Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
Kalel10

Remoção de TrojanProxy

Recommended Posts

Olá para todos!

Estou com esse virus a alguns dias e meu antivirus(Security Essentials) o remove e ele volta, isso sempre acontece quando eu reinicio a máquina, abro o navegador ou vou realizar um download.

Esse é log gerado pelo DDS e também fiz o scaner com GMER para postar junto, mas ele chega no final e gera um mensagem: "GMER hasn't found any system modification".

Segue o log do DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Edson at 22:02:08 on 2011-10-17

Microsoft Windows 7 Professional 6.1.7601.1.1252.55.1046.18.3764.2235 [GMT -2:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\bin\ibguard.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\CA\SharedComponents\CA_LIC\LogWatNT.exe

c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\PLFSetI.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe

C:\Program Files (x86)\VMware\VMware Player\hqtray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe

C:\Windows\SysWOW64\ReSent.exe

C:\Program Files (x86)\MSBX\mb.exe

C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE

C:\Windows\system32\conhost.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\Windows\SysWOW64\vmnat.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\SysWOW64\vmnetdhcp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\bin\ibserver.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = local

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll

BHO: Auxiliar de Conexão do Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: VDownloader Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: VDownloader Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [EPSON T50 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFFL.EXE /FU "C:\Users\Edson\AppData\Local\Temp\E_S404C.tmp" /EF "HKCU"

uRun: [Google Update] "C:\Users\Edson\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot

mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

mRun: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [ReSent] c:\windows\system32\resent.exe

mRun: [Mbox] "C:\Program Files (x86)\MSBX\mb.exe"

StartupFolder: C:\Users\Edson\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RECORT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

uPolicies-explorer: ForceRunOnStartMenu = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

dPolicies-explorer: ForceRunOnStartMenu = 1 (0x1)

IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

LSP: C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 200.204.0.10 200.204.0.138 192.168.0.1

TCP: Interfaces\{07AB6E77-70DF-4FC0-BA39-31FEE30A8A43} : DhcpNameServer = 200.204.0.10 200.204.0.138 192.168.0.1

TCP: Interfaces\{838E7FC9-E260-4417-8CAE-3A0710186422} : DhcpNameServer = 200.204.0.10 200.204.0.138 192.168.0.1

TCP: Interfaces\{838E7FC9-E260-4417-8CAE-3A0710186422}\46C696E6B6 : DhcpNameServer = 201.95.253.128 200.204.0.138 192.168.0.1

TCP: Interfaces\{838E7FC9-E260-4417-8CAE-3A0710186422}\5415050275942554C4543535 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{838E7FC9-E260-4417-8CAE-3A0710186422}\54455434F52316E6461627 : DhcpNameServer = 10.67.68.200

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{2EECD738-5844-4a99-B4B6-146BF802613B}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{9FDDE16B-836F-4806-AB1F-1455CBEFF289}

{d2ce3e00-f94a-4740-988e-03dc2f38c34f}

{D4027C7F-154A-4066-A1AD-4243D8127440}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

{D4027C7F-154A-4066-A1AD-4243D8127440}

{8dcb7100-df86-4384-8842-8fa844297b3f}

{98889811-442D-49dd-99D7-DC866BE87DBC}

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun-x64: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot

mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

mRun-x64: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [ReSent] c:\windows\system32\resent.exe

mRun-x64: [Mbox] "C:\Program Files (x86)\MSBX\mb.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Edson\AppData\Roaming\Mozilla\Firefox\Profiles\j36xevmo.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=VD&o=14782&locale=pt_BR&apn_uid=4925D4A0-DBAD-48A9-B7DC-1A506F461CD0&apn_ptnrs=VY&apn_sauid=6770988B-94DC-401C-B084-382B03111CB5&apn_dtid=YYYYYYYYBR&q=

FF - prefs.js: network.proxy.type - 0

FF - component: C:\Users\Edson\AppData\Roaming\Mozilla\Firefox\Profiles\j36xevmo.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D}\components\GbMzhCef.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Edson\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 LogWatch;Event Log Watch;C:\Program Files (x86)\CA\SharedComponents\CA_LIC\LogWatNT.exe [2005-2-23 53248]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.EXE [2010-7-11 2320920]

R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-3-25 539248]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-7-10 34840]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 XAMPP;XAMPP Service;C:\xampp\service.exe --> C:\xampp\service.exe [?]

S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]

S3 CA_LIC_CLNT;CA License Client;C:\Program Files (x86)\CA\SharedComponents\CA_LIC\lic98rmt.exe [2005-3-23 126976]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-2-28 210792]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 RDPDISPM;RDPDISPM;C:\Windows\system32\DRIVERS\rdpdispm.sys --> C:\Windows\system32\DRIVERS\rdpdispm.sys [?]

S3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-2-28 2085224]

S3 StorSvc;Serviço de Armazenamento;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 MSSQLServerADHelper100;Serviço Auxiliar do Active Directory do SQL;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 61976]

S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-2-28 430440]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-10-17 01:24:31 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{794BE747-868F-4071-87C2-5B5B96E7B8E7}\offreg.dll

2011-10-16 20:05:14 9049936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{794BE747-868F-4071-87C2-5B5B96E7B8E7}\mpengine.dll

2011-10-15 16:53:52 3138048 ----a-w- C:\Windows\System32\win32k.sys

2011-10-15 16:53:33 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2011-10-15 16:53:33 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-10-15 16:53:33 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-10-15 16:53:32 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{784E8699-A74A-46CE-8489-3972876B87B4}\gapaengine.dll

2011-10-15 16:53:31 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2011-10-15 16:51:38 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-10-15 16:51:38 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-10-15 16:51:38 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-10-15 16:51:37 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-10-15 03:20:25 -------- d-----w- C:\Users\Edson\AppData\Local\{9BAE3BA8-F521-4827-9DBF-F8CF5B7958EA}

2011-10-15 03:19:49 -------- d-----w- C:\Users\Edson\AppData\Local\{0427B15E-3D7C-4D4F-ACAF-B6BA97F460DA}

2011-10-06 00:52:02 -------- d-----w- C:\Users\Edson\AppData\Local\{8194CE7E-619D-47D6-A047-AFB7DB9807D2}

2011-10-06 00:51:29 -------- d-----w- C:\Users\Edson\AppData\Local\{6F69FB20-B566-436D-9119-2BDF5E304A70}

2011-10-04 02:12:31 -------- d-----w- C:\Users\Edson\AppData\Local\{48844A7E-EAF7-4A04-8B67-D24A8769D703}

2011-10-04 02:11:57 -------- d-----w- C:\Users\Edson\AppData\Local\{ECD250B8-0651-4515-90D1-BE478B5EBFF6}

2011-10-02 21:01:52 -------- d-----w- C:\Users\Edson\AppData\Local\{C54EC405-E055-4618-AD1C-67540B85913F}

2011-10-02 21:01:07 -------- d-----w- C:\Users\Edson\AppData\Local\{40E97D72-925C-418A-B308-B45EA2D19BE4}

2011-10-02 00:23:19 -------- d-----w- C:\Users\Edson\AppData\Local\{31D767AF-7699-44FD-9448-65C40656F635}

2011-09-30 04:07:22 36352 ----a-w- C:\Windows\SysWow64\SSubTmr6.dll

2011-09-30 04:07:21 94208 ----a-w- C:\Windows\SysWow64\vbalIml6.ocx

2011-09-30 04:07:21 200704 ----a-w- C:\Windows\SysWow64\vbalExpBar6.ocx

2011-09-30 04:07:20 -------- d-sh--w- C:\Program Files (x86)\MSBX

2011-09-27 21:29:40 -------- d-----w- C:\Users\Edson\AppData\Local\{811CF493-B02F-4293-9822-41B6F1A43280}

2011-09-27 21:29:06 -------- d-----w- C:\Users\Edson\AppData\Local\{3F94C79A-8EB8-4C6D-8346-358C6BB116BC}

2011-09-26 19:03:13 -------- d-----w- C:\Program Files (x86)\VirtualDJ

2011-09-25 22:42:21 -------- d-----w- C:\Users\Edson\AppData\Local\{698D7AAB-6B6A-4206-ADAB-E9D1D0C0D925}

2011-09-25 22:41:48 -------- d-----w- C:\Users\Edson\AppData\Local\{B0CA9680-9E83-4F51-B262-76255E5F162F}

2011-09-25 02:31:04 -------- d-----w- C:\wamp

2011-09-24 02:47:36 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2011-09-24 02:47:36 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll

2011-09-24 02:47:35 89048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll

2011-09-24 02:47:35 773080 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll

2011-09-24 02:47:35 478168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll

2011-09-24 02:47:35 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll

2011-09-24 02:47:35 1833944 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2011-09-24 02:47:35 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll

2011-09-19 18:46:01 -------- d-----w- C:\Users\Edson\AppData\Local\{478E8559-535C-4AF2-9D2E-6092B7AA018B}

2011-09-19 18:45:29 -------- d-----w- C:\Users\Edson\AppData\Local\{27FEE01B-9612-4DB6-9A5E-2C505A696F83}

.

==================== Find3M ====================

.

2011-09-24 12:44:21 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll

2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-08-31 23:08:50 167704 ----a-w- C:\Windows\System32\igfxtray.exe

2011-08-31 23:08:48 510232 ----a-w- C:\Windows\System32\igfxsrvc.exe

2011-08-31 23:08:44 416024 ----a-w- C:\Windows\System32\igfxpers.exe

2011-08-31 23:08:42 239896 ----a-w- C:\Windows\System32\igfxext.exe

2011-08-31 23:08:34 392472 ----a-w- C:\Windows\System32\hkcmd.exe

2011-08-31 23:08:24 4378392 ----a-w- C:\Windows\System32\GfxUI.exe

2011-08-31 23:08:22 179992 ----a-w- C:\Windows\System32\difx64.exe

2011-08-31 22:58:50 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2509.dll

2011-08-31 22:53:22 12306848 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys

2011-08-31 22:53:20 8312320 ----a-w- C:\Windows\System32\igdumd64.dll

2011-08-31 22:51:16 867020 ----a-w- C:\Windows\SysWow64\igkrng575.bin

2011-08-31 22:51:16 867020 ----a-w- C:\Windows\System32\igkrng575.bin

2011-08-31 22:51:16 128204 ----a-w- C:\Windows\SysWow64\igcompkrng575.bin

2011-08-31 22:51:16 128204 ----a-w- C:\Windows\System32\igcompkrng575.bin

2011-08-31 22:51:16 105608 ----a-w- C:\Windows\SysWow64\igfcg575m.bin

2011-08-31 22:51:16 105608 ----a-w- C:\Windows\System32\igfcg575m.bin

2011-08-31 22:47:42 6322688 ----a-w- C:\Windows\SysWow64\igdumd32.dll

2011-08-31 22:45:02 581120 ----a-w- C:\Windows\SysWow64\igdumdx32.dll

2011-08-31 22:42:42 14598656 ----a-w- C:\Windows\System32\igd10umd64.dll

2011-08-31 22:37:18 12340224 ----a-w- C:\Windows\SysWow64\igd10umd32.dll

2011-08-31 22:31:14 18641408 ----a-w- C:\Windows\System32\ig4icd64.dll

2011-08-31 22:26:20 13903872 ----a-w- C:\Windows\SysWow64\ig4icd32.dll

2011-08-31 22:21:50 375808 ----a-w- C:\Windows\System32\igfxpph.dll

2011-08-31 22:21:46 378368 ----a-w- C:\Windows\System32\igfxTMM.dll

2011-08-31 22:21:40 28672 ----a-w- C:\Windows\System32\igfxexps.dll

2011-08-31 22:21:26 62464 ----a-w- C:\Windows\System32\igfxsrvc.dll

2011-08-31 22:20:58 110080 ----a-w- C:\Windows\System32\hccutils.dll

2011-08-31 22:20:50 4096 ----a-w- C:\Windows\System32\IGFXDEVLib.dll

2011-08-31 22:20:50 146432 ----a-w- C:\Windows\System32\gfxSrvc.dll

2011-08-31 22:20:48 390144 ----a-w- C:\Windows\System32\igfxdev.dll

2011-08-31 22:20:14 285696 ----a-w- C:\Windows\System32\igfxrenu.lrc

2011-08-31 22:20:08 9014784 ----a-w- C:\Windows\System32\igfxress.dll

2011-08-31 22:20:08 142336 ----a-w- C:\Windows\System32\igfxdo.dll

2011-08-31 22:16:32 24576 ----a-w- C:\Windows\SysWow64\igfxexps32.dll

2011-08-31 22:15:46 294400 ----a-w- C:\Windows\SysWow64\igfxdv32.dll

2011-08-31 22:13:52 98304 ----a-w- C:\Windows\SysWow64\iglhcp32.dll

2011-08-31 22:13:52 98304 ----a-w- C:\Windows\System32\iglhcp64.dll

2011-08-31 22:13:52 94208 ----a-w- C:\Windows\System32\IccLibDll_x64.dll

2011-08-31 22:13:52 376832 ----a-w- C:\Windows\SysWow64\iglhsip32.dll

2011-08-31 22:13:52 376832 ----a-w- C:\Windows\System32\iglhsip64.dll

2011-08-31 22:13:52 162816 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll

2011-08-31 22:13:52 140288 ----a-w- C:\Windows\System32\igfxcmrt64.dll

2010-02-10 14:18:42 2131336 ----a-w- C:\Program Files (x86)\Common Files\AskToolbarInstaller.exe

2001-01-05 15:43:32 407552 ----a-w- C:\Program Files (x86)\ibuninst.exe

2001-01-05 15:43:12 175616 ----a-w- C:\Program Files (x86)\ibinstall.dll

1993-04-28 03:00:00 18688 ----a-w- C:\Program Files (x86)\Cmdialog.vbx

.

