-09-12 23:26:35 -------- d-----w- f:\arquivos de programas\Spyware Terminator

2013-09-12 03:11:44 -------- d-----w- f:\arquivos de programas\LyricsSeeker

2013-08-22 02:07:09 4751752 ----a-w- f:\windows\system32\FlashPlayerInstaller.exe

.

==================== Find3M ====================

.

2013-09-18 22:51:43 31088 ----a-w- f:\windows\system32\drivers\GbpNdisrd.sys

2013-09-13 14:03:33 71048 ----a-w- f:\windows\system32\FlashPlayerCPLApp.cpl

2013-09-13 14:03:33 692616 ----a-w- f:\windows\system32\FlashPlayerApp.exe

2013-08-09 01:56:35 389632 ----a-w- f:\windows\system32\themeui.dll

2013-08-08 06:09:36 1877888 ----a-w- f:\windows\system32\win32k.sys

2013-08-08 06:05:46 920064 ----a-w- f:\windows\system32\wininet.dll

2013-08-08 06:05:46 43520 ----a-w- f:\windows\system32\licmgr10.dll

2013-08-08 06:05:45 18944 ----a-w- f:\windows\system32\corpol.dll

2013-08-08 06:05:45 1469440 ----a-w- f:\windows\system32\inetcpl.cpl

2013-08-08 00:04:27 385024 ----a-w- f:\windows\system32\html.iec

2013-08-05 13:30:15 1289216 ----a-w- f:\windows\system32\ole32.dll

2013-07-31 05:41:22 810496 ----a-w- f:\windows\system32\wmvdmod.dll

2013-07-10 10:37:49 406016 ----a-w- f:\windows\system32\usp10.dll

2013-07-04 07:34:00 2153984 ----a-w- f:\windows\system32\ntoskrnl.exe

2013-07-04 07:33:59 2032640 ----a-w- f:\windows\system32\ntkrnlpa.exe

2013-07-01 18:40:10 47688 ----a-w- f:\windows\system32\drivers\GbpKm.sys

2013-06-25 11:59:19 94632 ----a-w- f:\windows\system32\WindowsAccessBridge.dll

2013-06-25 11:59:14 144896 ----a-w- f:\windows\system32\javacpl.cpl

2013-06-25 11:59:12 867240 ----a-w- f:\windows\system32\npdeployJava1.dll

2013-06-25 11:59:12 789416 ----a-w- f:\windows\system32\deployJava1.dll

2004-10-01 17:00:16 40960 ----a-w- f:\arquivos de programas\Uninstall_CDS.exe

.

============= FINISH: 19:59:49,21 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 29/6/2009 22:45:46

System Uptime: 18/9/2013 19:49:44 (0 hours ago)

.

Motherboard: -O | | JFW01

Processor: Intel® Core2 Duo CPU T5800 @ 2.00GHz | uPGA 479M | 1999/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 20 GiB total, 19,706 GiB free.

D: is CDROM (CDFS)

F: is FIXED (NTFS) - 47 GiB total, 16,004 GiB free.

G: is FIXED (NTFS) - 231 GiB total, 43,118 GiB free.

H: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description:

Device ID: ACPI\CPL0002\2&DABA3FF&0

Manufacturer:

Name:

PNP Device ID: ACPI\CPL0002\2&DABA3FF&0

Service:

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: SiS191 Ethernet Controller

Device ID: PCI\VEN_1039&DEV_0191&SUBSYS_002A14C0&REV_02\3&267A616A&0&20

Manufacturer: Silicon Integrated Systems Corp.

Name: SiS191 Ethernet Controller

PNP Device ID: PCI\VEN_1039&DEV_0191&SUBSYS_002A14C0&REV_02\3&267A616A&0&20

Service: SiSGbeXP

.

==== System Restore Points ===================

.

RP658: 25/6/2013 07:50:07 - Software Distribution Service 3.0

RP659: 25/6/2013 08:58:26 - Removido Java 7 Update 17

RP660: 25/6/2013 08:59:06 - Instalado Java 7 Update 25

RP661: 27/6/2013 16:33:36 - Ponto de verificação do sistema

RP662: 28/6/2013 22:43:42 - Ponto de verificação do sistema

RP663: 30/6/2013 19:19:22 - Ponto de verificação do sistema

RP664: 4/7/2013 10:44:26 - Ponto de verificação do sistema

RP665: 5/7/2013 11:16:38 - Ponto de verificação do sistema

RP666: 6/7/2013 14:31:07 - Ponto de verificação do sistema

RP667: 8/7/2013 12:26:36 - Ponto de verificação do sistema

RP668: 9/7/2013 14:59:02 - Ponto de verificação do sistema

RP669: 10/7/2013 15:05:03 - Ponto de verificação do sistema

RP670: 11/7/2013 09:54:39 - Software Distribution Service 3.0

RP671: 12/7/2013 10:21:10 - Ponto de verificação do sistema

RP672: 16/7/2013 16:17:08 - Ponto de verificação do sistema

RP673: 19/7/2013 15:12:23 - Ponto de verificação do sistema

RP674: 21/7/2013 17:33:27 - Ponto de verificação do sistema

RP675: 22/7/2013 19:44:50 - Ponto de verificação do sistema

RP676: 24/7/2013 13:52:17 - Ponto de verificação do sistema

RP677: 25/7/2013 23:18:46 - Software Distribution Service 3.0

RP678: 29/7/2013 11:02:34 - Ponto de verificação do sistema

RP679: 31/7/2013 12:10:15 - Ponto de verificação do sistema

RP680: 1/8/2013 16:03:42 - Ponto de verificação do sistema

RP681: 3/8/2013 13:32:41 - Ponto de verificação do sistema

RP682: 4/8/2013 17:57:48 - Ponto de verificação do sistema

RP683: 6/8/2013 10:14:17 - Ponto de verificação do sistema

RP684: 7/8/2013 12:01:57 - Ponto de verificação do sistema

RP685: 9/8/2013 12:21:07 - Ponto de verificação do sistema

RP686: 10/8/2013 13:50:42 - Ponto de verificação do sistema

RP687: 11/8/2013 21:48:12 - Ponto de verificação do sistema

RP688: 13/8/2013 12:24:36 - Ponto de verificação do sistema

RP689: 14/8/2013 12:30:52 - Ponto de verificação do sistema

RP690: 15/8/2013 13:16:12 - Ponto de verificação do sistema

RP691: 17/8/2013 09:47:26 - Software Distribution Service 3.0

RP692: 19/8/2013 11:45:21 - Ponto de verificação do sistema

RP693: 20/8/2013 12:01:12 - Ponto de verificação do sistema

RP694: 21/8/2013 23:15:26 - Ponto de verificação do sistema

RP695: 23/8/2013 11:45:45 - Ponto de verificação do sistema

RP696: 26/8/2013 11:57:42 - Ponto de verificação do sistema

RP697: 27/8/2013 13:15:45 - Ponto de verificação do sistema

RP698: 28/8/2013 17:25:31 - Ponto de verificação do sistema

RP699: 29/8/2013 18:44:46 - Ponto de verificação do sistema

RP700: 30/8/2013 20:37:36 - Ponto de verificação do sistema

RP701: 31/8/2013 20:56:17 - Ponto de verificação do sistema

RP702: 1/9/2013 01:35:38 - Software Distribution Service 3.0

RP703: 3/9/2013 11:32:04 - Ponto de verificação do sistema

RP704: 4/9/2013 16:59:41 - Ponto de verificação do sistema

RP705: 5/9/2013 18:16:05 - Ponto de verificação do sistema

RP706: 8/9/2013 22:08:02 - Ponto de verificação do sistema

RP707: 9/9/2013 22:57:55 - Ponto de verificação do sistema

RP708: 11/9/2013 12:21:29 - Ponto de verificação do sistema

RP709: 12/9/2013 16:59:11 - Ponto de verificação do sistema

RP710: 13/9/2013 09:37:22 - Software Distribution Service 3.0

RP711: 14/9/2013 10:28:28 - Ponto de verificação do sistema

RP712: 17/9/2013 15:42:26 - Ponto de verificação do sistema

RP713: 18/9/2013 16:26:49 - Ponto de verificação do sistema

.

==== Installed Programs ======================

.

3DVIA player 5.0

7-Zip 4.65

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.4 - Português

Age of Empires III

Apple Mobile Device Support

Apple Software Update

Ares 2.1.7

µTorrent

Atualização de Segurança para Microsoft Windows (KB2564958)

Atualização de Segurança para o Windows Media Player (KB2378111)

Atualização de Segurança para o Windows Media Player (KB2803821-v2)

Atualização de Segurança para o Windows Media Player (KB2803821)

Atualização de Segurança para o Windows Media Player (KB952069)

Atualização de Segurança para o Windows Media Player (KB954155)

Atualização de Segurança para o Windows Media Player (KB973540)

Atualização de Segurança para o Windows Media Player (KB975558)

Atualização de Segurança para o Windows Media Player (KB978695)

Atualização de Segurança para o Windows Media Player 11 (KB954154)

Atualização de Segurança para Windows Internet Explorer 8 (KB2360131)

Atualização de Segurança para Windows Internet Explorer 8 (KB2416400)

Atualização de Segurança para Windows Internet Explorer 8 (KB2482017)

Atualização de Segurança para Windows Internet Explorer 8 (KB2497640)

Atualização de Segurança para Windows Internet Explorer 8 (KB2510531)

Atualização de Segurança para Windows Internet Explorer 8 (KB2530548)

Atualização de Segurança para Windows Internet Explorer 8 (KB2544521)

Atualização de Segurança para Windows Internet Explorer 8 (KB2559049)

Atualização de Segurança para Windows Internet Explorer 8 (KB2586448)

Atualização de Segurança para Windows Internet Explorer 8 (KB2618444)

Atualização de Segurança para Windows Internet Explorer 8 (KB2647516)

Atualização de Segurança para Windows Internet Explorer 8 (KB2675157)

Atualização de Segurança para Windows Internet Explorer 8 (KB2699988)

Atualização de Segurança para Windows Internet Explorer 8 (KB2722913)

Atualização de Segurança para Windows Internet Explorer 8 (KB2744842)

Atualização de Segurança para Windows Internet Explorer 8 (KB2761465)

Atualização de Segurança para Windows Internet Explorer 8 (KB2792100)

Atualização de Segurança para Windows Internet Explorer 8 (KB2797052)

Atualização de Segurança para Windows Internet Explorer 8 (KB2799329)

Atualização de Segurança para Windows Internet Explorer 8 (KB2809289)

Atualização de Segurança para Windows Internet Explorer 8 (KB2817183)

Atualização de Segurança para Windows Internet Explorer 8 (KB2829530)

Atualização de Segurança para Windows Internet Explorer 8 (KB2838727)

Atualização de Segurança para Windows Internet Explorer 8 (KB2846071)

Atualização de Segurança para Windows Internet Explorer 8 (KB2847204)

Atualização de Segurança para Windows Internet Explorer 8 (KB2862772)

Atualização de Segurança para Windows Internet Explorer 8 (KB2870699)

Atualização de Segurança para Windows Internet Explorer 8 (KB971961)

Atualização de Segurança para Windows Internet Explorer 8 (KB981332)

Atualização de Segurança para Windows XP (KB2079403)

Atualização de Segurança para Windows XP (KB2115168)

Atualização de Segurança para Windows XP (KB2121546)

Atualização de Segurança para Windows XP (KB2229593)

Atualização de Segurança para Windows XP (KB2259922)

Atualização de Segurança para Windows XP (KB2279986)

Atualização de Segurança para Windows XP (KB2286198)

Atualização de Segurança para Windows XP (KB2296011)

Atualização de Segurança para Windows XP (KB2296199)

Atualização de Segurança para Windows XP (KB2347290)

Atualização de Segurança para Windows XP (KB2360937)

Atualização de Segurança para Windows XP (KB2387149)

Atualização de Segurança para Windows XP (KB2393802)

Atualização de Segurança para Windows XP (KB2412687)

Atualização de Segurança para Windows XP (KB2419632)

Atualização de Segurança para Windows XP (KB2423089)

Atualização de Segurança para Windows XP (KB2436673)

Atualização de Segurança para Windows XP (KB2440591)

Atualização de Segurança para Windows XP (KB2443105)

Atualização de Segurança para Windows XP (KB2476490)

Atualização de Segurança para Windows XP (KB2476687)

Atualização de Segurança para Windows XP (KB2478960)

Atualização de Segurança para Windows XP (KB2478971)

Atualização de Segurança para Windows XP (KB2479628)

Atualização de Segurança para Windows XP (KB2479943)

Atualização de Segurança para Windows XP (KB2481109)

Atualização de Segurança para Windows XP (KB2483185)

Atualização de Segurança para Windows XP (KB2485376)

Atualização de Segurança para Windows XP (KB2485663)

Atualização de Segurança para Windows XP (KB2503658)

Atualização de Segurança para Windows XP (KB2503665)

Atualização de Segurança para Windows XP (KB2506212)

Atualização de Segurança para Windows XP (KB2506223)

Atualização de Segurança para Windows XP (KB2507618)

Atualização de Segurança para Windows XP (KB2507938)

Atualização de Segurança para Windows XP (KB2508272)

Atualização de Segurança para Windows XP (KB2508429)

Atualização de Segurança para Windows XP (KB2509553)

Atualização de Segurança para Windows XP (KB2511455)

Atualização de Segurança para Windows XP (KB2524375)

Atualização de Segurança para Windows XP (KB2535512)

Atualização de Segurança para Windows XP (KB2536276-v2)

Atualização de Segurança para Windows XP (KB2536276)

Atualização de Segurança para Windows XP (KB2544893-v2)

Atualização de Segurança para Windows XP (KB2544893)

Atualização de Segurança para Windows XP (KB2555917)

Atualização de Segurança para Windows XP (KB2562937)

Atualização de Segurança para Windows XP (KB2566454)

Atualização de Segurança para Windows XP (KB2567053)

Atualização de Segurança para Windows XP (KB2567680)

Atualização de Segurança para Windows XP (KB2570222)

Atualização de Segurança para Windows XP (KB2570947)

Atualização de Segurança para Windows XP (KB2584146)

Atualização de Segurança para Windows XP (KB2585542)

Atualização de Segurança para Windows XP (KB2592799)

Atualização de Segurança para Windows XP (KB2598479)

Atualização de Segurança para Windows XP (KB2603381)

Atualização de Segurança para Windows XP (KB2618451)

Atualização de Segurança para Windows XP (KB2619339)

Atualização de Segurança para Windows XP (KB2620712)

Atualização de Segurança para Windows XP (KB2621440)

Atualização de Segurança para Windows XP (KB2624667)

Atualização de Segurança para Windows XP (KB2631813)

Atualização de Segurança para Windows XP (KB2633171)

Atualização de Segurança para Windows XP (KB2639417)

Atualização de Segurança para Windows XP (KB2641653)

Atualização de Segurança para Windows XP (KB2646524)

Atualização de Segurança para Windows XP (KB2647518)

Atualização de Segurança para Windows XP (KB2653956)

Atualização de Segurança para Windows XP (KB2655992)

Atualização de Segurança para Windows XP (KB2659262)

Atualização de Segurança para Windows XP (KB2660465)

Atualização de Segurança para Windows XP (KB2661637)

Atualização de Segurança para Windows XP (KB2676562)

Atualização de Segurança para Windows XP (KB2685939)

Atualização de Segurança para Windows XP (KB2686509)

Atualização de Segurança para Windows XP (KB2691442)

Atualização de Segurança para Windows XP (KB2695962)

Atualização de Segurança para Windows XP (KB2698365)

Atualização de Segurança para Windows XP (KB2705219)

Atualização de Segurança para Windows XP (KB2707511)

Atualização de Segurança para Windows XP (KB2709162)

Atualização de Segurança para Windows XP (KB2712808)

Atualização de Segurança para Windows XP (KB2718523)

Atualização de Segurança para Windows XP (KB2719985)

Atualização de Segurança para Windows XP (KB2723135)

Atualização de Segurança para Windows XP (KB2724197)

Atualização de Segurança para Windows XP (KB2727528)

Atualização de Segurança para Windows XP (KB2731847)

Atualização de Segurança para Windows XP (KB2753842-v2)

Atualização de Segurança para Windows XP (KB2753842)

Atualização de Segurança para Windows XP (KB2757638)

Atualização de Segurança para Windows XP (KB2758857)

Atualização de Segurança para Windows XP (KB2761226)

Atualização de Segurança para Windows XP (KB2770660)

Atualização de Segurança para Windows XP (KB2778344)

Atualização de Segurança para Windows XP (KB2779030)

Atualização de Segurança para Windows XP (KB2780091)

Atualização de Segurança para Windows XP (KB2799494)

Atualização de Segurança para Windows XP (KB2802968)

Atualização de Segurança para Windows XP (KB2807986)

Atualização de Segurança para Windows XP (KB2808735)

Atualização de Segurança para Windows XP (KB2813170)

Atualização de Segurança para Windows XP (KB2813345)

Atualização de Segurança para Windows XP (KB2820197)

Atualização de Segurança para Windows XP (KB2820917)

Atualização de Segurança para Windows XP (KB2829361)

Atualização de Segurança para Windows XP (KB2834886)

Atualização de Segurança para Windows XP (KB2839229)

Atualização de Segurança para Windows XP (KB2845187)

Atualização de Segurança para Windows XP (KB2849470)

Atualização de Segurança para Windows XP (KB2850851)

Atualização de Segurança para Windows XP (KB2850869)

Atualização de Segurança para Windows XP (KB2859537)

Atualização de Segurança para Windows XP (KB2864063)

Atualização de Segurança para Windows XP (KB2876217)

Atualização de Segurança para Windows XP (KB2876315)

Atualização de Segurança para Windows XP (KB923561)

Atualização de Segurança para Windows XP (KB941569)

Atualização de Segurança para Windows XP (KB946648)

Atualização de Segurança para Windows XP (KB950760)

Atualização de Segurança para Windows XP (KB950762)

Atualização de Segurança para Windows XP (KB950974)

Atualização de Segurança para Windows XP (KB951376-v2)

Atualização de Segurança para Windows XP (KB951748)

Atualização de Segurança para Windows XP (KB952004)

Atualização de Segurança para Windows XP (KB952954)

Atualização de Segurança para Windows XP (KB954459)

Atualização de Segurança para Windows XP (KB956572)

Atualização de Segurança para Windows XP (KB956744)

Atualização de Segurança para Windows XP (KB956802)

Atualização de Segurança para Windows XP (KB956803)

Atualização de Segurança para Windows XP (KB956844)

Atualização de Segurança para Windows XP (KB958644)

Atualização de Segurança para Windows XP (KB958869)

Atualização de Segurança para Windows XP (KB959426)

Atualização de Segurança para Windows XP (KB960803)

Atualização de Segurança para Windows XP (KB960859)

Atualização de Segurança para Windows XP (KB961501)

Atualização de Segurança para Windows XP (KB969059)

Atualização de Segurança para Windows XP (KB970430)

Atualização de Segurança para Windows XP (KB971657)

Atualização de Segurança para Windows XP (KB972270)

Atualização de Segurança para Windows XP (KB973507)

Atualização de Segurança para Windows XP (KB973869)

Atualização de Segurança para Windows XP (KB973904)

Atualização de Segurança para Windows XP (KB974112)

Atualização de Segurança para Windows XP (KB974318)

Atualização de Segurança para Windows XP (KB974392)

Atualização de Segurança para Windows XP (KB974571)

Atualização de Segurança para Windows XP (KB975025)

Atualização de Segurança para Windows XP (KB975467)

Atualização de Segurança para Windows XP (KB975560)

Atualização de Segurança para Windows XP (KB975562)

Atualização de Segurança para Windows XP (KB975713)

Atualização de Segurança para Windows XP (KB977816)

Atualização de Segurança para Windows XP (KB977914)

Atualização de Segurança para Windows XP (KB978037)

Atualização de Segurança para Windows XP (KB978338)

Atualização de Segurança para Windows XP (KB978542)

Atualização de Segurança para Windows XP (KB978601)

Atualização de Segurança para Windows XP (KB978706)

Atualização de Segurança para Windows XP (KB979309)

Atualização de Segurança para Windows XP (KB979482)

Atualização de Segurança para Windows XP (KB979687)

Atualização de Segurança para Windows XP (KB980195)

Atualização de Segurança para Windows XP (KB980232)

Atualização de Segurança para Windows XP (KB980436)

Atualização de Segurança para Windows XP (KB981322)

Atualização de Segurança para Windows XP (KB981852)

Atualização de Segurança para Windows XP (KB981957)

Atualização de Segurança para Windows XP (KB981997)

Atualização de Segurança para Windows XP (KB982132)

Atualização de Segurança para Windows XP (KB982214)

Atualização de Segurança para Windows XP (KB982665)

Atualização para Windows Internet Explorer 8 (KB976662)

Atualização para Windows XP (KB2141007)

Atualização para Windows XP (KB2345886)

Atualização para Windows XP (KB2467659)

Atualização para Windows XP (KB2541763)

Atualização para Windows XP (KB2616676-v2)

Atualização para Windows XP (KB2641690)

Atualização para Windows XP (KB2661254-v2)

Atualização para Windows XP (KB2718704)

Atualização para Windows XP (KB2736233)

Atualização para Windows XP (KB2749655)

Atualização para Windows XP (KB2863058)

Atualização para Windows XP (KB898461)

Atualização para Windows XP (KB951978)

Atualização para Windows XP (KB955759)

Atualização para Windows XP (KB967715)

Atualização para Windows XP (KB968389)

Atualização para Windows XP (KB971029)

Atualização para Windows XP (KB971737)

Atualização para Windows XP (KB973687)

Atualização para Windows XP (KB973815)

Audacity 1.2.6

Bonjour

Broadcom 802.11g Network Adapter

Codec 8.3q

ConvertHelper 2.2

CutePDF Writer 2.8

Desinstalar impressora EPSON TX133 TX135 Series

Driver Detective

DVD Decrypter (Remove Only)

DVD Shrink 3.2

DVD Solution

Electronic Arts Product Registration

ESET NOD32 Antivirus

Facebook Video Calling 1.2.0.287

Firebird 2.1.4.18393 (Win32)

FlashGet 3.5

Foxit Creator

Foxit Reader

Free CD to MP3 Converter

FTDI USB Serial Converter Drivers

GBBD Infoseg - Senasp

GeoSentinel

Gnome-P

Google Earth

Google SketchUp 6

GPS TrackMaker

GR8 Clientes Grátis

GrabBee

Harry Potter II

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB954550-v5)

Hotfix para o Windows Media Player 11 (KB939683)

Hotfix para Windows XP (KB2158563)

Hotfix para Windows XP (KB2443685)

Hotfix para Windows XP (KB2570791)

Hotfix para Windows XP (KB2633952)

Hotfix para Windows XP (KB2756822)

Hotfix para Windows XP (KB2779562)

Hotfix para Windows XP (KB952287)

Hotfix para Windows XP (KB961118)

HP USB Disk Storage Format Tool

InCD

Intellex Player

IRPF2009 - Declaração de Ajuste Anual e Final de Espólio

IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

iTunes

Java 7 Update 25

Java Auto Updater

K-Lite Mega Codec Pack 5.3.0

LimeWire 5.3.6

Lyrics Seeker

Malwarebytes Anti-Malware versão 1.75.0.1300

Mapa do Brasil 1.9

Medal of Honor

Megacubo 7.5.0

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2833941)

Microsoft .NET Framework 2.0 Language Pack - PTB

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Brazilian Portuguese Language Pack

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Office Professional Edição 2003

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

MiniTool Partition Wizard Home Edition 7.6

Motorola SM56 Data Fax Modem

Mouse Recorder Pro 2.0.7.0

Mozilla Firefox 23.0.1 (x86 pt-BR)

Mozilla Maintenance Service

Mozilla Thunderbird (2.0.0.24)

MSI to redistribute MS VS2005 CRT libraries

MSVC80_x86_v2

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB925673)

Multimedia Launcher

Nero OEM

neroxml

Nokia Connectivity Cable Driver

Nokia Map Loader

Nokia Maps Updater 1.0.12

Nokia PC Suite

Nokia Software Updater

Notebook BatteryInfo

NVIDIA PhysX

Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0

Orbit Downloader

Pacote de Compatibilidade para o sistema Office 2007

Pacote de Driver do Windows - Nokia Modem (06/01/2009 7.01.0.4)

Pacote de Driver do Windows - Nokia Modem (10/05/2009 4.2)

Pacote de Driver do Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)

Pacote de Idiomas do Português (Brasil) para Microsoft .NET Framework 3.0

PC Connectivity Solution

PCSX2 - Playstation 2 Emulator

PokerStars

PowerDVD

PowerProducer

RealPlayer

Realtek High Definition Audio Driver

Receitanet

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01

Samsung Kies

SAMSUNG USB Driver for Mobile Phones

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)

SimCity 4 Deluxe

SiS VGA Utilities

SiSAGP driver

Skype Click to Call

Skype™ 5.8

Spyware Terminator 2012

Steel Legions

Suporte para Aplicativos Apple

Ultima Online Classic Client

Ultima Online: Mondain's Legacy

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

USB Flash Security Ver.2.1.1

USB TV Device Driver

USB2.0 UVC WebCam

VLC media player 2.0.5

WebFldrs XP

Windows Communication Foundation Language Pack - PTB

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 8

Windows Media Tools 4.0

Windows Presentation Foundation

Windows Presentation Foundation Language Pack (PTB)

Windows Workflow Foundation BR Language Pack

Windows XP Service Pack 3

XML Paper Specification Shared Components Language Pack 1.0

XML Paper Specification Shared Components Pack 1.0

.

==== End Of File ===========================

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-09-19 12:34:01

Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD3200BEVT-00ZAT0 rev.01.01A01 298,09GB

Running: p9ff6wec.exe; Driver: F:\DOCUME~1\Lucio\CONFIG~1\Temp\kxlyqpow.sys

---- System - GMER 2.1 ----

SSDT 8A837C90 ZwAssignProcessToJobObject

SSDT \??\F:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwClose [0xA716F444]

SSDT \??\F:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0xA716EC8A]

SSDT \??\F:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0xA716E958]

SSDT \??\F:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0xA7170520]

SSDT 8A838200 ZwDebugActiveProcess

SSDT \??\F:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0xA716EA68]

SSDT \??\F:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0xA716EB5A]

SSDT 8A8382F0 ZwDuplicateObject

SSDT \??\F:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0xA716F780]

SSDT \??\F:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0xA716EF9C]

SSDT 8A837590 ZwOpenProcess

SSDT 8A837800 ZwOpenThread

SSDT 8A837FD0 ZwProtectVirtualMemory

SSDT 8A8380E0 ZwQueueApcThread

SSDT 8A837EC0 ZwSetContextThread

SSDT \??\F:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0xA716F0D2]

SSDT 8A837D90 ZwSetInformationThread

SSDT 8A834DA0 ZwSetSecurityObject

SSDT \??\F:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0xA716E77E]

SSDT 8A837B90 ZwSuspendProcess

SSDT 8A837A80 ZwSuspendThread

SSDT \??\F:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0xA716F6C8]

SSDT 8A837A50 ZwTerminateThread

SSDT \??\F:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0xA716F2BC]

SSDT 8A8386D0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2D2C 80504614 4 Bytes [58, E9, 16, A7]

.text ntkrnlpa.exe!ZwCallbackReturn + 2D84 8050466C 4 Bytes [68, EA, 16, A7]

? F:\DOCUME~1\Lucio\CONFIG~1\Temp\mbr.sys A sintaxe do nome do arquivo, pasta ou nome do volume está incorreta. !

---- User code sections - GMER 2.1 ----

.text F:\WINDOWS\system32\winlogon.exe[1004] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AD0001

.text F:\WINDOWS\system32\winlogon.exe[1004] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 3D896714 F:\ARQUIV~1\GBPLUGIN\gbiehisg.dll

.text F:\WINDOWS\system32\winlogon.exe[1004] kernel32.dll!FreeLibraryAndExitThread 7C80C210 5 Bytes JMP 3D89668C F:\ARQUIV~1\GBPLUGIN\gbiehisg.dll

.text F:\WINDOWS\system32\winlogon.exe[1004] ole32.dll!CoUnmarshalInterface 7750D3AC 6 Bytes JMP 71A9000A

.text F:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe[1864] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 4 Bytes [C2, 04, 00, 00]

.text F:\WINDOWS\Explorer.EXE[3128] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AF0001

.text F:\WINDOWS\Explorer.EXE[3128] ole32.dll!CoUnmarshalInterface 7750D3AC 6 Bytes JMP 71AB000A

.text G:\Programas\Kies\External\FirmwareUpdate\KiesPDLR.exe[3552] ntdll.dll!DbgUiRemoteBreakin 7C9520EC 1 Byte [C3]

---- Devices - GMER 2.1 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

AttachedDevice \FileSystem\Fastfat \Fat eamon.sys

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f81000830

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}@SecurityFlags 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}@SecurityFlags 2

Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001f81000830 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb} (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}@SecurityFlags 1

Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb} (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}@SecurityFlags 2

---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Desculpe a demora :)

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

ATENÇÃO 4: Não anexe os logs, obrigado!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Diego,

obrigado pela atenção. Continuo sim, precisando de sua ajuda. Só para constar deixei meu note com o wireless desligado esses dias. Só voltei a ligar hoje pra fazer os diag. solicitados. Experimentei a navegação e estranhamente, esta apresentou uma melhora sensível, mas continuo sofrendo diversos redirecionamentos para este maldeto url "http://ici.resynccdn.net/sd/wrap-0.01.html?u=http%3A%2F%2Fici.resynccdn.net%2Fsd%2Fapps%2Ffusionx%2F0.0.3.html%3Faff%3D1060-2027"

Segue os posts solicitados, demorou porque o scan do gmer ficou das 15 as 23h rodando:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2

Run by Lucio at 14:41:09 on 2013-09-22

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3055.2318 [GMT -3:00]

.

AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

============== Running Processes ================

.

