Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
duzin

LocalStrike em nova aba análise logs DDS e GMER

Recommended Posts

Bom dia caros ! Recentemente, a maioria das vezes que eu abro uma nova aba ou janela no Firefox, o site carregado é o do LocalStrike, não o que estou abrindo ( ou sempre carrega o LocalStrike quando abro uma aba vazia ). Mas isso só no Firefox, no I.E. eu consegui resolver :mellow:...

Segue logs do DDS e do GMER para análise:

LOG DDS ATTACH

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 05/11/2010 01:09:32

System Uptime: 17/10/2011 08:15:36 (10 hours ago)

.

Motherboard: BIOSTAR Group | | T5XE CFX-SLI

Processor: Intel® Core i7 CPU 870 @ 2.93GHz | CPU 1 | 2376/133mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is Removable

D: is CDROM ()

E: is FIXED (NTFS) - 117 GiB total, 8,627 GiB free.

F: is FIXED (NTFS) - 181 GiB total, 48,596 GiB free.

G: is CDROM ()

H: is CDROM ()

I: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Adobe AIR

Adobe Community Help

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Media Player

Adobe Photoshop CS5

Adobe Reader 9.4.6 - Português

AIDA64 Extreme Edition v1.50

Apple Application Support

Apple Software Update

Assistente de Conexão do Windows Live

ATI Catalyst Registration

µTorrent

Atualização do produto Microsoft Office Excel 2007 Help (KB963678)

Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)

Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)

Atualização do produto Microsoft Office Word 2007 Help (KB963665)

avast! Free Antivirus

BioShock

Bioshock Tradução BR v1.00

Button Manager v6.06

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

CCC Help English

Controle ActiveX do Windows Live Mesh para Conexões Remotas

Corsair HS1 USB Headset

Counter-Strike 1.6

DAEMON Tools Toolbar

DHTML Editing Component

DVDVideoSoftTB Toolbar

Ferramenta de Carregamento do Windows Live

Free YouTube Download version 3.0.16.923

Garena 2010

Glary Utilities 2.37.0.1260

GroupMail :: Free Edition

Heroes of Newerth

HydraVision

Infix 4.11

Java Auto Updater

Java 6 Update 24

K-Lite Codec Pack 7.0.0 (Full)

Malwarebytes' Anti-Malware versão 1.51.2.1300

Messenger Plus! 5

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

mIRC

Mozilla Firefox 7.0.1 (x86 pt-BR)

MSVCRT

NVIDIA PhysX v8.10.29

Pando Media Booster

PC Wizard 2010.1.96

PDF Settings CS5

PokerStars

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

RealUpgrade 1.1

RunAlyzer

Rusty Hearts

Safari

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553074)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2553073)

Security Update for Microsoft Office Groove 2007 (KB2552997)

Security Update for Microsoft Office InfoPath 2007 (KB2510061)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (KB2478663)

Security Update for Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (KB2518870)

Skype Click to Call

Skype™ 5.5

StarCraft II

Steam

sXe Injected

TeamSpeak 3 Client

The KMPlayer (remove only)

The Lord of the Rings FREE Trial

Tibia

TP-LINK Wireless Client Utility

Uninstall 1.0.0.1

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office Outlook 2007 (KB2583910)

Update for Outlook 2007 Junk Email Filter (KB2596560)

Warcraft III

Warcraft III: All Products

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Writer

.

==== End Of File ===========================

LOG DDS

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24

Run by Lacerda at 18:44:34 on 2011-10-17

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1033.18.8183.5392 [GMT -2:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