============= FINISH: 22:03:31,43 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 10/07/2010 23:54:04

System Uptime: 17/10/2011 14:42:00 (8 hours ago)

.

Motherboard: Acer | | Aspire 5740

Processor: Intel® Core i5 CPU M 430 @ 2.27GHz | CPU 1 | 2267/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 209 GiB total, 116,909 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is CDROM ()

K: is FIXED (NTFS) - 89 GiB total, 55,42 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: VMware Virtual Ethernet Adapter for VMnet1

Device ID: ROOT\VMWARE\0000

Manufacturer: VMware, Inc.

Name: VMware Virtual Ethernet Adapter for VMnet1

PNP Device ID: ROOT\VMWARE\0000

Service: VMnetAdapter

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: VMware Virtual Ethernet Adapter for VMnet8

Device ID: ROOT\VMWARE\0001

Manufacturer: VMware, Inc.

Name: VMware Virtual Ethernet Adapter for VMnet8

PNP Device ID: ROOT\VMWARE\0001

Service: VMnetAdapter

.

==== System Restore Points ===================

.

RP539: 17/10/2011 12:17:16 - Removed Microsoft Visual F# 2.0 Runtime

RP540: 17/10/2011 12:21:05 - Removed Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319

RP541: 17/10/2011 12:21:32 - Removed Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319

RP542: 17/10/2011 12:22:29 - Removed Microsoft Visual Studio Tools for Applications 2.0 Runtime

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Acer Crystal Eye Webcam

Acrobat.com

Add or Remove Adobe Creative Suite 3 Web Premium

Adobe AIR

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe BridgeTalk Plugin CS3

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Creative Suite 3 Web Premium

Adobe Default Language CS3

Adobe Device Central CS3

Adobe Dreamweaver CS3

Adobe Dreamweaver CS5

Adobe ExtendScript Toolkit 2

Adobe Extension Manager CS3

Adobe Fireworks CS3

Adobe Fireworks CS5

Adobe Flash CS3

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Flash Video Encoder

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Illustrator CS3

Adobe Linguistics CS3

Adobe MotionPicture Color Files

Adobe PDF Library Files

Adobe Photoshop CS5

Adobe Reader X (10.1.1) - Português

Adobe Setup

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe WAS CS3

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

Advanced SystemCare 3

AHV content for Acrobat and Flash

Alcor Micro USB Card Reader

Apple Application Support

Apple Software Update

Arquivo do WinRAR

Ask Toolbar

astah professional 6.1

µTorrent

Atualização do produto Microsoft Office Excel 2007 Help (KB963678)

Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)

Atualização do produto Microsoft Office Word 2007 Help (KB963665)

Axialis IconWorkshop 6.52

Babylon toolbar on IE

Bing Bar

CamStudio Lossless Codec

Camtasia Studio 7

Carsybde v. 1.1

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Controle ActiveX do Windows Live Mesh para Conexões Remotas

ConvertXtoDVD 4.1.2.336

D3DX10

DAEMON Tools Lite

DVD-lab PRO 2.5

Epson Print CD

FileZilla Client 3.5.1

FormatFactory 2.50

Google Chrome

GPBaseService2

HPProductAssistant

ImagXpress

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

InterBase

Java Auto Updater

Java 6 Update 26

Java SE Development Kit 6 Update 20

Junk Mail filter update

Manuais Online do Microsoft SQL Server 2008 (Português)

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft ASP.NET MVC 2

Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools

Microsoft Default Manager

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2003 Web Components

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Project 2007 Service Pack 2 (SP2)

Microsoft Office Project MUI (Portuguese (Brazil)) 2007

Microsoft Office Project Professional 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Visio 2007 Service Pack 2 (SP2)

Microsoft Office Visio MUI (Portuguese (Brazil)) 2007

Microsoft Office Visio Professional 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Silverlight

Microsoft Silverlight 3 SDK

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2008 Browser

Microsoft SQL Server 2008 Policies

Microsoft SQL Server 2008 R2 Data-Tier Application Framework

Microsoft SQL Server 2008 R2 Data-Tier Application Project

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server 2008 R2 Transact-SQL Language Service

Microsoft SQL Server Compact 3.5 SP1 Portuguese - Brazil

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server System CLR Types

Microsoft Sync Framework SDK v1.0 SP1

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Visual J# 2.0 Redistributable Package

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

Microsoft WSE 3.0 Runtime

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mozilla Firefox 7.0.1 (x86 pt-BR)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

neroxml

NewBlue 3D Explosions for Windows

NewBlue 3D Transformations for Windows

NewBlue Art Blends for Windows

NewBlue Art Effects for Windows

NewBlue Motion Blends for Windows

NewBlue Video Essentials for Windows

NewBlue Video Essentials II for Windows

NewBlue Video Essentials III for Windows

No-IP DUC

Notepad++

OpenAL

Pando Media Booster

PDF Settings

PDF Settings CS5

Pinnacle VideoSpin

PowerISO

Rapture3D 2.4.4 Game

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.0

RocketDock 1.3.5

Safari

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553074)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft Office Excel 2007 (KB2553073)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio 2007 (KB2553010)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (KB2478663)

Security Update for Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (KB2518870)

SolutionCenter

SQL Server Compact 3.5 SP1 Query Tools Portuguese - Brazil

The Sims Medieval

tools-linux

UnderCoverXP 1.23

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office OneNote 2007 (KB980729)

USB Dual Vibration Joystick

VDownloader 2.7.322

VirtualDJ Home FREE

Visual C++ 9.0 CRT (x86) WinSXS mesmo

Visual C++ 9.0 OpenMP (x86) WinSXS mesmo

VMware Player

WampServer 2.1

Windows 7 Upgrade Advisor

Windows Live Communications Platform

Windows Live Essentials

Windows Live Galeria de Fotos

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live Sync ActiveX Control for Remote Connections

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== End Of File ===========================

Desde já agradeço quem se dispuser a me ajudar.:)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Desculpe a demora :)

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

Abraços :D

  • Curtir 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Obrigado por se protificar a ajudar.

Segue os logs:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Edson at 12:19:37 on 2011-10-20

Microsoft Windows 7 Professional 6.1.7601.1.1252.55.1046.18.3764.2143 [GMT -2:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\bin\ibguard.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\CA\SharedComponents\CA_LIC\LogWatNT.exe

c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe

C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\Windows\SysWOW64\vmnat.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\SysWOW64\vmnetdhcp.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE

C:\Windows\system32\conhost.exe

C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe

c:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\bin\ibserver.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\PLFSetI.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\VMware\VMware Player\hqtray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\SysWOW64\ReSent.exe

C:\Program Files (x86)\MSBX\mb.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = local

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Auxiliar de Conexão do Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [EPSON T50 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFFL.EXE /FU "C:\Users\Edson\AppData\Local\Temp\E_S404C.tmp" /EF "HKCU"

uRun: [Google Update] "C:\Users\Edson\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot

mRun: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [ReSent] c:\windows\system32\resent.exe

mRun: [Mbox] "C:\Program Files (x86)\MSBX\mb.exe"

StartupFolder: C:\Users\Edson\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RECORT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

uPolicies-explorer: ForceRunOnStartMenu = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

dPolicies-explorer: ForceRunOnStartMenu = 1 (0x1)

IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

LSP: C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 200.204.0.10 200.204.0.138 192.168.0.1

TCP: Interfaces\{07AB6E77-70DF-4FC0-BA39-31FEE30A8A43} : DhcpNameServer = 200.204.0.10 200.204.0.138 192.168.0.1

TCP: Interfaces\{838E7FC9-E260-4417-8CAE-3A0710186422} : DhcpNameServer = 200.204.0.10 200.204.0.138 192.168.0.1

TCP: Interfaces\{838E7FC9-E260-4417-8CAE-3A0710186422}\46C696E6B6 : DhcpNameServer = 201.95.253.128 200.204.0.138 192.168.0.1

TCP: Interfaces\{838E7FC9-E260-4417-8CAE-3A0710186422}\5415050275942554C4543535 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{838E7FC9-E260-4417-8CAE-3A0710186422}\54455434F52316E6461627 : DhcpNameServer = 10.67.68.200

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{9FDDE16B-836F-4806-AB1F-1455CBEFF289}

{d2ce3e00-f94a-4740-988e-03dc2f38c34f}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

{8dcb7100-df86-4384-8842-8fa844297b3f}

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun-x64: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot

mRun-x64: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [ReSent] c:\windows\system32\resent.exe

mRun-x64: [Mbox] "C:\Program Files (x86)\MSBX\mb.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Edson\AppData\Roaming\Mozilla\Firefox\Profiles\j36xevmo.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com

FF - prefs.js: network.proxy.type - 0

FF - component: C:\Users\Edson\AppData\Roaming\Mozilla\Firefox\Profiles\j36xevmo.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D}\components\GbMzhCef.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Edson\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 LogWatch;Event Log Watch;C:\Program Files (x86)\CA\SharedComponents\CA_LIC\LogWatNT.exe [2005-2-23 53248]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.EXE [2010-7-11 2320920]

R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-3-25 539248]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-7-10 34840]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 XAMPP;XAMPP Service;C:\xampp\service.exe --> C:\xampp\service.exe [?]

S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]

S3 CA_LIC_CLNT;CA License Client;C:\Program Files (x86)\CA\SharedComponents\CA_LIC\lic98rmt.exe [2005-3-23 126976]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]

S3 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-2-28 210792]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 RDPDISPM;RDPDISPM;C:\Windows\system32\DRIVERS\rdpdispm.sys --> C:\Windows\system32\DRIVERS\rdpdispm.sys [?]

S3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-2-28 2085224]

S3 StorSvc;Serviço de Armazenamento;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 MSSQLServerADHelper100;Serviço Auxiliar do Active Directory do SQL;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 61976]

S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-2-28 430440]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-10-19 17:51:32 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CCBAC3D1-FB60-44D2-8D67-C3B17FC83241}\offreg.dll

2011-10-19 17:51:24 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CCBAC3D1-FB60-44D2-8D67-C3B17FC83241}\mpengine.dll

2011-10-19 13:52:50 -------- d-----w- C:\Users\Edson\AppData\Local\{D481AFB2-B6E2-49E8-9C70-C8BB77898A23}

2011-10-19 13:52:03 -------- d-----w- C:\Users\Edson\AppData\Local\{5067660E-DC5E-49C6-937D-0DCE8F67C6A3}

2011-10-15 16:53:52 3138048 ----a-w- C:\Windows\System32\win32k.sys

2011-10-15 16:53:33 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2011-10-15 16:53:33 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-10-15 16:53:33 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-10-15 16:53:32 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{784E8699-A74A-46CE-8489-3972876B87B4}\gapaengine.dll

2011-10-15 16:53:31 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2011-10-15 16:51:38 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-10-15 16:51:38 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-10-15 16:51:38 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-10-15 16:51:37 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-10-15 03:20:25 -------- d-----w- C:\Users\Edson\AppData\Local\{9BAE3BA8-F521-4827-9DBF-F8CF5B7958EA}

2011-10-15 03:19:49 -------- d-----w- C:\Users\Edson\AppData\Local\{0427B15E-3D7C-4D4F-ACAF-B6BA97F460DA}

2011-10-06 00:52:02 -------- d-----w- C:\Users\Edson\AppData\Local\{8194CE7E-619D-47D6-A047-AFB7DB9807D2}

2011-10-06 00:51:29 -------- d-----w- C:\Users\Edson\AppData\Local\{6F69FB20-B566-436D-9119-2BDF5E304A70}

2011-10-04 02:12:31 -------- d-----w- C:\Users\Edson\AppData\Local\{48844A7E-EAF7-4A04-8B67-D24A8769D703}

2011-10-04 02:11:57 -------- d-----w- C:\Users\Edson\AppData\Local\{ECD250B8-0651-4515-90D1-BE478B5EBFF6}

2011-10-02 21:01:52 -------- d-----w- C:\Users\Edson\AppData\Local\{C54EC405-E055-4618-AD1C-67540B85913F}

2011-10-02 21:01:07 -------- d-----w- C:\Users\Edson\AppData\Local\{40E97D72-925C-418A-B308-B45EA2D19BE4}

2011-10-02 00:23:19 -------- d-----w- C:\Users\Edson\AppData\Local\{31D767AF-7699-44FD-9448-65C40656F635}

2011-09-30 04:07:22 36352 ----a-w- C:\Windows\SysWow64\SSubTmr6.dll

2011-09-30 04:07:21 94208 ----a-w- C:\Windows\SysWow64\vbalIml6.ocx

2011-09-30 04:07:21 200704 ----a-w- C:\Windows\SysWow64\vbalExpBar6.ocx

2011-09-30 04:07:20 -------- d-sh--w- C:\Program Files (x86)\MSBX

2011-09-27 21:29:40 -------- d-----w- C:\Users\Edson\AppData\Local\{811CF493-B02F-4293-9822-41B6F1A43280}

2011-09-27 21:29:06 -------- d-----w- C:\Users\Edson\AppData\Local\{3F94C79A-8EB8-4C6D-8346-358C6BB116BC}

2011-09-26 19:03:13 -------- d-----w- C:\Program Files (x86)\VirtualDJ

2011-09-25 22:42:21 -------- d-----w- C:\Users\Edson\AppData\Local\{698D7AAB-6B6A-4206-ADAB-E9D1D0C0D925}

2011-09-25 22:41:48 -------- d-----w- C:\Users\Edson\AppData\Local\{B0CA9680-9E83-4F51-B262-76255E5F162F}

2011-09-25 02:31:04 -------- d-----w- C:\wamp

2011-09-24 02:47:36 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2011-09-24 02:47:36 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll

2011-09-24 02:47:35 89048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll

2011-09-24 02:47:35 773080 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll

2011-09-24 02:47:35 478168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll

2011-09-24 02:47:35 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll

2011-09-24 02:47:35 1833944 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2011-09-24 02:47:35 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll

.