F:\ARQUIV~1\GbPlugin\GbpSv.exe

F:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

F:\WINDOWS\system32\spoolsv.exe

F:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

F:\Arquivos de programas\Bonjour\mDNSResponder.exe

F:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

F:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

F:\Arquivos de programas\Java\jre7\bin\jqs.exe

F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

F:\Documents and Settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe

F:\Arquivos de programas\Spyware Terminator\st_rsser.exe

F:\WINDOWS\system32\wuauclt.exe

F:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

F:\WINDOWS\System32\alg.exe

F:\WINDOWS\system32\wbem\wmiapsrv.exe

F:\WINDOWS\system32\wbem\wmiprvse.exe

F:\WINDOWS\Explorer.EXE

F:\WINDOWS\RTHDCPL.EXE

F:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

F:\WINDOWS\system32\rundll32.exe

F:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

F:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

F:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

F:\Arquivos de programas\Ahead\InCD\InCD.exe

F:\WINDOWS\system32\rundll32.exe

F:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

F:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

G:\Programas\Kies\KiesTrayAgent.exe

G:\Programas\Itunes\iTunesHelper.exe

F:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

F:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe

G:\Programas\Kies\Kies.exe

G:\Programas\Kies\External\FirmwareUpdate\KiesPDLR.exe

F:\Arquivos de programas\iPod\bin\iPodService.exe

F:\WINDOWS\system32\ctfmon.exe

F:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

F:\WINDOWS\system32\DllHost.exe

F:\WINDOWS\system32\wscntfy.exe

F:\WINDOWS\system32\wbem\wmiprvse.exe

F:\WINDOWS\system32\svchost.exe -k DcomLaunch

F:\WINDOWS\system32\svchost.exe -k rpcss

F:\WINDOWS\System32\svchost.exe -k netsvcs

F:\WINDOWS\system32\svchost.exe -k NetworkService

F:\WINDOWS\system32\svchost.exe -k LocalService

F:\WINDOWS\system32\svchost.exe -k LocalService

F:\WINDOWS\system32\svchost.exe -k bthsvcs

F:\WINDOWS\system32\svchost.exe -k imgsvc

F:\WINDOWS\system32\svchost.exe -k netsvcs

F:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.br/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - g:\programas\orbitdownloader\orbitcth.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - f:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: ssh2 Class: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - f:\arquivos de programas\scpad\scpsssh2.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - f:\arquivos de programas\java\jre7\bin\ssv.dll

BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - f:\documents and settings\lucio\dados de aplicativos\flashgetbho\FlashGetBHO3.dll

BHO: {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - <orphaned>

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - f:\arquivos de programas\gbplugin\gbieh.dll

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540003} - f:\arquivos de programas\gbplugin\gbiehcef.dll

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540015} - f:\arquivos de programas\gbplugin\gbiehIsg.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - f:\arquivos de programas\java\jre7\bin\jp2ssv.dll

TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - g:\programas\orbitdownloader\GrabPro.dll

TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - g:\programas\orbitdownloader\GrabPro.dll

uRun: [DAEMON Tools Lite] "g:\programas\daemon tools lite\DTLite.exe" -autorun

uRun: [KiesPreload] g:\programas\kies\Kies.exe /preload

uRun: [KiesPDLR] g:\programas\kies\external\firmwareupdate\KiesPDLR.exe

uRun: [NBJ] "f:\arquivos de programas\ahead\nero backitup\NBJ.exe"

uRun: [ctfmon.exe] f:\windows\system32\ctfmon.exe

mRun: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [sMSERIAL] f:\arquivos de programas\motorola\smserial\sm56hlpr.exe

mRun: [bIH] f:\windows\system32\rundll32.exe bih.dll, InitGauge

mRun: [TkBellExe] "f:\arquivos de programas\arquivos comuns\real\update_ob\realsched.exe" -osboot

mRun: [egui] "f:\arquivos de programas\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [RemoteControl] "f:\arquivos de programas\cyberlink dvd solution\powerdvd\PDVDServ.exe"

mRun: [inCD] f:\arquivos de programas\ahead\incd\InCD.exe

mRun: [NeroFilterCheck] f:\windows\system32\NeroCheck.exe

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [Adobe Reader Speed Launcher] "f:\arquivos de programas\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "f:\arquivos de programas\arquivos comuns\adobe\arm\1.0\AdobeARM.exe"

mRun: [KiesTrayAgent] g:\programas\kies\KiesTrayAgent.exe

mRun: [APSDaemon] "f:\arquivos de programas\arquivos comuns\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "g:\programas\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "f:\arquivos de programas\arquivos comuns\java\java update\jusched.exe"

mRun: [spywareTerminatorUpdater] f:\arquivos de programas\spyware terminator\SpywareTerminatorUpdate.exe

dRun: [CTFMON.EXE] f:\windows\system32\CTFMON.EXE

StartupFolder: f:\docume~1\lucio\menuin~1\progra~1\inicia~1\limewi~1.lnk - g:\programas\limewire\LimeWire.exe

StartupFolder: f:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\utilit~1.lnk - f:\windows\system32\sistray.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: &Download by Orbit - g:\programas\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - g:\programas\orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - g:\programas\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - g:\programas\orbitdownloader\orbitmxt.dll/202

IE: Download all by FlashGet3 - f:\documents and settings\lucio\dados de aplicativos\flashgetbho\GetAllUrl.htm

IE: Download by FlashGet3 - f:\documents and settings\lucio\dados de aplicativos\flashgetbho\GetUrl.htm

IE: E&xportar para o Microsoft Excel - f:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

IE: ????3?? - <no file>

IE: ????3?????? - <no file>

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - f:\arquivos de programas\pokerstars\PokerStarsUpdate.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\arquivos de programas\messenger\msmsgs.exe

Trusted Zone: caixa.gov.br

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E37CB5F0-51F5-4395-A808-5FA49E399015} - hxxps://www5.infoseg.gov.br/Install/GbPluginIsg.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{5CF76CF3-519B-4C05-968C-77C1665B1C31} : DHCPNameServer = 192.168.42.129

TCP: Interfaces\{78240407-D696-4F6C-B6A0-F520D83EC98C} : DHCPNameServer = 192.168.0.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - f:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - f:\arquivos de programas\arquivos comuns\skype\Skype4COM.dll

Notify: GbPluginBb - f:\arquivos de programas\gbplugin\gbieh.dll

Notify: GbPluginCef - f:\arquivos de programas\gbplugin\gbiehCef.dll

Notify: GbPluginIsg - f:\arquiv~1\gbplugin\gbiehIsg.dll

SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - f:\arquivos de programas\scpad\scpLIB.dll

STS: compIB Class - {A3717295-941D-416F-9384-ED1736729F1C} - f:\arquivos de programas\scpad\scpLIB.dll

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399015} - f:\arquivos de programas\gbplugin\gbiehIsg.dll

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - f:\arquivos de programas\gbplugin\gbieh.dll

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - f:\arquivos de programas\gbplugin\gbiehcef.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - f:\documents and settings\lucio\dados de aplicativos\mozilla\firefox\profiles\vtr7h0vc.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.com.br

FF - prefs.js: keyword.URL - hxxp://br.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_br&p=

FF - prefs.js: network.proxy.type - 0

FF - plugin: f:\arquivos de programas\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: f:\arquivos de programas\google\google earth\plugin\npgeplugin.dll

FF - plugin: f:\arquivos de programas\google\update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: f:\arquivos de programas\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: f:\arquivos de programas\microsoft silverlight\5.1.20513.0\npctrlui.dll

FF - plugin: f:\arquivos de programas\virtools\3d life player\npvirtools.dll

FF - plugin: f:\documents and settings\lucio\configuraã§ãµes locais\dados de aplicativos\gas tecnologia\gbbd\npsf_bb.dll

FF - plugin: f:\documents and settings\lucio\configuraã§ãµes locais\dados de aplicativos\gas tecnologia\gbbd\npsf_cef.dll

FF - plugin: f:\documents and settings\lucio\configuraã§ãµes locais\dados de aplicativos\gas tecnologia\gbbd\npsf_isg.dll

FF - plugin: f:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll

FF - plugin: f:\windows\system32\npdeployJava1.dll

FF - plugin: f:\windows\system32\npptools.dll

FF - plugin: g:\programas\itunes\mozilla plugins\npitunes.dll

FF - plugin: g:\programas\vlc\npvlc.dll

FF - ExtSQL: 2013-08-30 18:21; {87F8774F-B485-47E2-A755-A40A8A5E886D}; f:\documents and settings\lucio\configuraãƒâ§ãƒâµes locais\dados de aplicativos\gas tecnologia\gbbd\cef\xpi

FF - ExtSQL: 2013-09-12 00:11; {0303e6fc-c062-47f1-825d-73e5e97d1d43}; f:\arquivos de programas\lyricsseeker\133.xpi

FF - ExtSQL: 2013-09-12 13:55; {87F8774F-B485-47E2-A755-A40A8A5E886C}; f:\documents and settings\lucio\configuraãƒâ§ãƒâµes locais\dados de aplicativos\gas tecnologia\gbbd\bb\xpi

FF - ExtSQL: !HIDDEN! 2011-01-10 16:17; {20a82645-c095-46ed-80e3-08825760534b}; f:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

============= SERVICES / DRIVERS ===============

.

R0 GbpKm;Gbp KernelMode;f:\windows\system32\drivers\GbpKm.sys [2009-10-7 47688]

R1 ehdrv;ehdrv;f:\windows\system32\drivers\ehdrv.sys [2009-3-19 107256]

R1 epfwtdir;epfwtdir;f:\windows\system32\drivers\epfwtdir.sys [2009-3-19 93848]

R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;f:\windows\system32\drivers\sp_rsdrv2.sys [2013-9-12 32768]

R2 ekrn;ESET Service;f:\arquivos de programas\eset\eset nod32 antivirus\ekrn.exe [2009-3-19 731840]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;f:\arquivos de programas\firebird\firebird_2_1\bin\fbguard.exe [2012-12-12 81920]

R2 GbpSv;Gbp Service;f:\arquiv~1\gbplugin\GbpSv.exe [2009-10-7 409640]

R2 Skype C2C Service;Skype C2C Service;f:\documents and settings\all users\dados de aplicativos\skype\toolbars\skype c2c service\c2c_service.exe [2012-10-2 3064000]

R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;f:\arquivos de programas\spyware terminator\st_rsser.exe [2013-9-12 587912]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;f:\arquivos de programas\firebird\firebird_2_1\bin\fbserver.exe [2012-12-12 2764800]

R3 NdisrdMP;NdisrdMP;f:\windows\system32\drivers\GbpNdisrd.sys [2012-1-29 31088]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;f:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;f:\arquivos de programas\skype\updater\Updater.exe [2012-2-29 158856]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);f:\windows\system32\drivers\ssudbus.sys [2012-9-23 83168]

S3 GNOME_R;GNOME_R;f:\windows\system32\drivers\gnome.sys [2010-3-2 10496]

S3 Ndisrd;GAS Tecnologia Service;f:\windows\system32\drivers\GbpNdisrd.sys [2012-1-29 31088]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;f:\windows\system32\drivers\nmwcdnsu.sys [2010-1-26 136704]

S3 nmwcdnsuc;Nokia USB Flashing Generic;f:\windows\system32\drivers\nmwcdnsuc.sys [2010-1-26 8320]

S3 pwdrvio;pwdrvio;f:\windows\system32\pwdrvio.sys [2010-7-1 15576]

S3 pwdspio;pwdspio;f:\windows\system32\pwdspio.sys [2010-7-1 10200]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);f:\windows\system32\drivers\ssudmdm.sys [2012-9-23 181344]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;f:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2013-09-19 23:28:13 -------- d-----w- f:\windows\system32\wbem\repository\FS

2013-09-19 23:28:13 -------- d-----w- f:\windows\system32\wbem\Repository

2013-09-18 16:19:30 -------- d-sha-r- F:\cmdcons

2013-09-18 16:14:06 98816 ----a-w- f:\windows\sed.exe

2013-09-18 16:14:06 256000 ----a-w- f:\windows\PEV.exe

2013-09-18 16:14:06 208896 ----a-w- f:\windows\MBR.exe

2013-09-17 22:53:41 -------- d-----w- f:\windows\ERUNT

2013-09-17 22:27:42 -------- d-----w- F:\AdwCleaner

2013-09-17 21:30:50 -------- d-----w- f:\documents and settings\lucio\dados de aplicativos\Malwarebytes

2013-09-17 21:30:33 -------- d-----w- f:\documents and settings\all users\dados de aplicativos\Malwarebytes

2013-09-17 21:30:31 22856 ----a-w- f:\windows\system32\drivers\mbam.sys

2013-09-17 21:30:31 -------- d-----w- f:\arquivos de programas\Malwarebytes' Anti-Malware

2013-09-17 20:12:01 -------- d-----w- F:\TDSSKiller_Quarantine

2013-09-12 23:26:39 32768 ----a-w- f:\windows\system32\drivers\sp_rsdrv2.sys

2013-09-12 23:26:38 -------- d-----w- f:\documents and settings\lucio\dados de aplicativos\Spyware Terminator

2013-09-12 23:26:38 -------- d-----w- f:\documents and settings\all users\dados de aplicativos\Spyware Terminator

2013-09-12 23:26:35 -------- d-----w- f:\arquivos de programas\Spyware Terminator

2013-09-12 03:11:44 -------- d-----w- f:\arquivos de programas\LyricsSeeker

.

==================== Find3M ====================

.

2013-09-22 17:38:07 31088 ----a-w- f:\windows\system32\drivers\GbpNdisrd.sys

2013-09-20 01:04:40 71048 ----a-w- f:\windows\system32\FlashPlayerCPLApp.cpl

2013-09-20 01:04:40 692616 ----a-w- f:\windows\system32\FlashPlayerApp.exe

2013-08-09 01:56:35 389632 ----a-w- f:\windows\system32\themeui.dll

2013-08-08 06:09:36 1877888 ----a-w- f:\windows\system32\win32k.sys

2013-08-08 06:05:46 920064 ----a-w- f:\windows\system32\wininet.dll

2013-08-08 06:05:46 43520 ----a-w- f:\windows\system32\licmgr10.dll

2013-08-08 06:05:45 18944 ----a-w- f:\windows\system32\corpol.dll

2013-08-08 06:05:45 1469440 ----a-w- f:\windows\system32\inetcpl.cpl

2013-08-08 00:04:27 385024 ----a-w- f:\windows\system32\html.iec

2013-08-05 13:30:15 1289216 ----a-w- f:\windows\system32\ole32.dll

2013-07-31 05:41:22 810496 ----a-w- f:\windows\system32\wmvdmod.dll

2013-07-10 10:37:49 406016 ----a-w- f:\windows\system32\usp10.dll

2013-07-04 07:34:00 2153984 ----a-w- f:\windows\system32\ntoskrnl.exe

2013-07-04 07:33:59 2032640 ----a-w- f:\windows\system32\ntkrnlpa.exe

2013-07-01 18:40:10 47688 ----a-w- f:\windows\system32\drivers\GbpKm.sys

2013-06-25 11:59:19 94632 ----a-w- f:\windows\system32\WindowsAccessBridge.dll

2013-06-25 11:59:14 144896 ----a-w- f:\windows\system32\javacpl.cpl

2013-06-25 11:59:12 867240 ----a-w- f:\windows\system32\npdeployJava1.dll

2013-06-25 11:59:12 789416 ----a-w- f:\windows\system32\deployJava1.dll

2004-10-01 17:00:16 40960 ----a-w- f:\arquivos de programas\Uninstall_CDS.exe

.

============= FINISH: 14:41:57,14 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 29/6/2009 22:45:46

System Uptime: 22/9/2013 14:36:06 (0 hours ago)

.

Motherboard: -O | | JFW01

Processor: Intel® Core2 Duo CPU T5800 @ 2.00GHz | uPGA 479M | 1999/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 20 GiB total, 19,706 GiB free.

D: is CDROM (CDFS)

F: is FIXED (NTFS) - 47 GiB total, 15,918 GiB free.

G: is FIXED (NTFS) - 231 GiB total, 43,117 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description:

Device ID: ACPI\CPL0002\2&DABA3FF&0

Manufacturer:

Name:

PNP Device ID: ACPI\CPL0002\2&DABA3FF&0

Service:

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: SiS191 Ethernet Controller

Device ID: PCI\VEN_1039&DEV_0191&SUBSYS_002A14C0&REV_02\3&267A616A&0&20

Manufacturer: Silicon Integrated Systems Corp.

Name: SiS191 Ethernet Controller

PNP Device ID: PCI\VEN_1039&DEV_0191&SUBSYS_002A14C0&REV_02\3&267A616A&0&20

Service: SiSGbeXP

.

==== System Restore Points ===================

.

RP658: 25/6/2013 07:50:07 - Software Distribution Service 3.0

RP659: 25/6/2013 08:58:26 - Removido Java 7 Update 17

RP660: 25/6/2013 08:59:06 - Instalado Java 7 Update 25

RP661: 27/6/2013 16:33:36 - Ponto de verificação do sistema

RP662: 28/6/2013 22:43:42 - Ponto de verificação do sistema

RP663: 30/6/2013 19:19:22 - Ponto de verificação do sistema

RP664: 4/7/2013 10:44:26 - Ponto de verificação do sistema

RP665: 5/7/2013 11:16:38 - Ponto de verificação do sistema

RP666: 6/7/2013 14:31:07 - Ponto de verificação do sistema

RP667: 8/7/2013 12:26:36 - Ponto de verificação do sistema

RP668: 9/7/2013 14:59:02 - Ponto de verificação do sistema

RP669: 10/7/2013 15:05:03 - Ponto de verificação do sistema

RP670: 11/7/2013 09:54:39 - Software Distribution Service 3.0

RP671: 12/7/2013 10:21:10 - Ponto de verificação do sistema

RP672: 16/7/2013 16:17:08 - Ponto de verificação do sistema

RP673: 19/7/2013 15:12:23 - Ponto de verificação do sistema

RP674: 21/7/2013 17:33:27 - Ponto de verificação do sistema

RP675: 22/7/2013 19:44:50 - Ponto de verificação do sistema

RP676: 24/7/2013 13:52:17 - Ponto de verificação do sistema

RP677: 25/7/2013 23:18:46 - Software Distribution Service 3.0

RP678: 29/7/2013 11:02:34 - Ponto de verificação do sistema

RP679: 31/7/2013 12:10:15 - Ponto de verificação do sistema

RP680: 1/8/2013 16:03:42 - Ponto de verificação do sistema

RP681: 3/8/2013 13:32:41 - Ponto de verificação do sistema

RP682: 4/8/2013 17:57:48 - Ponto de verificação do sistema

RP683: 6/8/2013 10:14:17 - Ponto de verificação do sistema

RP684: 7/8/2013 12:01:57 - Ponto de verificação do sistema

RP685: 9/8/2013 12:21:07 - Ponto de verificação do sistema

RP686: 10/8/2013 13:50:42 - Ponto de verificação do sistema

RP687: 11/8/2013 21:48:12 - Ponto de verificação do sistema

RP688: 13/8/2013 12:24:36 - Ponto de verificação do sistema

RP689: 14/8/2013 12:30:52 - Ponto de verificação do sistema

RP690: 15/8/2013 13:16:12 - Ponto de verificação do sistema

RP691: 17/8/2013 09:47:26 - Software Distribution Service 3.0

RP692: 19/8/2013 11:45:21 - Ponto de verificação do sistema

RP693: 20/8/2013 12:01:12 - Ponto de verificação do sistema

RP694: 21/8/2013 23:15:26 - Ponto de verificação do sistema

RP695: 23/8/2013 11:45:45 - Ponto de verificação do sistema

RP696: 26/8/2013 11:57:42 - Ponto de verificação do sistema

RP697: 27/8/2013 13:15:45 - Ponto de verificação do sistema

RP698: 28/8/2013 17:25:31 - Ponto de verificação do sistema

RP699: 29/8/2013 18:44:46 - Ponto de verificação do sistema

RP700: 30/8/2013 20:37:36 - Ponto de verificação do sistema

RP701: 31/8/2013 20:56:17 - Ponto de verificação do sistema

RP702: 1/9/2013 01:35:38 - Software Distribution Service 3.0

RP703: 3/9/2013 11:32:04 - Ponto de verificação do sistema

RP704: 4/9/2013 16:59:41 - Ponto de verificação do sistema

RP705: 5/9/2013 18:16:05 - Ponto de verificação do sistema

RP706: 8/9/2013 22:08:02 - Ponto de verificação do sistema

RP707: 9/9/2013 22:57:55 - Ponto de verificação do sistema

RP708: 11/9/2013 12:21:29 - Ponto de verificação do sistema

RP709: 12/9/2013 16:59:11 - Ponto de verificação do sistema

RP710: 13/9/2013 09:37:22 - Software Distribution Service 3.0

RP711: 14/9/2013 10:28:28 - Ponto de verificação do sistema

RP712: 17/9/2013 15:42:26 - Ponto de verificação do sistema

RP713: 18/9/2013 16:26:49 - Ponto de verificação do sistema

RP714: 19/9/2013 20:26:56 - Operação de restauração

.

==== Installed Programs ======================

.

3DVIA player 5.0

7-Zip 4.65

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.4 - Português

Age of Empires III

Apple Mobile Device Support

Apple Software Update

Ares 2.1.7

µTorrent

Atualização de Segurança para Microsoft Windows (KB2564958)

Atualização de Segurança para o Windows Media Player (KB2378111)

Atualização de Segurança para o Windows Media Player (KB2803821-v2)

Atualização de Segurança para o Windows Media Player (KB2803821)

Atualização de Segurança para o Windows Media Player (KB952069)

Atualização de Segurança para o Windows Media Player (KB954155)

Atualização de Segurança para o Windows Media Player (KB973540)

Atualização de Segurança para o Windows Media Player (KB975558)

Atualização de Segurança para o Windows Media Player (KB978695)

Atualização de Segurança para o Windows Media Player 11 (KB954154)

Atualização de Segurança para Windows Internet Explorer 8 (KB2360131)

Atualização de Segurança para Windows Internet Explorer 8 (KB2416400)

Atualização de Segurança para Windows Internet Explorer 8 (KB2482017)

Atualização de Segurança para Windows Internet Explorer 8 (KB2497640)

Atualização de Segurança para Windows Internet Explorer 8 (KB2510531)

Atualização de Segurança para Windows Internet Explorer 8 (KB2530548)

Atualização de Segurança para Windows Internet Explorer 8 (KB2544521)

Atualização de Segurança para Windows Internet Explorer 8 (KB2559049)

Atualização de Segurança para Windows Internet Explorer 8 (KB2586448)

Atualização de Segurança para Windows Internet Explorer 8 (KB2618444)

Atualização de Segurança para Windows Internet Explorer 8 (KB2647516)

Atualização de Segurança para Windows Internet Explorer 8 (KB2675157)

Atualização de Segurança para Windows Internet Explorer 8 (KB2699988)

Atualização de Segurança para Windows Internet Explorer 8 (KB2722913)

Atualização de Segurança para Windows Internet Explorer 8 (KB2744842)

Atualização de Segurança para Windows Internet Explorer 8 (KB2761465)

Atualização de Segurança para Windows Internet Explorer 8 (KB2792100)

Atualização de Segurança para Windows Internet Explorer 8 (KB2797052)

Atualização de Segurança para Windows Internet Explorer 8 (KB2799329)

Atualização de Segurança para Windows Internet Explorer 8 (KB2809289)

Atualização de Segurança para Windows Internet Explorer 8 (KB2817183)

Atualização de Segurança para Windows Internet Explorer 8 (KB2829530)

Atualização de Segurança para Windows Internet Explorer 8 (KB2838727)

Atualização de Segurança para Windows Internet Explorer 8 (KB2846071)

Atualização de Segurança para Windows Internet Explorer 8 (KB2847204)

Atualização de Segurança para Windows Internet Explorer 8 (KB2862772)

Atualização de Segurança para Windows Internet Explorer 8 (KB2870699)

Atualização de Segurança para Windows Internet Explorer 8 (KB971961)

Atualização de Segurança para Windows Internet Explorer 8 (KB981332)

Atualização de Segurança para Windows XP (KB2079403)

Atualização de Segurança para Windows XP (KB2115168)

Atualização de Segurança para Windows XP (KB2121546)

Atualização de Segurança para Windows XP (KB2229593)

Atualização de Segurança para Windows XP (KB2259922)

Atualização de Segurança para Windows XP (KB2279986)

Atualização de Segurança para Windows XP (KB2286198)

Atualização de Segurança para Windows XP (KB2296011)

Atualização de Segurança para Windows XP (KB2296199)

Atualização de Segurança para Windows XP (KB2347290)

Atualização de Segurança para Windows XP (KB2360937)

Atualização de Segurança para Windows XP (KB2387149)

Atualização de Segurança para Windows XP (KB2393802)

Atualização de Segurança para Windows XP (KB2412687)

Atualização de Segurança para Windows XP (KB2419632)

Atualização de Segurança para Windows XP (KB2423089)

Atualização de Segurança para Windows XP (KB2436673)

Atualização de Segurança para Windows XP (KB2440591)

Atualização de Segurança para Windows XP (KB2443105)

Atualização de Segurança para Windows XP (KB2476490)

Atualização de Segurança para Windows XP (KB2476687)

Atualização de Segurança para Windows XP (KB2478960)

Atualização de Segurança para Windows XP (KB2478971)

Atualização de Segurança para Windows XP (KB2479628)

Atualização de Segurança para Windows XP (KB2479943)

Atualização de Segurança para Windows XP (KB2481109)

Atualização de Segurança para Windows XP (KB2483185)

Atualização de Segurança para Windows XP (KB2485376)

Atualização de Segurança para Windows XP (KB2485663)

Atualização de Segurança para Windows XP (KB2503658)

Atualização de Segurança para Windows XP (KB2503665)

Atualização de Segurança para Windows XP (KB2506212)

Atualização de Segurança para Windows XP (KB2506223)

Atualização de Segurança para Windows XP (KB2507618)

Atualização de Segurança para Windows XP (KB2507938)

Atualização de Segurança para Windows XP (KB2508272)

Atualização de Segurança para Windows XP (KB2508429)

Atualização de Segurança para Windows XP (KB2509553)

Atualização de Segurança para Windows XP (KB2511455)

Atualização de Segurança para Windows XP (KB2524375)

Atualização de Segurança para Windows XP (KB2535512)

Atualização de Segurança para Windows XP (KB2536276-v2)

Atualização de Segurança para Windows XP (KB2536276)

Atualização de Segurança para Windows XP (KB2544893-v2)

Atualização de Segurança para Windows XP (KB2544893)

Atualização de Segurança para Windows XP (KB2555917)

Atualização de Segurança para Windows XP (KB2562937)

Atualização de Segurança para Windows XP (KB2566454)

Atualização de Segurança para Windows XP (KB2567053)

Atualização de Segurança para Windows XP (KB2567680)

Atualização de Segurança para Windows XP (KB2570222)

Atualização de Segurança para Windows XP (KB2570947)

Atualização de Segurança para Windows XP (KB2584146)

Atualização de Segurança para Windows XP (KB2585542)

Atualização de Segurança para Windows XP (KB2592799)

Atualização de Segurança para Windows XP (KB2598479)

Atualização de Segurança para Windows XP (KB2603381)

Atualização de Segurança para Windows XP (KB2618451)

Atualização de Segurança para Windows XP (KB2619339)

Atualização de Segurança para Windows XP (KB2620712)

Atualização de Segurança para Windows XP (KB2621440)

Atualização de Segurança para Windows XP (KB2624667)

Atualização de Segurança para Windows XP (KB2631813)

Atualização de Segurança para Windows XP (KB2633171)

Atualização de Segurança para Windows XP (KB2639417)

Atualização de Segurança para Windows XP (KB2641653)

Atualização de Segurança para Windows XP (KB2646524)

Atualização de Segurança para Windows XP (KB2647518)

Atualização de Segurança para Windows XP (KB2653956)

Atualização de Segurança para Windows XP (KB2655992)

Atualização de Segurança para Windows XP (KB2659262)

Atualização de Segurança para Windows XP (KB2660465)

Atualização de Segurança para Windows XP (KB2661637)

Atualização de Segurança para Windows XP (KB2676562)

Atualização de Segurança para Windows XP (KB2685939)

Atualização de Segurança para Windows XP (KB2686509)

Atualização de Segurança para Windows XP (KB2691442)

Atualização de Segurança para Windows XP (KB2695962)

Atualização de Segurança para Windows XP (KB2698365)

Atualização de Segurança para Windows XP (KB2705219)

Atualização de Segurança para Windows XP (KB2707511)

Atualização de Segurança para Windows XP (KB2709162)

Atualização de Segurança para Windows XP (KB2712808)

Atualização de Segurança para Windows XP (KB2718523)

Atualização de Segurança para Windows XP (KB2719985)

Atualização de Segurança para Windows XP (KB2723135)

Atualização de Segurança para Windows XP (KB2724197)

Atualização de Segurança para Windows XP (KB2727528)

Atualização de Segurança para Windows XP (KB2731847)

Atualização de Segurança para Windows XP (KB2753842-v2)

Atualização de Segurança para Windows XP (KB2753842)

Atualização de Segurança para Windows XP (KB2757638)

Atualização de Segurança para Windows XP (KB2758857)

Atualização de Segurança para Windows XP (KB2761226)

Atualização de Segurança para Windows XP (KB2770660)

Atualização de Segurança para Windows XP (KB2778344)

Atualização de Segurança para Windows XP (KB2779030)

Atualização de Segurança para Windows XP (KB2780091)

Atualização de Segurança para Windows XP (KB2799494)

Atualização de Segurança para Windows XP (KB2802968)

Atualização de Segurança para Windows XP (KB2807986)

Atualização de Segurança para Windows XP (KB2808735)

Atualização de Segurança para Windows XP (KB2813170)

Atualização de Segurança para Windows XP (KB2813345)

Atualização de Segurança para Windows XP (KB2820197)

Atualização de Segurança para Windows XP (KB2820917)

Atualização de Segurança para Windows XP (KB2829361)

Atualização de Segurança para Windows XP (KB2834886)

Atualização de Segurança para Windows XP (KB2839229)

Atualização de Segurança para Windows XP (KB2845187)

Atualização de Segurança para Windows XP (KB2849470)

Atualização de Segurança para Windows XP (KB2850851)

Atualização de Segurança para Windows XP (KB2850869)

Atualização de Segurança para Windows XP (KB2859537)

Atualização de Segurança para Windows XP (KB2864063)

Atualização de Segurança para Windows XP (KB2876217)

Atualização de Segurança para Windows XP (KB2876315)

Atualização de Segurança para Windows XP (KB923561)

Atualização de Segurança para Windows XP (KB941569)

Atualização de Segurança para Windows XP (KB946648)

Atualização de Segurança para Windows XP (KB950760)

Atualização de Segurança para Windows XP (KB950762)

Atualização de Segurança para Windows XP (KB950974)

Atualização de Segurança para Windows XP (KB951376-v2)

Atualização de Segurança para Windows XP (KB951748)

Atualização de Segurança para Windows XP (KB952004)

Atualização de Segurança para Windows XP (KB952954)

Atualização de Segurança para Windows XP (KB954459)

Atualização de Segurança para Windows XP (KB956572)

Atualização de Segurança para Windows XP (KB956744)

Atualização de Segurança para Windows XP (KB956802)

Atualização de Segurança para Windows XP (KB956803)

Atualização de Segurança para Windows XP (KB956844)

Atualização de Segurança para Windows XP (KB958644)

Atualização de Segurança para Windows XP (KB958869)

Atualização de Segurança para Windows XP (KB959426)

Atualização de Segurança para Windows XP (KB960803)

Atualização de Segurança para Windows XP (KB960859)

Atualização de Segurança para Windows XP (KB961501)

Atualização de Segurança para Windows XP (KB969059)

Atualização de Segurança para Windows XP (KB970430)

Atualização de Segurança para Windows XP (KB971657)

Atualização de Segurança para Windows XP (KB972270)

Atualização de Segurança para Windows XP (KB973507)

Atualização de Segurança para Windows XP (KB973869)

Atualização de Segurança para Windows XP (KB973904)

Atualização de Segurança para Windows XP (KB974112)

Atualização de Segurança para Windows XP (KB974318)

Atualização de Segurança para Windows XP (KB974392)

Atualização de Segurança para Windows XP (KB974571)

Atualização de Segurança para Windows XP (KB975025)

Atualização de Segurança para Windows XP (KB975467)

Atualização de Segurança para Windows XP (KB975560)

Atualização de Segurança para Windows XP (KB975562)

Atualização de Segurança para Windows XP (KB975713)

Atualização de Segurança para Windows XP (KB977816)

Atualização de Segurança para Windows XP (KB977914)

Atualização de Segurança para Windows XP (KB978037)

Atualização de Segurança para Windows XP (KB978338)

Atualização de Segurança para Windows XP (KB978542)

Atualização de Segurança para Windows XP (KB978601)

Atualização de Segurança para Windows XP (KB978706)

Atualização de Segurança para Windows XP (KB979309)

Atualização de Segurança para Windows XP (KB979482)

Atualização de Segurança para Windows XP (KB979687)

Atualização de Segurança para Windows XP (KB980195)

Atualização de Segurança para Windows XP (KB980232)

Atualização de Segurança para Windows XP (KB980436)

Atualização de Segurança para Windows XP (KB981322)

Atualização de Segurança para Windows XP (KB981852)

Atualização de Segurança para Windows XP (KB981957)

Atualização de Segurança para Windows XP (KB981997)

Atualização de Segurança para Windows XP (KB982132)

Atualização de Segurança para Windows XP (KB982214)

Atualização de Segurança para Windows XP (KB982665)

Atualização para Windows Internet Explorer 8 (KB976662)

Atualização para Windows XP (KB2141007)

Atualização para Windows XP (KB2345886)

Atualização para Windows XP (KB2467659)

Atualização para Windows XP (KB2541763)

Atualização para Windows XP (KB2616676-v2)

Atualização para Windows XP (KB2641690)

Atualização para Windows XP (KB2661254-v2)

Atualização para Windows XP (KB2718704)

Atualização para Windows XP (KB2736233)

Atualização para Windows XP (KB2749655)

Atualização para Windows XP (KB2863058)

Atualização para Windows XP (KB898461)

Atualização para Windows XP (KB951978)

Atualização para Windows XP (KB955759)

Atualização para Windows XP (KB967715)

Atualização para Windows XP (KB968389)

Atualização para Windows XP (KB971029)

Atualização para Windows XP (KB971737)

Atualização para Windows XP (KB973687)

Atualização para Windows XP (KB973815)

Audacity 1.2.6

Bonjour

Broadcom 802.11g Network Adapter

Codec 8.3q

ConvertHelper 2.2

CutePDF Writer 2.8

Desinstalar impressora EPSON TX133 TX135 Series

Driver Detective

DVD Decrypter (Remove Only)

DVD Shrink 3.2

DVD Solution

Electronic Arts Product Registration

ESET NOD32 Antivirus

Facebook Video Calling 1.2.0.287

Firebird 2.1.4.18393 (Win32)

FlashGet 3.5

Foxit Creator

Foxit Reader

Free CD to MP3 Converter

FTDI USB Serial Converter Drivers

GBBD Infoseg - Senasp

GeoSentinel

Gnome-P

Google Earth

Google SketchUp 6

GPS TrackMaker

GR8 Clientes Grátis

GrabBee

Harry Potter II

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB954550-v5)

Hotfix para o Windows Media Player 11 (KB939683)

Hotfix para Windows XP (KB2158563)

Hotfix para Windows XP (KB2443685)

Hotfix para Windows XP (KB2570791)

Hotfix para Windows XP (KB2633952)

Hotfix para Windows XP (KB2756822)

Hotfix para Windows XP (KB2779562)

Hotfix para Windows XP (KB952287)

Hotfix para Windows XP (KB961118)

HP USB Disk Storage Format Tool

InCD

Intellex Player

IRPF2009 - Declaração de Ajuste Anual e Final de Espólio

IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

iTunes

Java 7 Update 25

Java Auto Updater

K-Lite Mega Codec Pack 5.3.0

LimeWire 5.3.6

Lyrics Seeker

Malwarebytes Anti-Malware versão 1.75.0.1300

Mapa do Brasil 1.9

Medal of Honor

Megacubo 7.5.0

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2833941)

Microsoft .NET Framework 2.0 Language Pack - PTB

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Brazilian Portuguese Language Pack

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Office Professional Edição 2003

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

MiniTool Partition Wizard Home Edition 7.6

Motorola SM56 Data Fax Modem

Mouse Recorder Pro 2.0.7.0

Mozilla Firefox 23.0.1 (x86 pt-BR)

Mozilla Maintenance Service

Mozilla Thunderbird (2.0.0.24)

MSI to redistribute MS VS2005 CRT libraries

MSVC80_x86_v2

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB925673)

Multimedia Launcher

Nero OEM

neroxml

Nokia Connectivity Cable Driver

Nokia Map Loader

Nokia Maps Updater 1.0.12

Nokia PC Suite

Nokia Software Updater

Notebook BatteryInfo

NVIDIA PhysX

Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0

Orbit Downloader

Pacote de Compatibilidade para o sistema Office 2007

Pacote de Driver do Windows - Nokia Modem (06/01/2009 7.01.0.4)

Pacote de Driver do Windows - Nokia Modem (10/05/2009 4.2)

Pacote de Driver do Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)

Pacote de Idiomas do Português (Brasil) para Microsoft .NET Framework 3.0

PC Connectivity Solution

PCSX2 - Playstation 2 Emulator

PokerStars

PowerDVD

PowerProducer

RealPlayer

Realtek High Definition Audio Driver

Receitanet

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01

Samsung Kies

SAMSUNG USB Driver for Mobile Phones

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)

SimCity 4 Deluxe

SiS VGA Utilities

SiSAGP driver

Skype Click to Call

Skype™ 5.8

Spyware Terminator 2012

Steel Legions

Suporte para Aplicativos Apple

Ultima Online Classic Client

Ultima Online: Mondain's Legacy

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

USB Flash Security Ver.2.1.1

USB TV Device Driver

USB2.0 UVC WebCam

VLC media player 2.0.5

WebFldrs XP

Windows Communication Foundation Language Pack - PTB

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 8

Windows Media Tools 4.0

Windows Presentation Foundation

Windows Presentation Foundation Language Pack (PTB)

Windows Workflow Foundation BR Language Pack

Windows XP Service Pack 3

XML Paper Specification Shared Components Language Pack 1.0

XML Paper Specification Shared Components Pack 1.0

.

