Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
beto_adm

[DETECÇÃO] TR/ATRAPS.Gen [trojan]

Recommended Posts

Pessoal,

O anvira detectou o TR/ATRAPS.Gen [trojan] segue logs solicitados:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16736 BrowserJavaVersion: 10.45.2

Run by Beto at 15:16:13 on 2013-12-14

Microsoft Windows 7 Home Basic 6.1.7601.1.1252.55.1046.18.3839.2197 [GMT -2:00]

.

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files (x86)\Samsung\Kies\Kies.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\notepad.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.babylon.com/?affID=112524&tt=bandext_3312_7&babsrc=HP_ss_cr&mntrId=056105300000000000003c4a92478b96

mSearchAssistant = hxxp://start.facemoods.com/?a=mca&s={searchTerms}&f=4

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

mWinlogon: Userinit = userinit.exe

BHO: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Auxiliar de Conexão do Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

TB: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} -

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

uRun: [Media Finder] "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray

uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

uRun: [Google Update] "C:\Users\Beto\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup

uRun: [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\Beto\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

mPolicies-System: EnableLUA = dword:0

IE: Baixar com Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm

IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html

IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

Trusted Zone: caixa.gov.br

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

TCP: NameServer = 8.8.8.8

TCP: Interfaces\{F98A75D9-4DCE-48DF-A0D6-D0EF5CAA59FC} : DHCPNameServer = 8.8.8.8

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll

SSODL: WebCheck - <orphaned>

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Beto\AppData\Roaming\Mozilla\Firefox\Profiles\abk9fom8.default\

FF - prefs.js: browser.search.selectedEngine - BuscaPé

FF - prefs.js: browser.startup.homepage - about:home

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll

FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Beto\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\Beto\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll

FF - plugin: C:\Users\Beto\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll

FF - plugin: C:\Users\Beto\AppData\Roaming\Mozilla\Firefox\Profiles\abk9fom8.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}\plugins\npgbfnc_uni.dll

FF - plugin: C:\Users\Beto\AppData\Roaming\Mozilla\Firefox\Profiles\abk9fom8.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\plugins\np-mswmp.dll

FF - plugin: C:\Users\Beto\AppData\Roaming\Mozilla\Firefox\Profiles\abk9fom8.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\plugins\npConduitFirefoxPlugin.dll

FF - plugin: C:\Users\Beto\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Beto\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\Beto\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

---- FIREFOX POLICIES ----

.

user_pref('extensions.dealply.partner', 'vn');

.

user_pref('extensions.dealply.channel', 'pcdealply');

.

user_pref('extensions.dealply.installId', 'v24300251424392505200862012081821402737');

.

user_pref('extensions.dealply.installIdSource', 'inst');

.

user_pref('extensions.dealply.sampleGroup', '7');

.

user_pref('extensions.dealply.partner', 'vn');

.

user_pref('extensions.dealply.channel', 'pcdealply');

.

user_pref('extensions.dealply.installId', 'v24300251424392505200862012081821402737');

.

user_pref('extensions.dealply.installIdSource', 'inst');

.

user_pref('extensions.dealply.sampleGroup', '7');

FF - user.js: extensions.funmoods.hmpg - true

FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=pcmega1&chnl=pcmega1&cd=2XzuyEtN2Y1L1QzutA0CyE0AzytByEyBzz0BzyyCtDyDtAtDtN0D0Tzu0CtBtAtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=946415514

FF - user.js: extensions.funmoods.dfltSrch - true

FF - user.js: extensions.funmoods.srchPrvdr - Search

FF - user.js: extensions.funmoods.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=pcmega1&chnl=pcmega1&cd=2XzuyEtN2Y1L1QzutA0CyE0AzytByEyBzz0BzyyCtDyDtAtDtN0D0Tzu0CtBtAtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=946415514

FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=pcmega1&chnl=pcmega1&cd=2XzuyEtN2Y1L1QzutA0CyE0AzytByEyBzz0BzyyCtDyDtAtDtN0D0Tzu0CtBtAtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=946415514&q=

FF - user.js: extensions.funmoods.id - 3C4A92478B960530

FF - user.js: extensions.funmoods.instlDay - 15570

FF - user.js: extensions.funmoods.vrsn - 1.5.23.22

FF - user.js: extensions.funmoods.vrsni - 1.5.23.22

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2220:49:20

FF - user.js: extensions.funmoods.prtnrId - funmoods

FF - user.js: extensions.funmoods.prdct - funmoods

FF - user.js: extensions.funmoods.aflt - pcmega1

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods.tlbrId - base

FF - user.js: extensions.funmoods.instlRef - pcmega1

FF - user.js: extensions.funmoods.dfltLng -

FF - user.js: extensions.funmoods.excTlbr - false

FF - user.js: extensions.funmoods.autoRvrt - false

FF - user.js: extensions.funmoods.envrmnt - production

FF - user.js: extensions.funmoods.isdcmntcmplt - true

FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112524&tt=bandext_3312_8

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=

FF - user.js: extensions.BabylonToolbar.id - 056105300000000000003c4a92478b96

FF - user.js: extensions.BabylonToolbar.instlDay - 15570

FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6

FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.620:47:38

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - base

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

.

user_pref('extensions.dealply.partner', 'vn');

.

user_pref('extensions.dealply.channel', 'pcdealply');

.

user_pref('extensions.dealply.installId', 'v24300251424392505200862012081821402737');

.

user_pref('extensions.dealply.installIdSource', 'inst');

.

user_pref('extensions.dealply.sampleGroup', '7');

.

user_pref('extensions.dealply.partner', 'vn');

.

user_pref('extensions.dealply.channel', 'pcdealply');

.

user_pref('extensions.dealply.installId', 'v24300251424392505200862012081821402737');

.

user_pref('extensions.dealply.installIdSource', 'inst');

.

user_pref('extensions.dealply.sampleGroup', '7');

.

============= SERVICES / DRIVERS ===============

.

R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-29 28600]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-10-7 270912]

R2 AntiVirSchedulerService;Avira Agendamento;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-23 440376]

R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-12-23 440376]

R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-29 107416]

R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2013-11-9 452968]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-12-6 635416]

R2 SZDrvSvc;Samsung Drive Manager Service;C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [2013-3-10 19456]

R3 mdf16;mdf16;C:\Program Files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [2013-3-10 20400]

R3 mvd23;mvd23;C:\Program Files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [2013-3-10 99248]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]

S3 CH341SER_A64;CH341SER_A64;C:\Windows\System32\drivers\CH341S64.SYS [2011-11-4 58368]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-8-20 103576]

S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-5-5 37344]

S3 libusb0;libusb-win32 - Kernel Driver 01/17/2012 1.2.6.0;C:\Windows\System32\drivers\libusb0.sys [2012-12-10 52832]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2011-1-9 19912]

S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2011-1-9 13264]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-4 19456]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-8-20 204568]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-4 57856]

.

=============== File Associations ===============

.

FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]

FileExt: .js: JSFile=C:\Windows\System32\WScript.exe "%1" %* [userChoice]

.

=============== Created Last 30 ================

.

2013-12-08 13:26:37 -------- d-----w- C:\Users\Beto\AppData\Roaming\newnext.me

2013-12-08 13:26:37 -------- d-----w- C:\Users\Beto\AppData\Local\genienext

2013-12-08 13:26:37 -------- d-----w- C:\Users\Beto\AppData\Local\cache

2013-12-08 13:26:36 -------- d-----w- C:\Users\Beto\AppData\Local\Mobogenie

2013-12-08 13:25:43 -------- d-----w- C:\Users\Beto\AppData\Roaming\ExpressFiles

2013-12-08 12:40:53 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-11-29 21:48:58 197120 ----a-w- C:\Windows\System32\credui.dll

2013-11-29 21:47:49 404480 ----a-w- C:\Windows\System32\gdi32.dll

2013-11-29 21:47:49 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll

2013-11-29 21:47:47 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL

2013-11-29 21:47:47 830464 ----a-w- C:\Windows\System32\nshwfp.dll

2013-11-29 21:47:47 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll

2013-11-29 21:47:47 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL

2013-11-29 21:47:47 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL

.

==================== Find3M ====================

.

2013-12-14 13:15:56 31088 ----a-w- C:\Windows\SysWow64\drivers\gbpndisrd.sys

2013-12-10 23:12:13 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-12-10 23:12:13 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-12-05 21:24:21 107416 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2013-11-29 01:46:02 83160 ----a-w- C:\Windows\System32\drivers\avnetflt.sys

2013-11-29 01:46:02 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys

2013-10-20 02:49:45 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll

2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll

2013-10-12 08:43:32 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-10-12 08:43:32 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-10-12 07:02:29 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-10-12 07:02:29 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-10-12 06:35:26 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-10-12 06:08:58 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-10-12 05:44:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-10-12 05:15:39 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll

2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll

2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll

2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll

2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll

2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll

2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys

2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll

2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll

2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll

2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll

2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll

2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll

2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe

.

============= FINISH: 15:16:49,73 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Basic

Boot Device: \Device\HarddiskVolume1

Install Date: 08/01/2011 14:26:32

System Uptime: 14/12/2013 11:15:33 (4 hours ago)

.

Motherboard: PEGATRON CORPORATION | | 2A99

Processor: AMD Athlon II X2 220 Processor | CPU 1 | 2800/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 136 GiB total, 27,052 GiB free.

D: is FIXED (NTFS) - 13 GiB total, 1,555 GiB free.

E: is CDROM ()

F: is Removable

G: is FIXED (NTFS) - 298 GiB total, 70,264 GiB free.

H: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.8) - Português

AIPTEK PenCam Manager

aMSN 0.98.9

Android SDK Tools

Arquivo do WinRAR

Avira Free Antivirus

CDRoller version 9.00

CyberLink DVD Suite Deluxe

D3DX10

DAEMON Tools Lite

Divulga Chat

Divulga Chat 1.016

DreaMule 3.2

Driver Detective

Dropbox

DVD Menu Pack for HP MediaSmart Video

EVEREST Ultimate Edition v4.20

Facebook Video Calling 1.2.0.287

Freedom Connect 1.2

GBBD Banco do Brasil

Google Books Downloader version 2.1

Google Chrome

Google Earth Plug-in

Google Talk Plugin

Google Update Helper

Hewlett-Packard ACLM.NET v1.1.1.0

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

HP Advisor

HP Customer Experience Enhancements

HP MediaSmart DVD

HP MediaSmart Music

HP MediaSmart Photo

HP MediaSmart SmartMenu

HP MediaSmart Video

HP Odometer

HP Setup

HP Support Assistant

HP Support Information

HP Update

HP Vision Hardware Diagnostics

IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

iWisoft Free Video Downloader 2.1

Java 7 Update 45

Java 7 Update 45 (64-bit)

Java Auto Updater

Java SE Development Kit 7 Update 45 (64-bit)

Java 6 Update 22

Java 6 Update 24 (64-bit)

K-Lite Codec Pack 5.2.0 (64-bit)

LabelPrint

LightScribe System Software

Media Player Classic - Home Cinema v1.5.2.3456 x64

Messenger Companion

MFC RunTime files

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Extended PTB Language Pack

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office Access MUI (Portuguese (Brazil)) 2010

Microsoft Office Excel MUI (Portuguese (Brazil)) 2010

Microsoft Office Groove MUI (Portuguese (Brazil)) 2010

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010

Microsoft Office Office 32-bit Components 2010

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (Portuguese (Brazil)) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (Portuguese (Brazil)) 2010

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared MUI (Portuguese (Brazil)) 2010

Microsoft Office Word MUI (Portuguese (Brazil)) 2010

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MiraScan V3.40

Movie Theme Pack for HP MediaSmart Video

Mozilla Firefox 21.0 (x86 pt-BR)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MusicStation

MyFreeCodec

Nokia Connectivity Cable Driver

NVIDIA Display Control Panel

NVIDIA Drivers

NVIDIA ForceWare Network Access Manager

Pacote de Driver do Windows - libusb-win32 (libusb0) libusb-win32 devices (01/17/2012 1.2.6.0)

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)

Partition Wizard Home Edition 4.0

Passware Kit Enterprise 9.0

PDF Complete Special Edition

Photodex Presenter

PhotoNow!

PhotoScape

Power2Go

PowerDirector

Pro Evolution Soccer 2011

ProShow Gold

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Receitanet

Recovery Manager

Samsung Drive Manager

Samsung Kies

Samsung Story Album Viewer

SAMSUNG USB Driver for Mobile Phones

ScanButton 2.4

Screen Capturer

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)

Security Update for Microsoft InfoPath 2010 (KB2553322) 64-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553431) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Skype™ 6.11

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2836939)

Update for Microsoft .NET Framework 4 Extended (KB2836939v3)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft OneNote 2010 (KB2589345) 64-Bit Edition

Vuze

Vuze Remote Toolbar

Winamp

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Media Player Firefox Plugin

.

==== End Of File ===========================

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-12-14 16:09:59

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000059 ST350041 rev.HP35 465,76GB

Running: gmer.exe; Driver: C:\Users\Beto\AppData\Local\Temp\pxldqpog.sys

---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002fad000 45 bytes [43, 4D, 33, 31, 05, 00, 00, ...]