E:\Windows\system32\wininit.exe

E:\Windows\system32\lsm.exe

E:\Windows\system32\svchost.exe -k DcomLaunch

E:\PROGRA~2\GbPlugin\GbpSv.exe

E:\Windows\system32\svchost.exe -k RPCSS

E:\Windows\system32\atiesrxx.exe

E:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

E:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

E:\Windows\system32\svchost.exe -k netsvcs

E:\Windows\system32\svchost.exe -k LocalService

E:\Windows\system32\atieclxx.exe

E:\Windows\system32\svchost.exe -k NetworkService

E:\Program Files\Alwil Software\Avast5\AvastSvc.exe

E:\Windows\Explorer.EXE

E:\Windows\system32\Dwm.exe

E:\Windows\System32\spoolsv.exe

E:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

E:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

E:\Program Files\Bonjour\mDNSResponder.exe

E:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

E:\Windows\system32\svchost.exe -k imgsvc

E:\Windows\system32\WUDFHost.exe

E:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

E:\Windows\system32\taskhost.exe

E:\Program Files\Microsoft IntelliPoint\ipoint.exe

E:\Windows\System32\PrintDisp.exe

E:\Windows\SysWOW64\rundll32.exe

E:\Windows\system32\SearchIndexer.exe

E:\Program Files\Alwil Software\Avast5\AvastUI.exe

E:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

E:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

E:\Program Files (x86)\iTunes\iTunesHelper.exe

E:\Program Files\Windows Media Player\wmpnetwk.exe

E:\Program Files\iPod\bin\iPodService.exe

E:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

E:\Windows\System32\svchost.exe -k secsvcs

E:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

E:\Windows\system32\taskeng.exe

E:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe

E:\Program Files (x86)\Mozilla Firefox\firefox.exe

E:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

E:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

E:\Windows\splwow64.exe

E:\Windows\SysWOW64\cmd.exe

E:\Windows\system32\conhost.exe

E:\Windows\SysWOW64\cscript.exe

E:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

mSearchAssistant = about:blank

uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - E:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll

mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - E:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - E:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - E:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - E:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - E:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - E:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - E:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll

TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - E:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun: [avast5] "E:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun: [Adobe Reader Speed Launcher] "E:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "E:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [startCCC] "E:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [AppleSyncNotifier] E:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [PlusService] E:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

mRun: [QuickTime Task] "E:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [GrooveMonitor] "E:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [APSDaemon] "E:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xportar para o Microsoft Excel - E:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

IE: Free YouTube Download - E:\Users\Lacerda\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - E:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - E:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - E:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - E:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 201.6.2.44 201.6.2.164

TCP: Interfaces\{A391D6F8-DF71-4763-8A55-03DF546D2186} : DhcpNameServer = 201.6.2.44 201.6.2.164

TCP: Interfaces\{B97E78DA-2CEA-45F5-B17B-CF67016BC981} : DhcpNameServer = 201.6.2.44 201.6.2.164

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Notify: GbPluginBb - E:\Program Files (x86)\GbPlugin\gbieh.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - E:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{3049C3E9-B461-4BC5-8870-4C09146192CA}

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}

{872b5b88-9db5-4310-bdd0-ac189557e5f5}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

{C41A1C0E-EA6C-11D4-B1B8-444553540000}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

{32099AAC-C132-4136-9E9A-4E364A424E17}

{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [avast5] "E:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun-x64: [Adobe Reader Speed Launcher] "E:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "E:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [startCCC] "E:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [AppleSyncNotifier] E:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [PlusService] E:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

mRun-x64: [QuickTime Task] "E:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [GrooveMonitor] "E:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [APSDaemon] "E:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"

IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - E:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe

SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook

SEH-X64: {E37CB5F0-51F5-4395-A808-5FA49E399F83}: GbPlugin ShlObj

.

================= FIREFOX ===================

.

FF - ProfilePath - E:\Users\Lacerda\AppData\Roaming\Mozilla\Firefox\Profiles\by70rfbh.default\

FF - prefs.js: browser.startup.homepage - hxxp://casemall.objectdata.com.br/intranet/main

FF - prefs.js: keyword.URL - hxxp://find.localstrike.net/?q=

FF - component: E:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - component: E:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll

FF - component: E:\Users\Lacerda\AppData\Roaming\Mozilla\Firefox\Profiles\by70rfbh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll

FF - component: E:\Users\Lacerda\AppData\Roaming\Mozilla\Firefox\Profiles\by70rfbh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll

FF - component: E:\Users\Lacerda\AppData\Roaming\Mozilla\Firefox\Profiles\by70rfbh.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

FF - plugin: E:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: E:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: E:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: E:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: E:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: E:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: E:\Users\Lacerda\AppData\Roaming\Mozilla\Firefox\Profiles\by70rfbh.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\plugins\npgbfnc_bb.dll

FF - plugin: E:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;E:\Windows\system32\drivers\aswSnx.sys --> E:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;E:\Windows\system32\drivers\aswSP.sys --> E:\Windows\system32\drivers\aswSP.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;E:\Windows\system32\DRIVERS\vwififlt.sys --> E:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;E:\Windows\system32\atiesrxx.exe --> E:\Windows\system32\atiesrxx.exe [?]

R2 aswFsBlk;aswFsBlk;E:\Windows\system32\drivers\aswFsBlk.sys --> E:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\E:\Windows\system32\drivers\aswMonFlt.sys --> E:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;E:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-9-8 44768]

R2 cpuz135;cpuz135;\??\E:\Windows\system32\drivers\cpuz135_x64.sys --> E:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 GbpSv;Gbp Service;E:\PROGRA~2\GbPlugin\GbpSv.exe [2011-8-19 208672]

R3 amdkmdag;amdkmdag;E:\Windows\system32\DRIVERS\atikmdag.sys --> E:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;E:\Windows\system32\DRIVERS\atikmpag.sys --> E:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 athur;Wireless Network Adapter Service;E:\Windows\system32\DRIVERS\athurx.sys --> E:\Windows\system32\DRIVERS\athurx.sys [?]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;E:\Windows\system32\drivers\AtihdW76.sys --> E:\Windows\system32\drivers\AtihdW76.sys [?]