==================== Find3M ====================

.

2011-09-24 12:44:21 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll

2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-08-31 23:08:50 167704 ----a-w- C:\Windows\System32\igfxtray.exe

2011-08-31 23:08:48 510232 ----a-w- C:\Windows\System32\igfxsrvc.exe

2011-08-31 23:08:44 416024 ----a-w- C:\Windows\System32\igfxpers.exe

2011-08-31 23:08:42 239896 ----a-w- C:\Windows\System32\igfxext.exe

2011-08-31 23:08:34 392472 ----a-w- C:\Windows\System32\hkcmd.exe

2011-08-31 23:08:24 4378392 ----a-w- C:\Windows\System32\GfxUI.exe

2011-08-31 23:08:22 179992 ----a-w- C:\Windows\System32\difx64.exe

2011-08-31 22:58:50 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2509.dll

2011-08-31 22:53:22 12306848 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys

2011-08-31 22:53:20 8312320 ----a-w- C:\Windows\System32\igdumd64.dll

2011-08-31 22:51:16 867020 ----a-w- C:\Windows\SysWow64\igkrng575.bin

2011-08-31 22:51:16 867020 ----a-w- C:\Windows\System32\igkrng575.bin

2011-08-31 22:51:16 128204 ----a-w- C:\Windows\SysWow64\igcompkrng575.bin

2011-08-31 22:51:16 128204 ----a-w- C:\Windows\System32\igcompkrng575.bin

2011-08-31 22:51:16 105608 ----a-w- C:\Windows\SysWow64\igfcg575m.bin

2011-08-31 22:51:16 105608 ----a-w- C:\Windows\System32\igfcg575m.bin

2011-08-31 22:47:42 6322688 ----a-w- C:\Windows\SysWow64\igdumd32.dll

2011-08-31 22:45:02 581120 ----a-w- C:\Windows\SysWow64\igdumdx32.dll

2011-08-31 22:42:42 14598656 ----a-w- C:\Windows\System32\igd10umd64.dll

2011-08-31 22:37:18 12340224 ----a-w- C:\Windows\SysWow64\igd10umd32.dll

2011-08-31 22:31:14 18641408 ----a-w- C:\Windows\System32\ig4icd64.dll

2011-08-31 22:26:20 13903872 ----a-w- C:\Windows\SysWow64\ig4icd32.dll

2011-08-31 22:21:50 375808 ----a-w- C:\Windows\System32\igfxpph.dll

2011-08-31 22:21:46 378368 ----a-w- C:\Windows\System32\igfxTMM.dll

2011-08-31 22:21:40 28672 ----a-w- C:\Windows\System32\igfxexps.dll

2011-08-31 22:21:26 62464 ----a-w- C:\Windows\System32\igfxsrvc.dll

2011-08-31 22:20:58 110080 ----a-w- C:\Windows\System32\hccutils.dll

2011-08-31 22:20:50 4096 ----a-w- C:\Windows\System32\IGFXDEVLib.dll

2011-08-31 22:20:50 146432 ----a-w- C:\Windows\System32\gfxSrvc.dll

2011-08-31 22:20:48 390144 ----a-w- C:\Windows\System32\igfxdev.dll

2011-08-31 22:20:14 285696 ----a-w- C:\Windows\System32\igfxrenu.lrc

2011-08-31 22:20:08 9014784 ----a-w- C:\Windows\System32\igfxress.dll

2011-08-31 22:20:08 142336 ----a-w- C:\Windows\System32\igfxdo.dll

2011-08-31 22:16:32 24576 ----a-w- C:\Windows\SysWow64\igfxexps32.dll

2011-08-31 22:15:46 294400 ----a-w- C:\Windows\SysWow64\igfxdv32.dll

2011-08-31 22:13:52 98304 ----a-w- C:\Windows\SysWow64\iglhcp32.dll

2011-08-31 22:13:52 98304 ----a-w- C:\Windows\System32\iglhcp64.dll

2011-08-31 22:13:52 94208 ----a-w- C:\Windows\System32\IccLibDll_x64.dll

2011-08-31 22:13:52 376832 ----a-w- C:\Windows\SysWow64\iglhsip32.dll

2011-08-31 22:13:52 376832 ----a-w- C:\Windows\System32\iglhsip64.dll

2011-08-31 22:13:52 162816 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll

2011-08-31 22:13:52 140288 ----a-w- C:\Windows\System32\igfxcmrt64.dll

2010-02-10 14:18:42 2131336 ----a-w- C:\Program Files (x86)\Common Files\AskToolbarInstaller.exe

2001-01-05 15:43:32 407552 ----a-w- C:\Program Files (x86)\ibuninst.exe

2001-01-05 15:43:12 175616 ----a-w- C:\Program Files (x86)\ibinstall.dll

1993-04-28 03:00:00 18688 ----a-w- C:\Program Files (x86)\Cmdialog.vbx

.

============= FINISH: 12:21:36,39 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 10/07/2010 23:54:04

System Uptime: 20/10/2011 03:44:16 (9 hours ago)

.

Motherboard: Acer | | Aspire 5740

Processor: Intel® Core i5 CPU M 430 @ 2.27GHz | CPU 1 | 2267/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 209 GiB total, 121,599 GiB free.

D: is CDROM ()

F: is CDROM ()

K: is FIXED (NTFS) - 89 GiB total, 55,415 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: VMware Virtual Ethernet Adapter for VMnet1

Device ID: ROOT\VMWARE\0000

Manufacturer: VMware, Inc.

Name: VMware Virtual Ethernet Adapter for VMnet1

PNP Device ID: ROOT\VMWARE\0000

Service: VMnetAdapter

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: VMware Virtual Ethernet Adapter for VMnet8

Device ID: ROOT\VMWARE\0001

Manufacturer: VMware, Inc.

Name: VMware Virtual Ethernet Adapter for VMnet8

PNP Device ID: ROOT\VMWARE\0001

Service: VMnetAdapter

.

==== System Restore Points ===================

.

RP539: 17/10/2011 12:17:16 - Removed Microsoft Visual F# 2.0 Runtime

RP540: 17/10/2011 12:21:05 - Removed Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319

RP541: 17/10/2011 12:21:32 - Removed Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319

RP542: 17/10/2011 12:22:29 - Removed Microsoft Visual Studio Tools for Applications 2.0 Runtime

RP543: 19/10/2011 10:27:20 - Removed The Sims Medieval

RP544: 19/10/2011 14:51:00 - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Acer Crystal Eye Webcam

Acrobat.com

Add or Remove Adobe Creative Suite 3 Web Premium

Adobe AIR

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe BridgeTalk Plugin CS3

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Creative Suite 3 Web Premium

Adobe Default Language CS3

Adobe Device Central CS3

Adobe Dreamweaver CS3

Adobe Dreamweaver CS5

Adobe ExtendScript Toolkit 2

Adobe Extension Manager CS3

Adobe Fireworks CS3

Adobe Fireworks CS5

Adobe Flash CS3

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Flash Video Encoder

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Illustrator CS3

Adobe Linguistics CS3

Adobe MotionPicture Color Files

Adobe PDF Library Files

Adobe Photoshop CS5

Adobe Reader X (10.1.1) - Português

Adobe Setup

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe WAS CS3

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

Advanced SystemCare 3

AHV content for Acrobat and Flash

Alcor Micro USB Card Reader

Apple Application Support

Apple Software Update

Arquivo do WinRAR

astah professional 6.1

µTorrent

Atualização do produto Microsoft Office Excel 2007 Help (KB963678)

Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)

Atualização do produto Microsoft Office Word 2007 Help (KB963665)

Axialis IconWorkshop 6.52

Bing Bar

CamStudio Lossless Codec

Camtasia Studio 7

Carsybde v. 1.1

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Controle ActiveX do Windows Live Mesh para Conexões Remotas

ConvertXtoDVD 4.1.2.336

D3DX10

DAEMON Tools Lite

DVD-lab PRO 2.5

Epson Print CD

FileZilla Client 3.5.1

FormatFactory 2.50

Google Chrome

GPBaseService2

HPProductAssistant

ImagXpress

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

InterBase

Java Auto Updater

Java 6 Update 26

Java SE Development Kit 6 Update 20

Junk Mail filter update

Manuais Online do Microsoft SQL Server 2008 (Português)

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft ASP.NET MVC 2

Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools

Microsoft Default Manager

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2003 Web Components

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Project 2007 Service Pack 2 (SP2)

Microsoft Office Project MUI (Portuguese (Brazil)) 2007

Microsoft Office Project Professional 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Visio 2007 Service Pack 2 (SP2)

Microsoft Office Visio MUI (Portuguese (Brazil)) 2007

Microsoft Office Visio Professional 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Silverlight

Microsoft Silverlight 3 SDK

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2008 Browser

Microsoft SQL Server 2008 Policies

Microsoft SQL Server 2008 R2 Data-Tier Application Framework

Microsoft SQL Server 2008 R2 Data-Tier Application Project

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server 2008 R2 Transact-SQL Language Service

Microsoft SQL Server Compact 3.5 SP1 Portuguese - Brazil

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server System CLR Types

Microsoft Sync Framework SDK v1.0 SP1

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Visual J# 2.0 Redistributable Package

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

Microsoft WSE 3.0 Runtime

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mozilla Firefox 7.0.1 (x86 pt-BR)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

neroxml

NewBlue 3D Explosions for Windows

NewBlue 3D Transformations for Windows

NewBlue Art Blends for Windows

NewBlue Art Effects for Windows

NewBlue Motion Blends for Windows

NewBlue Video Essentials for Windows

NewBlue Video Essentials II for Windows

NewBlue Video Essentials III for Windows

Notepad++

OpenAL

Pando Media Booster

PDF Settings

PDF Settings CS5

Pinnacle VideoSpin

Rapture3D 2.4.4 Game

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.0

RocketDock 1.3.5

Safari

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553074)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft Office Excel 2007 (KB2553073)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio 2007 (KB2553010)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (KB2478663)

Security Update for Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (KB2518870)

SolutionCenter

SQL Server Compact 3.5 SP1 Query Tools Portuguese - Brazil

tools-linux

UnderCoverXP 1.23

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office OneNote 2007 (KB980729)

USB Dual Vibration Joystick

VirtualDJ Home FREE

Visual C++ 9.0 CRT (x86) WinSXS mesmo

Visual C++ 9.0 OpenMP (x86) WinSXS mesmo

VMware Player

WampServer 2.1

Windows 7 Upgrade Advisor

Windows Live Communications Platform

Windows Live Essentials

Windows Live Galeria de Fotos

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live Sync ActiveX Control for Remote Connections

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== End Of File ===========================

Como dito antes, o GMER não gera um log apenas uma mensagem falando que não encontrou nenhuma alteração no sistema.:seila:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Kalel10

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

Qual operadora você utiliza?

Conhece esse IP:

TCP: DhcpNameServer = 10.67.68.200

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá!

Não entendi sua pergunta que se refere a que operadora eu utilizo seria de telefone celular?!

E não conheço o IP em questão.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Kalel10

Não entendi sua pergunta que se refere a que operadora eu utilizo seria de telefone celular?!
Seria Telefônica, NetVirtua, etc?

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá diego_moicano!

Minha operadora é a Telefônica. Não havia entendido a pergunta:D desculpa!