==== End Of File ===========================

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-09-22 23:13:08

Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD3200BEVT-00ZAT0 rev.01.01A01 298,09GB

Running: p9ff6wec.exe; Driver: F:\DOCUME~1\Lucio\CONFIG~1\Temp\kxlyqpow.sys

---- System - GMER 2.1 ----

SSDT 8A82FC90 ZwAssignProcessToJobObject

SSDT \??\F:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwClose [0xA716F444]

SSDT \??\F:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0xA716EC8A]

SSDT \??\F:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0xA716E958]

SSDT \??\F:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0xA7170520]

SSDT 8A830200 ZwDebugActiveProcess

SSDT \??\F:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0xA716EA68]

SSDT \??\F:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0xA716EB5A]

SSDT 8A8302F0 ZwDuplicateObject

SSDT \??\F:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0xA716F780]

SSDT \??\F:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0xA716EF9C]

SSDT 8A82F590 ZwOpenProcess

SSDT 8A82F800 ZwOpenThread

SSDT 8A82FFD0 ZwProtectVirtualMemory

SSDT 8A8300E0 ZwQueueApcThread

SSDT 8A82FEC0 ZwSetContextThread

SSDT \??\F:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0xA716F0D2]

SSDT 8A82FD90 ZwSetInformationThread

SSDT 8A82CDA0 ZwSetSecurityObject

SSDT \??\F:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0xA716E77E]

SSDT 8A82FB90 ZwSuspendProcess

SSDT 8A82FA80 ZwSuspendThread

SSDT \??\F:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0xA716F6C8]

SSDT 8A82FA50 ZwTerminateThread

SSDT \??\F:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0xA716F2BC]

SSDT 8A8306D0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2D2C 80504614 4 Bytes [58, E9, 16, A7]

.text ntkrnlpa.exe!ZwCallbackReturn + 2D84 8050466C 4 Bytes [68, EA, 16, A7]

? F:\DOCUME~1\Lucio\CONFIG~1\Temp\mbr.sys A sintaxe do nome do arquivo, pasta ou nome do volume está incorreta. !

---- User code sections - GMER 2.1 ----

.text F:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AD0001

.text F:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 3D896714 F:\ARQUIV~1\GBPLUGIN\gbiehisg.dll

.text F:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!FreeLibraryAndExitThread 7C80C210 5 Bytes JMP 3D89668C F:\ARQUIV~1\GBPLUGIN\gbiehisg.dll

.text F:\WINDOWS\system32\winlogon.exe[1008] ole32.dll!CoUnmarshalInterface 7750D3AC 6 Bytes JMP 71A9000A

.text G:\Programas\Kies\External\FirmwareUpdate\KiesPDLR.exe[1780] ntdll.dll!DbgUiRemoteBreakin 7C9520EC 1 Byte [C3]

.text F:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe[1852] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 4 Bytes [C2, 04, 00, 00]

.text F:\WINDOWS\Explorer.EXE[2900] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AF0001

.text F:\WINDOWS\Explorer.EXE[2900] ole32.dll!CoUnmarshalInterface 7750D3AC 6 Bytes JMP 71AB000A

.text F:\Documents and Settings\Lucio\Desktop\p9ff6wec.exe[3304] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AF0001

---- Devices - GMER 2.1 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f81000830

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}@SecurityFlags 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}@SecurityFlags 2

Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001f81000830 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb} (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}@SecurityFlags 1

Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb} (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}@SecurityFlags 2

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 12

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesSuccessful 11

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@LastTraceFailure 1306

---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro lucio.lfv

"http://ici.resynccdn.net/sd/wrap-0.01.html?u=http%3A%2F%2Fici.resynccdn.net%2Fsd%2F apps%2Ffusionx%2F0.0.3.html%3Faff%3D1060-2027"
Não aparece nos logs, mas vamos trabalhar :)

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

Faça o download Junkware Removal Tool e salve em seu Desktop.

  • Desative seus programas de proteção (antivírus etc) para evitar qualquer conflito.
  • Clique duas vezes JRT.exe
    • Se seu sistema for Windows Vista ou Windows 7 ou Windows 8, clique com o botão direito do mouse e peça para Executar como Administrador.

    [*]Seja paciente e aguarde o scan terminar.[*]Abra o log JRT.txt que está em seu Desktop.[*]Copie todo conteúdo e cole em sua próximo mensagem.

# Etapa nº 2 #

  • Clique duas vezes no adwcleaner.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Pesquisar
  • No final do scan será aberto um log com o resultado.
  • Caso algo seja detectado, clique então no botão Remover.
  • Novamente, no final do scan será aberto um log com o resultado.
  • Copie todo seu conteúdo e cole em sua próxima resposta.

# Etapa nº 3 #

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Diego, mais uma vez obrigado.

O redirecionamento continua ativo, mesmo após rodar as ferramentas solicitadas.

Seguem os resultados.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.2 (09.22.2013:1)