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff80002fad02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[748] C:\Windows\syswow64\kernel32.dll!FreeLibrary 0000000075c93468 5 bytes JMP 00000001749c70af

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[748] C:\Windows\syswow64\kernel32.dll!FreeLibraryAndExitThread 0000000075cad51a 5 bytes JMP 00000001749c7027

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[748] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076252c91 4 bytes CALL 71af0000

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[748] C:\Windows\syswow64\RPCRT4.dll!IUnknown_QueryInterface_Proxy 000000007726428b 6 bytes JMP 71a8000a

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[748] C:\Windows\syswow64\ole32.dll!CoUnmarshalInterface 0000000075f4f150 6 bytes JMP 71ab000a

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[748] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076091465 2 bytes [09, 76]

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[748] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000760914bb 2 bytes [09, 76]

.text ... * 2

.text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076091465 2 bytes [09, 76]

.text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760914bb 2 bytes [09, 76]

.text ... * 2

.text C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076091465 2 bytes [09, 76]

.text C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760914bb 2 bytes [09, 76]

.text ... * 2

.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2784] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007779000c 1 byte [C3]

.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2784] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 000000007781f8ea 5 bytes JMP 00000001777cd5c1

.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[2804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076091465 2 bytes [09, 76]

.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[2804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760914bb 2 bytes [09, 76]

.text ... * 2

.text C:\Windows\SysWOW64\rundll32.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076091465 2 bytes [09, 76]

.text C:\Windows\SysWOW64\rundll32.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760914bb 2 bytes [09, 76]

.text ... * 2

.text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076091465 2 bytes [09, 76]

.text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760914bb 2 bytes [09, 76]

.text ... * 2

.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2612] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076252c91 4 bytes CALL 71af0000

.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2612] C:\Windows\syswow64\RPCRT4.dll!IUnknown_QueryInterface_Proxy 000000007726428b 6 bytes JMP 71a7000a

.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2612] C:\Windows\syswow64\ole32.dll!CoUnmarshalInterface 0000000075f4f150 6 bytes JMP 71ab000a

.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2612] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076091465 2 bytes [09, 76]

.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2612] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000760914bb 2 bytes [09, 76]

.text ... * 2

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

Desde já agradeço a ajuda.

abs

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Desculpe a demora :)

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

ATENÇÃO 4: Não anexe os logs, obrigado!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

olá, desculpe a demora.

Segue logs atualizados;

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16736 BrowserJavaVersion: 10.45.2

Run by Beto at 20:38:47 on 2013-12-17

Microsoft Windows 7 Home Basic 6.1.7601.1.1252.55.1046.18.3839.2831 [GMT -2:00]

.

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files (x86)\Samsung\Kies\Kies.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.babylon.com/?affID=112524&tt=bandext_3312_7&babsrc=HP_ss_cr&mntrId=056105300000000000003c4a92478b96

mSearchAssistant = hxxp://start.facemoods.com/?a=mca&s={searchTerms}&f=4

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

mWinlogon: Userinit = userinit.exe

BHO: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Auxiliar de Conexão do Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

TB: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} -

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

uRun: [Media Finder] "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray

uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

uRun: [Google Update] "C:\Users\Beto\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup

uRun: [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\Beto\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

mPolicies-System: EnableLUA = dword:0

IE: Baixar com Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm

IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html

IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

Trusted Zone: caixa.gov.br

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

TCP: NameServer = 8.8.8.8

TCP: Interfaces\{F98A75D9-4DCE-48DF-A0D6-D0EF5CAA59FC} : DHCPNameServer = 8.8.8.8

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll

SSODL: WebCheck - <orphaned>

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Beto\AppData\Roaming\Mozilla\Firefox\Profiles\abk9fom8.default\

FF - prefs.js: browser.search.selectedEngine - BuscaPé

FF - prefs.js: browser.startup.homepage - about:home

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll

FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Beto\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\Beto\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll

FF - plugin: C:\Users\Beto\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll

FF - plugin: C:\Users\Beto\AppData\Roaming\Mozilla\Firefox\Profiles\abk9fom8.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}\plugins\npgbfnc_uni.dll

FF - plugin: C:\Users\Beto\AppData\Roaming\Mozilla\Firefox\Profiles\abk9fom8.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\plugins\np-mswmp.dll

FF - plugin: C:\Users\Beto\AppData\Roaming\Mozilla\Firefox\Profiles\abk9fom8.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\plugins\npConduitFirefoxPlugin.dll

FF - plugin: C:\Users\Beto\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Beto\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\Beto\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

.

---- FIREFOX POLICIES ----

.

user_pref('extensions.dealply.partner', 'vn');

.

user_pref('extensions.dealply.channel', 'pcdealply');

.

user_pref('extensions.dealply.installId', 'v24300251424392505200862012081821402737');

.

user_pref('extensions.dealply.installIdSource', 'inst');

.

user_pref('extensions.dealply.sampleGroup', '7');

.

user_pref('extensions.dealply.partner', 'vn');

.

user_pref('extensions.dealply.channel', 'pcdealply');

.

user_pref('extensions.dealply.installId', 'v24300251424392505200862012081821402737');

.

user_pref('extensions.dealply.installIdSource', 'inst');

.

user_pref('extensions.dealply.sampleGroup', '7');

FF - user.js: extensions.funmoods.hmpg - true

FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=pcmega1&chnl=pcmega1&cd=2XzuyEtN2Y1L1QzutA0CyE0AzytByEyBzz0BzyyCtDyDtAtDtN0D0Tzu0CtBtAtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=946415514

FF - user.js: extensions.funmoods.dfltSrch - true

FF - user.js: extensions.funmoods.srchPrvdr - Search

FF - user.js: extensions.funmoods.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=pcmega1&chnl=pcmega1&cd=2XzuyEtN2Y1L1QzutA0CyE0AzytByEyBzz0BzyyCtDyDtAtDtN0D0Tzu0CtBtAtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=946415514

FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=pcmega1&chnl=pcmega1&cd=2XzuyEtN2Y1L1QzutA0CyE0AzytByEyBzz0BzyyCtDyDtAtDtN0D0Tzu0CtBtAtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=946415514&q=

FF - user.js: extensions.funmoods.id - 3C4A92478B960530

FF - user.js: extensions.funmoods.instlDay - 15570

FF - user.js: extensions.funmoods.vrsn - 1.5.23.22

FF - user.js: extensions.funmoods.vrsni - 1.5.23.22

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2220:49:20

FF - user.js: extensions.funmoods.prtnrId - funmoods

FF - user.js: extensions.funmoods.prdct - funmoods

FF - user.js: extensions.funmoods.aflt - pcmega1

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods.tlbrId - base

FF - user.js: extensions.funmoods.instlRef - pcmega1

FF - user.js: extensions.funmoods.dfltLng -

FF - user.js: extensions.funmoods.excTlbr - false

FF - user.js: extensions.funmoods.autoRvrt - false

FF - user.js: extensions.funmoods.envrmnt - production

FF - user.js: extensions.funmoods.isdcmntcmplt - true

FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112524&tt=bandext_3312_8

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=

FF - user.js: extensions.BabylonToolbar.id - 056105300000000000003c4a92478b96

FF - user.js: extensions.BabylonToolbar.instlDay - 15570

FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6

FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.620:47:38

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - base

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

.

user_pref('extensions.dealply.partner', 'vn');

.

user_pref('extensions.dealply.channel', 'pcdealply');

.

user_pref('extensions.dealply.installId', 'v24300251424392505200862012081821402737');

.

user_pref('extensions.dealply.installIdSource', 'inst');

.

user_pref('extensions.dealply.sampleGroup', '7');

.

user_pref('extensions.dealply.partner', 'vn');

.

user_pref('extensions.dealply.channel', 'pcdealply');

.

user_pref('extensions.dealply.installId', 'v24300251424392505200862012081821402737');

.

user_pref('extensions.dealply.installIdSource', 'inst');

.

user_pref('extensions.dealply.sampleGroup', '7');

.

============= SERVICES / DRIVERS ===============

.

R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-29 28600]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-10-7 270912]

R2 AntiVirSchedulerService;Avira Agendamento;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-23 440376]

R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-12-23 440376]

R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-29 107416]

R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2013-11-9 452968]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-12-6 635416]

R2 SZDrvSvc;Samsung Drive Manager Service;C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [2013-3-10 19456]

R3 mdf16;mdf16;C:\Program Files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [2013-3-10 20400]

R3 mvd23;mvd23;C:\Program Files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [2013-3-10 99248]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]

S3 CH341SER_A64;CH341SER_A64;C:\Windows\System32\drivers\CH341S64.SYS [2011-11-4 58368]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-8-20 103576]

S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-5-5 37344]

S3 libusb0;libusb-win32 - Kernel Driver 01/17/2012 1.2.6.0;C:\Windows\System32\drivers\libusb0.sys [2012-12-10 52832]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2011-1-9 19912]

S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2011-1-9 13264]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-4 19456]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-8-20 204568]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-4 57856]

.

=============== File Associations ===============

.

FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]

FileExt: .js: JSFile=C:\Windows\System32\WScript.exe "%1" %* [userChoice]

.

=============== Created Last 30 ================

.

2013-12-08 13:26:37 -------- d-----w- C:\Users\Beto\AppData\Roaming\newnext.me

2013-12-08 13:26:37 -------- d-----w- C:\Users\Beto\AppData\Local\genienext

2013-12-08 13:26:37 -------- d-----w- C:\Users\Beto\AppData\Local\cache

2013-12-08 13:26:36 -------- d-----w- C:\Users\Beto\AppData\Local\Mobogenie

2013-12-08 13:25:43 -------- d-----w- C:\Users\Beto\AppData\Roaming\ExpressFiles

2013-12-08 12:40:53 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-11-29 21:48:58 197120 ----a-w- C:\Windows\System32\credui.dll

2013-11-29 21:47:49 404480 ----a-w- C:\Windows\System32\gdi32.dll

2013-11-29 21:47:49 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll

2013-11-29 21:47:47 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL

2013-11-29 21:47:47 830464 ----a-w- C:\Windows\System32\nshwfp.dll

2013-11-29 21:47:47 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll

2013-11-29 21:47:47 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL

2013-11-29 21:47:47 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL

.

==================== Find3M ====================

.

2013-12-17 21:08:55 31088 ----a-w- C:\Windows\SysWow64\drivers\gbpndisrd.sys

2013-12-10 23:12:13 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-12-10 23:12:13 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-12-05 21:24:21 107416 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2013-11-29 01:46:02 83160 ----a-w- C:\Windows\System32\drivers\avnetflt.sys

2013-11-29 01:46:02 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys

2013-10-20 02:49:45 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll

2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll

2013-10-12 08:43:32 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-10-12 08:43:32 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-10-12 07:02:29 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-10-12 07:02:29 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-10-12 06:35:26 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-10-12 06:08:58 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-10-12 05:44:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-10-12 05:15:39 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll

2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll

2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll

2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll

2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll

2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll

2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys

2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll

2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll

2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll

2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll

2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll

2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll

2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe

.

============= FINISH: 20:39:52,58 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Basic

Boot Device: \Device\HarddiskVolume1

Install Date: 08/01/2011 14:26:32

System Uptime: 17/12/2013 19:08:38 (1 hours ago)

.

Motherboard: PEGATRON CORPORATION | | 2A99

Processor: AMD Athlon II X2 220 Processor | CPU 1 | 2100/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 136 GiB total, 28,437 GiB free.

D: is FIXED (NTFS) - 13 GiB total, 1,555 GiB free.

E: is CDROM ()

F: is Removable

G: is FIXED (NTFS) - 298 GiB total, 70,264 GiB free.

H: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.8) - Português

AIPTEK PenCam Manager

aMSN 0.98.9

Android SDK Tools

Arquivo do WinRAR

Avira Free Antivirus

CDRoller version 9.00

CyberLink DVD Suite Deluxe

D3DX10

DAEMON Tools Lite

Divulga Chat

Divulga Chat 1.016

DreaMule 3.2

Driver Detective

Dropbox

DVD Menu Pack for HP MediaSmart Video

EVEREST Ultimate Edition v4.20

Facebook Video Calling 1.2.0.287

Freedom Connect 1.2

GBBD Banco do Brasil

Google Books Downloader version 2.1

Google Chrome

Google Earth Plug-in

Google Talk Plugin

Google Update Helper

Hewlett-Packard ACLM.NET v1.1.1.0

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

HP Advisor

HP Customer Experience Enhancements

HP MediaSmart DVD

HP MediaSmart Music

HP MediaSmart Photo

HP MediaSmart SmartMenu

HP MediaSmart Video

HP Odometer

HP Setup

HP Support Assistant

HP Support Information

HP Update

HP Vision Hardware Diagnostics

IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

iWisoft Free Video Downloader 2.1

Java 7 Update 45

Java 7 Update 45 (64-bit)

Java Auto Updater

Java SE Development Kit 7 Update 45 (64-bit)

Java 6 Update 22

Java 6 Update 24 (64-bit)

K-Lite Codec Pack 5.2.0 (64-bit)

LabelPrint

LightScribe System Software

Media Player Classic - Home Cinema v1.5.2.3456 x64

Messenger Companion

MFC RunTime files

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Extended PTB Language Pack

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office Access MUI (Portuguese (Brazil)) 2010

Microsoft Office Excel MUI (Portuguese (Brazil)) 2010

Microsoft Office Groove MUI (Portuguese (Brazil)) 2010

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010

Microsoft Office Office 32-bit Components 2010

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (Portuguese (Brazil)) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (Portuguese (Brazil)) 2010

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared MUI (Portuguese (Brazil)) 2010

Microsoft Office Word MUI (Portuguese (Brazil)) 2010

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MiraScan V3.40

Movie Theme Pack for HP MediaSmart Video

Mozilla Firefox 21.0 (x86 pt-BR)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MusicStation

MyFreeCodec

Nokia Connectivity Cable Driver

NVIDIA Display Control Panel

NVIDIA Drivers

NVIDIA ForceWare Network Access Manager

Pacote de Driver do Windows - libusb-win32 (libusb0) libusb-win32 devices (01/17/2012 1.2.6.0)

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)

Partition Wizard Home Edition 4.0

Passware Kit Enterprise 9.0

PDF Complete Special Edition

Photodex Presenter

PhotoNow!

