Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
MatheusTalacioT

Suspeita de Malware.

Recommended Posts

Segue os logs do dds e gmer.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.5.1

Run by Mateus at 17:41:21 on 2012-08-13

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1911.406 [GMT -3:00]

.

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\SPLASH.SYS\config\DVMExportService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe

C:\Program Files (x86)\GameTracker\GSInGameService.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Users\Mateus\AppData\Local\Akamai\netsession_win.exe

C:\Users\Mateus\AppData\Local\Smartbar\Application\Smartbar.exe

C:\Users\Mateus\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Windows\system32\taskeng.exe

c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.exe

C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Iminent\Iminent.exe

C:\Program Files (x86)\Iminent\Iminent.Messengers.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Program Files (x86)\Aurora\firefox.exe

C:\Program Files (x86)\Aurora\plugin-container.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=TJ&userid=731c45ed-7022-4dad-89c1-85e00f94b3f8&sp=hp&searchtype=hp&t={Date}

uSearch Page = hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=TJ&userid=731c45ed-7022-4dad-89c1-85e00f94b3f8&sp=addr&q={searchTerms}&t={Date}

uSearch Bar = hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=TJ&userid=731c45ed-7022-4dad-89c1-85e00f94b3f8&sp=addr&q={searchTerms}&t={Date}

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=TJ&userid=731c45ed-7022-4dad-89c1-85e00f94b3f8&sp=addr&q={searchTerms}&t={Date}

mSearchAssistant = hxxp://start.facemoods.com/?a=stonicbr&s={searchTerms}&f=4

mWinlogon: Userinit=userinit.exe,

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - C:\Users\Mateus\AppData\Roaming\Complitly\AutocompletePro.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Messenger Plus! Community SmartbarEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.6\bh\facemoods.dll

BHO: Incredibar.com Helper Object: {6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: IMinent WebBooster (BHO): {a09ab6eb-31b5-454c-97ec-9b294d92ee2a} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Free Download Manager: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No File

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll

TB: Messenger Plus! Community Smartbar: {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll

TB: Incredibar Toolbar: {f9639e4a-801b-4843-aee3-03d9da199e77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [Google Update] "C:\Users\Mateus\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Akamai NetSession Interface] "C:\Users\Mateus\AppData\Local\Akamai\netsession_win.exe"

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent

uRun: [browser Infrastructure Helper] C:\Users\Mateus\AppData\Local\Smartbar\Application\Smartbar.exe startup

uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10s_Plugin.exe -update plugin

mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"

mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

mRun: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk"

mRun: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe

mRun: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"

mRun: [iminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup

dRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: SoftwareSASGeneration = 1 (0x1)

IE: Baixar com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm

IE: Baixar tudo com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm

IE: Baixar vídeo com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm

IE: Download selecionado pelo Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

IE: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{34B075E1-2F9C-40B4-B5C9-B2309F84564D} : NameServer = 208.67.222.222,208.67.220.220

TCP: Interfaces\{34B075E1-2F9C-40B4-B5C9-B2309F84564D} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{34B075E1-2F9C-40B4-B5C9-B2309F84564D}\341637160244F602E4F6475626F6F6B6 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{34B075E1-2F9C-40B4-B5C9-B2309F84564D}\54E646F6 : DhcpNameServer = 189.51.144.23 189.51.144.3 192.168.0.1

TCP: Interfaces\{34B075E1-2F9C-40B4-B5C9-B2309F84564D}\C45736961694E65637 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{34B075E1-2F9C-40B4-B5C9-B2309F84564D}\D416478656573745 : DhcpNameServer = 192.168.43.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\MP3 Skype Recorder\Skype4COM.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: AC-Pro: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Mateus\AppData\Roaming\Complitly\AutocompletePro.dll

BHO-X64: AC-Pro - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Messenger Plus! Community SmartbarEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: CescrtHlpr Object: {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.6\bh\facemoods.dll

BHO-X64: facemoods Helper - No File

BHO-X64: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll

BHO-X64: Incredibar.com Helper Object - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll

BHO-X64: IMinent WebBooster - No File

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll

BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO-X64: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No File

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

TB-X64: facemoods Toolbar: {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll

TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll

TB-X64: Messenger Plus! Community Smartbar: {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll

TB-X64: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"

mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

mRun-x64: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk"

mRun-x64: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe

mRun-x64: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"

mRun-x64: [iminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup

IE-X64: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Mateus\AppData\Roaming\Mozilla\Firefox\Profiles\zby8kop6.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb115/?loc=IB_DS&a=6OyvgTh9Nq&&i=26&search=

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.10.1\nphdplg.dll

FF - plugin: C:\Users\Mateus\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Users\Mateus\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyvgTh9Nq&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - d2bd90c3000000000000b24ce5b51a0d

FF - user.js: extensions.incredibar_i.hardId - d2bd90c3000000000000b24ce5b51a0d

FF - user.js: extensions.incredibar_i.instlDay - 15408

FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27

FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2714:49:25

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6OyvgTh9Nq

FF - user.js: extensions.incredibar_i.upn2n - 92261035735653316

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10589

FF - user.js: extensions.incredibar_i.ppd -

.

============= SERVICES / DRIVERS ===============

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 DVMIO;DVMIO;C:\SPLASH.SYS\config\dvmio.sys [2009-9-27 21624]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/01/05 18:50:14];C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-3-13 146928]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [2010-7-15 89600]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]

R2 AntiVirSchedulerService;Avira AntiVir Agendamento;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-6 136360]

R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-12-6 269480]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SPLASH.SYS\config\DVMExportService.exe [2009-7-8 323584]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [2011-7-3 98304]

R2 GS In-Game Service;GS In-Game Service;C:\Program Files (x86)\GameTracker\GSInGameService.exe [2011-11-9 1677072]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-7-11 1153368]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]

R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-5-16 2280312]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-15 2320920]

R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-12-7 228408]

R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]

R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\system32\DRIVERS\vrtaucbl.sys --> C:\Windows\system32\DRIVERS\vrtaucbl.sys [?]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [2011-7-3 3735552]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 Apache2.2;Apache2.2;"C:\xampp\apache\bin\httpd.exe" -k runservice --> C:\xampp\apache\bin\httpd.exe [?]

S2 avast! Antivirus;avast! Antivirus;"C:\Program Files\AVAST Software\Avast\AvastSvc.exe" --> C:\Program Files\AVAST Software\Avast\AvastSvc.exe [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-26 136176]

S2 init;init;C:\Program Files (x86)\wipfw\bin\init.exe --> C:\Program Files (x86)\wipfw\bin\init.exe [?]

S2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-7-17 4948992]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S2 XAMPP;XAMPP Service;c:\xampp\service.exe --> c:\xampp\service.exe [?]

S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]

S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2011-9-17 131912]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-26 136176]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-2-4 115184]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

.

=============== File Associations ===============

.

.txt=UEStudio.txt

.

=============== Created Last 30 ================

.

2012-08-13 16:52:46 -------- d-----w- C:\Users\Mateus\AppData\Roaming\Free Download Manager

2012-08-13 16:52:31 -------- d-----w- C:\Program Files (x86)\Free Download Manager

2012-08-11 20:03:27 -------- d-----w- C:\Program Files (x86)\WildTangent Games

2012-08-11 06:06:41 -------- d-----w- C:\Users\Mateus\AppData\Roaming\Iminent

2012-08-11 06:06:26 -------- d-----w- C:\ProgramData\Iminent

2012-08-11 06:05:25 -------- d-----w- C:\Program Files (x86)\Iminent

2012-08-10 19:42:12 -------- d-----w- C:\Program Files (x86)\Aurora

2012-08-06 22:05:44 -------- d-----w- C:\Users\Mateus\.explorer.local

2012-08-06 22:05:44 -------- d-----w- C:\Users\Mateus\.explorer.cache

2012-08-06 22:04:25 -------- d-----w- C:\Program Files (x86)\Oracle

2012-08-06 22:03:37 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-08-05 07:30:37 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins

2012-07-30 06:34:09 -------- d-----w- C:\Program Files (x86)\MineCraftSkinStealer

2012-07-29 18:35:01 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3E6950C8-43D9-4000-952B-93E0CEF8BB52}\offreg.dll