R3 CorsairCAHS1;CA-HS1 Interface;E:\Windows\system32\drivers\CAHS164.sys --> E:\Windows\system32\drivers\CAHS164.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;E:\Windows\system32\DRIVERS\Rt64win7.sys --> E:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;E:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 Printer Control;Printer Control;E:\Windows\system32\PrintCtrl.exe --> E:\Windows\system32\PrintCtrl.exe [?]

S3 amdiox64;AMD IO Driver;E:\Windows\system32\DRIVERS\amdiox64.sys --> E:\Windows\system32\DRIVERS\amdiox64.sys [?]

S3 cpuz134;cpuz134;E:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2011-1-19 21480]

S3 MBAMProtector;MBAMProtector;\??\E:\Windows\system32\drivers\mbam.sys --> E:\Windows\system32\drivers\mbam.sys [?]

S3 npggsvc;nProtect GameGuard Service;E:\Windows\system32\GameMon.des -service --> E:\Windows\system32\GameMon.des -service [?]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;E:\Windows\system32\drivers\rdpvideominiport.sys --> E:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;E:\Windows\system32\DRIVERS\Rtnic64.sys --> E:\Windows\system32\DRIVERS\Rtnic64.sys [?]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;E:\Windows\system32\DRIVERS\RTL8187B.sys --> E:\Windows\system32\DRIVERS\RTL8187B.sys [?]

S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);E:\Windows\system32\DRIVERS\s1039bus.sys --> E:\Windows\system32\DRIVERS\s1039bus.sys [?]

S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;E:\Windows\system32\DRIVERS\s1039mdfl.sys --> E:\Windows\system32\DRIVERS\s1039mdfl.sys [?]

S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;E:\Windows\system32\DRIVERS\s1039mdm.sys --> E:\Windows\system32\DRIVERS\s1039mdm.sys [?]

S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);E:\Windows\system32\DRIVERS\s1039mgmt.sys --> E:\Windows\system32\DRIVERS\s1039mgmt.sys [?]

S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);E:\Windows\system32\DRIVERS\s1039nd5.sys --> E:\Windows\system32\DRIVERS\s1039nd5.sys [?]

S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;E:\Windows\system32\DRIVERS\s1039obex.sys --> E:\Windows\system32\DRIVERS\s1039obex.sys [?]

S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);E:\Windows\system32\DRIVERS\s1039unic.sys --> E:\Windows\system32\DRIVERS\s1039unic.sys [?]

S3 SwitchBoard;SwitchBoard;E:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;E:\Windows\system32\drivers\tsusbflt.sys --> E:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;E:\Windows\system32\Drivers\usbaapl64.sys --> E:\Windows\system32\Drivers\usbaapl64.sys [?]

S4 MBAMService;MBAMService;E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-19 366152]

SUnknown tsusbhub;tsusbhub; [x]

SUnknown WatAdminSvc;WatAdminSvc; [x]

.

=============== Created Last 30 ================

.

2011-10-17 11:18:47 69000 ----a-w- E:\ProgramData\Microsoft\Windows Defender\Definition Updates\{92F7D914-7526-44CC-B122-C013A3A8D6FD}\offreg.dll

2011-10-14 06:53:30 9049936 ----a-w- E:\ProgramData\Microsoft\Windows Defender\Definition Updates\{92F7D914-7526-44CC-B122-C013A3A8D6FD}\mpengine.dll

2011-10-13 12:44:37 331776 ----a-w- E:\Windows\System32\oleacc.dll

2011-10-13 12:44:37 233472 ----a-w- E:\Windows\SysWow64\oleacc.dll

2011-10-13 12:44:36 861696 ----a-w- E:\Windows\System32\oleaut32.dll

2011-10-13 12:44:36 571904 ----a-w- E:\Windows\SysWow64\oleaut32.dll

2011-10-12 03:04:56 -------- d-----w- E:\Program Files\iTunes

2011-10-12 03:04:56 -------- d-----w- E:\Program Files\iPod

2011-10-12 03:04:56 -------- d-----w- E:\Program Files (x86)\iTunes

2011-10-12 03:03:14 -------- d-----w- E:\Program Files\Bonjour

2011-10-12 03:03:14 -------- d-----w- E:\Program Files (x86)\Bonjour

2011-10-10 14:09:40 4550304 ----a-w- E:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