PhotoScape

Power2Go

PowerDirector

Pro Evolution Soccer 2011

ProShow Gold

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Receitanet

Recovery Manager

Samsung Drive Manager

Samsung Kies

Samsung Story Album Viewer

SAMSUNG USB Driver for Mobile Phones

ScanButton 2.4

Screen Capturer

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)

Security Update for Microsoft InfoPath 2010 (KB2553322) 64-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553431) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Skype™ 6.11

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2836939)

Update for Microsoft .NET Framework 4 Extended (KB2836939v3)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft OneNote 2010 (KB2589345) 64-Bit Edition

Vuze

Vuze Remote Toolbar

Winamp

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Media Player Firefox Plugin

.

==== End Of File ===========================

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-12-17 21:21:54

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000059 ST350041 rev.HP35 465,76GB

Running: gmer.exe; Driver: C:\Users\Beto\AppData\Local\Temp\pxldqpog.sys

---- User code sections - GMER 2.1 ----

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[752] C:\Windows\syswow64\kernel32.dll!FreeLibrary 0000000076de3468 5 bytes JMP 0000000174a370af

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[752] C:\Windows\syswow64\kernel32.dll!FreeLibraryAndExitThread 0000000076dfd51a 5 bytes JMP 0000000174a37027

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[752] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000077192c91 4 bytes CALL 71af0000

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[752] C:\Windows\syswow64\RPCRT4.dll!IUnknown_QueryInterface_Proxy 00000000760c428b 6 bytes JMP 71a8000a

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[752] C:\Windows\syswow64\ole32.dll!CoUnmarshalInterface 000000007596f150 6 bytes JMP 71ab000a

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[752] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075f91465 2 bytes [F9, 75]

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[752] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075f914bb 2 bytes [F9, 75]

.text ... * 2

.text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f91465 2 bytes [F9, 75]

.text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f914bb 2 bytes [F9, 75]

.text ... * 2

.text C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f91465 2 bytes [F9, 75]

.text C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f914bb 2 bytes [F9, 75]

.text ... * 2

.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2948] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007780000c 1 byte [C3]

.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2948] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 000000007788f8ea 5 bytes JMP 000000017783d5c1

.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f91465 2 bytes [F9, 75]

.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f914bb 2 bytes [F9, 75]

.text ... * 2

.text C:\Windows\SysWOW64\rundll32.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f91465 2 bytes [F9, 75]

.text C:\Windows\SysWOW64\rundll32.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f914bb 2 bytes [F9, 75]

.text ... * 2

.text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[3028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f91465 2 bytes [F9, 75]

.text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[3028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f914bb 2 bytes [F9, 75]

.text ... * 2

.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2716] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000077192c91 4 bytes CALL 71af0000

.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2716] C:\Windows\syswow64\RPCRT4.dll!IUnknown_QueryInterface_Proxy 00000000760c428b 6 bytes JMP 71a8000a

.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2716] C:\Windows\syswow64\ole32.dll!CoUnmarshalInterface 000000007596f150 6 bytes JMP 71ab000a

.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2716] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075f91465 2 bytes [F9, 75]

.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2716] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075f914bb 2 bytes [F9, 75]

.text ... * 2

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

Obg.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro beto_adm

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

Faça o download Junkware Removal Tool e salve em seu Desktop.

  • Desative seus programas de proteção (antivírus etc) para evitar qualquer conflito.
  • Clique duas vezes JRT.exe
    • Se seu sistema for Windows Vista ou Windows 7 ou Windows 8, clique com o botão direito do mouse e peça para Executar como Administrador.

    [*]Seja paciente e aguarde o scan terminar.[*]Abra o log JRT.txt que está em seu Desktop.[*]Copie todo conteúdo e cole em sua próximo mensagem.

# Etapa nº 2 #

  • Clique duas vezes no adwcleaner.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Pesquisar
  • No final do scan será aberto um log com o resultado.
  • Caso algo seja detectado, clique então no botão Remover.
  • Novamente, no final do scan será aberto um log com o resultado.
  • Copie todo seu conteúdo e cole em sua próxima resposta.

# Etapa nº 3 #

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi,

O log da etapa 1 está muito grande e não estou conseguindo postar.

Posso te enviar um email com os logs?

O que sugere?

Obg

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi Diego, não consigo postar nem vários posts, só o log da etapa 1 deu 100 páginas.

Qual email posso mandar ou teria outra alternativa?

Abs e obg.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Vou te passar meu e-mail por MP, e aí faça:

  • Coloque os logs numa pasta com seu nick;
  • Comapcte-a (.zip);
  • Anexe em seu e-mail e me envie;
  • Me avise do envio aqui.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro beto_adm

# Etapa nº 1 #

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

  • Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

Reglock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]


  • Salve este arquivo como: CFScript.txt
  • Tal com exemplificado na animação abaixo, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

2872959479_997d4500c4_o.gif

# Etapa nº 2 #

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi Diego segue os logs solicitados:

ComboFix 13-12-18.01 - Beto 20/12/2013 22:19:25.2.2 - x64

Microsoft Windows 7 Home Basic 6.1.7601.1.1252.55.1046.18.3839.2572 [GMT -2:00]

Executando de: c:\users\Beto\Desktop\ComboFix.exe

Comandos utilizados :: c:\users\Beto\Desktop\CFScript.txt

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Criado um novo ponto de restauração

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SysWow64\drivers\ati2xhxx.sys

c:\windows\SysWow64\drivers\msliksurserv.sys

c:\windows\SysWow64\drivers\msvtch.sys

c:\windows\SysWow64\drivers\qandr.sys

c:\windows\SysWow64\drivers\reveal32.sys

c:\windows\SysWow64\drivers\str.sys

c:\windows\SysWow64\drivers\tdlserv.sys

c:\windows\SysWow64\drivers\TPLinks.sys

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-11-21 to 2013-12-21 ))))))))))))))))))))))))))))

.

.

2013-12-21 00:31 . 2013-12-21 00:31 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-12-21 00:31 . 2013-12-21 00:31 -------- d-----w- c:\users\Convidado\AppData\Local\temp

2013-12-21 00:24 . 2013-12-21 00:24 0 ----a-w- c:\windows\SysWow64\drivers\wsnpoem.sys

2013-12-18 23:37 . 2013-12-18 23:43 -------- d-----w- C:\AdwCleaner

2013-12-18 23:29 . 2013-12-18 23:29 -------- d-----w- c:\windows\ERUNT

2013-12-08 13:26 . 2013-12-18 21:20 -------- d-----w- c:\users\Beto\AppData\Roaming\newnext.me

2013-12-08 13:26 . 2013-12-08 13:26 -------- d-----w- c:\users\Beto\AppData\Local\genienext

2013-12-08 13:26 . 2013-12-08 13:26 -------- d-----w- c:\users\Beto\AppData\Local\cache

2013-12-08 13:26 . 2013-12-08 13:29 -------- d-----w- c:\users\Beto\AppData\Local\Mobogenie

2013-12-08 12:41 . 2013-12-08 12:41 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-12-08 12:40 . 2013-10-08 09:50 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-11-29 21:48 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll

2013-11-29 21:47 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll

2013-11-29 21:47 . 2013-10-03 02:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll

2013-11-29 21:47 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll

2013-11-29 21:47 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL

2013-11-29 21:47 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL

2013-11-29 21:47 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll

2013-11-29 21:47 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-12-20 10:54 . 2013-07-26 23:14 31088 ----a-w- c:\windows\SysWow64\drivers\gbpndisrd.sys

2013-12-19 22:00 . 2013-05-13 11:08 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys

2013-12-19 22:00 . 2013-03-29 16:22 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys

2013-12-19 22:00 . 2013-03-29 16:22 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2013-12-10 23:12 . 2012-07-15 22:14 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-12-10 23:12 . 2012-07-15 22:14 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-11-29 21:49 . 2011-01-09 00:45 82896128 ----a-w- c:\windows\system32\MRT.exe

2013-11-29 01:46 . 2013-03-29 16:22 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2013-10-20 02:49 . 2013-10-20 02:50 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2013-10-20 02:49 . 2013-10-20 02:50 312744 ----a-w- c:\windows\system32\javaws.exe

2013-10-20 02:49 . 2013-10-20 02:50 189352 ----a-w- c:\windows\system32\javaw.exe

2013-10-20 02:49 . 2013-10-20 02:50 189352 ----a-w- c:\windows\system32\java.exe

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-24 17:59 130736 ----a-w- c:\users\Beto\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-24 17:59 130736 ----a-w- c:\users\Beto\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-24 17:59 130736 ----a-w- c:\users\Beto\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-24 17:59 130736 ----a-w- c:\users\Beto\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-09-04 1564528]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-12-19 684600]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-10-30 296096]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-09-04 311152]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Samsung Drive Manager Real-Time.lnk - c:\program files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe [2013-3-10 135168]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableLUA"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="userinit.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2013-10-07 14:32 1487912 ----a-w- c:\program files (x86)\GbPlugin\gbieh.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2013-10-16 18:01 1479528 ----a-w- c:\program files (x86)\GbPlugin\gbiehcef.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys;c:\windows\SYSNATIVE\drivers\gbpkm.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 CH341SER_A64;CH341SER_A64;c:\windows\system32\Drivers\CH341S64.SYS;c:\windows\SYSNATIVE\Drivers\CH341S64.SYS [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]

R3 libusb0;libusb-win32 - Kernel Driver 01/17/2012 1.2.6.0;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]

R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]

R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S2 AntiVirSchedulerService;Avira Agendamento;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]

S2 SZDrvSvc;Samsung Drive Manager Service;c:\program files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe;c:\program files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [x]

S3 mdf16;mdf16;c:\program files (x86)\Clarus\Samsung Drive Manager\mdf16.sys;c:\program files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [x]

S3 mvd23;mvd23;c:\program files (x86)\Clarus\Samsung Drive Manager\mvd23.sys;c:\program files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-12-05 21:40 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 23:12]

.

2013-12-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3003575162-918008064-1124869830-1000Core.job

- c:\users\Beto\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-01 02:21]

.

2013-12-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3003575162-918008064-1124869830-1000UA.job

- c:\users\Beto\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-01 02:21]

.

2013-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-17 18:51]

.

2013-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-17 18:51]

.

2013-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3003575162-918008064-1124869830-1000Core.job

- c:\users\Beto\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-10 20:41]

.

2013-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3003575162-918008064-1124869830-1000UA.job

- c:\users\Beto\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-10 20:41]

.

2013-12-21 c:\windows\Tasks\HPCeeScheduleForBeto.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 05:53]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-24 17:59 164016 ----a-w- c:\users\Beto\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-24 17:59 164016 ----a-w- c:\users\Beto\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-24 17:59 164016 ----a-w- c:\users\Beto\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-24 17:59 164016 ----a-w- c:\users\Beto\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

mSearchAssistant = hxxp://www.google.com

IE: Baixar com Mipony - file://c:\program files (x86)\MiPony\Browser\IEContext.htm

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

Trusted Zone: caixa.gov.br

TCP: DhcpNameServer = 8.8.8.8

FF - ProfilePath - c:\users\Beto\AppData\Roaming\Mozilla\Firefox\Profiles\abk9fom8.default\

FF - prefs.js: browser.search.selectedEngine - BuscaPé

FF - prefs.js: browser.startup.homepage - about:home

.

- - - - ORFÃOS REMOVIDOS - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

AddRemove-8461-7759-5462-8226 - c:\program files (x86)\Vuze\uninstall.exe

AddRemove-RealPlayer 15.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe

AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-3003575162-918008064-1124869830-1000\Software\SecuROM\License information*]

"datasecu"=hex:33,ca,db,2d,85,73,44,77,4a,2a,83,1e,5c,84,9f,f4,b3,c0,0f,26,96,

a2,d2,15,69,a6,7d,6a,8e,09,fa,5d,c6,a2,fe,a5,d9,27,f0,7d,92,cf,6c,f8,2e,0a,\

"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2013-12-20 22:45:34

ComboFix-quarantined-files.txt 2013-12-21 00:45

ComboFix2.txt 2013-12-19 00:12

.