Fiz o solicitado e a única coisa que não aconteceu foi que o ComboFix não reiniciou o PC automaticamente como dito:confused:

Segue o log gerado:

ComboFix 11-10-24.02 - Edson 24/10/2011 12:38:24.1.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.55.1046.18.3764.2229 [GMT -2:00]

Executando de: c:\users\Edson\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\FunWebProducts

c:\program files (x86)\FunWebProducts\Installr\1.bin\F3EZSETP.DLL

c:\program files (x86)\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL

c:\program files (x86)\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL

c:\users\Edson\AppData\Roaming\inst.exe

c:\users\Edson\AppData\Roaming\Microsoft\Windows\Recent\jude-community.url

c:\users\Edson\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db

c:\users\Edson\AppData\Roaming\vso_ts_preview.xml

c:\windows\inf\asynceql.inf

c:\windows\Media\_tmp

c:\windows\Media\msappupd.wav

c:\windows\system\mkp.dll

c:\windows\SysWow64\drwtsn32.dll

c:\windows\XSxS

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-09-24 to 2011-10-24 ))))))))))))))))))))))))))))

.

.

2011-10-24 14:50 . 2011-10-24 14:50 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-24 13:01 . 2011-10-24 13:01 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{01F0B28E-AE42-4DE3-8F09-F85952C23E25}\offreg.dll

2011-10-24 13:01 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{01F0B28E-AE42-4DE3-8F09-F85952C23E25}\mpengine.dll

2011-10-24 02:33 . 2011-10-24 02:33 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-10-15 16:53 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys

2011-10-15 16:53 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-15 16:53 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll

2011-10-15 16:53 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax

2011-10-15 16:53 . 2011-10-15 16:53 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{784E8699-A74A-46CE-8489-3972876B87B4}\gapaengine.dll

2011-10-15 16:53 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-15 16:51 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll

2011-10-15 16:51 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-10-15 16:51 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll

2011-10-15 16:51 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll

2011-09-30 04:07 . 2003-01-26 17:41 36352 ----a-w- c:\windows\SysWow64\SSubTmr6.dll

2011-09-30 04:07 . 2003-11-11 23:59 200704 ----a-w- c:\windows\SysWow64\vbalExpBar6.ocx

2011-09-30 04:07 . 2003-04-01 11:36 94208 ----a-w- c:\windows\SysWow64\vbalIml6.ocx

2011-09-30 04:07 . 2011-09-30 04:30 -------- d-sh--w- c:\program files (x86)\MSBX

2011-09-26 19:03 . 2011-09-26 19:03 -------- d-----w- c:\program files (x86)\VirtualDJ

2011-09-25 02:31 . 2011-09-25 02:34 -------- d-----w- C:\wamp

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-17 14:56 . 2011-02-13 18:13 2018272 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2011-10-07 04:16 . 2010-07-25 15:21 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-10-03 07:06 . 2010-08-08 17:00 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-09-24 12:44 . 2011-05-20 18:05 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-08-31 23:08 . 2011-08-31 23:08 167704 ----a-w- c:\windows\system32\igfxtray.exe

2011-08-31 23:08 . 2011-08-31 23:08 510232 ----a-w- c:\windows\system32\igfxsrvc.exe

2011-08-31 23:08 . 2011-08-31 23:08 416024 ----a-w- c:\windows\system32\igfxpers.exe

2011-08-31 23:08 . 2011-08-31 23:08 239896 ----a-w- c:\windows\system32\igfxext.exe

2011-08-31 23:08 . 2011-08-31 23:08 392472 ----a-w- c:\windows\system32\hkcmd.exe

2011-08-31 23:08 . 2011-08-31 23:08 4378392 ----a-w- c:\windows\system32\GfxUI.exe

2011-08-31 23:08 . 2011-08-31 23:08 179992 ----a-w- c:\windows\system32\difx64.exe

2011-08-31 22:58 . 2011-08-31 22:58 90112 ----a-w- c:\windows\system32\igfxCoIn_v2509.dll

2011-08-31 22:53 . 2011-08-31 22:53 12306848 ----a-w- c:\windows\system32\drivers\igdkmd64.sys

2011-08-31 22:53 . 2011-08-31 22:53 8312320 ----a-w- c:\windows\system32\igdumd64.dll

2011-08-31 22:51 . 2011-08-31 22:51 867020 ----a-w- c:\windows\system32\igkrng575.bin

2011-08-31 22:51 . 2011-08-31 22:51 128204 ----a-w- c:\windows\system32\igcompkrng575.bin

2011-08-31 22:51 . 2011-08-31 22:51 105608 ----a-w- c:\windows\system32\igfcg575m.bin

2011-08-31 22:47 . 2011-08-31 22:47 6322688 ----a-w- c:\windows\SysWow64\igdumd32.dll

2011-08-31 22:45 . 2011-08-31 22:45 581120 ----a-w- c:\windows\SysWow64\igdumdx32.dll

2011-08-31 22:42 . 2010-07-11 03:14 14598656 ----a-w- c:\windows\system32\igd10umd64.dll

2011-08-31 22:37 . 2011-08-31 22:37 12340224 ----a-w- c:\windows\SysWow64\igd10umd32.dll

2011-08-31 22:31 . 2011-08-31 22:31 18641408 ----a-w- c:\windows\system32\ig4icd64.dll

2011-08-31 22:26 . 2011-08-31 22:26 13903872 ----a-w- c:\windows\SysWow64\ig4icd32.dll

2011-08-31 22:22 . 2011-08-31 22:22 286720 ----a-w- c:\windows\system32\igfxrrom.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286720 ----a-w- c:\windows\system32\igfxrsky.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286208 ----a-w- c:\windows\system32\igfxrslv.lrc

2011-08-31 22:22 . 2011-08-31 22:22 287232 ----a-w- c:\windows\system32\igfxresn.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286208 ----a-w- c:\windows\system32\igfxrsve.lrc

2011-08-31 22:22 . 2011-08-31 22:22 285696 ----a-w- c:\windows\system32\igfxrtha.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286720 ----a-w- c:\windows\system32\igfxrrus.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286720 ----a-w- c:\windows\system32\igfxrptg.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286720 ----a-w- c:\windows\system32\igfxrplk.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286208 ----a-w- c:\windows\system32\igfxrptb.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286208 ----a-w- c:\windows\system32\igfxrnor.lrc

2011-08-31 22:22 . 2011-08-31 22:22 283136 ----a-w- c:\windows\system32\igfxrkor.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286720 ----a-w- c:\windows\system32\igfxrita.lrc

2011-08-31 22:22 . 2011-08-31 22:22 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc

2011-08-31 22:22 . 2011-08-31 22:22 287232 ----a-w- c:\windows\system32\igfxrell.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286208 ----a-w- c:\windows\system32\igfxrhun.lrc

2011-08-31 22:22 . 2011-08-31 22:22 285184 ----a-w- c:\windows\system32\igfxrheb.lrc

2011-08-31 22:22 . 2011-08-31 22:22 287232 ----a-w- c:\windows\system32\igfxrfra.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286720 ----a-w- c:\windows\system32\igfxrnld.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286208 ----a-w- c:\windows\system32\igfxrfin.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc

2011-08-31 22:22 . 2011-08-31 22:22 285696 ----a-w- c:\windows\system32\igfxrdan.lrc

2011-08-31 22:22 . 2011-08-31 22:22 282624 ----a-w- c:\windows\system32\igfxrcht.lrc

2011-08-31 22:22 . 2011-08-31 22:22 285184 ----a-w- c:\windows\system32\igfxrara.lrc

2011-08-31 22:22 . 2011-08-31 22:22 282624 ----a-w- c:\windows\system32\igfxrchs.lrc

2011-08-31 22:22 . 2011-08-31 22:22 126976 ----a-w- c:\windows\system32\igfxcpl.cpl

2011-08-31 22:21 . 2010-08-25 21:04 375808 ----a-w- c:\windows\system32\igfxpph.dll

2011-08-31 22:21 . 2011-08-31 22:21 378368 ----a-w- c:\windows\system32\igfxTMM.dll

2011-08-31 22:21 . 2011-08-31 22:21 28672 ----a-w- c:\windows\system32\igfxexps.dll

2011-08-31 22:21 . 2010-07-11 03:14 62464 ----a-w- c:\windows\system32\igfxsrvc.dll

2011-08-31 22:20 . 2010-07-11 03:14 110080 ----a-w- c:\windows\system32\hccutils.dll

2011-08-31 22:20 . 2011-08-31 22:20 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll

2011-08-31 22:20 . 2011-08-31 22:20 146432 ----a-w- c:\windows\system32\gfxSrvc.dll

2011-08-31 22:20 . 2011-08-31 22:20 390144 ----a-w- c:\windows\system32\igfxdev.dll

2011-08-31 22:20 . 2011-08-31 22:20 285696 ----a-w- c:\windows\system32\igfxrenu.lrc

2011-08-31 22:20 . 2011-08-31 22:20 9014784 ----a-w- c:\windows\system32\igfxress.dll

2011-08-31 22:20 . 2011-08-31 22:20 142336 ----a-w- c:\windows\system32\igfxdo.dll

2011-08-31 22:16 . 2011-08-31 22:16 24576 ----a-w- c:\windows\SysWow64\igfxexps32.dll

2011-08-31 22:15 . 2011-08-31 22:15 294400 ----a-w- c:\windows\SysWow64\igfxdv32.dll

2011-08-31 22:13 . 2011-08-31 22:13 98304 ----a-w- c:\windows\SysWow64\iglhcp32.dll

2011-08-31 22:13 . 2011-08-31 22:13 98304 ----a-w- c:\windows\system32\iglhcp64.dll

2011-08-31 22:13 . 2011-08-31 22:13 94208 ----a-w- c:\windows\system32\IccLibDll_x64.dll

2011-08-31 22:13 . 2011-08-31 22:13 376832 ----a-w- c:\windows\SysWow64\iglhsip32.dll

2011-08-31 22:13 . 2011-08-31 22:13 376832 ----a-w- c:\windows\system32\iglhsip64.dll

2011-08-31 22:13 . 2011-08-31 22:13 162816 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll

2011-08-31 22:13 . 2011-08-31 22:13 140288 ----a-w- c:\windows\system32\igfxcmrt64.dll

2011-07-29 17:10 . 2010-06-24 13:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2010-02-10 14:18 . 2010-07-14 00:31 2131336 ----a-w- c:\program files (x86)\Common Files\AskToolbarInstaller.exe

2001-01-05 15:43 . 2011-05-13 00:43 407552 ----a-w- c:\program files (x86)\ibuninst.exe

2001-01-05 15:43 . 2001-01-05 15:43 175616 ----a-w- c:\program files (x86)\ibinstall.dll

1993-04-28 03:00 . 2011-08-10 00:03 18688 ----a-w- c:\program files (x86)\Cmdialog.vbx

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]

"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-09-19 202256]

"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2011-03-26 64112]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"ReSent"="c:\windows\system32\resent.exe" [2011-06-27 176640]

"Mbox"="c:\program files (x86)\MSBX\mb.exe" [2011-08-12 11280384]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

c:\users\Edson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Recorte de tela e Iniciador do OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceRunOnStartMenu"= 1 (0x1)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceRunOnStartMenu"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 XAMPP;XAMPP Service;c:\xampp\service.exe [x]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 CA_LIC_CLNT;CA License Client;c:\program files (x86)\CA\SharedComponents\CA_LIC\\lic98rmt.exe [2005-03-23 126976]

R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\gravity\Ragnarok Online\GameGuard\dump_wmimmc.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]

R3 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-02-28 210792]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 npkycryp;npkycryp;c:\program files (x86)\gravity\Ragnarok Online\npkycryp.sys [x]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]

R3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [x]

R3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-02-28 2085224]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 MSSQLServerADHelper100;Serviço Auxiliar do Active Directory do SQL;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 61976]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-02-28 430440]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 LogWatch;Event Log Watch;c:\program files (x86)\CA\SharedComponents\CA_LIC\LogWatNT.exe [2005-02-23 53248]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-23 2320920]

S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-26 539248]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-07-10 34840]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2011-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4098857871-3590449424-497678101-1000Core.job

- c:\users\Edson\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-31 23:06]

.

2011-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4098857871-3590449424-497678101-1000UA.job

- c:\users\Edson\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-31 23:06]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]

"PLFSetI"="c:\windows\PLFSetI.exe" [2009-11-20 200704]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = local

IE: E&xportar para o Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000

LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll

TCP: DhcpNameServer = 200.204.0.10 200.204.0.138 192.168.0.1

FF - ProfilePath - c:\users\Edson\AppData\Roaming\Mozilla\Firefox\Profiles\j36xevmo.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com

FF - prefs.js: network.proxy.type - 0

.

- - - - ORFÃOS REMOVIDOS - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-4098857871-3590449424-497678101-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:85,f5,83,4f,fe,de,d7,f9,56,ac,f9,71,f3,85,67,71,5f,5a,b9,71,ac,39,32,

83,af,58,89,1c,fb,85,05,5f,d3,b7,0c,4d,b4,bf,59,84,02,93,12,47,29,c5,56,ff,\

"??"=hex:3d,07,85,6a,ce,d8,c4,d4,5a,13,bd,30,b1,13,e8,68

.