2011-09-21 23:29:48 -------- d-----w- E:\Perfect World Entertainment

2011-09-19 12:12:35 -------- d-----w- E:\Users\Lacerda\AppData\Roaming\Malwarebytes

2011-09-19 12:12:15 -------- d-----w- E:\ProgramData\Malwarebytes

2011-09-19 12:12:12 25416 ----a-w- E:\Windows\System32\drivers\mbam.sys

2011-09-19 12:12:12 -------- d-----w- E:\Program Files (x86)\Malwarebytes' Anti-Malware

.

==================== Find3M ====================

.

2011-10-05 12:21:06 414368 ----a-w- E:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-01 03:25:37 1638912 ----a-w- E:\Windows\System32\mshtml.tlb

2011-10-01 02:42:56 1638912 ----a-w- E:\Windows\SysWow64\mshtml.tlb

2011-09-06 20:45:29 41184 ----a-w- E:\Windows\avastSS.scr

2011-09-06 20:38:18 601944 ----a-w- E:\Windows\System32\drivers\aswSnx.sys

2011-09-06 20:36:30 65368 ----a-w- E:\Windows\System32\drivers\aswMonFlt.sys

2011-09-06 03:03:17 3138048 ----a-w- E:\Windows\System32\win32k.sys

2011-08-31 02:05:32 96104 ----a-w- E:\Windows\System32\dns-sd.exe

2011-08-31 02:05:32 85864 ----a-w- E:\Windows\System32\dnssd.dll

2011-08-31 02:05:32 61288 ----a-w- E:\Windows\System32\jdns_sd.dll

2011-08-31 02:05:32 212840 ----a-w- E:\Windows\System32\dnssdX.dll

2011-08-31 02:05:04 83816 ----a-w- E:\Windows\SysWow64\dns-sd.exe

2011-08-31 02:05:04 73064 ----a-w- E:\Windows\SysWow64\dnssd.dll

2011-08-31 02:05:04 50536 ----a-w- E:\Windows\SysWow64\jdns_sd.dll

2011-08-31 02:05:04 178536 ----a-w- E:\Windows\SysWow64\dnssdX.dll

2011-08-23 00:41:38 126976 ----a-w- E:\Windows\War3Unin.exe

2011-08-23 00:10:10 2829 ----a-w- E:\Windows\War3Unin.pif

2011-08-20 05:37:58 1188864 ----a-w- E:\Windows\System32\wininet.dll

2011-08-20 04:31:05 981504 ----a-w- E:\Windows\SysWow64\wininet.dll

2011-08-17 05:26:46 613888 ----a-w- E:\Windows\System32\psisdecd.dll

2011-08-17 05:25:08 108032 ----a-w- E:\Windows\System32\psisrndr.ax

2011-08-17 04:24:12 465408 ----a-w- E:\Windows\SysWow64\psisdecd.dll

2011-08-17 04:19:27 75776 ----a-w- E:\Windows\SysWow64\psisrndr.ax

2011-08-08 14:23:42 44064 ----a-w- E:\Windows\SysWow64\drivers\GbpKm.sys

.

============= FINISH: 18:45:19,32 ===============

LOG GMER

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2011-10-18 09:21:20

Windows 6.1.7601 Service Pack 1

Running: gmer.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 E:\Program Files (x86)\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2A 0xC6 0x7D 0x22 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x51 0x05 0x2E 0x47 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2F 0x57 0x5F 0x51 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xAB 0xF3 0xE4 0xF6 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x9B 0x92 0x98 0x05 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 E:\Program Files (x86)\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2A 0xC6 0x7D 0x22 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x51 0x05 0x2E 0x47 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2F 0x57 0x5F 0x51 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xAB 0xF3 0xE4 0xF6 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x9B 0x92 0x98 0x05 ...

---- EOF - GMER 1.0.15 ----

Aguardo análise, desde já agradeço !

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Desculpe a demora :)

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Hehhe, tranquilo !!!

Segue os novos logs:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 05/11/2010 01:09:32

System Uptime: 26/10/2011 09:33:59 (0 hours ago)

.

Motherboard: BIOSTAR Group | | T5XE CFX-SLI

Processor: Intel® Core i7 CPU 870 @ 2.93GHz | CPU 1 | 2934/133mhz

.

==== Disk Partitions =========================

.

A: is Removable

D: is CDROM ()

E: is FIXED (NTFS) - 117 GiB total, 8,182 GiB free.

F: is FIXED (NTFS) - 181 GiB total, 48,593 GiB free.