Pré-execução: 34.253.934.592 bytes disponíveis

Pós execução: 34.184.736.768 bytes disponíveis

.

- - End Of File - - 9E1A7F2276FAC1259C3C6098A6755FF4

6CA3BCC30E5036ACB3E36FA839899E00

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Versão da Base de Dados: v2013.12.20.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16736

Beto :: BETO-PC [administrador]

Proteção: Permitir

20/12/2013 22:52:41

mbam-log-2013-12-20 (22-52-41).txt

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 240919

Tempo decorrido: 3 minuto(s), 39 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 1

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|BrowserMngr Start Page (PUP.BProtector) -> Data: http://www.google.com -> Enviado para a Quarentena e deletado com sucesso.

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 2

C:\Users\Beto\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Beto\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Enviado para a Quarentena e deletado com sucesso.

Arquivos Detectados: 9

C:\Users\Convidado\Downloads\PhotosArtist_130(1).exe (PUP.Optional.UltraDownloads) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Convidado\Downloads\PhotosArtist_130.exe (PUP.Optional.UltraDownloads) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Convidado\Downloads\SoftonicDownloader_para_photoscape.exe (PUP.OfferBundler.ST) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Convidado\Downloads\SoftonicDownloader_para_picasa.exe (PUP.Optional.Softonic) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Beto\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Beto\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Beto\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Windows\System32\drivers\wsnpoem.sys (Trojan.Agent) -> Enviado para a Quarentena e deletado com sucesso.

C:\Windows\SysWOW64\drivers\wsnpoem.sys (Trojan.Agent) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

obg pela ajuda e abs.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro beto_adm

# Etapa nº 1 #

Faça o download do Kaspersky AVP Tool de um desses links:

Alternativa 1

Alternativa 2

  • Você será direcionado a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome.
  • Somente o campo "email" é obrigatório.
  • Informe seu email depois clique no botão Submit Form.
  • A página será recarregada. Clique no botão Download
  • Salve-o em sua área de trabalho (Desktop).
  • Execute o arquivo e aguarde a instalação.
    • ** Usuários do Windows Vista e Windows 7: Clique com o direito sobre o arquivo, depois clique em Executar como administrador

  • Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start.
  • Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

KRT_settings.png

Nesta tela, marque a caixa ao lado de:

  • Meu Computador;
  • Disco local (C:);
  • Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem;
  • Depois clique na aba Automatic Scan.

KRT_install2_.png

  • De volta à tela inicial do programa, clique no botão Start scanning;
  • Tenha paciência, é um pouco demorado;
  • Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer;
  • Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

KRT_detection_.png

Uma vez finalizado o scan, proceda da seguinte forma:

  1. Na tela principal, caso tenha sido detectado algo, então salve o log.
  2. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.
  3. Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings").
  4. Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.
  5. Escolha um local de fácil acesso e salve como log.txt
  6. Copie todo o conteúdo desse bloco de notas e cole em sua próxima resposta.
  7. Se nada for detectado, então não precisa salvar o log, apenas avise.
  8. Para sair do programa, basta clicar no X no canto superior direito.

Observações:
Enquanto durar o scan, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor
laranja
, caso nada tenha sido detectado; e na cor
vermelha
, caso tenha encontrado algo. Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão
No, thanks
.

# Etapa nº 2 #

Faça o download do SecurityCheck e salve em seu Desktop

  • Clique duas vezes no SecurityCheck.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Pressione qualquer tecla para continuar... será aberto um relatório
  • Copie todo seu conteúdo e cole em sua próxima resposta

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi Diego, na etapa 1 não identificou nenhuma ameça, porém quando fui para etapa 2 acabei executando um programa da propaganda do site por não prestar atenção, nisso o anvira detectou um malware e resolvi passar o Malwarebytes Anti-Malware antes de executar a etapa 2, abaixo segue o log do Malwarebytes Anti-Malware e da etapa 2:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Versão da Base de Dados: v2013.12.20.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16736

Beto :: BETO-PC [administrador]

Proteção: Permitir

21/12/2013 08:57:41

mbam-log-2013-12-21 (08-57-41).txt

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 241251

Tempo decorrido: 6 minuto(s), 24 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 1

C:\Users\Beto\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Será deletado na próxima inicialização.

Chaves de Registro Detectadas: 5

HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff (PUP.Optional.MySearchDial.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff (PUP.Optional.MySearchDial.A) -> Enviado para a Quarentena e deletado com sucesso.

Valores de Registro Detectadas: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\Windows\SysWOW64\rundll32.exe "C:\Users\Beto\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Enviado para a Quarentena e deletado com sucesso.

HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0A2O0R1R1H2Z1S1G0H1F -> Enviado para a Quarentena e deletado com sucesso.

Itens de Dados no Registro Detectadas: 2

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Ruim: (http://start.mysearchdial.com/?f=1&a=irmsd1202aw&cd=2XzuyEtN2Y1L1QzutA0CyE0AzytByEyBzz0BzyyCtDyDtAtDtN0D0Tzu0SyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1275782249&ir=) Bom: (http://www.google.com) -> Enviado para a Quarentena e reparado com sucesso.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Ruim: (http://start.mysearchdial.com/?f=1&a=irmsd1202aw&cd=2XzuyEtN2Y1L1QzutA0CyE0AzytByEyBzz0BzyyCtDyDtAtDtN0D0Tzu0SyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1275782249&ir=) Bom: (http://www.google.com) -> Enviado para a Quarentena e reparado com sucesso.

Pastas Detectadas: 4

C:\Users\Beto\AppData\Roaming\MySearchDial (PUP.Optional.MySearchDial.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Beto\AppData\Roaming\MySearchDial\UpdateProc (PUP.Optional.MySearchDial.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Beto\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Será deletado na próxima inicialização.

C:\Users\Beto\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Enviado para a Quarentena e deletado com sucesso.

Arquivos Detectados: 8

C:\Users\Beto\Desktop\Setup.exe (PUP.Optional.InstallCore) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Beto\AppData\Local\Temp\ICReinstall_Setup.exe (PUP.Optional.InstallCore) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Beto\AppData\Local\mysearchdial-speeddial.crx (PUP.Optional.MySearchDial.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Beto\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage (PUP.Optional.FunMoods.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Beto\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Será deletado na próxima inicialização.

C:\Users\Beto\AppData\Roaming\MySearchDial\UpdateProc\config.dat (PUP.Optional.MySearchDial.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Beto\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Beto\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

Results of screen317's Security Check version 0.99.77

Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 10 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Avira Desktop

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Java 6 Update 22

Java 7 Update 45

Adobe Flash Player 11.9.900.170

Adobe Reader 10.1.8 Adobe Reader out of Date!

Mozilla Firefox 21.0 Firefox out of Date!

Google Chrome 31.0.1650.57

Google Chrome 31.0.1650.63

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: =

````````````````````End of Log``````````````````````

obg e abs.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi Diego, na etapa 1 não identificou nenhuma ameça, porém quando fui para etapa 2 acabei executando um programa da propaganda do site por não prestar atenção, nisso o anvira detectou um malware e resolvi passar o Malwarebytes Anti-Malware antes de executar a etapa 2, abaixo segue o log do Malwarebytes Anti-Malware e da etapa 2:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Versão da Base de Dados: v2013.12.20.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16736

Beto :: BETO-PC [administrador]

Proteção: Permitir

21/12/2013 08:57:41

mbam-log-2013-12-21 (08-57-41).txt

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 241251

Tempo decorrido: 6 minuto(s), 24 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 1

C:\Users\Beto\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Será deletado na próxima inicialização.

Chaves de Registro Detectadas: 5

HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff (PUP.Optional.MySearchDial.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff (PUP.Optional.MySearchDial.A) -> Enviado para a Quarentena e deletado com sucesso.

Valores de Registro Detectadas: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\Windows\SysWOW64\rundll32.exe "C:\Users\Beto\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Enviado para a Quarentena e deletado com sucesso.

HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0A2O0R1R1H2Z1S1G0H1F -> Enviado para a Quarentena e deletado com sucesso.

Itens de Dados no Registro Detectadas: 2

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Ruim: (http://start.mysearchdial.com/?f=1&a=irmsd1202aw&cd=2XzuyEtN2Y1L1QzutA0CyE0AzytByEyBzz0BzyyCtDyDtAtDtN0D0Tzu0SyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1275782249&ir=) Bom: (http://www.google.com) -> Enviado para a Quarentena e reparado com sucesso.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Ruim: (http://start.mysearchdial.com/?f=1&a=irmsd1202aw&cd=2XzuyEtN2Y1L1QzutA0CyE0AzytByEyBzz0BzyyCtDyDtAtDtN0D0Tzu0SyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1275782249&ir=) Bom: (http://www.google.com) -> Enviado para a Quarentena e reparado com sucesso.

Pastas Detectadas: 4

C:\Users\Beto\AppData\Roaming\MySearchDial (PUP.Optional.MySearchDial.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Beto\AppData\Roaming\MySearchDial\UpdateProc (PUP.Optional.MySearchDial.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Beto\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Será deletado na próxima inicialização.

C:\Users\Beto\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Enviado para a Quarentena e deletado com sucesso.

Arquivos Detectados: 8

C:\Users\Beto\Desktop\Setup.exe (PUP.Optional.InstallCore) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Beto\AppData\Local\Temp\ICReinstall_Setup.exe (PUP.Optional.InstallCore) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Beto\AppData\Local\mysearchdial-speeddial.crx (PUP.Optional.MySearchDial.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Beto\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage (PUP.Optional.FunMoods.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Beto\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Será deletado na próxima inicialização.

C:\Users\Beto\AppData\Roaming\MySearchDial\UpdateProc\config.dat (PUP.Optional.MySearchDial.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Beto\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Beto\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

Results of screen317's Security Check version 0.99.77

Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 10 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Avira Desktop

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Java 6 Update 22

Java 7 Update 45

Adobe Flash Player 11.9.900.170

Adobe Reader 10.1.8 Adobe Reader out of Date!

Mozilla Firefox 21.0 Firefox out of Date!

Google Chrome 31.0.1650.57

Google Chrome 31.0.1650.63

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: =

````````````````````End of Log``````````````````````

obg e abs.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi Diego, na etapa 1 não identificou nenhuma ameça, porém quando fui para etapa 2 acabei executando um programa da propaganda do site por não prestar atenção, nisso o anvira detectou um malware e resolvi passar o Malwarebytes Anti-Malware antes de executar a etapa 2, abaixo segue o log do Malwarebytes Anti-Malware e da etapa 2:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Versão da Base de Dados: v2013.12.20.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16736

Beto :: BETO-PC [administrador]

Proteção: Permitir

21/12/2013 08:57:41

mbam-log-2013-12-21 (08-57-41).txt

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 241251

Tempo decorrido: 6 minuto(s), 24 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 1

C:\Users\Beto\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Será deletado na próxima inicialização.

Chaves de Registro Detectadas: 5

HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff (PUP.Optional.MySearchDial.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff (PUP.Optional.MySearchDial.A) -> Enviado para a Quarentena e deletado com sucesso.

Valores de Registro Detectadas: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\Windows\SysWOW64\rundll32.exe "C:\Users\Beto\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Enviado para a Quarentena e deletado com sucesso.

HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0A2O0R1R1H2Z1S1G0H1F -> Enviado para a Quarentena e deletado com sucesso.

Itens de Dados no Registro Detectadas: 2

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Ruim: (http://start.mysearchdial.com/?f=1&a=irmsd1202aw&cd=2XzuyEtN2Y1L1QzutA0CyE0AzytByEyBzz0BzyyCtDyDtAtDtN0D0Tzu0SyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1275782249&ir=) Bom: (http://www.google.com) -> Enviado para a Quarentena e reparado com sucesso.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Ruim: (http://start.mysearchdial.com/?f=1&a=irmsd1202aw&cd=2XzuyEtN2Y1L1QzutA0CyE0AzytByEyBzz0BzyyCtDyDtAtDtN0D0Tzu0SyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1275782249&ir=) Bom: (http://www.google.com) -> Enviado para a Quarentena e reparado com sucesso.

Pastas Detectadas: 4

C:\Users\Beto\AppData\Roaming\MySearchDial (PUP.Optional.MySearchDial.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Beto\AppData\Roaming\MySearchDial\UpdateProc (PUP.Optional.MySearchDial.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Beto\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Será deletado na próxima inicialização.

C:\Users\Beto\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Enviado para a Quarentena e deletado com sucesso.

Arquivos Detectados: 8

C:\Users\Beto\Desktop\Setup.exe (PUP.Optional.InstallCore) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Beto\AppData\Local\Temp\ICReinstall_Setup.exe (PUP.Optional.InstallCore) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Beto\AppData\Local\mysearchdial-speeddial.crx (PUP.Optional.MySearchDial.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Beto\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage (PUP.Optional.FunMoods.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Beto\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Será deletado na próxima inicialização.