OS: Microsoft Windows XP x86

Ran by Lucio on qua 25/09/2013 at 12:23:22,48

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}

~~~ Files

~~~ Folders

~~~ FireFox

Failed to delete: [File] "F:\Arquivos de programas\Mozilla Firefox\searchplugins\avg_igeared.xml"

Emptied folder: F:\Documents and Settings\Lucio\Dados de aplicativos\mozilla\firefox\profiles\vtr7h0vc.default\minidumps [12 files]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on qua 25/09/2013 at 12:28:50,80

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.005 - Relatório criado 25/09/2013 às 13:05:18

# Atualizado 22/09/2013 por Xplode

# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)

# Usuário : Lucio - NOTEBOSS

# Executando de : F:\Documents and Settings\Lucio\Desktop\adwcleaner.exe

# Opção : Limpar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v23.0.1 (pt-BR)

[ Arquivo : F:\Documents and Settings\Lucio\Dados de aplicativos\Mozilla\Firefox\Profiles\vtr7h0vc.default\prefs.js ]

[ Arquivo : F:\Documents and Settings\Convidado\Dados de aplicativos\Mozilla\Firefox\Profiles\xfx44wio.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [8771 octets] - [17/09/2013 19:27:56]

AdwCleaner[R1].txt - [1273 octets] - [25/09/2013 12:49:31]

AdwCleaner[s0].txt - [7715 octets] - [17/09/2013 19:30:25]

AdwCleaner[s1].txt - [1187 octets] - [25/09/2013 13:05:18]

########## EOF - F:\AdwCleaner\AdwCleaner[s1].txt - [1247 octets] ##########

ComboFix 13-09-24.02 - Lucio 25/09/2013 14:32:15.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3055.2307 [GMT -3:00]

Executando de: f:\documents and settings\Lucio\Desktop\ComboFix.exe

AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

ADS - drivers: deleted 412 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

f:\docume~1\Lucio\CONFIG~1\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll

f:\documents and settings\Lucio\Configurações locais\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-08-25 to 2013-09-25 ))))))))))))))))))))))))))))

.

.

2013-09-25 17:30 . 2013-09-25 17:30 12568 ----a-w- f:\windows\system32\drivers\PROCEXP113.SYS

2013-09-19 23:28 . 2013-09-19 23:28 -------- d-----w- f:\windows\system32\wbem\Repository

2013-09-17 22:53 . 2013-09-17 22:53 -------- d-----w- f:\windows\ERUNT

2013-09-17 22:27 . 2013-09-25 16:05 -------- d-----w- F:\AdwCleaner

2013-09-17 21:30 . 2013-09-17 21:30 -------- d-----w- f:\documents and settings\Lucio\Dados de aplicativos\Malwarebytes

2013-09-17 21:30 . 2013-09-17 21:30 -------- d-----w- f:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2013-09-17 21:30 . 2013-09-17 21:30 -------- d-----w- f:\arquivos de programas\Malwarebytes' Anti-Malware

2013-09-17 21:30 . 2013-04-04 17:50 22856 ----a-w- f:\windows\system32\drivers\mbam.sys

2013-09-17 20:12 . 2013-09-17 20:12 -------- d-----w- F:\TDSSKiller_Quarantine

2013-09-12 23:26 . 2011-06-21 14:24 32768 ----a-w- f:\windows\system32\drivers\sp_rsdrv2.sys

2013-09-12 23:26 . 2013-09-24 02:31 -------- d-----w- f:\documents and settings\All Users\Dados de aplicativos\Spyware Terminator

2013-09-12 23:26 . 2013-09-12 23:26 -------- d-----w- f:\documents and settings\Lucio\Dados de aplicativos\Spyware Terminator

2013-09-12 23:26 . 2013-09-12 23:27 -------- d-----w- f:\arquivos de programas\Spyware Terminator

2013-09-12 03:11 . 2013-09-12 03:11 -------- d-----w- f:\arquivos de programas\LyricsSeeker

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-25 18:20 . 2012-01-29 12:49 31088 ----a-w- f:\windows\system32\drivers\GbpNdisrd.sys

2013-09-20 01:04 . 2012-04-08 14:17 692616 ----a-w- f:\windows\system32\FlashPlayerApp.exe

2013-09-20 01:04 . 2011-05-17 12:04 71048 ----a-w- f:\windows\system32\FlashPlayerCPLApp.cpl

2013-08-09 01:56 . 2004-08-04 01:45 389632 ----a-w- f:\windows\system32\themeui.dll

2013-08-08 06:09 . 2004-08-04 01:38 1877888 ----a-w- f:\windows\system32\win32k.sys

2013-08-08 06:05 . 2004-08-04 01:45 920064 ----a-w- f:\windows\system32\wininet.dll

2013-08-08 06:05 . 2004-08-04 01:45 43520 ----a-w- f:\windows\system32\licmgr10.dll

2013-08-08 06:05 . 2004-08-04 01:45 1469440 ----a-w- f:\windows\system32\inetcpl.cpl

2013-08-08 06:05 . 2004-08-04 01:45 18944 ----a-w- f:\windows\system32\corpol.dll

2013-08-08 00:04 . 2004-08-04 01:37 385024 ----a-w- f:\windows\system32\html.iec

2013-08-05 13:30 . 2004-08-04 01:45 1289216 ----a-w- f:\windows\system32\ole32.dll

2013-07-31 05:41 . 2004-08-04 01:45 810496 ----a-w- f:\windows\system32\wmvdmod.dll

2013-07-10 10:37 . 2004-08-04 01:45 406016 ----a-w- f:\windows\system32\usp10.dll

2013-07-04 07:34 . 2004-08-04 01:40 2153984 ----a-w- f:\windows\system32\ntoskrnl.exe

2013-07-04 07:33 . 2004-08-04 00:40 2032640 ----a-w- f:\windows\system32\ntkrnlpa.exe

2013-07-01 18:40 . 2009-10-07 19:34 47688 ----a-w- f:\windows\system32\drivers\GbpKm.sys

2004-10-01 17:00 . 2009-12-08 00:45 40960 ----a-w- f:\arquivos de programas\Uninstall_CDS.exe

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="g:\programas\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

"KiesPreload"="g:\programas\Kies\Kies.exe" [2012-08-31 964024]

"KiesPDLR"="g:\programas\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-31 21432]

"NBJ"="f:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSPower"="SiSPower.dll" [2007-08-03 53248]

"RTHDCPL"="RTHDCPL.EXE" [2007-09-03 16841216]

"SMSERIAL"="f:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]

"BIH"="bih.dll" [2009-07-01 208896]

"TkBellExe"="f:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-01-26 198160]

"egui"="f:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2009-03-19 2029640]

"RemoteControl"="f:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]

"InCD"="f:\arquivos de programas\Ahead\InCD\InCD.exe" [2005-07-08 1397760]

"NeroFilterCheck"="f:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]

"Adobe Reader Speed Launcher"="f:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]

"Adobe ARM"="f:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"KiesTrayAgent"="g:\programas\Kies\KiesTrayAgent.exe" [2012-08-31 3524536]

"APSDaemon"="f:\arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"iTunesHelper"="g:\programas\Itunes\iTunesHelper.exe" [2012-09-10 421776]

"SunJavaUpdateSched"="f:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2013-03-12 253816]

"SpywareTerminatorUpdater"="f:\arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-08-29 3684488]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

.

f:\documents and settings\Lucio\Menu Iniciar\Programas\Inicializar\

LimeWire On Startup.lnk - g:\programas\LimeWire\LimeWire.exe -startup [2009-9-30 503808]

.

f:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Utility Tray.lnk - f:\windows\system32\sistray.exe [2009-6-29 262144]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399015}"= "f:\arquiv~1\GBPLUGIN\gbiehisg.dll" [2012-06-01 597504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2013-07-15 14:23 1410088 ------w- f:\arquivos de programas\GbPlugin\gbieh.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2013-07-01 18:39 1383240 ------w- f:\arquivos de programas\GbPlugin\gbiehcef.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginIsg]

2012-06-01 20:50 597504 ------w- f:\arquiv~1\GbPlugin\gbiehIsg.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"g:\\Programas\\Orbitdownloader\\orbitdm.exe"=

"g:\\Programas\\Orbitdownloader\\orbitnet.exe"=

"g:\\Games\\EA Games\\Ultima Online Mondain's Legacy\\client.exe"=

"g:\\Programas\\realplay.exe"=

"f:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"g:\\Programas\\LimeWire\\LimeWire.exe"=

"f:\\Arquivos de programas\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"f:\\Arquivos de programas\\Arquivos comuns\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"f:\\Arquivos de programas\\TrackMaker\\trackmaker.exe"=

"g:\\Programas\\FlashGet\\FlashGet3.exe"=

"f:\\Arquivos de programas\\Google\\Google Earth\\client\\googleearth.exe"=

"f:\\Arquivos de programas\\Google\\Google Earth\\plugin\\geplugin.exe"=

"g:\\Programas\\Megacubo\\megacubo.exe"=

"g:\\Programas\\Ares\\Ares.exe"=

"f:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"f:\\Documents and Settings\\All Users\\Dados de aplicativos\\Battle.net\\Agent\\Agent.524\\Agent.exe"=

"f:\\Documents and Settings\\All Users\\Dados de aplicativos\\Battle.net\\Agent\\Agent.976\\Agent.exe"=

"f:\\WINDOWS\\system32\\muzapp.exe"=

"f:\\Arquivos de programas\\Arquivos comuns\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"f:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"g:\\Programas\\Itunes\\iTunes.exe"=

"g:\\Games\\Electronic Arts\\Ultima Online Classic\\client.exe"=

"f:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"f:\\Arquivos de programas\\Java\\jre7\\launch4j-tmp\\IRPF2013.exe"=

"f:\\Arquivos de programas\\Spyware Terminator\\SpywareTerminator.exe"=

"f:\\Arquivos de programas\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=

.

R0 GbpKm;Gbp KernelMode;f:\windows\system32\drivers\GbpKm.sys [7/10/2009 16:34 47688]

R1 ehdrv;ehdrv;f:\windows\system32\drivers\ehdrv.sys [19/3/2009 10:44 107256]

R1 epfwtdir;epfwtdir;f:\windows\system32\drivers\epfwtdir.sys [19/3/2009 10:45 93848]

R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;f:\windows\system32\drivers\sp_rsdrv2.sys [12/9/2013 20:26 32768]

R2 ekrn;ESET Service;f:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [19/3/2009 10:44 731840]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;f:\arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe [12/12/2012 19:02 81920]

R2 GbpSv;Gbp Service;f:\arquiv~1\GbPlugin\GbpSv.exe [7/10/2009 16:34 409640]

R2 Skype C2C Service;Skype C2C Service;f:\documents and settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2/10/2012 11:13 3064000]

R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;f:\arquivos de programas\Spyware Terminator\st_rsser.exe [12/9/2013 20:26 587912]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;f:\arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe [12/12/2012 19:02 2764800]

R3 NdisrdMP;NdisrdMP;f:\windows\system32\drivers\GbpNdisrd.sys [29/1/2012 09:49 31088]

S2 SkypeUpdate;Skype Updater;f:\arquivos de programas\Skype\Updater\Updater.exe [29/2/2012 08:50 158856]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);f:\windows\system32\drivers\ssudbus.sys [23/9/2012 11:30 83168]

S3 GNOME_R;GNOME_R;f:\windows\system32\drivers\gnome.sys [2/3/2010 10:35 10496]

S3 Ndisrd;GAS Tecnologia Service;f:\windows\system32\drivers\GbpNdisrd.sys [29/1/2012 09:49 31088]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;f:\windows\system32\drivers\nmwcdnsu.sys [26/1/2010 14:01 136704]

S3 nmwcdnsuc;Nokia USB Flashing Generic;f:\windows\system32\drivers\nmwcdnsuc.sys [26/1/2010 14:01 8320]

S3 pwdrvio;pwdrvio;f:\windows\system32\pwdrvio.sys [1/7/2010 10:27 15576]

S3 pwdspio;pwdspio;f:\windows\system32\pwdspio.sys [1/7/2010 10:27 10200]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);f:\windows\system32\drivers\ssudmdm.sys [23/9/2012 11:30 181344]

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-09-25 f:\windows\Tasks\Adobe Flash Player Updater.job

- f:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 01:04]

.

2013-09-25 f:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- f:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-06-21 20:49]

.

2013-09-25 f:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- f:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-06-21 20:49]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Download by Orbit - g:\programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - g:\programas\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - g:\programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - g:\programas\Orbitdownloader\orbitmxt.dll/202

IE: Download all by FlashGet3 - f:\documents and settings\Lucio\Dados de aplicativos\FlashGetBHO\GetAllUrl.htm

IE: Download by FlashGet3 - f:\documents and settings\Lucio\Dados de aplicativos\FlashGetBHO\GetUrl.htm

IE: E&xportar para o Microsoft Excel - f:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: ????3?? - f:\documents and settings\Lucio\Dados de aplicativos\FlashGetBHO\GetUrl.htm

IE: ????3?????? - f:\documents and settings\Lucio\Dados de aplicativos\FlashGetBHO\GetAllUrl.htm

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

Trusted Zone: caixa.gov.br

Trusted Zone: infoseg.gov.br\www

Trusted Zone: infoseg.gov.br\www2

Trusted Zone: infoseg.gov.br\www5

TCP: DhcpNameServer = 192.168.0.1

DPF: {E37CB5F0-51F5-4395-A808-5FA49E399015} - hxxps://www5.infoseg.gov.br/Install/GbPluginIsg.cab

FF - ProfilePath - f:\documents and settings\Lucio\Dados de aplicativos\Mozilla\Firefox\Profiles\vtr7h0vc.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.com.br

FF - prefs.js: keyword.URL - hxxp://br.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_br&p=

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2013-08-30 18:21; {87F8774F-B485-47E2-A755-A40A8A5E886D}; f:\documents and settings\Lucio\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\cef\xpi

FF - ExtSQL: 2013-09-12 00:11; {0303e6fc-c062-47f1-825d-73e5e97d1d43}; f:\arquivos de programas\LyricsSeeker\133.xpi

FF - ExtSQL: 2013-09-12 13:55; {87F8774F-B485-47E2-A755-A40A8A5E886C}; f:\documents and settings\Lucio\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\bb\xpi

FF - ExtSQL: !HIDDEN! 2011-01-10 16:17; {20a82645-c095-46ed-80e3-08825760534b}; f:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-09-25 15:21

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-1659004503-746137067-682003330-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}]

@="f:\\Documents and Settings\\Lucio\\Dados de aplicativos\\FlashGetBHO\\GetUrl.htm"

"contexts"=dword:00000022

.

[HKEY_USERS\S-1-5-21-1659004503-746137067-682003330-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}hQèþ”¥c]

@="f:\\Documents and Settings\\Lucio\\Dados de aplicativos\\FlashGetBHO\\GetAllUrl.htm"

"contexts"=dword:000000f3

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'winlogon.exe'(1024)

f:\arquivos de programas\GBPLUGIN\gbieh.dll

f:\arquivos de programas\GbPlugin\gbiehcef.dll

f:\arquiv~1\GBPLUGIN\gbiehisg.dll

.

- - - - - - - > 'explorer.exe'(1408)

f:\windows\system32\WININET.dll

f:\arquivos de programas\ESET\ESET NOD32 Antivirus\eplgHooks.dll

f:\arquiv~1\GBPLUGIN\gbiehisg.dll

f:\windows\system32\webcheck.dll

f:\arquivos de programas\Scpad\scpLIB.dll

f:\arquivos de programas\Scpad\scpMIB.dll

f:\arquivos de programas\GBPLUGIN\gbieh.dll

f:\arquivos de programas\GbPlugin\gbiehcef.dll

.

------------------------ Outros Processos em Execução ------------------------

.

f:\arquivos de programas\Ahead\InCD\InCDsrv.exe

f:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

f:\arquivos de programas\Bonjour\mDNSResponder.exe

f:\arquivos de programas\Java\jre7\bin\jqs.exe

f:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

f:\windows\system32\wbem\wmiapsrv.exe

f:\windows\system32\DllHost.exe

f:\windows\RTHDCPL.EXE

f:\windows\system32\rundll32.exe

f:\windows\system32\rundll32.exe

f:\arquivos de programas\iPod\bin\iPodService.exe

f:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

.

**************************************************************************

.

Tempo para conclusão: 2013-09-25 15:29:30 - Máquina reiniciou

ComboFix-quarantined-files.txt 2013-09-25 18:29

ComboFix2.txt 2013-09-18 16:27

.

Pré-execução: 9 pasta(s) 16.731.770.880 bytes disponíveis

Pós execução: 10 pasta(s) 17.460.428.800 bytes disponíveis

.

- - End Of File - - F1FB5A3B0054E1E07C658294682FFE18

239FC8B1C26D5286165A956F5A98D8D7

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro lucio.lfv

O redirecionamento continua ativo,
Teria um print?

# Etapa nº 1 #

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

  • Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

Firefox::
FF - ProfilePath - f:\documents and settings\Lucio\Dados de aplicativos\Mozilla\Firefox\Profiles\vtr7h0vc.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com.br
FF - prefs.js: keyword.URL - hxxp://br.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_br&p=

RegNull::
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]


  • Salve este arquivo como: CFScript.txt
  • Tal com exemplificado na animação abaixo, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

2872959479_997d4500c4_o.gif

# Etapa nº 2 #

Faça o donwload do OTL by OldTimer e salve em seu Desktop.

  • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
  • Deixe a tela principal configurada conforme figura abaixo:

5369448421_6bf795eb1a_b.jpg

  • Copie e cole o conteúdo abaixo, no espaço logo após 5369460409_ee749edc8e_m.jpg
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dl
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
/md5stop

  • Clique no botão 5370056362_e3d07d5d8a_m.jpg
  • Não interrompa o scan em hipótese alguma;
  • Quando terminar será gerado dois logs: OTL.txt e Extras.txt;
  • Reinicie o computador;
  • Poste os dois logs em sua próxima resposta.
  • Não exclua o OTL

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Diego, obrigado pela atenção.

Efetuei os procedimentos solicitados, seguem os posts:

ComboFix 13-09-26.03 - Lucio 27/09/2013 13:52:12.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3055.2218 [GMT -3:00]

Executando de: f:\documents and settings\Lucio\Desktop\ComboFix.exe

Comandos utilizados :: f:\documents and settings\Lucio\Desktop\CFScript.txt

AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

ADS - drivers: deleted 412 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

f:\docume~1\Lucio\CONFIG~1\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll

f:\documents and settings\Lucio\Configurações locais\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-08-27 to 2013-09-27 ))))))))))))))))))))))))))))

.

.

2013-09-19 23:28 . 2013-09-19 23:28 -------- d-----w- f:\windows\system32\wbem\Repository

2013-09-17 22:53 . 2013-09-17 22:53 -------- d-----w- f:\windows\ERUNT

2013-09-17 22:27 . 2013-09-25 16:05 -------- d-----w- F:\AdwCleaner

2013-09-17 21:30 . 2013-09-17 21:30 -------- d-----w- f:\documents and settings\Lucio\Dados de aplicativos\Malwarebytes

2013-09-17 21:30 . 2013-09-17 21:30 -------- d-----w- f:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2013-09-17 21:30 . 2013-09-17 21:30 -------- d-----w- f:\arquivos de programas\Malwarebytes' Anti-Malware

2013-09-17 21:30 . 2013-04-04 17:50 22856 ----a-w- f:\windows\system32\drivers\mbam.sys

2013-09-17 20:12 . 2013-09-17 20:12 -------- d-----w- F:\TDSSKiller_Quarantine

2013-09-12 23:26 . 2011-06-21 14:24 32768 ----a-w- f:\windows\system32\drivers\sp_rsdrv2.sys

2013-09-12 23:26 . 2013-09-24 02:31 -------- d-----w- f:\documents and settings\All Users\Dados de aplicativos\Spyware Terminator

2013-09-12 23:26 . 2013-09-12 23:26 -------- d-----w- f:\documents and settings\Lucio\Dados de aplicativos\Spyware Terminator

2013-09-12 23:26 . 2013-09-12 23:27 -------- d-----w- f:\arquivos de programas\Spyware Terminator

2013-09-12 03:11 . 2013-09-12 03:11 -------- d-----w- f:\arquivos de programas\LyricsSeeker

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-27 17:05 . 2012-01-29 12:49 31088 ----a-w- f:\windows\system32\drivers\GbpNdisrd.sys

2013-09-20 01:04 . 2012-04-08 14:17 692616 ----a-w- f:\windows\system32\FlashPlayerApp.exe

2013-09-20 01:04 . 2011-05-17 12:04 71048 ----a-w- f:\windows\system32\FlashPlayerCPLApp.cpl

2013-08-09 01:56 . 2004-08-04 01:45 389632 ----a-w- f:\windows\system32\themeui.dll

2013-08-08 06:09 . 2004-08-04 01:38 1877888 ----a-w- f:\windows\system32\win32k.sys

2013-08-08 06:05 . 2004-08-04 01:45 920064 ----a-w- f:\windows\system32\wininet.dll

2013-08-08 06:05 . 2004-08-04 01:45 43520 ----a-w- f:\windows\system32\licmgr10.dll

2013-08-08 06:05 . 2004-08-04 01:45 1469440 ----a-w- f:\windows\system32\inetcpl.cpl

2013-08-08 06:05 . 2004-08-04 01:45 18944 ----a-w- f:\windows\system32\corpol.dll

2013-08-08 00:04 . 2004-08-04 01:37 385024 ----a-w- f:\windows\system32\html.iec

2013-08-05 13:30 . 2004-08-04 01:45 1289216 ----a-w- f:\windows\system32\ole32.dll

2013-07-31 05:41 . 2004-08-04 01:45 810496 ----a-w- f:\windows\system32\wmvdmod.dll

2013-07-10 10:37 . 2004-08-04 01:45 406016 ----a-w- f:\windows\system32\usp10.dll

2013-07-04 07:34 . 2004-08-04 01:40 2153984 ----a-w- f:\windows\system32\ntoskrnl.exe

2013-07-04 07:33 . 2004-08-04 00:40 2032640 ----a-w- f:\windows\system32\ntkrnlpa.exe

2013-07-01 18:40 . 2009-10-07 19:34 47688 ----a-w- f:\windows\system32\drivers\GbpKm.sys

2004-10-01 17:00 . 2009-12-08 00:45 40960 ----a-w- f:\arquivos de programas\Uninstall_CDS.exe

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="g:\programas\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

"KiesPreload"="g:\programas\Kies\Kies.exe" [2012-08-31 964024]

"KiesPDLR"="g:\programas\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-31 21432]

"NBJ"="f:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSPower"="SiSPower.dll" [2007-08-03 53248]

"RTHDCPL"="RTHDCPL.EXE" [2007-09-03 16841216]

"SMSERIAL"="f:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]

"BIH"="bih.dll" [2009-07-01 208896]

"TkBellExe"="f:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-01-26 198160]

"egui"="f:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2009-03-19 2029640]

"RemoteControl"="f:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]

"InCD"="f:\arquivos de programas\Ahead\InCD\InCD.exe" [2005-07-08 1397760]

"NeroFilterCheck"="f:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]

"Adobe Reader Speed Launcher"="f:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]

"Adobe ARM"="f:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"KiesTrayAgent"="g:\programas\Kies\KiesTrayAgent.exe" [2012-08-31 3524536]

"APSDaemon"="f:\arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"iTunesHelper"="g:\programas\Itunes\iTunesHelper.exe" [2012-09-10 421776]

"SunJavaUpdateSched"="f:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2013-03-12 253816]

"SpywareTerminatorUpdater"="f:\arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-08-29 3684488]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

.

f:\documents and settings\Lucio\Menu Iniciar\Programas\Inicializar\

LimeWire On Startup.lnk - g:\programas\LimeWire\LimeWire.exe -startup [2009-9-30 503808]

.

f:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Utility Tray.lnk - f:\windows\system32\sistray.exe [2009-6-29 262144]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399015}"= "f:\arquiv~1\GBPLUGIN\gbiehisg.dll" [2012-06-01 597504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2013-07-15 14:23 1410088 ------w- f:\arquivos de programas\GbPlugin\gbieh.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2013-07-01 18:39 1383240 ------w- f:\arquivos de programas\GbPlugin\gbiehcef.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginIsg]

2012-06-01 20:50 597504 ------w- f:\arquiv~1\GbPlugin\gbiehIsg.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"g:\\Programas\\Orbitdownloader\\orbitdm.exe"=

"g:\\Programas\\Orbitdownloader\\orbitnet.exe"=

"g:\\Games\\EA Games\\Ultima Online Mondain's Legacy\\client.exe"=

"g:\\Programas\\realplay.exe"=

"f:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"g:\\Programas\\LimeWire\\LimeWire.exe"=

"f:\\Arquivos de programas\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"f:\\Arquivos de programas\\Arquivos comuns\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"f:\\Arquivos de programas\\TrackMaker\\trackmaker.exe"=

"g:\\Programas\\FlashGet\\FlashGet3.exe"=

"f:\\Arquivos de programas\\Google\\Google Earth\\client\\googleearth.exe"=

"f:\\Arquivos de programas\\Google\\Google Earth\\plugin\\geplugin.exe"=

"g:\\Programas\\Megacubo\\megacubo.exe"=

"g:\\Programas\\Ares\\Ares.exe"=

"f:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"f:\\Documents and Settings\\All Users\\Dados de aplicativos\\Battle.net\\Agent\\Agent.524\\Agent.exe"=

"f:\\Documents and Settings\\All Users\\Dados de aplicativos\\Battle.net\\Agent\\Agent.976\\Agent.exe"=

"f:\\WINDOWS\\system32\\muzapp.exe"=

"f:\\Arquivos de programas\\Arquivos comuns\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"f:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"g:\\Programas\\Itunes\\iTunes.exe"=

"g:\\Games\\Electronic Arts\\Ultima Online Classic\\client.exe"=

"f:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"f:\\Arquivos de programas\\Java\\jre7\\launch4j-tmp\\IRPF2013.exe"=

"f:\\Arquivos de programas\\Spyware Terminator\\SpywareTerminator.exe"=

"f:\\Arquivos de programas\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=

.

R0 GbpKm;Gbp KernelMode;f:\windows\system32\drivers\GbpKm.sys [7/10/2009 16:34 47688]

R1 ehdrv;ehdrv;f:\windows\system32\drivers\ehdrv.sys [19/3/2009 10:44 107256]

R1 epfwtdir;epfwtdir;f:\windows\system32\drivers\epfwtdir.sys [19/3/2009 10:45 93848]

R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;f:\windows\system32\drivers\sp_rsdrv2.sys [12/9/2013 20:26 32768]

R2 ekrn;ESET Service;f:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [19/3/2009 10:44 731840]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;f:\arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe [12/12/2012 19:02 81920]

R2 GbpSv;Gbp Service;f:\arquiv~1\GbPlugin\GbpSv.exe [7/10/2009 16:34 409640]

R2 Skype C2C Service;Skype C2C Service;f:\documents and settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2/10/2012 11:13 3064000]

R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;f:\arquivos de programas\Spyware Terminator\st_rsser.exe [12/9/2013 20:26 587912]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;f:\arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe [12/12/2012 19:02 2764800]

R3 NdisrdMP;NdisrdMP;f:\windows\system32\drivers\GbpNdisrd.sys [29/1/2012 09:49 31088]

S2 SkypeUpdate;Skype Updater;f:\arquivos de programas\Skype\Updater\Updater.exe [29/2/2012 08:50 158856]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);f:\windows\system32\drivers\ssudbus.sys [23/9/2012 11:30 83168]

S3 GNOME_R;GNOME_R;f:\windows\system32\drivers\gnome.sys [2/3/2010 10:35 10496]

S3 Ndisrd;GAS Tecnologia Service;f:\windows\system32\drivers\GbpNdisrd.sys [29/1/2012 09:49 31088]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;f:\windows\system32\drivers\nmwcdnsu.sys [26/1/2010 14:01 136704]

S3 nmwcdnsuc;Nokia USB Flashing Generic;f:\windows\system32\drivers\nmwcdnsuc.sys [26/1/2010 14:01 8320]

S3 pwdrvio;pwdrvio;f:\windows\system32\pwdrvio.sys [1/7/2010 10:27 15576]

S3 pwdspio;pwdspio;f:\windows\system32\pwdspio.sys [1/7/2010 10:27 10200]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);f:\windows\system32\drivers\ssudmdm.sys [23/9/2012 11:30 181344]

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-09-27 f:\windows\Tasks\Adobe Flash Player Updater.job

- f:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 01:04]

.

2013-09-27 f:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- f:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-06-21 20:49]

.

2013-09-27 f:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- f:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-06-21 20:49]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Download by Orbit - g:\programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - g:\programas\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - g:\programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - g:\programas\Orbitdownloader\orbitmxt.dll/202

IE: Download all by FlashGet3 - f:\documents and settings\Lucio\Dados de aplicativos\FlashGetBHO\GetAllUrl.htm

IE: Download by FlashGet3 - f:\documents and settings\Lucio\Dados de aplicativos\FlashGetBHO\GetUrl.htm

IE: E&xportar para o Microsoft Excel - f:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: ????3?? - f:\documents and settings\Lucio\Dados de aplicativos\FlashGetBHO\GetUrl.htm

IE: ????3?????? - f:\documents and settings\Lucio\Dados de aplicativos\FlashGetBHO\GetAllUrl.htm

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

Trusted Zone: caixa.gov.br

Trusted Zone: infoseg.gov.br\www

Trusted Zone: infoseg.gov.br\www2

Trusted Zone: infoseg.gov.br\www5

TCP: DhcpNameServer = 192.168.0.1

DPF: {E37CB5F0-51F5-4395-A808-5FA49E399015} - hxxps://www5.infoseg.gov.br/Install/GbPluginIsg.cab

FF - ProfilePath - f:\documents and settings\Lucio\Dados de aplicativos\Mozilla\Firefox\Profiles\vtr7h0vc.default\

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2013-08-30 18:21; {87F8774F-B485-47E2-A755-A40A8A5E886D}; f:\documents and settings\Lucio\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\cef\xpi

FF - ExtSQL: 2013-09-12 00:11; {0303e6fc-c062-47f1-825d-73e5e97d1d43}; f:\arquivos de programas\LyricsSeeker\133.xpi

FF - ExtSQL: 2013-09-12 13:55; {87F8774F-B485-47E2-A755-A40A8A5E886C}; f:\documents and settings\Lucio\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\bb\xpi

FF - ExtSQL: !HIDDEN! 2011-01-10 16:17; {20a82645-c095-46ed-80e3-08825760534b}; f:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-09-27 14:05

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-1659004503-746137067-682003330-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}]

@="f:\\Documents and Settings\\Lucio\\Dados de aplicativos\\FlashGetBHO\\GetUrl.htm"

"contexts"=dword:00000022

.

[HKEY_USERS\S-1-5-21-1659004503-746137067-682003330-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}hQèþ”¥c]

@="f:\\Documents and Settings\\Lucio\\Dados de aplicativos\\FlashGetBHO\\GetAllUrl.htm"

"contexts"=dword:000000f3

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'winlogon.exe'(1024)

f:\arquivos de programas\GBPLUGIN\gbieh.dll

f:\arquivos de programas\GbPlugin\gbiehcef.dll

f:\arquiv~1\GBPLUGIN\gbiehisg.dll

.

- - - - - - - > 'explorer.exe'(2848)

f:\windows\system32\WININET.dll

f:\arquivos de programas\ESET\ESET NOD32 Antivirus\eplgHooks.dll

f:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.dll

f:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.PTB

f:\windows\system32\webcheck.dll

f:\arquivos de programas\Scpad\scpLIB.dll

f:\arquivos de programas\Scpad\scpMIB.dll

f:\arquivos de programas\GBPLUGIN\gbieh.dll

f:\arquivos de programas\GbPlugin\gbiehcef.dll

f:\arquiv~1\GBPLUGIN\gbiehisg.dll

.

------------------------ Outros Processos em Execução ------------------------

.

f:\arquivos de programas\Ahead\InCD\InCDsrv.exe

f:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

f:\arquivos de programas\Bonjour\mDNSResponder.exe

f:\arquivos de programas\Java\jre7\bin\jqs.exe

f:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

f:\windows\system32\wscntfy.exe

f:\windows\system32\wbem\wmiapsrv.exe

f:\windows\RTHDCPL.EXE

f:\windows\system32\rundll32.exe

f:\windows\system32\rundll32.exe

f:\arquivos de programas\iPod\bin\iPodService.exe

g:\programas\LimeWire\LimeWire.exe

f:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

.

**************************************************************************

.

Tempo para conclusão: 2013-09-27 14:11:39 - Máquina reiniciou

ComboFix-quarantined-files.txt 2013-09-27 17:11

ComboFix2.txt 2013-09-25 18:29

ComboFix3.txt 2013-09-18 16:27

.

Pré-execução: 9 pasta(s) 17.356.808.192 bytes disponíveis

Pós execução: 10 pasta(s) 17.336.393.728 bytes disponíveis

.

- - End Of File - - BE1CEEEEC8CAC6536506C89E8323FAB7

239FC8B1C26D5286165A956F5A98D8D7

OTL logfile created on: 27/9/2013 14:29:26 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = F:\Documents and Settings\Lucio\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

2,98 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 78,84% Memory free

4,83 Gb Paging File | 4,31 Gb Available in Paging File | 89,42% Paging File free

Paging file location(s): F:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Arquivos de programas

Drive C: | 19,80 Gb Total Space | 19,71 Gb Free Space | 99,52% Space Free | Partition Type: NTFS

Drive F: | 47,18 Gb Total Space | 16,36 Gb Free Space | 34,68% Space Free | Partition Type: NTFS

Drive G: | 231,11 Gb Total Space | 43,11 Gb Free Space | 18,65% Space Free | Partition Type: NTFS

Computer Name: NOTEBOSS | User Name: Lucio | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/27 14:24:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Lucio\Desktop\OTL.exe

PRC - [2013/08/29 02:50:56 | 000,587,912 | ---- | M] (Crawler.com) -- F:\Arquivos de programas\Spyware Terminator\st_rsser.exe

PRC - [2013/08/29 02:50:52 | 003,684,488 | ---- | M] (Crawler.com) -- F:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe

PRC - [2013/07/15 11:23:42 | 000,409,640 | ---- | M] (GAS Tecnologia) -- F:\Arquivos de programas\GbPlugin\gbpsv.exe

PRC - [2013/06/25 08:59:16 | 000,182,184 | ---- | M] (Oracle Corporation) -- F:\Arquivos de programas\Java\jre7\bin\jqs.exe

PRC - [2013/03/12 07:32:50 | 000,253,816 | ---- | M] (Oracle Corporation) -- F:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

PRC - [2012/10/02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- F:\Documents and Settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2012/08/31 09:52:22 | 000,021,432 | ---- | M] () -- G:\Programas\Kies\External\FirmwareUpdate\KiesPDLR.exe

PRC - [2012/08/31 09:52:14 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- G:\Programas\Kies\KiesTrayAgent.exe

PRC - [2012/08/31 09:52:12 | 000,964,024 | ---- | M] (Samsung) -- G:\Programas\Kies\Kies.exe

PRC - [2012/08/11 16:43:06 | 000,055,184 | ---- | M] (Apple Inc.) -- F:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2011/02/01 07:29:14 | 000,081,920 | ---- | M] (Firebird Project) -- F:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

PRC - [2011/02/01 07:29:08 | 002,764,800 | ---- | M] (Firebird Project) -- F:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

PRC - [2010/01/26 17:45:47 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- F:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

PRC - [2009/03/19 10:44:50 | 000,731,840 | ---- | M] (ESET) -- F:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

PRC - [2009/03/19 10:44:28 | 002,029,640 | ---- | M] (ESET) -- F:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

PRC - [2008/04/13 19:21:00 | 001,035,776 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\explorer.exe

PRC - [2007/08/03 16:06:32 | 000,262,144 | ---- | M] (Silicon Integrated Systems Corporation) -- F:\WINDOWS\system32\sistray.exe

PRC - [2007/01/17 14:34:18 | 000,634,880 | R--- | M] (Motorola Inc.) -- F:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

PRC - [2005/07/08 16:24:46 | 000,871,424 | ---- | M] (Nero AG) -- F:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

PRC - [2005/07/08 11:25:10 | 001,397,760 | ---- | M] (Nero AG) -- F:\Arquivos de programas\Ahead\InCD\InCD.exe

PRC - [2004/11/02 19:24:46 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- F:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

========== Modules (No Company Name) ==========

MOD - [2013/09/27 14:08:18 | 000,115,137 | ---- | M] () -- F:\Documents and Settings\Lucio\Configurações locais\temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll

MOD - [2013/08/17 10:17:00 | 000,998,400 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\cf3c9d1496acdcb836853e59fe20223b\System.Management.ni.dll

MOD - [2013/08/17 09:53:40 | 002,295,808 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\2bd89ed2dc0f585328fd1ac4c5a206dd\System.Core.ni.dll

MOD - [2013/08/17 09:53:28 | 000,212,992 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll

MOD - [2013/08/17 09:52:58 | 000,771,584 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\f4ea3ea9bbe98bbc32c6def83bd2962d\System.Runtime.Remoting.ni.dll

MOD - [2013/08/17 09:52:33 | 014,329,856 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a283b4d76562af1ff279d465f5488d8c\PresentationFramework.ni.dll

MOD - [2013/08/17 09:51:49 | 012,434,432 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a12a09aaa2c560a808dea7eaba5040c1\System.Windows.Forms.ni.dll

MOD - [2013/08/17 09:51:35 | 001,593,344 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll

MOD - [2013/08/17 09:51:27 | 012,218,880 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\6c1a100fe556c7d391f4d1681ab3c615\PresentationCore.ni.dll

MOD - [2013/08/17 09:51:03 | 003,325,440 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\64441cc39259974a2c3cdf0702a8beb3\WindowsBase.ni.dll

MOD - [2013/08/17 09:50:48 | 005,462,016 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll

MOD - [2013/08/17 09:50:41 | 000,978,944 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\14d1a28674a9f78c5759e7dcf74a13fd\System.Configuration.ni.dll

MOD - [2013/08/17 09:50:32 | 007,977,984 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll

MOD - [2013/07/11 10:08:43 | 000,539,648 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e729dd9b653def0664bf0efcf22dc112\PresentationFramework.Luna.ni.dll

MOD - [2013/07/11 10:06:14 | 011,497,984 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll

MOD - [2012/12/18 18:59:18 | 000,019,144 | ---- | M] () -- F:\Arquivos de programas\Adobe\Reader 9.0\Reader\ViewerPS.dll

MOD - [2012/08/31 09:52:22 | 000,021,432 | ---- | M] () -- G:\Programas\Kies\External\FirmwareUpdate\KiesPDLR.exe

MOD - [2012/08/31 09:46:26 | 015,342,592 | ---- | M] () -- G:\Programas\Kies\Theme\Kies.Theme.dll

MOD - [2012/08/31 09:45:44 | 000,559,616 | ---- | M] () -- G:\Programas\Kies\Common\Kies.UI.dll

MOD - [2012/08/28 10:23:40 | 000,034,816 | ---- | M] () -- G:\Programas\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll

MOD - [2012/08/28 10:22:46 | 000,023,040 | ---- | M] () -- G:\Programas\Kies\MVVM\Kies.MVVM.dll

MOD - [2012/08/28 10:06:08 | 000,057,856 | ---- | M] () -- G:\Programas\Kies\Common\ASF_cSharpAPI.dll

MOD - [2012/08/28 10:05:16 | 000,659,408 | ---- | M] () -- G:\Programas\Kies\External\FirmwareUpdate\CommonModule.dll

MOD - [2012/08/28 10:05:16 | 000,552,400 | ---- | M] () -- G:\Programas\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll

MOD - [2012/08/28 10:05:16 | 000,028,624 | ---- | M] () -- G:\Programas\Kies\External\FirmwareUpdate\FirmwareUpdate.MVVM.dll

MOD - [2012/08/28 10:05:16 | 000,007,168 | ---- | M] () -- G:\Programas\Kies\External\FirmwareUpdate\IPCServer.dll

MOD - [2012/08/28 10:05:16 | 000,003,584 | ---- | M] () -- G:\Programas\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll

MOD - [2012/08/28 10:05:10 | 000,069,632 | ---- | M] () -- G:\Programas\Kies\External\FirmwareUpdate\pt-BR\CommonModule.resources.dll

MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- F:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\zlib1.dll

MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- F:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\libxml2.dll

MOD - [2010/03/11 15:41:30 | 000,040,960 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_pt-BR_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll

MOD - [2010/03/11 15:41:28 | 000,303,104 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll

MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- F:\WINDOWS\system32\cpwmon2k.dll

MOD - [2009/02/27 17:49:12 | 000,311,296 | ---- | M] () -- F:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\pdfshell.PTB

========== Services (SafeList) ==========

SRV - [2013/09/19 22:04:43 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- F:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/08/29 02:50:56 | 000,587,912 | ---- | M] (Crawler.com) [Auto | Running] -- F:\Arquivos de programas\Spyware Terminator\st_rsser.exe -- (ST2012_Svc)

SRV - [2013/08/17 09:52:22 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- F:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/07/15 11:23:42 | 000,409,640 | ---- | M] (GAS Tecnologia) [Auto | Running] -- F:\Arquivos de programas\GbPlugin\gbpsv.exe -- (GbpSv)

SRV - [2013/06/25 08:59:16 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- F:\Arquivos de programas\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2012/10/02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- F:\Documents and Settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012/08/11 16:43:06 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- F:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- F:\Arquivos de programas\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011/02/01 07:29:14 | 000,081,920 | ---- | M] (Firebird Project) [Auto | Running] -- F:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)

SRV - [2011/02/01 07:29:08 | 002,764,800 | ---- | M] (Firebird Project) [On_Demand | Running] -- F:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe -- (FirebirdServerDefaultInstance)

SRV - [2009/10/27 08:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- F:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2009/03/19 10:48:08 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- F:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)