[HKEY_USERS\S-1-5-21-4098857871-3590449424-497678101-1000\Software\SecuROM\License information*]

"datasecu"=hex:09,2a,94,02,c1,48,73,2a,ec,bd,a9,58,07,6f,fb,07,ad,47,de,fc,2d,

d7,b1,d1,97,04,e5,84,c3,7d,6b,7a,1c,2b,91,f4,55,09,e3,31,dc,a5,e5,31,1a,93,\

"rkeysecu"=hex:ff,85,05,3b,a2,c5,09,23,4f,cf,f5,85,fb,96,7c,96

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2011-10-24 12:53:59

ComboFix-quarantined-files.txt 2011-10-24 14:53

.

Pré-execução: 127.399.813.120 bytes disponíveis

Pós execução: 126.868.975.616 bytes disponíveis

.

- - End Of File - - B5994AA99315DD7FAB0E954642B478A0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Kalel10

Normal o ComboFix não ter reiniciado ;)

# Etapa nº 1 #

>>>> Encontra-se instalado em seu computador o Toolbar Ask; toolbars recolhem informações do usuário sem consentimento, fazendo também downloads de plugins sem premissão... Caso opte pela desinstalação sinta-se a vontade :)

# Etapa nº 2 #

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

  • Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

Reglock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]


  • Salve este arquivo como: CFScript.txt
  • Tal com exemplificado na animação abaixo, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

2872959479_997d4500c4_o.gif

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro diego_moicano.

Meu PC depois do primeiro scaner feito pelo ComboFix o antivirus deixou de apresentar o virus em questão(Trojanproxy).^_^

E gostaria de continuar com processo de "limpeza" e também de que você me informasse o porquê de cada procedimento.

Muito obrigado pelo que tem feito até agora! :D

Segue o log:

ComboFix 11-10-26.08 - Edson 26/10/2011 20:16:35.2.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.55.1046.18.3764.2037 [GMT -2:00]

Executando de: c:\users\Edson\Desktop\ComboFix.exe

Comandos utilizados :: c:\users\Edson\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-09-26 to 2011-10-26 ))))))))))))))))))))))))))))

.

.

2011-10-26 22:26 . 2011-10-26 22:26 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-25 23:11 . 2011-10-25 23:11 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F1FC0769-8B52-41D9-9682-8827E01C015B}\offreg.dll

2011-10-25 23:11 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F1FC0769-8B52-41D9-9682-8827E01C015B}\mpengine.dll

2011-10-24 02:33 . 2011-10-24 02:33 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-10-15 16:53 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys

2011-10-15 16:53 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-15 16:53 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll

2011-10-15 16:53 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax

2011-10-15 16:53 . 2011-10-15 16:53 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{784E8699-A74A-46CE-8489-3972876B87B4}\gapaengine.dll

2011-10-15 16:53 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-15 16:51 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll

2011-10-15 16:51 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-10-15 16:51 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll

2011-10-15 16:51 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll

2011-09-30 04:07 . 2003-01-26 17:41 36352 ----a-w- c:\windows\SysWow64\SSubTmr6.dll

2011-09-30 04:07 . 2003-11-11 23:59 200704 ----a-w- c:\windows\SysWow64\vbalExpBar6.ocx

2011-09-30 04:07 . 2003-04-01 11:36 94208 ----a-w- c:\windows\SysWow64\vbalIml6.ocx

2011-09-30 04:07 . 2011-09-30 04:30 -------- d-sh--w- c:\program files (x86)\MSBX

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-17 14:56 . 2011-02-13 18:13 2018272 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2011-10-07 04:16 . 2010-07-25 15:21 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-10-03 07:06 . 2010-08-08 17:00 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-09-24 12:44 . 2011-05-20 18:05 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-08-31 23:08 . 2011-08-31 23:08 167704 ----a-w- c:\windows\system32\igfxtray.exe

2011-08-31 23:08 . 2011-08-31 23:08 510232 ----a-w- c:\windows\system32\igfxsrvc.exe

2011-08-31 23:08 . 2011-08-31 23:08 416024 ----a-w- c:\windows\system32\igfxpers.exe

2011-08-31 23:08 . 2011-08-31 23:08 239896 ----a-w- c:\windows\system32\igfxext.exe

2011-08-31 23:08 . 2011-08-31 23:08 392472 ----a-w- c:\windows\system32\hkcmd.exe

2011-08-31 23:08 . 2011-08-31 23:08 4378392 ----a-w- c:\windows\system32\GfxUI.exe

2011-08-31 23:08 . 2011-08-31 23:08 179992 ----a-w- c:\windows\system32\difx64.exe

2011-08-31 22:58 . 2011-08-31 22:58 90112 ----a-w- c:\windows\system32\igfxCoIn_v2509.dll

2011-08-31 22:53 . 2011-08-31 22:53 12306848 ----a-w- c:\windows\system32\drivers\igdkmd64.sys

2011-08-31 22:53 . 2011-08-31 22:53 8312320 ----a-w- c:\windows\system32\igdumd64.dll

2011-08-31 22:51 . 2011-08-31 22:51 867020 ----a-w- c:\windows\system32\igkrng575.bin

2011-08-31 22:51 . 2011-08-31 22:51 128204 ----a-w- c:\windows\system32\igcompkrng575.bin

2011-08-31 22:51 . 2011-08-31 22:51 105608 ----a-w- c:\windows\system32\igfcg575m.bin

2011-08-31 22:47 . 2011-08-31 22:47 6322688 ----a-w- c:\windows\SysWow64\igdumd32.dll

2011-08-31 22:45 . 2011-08-31 22:45 581120 ----a-w- c:\windows\SysWow64\igdumdx32.dll

2011-08-31 22:42 . 2010-07-11 03:14 14598656 ----a-w- c:\windows\system32\igd10umd64.dll

2011-08-31 22:37 . 2011-08-31 22:37 12340224 ----a-w- c:\windows\SysWow64\igd10umd32.dll

2011-08-31 22:31 . 2011-08-31 22:31 18641408 ----a-w- c:\windows\system32\ig4icd64.dll

2011-08-31 22:26 . 2011-08-31 22:26 13903872 ----a-w- c:\windows\SysWow64\ig4icd32.dll

2011-08-31 22:22 . 2011-08-31 22:22 286720 ----a-w- c:\windows\system32\igfxrrom.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286720 ----a-w- c:\windows\system32\igfxrsky.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286208 ----a-w- c:\windows\system32\igfxrslv.lrc

2011-08-31 22:22 . 2011-08-31 22:22 287232 ----a-w- c:\windows\system32\igfxresn.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286208 ----a-w- c:\windows\system32\igfxrsve.lrc

2011-08-31 22:22 . 2011-08-31 22:22 285696 ----a-w- c:\windows\system32\igfxrtha.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286720 ----a-w- c:\windows\system32\igfxrrus.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286720 ----a-w- c:\windows\system32\igfxrptg.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286720 ----a-w- c:\windows\system32\igfxrplk.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286208 ----a-w- c:\windows\system32\igfxrptb.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286208 ----a-w- c:\windows\system32\igfxrnor.lrc

2011-08-31 22:22 . 2011-08-31 22:22 283136 ----a-w- c:\windows\system32\igfxrkor.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286720 ----a-w- c:\windows\system32\igfxrita.lrc

2011-08-31 22:22 . 2011-08-31 22:22 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc

2011-08-31 22:22 . 2011-08-31 22:22 287232 ----a-w- c:\windows\system32\igfxrell.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286208 ----a-w- c:\windows\system32\igfxrhun.lrc

2011-08-31 22:22 . 2011-08-31 22:22 285184 ----a-w- c:\windows\system32\igfxrheb.lrc

2011-08-31 22:22 . 2011-08-31 22:22 287232 ----a-w- c:\windows\system32\igfxrfra.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286720 ----a-w- c:\windows\system32\igfxrnld.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286208 ----a-w- c:\windows\system32\igfxrfin.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc

2011-08-31 22:22 . 2011-08-31 22:22 285696 ----a-w- c:\windows\system32\igfxrdan.lrc

2011-08-31 22:22 . 2011-08-31 22:22 282624 ----a-w- c:\windows\system32\igfxrcht.lrc

2011-08-31 22:22 . 2011-08-31 22:22 285184 ----a-w- c:\windows\system32\igfxrara.lrc

2011-08-31 22:22 . 2011-08-31 22:22 282624 ----a-w- c:\windows\system32\igfxrchs.lrc

2011-08-31 22:22 . 2011-08-31 22:22 126976 ----a-w- c:\windows\system32\igfxcpl.cpl

2011-08-31 22:21 . 2010-08-25 21:04 375808 ----a-w- c:\windows\system32\igfxpph.dll

2011-08-31 22:21 . 2011-08-31 22:21 378368 ----a-w- c:\windows\system32\igfxTMM.dll

2011-08-31 22:21 . 2011-08-31 22:21 28672 ----a-w- c:\windows\system32\igfxexps.dll

2011-08-31 22:21 . 2010-07-11 03:14 62464 ----a-w- c:\windows\system32\igfxsrvc.dll

2011-08-31 22:20 . 2010-07-11 03:14 110080 ----a-w- c:\windows\system32\hccutils.dll

2011-08-31 22:20 . 2011-08-31 22:20 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll

2011-08-31 22:20 . 2011-08-31 22:20 146432 ----a-w- c:\windows\system32\gfxSrvc.dll

2011-08-31 22:20 . 2011-08-31 22:20 390144 ----a-w- c:\windows\system32\igfxdev.dll

2011-08-31 22:20 . 2011-08-31 22:20 285696 ----a-w- c:\windows\system32\igfxrenu.lrc

2011-08-31 22:20 . 2011-08-31 22:20 9014784 ----a-w- c:\windows\system32\igfxress.dll

2011-08-31 22:20 . 2011-08-31 22:20 142336 ----a-w- c:\windows\system32\igfxdo.dll

2011-08-31 22:16 . 2011-08-31 22:16 24576 ----a-w- c:\windows\SysWow64\igfxexps32.dll

2011-08-31 22:15 . 2011-08-31 22:15 294400 ----a-w- c:\windows\SysWow64\igfxdv32.dll

2011-08-31 22:13 . 2011-08-31 22:13 98304 ----a-w- c:\windows\SysWow64\iglhcp32.dll

2011-08-31 22:13 . 2011-08-31 22:13 98304 ----a-w- c:\windows\system32\iglhcp64.dll

2011-08-31 22:13 . 2011-08-31 22:13 94208 ----a-w- c:\windows\system32\IccLibDll_x64.dll

2011-08-31 22:13 . 2011-08-31 22:13 376832 ----a-w- c:\windows\SysWow64\iglhsip32.dll

2011-08-31 22:13 . 2011-08-31 22:13 376832 ----a-w- c:\windows\system32\iglhsip64.dll

2011-08-31 22:13 . 2011-08-31 22:13 162816 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll

2011-08-31 22:13 . 2011-08-31 22:13 140288 ----a-w- c:\windows\system32\igfxcmrt64.dll

2011-07-29 17:10 . 2010-06-24 13:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2010-02-10 14:18 . 2010-07-14 00:31 2131336 ----a-w- c:\program files (x86)\Common Files\AskToolbarInstaller.exe

2001-01-05 15:43 . 2011-05-13 00:43 407552 ----a-w- c:\program files (x86)\ibuninst.exe

2001-01-05 15:43 . 2001-01-05 15:43 175616 ----a-w- c:\program files (x86)\ibinstall.dll

1993-04-28 03:00 . 2011-08-10 00:03 18688 ----a-w- c:\program files (x86)\Cmdialog.vbx

.

.