C:\Users\Beto\AppData\Roaming\MySearchDial\UpdateProc\config.dat (PUP.Optional.MySearchDial.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Beto\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Beto\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

Results of screen317's Security Check version 0.99.77

Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 10 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Avira Desktop

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Java 6 Update 22

Java 7 Update 45

Adobe Flash Player 11.9.900.170

Adobe Reader 10.1.8 Adobe Reader out of Date!

Mozilla Firefox 21.0 Firefox out of Date!

Google Chrome 31.0.1650.57

Google Chrome 31.0.1650.63

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: =

````````````````````End of Log``````````````````````

obg e abs.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro beto_adm

Putz... já estávamos quase acabando, normal vamos em frente ;)

Vamos fazer as correções/atualizações recomendadas ;)

# Etapa nº 1 #

Ative a UAC (User Account Control - Controle da Conta de Usuário)

Acesse o [ame=http://www.youtube.com/watch?feature=player_embedded&v=zbH4lM-OSzQ]vídeo[/ame] tutorial.

# Etapa nº 2 #

Atualize o Firefox

# Etapa nº 3 #

Atualize o Adobe Reader

# Etapa nº 4 #

Atualize o Internet Explorer

# Etapa nº 5 #

Faça um novo log com o DDS ;)

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro beto_adm

Putz... já estávamos quase acabando, normal vamos em frente ;)

Vamos fazer as correções/atualizações recomendadas ;)

# Etapa nº 1 #

Ative a UAC (User Account Control - Controle da Conta de Usuário)

Acesse o [ame=http://www.youtube.com/watch?feature=player_embedded&v=zbH4lM-OSzQ]vídeo[/ame] tutorial.

# Etapa nº 2 #

Atualize o Firefox

# Etapa nº 3 #

Atualize o Adobe Reader

# Etapa nº 4 #

Atualize o Internet Explorer

# Etapa nº 5 #

Faça um novo log com o DDS ;)

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro beto_adm

Putz... já estávamos quase acabando, normal vamos em frente ;)

Vamos fazer as correções/atualizações recomendadas ;)

# Etapa nº 1 #

Ative a UAC (User Account Control - Controle da Conta de Usuário)

Acesse o [ame=http://www.youtube.com/watch?feature=player_embedded&v=zbH4lM-OSzQ]vídeo[/ame] tutorial.

# Etapa nº 2 #

Atualize o Firefox

# Etapa nº 3 #

Atualize o Adobe Reader

# Etapa nº 4 #

Atualize o Internet Explorer

# Etapa nº 5 #

Faça um novo log com o DDS ;)

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi Diego,

Segue log DDS solicitado:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Basic

Boot Device: \Device\HarddiskVolume1

Install Date: 08/01/2011 14:26:32

System Uptime: 21/12/2013 14:43:10 (0 hours ago)

.

Motherboard: PEGATRON CORPORATION | | 2A99

Processor: AMD Athlon II X2 220 Processor | CPU 1 | 2800/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 136 GiB total, 32,25 GiB free.

D: is FIXED (NTFS) - 13 GiB total, 1,555 GiB free.

E: is CDROM ()

F: is Removable

G: is FIXED (NTFS) - 298 GiB total, 70,737 GiB free.

H: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI - Português

AIPTEK PenCam Manager

aMSN 0.98.9

Android SDK Tools

Arquivo do WinRAR

Avira Free Antivirus

CDRoller version 9.00

CyberLink DVD Suite Deluxe

D3DX10

DAEMON Tools Lite

Divulga Chat

Divulga Chat 1.016

DreaMule 3.2

Driver Detective

Dropbox

DVD Menu Pack for HP MediaSmart Video

EVEREST Ultimate Edition v4.20

Facebook Video Calling 1.2.0.287

Freedom Connect 1.2

GBBD Banco do Brasil

Google Books Downloader version 2.1

Google Chrome

Google Earth Plug-in

Google Talk Plugin

Google Update Helper

Hewlett-Packard ACLM.NET v1.1.1.0

HP Advisor

HP Customer Experience Enhancements

HP MediaSmart DVD

HP MediaSmart Music

HP MediaSmart Photo

HP MediaSmart SmartMenu

HP MediaSmart Video

HP Odometer

HP Setup

HP Support Assistant

HP Support Information

HP Update

HP Vision Hardware Diagnostics

IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

iWisoft Free Video Downloader 2.1

Java 7 Update 45

Java 7 Update 45 (64-bit)

Java Auto Updater

Java SE Development Kit 7 Update 45 (64-bit)

Java 6 Update 22

Java 6 Update 24 (64-bit)

K-Lite Codec Pack 5.2.0 (64-bit)

LabelPrint

LightScribe System Software

Malwarebytes Anti-Malware versão 1.75.0.1300

Media Player Classic - Home Cinema v1.5.2.3456 x64

Messenger Companion

MFC RunTime files

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft .NET Framework 4 Extended PTB Language Pack

Microsoft .NET Framework 4.5.1

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office Access MUI (Portuguese (Brazil)) 2010

Microsoft Office Excel MUI (Portuguese (Brazil)) 2010

Microsoft Office Groove MUI (Portuguese (Brazil)) 2010

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010

Microsoft Office Office 32-bit Components 2010

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (Portuguese (Brazil)) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (Portuguese (Brazil)) 2010

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared MUI (Portuguese (Brazil)) 2010

Microsoft Office Word MUI (Portuguese (Brazil)) 2010

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MiraScan V3.40

Movie Theme Pack for HP MediaSmart Video

Mozilla Firefox 26.0 (x86 pt-BR)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MusicStation

Nokia Connectivity Cable Driver

NVIDIA Display Control Panel

NVIDIA Drivers

NVIDIA ForceWare Network Access Manager

Pacote de Driver do Windows - libusb-win32 (libusb0) libusb-win32 devices (01/17/2012 1.2.6.0)

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)

Partition Wizard Home Edition 4.0

Passware Kit Enterprise 9.0

PDF Complete Special Edition

Photodex Presenter

PhotoNow!

PhotoScape

Power2Go

PowerDirector

Pro Evolution Soccer 2011

ProShow Gold

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Receitanet

Recovery Manager

Samsung Drive Manager

Samsung Kies

Samsung Story Album Viewer

SAMSUNG USB Driver for Mobile Phones

ScanButton 2.4

Screen Capturer

Security Update for Microsoft InfoPath 2010 (KB2553322) 64-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553431) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Skype™ 6.11

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft OneNote 2010 (KB2589345) 64-Bit Edition

Vuze

Winamp

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Media Player Firefox Plugin

.

==== End Of File ===========================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi Diego,

Segue log DDS solicitado:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Basic

Boot Device: \Device\HarddiskVolume1

Install Date: 08/01/2011 14:26:32

System Uptime: 21/12/2013 14:43:10 (0 hours ago)

.

Motherboard: PEGATRON CORPORATION | | 2A99

Processor: AMD Athlon II X2 220 Processor | CPU 1 | 2800/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 136 GiB total, 32,25 GiB free.

D: is FIXED (NTFS) - 13 GiB total, 1,555 GiB free.

E: is CDROM ()

F: is Removable

G: is FIXED (NTFS) - 298 GiB total, 70,737 GiB free.

H: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI - Português

AIPTEK PenCam Manager

aMSN 0.98.9

Android SDK Tools

Arquivo do WinRAR

Avira Free Antivirus

CDRoller version 9.00

CyberLink DVD Suite Deluxe

D3DX10

DAEMON Tools Lite

Divulga Chat

Divulga Chat 1.016

DreaMule 3.2

Driver Detective

Dropbox

DVD Menu Pack for HP MediaSmart Video

EVEREST Ultimate Edition v4.20

Facebook Video Calling 1.2.0.287

Freedom Connect 1.2

GBBD Banco do Brasil

Google Books Downloader version 2.1

Google Chrome

Google Earth Plug-in

Google Talk Plugin

Google Update Helper

Hewlett-Packard ACLM.NET v1.1.1.0

HP Advisor

HP Customer Experience Enhancements

HP MediaSmart DVD

HP MediaSmart Music

HP MediaSmart Photo

HP MediaSmart SmartMenu

HP MediaSmart Video

HP Odometer

HP Setup

HP Support Assistant

HP Support Information

HP Update

HP Vision Hardware Diagnostics

IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

iWisoft Free Video Downloader 2.1

Java 7 Update 45

Java 7 Update 45 (64-bit)

Java Auto Updater

Java SE Development Kit 7 Update 45 (64-bit)

Java 6 Update 22

Java 6 Update 24 (64-bit)

K-Lite Codec Pack 5.2.0 (64-bit)

LabelPrint

LightScribe System Software

Malwarebytes Anti-Malware versão 1.75.0.1300

Media Player Classic - Home Cinema v1.5.2.3456 x64

Messenger Companion

MFC RunTime files

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft .NET Framework 4 Extended PTB Language Pack

Microsoft .NET Framework 4.5.1

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office Access MUI (Portuguese (Brazil)) 2010

Microsoft Office Excel MUI (Portuguese (Brazil)) 2010

Microsoft Office Groove MUI (Portuguese (Brazil)) 2010

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010

Microsoft Office Office 32-bit Components 2010

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (Portuguese (Brazil)) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (Portuguese (Brazil)) 2010

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared MUI (Portuguese (Brazil)) 2010

Microsoft Office Word MUI (Portuguese (Brazil)) 2010

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MiraScan V3.40

Movie Theme Pack for HP MediaSmart Video

Mozilla Firefox 26.0 (x86 pt-BR)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MusicStation

Nokia Connectivity Cable Driver

NVIDIA Display Control Panel

NVIDIA Drivers

NVIDIA ForceWare Network Access Manager

Pacote de Driver do Windows - libusb-win32 (libusb0) libusb-win32 devices (01/17/2012 1.2.6.0)

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)

Partition Wizard Home Edition 4.0

Passware Kit Enterprise 9.0

PDF Complete Special Edition

Photodex Presenter

PhotoNow!

PhotoScape

Power2Go

PowerDirector

Pro Evolution Soccer 2011

ProShow Gold

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Receitanet

Recovery Manager

Samsung Drive Manager

Samsung Kies

Samsung Story Album Viewer

SAMSUNG USB Driver for Mobile Phones

ScanButton 2.4

Screen Capturer

Security Update for Microsoft InfoPath 2010 (KB2553322) 64-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553431) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Skype™ 6.11

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft OneNote 2010 (KB2589345) 64-Bit Edition

Vuze

Winamp

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Media Player Firefox Plugin

.

==== End Of File ===========================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi Diego,

O DDS gerou dois blocos de notas, segue os logs novamente:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Basic

Boot Device: \Device\HarddiskVolume1

Install Date: 08/01/2011 14:26:32

System Uptime: 21/12/2013 14:43:10 (1 hours ago)

.

Motherboard: PEGATRON CORPORATION | | 2A99

Processor: AMD Athlon II X2 220 Processor | CPU 1 | 2800/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 136 GiB total, 32,236 GiB free.

D: is FIXED (NTFS) - 13 GiB total, 1,555 GiB free.

E: is CDROM ()

F: is Removable

G: is FIXED (NTFS) - 298 GiB total, 70,737 GiB free.

H: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI - Português

AIPTEK PenCam Manager

aMSN 0.98.9

Android SDK Tools

Arquivo do WinRAR

Avira Free Antivirus

CDRoller version 9.00

CyberLink DVD Suite Deluxe

D3DX10

DAEMON Tools Lite

Divulga Chat

Divulga Chat 1.016

DreaMule 3.2

Driver Detective

Dropbox

DVD Menu Pack for HP MediaSmart Video

EVEREST Ultimate Edition v4.20

Facebook Video Calling 1.2.0.287

Freedom Connect 1.2

GBBD Banco do Brasil

Google Books Downloader version 2.1

Google Chrome

Google Earth Plug-in

Google Talk Plugin

Google Update Helper

Hewlett-Packard ACLM.NET v1.1.1.0

HP Advisor

HP Customer Experience Enhancements

HP MediaSmart DVD

HP MediaSmart Music

HP MediaSmart Photo

HP MediaSmart SmartMenu

HP MediaSmart Video

HP Odometer

HP Setup

HP Support Assistant

HP Support Information

HP Update

HP Vision Hardware Diagnostics

IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

iWisoft Free Video Downloader 2.1

Java 7 Update 45

Java 7 Update 45 (64-bit)

Java Auto Updater

Java SE Development Kit 7 Update 45 (64-bit)

Java 6 Update 22

Java 6 Update 24 (64-bit)

K-Lite Codec Pack 5.2.0 (64-bit)

LabelPrint

LightScribe System Software

Malwarebytes Anti-Malware versão 1.75.0.1300

Media Player Classic - Home Cinema v1.5.2.3456 x64

Messenger Companion

MFC RunTime files

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft .NET Framework 4 Extended PTB Language Pack

Microsoft .NET Framework 4.5.1

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office Access MUI (Portuguese (Brazil)) 2010

Microsoft Office Excel MUI (Portuguese (Brazil)) 2010

Microsoft Office Groove MUI (Portuguese (Brazil)) 2010

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010

Microsoft Office Office 32-bit Components 2010

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (Portuguese (Brazil)) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (Portuguese (Brazil)) 2010

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared MUI (Portuguese (Brazil)) 2010

Microsoft Office Word MUI (Portuguese (Brazil)) 2010

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MiraScan V3.40

Movie Theme Pack for HP MediaSmart Video

Mozilla Firefox 26.0 (x86 pt-BR)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MusicStation

Nokia Connectivity Cable Driver

NVIDIA Display Control Panel

NVIDIA Drivers

NVIDIA ForceWare Network Access Manager

Pacote de Driver do Windows - libusb-win32 (libusb0) libusb-win32 devices (01/17/2012 1.2.6.0)

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)

Partition Wizard Home Edition 4.0

Passware Kit Enterprise 9.0

PDF Complete Special Edition

Photodex Presenter

PhotoNow!

PhotoScape

Power2Go

PowerDirector

Pro Evolution Soccer 2011

ProShow Gold

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Receitanet

Recovery Manager

Samsung Drive Manager

Samsung Kies

Samsung Story Album Viewer

SAMSUNG USB Driver for Mobile Phones

ScanButton 2.4

Screen Capturer

Security Update for Microsoft InfoPath 2010 (KB2553322) 64-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553431) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Skype™ 6.11

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft OneNote 2010 (KB2589345) 64-Bit Edition

Vuze

Winamp

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Media Player Firefox Plugin

.

==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2

Run by Beto at 15:02:23 on 2013-12-21

Microsoft Windows 7 Home Basic 6.1.7601.1.1252.55.1046.18.3839.2573 [GMT -2:00]

.

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files (x86)\Samsung\Kies\Kies.exe

C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mSearchAssistant = hxxp://www.google.com