2012-07-29 18:32:31 794408 ----a-w- C:\Windows\SysWow64\pbsvc.exe

2012-07-29 18:30:55 -------- d-----w- C:\Program Files (x86)\Mumble(PR Edition)

2012-07-27 06:09:16 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3E6950C8-43D9-4000-952B-93E0CEF8BB52}\mpengine.dll

2012-07-21 03:05:51 -------- d-----w- C:\Users\Mateus\AppData\Local\GameSpy

2012-07-21 02:31:20 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll

2012-07-21 02:31:20 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll

2012-07-21 02:31:20 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe

2012-07-21 02:31:20 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll

2012-07-21 02:31:20 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll

2012-07-21 01:48:29 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll

2012-07-21 01:48:28 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll

2012-07-14 22:58:53 -------- d-----w- C:\Users\Mateus\AppData\Roaming\QFX Software

2012-07-14 22:58:53 -------- d-----w- C:\ProgramData\QFX Software

2012-07-14 22:17:28 -------- d-----w- C:\Users\Mateus\AppData\Local\Overwolf

.

==================== Find3M ====================

.

2012-08-11 06:05:14 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-10 23:05:16 281152 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-08-10 23:05:16 281152 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-07-30 01:23:35 281152 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-07-21 03:37:21 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2012-07-06 01:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 18:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 18:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-05-31 15:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe

2011-09-16 16:12:04 143240 ----a-w- C:\Program Files (x86)\Common Files\ApnStub.exe

2011-02-27 13:42:00 571328 ----a-w- C:\Program Files (x86)\Common Files\AutoCompleteInstaller-VD.exe

2010-01-26 14:11:08 444283 ----a-w- C:\Program Files (x86)\Common Files\WinPcapNmap.exe

.

============= FINISH: 17:42:42,37 ===============

OBS: Nao sei porque ficou assim estão grande.

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-08-13 17:37:30

Windows 6.1.7600

Running: gmer.exe

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{67917170-56EC-9905-C275-5A7320B078D7}

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{67917170-56EC-9905-C275-5A7320B078D7}@dbikcfhgccgbnopjdigmijhfeoeemhaciimcfnco 0x68 0x61 0x69 0x70 ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{67917170-56EC-9905-C275-5A7320B078D7}@dbikcfhgccgbnopjdigmndifmodphbpbngcelmee 0x62 0x61 0x66 0x6C ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{67917170-56EC-9905-C275-5A7320B078D7}@hafbgcemfofbjeec 0x69 0x61 0x63 0x6B ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{67917170-56EC-9905-C275-5A7320B078D7}@iadagkbopgnnibmije 0x63 0x61 0x6E 0x6A ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{67917170-56EC-9905-C275-5A7320B078D7}@iapaaomliollkooadn 0x69 0x61 0x69 0x6B ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{67917170-56EC-9905-C275-5A7320B078D7}@jbikcfhgccgbnopjdigmlkbgblnchhnenkaknlcopcfpchhooele 0x68 0x61 0x69 0x70 ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{932CBB0D-5EEC-57D9-EC65-81431B8F4979}

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{932CBB0D-5EEC-57D9-EC65-81431B8F4979}@hadaogdoklojhlmm 0x6A 0x61 0x67 0x6C ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{932CBB0D-5EEC-57D9-EC65-81431B8F4979}@iafbidmcbdoknefhlo 0x62 0x61 0x68 0x6C ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{932CBB0D-5EEC-57D9-EC65-81431B8F4979}@iajaclcchiafkjacdh 0x6B 0x61 0x66 0x6C ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BE6AC07B-8350-A911-CCBB-14E1D25F80AB}

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BE6AC07B-8350-A911-CCBB-14E1D25F80AB}@abdpafbloniofahpginkoppaoabilbngob 0x69 0x61 0x67 0x63 ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BE6AC07B-8350-A911-CCBB-14E1D25F80AB}@maepledjpmnbidbjpahonpollh 0x6F 0x61 0x70 0x61 ...