G: is CDROM ()

H: is CDROM ()

I: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Adobe AIR

Adobe Community Help

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Media Player

Adobe Photoshop CS5

Adobe Reader 9.4.6 - Português

AIDA64 Extreme Edition v1.50

Apple Application Support

Apple Software Update

Assistente de Conexão do Windows Live

ATI Catalyst Registration

µTorrent

Atualização do produto Microsoft Office Excel 2007 Help (KB963678)

Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)

Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)

Atualização do produto Microsoft Office Word 2007 Help (KB963665)

avast! Free Antivirus

BioShock

Bioshock Tradução BR v1.00

Button Manager v6.06

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

CCC Help English

Controle ActiveX do Windows Live Mesh para Conexões Remotas

Corsair HS1 USB Headset

Counter-Strike 1.6

DAEMON Tools Toolbar

DHTML Editing Component

DVDVideoSoftTB Toolbar

Ferramenta de Carregamento do Windows Live

Free YouTube Download version 3.0.16.923

Garena 2010

Glary Utilities 2.37.0.1260

GroupMail :: Free Edition

Heroes of Newerth

HydraVision

Infix 4.11

Java Auto Updater

Java 6 Update 24

K-Lite Codec Pack 7.0.0 (Full)

Malwarebytes' Anti-Malware versão 1.51.2.1300

Messenger Plus! 5

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

mIRC

Mozilla Firefox 7.0.1 (x86 pt-BR)

MSVCRT

NVIDIA PhysX v8.10.29

Pando Media Booster

PC Wizard 2010.1.96

PDF Settings CS5

PokerStars

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

RealUpgrade 1.1

RunAlyzer

Rusty Hearts

Safari

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553074)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2553073)

Security Update for Microsoft Office Groove 2007 (KB2552997)

Security Update for Microsoft Office InfoPath 2007 (KB2510061)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (KB2478663)

Security Update for Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (KB2518870)

Skype Click to Call

Skype™ 5.5

StarCraft II

Steam

sXe Injected

TeamSpeak 3 Client

The KMPlayer (remove only)

The Lord of the Rings FREE Trial

Tibia

TP-LINK Wireless Client Utility

Uninstall 1.0.0.1

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office Outlook 2007 (KB2583910)

Update for Outlook 2007 Junk Email Filter (KB2596560)

Warcraft III

Warcraft III: All Products

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Writer

.

==== End Of File ===========================

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24

Run by Lacerda at 9:37:19 on 2011-10-26

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1033.18.8183.6742 [GMT -2:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

E:\Windows\system32\wininit.exe

E:\Windows\system32\lsm.exe

E:\Windows\system32\svchost.exe -k DcomLaunch

E:\PROGRA~2\GbPlugin\GbpSv.exe

E:\Windows\system32\svchost.exe -k RPCSS

E:\Windows\system32\atiesrxx.exe

E:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

E:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

E:\Windows\system32\svchost.exe -k netsvcs

E:\Windows\system32\svchost.exe -k LocalService

E:\Windows\system32\atieclxx.exe

E:\Windows\system32\svchost.exe -k NetworkService

E:\Program Files\Alwil Software\Avast5\AvastSvc.exe

E:\Windows\System32\spoolsv.exe

E:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

E:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

E:\Program Files\Bonjour\mDNSResponder.exe

E:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

E:\Windows\system32\svchost.exe -k imgsvc

E:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

E:\Windows\system32\taskhost.exe

E:\Windows\Explorer.EXE

E:\Windows\system32\Dwm.exe

E:\Windows\system32\taskeng.exe

E:\Program Files\Microsoft IntelliPoint\ipoint.exe

E:\Windows\System32\PrintDisp.exe

E:\Windows\SysWOW64\rundll32.exe

E:\Windows\system32\SearchIndexer.exe

E:\Program Files\Windows Media Player\wmpnetwk.exe

E:\Program Files\Alwil Software\Avast5\AvastUI.exe

E:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

E:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

E:\Program Files (x86)\iTunes\iTunesHelper.exe

E:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

E:\Program Files\iPod\bin\iPodService.exe

E:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

E:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

E:\Windows\System32\svchost.exe -k secsvcs

E:\Windows\SysWOW64\cmd.exe

E:\Windows\system32\conhost.exe

E:\Windows\SysWOW64\cscript.exe

E:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

mSearchAssistant = about:blank

uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - E:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll

mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - E:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - E:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - E:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - E:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - E:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - E:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - E:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll

TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - E:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun: [avast5] "E:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun: [Adobe Reader Speed Launcher] "E:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "E:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [startCCC] "E:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [AppleSyncNotifier] E:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [PlusService] E:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

mRun: [QuickTime Task] "E:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [GrooveMonitor] "E:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [APSDaemon] "E:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xportar para o Microsoft Excel - E:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

IE: Free YouTube Download - E:\Users\Lacerda\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - E:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - E:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - E:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - E:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 201.6.2.44 201.6.2.164

TCP: Interfaces\{A391D6F8-DF71-4763-8A55-03DF546D2186} : DhcpNameServer = 201.6.2.44 201.6.2.164

TCP: Interfaces\{B97E78DA-2CEA-45F5-B17B-CF67016BC981} : DhcpNameServer = 201.6.2.44 201.6.2.164

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Notify: GbPluginBb - E:\Program Files (x86)\GbPlugin\gbieh.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - E:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{3049C3E9-B461-4BC5-8870-4C09146192CA}

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}

{872b5b88-9db5-4310-bdd0-ac189557e5f5}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

{C41A1C0E-EA6C-11D4-B1B8-444553540000}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

{32099AAC-C132-4136-9E9A-4E364A424E17}

{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [avast5] "E:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun-x64: [Adobe Reader Speed Launcher] "E:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "E:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [startCCC] "E:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [AppleSyncNotifier] E:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [PlusService] E:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

mRun-x64: [QuickTime Task] "E:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [GrooveMonitor] "E:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [APSDaemon] "E:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"

IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - E:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe

SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook

SEH-X64: {E37CB5F0-51F5-4395-A808-5FA49E399F83}: GbPlugin ShlObj

.

================= FIREFOX ===================

.

FF - ProfilePath - E:\Users\Lacerda\AppData\Roaming\Mozilla\Firefox\Profiles\by70rfbh.default\

FF - prefs.js: browser.startup.homepage - hxxp://casemall.objectdata.com.br/intranet/main

FF - prefs.js: keyword.URL - hxxp://find.localstrike.net/?q=

FF - component: E:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - component: E:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll

FF - component: E:\Users\Lacerda\AppData\Roaming\Mozilla\Firefox\Profiles\by70rfbh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll

FF - component: E:\Users\Lacerda\AppData\Roaming\Mozilla\Firefox\Profiles\by70rfbh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll

FF - component: E:\Users\Lacerda\AppData\Roaming\Mozilla\Firefox\Profiles\by70rfbh.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

FF - plugin: E:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: E:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: E:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: E:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: E:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: E:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: E:\Users\Lacerda\AppData\Roaming\Mozilla\Firefox\Profiles\by70rfbh.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\plugins\npgbfnc_bb.dll

FF - plugin: E:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;E:\Windows\system32\drivers\aswSnx.sys --> E:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;E:\Windows\system32\drivers\aswSP.sys --> E:\Windows\system32\drivers\aswSP.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;E:\Windows\system32\DRIVERS\vwififlt.sys --> E:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;E:\Windows\system32\atiesrxx.exe --> E:\Windows\system32\atiesrxx.exe [?]

R2 aswFsBlk;aswFsBlk;E:\Windows\system32\drivers\aswFsBlk.sys --> E:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\E:\Windows\system32\drivers\aswMonFlt.sys --> E:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;E:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-9-8 44768]

R2 cpuz135;cpuz135;\??\E:\Windows\system32\drivers\cpuz135_x64.sys --> E:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 GbpSv;Gbp Service;E:\PROGRA~2\GbPlugin\GbpSv.exe [2011-8-19 208672]

R3 amdkmdag;amdkmdag;E:\Windows\system32\DRIVERS\atikmdag.sys --> E:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;E:\Windows\system32\DRIVERS\atikmpag.sys --> E:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 athur;Wireless Network Adapter Service;E:\Windows\system32\DRIVERS\athurx.sys --> E:\Windows\system32\DRIVERS\athurx.sys [?]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;E:\Windows\system32\drivers\AtihdW76.sys --> E:\Windows\system32\drivers\AtihdW76.sys [?]

R3 CorsairCAHS1;CA-HS1 Interface;E:\Windows\system32\drivers\CAHS164.sys --> E:\Windows\system32\drivers\CAHS164.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;E:\Windows\system32\DRIVERS\Rt64win7.sys --> E:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;E:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 Printer Control;Printer Control;E:\Windows\system32\PrintCtrl.exe --> E:\Windows\system32\PrintCtrl.exe [?]

S3 amdiox64;AMD IO Driver;E:\Windows\system32\DRIVERS\amdiox64.sys --> E:\Windows\system32\DRIVERS\amdiox64.sys [?]