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Auxiliar de Conexão do Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Baixar com Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm

IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

Trusted Zone: caixa.gov.br

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

TCP: NameServer = 8.8.8.8

TCP: Interfaces\{F98A75D9-4DCE-48DF-A0D6-D0EF5CAA59FC} : DHCPNameServer = 8.8.8.8

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll

SSODL: WebCheck - <orphaned>

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mStart Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd1202aw&cd=2XzuyEtN2Y1L1QzutA0CyE0AzytByEyBzz0BzyyCtDyDtAtDtN0D0Tzu0SyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1275782249&ir=

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Beto\AppData\Roaming\Mozilla\Firefox\Profiles\abk9fom8.default\

FF - prefs.js: browser.search.selectedEngine - Mysearchdial

FF - prefs.js: browser.startup.homepage - hxxp://start.mysearchdial.com/?f=1&a=irmsd1202aw&cd=2XzuyEtN2Y1L1QzutA0CyE0AzytByEyBzz0BzyyCtDyDtAtDtN0D0Tzu0SyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1275782249&ir=

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll

FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Beto\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\Beto\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll

FF - plugin: C:\Users\Beto\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll

FF - plugin: C:\Users\Beto\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Beto\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\Beto\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

FF - ExtSQL: 2013-12-21 14:01; {ad9a41d2-9a49-4fa6-a79e-71a0785364c8}; C:\Users\Beto\AppData\Roaming\Mozilla\Firefox\Profiles\abk9fom8.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.mysearchdial.hmpg - true

FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=irmsd1202aw&cd=2XzuyEtN2Y1L1QzutA0CyE0AzytByEyBzz0BzyyCtDyDtAtDtN0D0Tzu0SyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1275782249&ir=

FF - user.js: extensions.mysearchdial.dfltSrch - true

FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial

FF - user.js: extensions.mysearchdial.dnsErr - true

FF - user.js: extensions.mysearchdial_i.newTab - false

FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=irmsd1202aw&cd=2XzuyEtN2Y1L1QzutA0CyE0AzytByEyBzz0BzyyCtDyDtAtDtN0D0Tzu0SyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1275782249&ir=

FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=irmsd1202aw&cd=2XzuyEtN2Y1L1QzutA0CyE0AzytByEyBzz0BzyyCtDyDtAtDtN0D0Tzu0SyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1275782249&ir=&q=

FF - user.js: extensions.mysearchdial.id - 3C4A92478B960530

FF - user.js: extensions.mysearchdial.instlDay - 16060

FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0

FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0

FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.08:44:4

FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial

FF - user.js: extensions.mysearchdial.prdct - mysearchdial

FF - user.js: extensions.mysearchdial.aflt - irmsd1202aw

FF - user.js: extensions.mysearchdial_i.smplGrp - none

FF - user.js: extensions.mysearchdial.tlbrId - base

FF - user.js: extensions.mysearchdial.instlRef -

FF - user.js: extensions.mysearchdial.dfltLng -

FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}

FF - user.js: extensions.mysearchdial.excTlbr - false

FF - user.js: extensions.mysearchdial_i.hmpg - true

FF - user.js: extensions.mysearchdial.cr - 1275782249

FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutA0CyE0AzytByEyBzz0BzyyCtDyDtAtDtN0D0Tzu0SyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R

FF - user.js: extensions.irmysearch.aflt - irmsd1202aw

FF - user.js: extensions.irmysearch.instlRef -

FF - user.js: extensions.irmysearch.cr - 1275782249

FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutA0CyE0AzytByEyBzz0BzyyCtDyDtAtDtN0D0Tzu0SyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R

.

============= SERVICES / DRIVERS ===============

.

R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-29 28600]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-10-7 270912]

R2 AntiVirSchedulerService;Avira Agendamento;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-23 440376]

R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-12-23 440376]

R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-29 108440]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2013-11-9 452968]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-20 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-20 701512]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-12-6 635416]

R2 SZDrvSvc;Samsung Drive Manager Service;C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [2013-3-10 19456]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-20 25928]

R3 mdf16;mdf16;C:\Program Files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [2013-3-10 20400]

R3 mvd23;mvd23;C:\Program Files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [2013-3-10 99248]

S2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]

S3 CH341SER_A64;CH341SER_A64;C:\Windows\System32\drivers\CH341S64.SYS [2011-11-4 58368]

S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-5-5 37344]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-21 111616]

S3 libusb0;libusb-win32 - Kernel Driver 01/17/2012 1.2.6.0;C:\Windows\System32\drivers\libusb0.sys [2012-12-10 52832]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2011-1-9 19912]

S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2011-1-9 13264]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-4 19456]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-4 57856]

.

=============== File Associations ===============

.

FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]

FileExt: .js: JSFile=C:\Windows\System32\WScript.exe "%1" %* [userChoice]

.

=============== Created Last 30 ================

.

2013-12-21 16:35:07 -------- d-----w- C:\Windows\Migration

2013-12-21 16:29:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

2013-12-21 16:29:02 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll

2013-12-21 16:15:36 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe

2013-12-21 16:15:36 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

2013-12-21 16:15:35 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2013-12-21 16:15:35 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2013-12-21 16:10:45 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2013-12-21 16:10:45 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2013-12-21 16:10:44 3155968 ----a-w- C:\Windows\System32\win32k.sys

2013-12-21 16:10:43 335360 ----a-w- C:\Windows\System32\msieftp.dll

2013-12-21 16:10:43 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll

2013-12-21 16:10:29 465920 ----a-w- C:\Windows\System32\WMPhoto.dll

2013-12-21 16:10:29 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2013-12-21 16:10:14 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-12-21 16:10:14 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-12-21 16:09:58 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys

2013-12-21 16:09:58 202752 ----a-w- C:\Windows\System32\scrrun.dll

2013-12-21 16:09:58 168960 ----a-w- C:\Windows\System32\wscript.exe

2013-12-21 16:09:58 156160 ----a-w- C:\Windows\System32\cscript.exe

2013-12-21 16:09:58 150016 ----a-w- C:\Windows\System32\wshom.ocx

2013-12-21 16:09:58 141824 ----a-w- C:\Windows\SysWow64\wscript.exe

2013-12-21 16:09:58 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx

2013-12-21 16:09:58 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys

2013-12-21 16:09:57 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll

2013-12-21 16:09:57 126976 ----a-w- C:\Windows\SysWow64\cscript.exe

2013-12-21 10:45:21 -------- d-----w- C:\Users\Beto\AppData\Roaming\Baidu Security

2013-12-21 10:44:47 -------- d-----w- C:\ProgramData\Log

2013-12-21 10:44:12 -------- d-----w- C:\Program Files (x86)\Mobogenie

2013-12-21 10:44:05 -------- d-----w- C:\ProgramData\Baidu Security

2013-12-21 10:44:05 -------- d-----w- C:\Program Files (x86)\Baidu Security

2013-12-21 02:16:25 -------- d-----w- C:\ProgramData\Kaspersky Lab

2013-12-21 00:50:56 -------- d-----w- C:\Users\Beto\AppData\Roaming\Malwarebytes

2013-12-21 00:50:47 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-12-21 00:50:47 -------- d-----w- C:\ProgramData\Malwarebytes

2013-12-21 00:50:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-12-21 00:46:29 -------- d-sh--w- C:\$RECYCLE.BIN

2013-12-18 23:47:40 98816 ----a-w- C:\Windows\sed.exe

2013-12-18 23:47:40 256000 ----a-w- C:\Windows\PEV.exe

2013-12-18 23:47:40 208896 ----a-w- C:\Windows\MBR.exe

2013-12-18 23:37:10 -------- d-----w- C:\AdwCleaner

2013-12-18 23:29:29 -------- d-----w- C:\Windows\ERUNT

2013-12-08 13:26:37 -------- d-----w- C:\Users\Beto\AppData\Local\genienext

2013-12-08 13:26:37 -------- d-----w- C:\Users\Beto\AppData\Local\cache

2013-12-08 13:26:36 -------- d-----w- C:\Users\Beto\AppData\Local\Mobogenie

2013-12-08 12:40:53 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-11-29 21:47:49 404480 ----a-w- C:\Windows\System32\gdi32.dll

2013-11-29 21:47:49 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll

2013-11-29 21:47:47 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL

2013-11-29 21:47:47 830464 ----a-w- C:\Windows\System32\nshwfp.dll

2013-11-29 21:47:47 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll

2013-11-29 21:47:47 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL

2013-11-29 21:47:47 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL

.

==================== Find3M ====================

.

2013-12-21 16:43:30 31088 ----a-w- C:\Windows\SysWow64\drivers\gbpndisrd.sys

2013-12-19 22:00:50 84720 ----a-w- C:\Windows\System32\drivers\avnetflt.sys

2013-12-19 22:00:50 108440 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2013-12-10 23:12:13 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-12-10 23:12:13 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-11-29 01:46:02 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys

2013-10-20 02:49:45 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll

2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll

2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll

2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll

2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll

2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll

2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll

2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys

2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll

2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll

2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll

2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll

2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll

2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll

2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe

.

============= FINISH: 15:02:39,01 ===============

Obg e abs

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi Diego,

O DDS gerou dois blocos de notas, segue os logs novamente:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Basic

Boot Device: \Device\HarddiskVolume1

Install Date: 08/01/2011 14:26:32

System Uptime: 21/12/2013 14:43:10 (1 hours ago)

.

Motherboard: PEGATRON CORPORATION | | 2A99

Processor: AMD Athlon II X2 220 Processor | CPU 1 | 2800/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 136 GiB total, 32,236 GiB free.

D: is FIXED (NTFS) - 13 GiB total, 1,555 GiB free.

E: is CDROM ()

F: is Removable

G: is FIXED (NTFS) - 298 GiB total, 70,737 GiB free.

H: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI - Português

AIPTEK PenCam Manager

aMSN 0.98.9

Android SDK Tools

Arquivo do WinRAR

Avira Free Antivirus

CDRoller version 9.00

CyberLink DVD Suite Deluxe

D3DX10

DAEMON Tools Lite

Divulga Chat

Divulga Chat 1.016

DreaMule 3.2

Driver Detective

Dropbox

DVD Menu Pack for HP MediaSmart Video

EVEREST Ultimate Edition v4.20

Facebook Video Calling 1.2.0.287

Freedom Connect 1.2

GBBD Banco do Brasil

Google Books Downloader version 2.1

Google Chrome

Google Earth Plug-in

Google Talk Plugin

Google Update Helper

Hewlett-Packard ACLM.NET v1.1.1.0

HP Advisor

HP Customer Experience Enhancements

HP MediaSmart DVD

HP MediaSmart Music

HP MediaSmart Photo

HP MediaSmart SmartMenu

HP MediaSmart Video

HP Odometer

HP Setup

HP Support Assistant

HP Support Information

HP Update

HP Vision Hardware Diagnostics

IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

iWisoft Free Video Downloader 2.1

Java 7 Update 45

Java 7 Update 45 (64-bit)

Java Auto Updater

Java SE Development Kit 7 Update 45 (64-bit)

Java 6 Update 22

Java 6 Update 24 (64-bit)

K-Lite Codec Pack 5.2.0 (64-bit)

LabelPrint

LightScribe System Software

Malwarebytes Anti-Malware versão 1.75.0.1300

Media Player Classic - Home Cinema v1.5.2.3456 x64

Messenger Companion

MFC RunTime files

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft .NET Framework 4 Extended PTB Language Pack

Microsoft .NET Framework 4.5.1

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office Access MUI (Portuguese (Brazil)) 2010

Microsoft Office Excel MUI (Portuguese (Brazil)) 2010

Microsoft Office Groove MUI (Portuguese (Brazil)) 2010

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010

Microsoft Office Office 32-bit Components 2010

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (Portuguese (Brazil)) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (Portuguese (Brazil)) 2010

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared MUI (Portuguese (Brazil)) 2010

Microsoft Office Word MUI (Portuguese (Brazil)) 2010

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MiraScan V3.40

Movie Theme Pack for HP MediaSmart Video

Mozilla Firefox 26.0 (x86 pt-BR)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MusicStation

Nokia Connectivity Cable Driver

NVIDIA Display Control Panel

NVIDIA Drivers

NVIDIA ForceWare Network Access Manager

Pacote de Driver do Windows - libusb-win32 (libusb0) libusb-win32 devices (01/17/2012 1.2.6.0)

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)

Partition Wizard Home Edition 4.0

Passware Kit Enterprise 9.0

PDF Complete Special Edition

Photodex Presenter

PhotoNow!

PhotoScape

Power2Go

PowerDirector

Pro Evolution Soccer 2011

ProShow Gold

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Receitanet

Recovery Manager

Samsung Drive Manager

Samsung Kies

Samsung Story Album Viewer