((((((((((((((((((((((((((((( SnapShot@2011-10-24_14.50.18 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-07-11 03:07 . 2011-10-24 16:44 74940 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

- 2010-07-11 03:07 . 2011-10-19 13:39 74940 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2011-10-19 13:39 40664 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-10-24 16:44 40664 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2010-07-11 02:59 . 2011-10-19 13:39 29082 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4098857871-3590449424-497678101-1000_UserData.bin

+ 2010-07-11 02:59 . 2011-10-24 16:44 29082 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4098857871-3590449424-497678101-1000_UserData.bin

+ 2010-10-12 17:08 . 2011-10-24 15:27 19120 c:\windows\system32\NetworkList\Icons\010103000F0000F0080000000F0000F057FAB3CD03138859A36CB59211F644A68450BF054F96904C484B5E71DBAC865E_48.bin

- 2010-10-12 17:08 . 2011-10-24 14:30 19120 c:\windows\system32\NetworkList\Icons\010103000F0000F0080000000F0000F057FAB3CD03138859A36CB59211F644A68450BF054F96904C484B5E71DBAC865E_48.bin

+ 2010-07-11 02:52 . 2011-10-24 19:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-07-11 02:52 . 2011-10-19 12:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-07-11 02:52 . 2011-10-19 12:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-07-11 02:52 . 2011-10-24 19:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-10-19 12:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-10-24 19:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-10-12 17:08 . 2011-10-24 15:27 8560 c:\windows\system32\NetworkList\Icons\010103000F0000F0080000000F0000F057FAB3CD03138859A36CB59211F644A68450BF054F96904C484B5E71DBAC865E_32.bin

- 2010-10-12 17:08 . 2011-10-24 14:30 8560 c:\windows\system32\NetworkList\Icons\010103000F0000F0080000000F0000F057FAB3CD03138859A36CB59211F644A68450BF054F96904C484B5E71DBAC865E_32.bin

- 2010-10-12 17:08 . 2011-10-24 14:30 4912 c:\windows\system32\NetworkList\Icons\010103000F0000F0080000000F0000F057FAB3CD03138859A36CB59211F644A68450BF054F96904C484B5E71DBAC865E_24.bin

+ 2010-10-12 17:08 . 2011-10-24 15:27 4912 c:\windows\system32\NetworkList\Icons\010103000F0000F0080000000F0000F057FAB3CD03138859A36CB59211F644A68450BF054F96904C484B5E71DBAC865E_24.bin

- 2010-10-12 17:08 . 2011-10-24 14:30 2224 c:\windows\system32\NetworkList\Icons\010103000F0000F0080000000F0000F057FAB3CD03138859A36CB59211F644A68450BF054F96904C484B5E71DBAC865E_16.bin

+ 2010-10-12 17:08 . 2011-10-24 15:27 2224 c:\windows\system32\NetworkList\Icons\010103000F0000F0080000000F0000F057FAB3CD03138859A36CB59211F644A68450BF054F96904C484B5E71DBAC865E_16.bin

- 2011-10-19 13:31 . 2011-10-19 13:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-10-24 15:26 . 2011-10-24 15:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-10-19 13:31 . 2011-10-19 13:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-10-24 15:26 . 2011-10-24 15:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2010-07-11 18:41 . 2011-10-26 22:03 322858 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

- 2009-07-14 05:01 . 2011-10-19 13:30 424700 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-10-24 15:24 424700 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-07-17 03:15 . 2011-10-24 15:25 46951436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4098857871-3590449424-497678101-1000-12288.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]

"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-09-19 202256]

"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2011-03-26 64112]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"ReSent"="c:\windows\system32\resent.exe" [2011-06-27 176640]

"Mbox"="c:\program files (x86)\MSBX\mb.exe" [2011-08-12 11280384]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

c:\users\Edson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Recorte de tela e Iniciador do OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceRunOnStartMenu"= 1 (0x1)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceRunOnStartMenu"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 XAMPP;XAMPP Service;c:\xampp\service.exe [x]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 CA_LIC_CLNT;CA License Client;c:\program files (x86)\CA\SharedComponents\CA_LIC\\lic98rmt.exe [2005-03-23 126976]

R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\gravity\Ragnarok Online\GameGuard\dump_wmimmc.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]

R3 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-02-28 210792]

R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-07-10 34840]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 npkycryp;npkycryp;c:\program files (x86)\gravity\Ragnarok Online\npkycryp.sys [x]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]

R3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [x]

R3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-02-28 2085224]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 MSSQLServerADHelper100;Serviço Auxiliar do Active Directory do SQL;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 61976]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-02-28 430440]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 LogWatch;Event Log Watch;c:\program files (x86)\CA\SharedComponents\CA_LIC\LogWatNT.exe [2005-02-23 53248]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-23 2320920]

S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-26 539248]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2011-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4098857871-3590449424-497678101-1000Core.job

- c:\users\Edson\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-31 23:06]

.

2011-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4098857871-3590449424-497678101-1000UA.job

- c:\users\Edson\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-31 23:06]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]

"PLFSetI"="c:\windows\PLFSetI.exe" [2009-11-20 200704]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = local

IE: E&xportar para o Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000

LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll

TCP: DhcpNameServer = 200.204.0.10 200.204.0.138 192.168.0.1

FF - ProfilePath - c:\users\Edson\AppData\Roaming\Mozilla\Firefox\Profiles\j36xevmo.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com

FF - prefs.js: network.proxy.type - 0

.

- - - - ORFÃOS REMOVIDOS - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-4098857871-3590449424-497678101-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:85,f5,83,4f,fe,de,d7,f9,56,ac,f9,71,f3,85,67,71,5f,5a,b9,71,ac,39,32,

83,af,58,89,1c,fb,85,05,5f,d3,b7,0c,4d,b4,bf,59,84,02,93,12,47,29,c5,56,ff,\

"??"=hex:3d,07,85,6a,ce,d8,c4,d4,5a,13,bd,30,b1,13,e8,68

.

[HKEY_USERS\S-1-5-21-4098857871-3590449424-497678101-1000\Software\SecuROM\License information*]

"datasecu"=hex:09,2a,94,02,c1,48,73,2a,ec,bd,a9,58,07,6f,fb,07,ad,47,de,fc,2d,

d7,b1,d1,97,04,e5,84,c3,7d,6b,7a,1c,2b,91,f4,55,09,e3,31,dc,a5,e5,31,1a,93,\

"rkeysecu"=hex:ff,85,05,3b,a2,c5,09,23,4f,cf,f5,85,fb,96,7c,96

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2011-10-26 20:29:27

ComboFix-quarantined-files.txt 2011-10-26 22:29

ComboFix2.txt 2011-10-24 14:53

.

Pré-execução: 125.613.129.728 bytes disponíveis

Pós execução: 125.363.683.328 bytes disponíveis

.

- - End Of File - - D6830BE006CC19B6CB96F185A89762F2

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Kalel10

Estou removendo e analisando ;)

Faça primeiro: http://www.linhadefensiva.org/2004/10/ver-todos-arquivos

Acesse o site 4y6d3b8.gif" Jotti's malware scan "

  • Na caixa que fica em cima (File to upload & scan);
  • Copie e cole o(s) seguinte(s) arquivo(s) um de cada vez:
    • c:\windows\system32\resent.exe

    [*]Clique no botão 688godt.jpg[*] O(s) arquivo(s) irá(serão) ser examinado(s) por diferentes programas antivirus, por favor aguarde.[*] Copie e cole o(s) resultado(s).

Se o site acima estiver muito congestionado, tente num desses sites:

Alternativa 1

Alternativa 2

Você desinstalou o toolbar Ask?

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Como solicitado segue a verificação do arquivo.^_^!

Verificador de malware do Jotti

Nome do arquivo: ReSent.exe

Status:

Verificação finalizada. 2 dos 20 antivírus encontrou vírus..

Verificado em: Sáb 29 Out 2011 17:00:36 (CET)

Informações do arquivo

Tamanho: 176640 bytes

Tipo: PE32 executable for MS Windows (GUI) Intel 80386 32-bit

MD5: bdd949f2e130568f107dc2b702a5abf6

SHA1: d4d77ded5d1145b6175d54e3ccf5c628bc274cc5

Packer (Avast): ASPack

Packer (Drweb): ASPACK

Packer (Kaspersky): ASPack

Antivírus

  • [ArcaVir] 2011-10-29 Nada encontrado
  • [Frisk F-Prot Antivirus] 2011-10-29 Nada encontrado
  • [Avast! antivirus] 2011-10-29 Nada encontrado
  • [F-Secure Anti-Virus] 2011-10-29 Nada encontrado
  • [Grisoft AVG Anti-Virus] 2011-10-29 Nada encontrado
  • [G DATA] 2011-10-29 Nada encontrado
  • [Avira AntiVir] 2011-10-28 Nada encontrado
  • [ikarus] 2011-10-29 Nada encontrado
  • [softwin BitDefender] 2011-10-29 Nada encontrado
  • [Kaspersky Anti-Virus] 2011-10-29 Nada encontrado
  • [ClamAV] 2011-10-29 PUA.Packed.ASPack
  • [Panda Antivirus] 2011-10-29 Nada encontrado
  • [CPsecure] 2011-10-29 Nada encontrado
  • [Quick Heal] 2011-10-29 Backdoor.Hupigon.gnnn
  • [Dr.Web] 2011-10-29 Nada encontrado
  • [sophos] 2011-10-29 Nada encontrado
  • [Emsisoft Anti-Malware] 2011-10-29 Nada encontrado
  • [VirusBlokAda VBA32] 2011-10-28 Nada encontrado
  • [ESET] 2011-10-29 Nada encontrado
  • [VirusBuster] 2011-10-28 Nada encontrado

P.S.: Com relação ao toolbar Ask, eu lembro que havia desinstalado ele pelo Painel de Controle e pelo menu de Ferramnetas do Firefox então...:confused:

De resto está tudo :joia:!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Está feito!:D

Antivirus Version Last Update Result

AhnLab-V3 2011.10.29.00 2011.10.29 -

AntiVir 7.11.16.201 2011.10.28 -

Antiy-AVL 2.0.3.7 2011.10.29 -

Avast 6.0.1289.0 2011.10.29 -

AVG 10.0.0.1190 2011.10.29 -

BitDefender 7.2 2011.10.30 -

ByteHero 1.0.0.1 2011.09.23 -

CAT-QuickHeal 11.00 2011.10.29 Backdoor.Hupigon.gnnn

ClamAV 0.97.3.0 2011.10.29 PUA.Packed.ASPack

Commtouch 5.3.2.6 2011.10.30 -

Comodo 10598 2011.10.29 -

DrWeb 5.0.2.03300 2011.10.29 -

Emsisoft 5.1.0.11 2011.10.29 -

eSafe 7.0.17.0 2011.10.26 -

eTrust-Vet 36.1.8645 2011.10.28 -

F-Prot 4.6.5.141 2011.10.30 -

F-Secure 9.0.16440.0 2011.10.29 -

Fortinet 4.3.370.0 2011.10.29 -

GData 22 2011.10.30 -

Ikarus T3.1.1.107.0 2011.10.29 -

Jiangmin 13.0.900 2011.10.29 -

K7AntiVirus 9.116.5354 2011.10.29 -

Kaspersky 9.0.0.837 2011.10.29 -

McAfee-GW-Edition 2010.1D 2011.10.29 -

Microsoft 1.7801 2011.10.29 -

NOD32 6586 2011.10.29 -

Norman 6.07.13 2011.10.29 -

nProtect 2011-10-29.01 2011.10.29 -

Panda 10.0.3.5 2011.10.29 -

PCTools 8.0.0.5 2011.10.29 -

Prevx 3.0 2011.10.30 -

Rising 23.81.04.01 2011.10.28 -

Sophos 4.70.0 2011.10.30 -

SUPERAntiSpyware 4.40.0.1006 2011.10.29 -

Symantec 20111.2.0.82 2011.10.30 -

TheHacker 6.7.0.1.335 2011.10.28 -

TrendMicro 9.500.0.1008 2011.10.30 -

TrendMicro-HouseCall 9.500.0.1008 2011.10.30 -

VIPRE 10912 2011.10.29 -

ViRobot 2011.10.29.4745 2011.10.29 -

VirusBuster 14.1.37.0 2011.10.29 -

Additional information

MD5 : bdd949f2e130568f107dc2b702a5abf6

SHA1 : d4d77ded5d1145b6175d54e3ccf5c628bc274cc5

SHA256: f9a6fd08ebe32f08343f00ef8fe1f8d69ddd11ca38eae9f41229dea294b4dfed

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Kalel10

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

  • Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

File::
c:\windows\system32\resent.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ReSent"=-


  • Salve este arquivo como: CFScript.txt
  • Tal com exemplificado na animação abaixo, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

2872959479_997d4500c4_o.gif

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro diego_moicano.

Desculpa a demora segue o log:

ComboFix 11-11-02.01 - Edson 02/11/2011 11:40:04.3.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.55.1046.18.3764.2311 [GMT -2:00]

Executando de: c:\users\Edson\Desktop\ComboFix.exe

Comandos utilizados :: c:\users\Edson\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\system32\resent.exe"

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Edson\AppData\Local\Microsoft\Windows\Temporary Internet Files\TempUser.htm

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-10-02 to 2011-11-02 ))))))))))))))))))))))))))))

.

.