S3 cpuz134;cpuz134;E:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2011-1-19 21480]

S3 MBAMProtector;MBAMProtector;\??\E:\Windows\system32\drivers\mbam.sys --> E:\Windows\system32\drivers\mbam.sys [?]

S3 npggsvc;nProtect GameGuard Service;E:\Windows\system32\GameMon.des -service --> E:\Windows\system32\GameMon.des -service [?]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;E:\Windows\system32\drivers\rdpvideominiport.sys --> E:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;E:\Windows\system32\DRIVERS\Rtnic64.sys --> E:\Windows\system32\DRIVERS\Rtnic64.sys [?]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;E:\Windows\system32\DRIVERS\RTL8187B.sys --> E:\Windows\system32\DRIVERS\RTL8187B.sys [?]

S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);E:\Windows\system32\DRIVERS\s1039bus.sys --> E:\Windows\system32\DRIVERS\s1039bus.sys [?]

S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;E:\Windows\system32\DRIVERS\s1039mdfl.sys --> E:\Windows\system32\DRIVERS\s1039mdfl.sys [?]

S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;E:\Windows\system32\DRIVERS\s1039mdm.sys --> E:\Windows\system32\DRIVERS\s1039mdm.sys [?]

S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);E:\Windows\system32\DRIVERS\s1039mgmt.sys --> E:\Windows\system32\DRIVERS\s1039mgmt.sys [?]

S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);E:\Windows\system32\DRIVERS\s1039nd5.sys --> E:\Windows\system32\DRIVERS\s1039nd5.sys [?]

S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;E:\Windows\system32\DRIVERS\s1039obex.sys --> E:\Windows\system32\DRIVERS\s1039obex.sys [?]

S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);E:\Windows\system32\DRIVERS\s1039unic.sys --> E:\Windows\system32\DRIVERS\s1039unic.sys [?]

S3 SwitchBoard;SwitchBoard;E:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;E:\Windows\system32\drivers\tsusbflt.sys --> E:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;E:\Windows\system32\Drivers\usbaapl64.sys --> E:\Windows\system32\Drivers\usbaapl64.sys [?]

S4 MBAMService;MBAMService;E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-19 366152]

SUnknown tsusbhub;tsusbhub; [x]

SUnknown WatAdminSvc;WatAdminSvc; [x]

.

=============== Created Last 30 ================

.

2011-10-26 11:37:31 69000 ----a-w- E:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E498EBDE-2A70-43CC-B2D2-1AC46C10BBF4}\offreg.dll

2011-10-25 13:10:55 8570192 ----a-w- E:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E498EBDE-2A70-43CC-B2D2-1AC46C10BBF4}\mpengine.dll

2011-10-13 12:44:37 331776 ----a-w- E:\Windows\System32\oleacc.dll

2011-10-13 12:44:37 233472 ----a-w- E:\Windows\SysWow64\oleacc.dll

2011-10-13 12:44:36 861696 ----a-w- E:\Windows\System32\oleaut32.dll

2011-10-13 12:44:36 571904 ----a-w- E:\Windows\SysWow64\oleaut32.dll

2011-10-12 03:04:56 -------- d-----w- E:\Program Files\iTunes

2011-10-12 03:04:56 -------- d-----w- E:\Program Files\iPod

2011-10-12 03:04:56 -------- d-----w- E:\Program Files (x86)\iTunes

2011-10-12 03:03:14 -------- d-----w- E:\Program Files\Bonjour

2011-10-12 03:03:14 -------- d-----w- E:\Program Files (x86)\Bonjour

2011-10-10 14:09:40 4550304 ----a-w- E:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

.

==================== Find3M ====================

.

2011-10-05 12:21:06 414368 ----a-w- E:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-01 03:25:37 1638912 ----a-w- E:\Windows\System32\mshtml.tlb