SAMSUNG USB Driver for Mobile Phones

ScanButton 2.4

Screen Capturer

Security Update for Microsoft InfoPath 2010 (KB2553322) 64-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553431) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Skype™ 6.11

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft OneNote 2010 (KB2589345) 64-Bit Edition

Vuze

Winamp

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Media Player Firefox Plugin

.

==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2

Run by Beto at 15:02:23 on 2013-12-21

Microsoft Windows 7 Home Basic 6.1.7601.1.1252.55.1046.18.3839.2573 [GMT -2:00]

.

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files (x86)\Samsung\Kies\Kies.exe

C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mSearchAssistant = hxxp://www.google.com

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Auxiliar de Conexão do Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Baixar com Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm

IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

Trusted Zone: caixa.gov.br

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

TCP: NameServer = 8.8.8.8

TCP: Interfaces\{F98A75D9-4DCE-48DF-A0D6-D0EF5CAA59FC} : DHCPNameServer = 8.8.8.8

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll

SSODL: WebCheck - <orphaned>

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mStart Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd1202aw&cd=2XzuyEtN2Y1L1QzutA0CyE0AzytByEyBzz0BzyyCtDyDtAtDtN0D0Tzu0SyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1275782249&ir=

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Beto\AppData\Roaming\Mozilla\Firefox\Profiles\abk9fom8.default\

FF - prefs.js: browser.search.selectedEngine - Mysearchdial

FF - prefs.js: browser.startup.homepage - hxxp://start.mysearchdial.com/?f=1&a=irmsd1202aw&cd=2XzuyEtN2Y1L1QzutA0CyE0AzytByEyBzz0BzyyCtDyDtAtDtN0D0Tzu0SyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1275782249&ir=

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll

FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Beto\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\Beto\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll

FF - plugin: C:\Users\Beto\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll

FF - plugin: C:\Users\Beto\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Beto\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\Beto\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

FF - ExtSQL: 2013-12-21 14:01; {ad9a41d2-9a49-4fa6-a79e-71a0785364c8}; C:\Users\Beto\AppData\Roaming\Mozilla\Firefox\Profiles\abk9fom8.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.mysearchdial.hmpg - true

FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=irmsd1202aw&cd=2XzuyEtN2Y1L1QzutA0CyE0AzytByEyBzz0BzyyCtDyDtAtDtN0D0Tzu0SyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1275782249&ir=

FF - user.js: extensions.mysearchdial.dfltSrch - true

FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial

FF - user.js: extensions.mysearchdial.dnsErr - true

FF - user.js: extensions.mysearchdial_i.newTab - false

FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=irmsd1202aw&cd=2XzuyEtN2Y1L1QzutA0CyE0AzytByEyBzz0BzyyCtDyDtAtDtN0D0Tzu0SyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1275782249&ir=

FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=irmsd1202aw&cd=2XzuyEtN2Y1L1QzutA0CyE0AzytByEyBzz0BzyyCtDyDtAtDtN0D0Tzu0SyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1275782249&ir=&q=

FF - user.js: extensions.mysearchdial.id - 3C4A92478B960530

FF - user.js: extensions.mysearchdial.instlDay - 16060

FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0

FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0

FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.08:44:4

FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial

FF - user.js: extensions.mysearchdial.prdct - mysearchdial

FF - user.js: extensions.mysearchdial.aflt - irmsd1202aw

FF - user.js: extensions.mysearchdial_i.smplGrp - none

FF - user.js: extensions.mysearchdial.tlbrId - base

FF - user.js: extensions.mysearchdial.instlRef -

FF - user.js: extensions.mysearchdial.dfltLng -

FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}

FF - user.js: extensions.mysearchdial.excTlbr - false

FF - user.js: extensions.mysearchdial_i.hmpg - true

FF - user.js: extensions.mysearchdial.cr - 1275782249

FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutA0CyE0AzytByEyBzz0BzyyCtDyDtAtDtN0D0Tzu0SyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R

FF - user.js: extensions.irmysearch.aflt - irmsd1202aw

FF - user.js: extensions.irmysearch.instlRef -

FF - user.js: extensions.irmysearch.cr - 1275782249

FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutA0CyE0AzytByEyBzz0BzyyCtDyDtAtDtN0D0Tzu0SyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R

.

============= SERVICES / DRIVERS ===============

.

R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-29 28600]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-10-7 270912]

R2 AntiVirSchedulerService;Avira Agendamento;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-23 440376]

R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-12-23 440376]

R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-29 108440]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2013-11-9 452968]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-20 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-20 701512]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-12-6 635416]

R2 SZDrvSvc;Samsung Drive Manager Service;C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [2013-3-10 19456]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-20 25928]

R3 mdf16;mdf16;C:\Program Files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [2013-3-10 20400]

R3 mvd23;mvd23;C:\Program Files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [2013-3-10 99248]

S2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]

S3 CH341SER_A64;CH341SER_A64;C:\Windows\System32\drivers\CH341S64.SYS [2011-11-4 58368]

S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-5-5 37344]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-21 111616]

S3 libusb0;libusb-win32 - Kernel Driver 01/17/2012 1.2.6.0;C:\Windows\System32\drivers\libusb0.sys [2012-12-10 52832]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2011-1-9 19912]

S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2011-1-9 13264]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-4 19456]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-4 57856]

.

=============== File Associations ===============

.

FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]

FileExt: .js: JSFile=C:\Windows\System32\WScript.exe "%1" %* [userChoice]

.

=============== Created Last 30 ================

.

2013-12-21 16:35:07 -------- d-----w- C:\Windows\Migration

2013-12-21 16:29:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

2013-12-21 16:29:02 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll

2013-12-21 16:15:36 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe

2013-12-21 16:15:36 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

2013-12-21 16:15:35 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2013-12-21 16:15:35 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2013-12-21 16:10:45 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2013-12-21 16:10:45 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2013-12-21 16:10:44 3155968 ----a-w- C:\Windows\System32\win32k.sys

2013-12-21 16:10:43 335360 ----a-w- C:\Windows\System32\msieftp.dll

2013-12-21 16:10:43 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll

2013-12-21 16:10:29 465920 ----a-w- C:\Windows\System32\WMPhoto.dll

2013-12-21 16:10:29 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2013-12-21 16:10:14 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-12-21 16:10:14 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-12-21 16:09:58 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys

2013-12-21 16:09:58 202752 ----a-w- C:\Windows\System32\scrrun.dll

2013-12-21 16:09:58 168960 ----a-w- C:\Windows\System32\wscript.exe

2013-12-21 16:09:58 156160 ----a-w- C:\Windows\System32\cscript.exe

2013-12-21 16:09:58 150016 ----a-w- C:\Windows\System32\wshom.ocx

2013-12-21 16:09:58 141824 ----a-w- C:\Windows\SysWow64\wscript.exe

2013-12-21 16:09:58 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx

2013-12-21 16:09:58 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys

2013-12-21 16:09:57 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll

2013-12-21 16:09:57 126976 ----a-w- C:\Windows\SysWow64\cscript.exe

2013-12-21 10:45:21 -------- d-----w- C:\Users\Beto\AppData\Roaming\Baidu Security

2013-12-21 10:44:47 -------- d-----w- C:\ProgramData\Log

2013-12-21 10:44:12 -------- d-----w- C:\Program Files (x86)\Mobogenie

2013-12-21 10:44:05 -------- d-----w- C:\ProgramData\Baidu Security

2013-12-21 10:44:05 -------- d-----w- C:\Program Files (x86)\Baidu Security

2013-12-21 02:16:25 -------- d-----w- C:\ProgramData\Kaspersky Lab

2013-12-21 00:50:56 -------- d-----w- C:\Users\Beto\AppData\Roaming\Malwarebytes

2013-12-21 00:50:47 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-12-21 00:50:47 -------- d-----w- C:\ProgramData\Malwarebytes

2013-12-21 00:50:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-12-21 00:46:29 -------- d-sh--w- C:\$RECYCLE.BIN

2013-12-18 23:47:40 98816 ----a-w- C:\Windows\sed.exe

2013-12-18 23:47:40 256000 ----a-w- C:\Windows\PEV.exe

2013-12-18 23:47:40 208896 ----a-w- C:\Windows\MBR.exe

2013-12-18 23:37:10 -------- d-----w- C:\AdwCleaner

2013-12-18 23:29:29 -------- d-----w- C:\Windows\ERUNT

2013-12-08 13:26:37 -------- d-----w- C:\Users\Beto\AppData\Local\genienext

2013-12-08 13:26:37 -------- d-----w- C:\Users\Beto\AppData\Local\cache

2013-12-08 13:26:36 -------- d-----w- C:\Users\Beto\AppData\Local\Mobogenie

2013-12-08 12:40:53 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-11-29 21:47:49 404480 ----a-w- C:\Windows\System32\gdi32.dll

2013-11-29 21:47:49 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll

2013-11-29 21:47:47 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL

2013-11-29 21:47:47 830464 ----a-w- C:\Windows\System32\nshwfp.dll

2013-11-29 21:47:47 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll

2013-11-29 21:47:47 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL

2013-11-29 21:47:47 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL

.

==================== Find3M ====================

.

2013-12-21 16:43:30 31088 ----a-w- C:\Windows\SysWow64\drivers\gbpndisrd.sys

2013-12-19 22:00:50 84720 ----a-w- C:\Windows\System32\drivers\avnetflt.sys

2013-12-19 22:00:50 108440 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2013-12-10 23:12:13 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-12-10 23:12:13 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-11-29 01:46:02 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys

2013-10-20 02:49:45 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll

2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll

2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll

2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll

2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll

2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll

2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll

2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys

2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll

2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll

2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll

2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll

2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll

2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll

2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe

.

============= FINISH: 15:02:39,01 ===============

Obg e abs

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi Diego, segue os logs solicitados:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.8 (11.05.2013:1)

OS: Windows 7 Home Basic x64

Ran by Beto on 21/12/2013 at 23:05:51,41

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411111133}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411111133}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C0AC620A-9D60-4538-9608-131285F20206}

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted: [File] C:\Users\Beto\AppData\Roaming\mozilla\firefox\profiles\abk9fom8.default\user.js

Successfully deleted: [Folder] C:\Users\Beto\AppData\Roaming\mozilla\firefox\profiles\abk9fom8.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}

Successfully deleted the following from C:\Users\Beto\AppData\Roaming\mozilla\firefox\profiles\abk9fom8.default\prefs.js

user_pref("CT2504091.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");

user_pref("browser.search.defaultenginename", "Mysearchdial");

user_pref("browser.search.selectedEngine", "Mysearchdial");

user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1202aw&cd=2XzuyEtN2Y1L1QzutA0CyE0AzytByEyBzz0BzyyCtDyDtAtDtN0D0Tzu0SyBtBtDtN1L2XzutBtFtBtFtCyE

user_pref("extensions.mysearchdial.aflt", "irmsd1202aw");

user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");

user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutA0CyE0AzytByEyBzz0BzyyCtDyDtAtDtN0D0Tzu0SyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");

user_pref("extensions.mysearchdial.cr", "1275782249");

user_pref("extensions.mysearchdial.dfltLng", "");

user_pref("extensions.mysearchdial.dfltSrch", true);

user_pref("extensions.mysearchdial.dnsErr", true);

user_pref("extensions.mysearchdial.excTlbr", false);

user_pref("extensions.mysearchdial.hmpg", true);

user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1202aw&cd=2XzuyEtN2Y1L1QzutA0CyE0AzytByEyBzz0BzyyCtDyDtAtDtN0D0Tzu0SyBtBtDtN1L2XzutBtFt

user_pref("extensions.mysearchdial.id", "3C4A92478B960530");

user_pref("extensions.mysearchdial.instlDay", "16060");

user_pref("extensions.mysearchdial.instlRef", "");

user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd1202aw&cd=2XzuyEtN2Y1L1QzutA0CyE0AzytByEyBzz0BzyyCtDyDtAtDtN0D0Tzu0SyBtBtDtN1L2XzutBt

user_pref("extensions.mysearchdial.prdct", "mysearchdial");

user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");

user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");

user_pref("extensions.mysearchdial.tlbrId", "base");

user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd1202aw&cd=2XzuyEtN2Y1L1QzutA0CyE0AzytByEyBzz0BzyyCtDyDtAtDtN0D0Tzu0SyBtBtDtN1L2Xzut

user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");

user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");