2011-11-02 13:48 . 2011-11-02 13:48 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-01 23:12 . 2011-11-01 23:12 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CA60EED1-84B1-480B-A945-586FBC974294}\offreg.dll

2011-11-01 23:12 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CA60EED1-84B1-480B-A945-586FBC974294}\mpengine.dll

2011-10-27 22:03 . 2011-10-27 22:03 11776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprjplug.dll

2011-10-27 22:03 . 2011-10-27 22:03 -------- d-----w- c:\program files (x86)\Common Files\xing shared

2011-10-27 22:02 . 2011-10-27 22:02 150696 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll

2011-10-27 22:02 . 2011-10-27 22:02 107008 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpjplug.dll

2011-10-24 02:33 . 2011-10-24 02:33 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-10-15 16:53 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys

2011-10-15 16:53 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-15 16:53 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll

2011-10-15 16:53 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax

2011-10-15 16:53 . 2011-10-15 16:53 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{784E8699-A74A-46CE-8489-3972876B87B4}\gapaengine.dll

2011-10-15 16:53 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-15 16:51 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll

2011-10-15 16:51 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-10-15 16:51 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll

2011-10-15 16:51 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-27 22:02 . 2010-07-11 16:36 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2011-10-27 22:02 . 2010-07-11 16:36 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2011-10-17 14:56 . 2011-02-13 18:13 2018272 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2011-10-07 04:16 . 2010-07-25 15:21 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-10-03 07:06 . 2010-08-08 17:00 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-09-24 12:44 . 2011-05-20 18:05 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-08-31 23:08 . 2011-08-31 23:08 167704 ----a-w- c:\windows\system32\igfxtray.exe

2011-08-31 23:08 . 2011-08-31 23:08 510232 ----a-w- c:\windows\system32\igfxsrvc.exe

2011-08-31 23:08 . 2011-08-31 23:08 416024 ----a-w- c:\windows\system32\igfxpers.exe

2011-08-31 23:08 . 2011-08-31 23:08 239896 ----a-w- c:\windows\system32\igfxext.exe

2011-08-31 23:08 . 2011-08-31 23:08 392472 ----a-w- c:\windows\system32\hkcmd.exe

2011-08-31 23:08 . 2011-08-31 23:08 4378392 ----a-w- c:\windows\system32\GfxUI.exe

2011-08-31 23:08 . 2011-08-31 23:08 179992 ----a-w- c:\windows\system32\difx64.exe

2011-08-31 22:58 . 2011-08-31 22:58 90112 ----a-w- c:\windows\system32\igfxCoIn_v2509.dll

2011-08-31 22:53 . 2011-08-31 22:53 12306848 ----a-w- c:\windows\system32\drivers\igdkmd64.sys

2011-08-31 22:53 . 2011-08-31 22:53 8312320 ----a-w- c:\windows\system32\igdumd64.dll

2011-08-31 22:51 . 2011-08-31 22:51 867020 ----a-w- c:\windows\system32\igkrng575.bin

2011-08-31 22:51 . 2011-08-31 22:51 128204 ----a-w- c:\windows\system32\igcompkrng575.bin

2011-08-31 22:51 . 2011-08-31 22:51 105608 ----a-w- c:\windows\system32\igfcg575m.bin

2011-08-31 22:47 . 2011-08-31 22:47 6322688 ----a-w- c:\windows\SysWow64\igdumd32.dll

2011-08-31 22:45 . 2011-08-31 22:45 581120 ----a-w- c:\windows\SysWow64\igdumdx32.dll

2011-08-31 22:42 . 2010-07-11 03:14 14598656 ----a-w- c:\windows\system32\igd10umd64.dll

2011-08-31 22:37 . 2011-08-31 22:37 12340224 ----a-w- c:\windows\SysWow64\igd10umd32.dll

2011-08-31 22:31 . 2011-08-31 22:31 18641408 ----a-w- c:\windows\system32\ig4icd64.dll

2011-08-31 22:26 . 2011-08-31 22:26 13903872 ----a-w- c:\windows\SysWow64\ig4icd32.dll

2011-08-31 22:22 . 2011-08-31 22:22 286720 ----a-w- c:\windows\system32\igfxrrom.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286720 ----a-w- c:\windows\system32\igfxrsky.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286208 ----a-w- c:\windows\system32\igfxrslv.lrc

2011-08-31 22:22 . 2011-08-31 22:22 287232 ----a-w- c:\windows\system32\igfxresn.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286208 ----a-w- c:\windows\system32\igfxrsve.lrc

2011-08-31 22:22 . 2011-08-31 22:22 285696 ----a-w- c:\windows\system32\igfxrtha.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286720 ----a-w- c:\windows\system32\igfxrrus.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286720 ----a-w- c:\windows\system32\igfxrptg.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286720 ----a-w- c:\windows\system32\igfxrplk.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286208 ----a-w- c:\windows\system32\igfxrptb.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286208 ----a-w- c:\windows\system32\igfxrnor.lrc

2011-08-31 22:22 . 2011-08-31 22:22 283136 ----a-w- c:\windows\system32\igfxrkor.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286720 ----a-w- c:\windows\system32\igfxrita.lrc

2011-08-31 22:22 . 2011-08-31 22:22 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc

2011-08-31 22:22 . 2011-08-31 22:22 287232 ----a-w- c:\windows\system32\igfxrell.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286208 ----a-w- c:\windows\system32\igfxrhun.lrc

2011-08-31 22:22 . 2011-08-31 22:22 285184 ----a-w- c:\windows\system32\igfxrheb.lrc

2011-08-31 22:22 . 2011-08-31 22:22 287232 ----a-w- c:\windows\system32\igfxrfra.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286720 ----a-w- c:\windows\system32\igfxrnld.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286208 ----a-w- c:\windows\system32\igfxrfin.lrc

2011-08-31 22:22 . 2011-08-31 22:22 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc

2011-08-31 22:22 . 2011-08-31 22:22 285696 ----a-w- c:\windows\system32\igfxrdan.lrc

2011-08-31 22:22 . 2011-08-31 22:22 282624 ----a-w- c:\windows\system32\igfxrcht.lrc

2011-08-31 22:22 . 2011-08-31 22:22 285184 ----a-w- c:\windows\system32\igfxrara.lrc

2011-08-31 22:22 . 2011-08-31 22:22 282624 ----a-w- c:\windows\system32\igfxrchs.lrc

2011-08-31 22:22 . 2011-08-31 22:22 126976 ----a-w- c:\windows\system32\igfxcpl.cpl

2011-08-31 22:21 . 2010-08-25 21:04 375808 ----a-w- c:\windows\system32\igfxpph.dll

2011-08-31 22:21 . 2011-08-31 22:21 378368 ----a-w- c:\windows\system32\igfxTMM.dll

2011-08-31 22:21 . 2011-08-31 22:21 28672 ----a-w- c:\windows\system32\igfxexps.dll

2011-08-31 22:21 . 2010-07-11 03:14 62464 ----a-w- c:\windows\system32\igfxsrvc.dll

2011-08-31 22:20 . 2010-07-11 03:14 110080 ----a-w- c:\windows\system32\hccutils.dll

2011-08-31 22:20 . 2011-08-31 22:20 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll

2011-08-31 22:20 . 2011-08-31 22:20 146432 ----a-w- c:\windows\system32\gfxSrvc.dll

2011-08-31 22:20 . 2011-08-31 22:20 390144 ----a-w- c:\windows\system32\igfxdev.dll

2011-08-31 22:20 . 2011-08-31 22:20 285696 ----a-w- c:\windows\system32\igfxrenu.lrc

2011-08-31 22:20 . 2011-08-31 22:20 9014784 ----a-w- c:\windows\system32\igfxress.dll

2011-08-31 22:20 . 2011-08-31 22:20 142336 ----a-w- c:\windows\system32\igfxdo.dll

2011-08-31 22:16 . 2011-08-31 22:16 24576 ----a-w- c:\windows\SysWow64\igfxexps32.dll

2011-08-31 22:15 . 2011-08-31 22:15 294400 ----a-w- c:\windows\SysWow64\igfxdv32.dll

2011-08-31 22:13 . 2011-08-31 22:13 98304 ----a-w- c:\windows\SysWow64\iglhcp32.dll

2011-08-31 22:13 . 2011-08-31 22:13 98304 ----a-w- c:\windows\system32\iglhcp64.dll

2011-08-31 22:13 . 2011-08-31 22:13 94208 ----a-w- c:\windows\system32\IccLibDll_x64.dll

2011-08-31 22:13 . 2011-08-31 22:13 376832 ----a-w- c:\windows\SysWow64\iglhsip32.dll

2011-08-31 22:13 . 2011-08-31 22:13 376832 ----a-w- c:\windows\system32\iglhsip64.dll

2011-08-31 22:13 . 2011-08-31 22:13 162816 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll

2011-08-31 22:13 . 2011-08-31 22:13 140288 ----a-w- c:\windows\system32\igfxcmrt64.dll

2010-02-10 14:18 . 2010-07-14 00:31 2131336 ----a-w- c:\program files (x86)\Common Files\AskToolbarInstaller.exe

2001-01-05 15:43 . 2011-05-13 00:43 407552 ----a-w- c:\program files (x86)\ibuninst.exe

2001-01-05 15:43 . 2001-01-05 15:43 175616 ----a-w- c:\program files (x86)\ibinstall.dll

1993-04-28 03:00 . 2011-08-10 00:03 18688 ----a-w- c:\program files (x86)\Cmdialog.vbx

.

.

((((((((((((((((((((((((((((( SnapShot@2011-10-24_14.50.18 )))))))))))))))))))))))))))))))))))))))))

.

- 2010-07-11 03:07 . 2011-10-19 13:39 74940 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2010-07-11 03:07 . 2011-10-24 16:44 74940 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-10-24 16:44 40664 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2011-10-19 13:39 40664 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2010-07-11 02:59 . 2011-10-19 13:39 29082 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4098857871-3590449424-497678101-1000_UserData.bin

+ 2010-07-11 02:59 . 2011-10-24 16:44 29082 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4098857871-3590449424-497678101-1000_UserData.bin

+ 2010-10-12 17:08 . 2011-11-02 13:37 19120 c:\windows\system32\NetworkList\Icons\010103000F0000F0080000000F0000F057FAB3CD03138859A36CB59211F644A68450BF054F96904C484B5E71DBAC865E_48.bin

- 2010-10-12 17:08 . 2011-10-24 14:30 19120 c:\windows\system32\NetworkList\Icons\010103000F0000F0080000000F0000F057FAB3CD03138859A36CB59211F644A68450BF054F96904C484B5E71DBAC865E_48.bin

- 2009-07-14 05:30 . 2011-09-29 13:48 86016 c:\windows\system32\DriverStore\infpub.dat

+ 2009-07-14 05:30 . 2011-11-01 23:05 86016 c:\windows\system32\DriverStore\infpub.dat

+ 2011-03-25 23:05 . 2011-03-25 23:05 37680 c:\windows\system32\drivers\vmusb.sys

+ 2010-07-11 02:52 . 2011-11-01 00:42 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-07-11 02:52 . 2011-10-19 12:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-07-11 02:52 . 2011-11-01 00:42 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-07-11 02:52 . 2011-10-19 12:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-11-01 00:42 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-10-19 12:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-10-27 22:02 . 2011-10-27 22:02 5632 c:\windows\SysWOW64\pndx5032.dll

- 2010-09-19 19:08 . 2010-09-19 19:08 5632 c:\windows\SysWOW64\pndx5032.dll

- 2010-09-19 19:08 . 2010-09-19 19:08 6656 c:\windows\SysWOW64\pndx5016.dll

+ 2011-10-27 22:02 . 2011-10-27 22:02 6656 c:\windows\SysWOW64\pndx5016.dll

+ 2010-10-12 17:08 . 2011-11-02 13:37 8560 c:\windows\system32\NetworkList\Icons\010103000F0000F0080000000F0000F057FAB3CD03138859A36CB59211F644A68450BF054F96904C484B5E71DBAC865E_32.bin

- 2010-10-12 17:08 . 2011-10-24 14:30 8560 c:\windows\system32\NetworkList\Icons\010103000F0000F0080000000F0000F057FAB3CD03138859A36CB59211F644A68450BF054F96904C484B5E71DBAC865E_32.bin

- 2010-10-12 17:08 . 2011-10-24 14:30 4912 c:\windows\system32\NetworkList\Icons\010103000F0000F0080000000F0000F057FAB3CD03138859A36CB59211F644A68450BF054F96904C484B5E71DBAC865E_24.bin

+ 2010-10-12 17:08 . 2011-11-02 13:37 4912 c:\windows\system32\NetworkList\Icons\010103000F0000F0080000000F0000F057FAB3CD03138859A36CB59211F644A68450BF054F96904C484B5E71DBAC865E_24.bin

+ 2010-10-12 17:08 . 2011-11-02 13:37 2224 c:\windows\system32\NetworkList\Icons\010103000F0000F0080000000F0000F057FAB3CD03138859A36CB59211F644A68450BF054F96904C484B5E71DBAC865E_16.bin

- 2010-10-12 17:08 . 2011-10-24 14:30 2224 c:\windows\system32\NetworkList\Icons\010103000F0000F0080000000F0000F057FAB3CD03138859A36CB59211F644A68450BF054F96904C484B5E71DBAC865E_16.bin

+ 2011-10-24 15:26 . 2011-10-24 15:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-10-19 13:31 . 2011-10-19 13:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-10-24 15:26 . 2011-10-24 15:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-10-19 13:31 . 2011-10-19 13:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-10-27 22:02 . 2011-10-27 22:02 198832 c:\windows\SysWOW64\rmoc3260.dll

+ 2011-10-27 22:02 . 2011-10-27 22:02 272896 c:\windows\SysWOW64\pncrt.dll

+ 2010-07-11 18:41 . 2011-11-02 12:56 323152 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2009-07-29 15:58 . 2011-11-01 00:30 880738 c:\windows\system32\prfh0416.dat