SRV - [2009/03/19 10:44:50 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- F:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)

SRV - [2005/07/08 16:24:46 | 000,871,424 | ---- | M] (Nero AG) [Auto | Running] -- F:\Arquivos de programas\Ahead\InCD\InCDsrv.exe -- (InCDsrv)

SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- F:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Unknown] -- F:\DOCUME~1\Lucio\CONFIG~1\Temp\mbr.sys -- (mbr)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Running] -- F:\ComboFix\catchme.sys -- (catchme)

DRV - [2013/09/27 14:11:07 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\GbpNdisrd.sys -- (NdisrdMP)

DRV - [2013/09/27 14:11:07 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\GbpNdisrd.sys -- (Ndisrd)

DRV - [2013/07/01 15:40:10 | 000,047,688 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- F:\WINDOWS\system32\drivers\GbpKm.sys -- (GbpKm)

DRV - [2012/08/20 14:48:44 | 000,015,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)

DRV - [2012/08/20 14:48:44 | 000,010,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\pwdspio.sys -- (pwdspio)

DRV - [2012/07/31 07:42:48 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)

DRV - [2012/07/31 07:42:48 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)

DRV - [2011/06/21 11:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)

DRV - [2009/10/06 10:56:34 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)

DRV - [2009/10/06 10:56:32 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)

DRV - [2009/10/06 10:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2009/10/06 10:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2009/10/06 10:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2009/10/06 10:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2009/06/30 17:55:38 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2009/03/19 10:45:38 | 000,093,848 | ---- | M] (ESET) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)

DRV - [2009/03/19 10:44:34 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)

DRV - [2009/03/19 10:41:38 | 000,113,960 | ---- | M] (ESET) [File_System | On_Demand | Running] -- F:\WINDOWS\system32\drivers\eamon.sys -- (eamon)

DRV - [2008/08/26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008/06/07 14:09:04 | 000,010,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\gnome.sys -- (GNOME_R)

DRV - [2008/04/13 11:46:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\MPE.sys -- (MPE)

DRV - [2007/09/05 17:31:30 | 004,611,072 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)

DRV - [2007/08/24 19:45:22 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2007/08/03 16:31:44 | 000,018,688 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)

DRV - [2007/08/03 16:10:14 | 000,321,536 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)

DRV - [2007/05/16 12:00:00 | 000,042,368 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\SiSGbeXP.sys -- (SiSGbeXP)

DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- F:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007/01/29 20:20:04 | 000,361,728 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)

DRV - [2007/01/29 20:19:48 | 000,039,680 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)

DRV - [2007/01/23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- F:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2007/01/17 14:38:52 | 000,983,936 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\smserial.sys -- (smserial)

DRV - [2006/05/18 09:48:50 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)

DRV - [2005/07/08 16:17:56 | 000,008,704 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- F:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)

DRV - [2005/07/08 16:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- F:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)

DRV - [2005/07/08 16:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)

DRV - [2005/07/08 11:17:32 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- F:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\SearchScopes,DefaultScope =

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKCU\..\SearchScopes\{45867E36-360F-45FF-8BE4-7764C7E2E12B}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://br.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_br&p={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7BDB9127A2-3381-41ec-82B3-1B6ED4C6F29A%7D:1.0

FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.11

FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21

FF - prefs.js..extensions.enabledAddons: %7B87F8774F-B485-47E2-A755-A40A8A5E886D%7D:3.4.0

FF - prefs.js..extensions.enabledAddons: %7B0303e6fc-c062-47f1-825d-73e5e97d1d43%7D:1.133

FF - prefs.js..extensions.enabledAddons: %7B87F8774F-B485-47E2-A755-A40A8A5E886C%7D:3.4.0

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: G:\Programas\Itunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: F:\Arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: F:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: F:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Arquivos de programas\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: F:\Arquivos de programas\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: F:\Arquivos de programas\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: F:\Arquivos de programas\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Arquivos de programas\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Arquivos de programas\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: G:\Programas\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: F:\Arquivos de programas\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: F:\Arquivos de programas\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/bb: F:\Documents and Settings\Lucio\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)

FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/cef: F:\Documents and Settings\Lucio\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_cef.dll (GAS Tecnologia)

FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/isg: F:\Documents and Settings\Lucio\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_isg.dll (GAS Tecnologia)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: G:\Programas\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/01/26 14:01:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: F:\Arquivos de programas\Mozilla Firefox\components [2013/08/17 09:51:57 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: F:\Arquivos de programas\Mozilla Firefox\plugins [2013/08/17 09:52:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: G:\Programas\Mozilla Thunderbird\components [2010/07/14 16:19:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: G:\Programas\Mozilla Thunderbird\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: F:\Arquivos de programas\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/11/18 09:30:02 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886F}: F:\Documents and Settings\Lucio\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\isg\xpi [2013/05/02 14:57:26 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886D}: F:\Documents and Settings\Lucio\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\cef\xpi [2013/08/30 18:21:37 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0303e6fc-c062-47f1-825d-73e5e97d1d43}: F:\Arquivos de programas\LyricsSeeker\133.xpi [2013/09/12 00:11:44 | 000,005,792 | ---- | M] ()

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886C}: F:\Documents and Settings\Lucio\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\bb\xpi [2013/09/12 13:55:00 | 000,000,000 | ---D | M]

[2009/11/04 15:46:45 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\Lucio\Dados de aplicativos\Mozilla\Extensions

[2009/11/04 15:46:45 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\Lucio\Dados de aplicativos\Mozilla\Extensions\mozswing@mozswing.org

[2013/09/26 23:23:19 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\Lucio\Dados de aplicativos\Mozilla\Firefox\Profiles\vtr7h0vc.default\extensions

[2011/01/10 15:34:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- F:\Documents and Settings\Lucio\Dados de aplicativos\Mozilla\Firefox\Profiles\vtr7h0vc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2013/08/27 20:30:51 | 000,000,000 | ---D | M] (DownloadHelper) -- F:\Documents and Settings\Lucio\Dados de aplicativos\Mozilla\Firefox\Profiles\vtr7h0vc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010/05/20 16:51:22 | 000,000,000 | ---D | M] (flashget3 Extension) -- F:\Documents and Settings\Lucio\Dados de aplicativos\Mozilla\Firefox\Profiles\vtr7h0vc.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}

[2013/08/03 21:31:35 | 000,275,449 | ---- | M] () (No name found) -- F:\Documents and Settings\Lucio\Dados de aplicativos\Mozilla\Firefox\Profiles\vtr7h0vc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

[2010/03/24 10:42:56 | 000,057,418 | ---- | M] (flashget) (No name found) -- F:\Documents and Settings\Lucio\Dados de aplicativos\Mozilla\Firefox\Profiles\vtr7h0vc.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashGetXPI.dll

[2008/10/17 10:03:56 | 000,000,205 | ---- | M] () (No name found) -- F:\Documents and Settings\Lucio\Dados de aplicativos\Mozilla\Firefox\Profiles\vtr7h0vc.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\IFlashgetXpi.xpt

[2013/08/17 09:51:57 | 000,000,000 | ---D | M] (No name found) -- F:\Arquivos de programas\Mozilla Firefox\extensions

[2013/08/17 09:51:58 | 000,000,000 | ---D | M] (Skype Click to Call) -- F:\Arquivos de programas\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2013/08/17 09:51:55 | 000,000,000 | ---D | M] (No name found) -- F:\Arquivos de programas\Mozilla Firefox\browser\extensions

[2013/08/17 09:52:24 | 000,000,000 | ---D | M] (Default) -- F:\Arquivos de programas\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2013/09/12 00:11:44 | 000,005,792 | ---- | M] () (No name found) -- F:\ARQUIVOS DE PROGRAMAS\LYRICSSEEKER\133.XPI

File not found (No name found) -- F:\DOCUMENTS AND SETTINGS\LUCIO\CONFIGURAçÃΜES LOCAIS\DADOS DE APLICATIVOS\GAS TECNOLOGIA\GBBD\BB\XPI

File not found (No name found) -- F:\DOCUMENTS AND SETTINGS\LUCIO\CONFIGURAçÃΜES LOCAIS\DADOS DE APLICATIVOS\GAS TECNOLOGIA\GBBD\CEF\XPI

O1 HOSTS File: ([2013/09/27 14:05:11 | 000,000,027 | ---- | M]) - F:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (ssh2 Class) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - F:\Arquivos de programas\Scpad\scpsssh2.dll (Banco Bradesco S.A.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Arquivos de programas\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - F:\Documents and Settings\Lucio\Dados de aplicativos\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)

O2 - BHO: (no name) - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No CLSID value found.

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - F:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - F:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540015} - F:\Arquivos de programas\GbPlugin\gbiehIsg.dll (Infoseg - Senasp)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - G:\Programas\Orbitdownloader\GrabPro.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - G:\Programas\Orbitdownloader\GrabPro.dll ()

O4 - HKLM..\Run: [Adobe ARM] F:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] F:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [bIH] F:\WINDOWS\System32\bih.dll (Thomas Michel eMail: support.batteryinfo@arcor.de Web: http://www.batteryinfo.de.vu or http://home.arcor.de/batteryinfo)

O4 - HKLM..\Run: [bluetoothAuthenticationAgent] F:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)

O4 - HKLM..\Run: [egui] F:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4 - HKLM..\Run: [inCD] F:\Arquivos de programas\Ahead\InCD\InCD.exe (Nero AG)

O4 - HKLM..\Run: [KiesTrayAgent] G:\Programas\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKLM..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [RemoteControl] F:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

O4 - HKLM..\Run: [siSPower] F:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)

O4 - HKLM..\Run: [sMSERIAL] F:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)

O4 - HKLM..\Run: [spywareTerminatorUpdater] F:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)

O4 - HKLM..\Run: [sunJavaUpdateSched] F:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Oracle Corporation)

O4 - HKLM..\Run: [TkBellExe] F:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [DAEMON Tools Lite] G:\Programas\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKCU..\Run: [KiesPDLR] G:\Programas\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

O4 - HKCU..\Run: [KiesPreload] G:\Programas\Kies\Kies.exe (Samsung)

O4 - HKCU..\Run: [NBJ] F:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)

O4 - Startup: F:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Utility Tray.lnk = F:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)

O4 - Startup: F:\Documents and Settings\Lucio\Menu Iniciar\Programas\Inicializar\LimeWire On Startup.lnk = G:\Programas\LimeWire\LimeWire.exe (Lime Wire, LLC)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &Download by Orbit - G:\Programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: &Grab video by Orbit - G:\Programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Do&wnload selected by Orbit - G:\Programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Down&load all by Orbit - G:\Programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Download all by FlashGet3 - F:\Documents and Settings\Lucio\Dados de aplicativos\FlashGetBHO\GetAllUrl.htm ()

O8 - Extra context menu item: Download by FlashGet3 - F:\Documents and Settings\Lucio\Dados de aplicativos\FlashGetBHO\GetUrl.htm ()

O8 - Extra context menu item: 使用快车3下载 - F:\Documents and Settings\Lucio\Dados de aplicativos\FlashGetBHO\GetUrl.htm ()

O8 - Extra context menu item: 使用快车3下载全部链接 - F:\Documents and Settings\Lucio\Dados de aplicativos\FlashGetBHO\GetAllUrl.htm ()

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - F:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe (PokerStars)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - F:\Arquivos de programas\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www] * in Sites confiáveis)

O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www] http in Sites confiáveis)

O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www14] * in Sites confiáveis)

O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www14] https in Sites confiáveis)

O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www2] * in Sites confiáveis)

O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www2] https in Sites confiáveis)

O15 - HKCU\..Trusted Domains: bb.com.br ([www] * in Sites confiáveis)

O15 - HKCU\..Trusted Domains: bb.com.br ([www] http in Sites confiáveis)

O15 - HKCU\..Trusted Domains: caixa.gov.br ([]https in Sites confiáveis)

O15 - HKCU\..Trusted Domains: infoseg.gov.br ([www] http in Sites confiáveis)

O15 - HKCU\..Trusted Domains: infoseg.gov.br ([www2] https in Sites confiáveis)

O15 - HKCU\..Trusted Domains: infoseg.gov.br ([www5] https in Sites confiáveis)

O15 - HKCU\..Trusted Ranges: Range1 ([https] in Sites confiáveis)

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399015} https://www5.infoseg.gov.br/Install/GbPluginIsg.cab (GbPluginObj Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CF76CF3-519B-4C05-968C-77C1665B1C31}: DhcpNameServer = 192.168.42.129

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78240407-D696-4F6C-B6A0-F520D83EC98C}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - F:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (F:\WINDOWS\system32\userinit.exe) - F:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ GbPluginBb: DllName - (F:\Arquivos de programas\GbPlugin\gbieh.dll) - F:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

O20 - Winlogon\Notify\ GbPluginCef: DllName - (F:\Arquivos de programas\GbPlugin\gbiehCef.dll) - F:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O20 - Winlogon\Notify\ GbPluginIsg: DllName - (F:\ARQUIV~1\GbPlugin\gbiehIsg.dll) - F:\Arquivos de programas\GbPlugin\gbiehIsg.dll (Infoseg - Senasp)

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - F:\Arquivos de programas\Scpad\scpLIB.dll (Banco Bradesco S.A.)

O22 - SharedTaskScheduler: {A3717295-941D-416F-9384-ED1736729F1C} - scpLIB - F:\Arquivos de programas\Scpad\scpLIB.dll (Banco Bradesco S.A.)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O24 - Desktop WallPaper: F:\WINDOWS\Web\Wallpaper\Alegria.bmp

O24 - Desktop BackupWallPaper: F:\WINDOWS\Web\Wallpaper\Alegria.bmp

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - F:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399015} - F:\Arquivos de programas\GbPlugin\gbiehIsg.dll (Infoseg - Senasp)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - F:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus estender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus estender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus estender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus estender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Processamento de gráficos vetoriais (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Ligação de dados de HTML dinâmico para Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Cancelar inscrição

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {423290D4-DC50-48FA-9871-9D61FCAD7C13} - .NET Framework

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Criação avançada

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection F:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes DirectAnimation para Java

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection F:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Pastas da Web

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - F:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - F:\WINDOWS\system32\Rundll32.exe F:\WINDOWS\system32\mscories.dll,Install

ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0} - Microsoft .NET Framework 1.1 Security Update (KB2833941)

ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Agendador de tarefas

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - F:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - F:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - F:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "F:\WINDOWS\system32\rundll32.exe" "F:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - F:\WINDOWS\System32\ac3acm.acm (fccHandler)

Drivers32: msacm.ac3filter - F:\WINDOWS\System32\ac3filter.acm ()

Drivers32: msacm.iac2 - F:\\WINDOWS\\system32\\iac25_32.ax ()

Drivers32: msacm.l3acm - F:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lameacm - F:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)

Drivers32: MSACM.LHACM - F:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)

Drivers32: msacm.sl_anet - F:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - F:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: msacm.voxacm160 - F:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)

Drivers32: MSVideo - F:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - F:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - F:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.DIVX - F:\WINDOWS\System32\divx.dll (DivX, Inc.)

Drivers32: VIDC.DRAW - DVIDEO.DLL File not found

Drivers32: VIDC.FFDS - F:\WINDOWS\System32\ff_vfw.dll ()

Drivers32: VIDC.FPS1 - frapsvid.dll File not found

Drivers32: VIDC.I420 - i420vfw.dll File not found

Drivers32: vidc.iv31 - F:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - F:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - F:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - F:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: VIDC.MSUD - msulvc05.dll File not found

Drivers32: VIDC.TR20 - F:\WINDOWS\System32\tr2032.dll (The Duck Corporation)

Drivers32: VIDC.VDOM - F:\WINDOWS\System32\vdowave.drv (VDOnet LTD..)

Drivers32: vidc.vivo - F:\WINDOWS\System32\ivvideo.dll (Vivo Software)

Drivers32: VIDC.VP40 - vp4vfw.dll File not found

Drivers32: vidc.VP60 - vp6vfw.dll File not found

Drivers32: vidc.VP61 - vp6vfw.dll File not found

Drivers32: vidc.VP62 - vp6vfw.dll File not found

Drivers32: vidc.VP70 - vp7vfw.dll File not found

Drivers32: VIDC.WMV3 - wmv9vcm.dll File not found

Drivers32: vidc.X264 - x264vfw.dll File not found

Drivers32: VIDC.XVID - F:\WINDOWS\System32\xvidvfw.dll ()

Drivers32: VIDC.YV12 - F:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/27 14:24:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\Lucio\Desktop\OTL.exe

[2013/09/27 14:11:43 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- F:\WINDOWS\System32\drivers\PROCEXP113.SYS

[2013/09/25 12:12:22 | 005,129,766 | R--- | C] (Swearware) -- F:\Documents and Settings\Lucio\Desktop\ComboFix.exe

[2013/09/25 12:12:03 | 001,030,038 | ---- | C] (Thisisu) -- F:\Documents and Settings\Lucio\Desktop\JRT.exe

[2013/09/24 18:58:23 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Lucio\Desktop\HijackThis

[2013/09/24 18:57:11 | 000,147,456 | ---- | C] (Eric_71) -- F:\Documents and Settings\Lucio\Desktop\MbrScan.exe

[2013/09/24 18:56:37 | 000,358,923 | ---- | C] (Farbar) -- F:\Documents and Settings\Lucio\Desktop\FSS.exe

[2013/09/18 19:56:23 | 000,688,992 | R--- | C] (Swearware) -- F:\Documents and Settings\Lucio\Desktop\dds.com

[2013/09/18 13:19:30 | 000,000,000 | RHSD | C] -- F:\cmdcons

[2013/09/18 13:14:06 | 000,518,144 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWREG.exe

[2013/09/18 13:14:06 | 000,406,528 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWSC.exe

[2013/09/18 13:14:06 | 000,212,480 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWXCACLS.exe

[2013/09/18 13:14:06 | 000,060,416 | ---- | C] (NirSoft) -- F:\WINDOWS\NIRCMD.exe

[2013/09/18 13:10:41 | 000,000,000 | ---D | C] -- F:\Qoobox

[2013/09/18 13:10:23 | 000,000,000 | ---D | C] -- F:\WINDOWS\erdnt

[2013/09/17 19:53:41 | 000,000,000 | ---D | C] -- F:\WINDOWS\ERUNT

[2013/09/17 19:27:42 | 000,000,000 | ---D | C] -- F:\AdwCleaner

[2013/09/17 19:17:58 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Lucio\Desktop\RK_Quarantine

[2013/09/17 18:30:50 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Malwarebytes

[2013/09/17 18:30:34 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware

[2013/09/17 18:30:33 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

[2013/09/17 18:30:31 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbam.sys

[2013/09/17 18:30:31 | 000,000,000 | ---D | C] -- F:\Arquivos de programas\Malwarebytes' Anti-Malware

[2013/09/17 17:12:01 | 000,000,000 | ---D | C] -- F:\TDSSKiller_Quarantine

[2013/09/12 20:26:38 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Spyware Terminator

[2013/09/12 20:26:38 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

[2013/09/12 20:26:36 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Menu Iniciar\Programas\Spyware Terminator 2012

[2013/09/12 20:26:35 | 000,000,000 | ---D | C] -- F:\Arquivos de programas\Spyware Terminator

[2013/09/12 00:11:44 | 000,000,000 | ---D | C] -- F:\Arquivos de programas\LyricsSeeker

[2013/09/10 15:11:02 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Lucio\Meus documentos\Fatura Belo Dente

[4 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/27 14:25:11 | 000,145,357 | ---- | M] () -- F:\Documents and Settings\Lucio\Desktop\OTL image.jpg

[2013/09/27 14:24:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Lucio\Desktop\OTL.exe

[2013/09/27 14:11:43 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- F:\WINDOWS\System32\drivers\PROCEXP113.SYS

[2013/09/27 14:11:07 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) -- F:\WINDOWS\System32\drivers\GbpNdisrd.sys

[2013/09/27 14:11:05 | 000,001,070 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/09/27 14:05:11 | 000,000,027 | ---- | M] () -- F:\WINDOWS\System32\drivers\etc\hosts

[2013/09/27 14:03:39 | 000,001,066 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/09/27 14:02:24 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat

[2013/09/27 14:02:12 | 3203,575,808 | -HS- | M] () -- F:\hiberfil.sys

[2013/09/27 13:48:06 | 005,129,766 | R--- | M] (Swearware) -- F:\Documents and Settings\Lucio\Desktop\ComboFix.exe

[2013/09/27 13:03:00 | 000,000,902 | ---- | M] () -- F:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/09/27 11:44:12 | 000,002,262 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl

[2013/09/25 21:33:07 | 000,002,315 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Skype.lnk

[2013/09/25 12:48:20 | 001,042,066 | ---- | M] () -- F:\Documents and Settings\Lucio\Desktop\adwcleaner.exe

[2013/09/25 00:05:44 | 000,044,469 | ---- | M] () -- F:\Documents and Settings\Lucio\Meus documentos\Boleto Lucas ufmg.pdf

[2013/09/24 19:03:48 | 000,000,512 | ---- | M] () -- F:\Documents and Settings\Lucio\Desktop\Dump_Hdd0_DR0.mbr

[2013/09/24 18:57:11 | 000,147,456 | ---- | M] (Eric_71) -- F:\Documents and Settings\Lucio\Desktop\MbrScan.exe

[2013/09/24 18:56:37 | 000,358,923 | ---- | M] (Farbar) -- F:\Documents and Settings\Lucio\Desktop\FSS.exe

[2013/09/22 04:38:24 | 001,030,038 | ---- | M] (Thisisu) -- F:\Documents and Settings\Lucio\Desktop\JRT.exe

[2013/09/19 22:04:40 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- F:\WINDOWS\System32\FlashPlayerApp.exe

[2013/09/19 22:04:40 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- F:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2013/09/18 19:02:12 | 000,688,992 | R--- | M] (Swearware) -- F:\Documents and Settings\Lucio\Desktop\dds.com

[2013/09/18 14:16:25 | 000,377,856 | ---- | M] () -- F:\Documents and Settings\Lucio\Desktop\p9ff6wec.exe

[2013/09/18 13:19:33 | 000,000,327 | RHS- | M] () -- F:\boot.ini

[2013/09/17 18:30:34 | 000,000,840 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013/09/17 16:50:16 | 000,000,664 | ---- | M] () -- F:\WINDOWS\System32\d3d9caps.dat

[2013/09/13 11:37:07 | 000,000,040 | ---- | M] () -- F:\Documents and Settings\Lucio\Dados de aplicativos\cdr.ini

[2013/09/13 11:04:47 | 000,268,600 | ---- | M] () -- F:\WINDOWS\System32\FNTCACHE.DAT

[2013/09/13 09:42:21 | 000,001,374 | ---- | M] () -- F:\WINDOWS\imsins.BAK

[2013/09/12 20:26:36 | 000,000,765 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Spyware Terminator 2012.lnk

[2013/09/12 13:55:04 | 000,018,244 | ---- | M] () -- F:\Documents and Settings\Lucio\Dados de aplicativos\unins002.dat

[2013/09/10 17:42:50 | 000,079,360 | ---- | M] () -- F:\Documents and Settings\Lucio\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013/09/10 16:38:32 | 000,000,116 | ---- | M] () -- F:\WINDOWS\NeroDigital.ini

[2013/09/10 14:50:59 | 000,423,919 | ---- | M] () -- F:\Documents and Settings\Lucio\Meus documentos\DSC00594_Red2.JPG

[2013/09/10 14:48:11 | 001,194,513 | ---- | M] () -- F:\Documents and Settings\Lucio\Meus documentos\DSC00594_Red.JPG

[2013/08/30 18:21:40 | 000,013,831 | ---- | M] () -- F:\Documents and Settings\Lucio\Dados de aplicativos\unins001.dat

[4 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/27 14:25:09 | 000,145,357 | ---- | C] () -- F:\Documents and Settings\Lucio\Desktop\OTL image.jpg

[2013/09/25 12:48:20 | 001,042,066 | ---- | C] () -- F:\Documents and Settings\Lucio\Desktop\adwcleaner.exe

[2013/09/25 00:05:41 | 000,044,469 | ---- | C] () -- F:\Documents and Settings\Lucio\Meus documentos\Boleto Lucas ufmg.pdf

[2013/09/24 19:03:03 | 000,000,512 | ---- | C] () -- F:\Documents and Settings\Lucio\Desktop\Dump_Hdd0_DR0.mbr

[2013/09/18 14:16:16 | 000,377,856 | ---- | C] () -- F:\Documents and Settings\Lucio\Desktop\p9ff6wec.exe

[2013/09/18 13:19:33 | 000,000,210 | ---- | C] () -- F:\Boot.bak

[2013/09/18 13:19:31 | 000,261,856 | RHS- | C] () -- F:\cmldr

[2013/09/18 13:14:06 | 000,256,000 | ---- | C] () -- F:\WINDOWS\PEV.exe

[2013/09/18 13:14:06 | 000,208,896 | ---- | C] () -- F:\WINDOWS\MBR.exe

[2013/09/18 13:14:06 | 000,098,816 | ---- | C] () -- F:\WINDOWS\sed.exe

[2013/09/18 13:14:06 | 000,080,412 | ---- | C] () -- F:\WINDOWS\grep.exe

[2013/09/18 13:14:06 | 000,068,096 | ---- | C] () -- F:\WINDOWS\zip.exe

[2013/09/17 18:30:34 | 000,000,840 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013/09/12 20:26:39 | 000,032,768 | ---- | C] () -- F:\WINDOWS\System32\drivers\sp_rsdrv2.sys

[2013/09/12 20:26:36 | 000,000,765 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Spyware Terminator 2012.lnk

[2013/09/12 13:55:00 | 000,018,244 | ---- | C] () -- F:\Documents and Settings\Lucio\Dados de aplicativos\unins002.dat

[2013/09/10 14:50:59 | 000,423,919 | ---- | C] () -- F:\Documents and Settings\Lucio\Meus documentos\DSC00594_Red2.JPG

[2013/09/10 14:48:10 | 001,194,513 | ---- | C] () -- F:\Documents and Settings\Lucio\Meus documentos\DSC00594_Red.JPG

[2013/08/30 18:21:37 | 000,013,831 | ---- | C] () -- F:\Documents and Settings\Lucio\Dados de aplicativos\unins001.dat

[2013/08/16 19:10:11 | 000,000,040 | ---- | C] () -- F:\Documents and Settings\Lucio\Dados de aplicativos\cdr.ini

[2013/07/11 10:22:13 | 000,569,528 | ---- | C] () -- F:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat

[2013/05/02 14:57:26 | 000,717,985 | ---- | C] () -- F:\Documents and Settings\Lucio\Dados de aplicativos\unins000.exe

[2013/05/02 14:57:26 | 000,011,281 | ---- | C] () -- F:\Documents and Settings\Lucio\Dados de aplicativos\unins000.dat

[2013/04/19 16:46:14 | 000,000,176 | ---- | C] () -- F:\WINDOWS\REC-NET.INI

[2013/01/31 10:00:43 | 000,905,290 | R--- | C] () -- F:\WINDOWS\System32\libmmd.dll

[2012/08/28 10:04:34 | 000,081,920 | ---- | C] () -- F:\WINDOWS\System32\issacapi_bs-2.3.dll

[2012/08/28 10:04:34 | 000,065,536 | ---- | C] () -- F:\WINDOWS\System32\issacapi_pe-2.3.dll

[2012/08/28 10:04:34 | 000,057,344 | ---- | C] () -- F:\WINDOWS\System32\issacapi_se-2.3.dll

[2012/08/28 10:04:34 | 000,030,568 | ---- | C] () -- F:\WINDOWS\MusiccityDownload.exe

[2012/08/28 10:04:32 | 000,974,848 | ---- | C] () -- F:\WINDOWS\System32\cis-2.4.dll

[2012/04/25 18:14:41 | 000,000,533 | ---- | C] () -- F:\WINDOWS\eReg.dat

[2012/02/16 08:31:41 | 000,003,072 | ---- | C] () -- F:\WINDOWS\System32\iacenc.dll

[2011/01/27 11:09:23 | 000,000,148 | ---- | C] () -- F:\Documents and Settings\Lucio\acesso.serpro.gov.br.HOD.LOC

[2010/06/22 17:53:14 | 000,002,528 | ---- | C] () -- F:\Documents and Settings\Lucio\Dados de aplicativos\$_hpcst$.hpc

[2009/12/07 21:45:41 | 000,040,960 | ---- | C] () -- F:\Arquivos de programas\Uninstall_CDS.exe

[2009/09/30 10:20:24 | 000,079,360 | ---- | C] () -- F:\Documents and Settings\Lucio\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/07/02 18:26:31 | 000,000,138 | ---- | C] () -- F:\Documents and Settings\Lucio\Configurações locais\Dados de aplicativos\fusioncache.dat

========== ZeroAccess Check ==========

[2009/07/02 17:50:28 | 000,000,227 | RHS- | M] () -- F:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:20:42 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:53:26 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:20:42 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2012/10/02 12:10:22 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2011/03/23 20:07:57 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\3DVIA

[2012/05/29 14:57:29 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\Battle.net

[2012/04/25 17:34:23 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\DAEMON Tools Lite

[2012/04/16 22:03:08 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\EPSON

[2009/11/18 09:30:00 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\ESET

[2013/05/02 14:57:27 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\GAS Tecnologia

[2013/09/10 13:12:48 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

[2010/01/26 13:59:28 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\Installations

[2010/01/26 10:31:56 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\Nokia

[2012/07/23 08:29:35 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\PC Drivers HeadQuarters Inc

[2010/01/26 14:05:02 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\PC Suite

[2012/09/23 11:29:05 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\Samsung

[2013/09/23 23:31:30 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

[2012/04/27 20:58:19 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\AnvSoft

[2012/08/16 16:26:02 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\BITS

[2012/04/25 17:50:47 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\DAEMON Tools Lite

[2010/02/23 14:18:14 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Docx2Rtf

[2013/08/16 19:10:11 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Eusing

[2010/05/20 16:50:15 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\FlashGet

[2010/05/20 16:50:06 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\FlashGetBHO

[2010/04/26 11:58:57 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Foxit Software

[2013/05/04 15:08:03 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\FreeAudioPack

[2012/07/23 08:27:13 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\GetRightToGo

[2009/07/01 13:28:12 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\GrabPro

[2013/03/01 10:28:11 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\LimeWire

[2012/07/15 18:46:49 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Logia

[2011/12/10 18:53:13 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Mouse Recorder Pro

[2012/01/05 10:50:41 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Nokia

[2010/02/23 14:22:09 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\NwDocx

[2012/10/31 23:40:44 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Orbit

[2011/11/29 12:51:44 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\PC Suite

[2011/12/06 13:00:19 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Razor

[2013/04/13 18:43:39 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Samsung

[2013/09/27 14:10:48 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Scpad

[2013/07/18 23:57:13 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Splitscreen Studios

[2013/09/12 20:26:38 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Spyware Terminator

[2010/05/28 09:38:04 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Thunderbird

[2013/09/01 01:33:12 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\uTorrent

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: ATAPI.SYS >

[2004/08/03 22:55:42 | 018,785,713 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2008/04/13 19:34:10 | 020,099,802 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008/04/13 19:34:10 | 020,099,802 | ---- | M] () .cab file -- F:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- F:\WINDOWS\erdnt\cache\atapi.sys

[2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- F:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- F:\WINDOWS\system32\drivers\atapi.sys

[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- F:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >

[2008/04/13 19:20:28 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- F:\WINDOWS\erdnt\cache\eventlog.dll

[2008/04/13 19:20:28 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- F:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/13 19:20:28 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- F:\WINDOWS\system32\eventlog.dll

[2004/08/03 22:45:22 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=BD18C87A4E1EA136C44D374296B981DC -- F:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >

[2008/04/13 19:20:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- F:\WINDOWS\erdnt\cache\netlogon.dll

[2008/04/13 19:20:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- F:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/13 19:20:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- F:\WINDOWS\system32\netlogon.dll

[2004/08/03 22:45:26 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=82777C1BE8E9F0B1574DAC5BC29C7D6F -- F:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >

[2008/04/13 19:20:42 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- F:\WINDOWS\erdnt\cache\scecli.dll

[2008/04/13 19:20:42 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- F:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/13 19:20:42 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- F:\WINDOWS\system32\scecli.dll

[2004/08/03 22:45:26 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=E95230A31F912E07B19F8335D4DFF110 -- F:\WINDOWS\$NtServicePackUninstall$\scecli.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 412 bytes -> F:\WINDOWS\System32\drivers:GbpKmAp.lst

< End of report >

OTL Extras logfile created on: 27/9/2013 14:29:26 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = F:\Documents and Settings\Lucio\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

2,98 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 78,84% Memory free

4,83 Gb Paging File | 4,31 Gb Available in Paging File | 89,42% Paging File free

Paging file location(s): F:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Arquivos de programas

Drive C: | 19,80 Gb Total Space | 19,71 Gb Free Space | 99,52% Space Free | Partition Type: NTFS

Drive F: | 47,18 Gb Total Space | 16,36 Gb Free Space | 34,68% Space Free | Partition Type: NTFS

Drive G: | 231,11 Gb Total Space | 43,11 Gb Free Space | 18,65% Space Free | Partition Type: NTFS

Computer Name: NOTEBOSS | User Name: Lucio | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- F:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "G:\Programas\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [mega] -- "G:\Programas\Megacubo\megacubo.exe" "%1" (www.megacubo.net )

Directory [PlayWithVLC] -- "G:\Programas\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"UpdatesDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"G:\Programas\Orbitdownloader\orbitdm.exe" = G:\Programas\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

"G:\Programas\Orbitdownloader\orbitnet.exe" = G:\Programas\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

"G:\Games\EA Games\Ultima Online Mondain's Legacy\client.exe" = G:\Games\EA Games\Ultima Online Mondain's Legacy\client.exe:*:Enabled:Ultima Online Client -- (Electronic Arts)

"G:\Programas\realplay.exe" = G:\Programas\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)

"F:\Arquivos de programas\Messenger\msmsgs.exe" = F:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"G:\Programas\LimeWire\LimeWire.exe" = G:\Programas\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)

"F:\Arquivos de programas\Nokia\Nokia Software Updater\nsu_ui_client.exe" = F:\Arquivos de programas\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)

"F:\Arquivos de programas\Arquivos comuns\Nokia\Service Layer\A\nsl_host_process.exe" = F:\Arquivos de programas\Arquivos comuns\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)

"F:\Arquivos de programas\TrackMaker\trackmaker.exe" = F:\Arquivos de programas\TrackMaker\trackmaker.exe:*:Enabled:GPS TrackMaker -- (Geo Studio Technology)

"G:\Programas\FlashGet\FlashGet3.exe" = G:\Programas\FlashGet\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)

"F:\Arquivos de programas\Google\Google Earth\client\googleearth.exe" = F:\Arquivos de programas\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)

"F:\Arquivos de programas\Google\Google Earth\plugin\geplugin.exe" = F:\Arquivos de programas\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)

"G:\Programas\Megacubo\megacubo.exe" = G:\Programas\Megacubo\megacubo.exe:*:Enabled:MegaCubo -- (www.megacubo.net )

"G:\Programas\Ares\Ares.exe" = G:\Programas\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group)

"F:\Arquivos de programas\uTorrent\uTorrent.exe" = F:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

"F:\Documents and Settings\All Users\Dados de aplicativos\Battle.net\Agent\Agent.524\Agent.exe" = F:\Documents and Settings\All Users\Dados de aplicativos\Battle.net\Agent\Agent.524\Agent.exe:*:Enabled:Blizzard Agent -- (Blizzard Entertainment)

"F:\Documents and Settings\All Users\Dados de aplicativos\Battle.net\Agent\Agent.976\Agent.exe" = F:\Documents and Settings\All Users\Dados de aplicativos\Battle.net\Agent\Agent.976\Agent.exe:*:Enabled:Blizzard Agent -- (Blizzard Entertainment)

"F:\WINDOWS\system32\muzapp.exe" = F:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)

"F:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\WebKit2WebProcess.exe" = F:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

"F:\Arquivos de programas\Bonjour\mDNSResponder.exe" = F:\Arquivos de programas\Bonjour\mDNSResponder.exe:*:Enabled:Serviço do Bonjour -- (Apple Inc.)