user_pref("extensions.mysearchdial_i.hmpg", true);

user_pref("extensions.mysearchdial_i.newTab", false);

user_pref("extensions.mysearchdial_i.smplGrp", "none");

user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.08:44:4");

Emptied folder: C:\Users\Beto\AppData\Roaming\mozilla\firefox\profiles\abk9fom8.default\minidumps [1 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 21/12/2013 at 23:11:27,86

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.015 - Relatório criado 21/12/2013 às 23:14:42

# Atualizado 10/12/2013 por Xplode

# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (64 bits)

# Usuário : Beto - BETO-PC

# Executando de : C:\Users\Beto\Desktop\AdwCleaner.exe

# Opção : Limpar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

Arquivo Deletada : C:\Users\Convidado\AppData\Roaming\Mozilla\Firefox\Profiles\12ww0zqd.default\searchplugins\Mysearchdial.xml

Arquivo Deletada : C:\Users\Convidado\AppData\Roaming\Mozilla\Firefox\Profiles\12ww0zqd.default\user.js

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Deletedo : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff

Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Main [backup.old.Start Page]

Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}

Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.16428

Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

-\\ Mozilla Firefox v26.0 (pt-BR)

[ Arquivo : C:\Users\Beto\AppData\Roaming\Mozilla\Firefox\Profiles\abk9fom8.default\prefs.js ]

Linha deletada : user_pref("CT2504091.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");

[ Arquivo : C:\Users\Convidado\AppData\Roaming\Mozilla\Firefox\Profiles\12ww0zqd.default\prefs.js ]

Linha deletada : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1202aw&cd=2XzuyEtN2Y1L1QzutA0CyE0AzytByEyBzz0BzyyCtDyDtAtDtN0D0Tzu0SyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1[...]

Linha deletada : user_pref("browser.search.selectedEngine", "Mysearchdial");

Linha deletada : user_pref("browser.search.defaultenginename", "Mysearchdial");

-\\ Google Chrome v31.0.1650.63

[ Arquivo : C:\Users\Beto\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo : homepage

Deletedo : urls_to_restore_on_startup

[ Arquivo : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo : homepage

Deletedo : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [20287 octets] - [18/12/2013 21:37:15]

AdwCleaner[R1].txt - [1417 octets] - [18/12/2013 21:43:01]

AdwCleaner[R2].txt - [3273 octets] - [21/12/2013 23:12:53]

AdwCleaner[s0].txt - [18674 octets] - [18/12/2013 21:38:58]

AdwCleaner[s1].txt - [2833 octets] - [21/12/2013 23:14:42]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [2893 octets] ##########

ComboFix 13-12-20.01 - Beto 21/12/2013 23:22:58.3.2 - x64

Microsoft Windows 7 Home Basic 6.1.7601.1.1252.55.1046.18.3839.2193 [GMT -2:00]

Executando de: c:\users\Beto\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Criado um novo ponto de restauração

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SysWow64\drivers\ati0qaxx.sys

c:\windows\SysWow64\drivers\ctl_w32.sys

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-11-22 to 2013-12-22 ))))))))))))))))))))))))))))

.

.

2013-12-22 01:33 . 2013-12-22 01:33 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-12-22 01:33 . 2013-12-22 01:33 -------- d-----w- c:\users\Convidado\AppData\Local\temp

2013-12-21 19:38 . 2013-10-30 14:06 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll

2013-12-21 16:35 . 2013-12-21 16:35 -------- d-----w- c:\windows\Migration

2013-12-21 16:33 . 2013-10-14 20:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE

2013-12-21 16:29 . 2013-12-21 16:29 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-12-21 16:29 . 2013-12-21 16:29 194048 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-12-21 16:15 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2013-12-21 16:15 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe

2013-12-21 16:15 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL

2013-12-21 16:15 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL

2013-12-21 16:15 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll

2013-12-21 16:13 . 2013-12-21 16:13 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2013-12-21 16:10 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll

2013-12-21 16:10 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2013-12-21 16:10 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys

2013-12-21 16:10 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll

2013-12-21 16:10 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll

2013-12-21 16:10 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-12-21 16:10 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-12-21 16:10 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll

2013-12-21 16:10 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2013-12-21 16:09 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx

2013-12-21 16:09 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll

2013-12-21 16:09 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx

2013-12-21 16:09 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe

2013-12-21 16:09 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe

2013-12-21 16:09 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe

2013-12-21 16:09 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys

2013-12-21 16:09 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys

2013-12-21 16:09 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll

2013-12-21 16:09 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe

2013-12-21 10:45 . 2013-12-21 10:45 -------- d-----w- c:\users\Beto\AppData\Roaming\Baidu Security

2013-12-21 10:44 . 2013-12-21 10:49 -------- d-----w- c:\programdata\Log

2013-12-21 10:44 . 2013-12-21 10:56 -------- d-----w- c:\program files (x86)\Mobogenie

2013-12-21 10:44 . 2013-12-21 10:45 -------- d-----w- c:\programdata\Baidu Security

2013-12-21 10:44 . 2013-12-21 10:44 -------- d-----w- c:\program files (x86)\Baidu Security

2013-12-21 02:16 . 2013-12-21 02:16 -------- d-----w- c:\programdata\Kaspersky Lab

2013-12-21 00:50 . 2013-12-21 00:50 -------- d-----w- c:\users\Beto\AppData\Roaming\Malwarebytes

2013-12-21 00:50 . 2013-12-21 00:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-12-21 00:50 . 2013-12-21 00:50 -------- d-----w- c:\programdata\Malwarebytes

2013-12-21 00:50 . 2013-04-04 16:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-12-18 23:37 . 2013-12-22 01:14 -------- d-----w- C:\AdwCleaner

2013-12-18 23:29 . 2013-12-18 23:29 -------- d-----w- c:\windows\ERUNT

2013-12-08 13:26 . 2013-12-21 10:50 -------- d-----w- c:\users\Beto\AppData\Local\genienext

2013-12-08 13:26 . 2013-12-08 13:26 -------- d-----w- c:\users\Beto\AppData\Local\cache

2013-12-08 13:26 . 2013-12-21 10:56 -------- d-----w- c:\users\Beto\AppData\Local\Mobogenie

2013-12-08 12:41 . 2013-12-08 12:41 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-12-08 12:40 . 2013-10-08 09:50 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-11-29 21:47 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll

2013-11-29 21:47 . 2013-10-03 02:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll

2013-11-29 21:47 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll

2013-11-29 21:47 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL

2013-11-29 21:47 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL

2013-11-29 21:47 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll

2013-11-29 21:47 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-12-22 01:15 . 2013-07-26 23:14 31088 ----a-w- c:\windows\SysWow64\drivers\gbpndisrd.sys

2013-12-21 16:11 . 2011-01-09 00:45 90708896 ----a-w- c:\windows\system32\MRT.exe

2013-12-19 22:00 . 2013-05-13 11:08 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys

2013-12-19 22:00 . 2013-03-29 16:22 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys

2013-12-19 22:00 . 2013-03-29 16:22 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2013-12-10 23:12 . 2012-07-15 22:14 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-12-10 23:12 . 2012-07-15 22:14 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-11-29 01:46 . 2013-03-29 16:22 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2013-10-30 14:13 . 2012-06-23 21:15 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll

2013-10-30 14:07 . 2013-10-30 14:07 90112 ----a-w- c:\windows\MAMCityDownload.ocx

2013-10-30 14:07 . 2013-10-30 14:07 330240 ----a-w- c:\windows\MASetupCaller.dll

2013-10-30 14:07 . 2013-10-30 14:07 30568 ----a-w- c:\windows\MusiccityDownload.exe

2013-10-20 02:49 . 2013-10-20 02:50 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2013-10-20 02:49 . 2013-10-20 02:50 312744 ----a-w- c:\windows\system32\javaws.exe

2013-10-20 02:49 . 2013-10-20 02:50 189352 ----a-w- c:\windows\system32\javaw.exe

2013-10-20 02:49 . 2013-10-20 02:50 189352 ----a-w- c:\windows\system32\java.exe

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-24 17:59 130736 ----a-w- c:\users\Beto\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-24 17:59 130736 ----a-w- c:\users\Beto\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-24 17:59 130736 ----a-w- c:\users\Beto\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-24 17:59 130736 ----a-w- c:\users\Beto\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-12-11 1564528]

"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-12-19 684600]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-10-30 296096]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"mobilegeni daemon"="c:\program files (x86)\Mobogenie\DaemonProcess.exe" [bU]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-12-11 311152]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Samsung Drive Manager Real-Time.lnk - c:\program files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe [2013-3-10 135168]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2013-10-07 14:32 1487912 ----a-w- c:\program files (x86)\GbPlugin\gbieh.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2013-10-16 18:01 1479528 ----a-w- c:\program files (x86)\GbPlugin\gbiehcef.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AutoUpdateDisableNotify"=dword:00000001

.

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys;c:\windows\SYSNATIVE\drivers\gbpkm.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys;c:\windows\SYSNATIVE\drivers\BprotectEx.sys [x]

R3 CH341SER_A64;CH341SER_A64;c:\windows\system32\Drivers\CH341S64.SYS;c:\windows\SYSNATIVE\Drivers\CH341S64.SYS [x]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 libusb0;libusb-win32 - Kernel Driver 01/17/2012 1.2.6.0;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]

R3 PCFApiUtil;PCFApiUtil;c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys;c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [x]

R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]

R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S2 AntiVirSchedulerService;Avira Agendamento;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]

S2 SZDrvSvc;Samsung Drive Manager Service;c:\program files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe;c:\program files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 mdf16;mdf16;c:\program files (x86)\Clarus\Samsung Drive Manager\mdf16.sys;c:\program files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [x]

S3 mvd23;mvd23;c:\program files (x86)\Clarus\Samsung Drive Manager\mvd23.sys;c:\program files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [x]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]

start [bU]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-12-05 21:40 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-12-22 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 23:12]

.

2013-12-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3003575162-918008064-1124869830-1000Core.job

- c:\users\Beto\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-01 02:21]

.

2013-12-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3003575162-918008064-1124869830-1000UA.job

- c:\users\Beto\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-01 02:21]

.

2013-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-17 18:51]

.

2013-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-17 18:51]

.

2013-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3003575162-918008064-1124869830-1000Core.job

- c:\users\Beto\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-10 20:41]

.

2013-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3003575162-918008064-1124869830-1000UA.job

- c:\users\Beto\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-10 20:41]

.

2013-12-21 c:\windows\Tasks\HPCeeScheduleForBeto.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 05:53]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-24 17:59 164016 ----a-w- c:\users\Beto\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-24 17:59 164016 ----a-w- c:\users\Beto\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-24 17:59 164016 ----a-w- c:\users\Beto\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-24 17:59 164016 ----a-w- c:\users\Beto\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

mSearchAssistant = hxxp://www.google.com

IE: Baixar com Mipony - file://c:\program files (x86)\MiPony\Browser\IEContext.htm

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

Trusted Zone: caixa.gov.br

TCP: DhcpNameServer = 8.8.8.8

FF - ProfilePath - c:\users\Beto\AppData\Roaming\Mozilla\Firefox\Profiles\abk9fom8.default\

FF - ExtSQL: 2013-12-21 14:01; {ad9a41d2-9a49-4fa6-a79e-71a0785364c8}; c:\users\Beto\AppData\Roaming\Mozilla\Firefox\Profiles\abk9fom8.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}

.

- - - - ORFÃOS REMOVIDOS - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

AddRemove-8461-7759-5462-8226 - c:\program files (x86)\Vuze\uninstall.exe

AddRemove-RealPlayer 15.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe

AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-3003575162-918008064-1124869830-1000\Software\SecuROM\License information*]

"datasecu"=hex:33,ca,db,2d,85,73,44,77,4a,2a,83,1e,5c,84,9f,f4,b3,c0,0f,26,96,

a2,d2,15,69,a6,7d,6a,8e,09,fa,5d,c6,a2,fe,a5,d9,27,f0,7d,92,cf,6c,f8,2e,0a,\

"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2013-12-21 23:45:00

ComboFix-quarantined-files.txt 2013-12-22 01:44

ComboFix2.txt 2013-12-21 00:45

ComboFix3.txt 2013-12-19 00:12

.

Pré-execução: 34.263.887.872 bytes disponíveis

Pós execução: 34.323.443.712 bytes disponíveis

.

- - End Of File - - 1C79893C80591E623F2FCD7F3B29D263

6CA3BCC30E5036ACB3E36FA839899E00

obg e desculpe o retrabalho. abs

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×