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247ef8ddf9 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???f?p??? 4??8??????????e??????? ?????????????????(??8???????????y??{f52ac1cc-b92d-4d8e-8cf5-699ca40a73d2}???????????????:?9?:???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????m??????????????????monitor??????????4??????????????????????????i8042prt?b????N??9????????????????"??8?????????s?????:\pagefile.sys???????????????????????????18?????????0???????????????????????????? ????????????????????????????????????????????????????????????????????????????????????????????????????? ????????????e????Z??k?????????e????AsyncMac?????8??????????????WPD??p??root\umbus??cr???_?p????? "??8??????????0}???????7??????????disk?????9?9????????????????????????s???????$???4????? ??????? ????H???????????????????? ????????????????????~??? ?????????n????NDIS????????????????????Windows Modules Installer???C:\Windows\SysWOW64?2????8?:????? v??e?????????ll3???????????????????????????????S??_0????"??\?????????e????%SystemRoot%\Sy

Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ??????????????????`????????????e???????????????????e????????????Type?m????X??????????????????C??v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32769|Desc=@FirewallAPI.dll,-32772|EmbedCtxt=@FirewallAPI.dll,-32752|?????v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32773|Desc=@FirewallAPI.dll,-32776|EmbedCtxt=@FirewallAPI.dll,-32752|?<??v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32777|Desc=@FirewallAPI.dll,-32780|EmbedCtxt=@FirewallAPI.dll,-32752|??<???)????????????????????????????e??????????j??????????????? ??????????????????????????SCSI Miniport?????`?????????????Microsoft???????????????????????????????????????D8???????????N??????am???????????????????????????=??iv??????iv????.??????????t???????????;???d????^????????????????

Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???k?p????????#?????@system32\DRIVERS\pci.sys,#262;Serial ATA Controller?????????????????y??? ???????j?????i???????0????????????&???????????????????????? ???????j???????????f?0????????????????????oem11.inf:INTEL_HDC.ntamd64:iaStor_mobl_Inst:8.9.2.1002:pci\ven_8086&dev_3b29&cc_0106?????P??j???e??????? ???????i?????i???????0?????????????????????j?j?????j??? ???????i???????????i?0?????????????????????????????????????????? ? ????????j?j???????i????? ???????i?????i???????0???????????????????????j???????i???i????? ???????i???????????i?0???????????????????????????????????????????????????????????????i????? ???????j?????i???????0????????????&????????????????????6??? ???????i?????i???????0?????????????????????j?j????? ???????i???????????i?0????????????????????INTEL_USB2_CTTB?????????????????????Microsoft??????i????? ???????i?????i???????0?????????????????????j?j?????j??? ???????i???????????i?0???????????????????????i?????j?????????????????j???j???i???i???i????????????? ???????i?????????????0????????????????????? ?????

Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???p????????ep???????????.??????????????????????@%SystemRoot%\system32\ikeext.dll,-502??????????????????????LegacyDriver?e???z?~????????????SeAuditPrivilege?SeImpersonatePrivilege?SeTcbPrivilege?SeDebugPrivilege??????????8???s??ep???t???????????????o??me??me???????????????????????p???????????????????????????????????????????p??????p???????r????????????????????????????0???p??????????????? ???????n??????????????????????Z?Z?????????%SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\Drivers\netw5v64.sys???? ???????q???????????o???????? ?F?????????????F??p??????????????%SystemRoot%\System32\netevent.dll??????????????????????????????????????????????????????????? ???????n??????????????????????R?[?????????? ???????q???????????o???????? ?@????????????????c????@??p??????????????%SystemRoot%\System32\DFDTS.dll?????? ???????q???????????o???????? ?T????????7????T??p??????????????%SystemRoot%\System32\Drivers\yk62x64.sys????????t??? ???????n??????????????????????2?\????G????????????????????????system32\DRIVERS\kbdhid

Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ??????????????????R?????????????????Intel AHCI Controller??????????????????e???????????????????r?????`?`?`?`?b?b?`?b?????b??????????????????????????$???4????? ??????? ????t?????????? ????????????????????????????????????????? ???????@machine.inf,%PCISlot%;PCI Slot %1!u!????$???????/???????????????????/??HID-compliant device?x???????????????????????{???h????????????????????????????????????????N?????????????????? ???????????????????????|??????????????????????????????????hid_device_system_mouse?????? ???4??? ???????????????????$???????v???????????????????????????????????????l?????????l??????????>?????????????????? ?????????????????????0??????????????????????????????????????????????????????????????????????2??????5???????????????????????h???$???????5??????????????????25??6.1.7600.16385??????{533c5b84-ec70-11d2-9505-00c04f79deaf}?564????,?????????????6.1.7600.16385??????vwifimp.ndi???????^?????????????? n??????3??????????? n????????????ttu??VolumeSnapshot???????? ??????o????????4?????????????????6.1.7600.16385?????

Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ?????????$???8???????????????????????????$|??8???????????????????????????$|??9???????????????????????????????????????????????8???????e???????-??????????MONITOR\AUO4444?????? ???e???\?????ent??fltmgr??????? ??????????????????? ???/???-??????????NDIS?;??????????????????????enecir????????????????????????a?????????????????????????????GenCdRom?????????-???????e????4??_???????????????????-???i?? o??????????????????????ACPI\ENE0100?*ENE0100??????????? ????????????&???:?:?:??????????????????????????{00000000-0000-0000-ffff-ffffffffffff}?-?????????/???????e??? B??9???????????????8?????? ??????g???????????????????8????????????????????????????????????????????????*SYN0100?*SYN0002?*PNP0F13??20??? ???????????????????f?f?\??? j??m??????????????????? ??SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac?tcp??\\?\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{cac88484-7515-4c03-82e6-71a87abac361}????????????????????e???h??????????????????????????s???NDIS?0???l???l????*??e?????????????????????????????9?9?9?9????<??8?????

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247ef8ddf9

Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ????????????????????????????{40981224-03c7-510d-9fc7-f0eb44bc299e}?nf????????????s??t???????????????????{77F7F122-20B0-4117-A2FB-059D1FC88256}??am??am???????????6??????hid_device_system_mouse???????z?????????????????USBSTOR\Disk&Ven_Sony&Prod_Camcorder&Rev_1.00\0BC02014E9AB&0????????????????????????????\\?\USBSTOR#Disk&Ven_Sony&Prod_Camcorder&Rev_1.00#0BC02014E9AB&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}?????????{eec5ad98-8080-425f-922a-dabf3de3f69a}\0013???????????????????????N?????????????@disk.inf,%genmanufacturer%;(Standard disk drives)?ip6??? ????????????????????????.???????????????????s?????? ?????????????????????,?????????????????????????n??? ?????????????????????,????????N????????r??? ??????????????????{f3dc3ff2-2c6a-11e0-af9b-002622c1b8d3}?2??????????`??????s???????S??????????????????????????????STORAGE\Volume\_??_USBSTOR#Disk&Ven_Sony&Prod_Camcorder&Rev_1.00#0BC02014E9AB&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}??????????????????????????????\\?\STORAGE#Volume#_??_USBSTOR#Disk&Ven_Sony&Prod_Camcorder

Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ????????6-21-2006???WdfCoInstaller01009.dll,WdfCoInstaller??????????????????????? ??????????????????{745a17a0-74d3-11d0-b6fe-00a0c90f57da}??????@usb.inf,%generichub.mfg%;(Generic USB Hub)??????????????c??????????????????6.1.7600.16385???????????????7???????? ??????.??????\SystemRoot\system32\DRIVERS\CmBatt.sys???????~??????????t??????????? ??????????dt??????????? ^????????????????????????????????????????z????????????????????? ?????????????????????0????????????????????? ??????????????????generic_hid_device??????????????????DiskDrive???@%systemroot%\system32\rascfg.dll,-32002????? ?????????????????????0??????????????????????????????????????N??????0???E??????????????????? p??????????????????????8???????????}??????STORAGE\Volume??????????????????????Microsoft????????????????????????????&??2S??6.1.7600.16385??us??system32\DRIVERS\amdsbs.sys?\amdsbs.sys?????? ???????.??????????6.1.7600.16385??,-??????????????????? ?????????????y??????????.??????????????????????????????????_?????????????????????????????????????????

Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ?????{???????????????????????B??72????N???????????????????????????L??????????????v??????os??????????????????????????v2???????????o???????????(N??????????????????????????????????????????????)J???????????????????????????0?????Microsoft Audio Home Theater Effects????{62dc1a93-ae24-464c-a43e-452f824c4250}???????(N?????????????????????????????{637c490d-eee3-4c0a-973f-371958802da2}???????(N?????????????????????????????{5860E1C5-F95C-4a7a-8EC8-8AEF24F379A1}???????(N?????????????????????????????{00000000-0000-0000-0000-000000000000}??????? ???????j????????????????"???????????????????????????????????????????(?????????????????HD Audio HDMI out 5?????????HD Audio HDMI out 3?????????????????????????????{17CCA71B-ECD7-11D0-B908-00A0C9223196}??????HP Webcam?Device????????????*6to4mp?????????????????????? ????????????????????????????P?N?????0??????(N?????????????????????????????{00000000-0000-0000-0000-000000000000}???????(??????????????????????????????? ???????????????????????????????????????????????=???=??? ?????????????

Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ?????????????S??6-21-2006???? ?????????????????????0?????????????????????????z???e???e??? ?????????????????????0????????????????????? ??????????????????????????????????????????????????? ?????????????????????0????????????????????? ?????????????????????0??????????????????????????????????????????????`??????}???r??? ?????????????????????0????????????&????????????????????E???l????X??????n??????? ?????????????????????0????????????????????????????? ?????????????????????0??????????????????????????????????????????????????????????ne.inf,%??? ?????????????????????0????????????????????????????? ?????????????????????0?????????????????????l???$???????|??????????????????r|???Y???????i????????????????????????????????????????????ee=P???e??????????????????????????????p???? ????????????????????????*????????????????d????????????? ?????????????????????,?????????????????????????n??? ???????????????????7????????*?????????????????n?????f????????g????????????????????????????????WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBST

Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ?????????????????i??r???Microsoft???????????????????????????????????????????????????????????{4d36e96f-e325-11ce-bfc1-08002be10318}\0009??????s?s?????????t??{4d36e972-e325-11ce-bfc1-08002be10318}\0032?????generic_hid_device??FH???????????????y??\SystemRoot\system32\drivers\ksthunk.sys??????R????????????e??????R????????????n????????????????????????????????????????6-21-2006?????N??????P?????D????@input.inf,%hid.devicedesc%;USB Input Device??????:???????????h?????????????tunnel?ft???????????????{cbe45d50-afbc-11e0-af1c-002622c1b8d3}?00???{4d36e96f-e325-11ce-bfc1-08002be10318}?y?y????R????????????e??????????????????????"?????? ????????R????????????n????? ???????c????????????R??????????????d??????????????????????????????????????????????????????????????????????? n??????u?????399???????????????????????z??????????Microsoft ISATAP Adapter #6??????????z???y???4??@nettun.inf,%msft%;Microsoft????DataTraveler 2.0?P???????????_???????????????????????????????????????????e???????????????|???????????????p???z???????h?k?s?s?t?

Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ?????s??????|???? ???????????????????????????????????????f??Nokia C3-00 USB Device??????????????????0????????????t??l???Disk drive?ger??? ???/??????????????????????????USB\DevClass_00&SubClass_00&Prot_00?USB\DevClass_00&SubClass_00?USB\DevClass_00?USB\COMPOSITE??A?A??????????????????????Composite.Dev????$???????p???????????????????y??? ???e???7???????????????????????????U??r|??????????????????*6to4mp??{???????????????????????$???????p???????????????????y??6.1.7600.16385?r%\??input.inf????????????j??????? ???/???d???????????????????????????h?h?????????????13l??????<????????g?????????????????????a??50??????????????????????????????????????????????????????????????????????????????7&22226ad9&0?e???????????$???????w????????????????????????????????????????????????????:????????g????6.1.7600.16385?ffc??Port_#0002.Hub_#0004?.???$???????|???????????????????|???????????n?????e???????? 1??HID_Inst????? ??????????????????????????????????WINUSB.INF??????HID\VID_2166&PID_6649\7&e7bc41d&0&0000???????t??? ?????????????????????

---- EOF - GMER 1.0.15 ----

Editado por MatheusTalacioT

Compartilhar este post


Link para o post
Compartilhar em outros sites
 

Poste novo log do DDS, por gentileza.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×