- 2009-07-29 15:58 . 2011-10-18 14:36 880738 c:\windows\system32\prfh0416.dat

- 2009-07-29 15:58 . 2011-10-18 14:36 216636 c:\windows\system32\prfc0416.dat

+ 2009-07-29 15:58 . 2011-11-01 00:30 216636 c:\windows\system32\prfc0416.dat

+ 2009-07-14 02:36 . 2011-11-01 00:30 829306 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-10-18 14:36 829306 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-11-01 00:30 191350 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2011-10-18 14:36 191350 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:30 . 2011-11-01 23:05 143360 c:\windows\system32\DriverStore\infstrng.dat

- 2009-07-14 05:30 . 2011-09-29 13:48 143360 c:\windows\system32\DriverStore\infstrng.dat

+ 2009-07-14 04:46 . 2011-10-29 22:56 105832 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2009-07-14 05:01 . 2011-10-19 13:30 424700 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-10-24 15:24 424700 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-10-27 22:01 . 2011-10-27 22:01 386497 c:\windows\Installer\10de2f37.msi

- 2009-07-14 04:45 . 2011-10-15 17:17 7378834 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2009-07-14 04:45 . 2011-10-29 22:56 7378834 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2010-07-17 03:15 . 2011-10-24 15:25 46951436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4098857871-3590449424-497678101-1000-12288.dat

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]

"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2011-03-26 64112]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" [2011-10-27 273528]

.

c:\users\Edson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Recorte de tela e Iniciador do OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceRunOnStartMenu"= 1 (0x1)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceRunOnStartMenu"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 XAMPP;XAMPP Service;c:\xampp\service.exe [x]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 CA_LIC_CLNT;CA License Client;c:\program files (x86)\CA\SharedComponents\CA_LIC\\lic98rmt.exe [2005-03-23 126976]

R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\gravity\Ragnarok Online\GameGuard\dump_wmimmc.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]

R3 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-02-28 210792]

R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-07-10 34840]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 npkycryp;npkycryp;c:\program files (x86)\gravity\Ragnarok Online\npkycryp.sys [x]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]

R3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [x]

R3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-02-28 2085224]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 MSSQLServerADHelper100;Serviço Auxiliar do Active Directory do SQL;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 61976]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-02-28 430440]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 LogWatch;Event Log Watch;c:\program files (x86)\CA\SharedComponents\CA_LIC\LogWatNT.exe [2005-02-23 53248]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-23 2320920]

S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-26 539248]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2011-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4098857871-3590449424-497678101-1000Core.job

- c:\users\Edson\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-31 23:06]

.

2011-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4098857871-3590449424-497678101-1000UA.job

- c:\users\Edson\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-31 23:06]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]

"PLFSetI"="c:\windows\PLFSetI.exe" [2009-11-20 200704]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = local

IE: E&xportar para o Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000

LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll

TCP: DhcpNameServer = 200.204.0.10 200.204.0.138 192.168.0.1

FF - ProfilePath - c:\users\Edson\AppData\Roaming\Mozilla\Firefox\Profiles\j36xevmo.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com

FF - prefs.js: network.proxy.type - 0

.

- - - - ORFÃOS REMOVIDOS - - - -

.

Wow6432Node-HKLM-Run-Mbox - c:\program files (x86)\MSBX\mb.exe

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-4098857871-3590449424-497678101-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:85,f5,83,4f,fe,de,d7,f9,56,ac,f9,71,f3,85,67,71,5f,5a,b9,71,ac,39,32,

83,af,58,89,1c,fb,85,05,5f,d3,b7,0c,4d,b4,bf,59,84,02,93,12,47,29,c5,56,ff,\

"??"=hex:3d,07,85,6a,ce,d8,c4,d4,5a,13,bd,30,b1,13,e8,68

.

[HKEY_USERS\S-1-5-21-4098857871-3590449424-497678101-1000\Software\SecuROM\License information*]

"datasecu"=hex:09,2a,94,02,c1,48,73,2a,ec,bd,a9,58,07,6f,fb,07,ad,47,de,fc,2d,

d7,b1,d1,97,04,e5,84,c3,7d,6b,7a,1c,2b,91,f4,55,09,e3,31,dc,a5,e5,31,1a,93,\

"rkeysecu"=hex:ff,85,05,3b,a2,c5,09,23,4f,cf,f5,85,fb,96,7c,96

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2011-11-02 11:52:08

ComboFix-quarantined-files.txt 2011-11-02 13:52

ComboFix2.txt 2011-10-26 22:29

ComboFix3.txt 2011-10-24 14:53

.

Pré-execução: 119.659.487.232 bytes disponíveis

Pós execução: 119.352.954.880 bytes disponíveis

.

- - End Of File - - BB27D68E5F566B2A41A12C7BD5BD840F

Abraço :)!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Kalel10

Desculpe a demora -_-

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro diego_moicano !

Quero que me responda se depois de usar posso remove-los do meu PC esses programas que estou instalando?

E gostaria de saber se já estamos finalizando o processo de "limpeza"? :D

E muito obrigado por tudo até o momento

Segu o log:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Versão da Base de Dados: 8094

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

05/11/2011 20:44:25

mbam-log-2011-11-05 (20-44-25).txt

Tipo de Verificação: Verificação Rápida

Objetos escaneados: 183151

Tempo decorrido: 3 minuto(s), 33 segundo(s)

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 1

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 0

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:

HKEY_CURRENT_USER\SOFTWARE\SQ4DY0FH7F (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

Arquivos Infectados:

(Não foram detectados ítens maliciosos)

Abraços :)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Kalel10

Quando chegar o momento de desinstalar tudo eu o avisarei. Aliás já estamos quase acabando :)

Baixe o Kaspersky AVP Tool de um desses 2 links:

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/

Você será conduzido a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. Somente o campo "email" é obrigatório.

Informe seu email depois clique no botão Submit Form.

A página será recarregada. Clique no botão Download

Salve-o em sua área de trabalho.

Execute o arquivo e aguarde a instalação.

** Usuários do Windows Vista e Windows 7:

Clique com o direito sobre o arquivo, depois clique em Executar como administrador

Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start. Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

KRT_settings.png

Nesta tela, marque a caixa ao lado de:

  • Meu Computador
  • Disco local (C:)

Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem. Depois clique na aba Automatic Scan

KRT_install2_.png

De volta à tela inicial do programa, clique no botão Start scanning

Tenha paciência, é um pouco demorado.

Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer.

Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

KRT_detection_.png

Enquanto durar o exame, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor laranja, caso nada tenha sido detectado, e na cor vermelha, caso tenha encontrado algo.

Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão No, thanks.

De volta à tela principal, caso tenha sido detectado algo, então salve o log. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.

Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings"). Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.

Escolha um local de fácil acesso e salve como log.txt

Copie todo o conteúdo desse bloco de notas e cole na sua próxima resposta.

Se nada for detectado, então não precisa salvar o log. Apenas poste aqui avisando.

Para sair do programa, basta clicar no X no canto superior direito.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Feito como solicitado, segue o log:

Status: Detected (events: 6)

06/11/2011 22:40:26 Detected Trojan program Trojan-Downloader.Win32.Agent.tjue C:\Documents and Settings\Edson\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\666f0c19-1c735b26 High

06/11/2011 23:43:41 Detected unknown threat UDS:DangerousObject.Multi.Generic C:\Program Files (x86)\HetchBoard Software\WBTool\rsspotlight.exe High

06/11/2011 23:45:56 Detected Trojan program Trojan-Downloader.Win32.Agent.tjue C:\Program Files (x86)\Java\jre6\bin\e07vjLZw.phx High

06/11/2011 23:51:08 Detected Trojan program Trojan.Win32.VB.aurt C:\Program Files (x86)\MSBX\mb.bak High

07/11/2011 00:15:01 Detected Trojan program Trojan-Downloader.Win32.Agent.tjue C:\Users\Edson\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\666f0c19-1c735b26 High

07/11/2011 03:09:39 Detected Trojan program Trojan.Win32.VB.aurt K:\Programas\Olhar\setup_msxbox.exe//data0001 High

:lol: Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Kalel10

  • Vá em iniciar > Painel de controle clique duas vezes no ícone do Java.
  • Na aba Geral, abaixo de Arquivos Temporários da Internet, clique no botão Configurações...
  • A seguir, clique no botão Excluir arquivos...
  • Na janelinha que abrir aparecem duas opções: deixe-as marcadas. São elas:
    • Aplicativos e applets
    • Arquivos de ratreamento e registro

    [*]Clique no botão Ok

    [*]Depois clique Ok > Ok

Nota: Isso excluirá TODOS os Downloads de Aplicações e Applets do Cache.

Faça um novo scan e peça para deletar o que surgir. Poste o log.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro diego_moicano.

Desculpas pelo atraso na resposta, estive muito ocupado essa semana no trabalho e não tinha tempo para acompanhar o scaner do Kaspersky como deveria ^_^. Dessa vez demorou umas 11 hrs para fazer o scaner por completo e como solicitado, deletei o que surgiu.

Segue o log:

Status: Deleted (events: 3)

15/11/2011 18:08:39 Deleted unknown threat UDS:DangerousObject.Multi.Generic C:\Program Files (x86)\HetchBoard Software\WBTool\rsspotlight.exe High

15/11/2011 18:08:40 Deleted Trojan program Trojan-Downloader.Win32.Agent.tjue C:\Program Files (x86)\Java\jre6\bin\e07vjLZw.phx High

15/11/2011 18:10:15 Deleted Trojan program Trojan.Win32.VB.aurt C:\Program Files (x86)\MSBX\mb.bak High

Mais uma vez desculpas pelo atraso.

Abraços!:D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Kalel10

Log limpo :)

>>>> Como está o computador?

# Etapa nº 1 #

Vamos desinstalar o ComboFix:

Renomeie o combofix.exe para uninstall.exe, clique duas vezes nele e aguarde o programa ser removido.

Ou se preferir vá em,

iniciar > executar e digite Combofix /Uninstall e clique OK, na janela que aparecer clique em executar e aguarde o programa ser removido.

# Etapa nº 2 #

Faça download do OTC by OldTimer e salve em seu desktop.

  • Clique duas vezes no ícone 4142006426_4719050954_o.gif
  • Clique em executar;
  • Clique em seu único botão (imagem abaixo):
    4141259853_5a542d5908_o.jpg
  • Permita que seu computador seja reiniciado.

# Etapa nº 3 #

O seu Java está desatualizado.

Atenção: Desinstale TODAS as versões antigas do Java.

  • Feche todos os programas especialmente o seu Navegador (IE, Firefox etc).
  • Acesse o site Java para Windows
  • Clique em 4531602912_e9606174d3_o.gif
  • Na janela que surgir clique em Executar;
  • Siga os procedimentos de instalação.

# Etapa nº 4 #

<<@>> Instale o CCleaner

O CCleaner é um excelente utilitário de limpeza para o computador, que lhe ajudará no desempenho do computador. Faça o download dele aqui CCleaner


  • IMPORTANTE: Após a instalação vá até o local onde o programa foi instalado, C:\Arquivos de programas\CCleaner, clique duas vezes na pasta, numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta; coloque o nome de backups!
  • Abra o programa e clique em Executar Limpeza;
  • clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
    Obs: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

<<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

Abraços :D

  • Curtir 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá diego_moicano.

O Computador esta limpo e não apresenta as notificações de infecção de antes.:)

Realizei os procedimentos que me pediu:

  • Desinstalei o Combofix;
  • Baixei e executei o OTC by OldTimer;
  • Desinstalei o Java e baixei o versão mais recente do Java;
  • Instalei o CCleaner e fiz o solicitado.

Antes de pedir ajuda para um Analista do Clube do Hardware, realizei algumas pesquisas em outros fóruns e cheguei a ler muitos artigos referentes a análises de logs referentes ao assunto e pensei em fazer por conta propria a limpeza no meu PC.

Sou estudante de tecnologia e tenho ciência que para tudo nesta area, temos profissionais competentes para cada ramificação da area. Sendo assim, decidi optar pelo Analista deste fórum que me auxiliou neste caso.

Fica o pedido à todos que antes de fazer algo que desconhecem e que é ariscado, que leiam e busquem auxilio de quem esta qualificado para tal.

Meu muito obrigado ao diego_moicano que se prontificou a me ajudar e ao Clube do Hardware pelo espaço cedido.

Valeu!!!:D:aplausos::aplausos:

Compartilhar este post


Link para o post
Compartilhar em outros sites
realizei algumas pesquisas em outros fóruns e cheguei a ler muitos artigos referentes a análises de logs referentes ao assunto e pensei em fazer por conta propria a limpeza no meu PC.
Interessante... realmente você fez muito bem, o que tem de pessoas analisando logs por aí sem saber o que faz não é brincadeira.

Caso tenha interesse em participar: http://forum.clubedohardware.com.br/announcement.php?f=105

No mais eu que agradeço :joia:

  • Curtir 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Novamente meus agradecimentos.

E vou me candidatar à Analista em Remoção de Malwares quando tiver mais tempo para me dedicar como ao máximo.

Os moderadores podem se sentir a vontade para o fechamento do tópico. Sinto que meu problema esta resolvido. :joia:

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×