"G:\Programas\Itunes\iTunes.exe" = G:\Programas\Itunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"G:\Games\Electronic Arts\Ultima Online Classic\client.exe" = G:\Games\Electronic Arts\Ultima Online Classic\client.exe:*:Enabled:Ultima Online Client -- (Electronic Arts)

"F:\Arquivos de programas\Skype\Phone\Skype.exe" = F:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

"F:\Arquivos de programas\Java\jre7\launch4j-tmp\IRPF2013.exe" = F:\Arquivos de programas\Java\jre7\launch4j-tmp\IRPF2013.exe:*:Enabled:Java Platform SE binary -- (Oracle Corporation)

"F:\Arquivos de programas\Spyware Terminator\SpywareTerminator.exe" = F:\Arquivos de programas\Spyware Terminator\SpywareTerminator.exe:*:Enabled:Spyware Terminator 2012 -- (Crawler.com)

"F:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe" = F:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Spyware Terminator 2012 -- (Crawler.com)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1" = MiniTool Partition Wizard Home Edition 7.6

"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool

"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes

"{1B999B2F-D41B-48C8-B738-B1E806EB19C3}" = Gnome-P

"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher

"{24e9a4c4-d9f7-4704-a3ab-30c993f9856f}" = Lyrics Seeker

"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25

"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2

"{33FA968D-199B-4FDB-865C-A507BE34CDD7}" = Windows Communication Foundation Language Pack - PTB

"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3717C4F2-7412-4793-9BB8-D73D2817B3D6}" = USB TV Device Driver

"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor

"{41E57D2A-F778-4183-B1F7-A4A5FDF0E896}" = GrabBee

"{423290D4-DC50-48FA-9871-9D61FCAD7C13}" = Microsoft .NET Framework 2.0 Language Pack - PTB

"{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader

"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4AA1480E-2789-47F2-8963-C5AAB60C563E}" = GPS TrackMaker

"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater

"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0

"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01

"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Suporte para Aplicativos Apple

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6869591A-7DD8-46D2-837F-57CBF7358955}" = Nokia Connectivity Cable Driver

"{6A288CAE-32D0-4CA7-8166-210D380A8045}" = Windows Workflow Foundation BR Language Pack

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III

"{7BF68B83-5057-4D4B-0093-28285EEB9EE3}" = Harry Potter II

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{889E44CE-435C-4D37-B302-A7E43339E5FA}_is1" = Mouse Recorder Pro 2.0.7.0

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8b946cde-b77f-4c82-a32a-6575bf23b535}_is1" = GBBD Infoseg - Senasp

"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003

"{90120000-0020-0416-0000-0000000FF1CE}" = Pacote de Compatibilidade para o sistema Office 2007

"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite

"{93676FC6-C7DB-45A6-A62B-74A324F17313}" = Windows Presentation Foundation Language Pack (PTB)

"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth

"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A695A485-F20B-48C4-9048-6316EF2209FE}" = Mapa do Brasil 1.9

"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe

"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries

"{A9C543B9-28D8-46E5-8772-7821A70A4FA3}" = GeoSentinel

"{AC76BA86-7AD7-1046-7B44-A95000000001}" = Adobe Reader 9.5.4 - Português

"{B2F04AF7-A741-42EA-8B11-B65D7168DDEA}" = Foxit Reader

"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer

"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287

"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C124BC7E-1C94-44C7-A8CA-70D10644FB05}" = Intellex Player

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support

"{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration

"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0

"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver

"{DF7B213D-2065-41ED-BB51-7A3EED31EA7B}" = Ultima Online: Mondain's Legacy

"{E1439F12-82DB-4236-8200-22BECCAFD735}" = Broadcom 802.11g Network Adapter

"{EA901E9F-6204-4974-8530-CA87F24DA464}" = USB2.0 UVC WebCam

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F407D6FB-D3AD-44CC-B77B-5B3F0FF1F22C}" = Microsoft .NET Framework 3.0 Brazilian Portuguese Language Pack

"{FE9C13F6-6BBD-47D3-B939-F7E061BC4930}" = ESET NOD32 Antivirus

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"05B59228C7E1C21DFBE89260F879BD95880548D8" = Pacote de Driver do Windows - Nokia Modem (10/05/2009 4.2)

"504244733D18C8F63FF584AEB290E3904E791693" = Pacote de Driver do Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)

"7-Zip" = 7-Zip 4.65

"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Pacote de Driver do Windows - Nokia Modem (06/01/2009 7.01.0.4)

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Ares" = Ares 2.1.7

"Audacity_is1" = Audacity 1.2.6

"BatteryInfo" = Notebook BatteryInfo

"Codec_is1" = Codec 8.3q

"CutePDF Writer Installation" = CutePDF Writer 2.8

"DVD Decrypter" = DVD Decrypter (Remove Only)

"DVD Shrink_is1" = DVD Shrink 3.2

"ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5" = Receitanet

"EPSON TX133 TX135 Series" = Desinstalar impressora EPSON TX133 TX135 Series

"FBDBServer_2_1_is1" = Firebird 2.1.4.18393 (Win32)

"FlashGet 3.5" = FlashGet 3.5

"Foxit Creator" = Foxit Creator

"Free CD to MP3 Converter" = Free CD to MP3 Converter

"FTDICOMM" = FTDI USB Serial Converter Drivers

"GR8 Clientes Grátis" = GR8 Clientes Grátis

"HijackThis" = HijackThis 1.99.1

"ie8" = Windows Internet Explorer 8

"InCD!UninstallKey" = InCD

"InstallShield_{41E57D2A-F778-4183-B1F7-A4A5FDF0E896}" = GrabBee

"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III

"InstallShield_{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration

"InstallShield_{E1439F12-82DB-4236-8200-22BECCAFD735}" = Broadcom 802.11g Network Adapter

"IRPF2009 - Declaração de Ajuste Anual e Final de Espólio" = IRPF2009 - Declaração de Ajuste Anual e Final de Espólio

"IRPF2011" = IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

"IRPF2012" = IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

"IRPF2013" = IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

"KASHU_UsbEnterVer.2.1.1" = USB Flash Security Ver.2.1.1

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.3.0

"LimeWire" = LimeWire 5.3.6

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.75.0.1300

"Megacubo_is1" = Megacubo 7.5.0

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0 Language Pack - PTB" = Microsoft .NET Framework 2.0 Language Pack - PTB

"Microsoft .NET Framework 3.0 Brazilian Portuguese Language Pack" = Pacote de Idiomas do Português (Brasil) para Microsoft .NET Framework 3.0

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft NetShow Tools 2.0" = Windows Media Tools 4.0

"Mozilla Firefox 23.0.1 (x86 pt-BR)" = Mozilla Firefox 23.0.1 (x86 pt-BR)

"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Nero - Burning Rom!UninstallKey" = Nero OEM

"Nokia Maps Updater_is1" = Nokia Maps Updater 1.0.12

"Nokia PC Suite" = Nokia PC Suite

"Orbit_is1" = Orbit Downloader

"pcsx2-r3113" = PCSX2 - Playstation 2 Emulator

"PokerStars" = PokerStars

"RealPlayer 12.0" = RealPlayer

"RealPlayer 6.0" = RealPlayer

"SiS VGA Driver" = SiS VGA Utilities

"SMSERIAL" = Motorola SM56 Data Fax Modem

"Ultima Online Classic" = Ultima Online Classic Client

"uTorrent" = µTorrent

"VLC media player" = VLC media player 2.0.5

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"Windows XP Service Pack" = Windows XP Service Pack 3

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Steel Legions" = Steel Legions

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 26/9/2013 16:47:50 | Computer Name = NOTEBOSS | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 9637172

Error - 26/9/2013 16:47:52 | Computer Name = NOTEBOSS | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 26/9/2013 16:47:52 | Computer Name = NOTEBOSS | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 9639125

Error - 26/9/2013 16:47:52 | Computer Name = NOTEBOSS | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 9639125

Error - 26/9/2013 16:47:54 | Computer Name = NOTEBOSS | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 26/9/2013 16:47:54 | Computer Name = NOTEBOSS | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 9641093

Error - 26/9/2013 16:47:54 | Computer Name = NOTEBOSS | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 9641093

Error - 26/9/2013 19:39:49 | Computer Name = NOTEBOSS | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 26/9/2013 19:39:49 | Computer Name = NOTEBOSS | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 19956859

Error - 26/9/2013 19:39:49 | Computer Name = NOTEBOSS | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 19956859

[ System Events ]

Error - 25/9/2013 12:05:19 | Computer Name = NOTEBOSS | Source = Service Control Manager | ID = 7034

Description = O serviço InCD Helper foi encerrado inesperadamente. Isso aconteceu

1 vez(es).

Error - 25/9/2013 12:05:20 | Computer Name = NOTEBOSS | Source = Service Control Manager | ID = 7031

Description = O serviço Gbp Service foi finalizado inesperadamente. Isto aconteceu

2 vez(es). A seguinte ação corretiva será tomada em 1000 milissegundos: Reiniciar

o serviço.

Error - 25/9/2013 13:14:03 | Computer Name = NOTEBOSS | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 25/9/2013 13:21:17 | Computer Name = NOTEBOSS | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 25/9/2013 13:30:11 | Computer Name = NOTEBOSS | Source = Service Control Manager | ID = 7034

Description = O serviço Skype C2C Service foi encerrado inesperadamente. Isso aconteceu

1 vez(es).

Error - 25/9/2013 13:42:47 | Computer Name = NOTEBOSS | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 26/9/2013 08:35:11 | Computer Name = NOTEBOSS | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 27/9/2013 10:44:02 | Computer Name = NOTEBOSS | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 27/9/2013 12:48:49 | Computer Name = NOTEBOSS | Source = Service Control Manager | ID = 7034

Description = O serviço Skype C2C Service foi encerrado inesperadamente. Isso aconteceu

1 vez(es).

Error - 27/9/2013 13:02:42 | Computer Name = NOTEBOSS | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro lucio.lfv

Cadê o print?

Novamente com o OTL

  • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
  • Copie e cole o conteúdo abaixo, no espaço logo após 5369460409_ee749edc8e_m.jpg

:OTL
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{45867E36-360F-45FF-8BE4-7764C7E2E12B}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://br.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_br&p={searchTerms}

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" =-
"2869:TCP" =-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"1900:UDP" =-
"2869:TCP" =-

:Commands
[purity]
[emptyflash]
[createrestorepoint]
[emptytemp]

  • Clique no botão 5370056394_358505935a_m.jpg
  • Quando reiniciar vai aparecer uma janela, clique em executar;
  • Salve (arquivo > salvar como) o log no desktop com um nome que desejar;
  • Poste o conteúdo desse log em sua próxima resposta.
  • Atenção: se fechar o log sem ter salvo antes ele sumirá.
  • Abra novamente o OTL e clique no botão 5370056476_bf9f840a51_m.jpg
  • Não interrompa o scan em hipótese algum;
  • Quando terminar será gerado o OTL.txt;
  • Poste mais este log em sua próxima resposta o log gerado.

Observação: Se por acaso perder o log depois do reinício do computador você poderá acessá-lo na pasta C:\_OTL\Moved Files

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
Caro lucio.lfv

Cadê o print?

Desculpe Diego, não tinha visto o pedido do print, segue abaixo:

Redirecionamento_ici_menor.jpg

Não sei se tem algum interesse mas andei registrando algumas url's que aparecem na barra de status do firefox, em praticamente todas as páginas navegadas (enviando, lendo, aguardando resposta):

intext.nav-links.com

ad.yeldmanager.com

ici.resynccdn.net

www.superfish.com

dej.drivejs.net

Daqui a pouco posto os resultados solicitados.

Grato.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Diego,

seguem os logs solicitados. Detalhe: pela segunda vez, o processo de reinicialização do OTL não se completa sozinho. Fica horas depois apaga e tela e trava ligado, me obrigando a fazer um shutdown forçado.

Aguardo e agradeço.

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{45867E36-360F-45FF-8BE4-7764C7E2E12B}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45867E36-360F-45FF-8BE4-7764C7E2E12B}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List not found.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List not found.

========== COMMANDS ==========

[EMPTYFLASH]

User: Administrador

User: All Users

User: Convidado

->Flash cache emptied: 8677 bytes

User: Default User

User: LocalService

User: Lucio

->Flash cache emptied: 57086 bytes

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: Administrador

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Convidado

->Temp folder emptied: 3909278 bytes

->Temporary Internet Files folder emptied: 55585818 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 695941962 bytes

->Google Chrome cache emptied: 235604529 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: LocalService

->Temp folder emptied: 65748 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: Lucio

->Temp folder emptied: 713626 bytes

->Temporary Internet Files folder emptied: 4776855 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 228630189 bytes

->Flash cache emptied: 0 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2134162 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 255 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.171,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 09302013_225148

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL logfile created on: 1/10/2013 00:15:25 - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = F:\Documents and Settings\Lucio\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

2,98 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 69,06% Memory free

4,83 Gb Paging File | 3,96 Gb Available in Paging File | 81,98% Paging File free

Paging file location(s): F:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Arquivos de programas

Drive C: | 19,80 Gb Total Space | 19,71 Gb Free Space | 99,52% Space Free | Partition Type: NTFS

Drive F: | 47,18 Gb Total Space | 17,22 Gb Free Space | 36,51% Space Free | Partition Type: NTFS

Drive G: | 231,11 Gb Total Space | 43,02 Gb Free Space | 18,61% Space Free | Partition Type: NTFS

Computer Name: NOTEBOSS | User Name: Lucio | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/30 20:04:14 | 000,274,840 | ---- | M] (Mozilla Corporation) -- F:\Arquivos de programas\Mozilla Firefox\firefox.exe

PRC - [2013/09/27 14:24:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Lucio\Desktop\OTL.exe

PRC - [2013/08/29 02:50:56 | 000,587,912 | ---- | M] (Crawler.com) -- F:\Arquivos de programas\Spyware Terminator\st_rsser.exe

PRC - [2013/07/15 11:23:42 | 000,409,640 | ---- | M] (GAS Tecnologia) -- F:\Arquivos de programas\GbPlugin\gbpsv.exe

PRC - [2013/06/25 08:59:16 | 000,182,184 | ---- | M] (Oracle Corporation) -- F:\Arquivos de programas\Java\jre7\bin\jqs.exe

PRC - [2013/03/12 07:32:50 | 000,253,816 | ---- | M] (Oracle Corporation) -- F:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

PRC - [2012/10/02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- F:\Documents and Settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2012/08/31 09:52:22 | 000,021,432 | ---- | M] () -- G:\Programas\Kies\External\FirmwareUpdate\KiesPDLR.exe

PRC - [2012/08/31 09:52:14 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- G:\Programas\Kies\KiesTrayAgent.exe

PRC - [2012/08/31 09:52:12 | 000,964,024 | ---- | M] (Samsung) -- G:\Programas\Kies\Kies.exe

PRC - [2012/08/11 16:43:06 | 000,055,184 | ---- | M] (Apple Inc.) -- F:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2011/02/01 07:29:14 | 000,081,920 | ---- | M] (Firebird Project) -- F:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

PRC - [2011/02/01 07:29:08 | 002,764,800 | ---- | M] (Firebird Project) -- F:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

PRC - [2010/01/26 17:45:47 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- F:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

PRC - [2009/03/19 10:44:50 | 000,731,840 | ---- | M] (ESET) -- F:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

PRC - [2009/03/19 10:44:28 | 002,029,640 | ---- | M] (ESET) -- F:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

PRC - [2008/04/13 19:21:00 | 001,035,776 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\explorer.exe

PRC - [2007/01/17 14:34:18 | 000,634,880 | R--- | M] (Motorola Inc.) -- F:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

PRC - [2005/07/08 16:24:46 | 000,871,424 | ---- | M] (Nero AG) -- F:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

PRC - [2005/07/08 11:25:10 | 001,397,760 | ---- | M] (Nero AG) -- F:\Arquivos de programas\Ahead\InCD\InCD.exe

PRC - [2004/11/02 19:24:46 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- F:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

========== Modules (No Company Name) ==========

MOD - [2013/10/01 00:06:17 | 000,115,137 | ---- | M] () -- F:\Documents and Settings\Lucio\Configurações locais\temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll

MOD - [2013/09/30 20:04:11 | 003,279,768 | ---- | M] () -- F:\Arquivos de programas\Mozilla Firefox\mozjs.dll

MOD - [2013/09/10 22:05:16 | 016,177,544 | ---- | M] () -- F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll

MOD - [2013/08/17 10:17:00 | 000,998,400 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\cf3c9d1496acdcb836853e59fe20223b\System.Management.ni.dll

MOD - [2013/08/17 09:53:40 | 002,295,808 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\2bd89ed2dc0f585328fd1ac4c5a206dd\System.Core.ni.dll

MOD - [2013/08/17 09:53:28 | 000,212,992 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll

MOD - [2013/08/17 09:52:58 | 000,771,584 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\f4ea3ea9bbe98bbc32c6def83bd2962d\System.Runtime.Remoting.ni.dll

MOD - [2013/08/17 09:52:33 | 014,329,856 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a283b4d76562af1ff279d465f5488d8c\PresentationFramework.ni.dll

MOD - [2013/08/17 09:51:49 | 012,434,432 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a12a09aaa2c560a808dea7eaba5040c1\System.Windows.Forms.ni.dll

MOD - [2013/08/17 09:51:35 | 001,593,344 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll

MOD - [2013/08/17 09:51:27 | 012,218,880 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\6c1a100fe556c7d391f4d1681ab3c615\PresentationCore.ni.dll

MOD - [2013/08/17 09:51:03 | 003,325,440 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\64441cc39259974a2c3cdf0702a8beb3\WindowsBase.ni.dll

MOD - [2013/08/17 09:50:48 | 005,462,016 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll

MOD - [2013/08/17 09:50:41 | 000,978,944 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\14d1a28674a9f78c5759e7dcf74a13fd\System.Configuration.ni.dll

MOD - [2013/08/17 09:50:32 | 007,977,984 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll

MOD - [2013/07/11 10:08:43 | 000,539,648 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e729dd9b653def0664bf0efcf22dc112\PresentationFramework.Luna.ni.dll

MOD - [2013/07/11 10:06:14 | 011,497,984 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll

MOD - [2012/12/18 18:59:18 | 000,019,144 | ---- | M] () -- F:\Arquivos de programas\Adobe\Reader 9.0\Reader\ViewerPS.dll

MOD - [2012/08/31 09:52:22 | 000,021,432 | ---- | M] () -- G:\Programas\Kies\External\FirmwareUpdate\KiesPDLR.exe

MOD - [2012/08/31 09:46:26 | 015,342,592 | ---- | M] () -- G:\Programas\Kies\Theme\Kies.Theme.dll

MOD - [2012/08/31 09:45:44 | 000,559,616 | ---- | M] () -- G:\Programas\Kies\Common\Kies.UI.dll

MOD - [2012/08/28 10:23:40 | 000,034,816 | ---- | M] () -- G:\Programas\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll

MOD - [2012/08/28 10:22:46 | 000,023,040 | ---- | M] () -- G:\Programas\Kies\MVVM\Kies.MVVM.dll

MOD - [2012/08/28 10:06:08 | 000,057,856 | ---- | M] () -- G:\Programas\Kies\Common\ASF_cSharpAPI.dll

MOD - [2012/08/28 10:05:16 | 000,659,408 | ---- | M] () -- G:\Programas\Kies\External\FirmwareUpdate\CommonModule.dll

MOD - [2012/08/28 10:05:16 | 000,552,400 | ---- | M] () -- G:\Programas\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll

MOD - [2012/08/28 10:05:16 | 000,028,624 | ---- | M] () -- G:\Programas\Kies\External\FirmwareUpdate\FirmwareUpdate.MVVM.dll

MOD - [2012/08/28 10:05:16 | 000,007,168 | ---- | M] () -- G:\Programas\Kies\External\FirmwareUpdate\IPCServer.dll

MOD - [2012/08/28 10:05:16 | 000,003,584 | ---- | M] () -- G:\Programas\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll

MOD - [2012/08/28 10:05:10 | 000,069,632 | ---- | M] () -- G:\Programas\Kies\External\FirmwareUpdate\pt-BR\CommonModule.resources.dll

MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- F:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\zlib1.dll

MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- F:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\libxml2.dll

MOD - [2010/03/11 15:41:30 | 000,040,960 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_pt-BR_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll

MOD - [2010/03/11 15:41:28 | 000,303,104 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll

MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- F:\WINDOWS\system32\cpwmon2k.dll

MOD - [2009/02/27 17:49:12 | 000,311,296 | ---- | M] () -- F:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\pdfshell.PTB

========== Services (SafeList) ==========

SRV - [2013/09/30 20:04:11 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- F:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/09/19 22:04:43 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- F:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/08/29 02:50:56 | 000,587,912 | ---- | M] (Crawler.com) [Auto | Running] -- F:\Arquivos de programas\Spyware Terminator\st_rsser.exe -- (ST2012_Svc)

SRV - [2013/07/15 11:23:42 | 000,409,640 | ---- | M] (GAS Tecnologia) [Auto | Running] -- F:\Arquivos de programas\GbPlugin\gbpsv.exe -- (GbpSv)

SRV - [2013/06/25 08:59:16 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- F:\Arquivos de programas\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2012/10/02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- F:\Documents and Settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012/08/11 16:43:06 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- F:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- F:\Arquivos de programas\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011/02/01 07:29:14 | 000,081,920 | ---- | M] (Firebird Project) [Auto | Running] -- F:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)

SRV - [2011/02/01 07:29:08 | 002,764,800 | ---- | M] (Firebird Project) [On_Demand | Running] -- F:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe -- (FirebirdServerDefaultInstance)

SRV - [2009/10/27 08:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- F:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2009/03/19 10:48:08 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- F:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)

SRV - [2009/03/19 10:44:50 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- F:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)

SRV - [2005/07/08 16:24:46 | 000,871,424 | ---- | M] (Nero AG) [Auto | Running] -- F:\Arquivos de programas\Ahead\InCD\InCDsrv.exe -- (InCDsrv)

SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- F:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- F:\ComboFix\catchme.sys -- (catchme)

DRV - [2013/10/01 00:03:13 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\GbpNdisrd.sys -- (NdisrdMP)

DRV - [2013/10/01 00:03:13 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\GbpNdisrd.sys -- (Ndisrd)

DRV - [2013/07/01 15:40:10 | 000,047,688 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- F:\WINDOWS\system32\drivers\GbpKm.sys -- (GbpKm)

DRV - [2012/08/20 14:48:44 | 000,015,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)

DRV - [2012/08/20 14:48:44 | 000,010,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\pwdspio.sys -- (pwdspio)

DRV - [2012/07/31 07:42:48 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)

DRV - [2012/07/31 07:42:48 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)

DRV - [2011/06/21 11:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)

DRV - [2009/10/06 10:56:34 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)

DRV - [2009/10/06 10:56:32 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)

DRV - [2009/10/06 10:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2009/10/06 10:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2009/10/06 10:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2009/10/06 10:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2009/06/30 17:55:38 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2009/03/19 10:45:38 | 000,093,848 | ---- | M] (ESET) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)

DRV - [2009/03/19 10:44:34 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)

DRV - [2009/03/19 10:41:38 | 000,113,960 | ---- | M] (ESET) [File_System | On_Demand | Running] -- F:\WINDOWS\system32\drivers\eamon.sys -- (eamon)

DRV - [2008/08/26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008/06/07 14:09:04 | 000,010,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\gnome.sys -- (GNOME_R)

DRV - [2008/04/13 11:46:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\MPE.sys -- (MPE)

DRV - [2007/09/05 17:31:30 | 004,611,072 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)

DRV - [2007/08/24 19:45:22 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2007/08/03 16:31:44 | 000,018,688 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)

DRV - [2007/08/03 16:10:14 | 000,321,536 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)

DRV - [2007/05/16 12:00:00 | 000,042,368 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\SiSGbeXP.sys -- (SiSGbeXP)

DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- F:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007/01/29 20:20:04 | 000,361,728 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)

DRV - [2007/01/29 20:19:48 | 000,039,680 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)

DRV - [2007/01/23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- F:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2007/01/17 14:38:52 | 000,983,936 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\smserial.sys -- (smserial)

DRV - [2006/05/18 09:48:50 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)

DRV - [2005/07/08 16:17:56 | 000,008,704 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- F:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)

DRV - [2005/07/08 16:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- F:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)

DRV - [2005/07/08 16:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)

DRV - [2005/07/08 11:17:32 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- F:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1659004503-746137067-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/

IE - HKU\S-1-5-21-1659004503-746137067-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-1659004503-746137067-682003330-1003\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1659004503-746137067-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKU\S-1-5-21-1659004503-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1659004503-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7BDB9127A2-3381-41ec-82B3-1B6ED4C6F29A%7D:1.0

FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21

FF - prefs.js..extensions.enabledAddons: %7B87F8774F-B485-47E2-A755-A40A8A5E886D%7D:3.4.0

FF - prefs.js..extensions.enabledAddons: %7B0303e6fc-c062-47f1-825d-73e5e97d1d43%7D:1.133

FF - prefs.js..extensions.enabledAddons: %7B87F8774F-B485-47E2-A755-A40A8A5E886C%7D:3.4.0

FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.12

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: G:\Programas\Itunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: F:\Arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: F:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: F:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Arquivos de programas\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: F:\Arquivos de programas\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: F:\Arquivos de programas\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: F:\Arquivos de programas\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Arquivos de programas\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Arquivos de programas\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: G:\Programas\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: F:\Arquivos de programas\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: F:\Arquivos de programas\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/bb: F:\Documents and Settings\Lucio\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)

FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/cef: F:\Documents and Settings\Lucio\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_cef.dll (GAS Tecnologia)

FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/isg: F:\Documents and Settings\Lucio\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_isg.dll (GAS Tecnologia)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: G:\Programas\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/01/26 14:01:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: F:\Arquivos de programas\Mozilla Firefox\components [2013/09/30 20:03:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: F:\Arquivos de programas\Mozilla Firefox\plugins [2013/09/30 20:03:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: G:\Programas\Mozilla Thunderbird\components [2010/07/14 16:19:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: G:\Programas\Mozilla Thunderbird\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: F:\Arquivos de programas\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/11/18 09:30:02 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886F}: F:\Documents and Settings\Lucio\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\isg\xpi [2013/05/02 14:57:26 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886D}: F:\Documents and Settings\Lucio\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\cef\xpi [2013/08/30 18:21:37 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0303e6fc-c062-47f1-825d-73e5e97d1d43}: F:\Arquivos de programas\LyricsSeeker\133.xpi [2013/09/12 00:11:44 | 000,005,792 | ---- | M] ()

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886C}: F:\Documents and Settings\Lucio\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\bb\xpi [2013/09/12 13:55:00 | 000,000,000 | ---D | M]

[2009/11/04 15:46:45 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\Lucio\Dados de aplicativos\Mozilla\Extensions

[2009/11/04 15:46:45 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\Lucio\Dados de aplicativos\Mozilla\Extensions\mozswing@mozswing.org

[2013/09/30 21:24:30 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\Lucio\Dados de aplicativos\Mozilla\Firefox\Profiles\vtr7h0vc.default\extensions

[2011/01/10 15:34:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- F:\Documents and Settings\Lucio\Dados de aplicativos\Mozilla\Firefox\Profiles\vtr7h0vc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2013/08/27 20:30:51 | 000,000,000 | ---D | M] (DownloadHelper) -- F:\Documents and Settings\Lucio\Dados de aplicativos\Mozilla\Firefox\Profiles\vtr7h0vc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010/05/20 16:51:22 | 000,000,000 | ---D | M] (flashget3 Extension) -- F:\Documents and Settings\Lucio\Dados de aplicativos\Mozilla\Firefox\Profiles\vtr7h0vc.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}

[2013/09/30 21:24:30 | 000,282,570 | ---- | M] () (No name found) -- F:\Documents and Settings\Lucio\Dados de aplicativos\Mozilla\Firefox\Profiles\vtr7h0vc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

[2010/03/24 10:42:56 | 000,057,418 | ---- | M] (flashget) (No name found) -- F:\Documents and Settings\Lucio\Dados de aplicativos\Mozilla\Firefox\Profiles\vtr7h0vc.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashGetXPI.dll

[2008/10/17 10:03:56 | 000,000,205 | ---- | M] () (No name found) -- F:\Documents and Settings\Lucio\Dados de aplicativos\Mozilla\Firefox\Profiles\vtr7h0vc.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\IFlashgetXpi.xpt

[2013/09/30 20:03:29 | 000,000,000 | ---D | M] (No name found) -- F:\Arquivos de programas\Mozilla Firefox\extensions

[2013/09/30 20:03:32 | 000,000,000 | ---D | M] (Skype Click to Call) -- F:\Arquivos de programas\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2013/09/30 20:03:26 | 000,000,000 | ---D | M] (No name found) -- F:\Arquivos de programas\Mozilla Firefox\browser\extensions

[2013/09/30 20:04:15 | 000,000,000 | ---D | M] (Default) -- F:\Arquivos de programas\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2013/09/12 00:11:44 | 000,005,792 | ---- | M] () (No name found) -- F:\ARQUIVOS DE PROGRAMAS\LYRICSSEEKER\133.XPI

File not found (No name found) -- F:\DOCUMENTS AND SETTINGS\LUCIO\CONFIGURAçÃΜES LOCAIS\DADOS DE APLICATIVOS\GAS TECNOLOGIA\GBBD\BB\XPI

File not found (No name found) -- F:\DOCUMENTS AND SETTINGS\LUCIO\CONFIGURAçÃΜES LOCAIS\DADOS DE APLICATIVOS\GAS TECNOLOGIA\GBBD\CEF\XPI

O1 HOSTS File: ([2013/09/27 14:05:11 | 000,000,027 | ---- | M]) - F:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (ssh2 Class) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - F:\Arquivos de programas\Scpad\scpsssh2.dll (Banco Bradesco S.A.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Arquivos de programas\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - F:\Documents and Settings\Lucio\Dados de aplicativos\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)

O2 - BHO: (no name) - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No CLSID value found.

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - F:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - F:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540015} - F:\Arquivos de programas\GbPlugin\gbiehIsg.dll (Infoseg - Senasp)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - G:\Programas\Orbitdownloader\GrabPro.dll ()

O3 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - G:\Programas\Orbitdownloader\GrabPro.dll ()

O4 - HKLM..\Run: [Adobe ARM] F:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] F:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [bIH] F:\WINDOWS\System32\bih.dll (Thomas Michel eMail: support.batteryinfo@arcor.de Web: http://www.batteryinfo.de.vu or http://home.arcor.de/batteryinfo)

O4 - HKLM..\Run: [bluetoothAuthenticationAgent] F:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)

O4 - HKLM..\Run: [egui] F:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4 - HKLM..\Run: [inCD] F:\Arquivos de programas\Ahead\InCD\InCD.exe (Nero AG)

O4 - HKLM..\Run: [KiesTrayAgent] G:\Programas\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKLM..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [RemoteControl] F:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

O4 - HKLM..\Run: [siSPower] F:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)

O4 - HKLM..\Run: [sMSERIAL] F:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)

O4 - HKLM..\Run: [spywareTerminatorUpdater] F:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)

O4 - HKLM..\Run: [sunJavaUpdateSched] F:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Oracle Corporation)

O4 - HKLM..\Run: [TkBellExe] F:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-21-1659004503-746137067-682003330-1003..\Run: [DAEMON Tools Lite] G:\Programas\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-1659004503-746137067-682003330-1003..\Run: [KiesPDLR] G:\Programas\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

O4 - HKU\S-1-5-21-1659004503-746137067-682003330-1003..\Run: [KiesPreload] G:\Programas\Kies\Kies.exe (Samsung)

O4 - HKU\S-1-5-21-1659004503-746137067-682003330-1003..\Run: [NBJ] F:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)

O4 - Startup: F:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Utility Tray.lnk = F:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)

O4 - Startup: F:\Documents and Settings\Lucio\Menu Iniciar\Programas\Inicializar\LimeWire On Startup.lnk = G:\Programas\LimeWire\LimeWire.exe (Lime Wire, LLC)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &Download by Orbit - G:\Programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: &Grab video by Orbit - G:\Programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Do&wnload selected by Orbit - G:\Programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Down&load all by Orbit - G:\Programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Download all by FlashGet3 - F:\Documents and Settings\Lucio\Dados de aplicativos\FlashGetBHO\GetAllUrl.htm ()

O8 - Extra context menu item: Download by FlashGet3 - F:\Documents and Settings\Lucio\Dados de aplicativos\FlashGetBHO\GetUrl.htm ()

O8 - Extra context menu item: 使用快车3下载 - F:\Documents and Settings\Lucio\Dados de aplicativos\FlashGetBHO\GetUrl.htm ()

O8 - Extra context menu item: 使用快车3下载全部链接 - F:\Documents and Settings\Lucio\Dados de aplicativos\FlashGetBHO\GetAllUrl.htm ()

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - F:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe (PokerStars)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - F:\Arquivos de programas\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\..Trusted Domains: bancobrasil.com.br ([www] * in Sites confiáveis)

O15 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\..Trusted Domains: bancobrasil.com.br ([www] http in Sites confiáveis)

O15 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\..Trusted Domains: bancobrasil.com.br ([www14] * in Sites confiáveis)

O15 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\..Trusted Domains: bancobrasil.com.br ([www14] https in Sites confiáveis)

O15 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\..Trusted Domains: bancobrasil.com.br ([www2] * in Sites confiáveis)

O15 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\..Trusted Domains: bancobrasil.com.br ([www2] https in Sites confiáveis)

O15 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\..Trusted Domains: bb.com.br ([www] * in Sites confiáveis)

O15 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\..Trusted Domains: bb.com.br ([www] http in Sites confiáveis)

O15 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\..Trusted Domains: caixa.gov.br ([]https in Sites confiáveis)

O15 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\..Trusted Domains: infoseg.gov.br ([www] http in Sites confiáveis)

O15 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\..Trusted Domains: infoseg.gov.br ([www2] https in Sites confiáveis)

O15 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\..Trusted Domains: infoseg.gov.br ([www5] https in Sites confiáveis)

O15 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\..Trusted Ranges: Range1 ([https] in Sites confiáveis)

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399015} https://www5.infoseg.gov.br/Install/GbPluginIsg.cab (GbPluginObj Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CF76CF3-519B-4C05-968C-77C1665B1C31}: DhcpNameServer = 192.168.42.129

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78240407-D696-4F6C-B6A0-F520D83EC98C}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - F:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (F:\WINDOWS\system32\userinit.exe) - F:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ GbPluginBb: DllName - (F:\Arquivos de programas\GbPlugin\gbieh.dll) - F:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

O20 - Winlogon\Notify\ GbPluginCef: DllName - (F:\Arquivos de programas\GbPlugin\gbiehCef.dll) - F:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O20 - Winlogon\Notify\ GbPluginIsg: DllName - (F:\ARQUIV~1\GbPlugin\gbiehIsg.dll) - F:\Arquivos de programas\GbPlugin\gbiehIsg.dll (Infoseg - Senasp)

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - F:\Arquivos de programas\Scpad\scpLIB.dll (Banco Bradesco S.A.)