2011-10-01 02:42:56 1638912 ----a-w- E:\Windows\SysWow64\mshtml.tlb

2011-09-06 20:45:29 41184 ----a-w- E:\Windows\avastSS.scr

2011-09-06 20:38:18 601944 ----a-w- E:\Windows\System32\drivers\aswSnx.sys

2011-09-06 20:36:30 65368 ----a-w- E:\Windows\System32\drivers\aswMonFlt.sys

2011-09-06 03:03:17 3138048 ----a-w- E:\Windows\System32\win32k.sys

2011-08-31 20:00:50 25416 ----a-w- E:\Windows\System32\drivers\mbam.sys

2011-08-31 02:05:32 96104 ----a-w- E:\Windows\System32\dns-sd.exe

2011-08-31 02:05:32 85864 ----a-w- E:\Windows\System32\dnssd.dll

2011-08-31 02:05:32 61288 ----a-w- E:\Windows\System32\jdns_sd.dll

2011-08-31 02:05:32 212840 ----a-w- E:\Windows\System32\dnssdX.dll

2011-08-31 02:05:04 83816 ----a-w- E:\Windows\SysWow64\dns-sd.exe

2011-08-31 02:05:04 73064 ----a-w- E:\Windows\SysWow64\dnssd.dll

2011-08-31 02:05:04 50536 ----a-w- E:\Windows\SysWow64\jdns_sd.dll

2011-08-31 02:05:04 178536 ----a-w- E:\Windows\SysWow64\dnssdX.dll

2011-08-23 00:41:38 126976 ----a-w- E:\Windows\War3Unin.exe

2011-08-23 00:10:10 2829 ----a-w- E:\Windows\War3Unin.pif

2011-08-20 05:37:58 1188864 ----a-w- E:\Windows\System32\wininet.dll

2011-08-20 04:31:05 981504 ----a-w- E:\Windows\SysWow64\wininet.dll

2011-08-17 05:26:46 613888 ----a-w- E:\Windows\System32\psisdecd.dll

2011-08-17 05:25:08 108032 ----a-w- E:\Windows\System32\psisrndr.ax

2011-08-17 04:24:12 465408 ----a-w- E:\Windows\SysWow64\psisdecd.dll

2011-08-17 04:19:27 75776 ----a-w- E:\Windows\SysWow64\psisrndr.ax

2011-08-08 14:23:42 44064 ----a-w- E:\Windows\SysWow64\drivers\GbpKm.sys

.

============= FINISH: 9:38:56,59 ===============

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2011-10-26 10:29:40

Windows 6.1.7601 Service Pack 1

Running: gmer.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 E:\Program Files (x86)\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2A 0xC6 0x7D 0x22 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x51 0x05 0x2E 0x47 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2F 0x57 0x5F 0x51 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xAB 0xF3 0xE4 0xF6 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x9B 0x92 0x98 0x05 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 E:\Program Files (x86)\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2A 0xC6 0x7D 0x22 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x51 0x05 0x2E 0x47 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2F 0x57 0x5F 0x51 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xAB 0xF3 0xE4 0xF6 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x9B 0x92 0x98 0x05 ...

---- EOF - GMER 1.0.15 ----

Abrasss !

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro duzin

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

Tudo indica que o problema está no Firefox :)

Vamos lá: abra o Firefox e digite na barra de endereços: about:config. Depois clique no botão Serei cuidadoso, eu prometo! Aonde está escrito Localizar digite keyword.URL. Clique nele com o botão direito e escolha Restaurar padrão. Caso essa opção esteja desabilitada escolha Editar e apague o conteúdo de dentro da caixa. Feche o Firefox!

# Etapa nº 2 #

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Falaaa meu rei !!

Segue o novo Log:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Versão da Base de Dados: 8054

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

31/10/2011 19:39:26

mbam-log-2011-10-31 (19-39-26).txt

Tipo de Verificação: Verificação Rápida

Objetos escaneados: 178117

Tempo decorrido: 5 minuto(s), 17 segundo(s)

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 0

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

Arquivos Infectados:

(Não foram detectados ítens maliciosos)

Abraços !

Edit: não me foi solitado reiniciar o PC.

Editado por duzin
Incluindo informações

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro duzin

Baixe o Kaspersky AVP Tool de um desses 2 links:

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/

Você será conduzido a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. Somente o campo "email" é obrigatório.

Informe seu email depois clique no botão Submit Form.

A página será recarregada. Clique no botão Download

Salve-o em sua área de trabalho.

Execute o arquivo e aguarde a instalação.

** Usuários do Windows Vista e Windows 7:

Clique com o direito sobre o arquivo, depois clique em Executar como administrador

Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start. Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

KRT_settings.png

Nesta tela, marque a caixa ao lado de:

  • Meu Computador
  • Disco local (C:)

Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem. Depois clique na aba Automatic Scan

KRT_install2_.png

De volta à tela inicial do programa, clique no botão Start scanning

Tenha paciência, é um pouco demorado.

Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer.

Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

KRT_detection_.png

Enquanto durar o exame, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor laranja, caso nada tenha sido detectado, e na cor vermelha, caso tenha encontrado algo.

Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão No, thanks.

De volta à tela principal, caso tenha sido detectado algo, então salve o log. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.

Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings"). Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.

Escolha um local de fácil acesso e salve como log.txt

Copie todo o conteúdo desse bloco de notas e cole na sua próxima resposta.

Se nada for detectado, então não precisa salvar o log. Apenas poste aqui avisando.

Para sair do programa, basta clicar no X no canto superior direito.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×