O22 - SharedTaskScheduler: {A3717295-941D-416F-9384-ED1736729F1C} - scpLIB - F:\Arquivos de programas\Scpad\scpLIB.dll (Banco Bradesco S.A.)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O24 - Desktop WallPaper: F:\WINDOWS\Web\Wallpaper\Alegria.bmp

O24 - Desktop BackupWallPaper: F:\WINDOWS\Web\Wallpaper\Alegria.bmp

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - F:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399015} - F:\Arquivos de programas\GbPlugin\gbiehIsg.dll (Infoseg - Senasp)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - F:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/30 22:56:56 | 000,000,000 | -HSD | C] -- F:\RECYCLER

[2013/09/30 22:51:48 | 000,000,000 | ---D | C] -- F:\_OTL

[2013/09/30 20:03:25 | 000,000,000 | ---D | C] -- F:\Arquivos de programas\Mozilla Firefox

[2013/09/27 14:24:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\Lucio\Desktop\OTL.exe

[2013/09/27 14:11:43 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- F:\WINDOWS\System32\drivers\PROCEXP113.SYS

[2013/09/25 12:12:22 | 005,129,766 | R--- | C] (Swearware) -- F:\Documents and Settings\Lucio\Desktop\ComboFix.exe

[2013/09/25 12:12:03 | 001,030,038 | ---- | C] (Thisisu) -- F:\Documents and Settings\Lucio\Desktop\JRT.exe

[2013/09/24 18:58:23 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Lucio\Desktop\HijackThis

[2013/09/24 18:57:11 | 000,147,456 | ---- | C] (Eric_71) -- F:\Documents and Settings\Lucio\Desktop\MbrScan.exe

[2013/09/24 18:56:37 | 000,358,923 | ---- | C] (Farbar) -- F:\Documents and Settings\Lucio\Desktop\FSS.exe

[2013/09/18 19:56:23 | 000,688,992 | R--- | C] (Swearware) -- F:\Documents and Settings\Lucio\Desktop\dds.com

[2013/09/18 13:19:30 | 000,000,000 | RHSD | C] -- F:\cmdcons

[2013/09/18 13:14:06 | 000,518,144 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWREG.exe

[2013/09/18 13:14:06 | 000,406,528 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWSC.exe

[2013/09/18 13:14:06 | 000,212,480 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWXCACLS.exe

[2013/09/18 13:14:06 | 000,060,416 | ---- | C] (NirSoft) -- F:\WINDOWS\NIRCMD.exe

[2013/09/18 13:10:41 | 000,000,000 | ---D | C] -- F:\Qoobox

[2013/09/18 13:10:23 | 000,000,000 | ---D | C] -- F:\WINDOWS\erdnt

[2013/09/17 19:53:41 | 000,000,000 | ---D | C] -- F:\WINDOWS\ERUNT

[2013/09/17 19:27:42 | 000,000,000 | ---D | C] -- F:\AdwCleaner

[2013/09/17 19:17:58 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Lucio\Desktop\RK_Quarantine

[2013/09/17 18:30:50 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Malwarebytes

[2013/09/17 18:30:34 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware

[2013/09/17 18:30:33 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

[2013/09/17 18:30:31 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbam.sys

[2013/09/17 18:30:31 | 000,000,000 | ---D | C] -- F:\Arquivos de programas\Malwarebytes' Anti-Malware

[2013/09/17 17:12:01 | 000,000,000 | ---D | C] -- F:\TDSSKiller_Quarantine

[2013/09/12 20:26:38 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Spyware Terminator

[2013/09/12 20:26:38 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

[2013/09/12 20:26:36 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Menu Iniciar\Programas\Spyware Terminator 2012

[2013/09/12 20:26:35 | 000,000,000 | ---D | C] -- F:\Arquivos de programas\Spyware Terminator

[2013/09/12 00:11:44 | 000,000,000 | ---D | C] -- F:\Arquivos de programas\LyricsSeeker

[2013/09/10 15:11:02 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Lucio\Meus documentos\Fatura Belo Dente

========== Files - Modified Within 30 Days ==========

[2013/10/01 00:11:01 | 000,001,070 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/10/01 00:03:29 | 000,000,902 | ---- | M] () -- F:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/10/01 00:03:13 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) -- F:\WINDOWS\System32\drivers\GbpNdisrd.sys

[2013/10/01 00:02:39 | 000,001,066 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/10/01 00:00:13 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat

[2013/10/01 00:00:00 | 3203,575,808 | -HS- | M] () -- F:\hiberfil.sys

[2013/09/30 14:46:59 | 000,002,262 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl

[2013/09/29 13:11:41 | 000,000,040 | ---- | M] () -- F:\Documents and Settings\Lucio\Dados de aplicativos\cdr.ini

[2013/09/27 14:25:11 | 000,145,357 | ---- | M] () -- F:\Documents and Settings\Lucio\Desktop\OTL image.jpg

[2013/09/27 14:24:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Lucio\Desktop\OTL.exe

[2013/09/27 14:11:43 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- F:\WINDOWS\System32\drivers\PROCEXP113.SYS

[2013/09/27 14:05:11 | 000,000,027 | ---- | M] () -- F:\WINDOWS\System32\drivers\etc\hosts

[2013/09/27 13:48:06 | 005,129,766 | R--- | M] (Swearware) -- F:\Documents and Settings\Lucio\Desktop\ComboFix.exe

[2013/09/25 21:33:07 | 000,002,315 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Skype.lnk

[2013/09/25 12:48:20 | 001,042,066 | ---- | M] () -- F:\Documents and Settings\Lucio\Desktop\adwcleaner.exe

[2013/09/25 00:05:44 | 000,044,469 | ---- | M] () -- F:\Documents and Settings\Lucio\Meus documentos\Boleto Lucas ufmg.pdf

[2013/09/24 19:03:48 | 000,000,512 | ---- | M] () -- F:\Documents and Settings\Lucio\Desktop\Dump_Hdd0_DR0.mbr

[2013/09/24 18:57:11 | 000,147,456 | ---- | M] (Eric_71) -- F:\Documents and Settings\Lucio\Desktop\MbrScan.exe

[2013/09/24 18:56:37 | 000,358,923 | ---- | M] (Farbar) -- F:\Documents and Settings\Lucio\Desktop\FSS.exe

[2013/09/22 04:38:24 | 001,030,038 | ---- | M] (Thisisu) -- F:\Documents and Settings\Lucio\Desktop\JRT.exe

[2013/09/18 19:02:12 | 000,688,992 | R--- | M] (Swearware) -- F:\Documents and Settings\Lucio\Desktop\dds.com

[2013/09/18 14:16:25 | 000,377,856 | ---- | M] () -- F:\Documents and Settings\Lucio\Desktop\p9ff6wec.exe

[2013/09/18 13:19:33 | 000,000,327 | RHS- | M] () -- F:\boot.ini

[2013/09/17 18:30:34 | 000,000,840 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013/09/17 16:50:16 | 000,000,664 | ---- | M] () -- F:\WINDOWS\System32\d3d9caps.dat

[2013/09/13 11:04:47 | 000,268,600 | ---- | M] () -- F:\WINDOWS\System32\FNTCACHE.DAT

[2013/09/13 09:42:21 | 000,001,374 | ---- | M] () -- F:\WINDOWS\imsins.BAK

[2013/09/12 20:26:36 | 000,000,765 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Spyware Terminator 2012.lnk

[2013/09/12 13:55:04 | 000,018,244 | ---- | M] () -- F:\Documents and Settings\Lucio\Dados de aplicativos\unins002.dat

[2013/09/10 17:42:50 | 000,079,360 | ---- | M] () -- F:\Documents and Settings\Lucio\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013/09/10 16:38:32 | 000,000,116 | ---- | M] () -- F:\WINDOWS\NeroDigital.ini

[2013/09/10 14:50:59 | 000,423,919 | ---- | M] () -- F:\Documents and Settings\Lucio\Meus documentos\DSC00594_Red2.JPG

[2013/09/10 14:48:11 | 001,194,513 | ---- | M] () -- F:\Documents and Settings\Lucio\Meus documentos\DSC00594_Red.JPG

========== Files Created - No Company Name ==========

[2013/09/27 14:25:09 | 000,145,357 | ---- | C] () -- F:\Documents and Settings\Lucio\Desktop\OTL image.jpg

[2013/09/25 12:48:20 | 001,042,066 | ---- | C] () -- F:\Documents and Settings\Lucio\Desktop\adwcleaner.exe

[2013/09/25 00:05:41 | 000,044,469 | ---- | C] () -- F:\Documents and Settings\Lucio\Meus documentos\Boleto Lucas ufmg.pdf

[2013/09/24 19:03:03 | 000,000,512 | ---- | C] () -- F:\Documents and Settings\Lucio\Desktop\Dump_Hdd0_DR0.mbr

[2013/09/18 14:16:16 | 000,377,856 | ---- | C] () -- F:\Documents and Settings\Lucio\Desktop\p9ff6wec.exe

[2013/09/18 13:19:33 | 000,000,210 | ---- | C] () -- F:\Boot.bak

[2013/09/18 13:19:31 | 000,261,856 | RHS- | C] () -- F:\cmldr

[2013/09/18 13:14:06 | 000,256,000 | ---- | C] () -- F:\WINDOWS\PEV.exe

[2013/09/18 13:14:06 | 000,208,896 | ---- | C] () -- F:\WINDOWS\MBR.exe

[2013/09/18 13:14:06 | 000,098,816 | ---- | C] () -- F:\WINDOWS\sed.exe

[2013/09/18 13:14:06 | 000,080,412 | ---- | C] () -- F:\WINDOWS\grep.exe

[2013/09/18 13:14:06 | 000,068,096 | ---- | C] () -- F:\WINDOWS\zip.exe

[2013/09/17 18:30:34 | 000,000,840 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013/09/12 20:26:39 | 000,032,768 | ---- | C] () -- F:\WINDOWS\System32\drivers\sp_rsdrv2.sys

[2013/09/12 20:26:36 | 000,000,765 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Spyware Terminator 2012.lnk

[2013/09/12 13:55:00 | 000,018,244 | ---- | C] () -- F:\Documents and Settings\Lucio\Dados de aplicativos\unins002.dat

[2013/09/10 14:50:59 | 000,423,919 | ---- | C] () -- F:\Documents and Settings\Lucio\Meus documentos\DSC00594_Red2.JPG

[2013/09/10 14:48:10 | 001,194,513 | ---- | C] () -- F:\Documents and Settings\Lucio\Meus documentos\DSC00594_Red.JPG

[2013/08/30 18:21:37 | 000,013,831 | ---- | C] () -- F:\Documents and Settings\Lucio\Dados de aplicativos\unins001.dat

[2013/08/16 19:10:11 | 000,000,040 | ---- | C] () -- F:\Documents and Settings\Lucio\Dados de aplicativos\cdr.ini

[2013/07/11 10:22:13 | 000,569,528 | ---- | C] () -- F:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat

[2013/05/02 14:57:26 | 000,717,985 | ---- | C] () -- F:\Documents and Settings\Lucio\Dados de aplicativos\unins000.exe

[2013/05/02 14:57:26 | 000,011,281 | ---- | C] () -- F:\Documents and Settings\Lucio\Dados de aplicativos\unins000.dat

[2013/04/19 16:46:14 | 000,000,176 | ---- | C] () -- F:\WINDOWS\REC-NET.INI

[2013/01/31 10:00:43 | 000,905,290 | R--- | C] () -- F:\WINDOWS\System32\libmmd.dll

[2012/08/28 10:04:34 | 000,081,920 | ---- | C] () -- F:\WINDOWS\System32\issacapi_bs-2.3.dll

[2012/08/28 10:04:34 | 000,065,536 | ---- | C] () -- F:\WINDOWS\System32\issacapi_pe-2.3.dll

[2012/08/28 10:04:34 | 000,057,344 | ---- | C] () -- F:\WINDOWS\System32\issacapi_se-2.3.dll

[2012/08/28 10:04:34 | 000,030,568 | ---- | C] () -- F:\WINDOWS\MusiccityDownload.exe

[2012/08/28 10:04:32 | 000,974,848 | ---- | C] () -- F:\WINDOWS\System32\cis-2.4.dll

[2012/04/25 18:14:41 | 000,000,533 | ---- | C] () -- F:\WINDOWS\eReg.dat

[2012/02/16 08:31:41 | 000,003,072 | ---- | C] () -- F:\WINDOWS\System32\iacenc.dll

[2011/01/27 11:09:23 | 000,000,148 | ---- | C] () -- F:\Documents and Settings\Lucio\acesso.serpro.gov.br.HOD.LOC

[2010/06/22 17:53:14 | 000,002,528 | ---- | C] () -- F:\Documents and Settings\Lucio\Dados de aplicativos\$_hpcst$.hpc

[2009/12/07 21:45:41 | 000,040,960 | ---- | C] () -- F:\Arquivos de programas\Uninstall_CDS.exe

[2009/09/30 10:20:24 | 000,079,360 | ---- | C] () -- F:\Documents and Settings\Lucio\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/07/02 18:26:31 | 000,000,138 | ---- | C] () -- F:\Documents and Settings\Lucio\Configurações locais\Dados de aplicativos\fusioncache.dat

========== ZeroAccess Check ==========

[2009/07/02 17:50:28 | 000,000,227 | RHS- | M] () -- F:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:20:42 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:53:26 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:20:42 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2012/10/02 12:10:22 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2011/03/23 20:07:57 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\3DVIA

[2012/05/29 14:57:29 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\Battle.net

[2012/04/25 17:34:23 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\DAEMON Tools Lite

[2012/04/16 22:03:08 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\EPSON

[2009/11/18 09:30:00 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\ESET

[2013/05/02 14:57:27 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\GAS Tecnologia

[2013/09/10 13:12:48 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

[2010/01/26 13:59:28 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\Installations

[2010/01/26 10:31:56 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\Nokia

[2012/07/23 08:29:35 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\PC Drivers HeadQuarters Inc

[2010/01/26 14:05:02 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\PC Suite

[2012/09/23 11:29:05 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\Samsung

[2013/09/29 13:06:54 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

[2010/01/29 11:50:28 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Convidado\Dados de aplicativos\PC Suite

[2013/09/13 13:54:51 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Convidado\Dados de aplicativos\Scpad

[2010/04/26 11:58:54 | 000,000,000 | ---D | M] -- F:\Documents and Settings\LocalService\Dados de aplicativos\Foxit Software

[2012/04/27 20:58:19 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\AnvSoft

[2012/08/16 16:26:02 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\BITS

[2012/04/25 17:50:47 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\DAEMON Tools Lite

[2010/02/23 14:18:14 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Docx2Rtf

[2013/08/16 19:10:11 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Eusing

[2010/05/20 16:50:15 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\FlashGet

[2010/05/20 16:50:06 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\FlashGetBHO

[2010/04/26 11:58:57 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Foxit Software

[2013/05/04 15:08:03 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\FreeAudioPack

[2012/07/23 08:27:13 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\GetRightToGo

[2009/07/01 13:28:12 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\GrabPro

[2013/03/01 10:28:11 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\LimeWire

[2012/07/15 18:46:49 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Logia

[2011/12/10 18:53:13 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Mouse Recorder Pro

[2012/01/05 10:50:41 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Nokia

[2010/02/23 14:22:09 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\NwDocx

[2012/10/31 23:40:44 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Orbit

[2011/11/29 12:51:44 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\PC Suite

[2011/12/06 13:00:19 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Razor

[2013/04/13 18:43:39 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Samsung

[2013/10/01 00:04:03 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Scpad

[2013/07/18 23:57:13 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Splitscreen Studios

[2013/09/12 20:26:38 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Spyware Terminator

[2010/05/28 09:38:04 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Thunderbird

[2013/09/01 01:33:12 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\uTorrent

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 412 bytes -> F:\WINDOWS\System32\drivers:GbpKmAp.lst

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro lucio.lfv

Não sei se tem algum interesse mas andei registrando algumas url's que aparecem na barra de status do firefox, em praticamente todas as páginas navegadas (enviando, lendo, aguardando resposta):

intext.nav-links.com

ad.yeldmanager.com

ici.resynccdn.net

www.superfish.com

dej.drivejs.net

Boa :)

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

  • Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

Firefox::
FF - ProfilePath - f:\documents and settings\Lucio\Dados de aplicativos\Mozilla\Firefox\Profiles\vtr7h0vc.default\
FF - prefs.js: keyword.URL - hxxp://br.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_br&p=
FF - ExtSQL: 2013-09-12 00:11; {0303e6fc-c062-47f1-825d-73e5e97d1d43}; f:\arquivos de programas\LyricsSeeker\133.xpi

ADS::


  • Salve este arquivo como: CFScript.txt
  • Tal com exemplificado na animação abaixo, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

2872959479_997d4500c4_o.gif

Veja se os sites ainda aparecem ;)

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Diego, obrigado pela atenção.

Os sites continuam aparecendo, porém antes destes que eu já havia te informado, desta vez observei que apareceram outros:

zone98.hotwords.com.br

t2.gstatic.com

t1.gstatic.com

t0.gstatic.com

ads26855.hotwords

googlesyndication

pixel.quantserve

platform.twitter.com

img.hotwords.com

cdn.api.twitter.com

apis.google.com

ib.adnxs.com

Segue o log do ComboFix:

ComboFix 13-10-03.03 - Lucio 03/10/2013 14:23:01.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3055.2179 [GMT -3:00]

Executando de: f:\documents and settings\Lucio\Desktop\ComboFix.exe

Comandos utilizados :: f:\documents and settings\Lucio\Desktop\CFScript.txt

AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

ADS - drivers: deleted 412 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

f:\docume~1\Lucio\CONFIG~1\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll

f:\documents and settings\Lucio\Configurações locais\temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-09-03 to 2013-10-03 ))))))))))))))))))))))))))))

.

.

2013-10-03 17:27 . 2013-10-03 17:27 0 ----a-w- f:\windows\system32\drivers\SROUTE.SYS

2013-10-01 01:51 . 2013-10-01 01:51 -------- d-----w- F:\_OTL

2013-09-27 17:11 . 2013-10-03 17:16 12568 ----a-w- f:\windows\system32\drivers\PROCEXP113.SYS

2013-09-19 23:28 . 2013-09-19 23:28 -------- d-----w- f:\windows\system32\wbem\Repository

2013-09-17 22:53 . 2013-09-17 22:53 -------- d-----w- f:\windows\ERUNT

2013-09-17 22:27 . 2013-09-25 16:05 -------- d-----w- F:\AdwCleaner

2013-09-17 21:30 . 2013-09-17 21:30 -------- d-----w- f:\documents and settings\Lucio\Dados de aplicativos\Malwarebytes

2013-09-17 21:30 . 2013-09-17 21:30 -------- d-----w- f:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2013-09-17 21:30 . 2013-09-17 21:30 -------- d-----w- f:\arquivos de programas\Malwarebytes' Anti-Malware

2013-09-17 21:30 . 2013-04-04 17:50 22856 ----a-w- f:\windows\system32\drivers\mbam.sys

2013-09-17 20:12 . 2013-09-17 20:12 -------- d-----w- F:\TDSSKiller_Quarantine

2013-09-12 23:26 . 2011-06-21 14:24 32768 ----a-w- f:\windows\system32\drivers\sp_rsdrv2.sys

2013-09-12 23:26 . 2013-10-03 16:41 -------- d-----w- f:\documents and settings\All Users\Dados de aplicativos\Spyware Terminator

2013-09-12 23:26 . 2013-09-12 23:26 -------- d-----w- f:\documents and settings\Lucio\Dados de aplicativos\Spyware Terminator

2013-09-12 23:26 . 2013-09-12 23:27 -------- d-----w- f:\arquivos de programas\Spyware Terminator

2013-09-12 03:11 . 2013-09-12 03:11 -------- d-----w- f:\arquivos de programas\LyricsSeeker

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-10-03 17:35 . 2012-01-29 12:49 31088 ----a-w- f:\windows\system32\drivers\GbpNdisrd.sys

2013-09-20 01:04 . 2012-04-08 14:17 692616 ----a-w- f:\windows\system32\FlashPlayerApp.exe

2013-09-20 01:04 . 2011-05-17 12:04 71048 ----a-w- f:\windows\system32\FlashPlayerCPLApp.cpl

2013-08-09 01:56 . 2004-08-04 01:45 389632 ----a-w- f:\windows\system32\themeui.dll

2013-08-08 06:09 . 2004-08-04 01:38 1877888 ----a-w- f:\windows\system32\win32k.sys

2013-08-08 06:05 . 2004-08-04 01:45 920064 ----a-w- f:\windows\system32\wininet.dll

2013-08-08 06:05 . 2004-08-04 01:45 43520 ----a-w- f:\windows\system32\licmgr10.dll

2013-08-08 06:05 . 2004-08-04 01:45 1469440 ----a-w- f:\windows\system32\inetcpl.cpl

2013-08-08 06:05 . 2004-08-04 01:45 18944 ----a-w- f:\windows\system32\corpol.dll

2013-08-08 00:04 . 2004-08-04 01:37 385024 ----a-w- f:\windows\system32\html.iec

2013-08-05 13:30 . 2004-08-04 01:45 1289216 ----a-w- f:\windows\system32\ole32.dll

2013-07-31 05:41 . 2004-08-04 01:45 810496 ----a-w- f:\windows\system32\wmvdmod.dll

2013-07-10 10:37 . 2004-08-04 01:45 406016 ----a-w- f:\windows\system32\usp10.dll

2004-10-01 17:00 . 2009-12-08 00:45 40960 ----a-w- f:\arquivos de programas\Uninstall_CDS.exe

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="g:\programas\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

"KiesPreload"="g:\programas\Kies\Kies.exe" [2012-08-31 964024]

"KiesPDLR"="g:\programas\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-31 21432]

"NBJ"="f:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSPower"="SiSPower.dll" [2007-08-03 53248]

"RTHDCPL"="RTHDCPL.EXE" [2007-09-03 16841216]

"SMSERIAL"="f:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]

"BIH"="bih.dll" [2009-07-01 208896]

"TkBellExe"="f:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-01-26 198160]

"egui"="f:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2009-03-19 2029640]

"RemoteControl"="f:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]

"InCD"="f:\arquivos de programas\Ahead\InCD\InCD.exe" [2005-07-08 1397760]

"NeroFilterCheck"="f:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]

"Adobe Reader Speed Launcher"="f:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]

"Adobe ARM"="f:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"KiesTrayAgent"="g:\programas\Kies\KiesTrayAgent.exe" [2012-08-31 3524536]

"APSDaemon"="f:\arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"iTunesHelper"="g:\programas\Itunes\iTunesHelper.exe" [2012-09-10 421776]

"SunJavaUpdateSched"="f:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2013-03-12 253816]

"SpywareTerminatorUpdater"="f:\arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-08-29 3684488]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

.

f:\documents and settings\Lucio\Menu Iniciar\Programas\Inicializar\

LimeWire On Startup.lnk - g:\programas\LimeWire\LimeWire.exe -startup [2009-9-30 503808]

.

f:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Utility Tray.lnk - f:\windows\system32\sistray.exe [2009-6-29 262144]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399015}"= "f:\arquiv~1\GBPLUGIN\gbiehisg.dll" [2012-06-01 597504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2013-07-15 14:23 1410088 ------w- f:\arquivos de programas\GbPlugin\gbieh.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2013-07-01 18:39 1383240 ------w- f:\arquivos de programas\GbPlugin\gbiehcef.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginIsg]

2012-06-01 20:50 597504 ------w- f:\arquiv~1\GbPlugin\gbiehIsg.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"g:\\Programas\\Orbitdownloader\\orbitdm.exe"=

"g:\\Programas\\Orbitdownloader\\orbitnet.exe"=

"g:\\Games\\EA Games\\Ultima Online Mondain's Legacy\\client.exe"=

"g:\\Programas\\realplay.exe"=

"f:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"g:\\Programas\\LimeWire\\LimeWire.exe"=

"f:\\Arquivos de programas\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"f:\\Arquivos de programas\\Arquivos comuns\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"f:\\Arquivos de programas\\TrackMaker\\trackmaker.exe"=

"g:\\Programas\\FlashGet\\FlashGet3.exe"=

"f:\\Arquivos de programas\\Google\\Google Earth\\client\\googleearth.exe"=

"f:\\Arquivos de programas\\Google\\Google Earth\\plugin\\geplugin.exe"=

"g:\\Programas\\Megacubo\\megacubo.exe"=

"g:\\Programas\\Ares\\Ares.exe"=

"f:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"f:\\Documents and Settings\\All Users\\Dados de aplicativos\\Battle.net\\Agent\\Agent.524\\Agent.exe"=

"f:\\Documents and Settings\\All Users\\Dados de aplicativos\\Battle.net\\Agent\\Agent.976\\Agent.exe"=

"f:\\WINDOWS\\system32\\muzapp.exe"=

"f:\\Arquivos de programas\\Arquivos comuns\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"f:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"g:\\Programas\\Itunes\\iTunes.exe"=

"g:\\Games\\Electronic Arts\\Ultima Online Classic\\client.exe"=

"f:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"f:\\Arquivos de programas\\Java\\jre7\\launch4j-tmp\\IRPF2013.exe"=

"f:\\Arquivos de programas\\Spyware Terminator\\SpywareTerminator.exe"=

"f:\\Arquivos de programas\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=

.

R0 GbpKm;Gbp KernelMode;f:\windows\system32\drivers\GbpKm.sys [7/10/2009 16:34 47688]

R1 ehdrv;ehdrv;f:\windows\system32\drivers\ehdrv.sys [19/3/2009 10:44 107256]

R1 epfwtdir;epfwtdir;f:\windows\system32\drivers\epfwtdir.sys [19/3/2009 10:45 93848]

R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;f:\windows\system32\drivers\sp_rsdrv2.sys [12/9/2013 20:26 32768]

R2 ekrn;ESET Service;f:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [19/3/2009 10:44 731840]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;f:\arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe [12/12/2012 19:02 81920]

R2 GbpSv;Gbp Service;f:\arquiv~1\GbPlugin\GbpSv.exe [7/10/2009 16:34 409640]

R2 Skype C2C Service;Skype C2C Service;f:\documents and settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2/10/2012 11:13 3064000]

R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;f:\arquivos de programas\Spyware Terminator\st_rsser.exe [12/9/2013 20:26 587912]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;f:\arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe [12/12/2012 19:02 2764800]

R3 NdisrdMP;NdisrdMP;f:\windows\system32\drivers\GbpNdisrd.sys [29/1/2012 09:49 31088]

S2 SkypeUpdate;Skype Updater;f:\arquivos de programas\Skype\Updater\Updater.exe [29/2/2012 08:50 158856]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);f:\windows\system32\drivers\ssudbus.sys [23/9/2012 11:30 83168]

S3 GNOME_R;GNOME_R;f:\windows\system32\drivers\gnome.sys [2/3/2010 10:35 10496]

S3 Ndisrd;GAS Tecnologia Service;f:\windows\system32\drivers\GbpNdisrd.sys [29/1/2012 09:49 31088]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;f:\windows\system32\drivers\nmwcdnsu.sys [26/1/2010 14:01 136704]

S3 nmwcdnsuc;Nokia USB Flashing Generic;f:\windows\system32\drivers\nmwcdnsuc.sys [26/1/2010 14:01 8320]

S3 pwdrvio;pwdrvio;f:\windows\system32\pwdrvio.sys [1/7/2010 10:27 15576]

S3 pwdspio;pwdspio;f:\windows\system32\pwdspio.sys [1/7/2010 10:27 10200]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);f:\windows\system32\drivers\ssudmdm.sys [23/9/2012 11:30 181344]

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-10-03 f:\windows\Tasks\Adobe Flash Player Updater.job

- f:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 01:04]

.

2013-10-03 f:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- f:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-06-21 20:49]

.

2013-10-03 f:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- f:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-06-21 20:49]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Download by Orbit - g:\programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - g:\programas\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - g:\programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - g:\programas\Orbitdownloader\orbitmxt.dll/202

IE: Download all by FlashGet3 - f:\documents and settings\Lucio\Dados de aplicativos\FlashGetBHO\GetAllUrl.htm

IE: Download by FlashGet3 - f:\documents and settings\Lucio\Dados de aplicativos\FlashGetBHO\GetUrl.htm

IE: E&xportar para o Microsoft Excel - f:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: ????3?? - f:\documents and settings\Lucio\Dados de aplicativos\FlashGetBHO\GetUrl.htm

IE: ????3?????? - f:\documents and settings\Lucio\Dados de aplicativos\FlashGetBHO\GetAllUrl.htm

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

Trusted Zone: caixa.gov.br

Trusted Zone: infoseg.gov.br\www

Trusted Zone: infoseg.gov.br\www2

Trusted Zone: infoseg.gov.br\www5

TCP: DhcpNameServer = 192.168.0.1

DPF: {E37CB5F0-51F5-4395-A808-5FA49E399015} - hxxps://www5.infoseg.gov.br/Install/GbPluginIsg.cab

FF - ProfilePath - f:\documents and settings\Lucio\Dados de aplicativos\Mozilla\Firefox\Profiles\vtr7h0vc.default\

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2013-08-30 18:21; {87F8774F-B485-47E2-A755-A40A8A5E886D}; f:\documents and settings\Lucio\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\cef\xpi

FF - ExtSQL: 2013-09-12 00:11; {0303e6fc-c062-47f1-825d-73e5e97d1d43}; f:\arquivos de programas\LyricsSeeker\133.xpi

FF - ExtSQL: 2013-09-12 13:55; {87F8774F-B485-47E2-A755-A40A8A5E886C}; f:\documents and settings\Lucio\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\bb\xpi

FF - ExtSQL: !HIDDEN! 2011-01-10 16:17; {20a82645-c095-46ed-80e3-08825760534b}; f:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-10-03 14:36

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-1659004503-746137067-682003330-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}]

@="f:\\Documents and Settings\\Lucio\\Dados de aplicativos\\FlashGetBHO\\GetUrl.htm"

"contexts"=dword:00000022

.

[HKEY_USERS\S-1-5-21-1659004503-746137067-682003330-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}hQèþ”¥c]

@="f:\\Documents and Settings\\Lucio\\Dados de aplicativos\\FlashGetBHO\\GetAllUrl.htm"

"contexts"=dword:000000f3

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'winlogon.exe'(1024)

f:\arquivos de programas\GBPLUGIN\gbieh.dll

f:\arquivos de programas\GbPlugin\gbiehcef.dll

f:\arquiv~1\GBPLUGIN\gbiehisg.dll

.

- - - - - - - > 'explorer.exe'(2932)

f:\windows\system32\WININET.dll

f:\arquivos de programas\ESET\ESET NOD32 Antivirus\eplgHooks.dll

f:\arquivos de programas\GbPlugin\gbiehcef.dll

f:\arquivos de programas\GBPLUGIN\gbieh.dll

f:\arquivos de programas\Scpad\scpLIB.dll

f:\arquivos de programas\Scpad\scpMIB.dll

f:\windows\system32\webcheck.dll

.

------------------------ Outros Processos em Execução ------------------------

.

f:\arquivos de programas\Ahead\InCD\InCDsrv.exe

f:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

f:\arquivos de programas\Bonjour\mDNSResponder.exe

f:\arquivos de programas\Java\jre7\bin\jqs.exe

f:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

f:\windows\system32\wbem\wmiapsrv.exe

f:\windows\system32\wscntfy.exe

f:\windows\RTHDCPL.EXE

f:\windows\system32\rundll32.exe

f:\windows\system32\msiexec.exe

f:\windows\system32\rundll32.exe

f:\arquivos de programas\iPod\bin\iPodService.exe

f:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

.

**************************************************************************

.

Tempo para conclusão: 2013-10-03 14:43:42 - Máquina reiniciou

ComboFix-quarantined-files.txt 2013-10-03 17:43

ComboFix2.txt 2013-09-27 17:11

ComboFix3.txt 2013-09-25 18:29

ComboFix4.txt 2013-09-18 16:27

.

Pré-execução: 10 pasta(s) 18.065.387.520 bytes disponíveis

Pós execução: 11 pasta(s) 18.033.922.048 bytes disponíveis

.

- - End Of File - - 46B999BB966668A97FA06EA4972F9328

239FC8B1C26D5286165A956F5A98D8D7

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro lucio.lfv

Desinstale o seu navegador, e faça o que estou pedindo abaixo, depois reinstale novamente. Me informe se os sites continuam aparecendo.

Etapa nº 1 #

<<@>> Instale o CCleaner

Ao abrir o programa em Limpeza, marque a caixa: Limpar cache DNS, depois das etapas abaixo, desmarque-a ;)

O CCleaner é um excelente utilitário de limpeza para o computador, que lhe ajudará no desempenho do computador. Faça o download dele aqui CCleaner


  • IMPORTANTE: Após a instalação vá até o local onde o programa foi instalado, C:\Arquivos de programas\CCleaner, clique duas vezes na pasta, numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta; coloque o nome de backups!
  • Abra o programa e clique em Executar Limpeza;
  • clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...

Etapa nº 2 #

Novamente com o OTL

  • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
  • Copie e cole o conteúdo abaixo, no espaço logo após 5369460409_ee749edc8e_m.jpg

:OTL

:Commands
[emptyflash]
[resethosts]
[createrestorepoint]
[emptytemp]

  • Clique no botão 5370056394_358505935a_m.jpg
  • Quando reiniciar vai aparecer uma janela, clique em executar;
  • Salve (arquivo > salvar como) o log no desktop com um nome que desejar;
  • Poste o conteúdo desse log em sua próxima resposta.
  • Atenção: se fechar o log sem ter salvo antes ele sumirá.
  • Abra novamente o OTL e clique no botão 5370056476_bf9f840a51_m.jpg
  • Não interrompa o scan em hipótese algum;
  • Quando terminar será gerado o OTL.txt;
  • Poste mais este log em sua próxima resposta o log gerado.

Observação: Se por acaso perder o log depois do reinício do computador você poderá acessá-lo na pasta C:\_OTL\Moved Files

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Diego, obrigado pela atenção.

Executei os procedimentos solicitados. Desinstalei o firefox e estou usando o IE que já estava instalado mas eu não usava. observei que os sites não apareceram na barra de status do IE, embora a lentidão continue.

Estou reinstalando o Firefox e em breve te informo se os sites continuam aparecendo.

Seguem os logs solicitados:

All processes killed

========== OTL ==========

========== COMMANDS ==========

[EMPTYFLASH]

User: Administrador

User: All Users

User: Convidado

->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: Lucio

->Flash cache emptied: 2415 bytes

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

F:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: Administrador

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Convidado

->Temp folder emptied: 869574 bytes

->Temporary Internet Files folder emptied: 2281783 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 43416872 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LocalService

->Temp folder emptied: 65748 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: Lucio

->Temp folder emptied: 1322791 bytes

->Temporary Internet Files folder emptied: 7327335 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 361313272 bytes

->Flash cache emptied: 0 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 10572031 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 407,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 10062013_234510

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL logfile created on: 7/10/2013 00:09:50 - Run 3

OTL by OldTimer - Version 3.2.69.0 Folder = F:\Documents and Settings\Lucio\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

2,98 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 76,31% Memory free

4,83 Gb Paging File | 4,23 Gb Available in Paging File | 87,72% Paging File free

Paging file location(s): F:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Arquivos de programas

Drive C: | 19,80 Gb Total Space | 19,71 Gb Free Space | 99,52% Space Free | Partition Type: NTFS

Drive F: | 47,18 Gb Total Space | 17,61 Gb Free Space | 37,33% Space Free | Partition Type: NTFS

Drive G: | 231,11 Gb Total Space | 42,62 Gb Free Space | 18,44% Space Free | Partition Type: NTFS

Computer Name: NOTEBOSS | User Name: Lucio | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/27 14:24:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Lucio\Desktop\OTL.exe

PRC - [2013/08/29 02:50:56 | 000,587,912 | ---- | M] (Crawler.com) -- F:\Arquivos de programas\Spyware Terminator\st_rsser.exe

PRC - [2013/07/15 11:23:42 | 000,409,640 | ---- | M] (GAS Tecnologia) -- F:\Arquivos de programas\GbPlugin\gbpsv.exe

PRC - [2013/06/25 08:59:16 | 000,182,184 | ---- | M] (Oracle Corporation) -- F:\Arquivos de programas\Java\jre7\bin\jqs.exe

PRC - [2013/03/12 07:32:50 | 000,253,816 | ---- | M] (Oracle Corporation) -- F:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

PRC - [2012/10/02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- F:\Documents and Settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2012/08/31 09:52:22 | 000,021,432 | ---- | M] () -- G:\Programas\Kies\External\FirmwareUpdate\KiesPDLR.exe

PRC - [2012/08/31 09:52:14 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- G:\Programas\Kies\KiesTrayAgent.exe

PRC - [2012/08/31 09:52:12 | 000,964,024 | ---- | M] (Samsung) -- G:\Programas\Kies\Kies.exe

PRC - [2012/08/11 16:43:06 | 000,055,184 | ---- | M] (Apple Inc.) -- F:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2011/02/01 07:29:14 | 000,081,920 | ---- | M] (Firebird Project) -- F:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

PRC - [2011/02/01 07:29:08 | 002,764,800 | ---- | M] (Firebird Project) -- F:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

PRC - [2010/01/26 17:45:47 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- F:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

PRC - [2009/03/19 10:44:50 | 000,731,840 | ---- | M] (ESET) -- F:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

PRC - [2009/03/19 10:44:28 | 002,029,640 | ---- | M] (ESET) -- F:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

PRC - [2008/04/13 19:21:00 | 001,035,776 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\explorer.exe

PRC - [2007/01/17 14:34:18 | 000,634,880 | R--- | M] (Motorola Inc.) -- F:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

PRC - [2005/07/08 16:24:46 | 000,871,424 | ---- | M] (Nero AG) -- F:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

PRC - [2005/07/08 11:25:10 | 001,397,760 | ---- | M] (Nero AG) -- F:\Arquivos de programas\Ahead\InCD\InCD.exe

PRC - [2004/11/02 19:24:46 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- F:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

========== Modules (No Company Name) ==========

MOD - [2013/10/07 00:06:47 | 000,115,137 | ---- | M] () -- F:\Documents and Settings\Lucio\Configurações locais\temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll

MOD - [2013/08/17 09:49:48 | 003,194,880 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

MOD - [2013/08/17 09:49:46 | 000,425,984 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll

MOD - [2013/08/17 09:49:42 | 000,372,736 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

MOD - [2013/08/17 09:49:40 | 000,630,784 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

MOD - [2013/08/17 09:49:40 | 000,303,104 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

MOD - [2013/08/17 09:49:37 | 002,052,096 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll

MOD - [2013/08/17 09:49:35 | 000,114,688 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

MOD - [2013/08/17 09:49:30 | 005,025,792 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

MOD - [2013/07/11 10:06:14 | 011,497,984 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll

MOD - [2013/07/11 09:55:36 | 001,249,280 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll

MOD - [2013/07/11 09:55:34 | 005,283,840 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll

MOD - [2013/07/11 09:55:33 | 004,214,784 | ---- | M] () -- F:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll

MOD - [2012/08/31 09:52:22 | 000,021,432 | ---- | M] () -- G:\Programas\Kies\External\FirmwareUpdate\KiesPDLR.exe

MOD - [2012/08/31 09:46:26 | 015,342,592 | ---- | M] () -- G:\Programas\Kies\Theme\Kies.Theme.dll

MOD - [2012/08/31 09:45:44 | 000,559,616 | ---- | M] () -- G:\Programas\Kies\Common\Kies.UI.dll

MOD - [2012/08/28 10:23:40 | 000,034,816 | ---- | M] () -- G:\Programas\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll

MOD - [2012/08/28 10:22:46 | 000,023,040 | ---- | M] () -- G:\Programas\Kies\MVVM\Kies.MVVM.dll

MOD - [2012/08/28 10:06:08 | 000,057,856 | ---- | M] () -- G:\Programas\Kies\Common\ASF_cSharpAPI.dll

MOD - [2012/08/28 10:05:16 | 000,659,408 | ---- | M] () -- G:\Programas\Kies\External\FirmwareUpdate\CommonModule.dll

MOD - [2012/08/28 10:05:16 | 000,552,400 | ---- | M] () -- G:\Programas\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll

MOD - [2012/08/28 10:05:16 | 000,028,624 | ---- | M] () -- G:\Programas\Kies\External\FirmwareUpdate\FirmwareUpdate.MVVM.dll

MOD - [2012/08/28 10:05:16 | 000,007,168 | ---- | M] () -- G:\Programas\Kies\External\FirmwareUpdate\IPCServer.dll

MOD - [2012/08/28 10:05:16 | 000,003,584 | ---- | M] () -- G:\Programas\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll

MOD - [2012/08/28 10:05:10 | 000,069,632 | ---- | M] () -- G:\Programas\Kies\External\FirmwareUpdate\pt-BR\CommonModule.resources.dll

MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- F:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\zlib1.dll

MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- F:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\libxml2.dll

MOD - [2010/12/17 14:36:07 | 000,667,648 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll

MOD - [2010/12/17 14:35:11 | 000,397,312 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll

MOD - [2010/12/17 14:35:08 | 000,098,304 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

MOD - [2010/03/11 15:41:30 | 000,040,960 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_pt-BR_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll

MOD - [2010/03/11 15:41:28 | 000,303,104 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll

MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- F:\WINDOWS\system32\cpwmon2k.dll

MOD - [2009/02/27 17:49:12 | 000,311,296 | ---- | M] () -- F:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\pdfshell.PTB

========== Services (SafeList) ==========

SRV - [2013/09/19 22:04:43 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- F:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/08/29 02:50:56 | 000,587,912 | ---- | M] (Crawler.com) [Auto | Running] -- F:\Arquivos de programas\Spyware Terminator\st_rsser.exe -- (ST2012_Svc)

SRV - [2013/07/15 11:23:42 | 000,409,640 | ---- | M] (GAS Tecnologia) [Auto | Running] -- F:\Arquivos de programas\GbPlugin\gbpsv.exe -- (GbpSv)

SRV - [2013/06/25 08:59:16 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- F:\Arquivos de programas\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2012/10/02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- F:\Documents and Settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012/08/11 16:43:06 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- F:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- F:\Arquivos de programas\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011/02/01 07:29:14 | 000,081,920 | ---- | M] (Firebird Project) [Auto | Running] -- F:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)

SRV - [2011/02/01 07:29:08 | 002,764,800 | ---- | M] (Firebird Project) [On_Demand | Running] -- F:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe -- (FirebirdServerDefaultInstance)

SRV - [2009/10/27 08:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- F:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2009/03/19 10:48:08 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- F:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)

SRV - [2009/03/19 10:44:50 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- F:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)

SRV - [2005/07/08 16:24:46 | 000,871,424 | ---- | M] (Nero AG) [Auto | Running] -- F:\Arquivos de programas\Ahead\InCD\InCDsrv.exe -- (InCDsrv)

SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- F:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- F:\ComboFix\catchme.sys -- (catchme)

DRV - [2013/10/07 00:03:15 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\GbpNdisrd.sys -- (NdisrdMP)

DRV - [2013/10/07 00:03:15 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\GbpNdisrd.sys -- (Ndisrd)

DRV - [2013/07/01 15:40:10 | 000,047,688 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- F:\WINDOWS\system32\drivers\GbpKm.sys -- (GbpKm)

DRV - [2012/08/20 14:48:44 | 000,015,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)

DRV - [2012/08/20 14:48:44 | 000,010,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\pwdspio.sys -- (pwdspio)

DRV - [2012/07/31 07:42:48 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)

DRV - [2012/07/31 07:42:48 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)

DRV - [2011/06/21 11:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)

DRV - [2009/10/06 10:56:34 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)

DRV - [2009/10/06 10:56:32 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)

DRV - [2009/10/06 10:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2009/10/06 10:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2009/10/06 10:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2009/10/06 10:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2009/06/30 17:55:38 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2009/03/19 10:45:38 | 000,093,848 | ---- | M] (ESET) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)

DRV - [2009/03/19 10:44:34 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)

DRV - [2009/03/19 10:41:38 | 000,113,960 | ---- | M] (ESET) [File_System | On_Demand | Running] -- F:\WINDOWS\system32\drivers\eamon.sys -- (eamon)

DRV - [2008/08/26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008/06/07 14:09:04 | 000,010,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\gnome.sys -- (GNOME_R)

DRV - [2008/04/13 11:46:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\MPE.sys -- (MPE)

DRV - [2007/09/05 17:31:30 | 004,611,072 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)

DRV - [2007/08/24 19:45:22 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2007/08/03 16:31:44 | 000,018,688 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)

DRV - [2007/08/03 16:10:14 | 000,321,536 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)

DRV - [2007/05/16 12:00:00 | 000,042,368 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\SiSGbeXP.sys -- (SiSGbeXP)

DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- F:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007/01/29 20:20:04 | 000,361,728 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)

DRV - [2007/01/29 20:19:48 | 000,039,680 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)

DRV - [2007/01/23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- F:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2007/01/17 14:38:52 | 000,983,936 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\smserial.sys -- (smserial)

DRV - [2006/05/18 09:48:50 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)

DRV - [2005/07/08 16:17:56 | 000,008,704 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- F:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)

DRV - [2005/07/08 16:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- F:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)

DRV - [2005/07/08 16:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)

DRV - [2005/07/08 11:17:32 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- F:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1659004503-746137067-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/

IE - HKU\S-1-5-21-1659004503-746137067-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-1659004503-746137067-682003330-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1659004503-746137067-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKU\S-1-5-21-1659004503-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1659004503-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7BDB9127A2-3381-41ec-82B3-1B6ED4C6F29A%7D:1.0

FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21

FF - prefs.js..extensions.enabledAddons: %7B87F8774F-B485-47E2-A755-A40A8A5E886D%7D:3.4.0

FF - prefs.js..extensions.enabledAddons: %7B0303e6fc-c062-47f1-825d-73e5e97d1d43%7D:1.133

FF - prefs.js..extensions.enabledAddons: %7B87F8774F-B485-47E2-A755-A40A8A5E886C%7D:3.4.0

FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.12

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: G:\Programas\Itunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: F:\Arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: F:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: F:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Arquivos de programas\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: F:\Arquivos de programas\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: F:\Arquivos de programas\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: F:\Arquivos de programas\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Arquivos de programas\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Arquivos de programas\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: G:\Programas\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: F:\Arquivos de programas\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: F:\Arquivos de programas\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/bb: F:\Documents and Settings\Lucio\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)

FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/cef: F:\Documents and Settings\Lucio\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_cef.dll (GAS Tecnologia)

FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/isg: F:\Documents and Settings\Lucio\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_isg.dll (GAS Tecnologia)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: G:\Programas\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/01/26 14:01:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: G:\Programas\Mozilla Thunderbird\components [2010/07/14 16:19:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: G:\Programas\Mozilla Thunderbird\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: F:\Arquivos de programas\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/11/18 09:30:02 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886F}: F:\Documents and Settings\Lucio\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\isg\xpi [2013/05/02 14:57:26 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886D}: F:\Documents and Settings\Lucio\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\cef\xpi [2013/08/30 18:21:37 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0303e6fc-c062-47f1-825d-73e5e97d1d43}: F:\Arquivos de programas\LyricsSeeker\133.xpi [2013/09/12 00:11:44 | 000,005,792 | ---- | M] ()

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886C}: F:\Documents and Settings\Lucio\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\bb\xpi [2013/09/12 13:55:00 | 000,000,000 | ---D | M]

[2009/11/04 15:46:45 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\Lucio\Dados de aplicativos\Mozilla\Extensions

[2009/11/04 15:46:45 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\Lucio\Dados de aplicativos\Mozilla\Extensions\mozswing@mozswing.org

[2013/09/30 21:24:30 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\Lucio\Dados de aplicativos\Mozilla\Firefox\Profiles\vtr7h0vc.default\extensions

[2011/01/10 15:34:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- F:\Documents and Settings\Lucio\Dados de aplicativos\Mozilla\Firefox\Profiles\vtr7h0vc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2013/08/27 20:30:51 | 000,000,000 | ---D | M] (DownloadHelper) -- F:\Documents and Settings\Lucio\Dados de aplicativos\Mozilla\Firefox\Profiles\vtr7h0vc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010/05/20 16:51:22 | 000,000,000 | ---D | M] (flashget3 Extension) -- F:\Documents and Settings\Lucio\Dados de aplicativos\Mozilla\Firefox\Profiles\vtr7h0vc.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}

[2013/09/30 21:24:30 | 000,282,570 | ---- | M] () (No name found) -- F:\Documents and Settings\Lucio\Dados de aplicativos\Mozilla\Firefox\Profiles\vtr7h0vc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

[2010/03/24 10:42:56 | 000,057,418 | ---- | M] (flashget) (No name found) -- F:\Documents and Settings\Lucio\Dados de aplicativos\Mozilla\Firefox\Profiles\vtr7h0vc.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashGetXPI.dll

[2008/10/17 10:03:56 | 000,000,205 | ---- | M] () (No name found) -- F:\Documents and Settings\Lucio\Dados de aplicativos\Mozilla\Firefox\Profiles\vtr7h0vc.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\IFlashgetXpi.xpt

[2013/09/30 20:03:29 | 000,000,000 | ---D | M] (No name found) -- F:\Arquivos de programas\Mozilla Firefox\extensions

[2013/09/30 20:03:32 | 000,000,000 | ---D | M] (Skype Click to Call) -- F:\Arquivos de programas\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2013/09/30 20:03:26 | 000,000,000 | ---D | M] (No name found) -- F:\Arquivos de programas\Mozilla Firefox\browser\extensions

[2013/09/30 20:04:15 | 000,000,000 | ---D | M] (Default) -- F:\Arquivos de programas\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2013/09/12 00:11:44 | 000,005,792 | ---- | M] () (No name found) -- F:\ARQUIVOS DE PROGRAMAS\LYRICSSEEKER\133.XPI

File not found (No name found) -- F:\DOCUMENTS AND SETTINGS\LUCIO\CONFIGURAçÃΜES LOCAIS\DADOS DE APLICATIVOS\GAS TECNOLOGIA\GBBD\BB\XPI

File not found (No name found) -- F:\DOCUMENTS AND SETTINGS\LUCIO\CONFIGURAçÃΜES LOCAIS\DADOS DE APLICATIVOS\GAS TECNOLOGIA\GBBD\CEF\XPI

O1 HOSTS File: ([2013/10/06 23:45:13 | 000,000,098 | ---- | M]) - F:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (ssh2 Class) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - F:\Arquivos de programas\Scpad\scpsssh2.dll (Banco Bradesco S.A.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Arquivos de programas\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - F:\Documents and Settings\Lucio\Dados de aplicativos\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - F:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - F:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540015} - F:\Arquivos de programas\GbPlugin\gbiehIsg.dll (Infoseg - Senasp)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - G:\Programas\Orbitdownloader\GrabPro.dll ()

O3 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - G:\Programas\Orbitdownloader\GrabPro.dll ()

O4 - HKLM..\Run: [Adobe ARM] F:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] F:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [bIH] F:\WINDOWS\System32\bih.dll (Thomas Michel eMail: support.batteryinfo@arcor.de Web: http://www.batteryinfo.de.vu or http://home.arcor.de/batteryinfo)

O4 - HKLM..\Run: [bluetoothAuthenticationAgent] F:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)

O4 - HKLM..\Run: [egui] F:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4 - HKLM..\Run: [inCD] F:\Arquivos de programas\Ahead\InCD\InCD.exe (Nero AG)

O4 - HKLM..\Run: [KiesTrayAgent] G:\Programas\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKLM..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [RemoteControl] F:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

O4 - HKLM..\Run: [siSPower] F:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)

O4 - HKLM..\Run: [sMSERIAL] F:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)

O4 - HKLM..\Run: [spywareTerminatorUpdater] F:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)

O4 - HKLM..\Run: [sunJavaUpdateSched] F:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Oracle Corporation)

O4 - HKLM..\Run: [TkBellExe] F:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-21-1659004503-746137067-682003330-1003..\Run: [DAEMON Tools Lite] G:\Programas\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-1659004503-746137067-682003330-1003..\Run: [KiesPDLR] G:\Programas\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

O4 - HKU\S-1-5-21-1659004503-746137067-682003330-1003..\Run: [KiesPreload] G:\Programas\Kies\Kies.exe (Samsung)

O4 - HKU\S-1-5-21-1659004503-746137067-682003330-1003..\Run: [NBJ] F:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)

O4 - Startup: F:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Utility Tray.lnk = F:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)

O4 - Startup: F:\Documents and Settings\Lucio\Menu Iniciar\Programas\Inicializar\LimeWire On Startup.lnk = G:\Programas\LimeWire\LimeWire.exe (Lime Wire, LLC)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &Download by Orbit - G:\Programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: &Grab video by Orbit - G:\Programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Do&wnload selected by Orbit - G:\Programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Down&load all by Orbit - G:\Programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Download all by FlashGet3 - F:\Documents and Settings\Lucio\Dados de aplicativos\FlashGetBHO\GetAllUrl.htm ()

O8 - Extra context menu item: Download by FlashGet3 - F:\Documents and Settings\Lucio\Dados de aplicativos\FlashGetBHO\GetUrl.htm ()

O8 - Extra context menu item: 使用快车3下载 - F:\Documents and Settings\Lucio\Dados de aplicativos\FlashGetBHO\GetUrl.htm ()

O8 - Extra context menu item: 使用快车3下载全部链接 - F:\Documents and Settings\Lucio\Dados de aplicativos\FlashGetBHO\GetAllUrl.htm ()

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - F:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe (PokerStars)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - F:\Arquivos de programas\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\..Trusted Domains: bancobrasil.com.br ([www] * in Sites confiáveis)

O15 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\..Trusted Domains: bancobrasil.com.br ([www] http in Sites confiáveis)

O15 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\..Trusted Domains: bancobrasil.com.br ([www14] * in Sites confiáveis)

O15 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\..Trusted Domains: bancobrasil.com.br ([www14] https in Sites confiáveis)

O15 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\..Trusted Domains: bancobrasil.com.br ([www2] * in Sites confiáveis)

O15 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\..Trusted Domains: bancobrasil.com.br ([www2] https in Sites confiáveis)

O15 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\..Trusted Domains: bb.com.br ([www] * in Sites confiáveis)

O15 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\..Trusted Domains: bb.com.br ([www] http in Sites confiáveis)

O15 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\..Trusted Domains: caixa.gov.br ([]https in Sites confiáveis)

O15 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\..Trusted Domains: infoseg.gov.br ([www] http in Sites confiáveis)

O15 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\..Trusted Domains: infoseg.gov.br ([www2] https in Sites confiáveis)

O15 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\..Trusted Domains: infoseg.gov.br ([www5] https in Sites confiáveis)

O15 - HKU\S-1-5-21-1659004503-746137067-682003330-1003\..Trusted Ranges: Range1 ([https] in Sites confiáveis)

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399015} https://www5.infoseg.gov.br/Install/GbPluginIsg.cab (GbPluginObj Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CF76CF3-519B-4C05-968C-77C1665B1C31}: DhcpNameServer = 192.168.42.129

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78240407-D696-4F6C-B6A0-F520D83EC98C}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - F:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (F:\WINDOWS\system32\userinit.exe) - F:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ GbPluginBb: DllName - (F:\Arquivos de programas\GbPlugin\gbieh.dll) - F:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

O20 - Winlogon\Notify\ GbPluginCef: DllName - (F:\Arquivos de programas\GbPlugin\gbiehCef.dll) - F:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O20 - Winlogon\Notify\ GbPluginIsg: DllName - (F:\ARQUIV~1\GbPlugin\gbiehIsg.dll) - F:\Arquivos de programas\GbPlugin\gbiehIsg.dll (Infoseg - Senasp)

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - F:\Arquivos de programas\Scpad\scpLIB.dll (Banco Bradesco S.A.)

O22 - SharedTaskScheduler: {A3717295-941D-416F-9384-ED1736729F1C} - scpLIB - F:\Arquivos de programas\Scpad\scpLIB.dll (Banco Bradesco S.A.)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O24 - Desktop WallPaper: F:\WINDOWS\Web\Wallpaper\Alegria.bmp

O24 - Desktop BackupWallPaper: F:\WINDOWS\Web\Wallpaper\Alegria.bmp

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - F:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399015} - F:\Arquivos de programas\GbPlugin\gbiehIsg.dll (Infoseg - Senasp)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - F:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/06 23:48:22 | 000,000,000 | -HSD | C] -- F:\RECYCLER

[2013/10/06 23:16:13 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Menu Iniciar\Programas\CCleaner

[2013/10/06 23:16:11 | 000,000,000 | ---D | C] -- F:\Arquivos de programas\CCleaner

[2013/10/06 23:08:21 | 004,369,632 | ---- | C] (Piriform Ltd) -- F:\Documents and Settings\Lucio\Desktop\ccsetup406.exe

[2013/10/03 14:20:18 | 000,000,000 | ---D | C] -- F:\ComboFix

[2013/09/30 22:51:48 | 000,000,000 | ---D | C] -- F:\_OTL

[2013/09/30 20:03:25 | 000,000,000 | ---D | C] -- F:\Arquivos de programas\Mozilla Firefox

[2013/09/27 14:24:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\Lucio\Desktop\OTL.exe

[2013/09/27 14:11:43 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- F:\WINDOWS\System32\drivers\PROCEXP113.SYS

[2013/09/25 12:12:22 | 005,130,107 | R--- | C] (Swearware) -- F:\Documents and Settings\Lucio\Desktop\ComboFix.exe

[2013/09/25 12:12:03 | 001,030,038 | ---- | C] (Thisisu) -- F:\Documents and Settings\Lucio\Desktop\JRT.exe

[2013/09/24 18:58:23 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Lucio\Desktop\HijackThis

[2013/09/24 18:57:11 | 000,147,456 | ---- | C] (Eric_71) -- F:\Documents and Settings\Lucio\Desktop\MbrScan.exe

[2013/09/24 18:56:37 | 000,358,923 | ---- | C] (Farbar) -- F:\Documents and Settings\Lucio\Desktop\FSS.exe

[2013/09/18 19:56:23 | 000,688,992 | R--- | C] (Swearware) -- F:\Documents and Settings\Lucio\Desktop\dds.com

[2013/09/18 13:19:30 | 000,000,000 | RHSD | C] -- F:\cmdcons

[2013/09/18 13:14:06 | 000,518,144 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWREG.exe

[2013/09/18 13:14:06 | 000,406,528 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWSC.exe

[2013/09/18 13:14:06 | 000,212,480 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWXCACLS.exe

[2013/09/18 13:14:06 | 000,060,416 | ---- | C] (NirSoft) -- F:\WINDOWS\NIRCMD.exe

[2013/09/18 13:10:41 | 000,000,000 | ---D | C] -- F:\Qoobox

[2013/09/18 13:10:23 | 000,000,000 | ---D | C] -- F:\WINDOWS\erdnt

[2013/09/17 19:53:41 | 000,000,000 | ---D | C] -- F:\WINDOWS\ERUNT

[2013/09/17 19:27:42 | 000,000,000 | ---D | C] -- F:\AdwCleaner

[2013/09/17 19:17:58 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Lucio\Desktop\RK_Quarantine

[2013/09/17 18:30:50 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Malwarebytes

[2013/09/17 18:30:34 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware

[2013/09/17 18:30:33 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

[2013/09/17 18:30:31 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbam.sys

[2013/09/17 18:30:31 | 000,000,000 | ---D | C] -- F:\Arquivos de programas\Malwarebytes' Anti-Malware

[2013/09/17 17:12:01 | 000,000,000 | ---D | C] -- F:\TDSSKiller_Quarantine

[2013/09/12 20:26:38 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Spyware Terminator

[2013/09/12 20:26:38 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

[2013/09/12 20:26:36 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Menu Iniciar\Programas\Spyware Terminator 2012

[2013/09/12 20:26:35 | 000,000,000 | ---D | C] -- F:\Arquivos de programas\Spyware Terminator

[2013/09/12 00:11:44 | 000,000,000 | ---D | C] -- F:\Arquivos de programas\LyricsSeeker

[2013/09/10 15:11:02 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Lucio\Meus documentos\Fatura Belo Dente

========== Files - Modified Within 30 Days ==========

[2013/10/07 00:11:00 | 000,001,070 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/10/07 00:04:33 | 000,000,902 | ---- | M] () -- F:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/10/07 00:03:15 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) -- F:\WINDOWS\System32\drivers\GbpNdisrd.sys

[2013/10/07 00:02:57 | 000,001,066 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/10/07 00:01:47 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat

[2013/10/07 00:01:35 | 3203,575,808 | -HS- | M] () -- F:\hiberfil.sys

[2013/10/06 23:45:13 | 000,000,098 | ---- | M] () -- F:\WINDOWS\System32\drivers\etc\Hosts

[2013/10/06 23:16:13 | 000,000,738 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2013/10/06 23:09:18 | 004,369,632 | ---- | M] (Piriform Ltd) -- F:\Documents and Settings\Lucio\Desktop\ccsetup406.exe

[2013/10/05 13:49:32 | 000,002,262 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl

[2013/10/03 14:43:46 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- F:\WINDOWS\System32\drivers\PROCEXP113.SYS

[2013/10/03 14:27:56 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\drivers\SROUTE.SYS

[2013/10/03 14:19:16 | 005,130,107 | R--- | M] (Swearware) -- F:\Documents and Settings\Lucio\Desktop\ComboFix.exe

[2013/10/02 13:26:35 | 000,000,664 | ---- | M] () -- F:\WINDOWS\System32\d3d9caps.dat

[2013/10/02 07:41:59 | 000,079,872 | ---- | M] () -- F:\Documents and Settings\Lucio\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013/09/29 13:11:41 | 000,000,040 | ---- | M] () -- F:\Documents and Settings\Lucio\Dados de aplicativos\cdr.ini

[2013/09/27 14:25:11 | 000,145,357 | ---- | M] () -- F:\Documents and Settings\Lucio\Desktop\OTL image.jpg

[2013/09/27 14:24:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Lucio\Desktop\OTL.exe

[2013/09/25 21:33:07 | 000,002,315 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Skype.lnk

[2013/09/25 12:48:20 | 001,042,066 | ---- | M] () -- F:\Documents and Settings\Lucio\Desktop\adwcleaner.exe

[2013/09/25 00:05:44 | 000,044,469 | ---- | M] () -- F:\Documents and Settings\Lucio\Meus documentos\Boleto Lucas ufmg.pdf

[2013/09/24 19:03:48 | 000,000,512 | ---- | M] () -- F:\Documents and Settings\Lucio\Desktop\Dump_Hdd0_DR0.mbr

[2013/09/24 18:57:11 | 000,147,456 | ---- | M] (Eric_71) -- F:\Documents and Settings\Lucio\Desktop\MbrScan.exe

[2013/09/24 18:56:37 | 000,358,923 | ---- | M] (Farbar) -- F:\Documents and Settings\Lucio\Desktop\FSS.exe

[2013/09/22 04:38:24 | 001,030,038 | ---- | M] (Thisisu) -- F:\Documents and Settings\Lucio\Desktop\JRT.exe

[2013/09/18 19:02:12 | 000,688,992 | R--- | M] (Swearware) -- F:\Documents and Settings\Lucio\Desktop\dds.com

[2013/09/18 14:16:25 | 000,377,856 | ---- | M] () -- F:\Documents and Settings\Lucio\Desktop\p9ff6wec.exe

[2013/09/18 13:19:33 | 000,000,327 | RHS- | M] () -- F:\boot.ini

[2013/09/17 18:30:34 | 000,000,840 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013/09/13 11:04:47 | 000,268,600 | ---- | M] () -- F:\WINDOWS\System32\FNTCACHE.DAT

[2013/09/13 09:42:21 | 000,001,374 | ---- | M] () -- F:\WINDOWS\imsins.BAK

[2013/09/12 20:26:36 | 000,000,765 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Spyware Terminator 2012.lnk

[2013/09/12 13:55:04 | 000,018,244 | ---- | M] () -- F:\Documents and Settings\Lucio\Dados de aplicativos\unins002.dat

[2013/09/10 16:38:32 | 000,000,116 | ---- | M] () -- F:\WINDOWS\NeroDigital.ini

[2013/09/10 14:50:59 | 000,423,919 | ---- | M] () -- F:\Documents and Settings\Lucio\Meus documentos\DSC00594_Red2.JPG

[2013/09/10 14:48:11 | 001,194,513 | ---- | M] () -- F:\Documents and Settings\Lucio\Meus documentos\DSC00594_Red.JPG

========== Files Created - No Company Name ==========

[2013/10/06 23:16:13 | 000,000,738 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2013/10/03 14:27:56 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\drivers\SROUTE.SYS

[2013/09/27 14:25:09 | 000,145,357 | ---- | C] () -- F:\Documents and Settings\Lucio\Desktop\OTL image.jpg

[2013/09/25 12:48:20 | 001,042,066 | ---- | C] () -- F:\Documents and Settings\Lucio\Desktop\adwcleaner.exe

[2013/09/25 00:05:41 | 000,044,469 | ---- | C] () -- F:\Documents and Settings\Lucio\Meus documentos\Boleto Lucas ufmg.pdf

[2013/09/24 19:03:03 | 000,000,512 | ---- | C] () -- F:\Documents and Settings\Lucio\Desktop\Dump_Hdd0_DR0.mbr

[2013/09/18 14:16:16 | 000,377,856 | ---- | C] () -- F:\Documents and Settings\Lucio\Desktop\p9ff6wec.exe

[2013/09/18 13:19:33 | 000,000,210 | ---- | C] () -- F:\Boot.bak

[2013/09/18 13:19:31 | 000,261,856 | RHS- | C] () -- F:\cmldr

[2013/09/18 13:14:06 | 000,256,000 | ---- | C] () -- F:\WINDOWS\PEV.exe

[2013/09/18 13:14:06 | 000,208,896 | ---- | C] () -- F:\WINDOWS\MBR.exe

[2013/09/18 13:14:06 | 000,098,816 | ---- | C] () -- F:\WINDOWS\sed.exe

[2013/09/18 13:14:06 | 000,080,412 | ---- | C] () -- F:\WINDOWS\grep.exe

[2013/09/18 13:14:06 | 000,068,096 | ---- | C] () -- F:\WINDOWS\zip.exe

[2013/09/17 18:30:34 | 000,000,840 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013/09/12 20:26:39 | 000,032,768 | ---- | C] () -- F:\WINDOWS\System32\drivers\sp_rsdrv2.sys

[2013/09/12 20:26:36 | 000,000,765 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Spyware Terminator 2012.lnk

[2013/09/12 13:55:00 | 000,018,244 | ---- | C] () -- F:\Documents and Settings\Lucio\Dados de aplicativos\unins002.dat

[2013/09/10 14:50:59 | 000,423,919 | ---- | C] () -- F:\Documents and Settings\Lucio\Meus documentos\DSC00594_Red2.JPG

[2013/09/10 14:48:10 | 001,194,513 | ---- | C] () -- F:\Documents and Settings\Lucio\Meus documentos\DSC00594_Red.JPG

[2013/08/30 18:21:37 | 000,013,831 | ---- | C] () -- F:\Documents and Settings\Lucio\Dados de aplicativos\unins001.dat

[2013/08/16 19:10:11 | 000,000,040 | ---- | C] () -- F:\Documents and Settings\Lucio\Dados de aplicativos\cdr.ini

[2013/07/11 10:22:13 | 000,569,528 | ---- | C] () -- F:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat

[2013/05/02 14:57:26 | 000,717,985 | ---- | C] () -- F:\Documents and Settings\Lucio\Dados de aplicativos\unins000.exe

[2013/05/02 14:57:26 | 000,011,281 | ---- | C] () -- F:\Documents and Settings\Lucio\Dados de aplicativos\unins000.dat

[2013/04/19 16:46:14 | 000,000,176 | ---- | C] () -- F:\WINDOWS\REC-NET.INI

[2013/01/31 10:00:43 | 000,905,290 | R--- | C] () -- F:\WINDOWS\System32\libmmd.dll

[2012/08/28 10:04:34 | 000,081,920 | ---- | C] () -- F:\WINDOWS\System32\issacapi_bs-2.3.dll

[2012/08/28 10:04:34 | 000,065,536 | ---- | C] () -- F:\WINDOWS\System32\issacapi_pe-2.3.dll

[2012/08/28 10:04:34 | 000,057,344 | ---- | C] () -- F:\WINDOWS\System32\issacapi_se-2.3.dll

[2012/08/28 10:04:34 | 000,030,568 | ---- | C] () -- F:\WINDOWS\MusiccityDownload.exe

[2012/08/28 10:04:32 | 000,974,848 | ---- | C] () -- F:\WINDOWS\System32\cis-2.4.dll

[2012/04/25 18:14:41 | 000,000,533 | ---- | C] () -- F:\WINDOWS\eReg.dat

[2012/02/16 08:31:41 | 000,003,072 | ---- | C] () -- F:\WINDOWS\System32\iacenc.dll

[2011/01/27 11:09:23 | 000,000,148 | ---- | C] () -- F:\Documents and Settings\Lucio\acesso.serpro.gov.br.HOD.LOC

[2010/06/22 17:53:14 | 000,002,528 | ---- | C] () -- F:\Documents and Settings\Lucio\Dados de aplicativos\$_hpcst$.hpc

[2009/12/07 21:45:41 | 000,040,960 | ---- | C] () -- F:\Arquivos de programas\Uninstall_CDS.exe

[2009/09/30 10:20:24 | 000,079,872 | ---- | C] () -- F:\Documents and Settings\Lucio\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/07/02 18:26:31 | 000,000,138 | ---- | C] () -- F:\Documents and Settings\Lucio\Configurações locais\Dados de aplicativos\fusioncache.dat

========== ZeroAccess Check ==========

[2009/07/02 17:50:28 | 000,000,227 | RHS- | M] () -- F:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:20:42 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:53:26 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:20:42 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2012/10/02 12:10:22 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2011/03/23 20:07:57 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\3DVIA

[2012/05/29 14:57:29 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\Battle.net

[2012/04/25 17:34:23 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\DAEMON Tools Lite

[2012/04/16 22:03:08 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\EPSON

[2009/11/18 09:30:00 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\ESET

[2013/05/02 14:57:27 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\GAS Tecnologia

[2013/10/07 00:01:57 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

[2010/01/26 13:59:28 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\Installations

[2010/01/26 10:31:56 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\Nokia

[2012/07/23 08:29:35 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\PC Drivers HeadQuarters Inc

[2010/01/26 14:05:02 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\PC Suite

[2012/09/23 11:29:05 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\Samsung

[2013/10/06 13:01:14 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

[2010/01/29 11:50:28 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Convidado\Dados de aplicativos\PC Suite

[2013/10/06 00:34:05 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Convidado\Dados de aplicativos\Scpad

[2010/04/26 11:58:54 | 000,000,000 | ---D | M] -- F:\Documents and Settings\LocalService\Dados de aplicativos\Foxit Software

[2012/04/27 20:58:19 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\AnvSoft

[2012/08/16 16:26:02 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\BITS

[2012/04/25 17:50:47 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\DAEMON Tools Lite

[2010/02/23 14:18:14 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Docx2Rtf

[2013/08/16 19:10:11 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Eusing

[2010/05/20 16:50:15 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\FlashGet

[2010/05/20 16:50:06 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\FlashGetBHO

[2010/04/26 11:58:57 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Foxit Software

[2013/05/04 15:08:03 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\FreeAudioPack

[2012/07/23 08:27:13 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\GetRightToGo

[2009/07/01 13:28:12 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\GrabPro

[2013/03/01 10:28:11 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\LimeWire

[2012/07/15 18:46:49 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Logia

[2011/12/10 18:53:13 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Mouse Recorder Pro

[2012/01/05 10:50:41 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Nokia

[2010/02/23 14:22:09 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\NwDocx

[2012/10/31 23:40:44 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Orbit

[2011/11/29 12:51:44 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\PC Suite

[2011/12/06 13:00:19 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Razor

[2013/04/13 18:43:39 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Samsung

[2013/10/07 00:04:13 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Scpad

[2013/07/18 23:57:13 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Splitscreen Studios

[2013/09/12 20:26:38 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Spyware Terminator

[2010/05/28 09:38:04 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\Thunderbird

[2013/09/01 01:33:12 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Lucio\Dados de aplicativos\uTorrent

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 412 bytes -> F:\WINDOWS\System32\drivers:GbpKmAp.lst

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Diego,

Reinstalei o Firefox, e já na primeira navegação começaram a aparecer nossos velhos conhecidos na barra de status. Fiz uma nova lista com novos personagens que observei:

intext.nav-links.com

ad.yeldmanager.com

ici.resynccdn.net

www.superfish.com

dej.drivejs.net

zone98.hotwords.com.br

t2.gstatic.com

t1.gstatic.com

t0.gstatic.com

ads26855.hotwords

googlesyndication

pixel.quantserve

platform.twitter.com

img.hotwords.com

cdn.api.twitter.com

apis.google.com

cloudfonts

cdn3.vizury.com

gzt.jsmace

www.vizury.com

Tenho experimentado também dois novos redirecionamentos além do "ici.resynccdn", aliás um deles (gzt.jsmace) nem é novo, pois foi o primeiro a aparecer e havia sumido depois que eu passei o NOD AV. Seguem os prints:

redirecionamento_gzt.jpg

redirecionamento_gqf.jpg

redirecionamento_gqf_2.jpg

Cara, tô ficando impaciente com esse troço. :muro:

Conto contigo e agradeço, Diego.

Abço.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro lucio.lfv

Falha minha :muro:

Vamos ver se agora resolve ;)

>>> Primeira coisa, desinstale o seguinte programa: Lyrics Seeker e novamente seu navegador.

>>> Faça uma nova limpeza com o CCleaner.

>>> Siga estes procedimentos: http://support.microsoft.com/kb/972034/pt-br

>>> Reinstale seu navegador e vamos ver... :rolleyes:

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Diego, obrigado pela atenção.

Estou com esperanças renovadas.:lol:

Fiz os procedimentos solicitados e depois da exclusão do Lyricseeker, notei uma considerável melhora na navegação, e a maioria dos sites não tem aperecido mais. Tudo bem que ainda não fiz uma navegação de peso pra ter certeza de está tudo bem.

O que pode ser a má notícia e que notei os seguintes sites na barra de status.

zone96

zone97.hotwords.com

não sei se que se pode ser o recomeço dos problemas...:unsure:

E aí mais alguma instrução?

Ahhh, outra coisa, como é que esse maldito Lyrics se instalou ou foi instalado?? Não costumo aceitar programas acessórios quando baixo alguma coisa.

Compartilhar este post


Link para o post
Compartilhar em outros sites
O que pode ser a má notícia e que notei os seguintes sites na barra de status.
Não tem como você apagá-los?
Ahhh, outra coisa, como é que esse maldito Lyrics se instalou ou foi instalado??
Provavelmente durante alguma outra instalação de um programa.

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
Não tem como você apagá-los?

Diego, ao contrário do que rolou com o LyricSeeker, não encontrei o programa ou a pasta com o nome hotwords para poder passar o aço. Inclusive, já busquei também nas extensões do FF e não achei. E agora o hotwords está abrindo uma cortina lateral de ofertas que tá enchendo o saco. De qualquer forma o note já está pelo menos utilizável depois de deletar o Lyric.

Grato:joia:

Segue o log do MB:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Versão da Base de Dados: v2013.10.18.02

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Lucio :: NOTEBOSS [administrador]

18/10/2013 01:34:55

mbam-log-2013-10-18 (01-34-55).txt

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 268167

Tempo decorrido: 17 minuto(s), 40 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 2

F:\Documents and Settings\Lucio\Meus documentos\Downloads\SoftonicDownloader_para_barcode-reader.exe (PUP.Optional.Softonic.A) -> Enviado para a Quarentena e deletado com sucesso.

F:\Documents and Settings\Lucio\Meus documentos\Downloads\SoftonicDownloader_for_ultimate-boot-cd-for-windows.exe (PUP.Optional.Softonic.A) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro lucio.lfv

Veja na lista dos programas se tem mais algum que desconhece e/ou desconfie de sua legitimidade. Caso sim, desinstale-o ;)

Diego, ao contrário do que rolou com o LyricSeeker, não encontrei o programa ou a pasta com o nome hotwords para poder passar o aço. Inclusive, já busquei também nas extensões do FF e não achei. E agora o hotwords está abrindo uma cortina lateral de ofertas que tá enchendo o saco.
Quis dizer se era possível remover as URLs. Coloque um print deste hotwords.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Diego, grato pela atenção.

Veja na lista dos programas se tem mais algum que desconhece e/ou desconfie de sua legitimidade. Caso sim, desinstale

Feito. Fiz uma varredura pelo utilitário Ad e Rem Prog. e outra pelo diretório Arq de Prog, eliminando os seguintes:

Orban - removido prog

Virtools 3dvia - removido prog

SopCast - removido dir

MarkAny - removido dir

Quis dizer se era possível remover as URLs.

Ainda não entendi sua instrução. Como remover url's que aparecem na barra de status do navegador? (lendo, aguardando resposta, etc)

Coloque um print deste hotwords.

OK, Segue abaixo:

Hot_Words.jpg

Abço.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro lucio.lfv

Entendi... faremos isso no último post ;)

Mas caso queira adiantar, basta instalar o CCleaner e fazer a limpeza :)

Faça o download do Kaspersky AVP Tool de um desses links:

Alternativa 1

Alternativa 2

  • Você será direcionado a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome.
  • Somente o campo "email" é obrigatório.
  • Informe seu email depois clique no botão Submit Form.
  • A página será recarregada. Clique no botão Download
  • Salve-o em sua área de trabalho (Desktop).
  • Execute o arquivo e aguarde a instalação.
    • ** Usuários do Windows Vista e Windows 7: Clique com o direito sobre o arquivo, depois clique em Executar como administrador

  • Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start.
  • Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

KRT_settings.png

Nesta tela, marque a caixa ao lado de:

  • Meu Computador;
  • Disco local (C:);
  • Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem;
  • Depois clique na aba Automatic Scan.

KRT_install2_.png

  • De volta à tela inicial do programa, clique no botão Start scanning;
  • Tenha paciência, é um pouco demorado;
  • Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer;
  • Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

KRT_detection_.png

Uma vez finalizado o scan, proceda da seguinte forma:

  1. Na tela principal, caso tenha sido detectado algo, então salve o log.
  2. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.
  3. Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings").
  4. Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.
  5. Escolha um local de fácil acesso e salve como log.txt
  6. Copie todo o conteúdo desse bloco de notas e cole em sua próxima resposta.
  7. Se nada for detectado, então não precisa salvar o log, apenas avise.
  8. Para sair do programa, basta clicar no X no canto superior direito.

Observações:
Enquanto durar o scan, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor
laranja
, caso nada tenha sido detectado; e na cor
vermelha
, caso tenha encontrado algo. Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão
No, thanks
.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×