Raylan Givens

"Vírus" muda página inicial.

17 posts neste tópico

Há uns dias meus dois navegadores (Chrome e IE) estão como site Seach Fever como página inicial e não consigo remove-lo.

Segue o log

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:32:15, on 18/04/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16766)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Users\Bruno\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe

C:\Users\Bruno\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\VPro530.exe

C:\Windows\SysWOW64\soundmen.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_ActiveX.exe

C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bruno\Downloads\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-fever.com/find.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-fever.com/find.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: BittorrentBar_PT Toolbar - {29acf17c-1713-4286-8f40-bfd05f1e70c8} - C:\Program Files (x86)\BittorrentBar_PT\tbBitt.dll

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: BittorrentBar_PT Toolbar - {29acf17c-1713-4286-8f40-bfd05f1e70c8} - C:\Program Files (x86)\BittorrentBar_PT\tbBitt.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~2\GbPlugin\gbiehUni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll

O3 - Toolbar: BittorrentBar_PT Toolbar - {29acf17c-1713-4286-8f40-bfd05f1e70c8} - C:\Program Files (x86)\BittorrentBar_PT\tbBitt.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [soundMen] C:\Windows\system32\soundmen.exe

O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files (x86)\Philips\Intelligent Agent\Philips Intelligent Agent.exe" /SILENT

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [Google Update] "C:\Users\Bruno\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [NortonUtilities] C:\Program Files (x86)\Norton Utilities 14\RMTray.exe /H

O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Bruno\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_ActiveX.exe -update activex

O4 - Startup: Windows Update.lnk = C:\Windows\WindowsUpdate.exe

O4 - Global Startup: VPro530.lnk = ?

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6EDB5532-8540-4163-B01F-9A61018B12A4}: NameServer = 200.165.132.154 200.149.55.142

O17 - HKLM\System\CS1\Services\Tcpip\..\{6EDB5532-8540-4163-B01F-9A61018B12A4}: NameServer = 200.165.132.154 200.149.55.142

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~2\GbPlugin\gbiehUni.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe

O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 13301 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, sou Majuluan,

Bem Vindo(a) à Linha Defensiva

Estarei analisando o seu caso. Peço por gentileza que Leia Atentamente as Observações abaixo;

Observações Importantes;

1 - Para obtermos sucesso nos procedimentos que se seguem, peço por gentileza que siga apenas o que lhe for proposto e não use qualquer ferramenta ou programa, que não seja os aqui recomendados.

NÃO tente realizar sozinho nenhum procedimento de limpeza. Em especial, não execute por conta própria ferramentas utilizadas no fórum Remoção de Malware. O uso indevido de algumas ferramentas poderá danificar o seu computador ou, no mínimo, remover parcialmente os sinais de uma infecção que serviriam de informação ao analista. A equipe não será responsabilizada por consequências resultantes de uso indevido e/ou não-informado das ferramentas. >>> Regra 8 / Regras para Área de Remoção de Malware <<< Link

2 - Não desinstale nenhuma das ferramenta que usaremos, até a finalização dos procedimentos.

3 - Caso tenha um Tópico em andamento em outro fórum, peço por gentileza que o abandone para não haver conflitos nas instruções.

4 - Para melhor acompanhar seu Tópico selecione em

opesdetpico.png
(Opções do Tópico), do lado direito, no alto da página e depois clicar em
opesdetpico2.png
(Assinar este tópico). Você também pode acompanhar este tópico em Painel de Controle/Ver Tópicos. < Link

5 - Para evitarmos conflitos e lentidão ao sistema, se tiver mais de um programa com proteção residente instalado (Antivírus, Antispyware, Firewall), deixe apenas um ativo.

6 - Se tiver alguma dúvida em relação aos procedimentos, não hesite em perguntar.

7 - Se você não receber uma resposta minha em até 5 dias. Me envie uma MP <<< Link

1º Passo:

Solicito Por Gentileza que Abra o Painel de Controle > Adicionar e Remover Programas e desinstale este:

BittorrentBar_PT Toolbar

Conduit Engine

2º Passo:

Baixe o Malwarebytes' Anti-Malware (MBAM) < Link

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

* Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.

* Se houver atualizações a serem feitas, serão baixadas e instaladas.

* Ao final da atualização, com o programa aberto, marque >>Verificação Completa<< e clique no botão Verificar.

* Começará então o exame. Aguarde, pois pode demorar.

* Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.

* Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

* Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)

* O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.

* Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta, juntamente com um novo log do HijackThis.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Em caso de dúvidas, leia o tutorial do programa:

MalwareBytes Antimalware, tutorial de instalação e execução < Link

No Aguardo, Abraços e Boa Sorte :legal:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Obrigado pela ajuda!

Seguem os Logs

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Versão da Base de Dados: 6394

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

18/04/2011 23:41:41

mbam-log-2011-04-18 (23-41-41).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|)

Objetos escaneados: 370932

Tempo decorrido: 42 minuto(s), 39 segundo(s)

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 1

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

Arquivos Infectados:

c:\program files (x86)\online services\UOL\discador.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:44:10, on 18/04/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16766)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Users\Bruno\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe

C:\Users\Bruno\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\VPro530.exe

C:\Windows\SysWOW64\soundmen.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bruno\Downloads\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-fever.com/find.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-fever.com/find.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {29acf17c-1713-4286-8f40-bfd05f1e70c8} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~2\GbPlugin\gbiehUni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [soundMen] C:\Windows\system32\soundmen.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files (x86)\Philips\Intelligent Agent\Philips Intelligent Agent.exe" /SILENT

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [Google Update] "C:\Users\Bruno\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [NortonUtilities] C:\Program Files (x86)\Norton Utilities 14\RMTray.exe /H

O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Bruno\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_ActiveX.exe -update activex

O4 - Startup: Windows Update.lnk = C:\Windows\WindowsUpdate.exe

O4 - Global Startup: VPro530.lnk = ?

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6EDB5532-8540-4163-B01F-9A61018B12A4}: NameServer = 200.165.132.154 200.149.55.142

O17 - HKLM\System\CS1\Services\Tcpip\..\{6EDB5532-8540-4163-B01F-9A61018B12A4}: NameServer = 200.165.132.154 200.149.55.142

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~2\GbPlugin\gbiehUni.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe

O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 12563 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Raylan Givens,

Baixe o Kaspersky AVP Tool de um desses 2 links:

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/

Salve-o em sua área de trabalho.

Execute o arquivo e vá seguindo os prompts. Quando terminar, marque a caixa ao lado de:


  • Meu Computador
  • Disco local (C:)

Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem.

Onde diz Ao detectar ameaça: Perguntar o que fazer mude para Perguntar ao concluir verificação, conforme imagens abaixo:

capture_26022011_114530.png

capture_26022011_100037.png

Clique no botão

capture_26022011_114924.png

Tenha paciência, é um pouco demorado.

Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer.

Marque o quadradinho ao lado de Aplicar para todos os objetos e depois clique em Ignorar (queremos apenas o log).

capture_26022011_115902.png

Enquanto durar o exame, o botão Iniciar Verificação será substituído por um quadrado vermelho, com a mensagem Interromper Verificação

Quando o exame terminar, o botão Iniciar Verificação aparecerá novamente.

Caso a ferramenta tenha encontrado algo, este botão

light_green.png
ficará vermelho
light_red.png

Quando terminar, clique no botão Relatório, no rodapé da janela.

Clique no sinal + ao lado do último Verificação automática: concluído da lista (o mais recente), para expandir o relatório.

capture_26022011_120057.png

Clique uma vez sobre Tarefa Iniciada para selecionar a linha, segure a tecla shift pressionada e depois clique uma vez sobre Tarefa Concluída

Clique com o direito sobre a seleção, depois clique em Copiar

Esta etapa deverá ficar como na imagem abaixo:

capture_26022011_120329.png

Vá em Iniciar > Executar e digite notepad

Quando o bloco de notas abrir, clique com o direito em qualquer lugar vazio e escolha a opção colar

Salve o log com o nome log.txt, em algum local de fácil acesso.

Copie todo o conteúdo deste log e cole na sua próxima resposta, juntamente com um novo log do HijackThis.

Saia do Kaspersky Removal Tool, clicando em Fechar na janela do Relatório, e depois em Sair, na janela do programa.

O programa lhe perguntará se você deseja desinstalá-lo.

Caso você continue com o programa e decida removê-lo no futuro:

Feche todas as janelas abertas, e salve o que achar necessário.

Entre na pasta Virus Removal Tool (estará na mesma pasta onde você salvou o arquivo de instalação), faça duplo clique sobre o arquivo unins000.exe

Clique em OK duas vezes.

Seu computador será reiniciado.

Se o log do Kaspersky ultrapassar o limite do forum, compacte-o com algum zip ou rar.

No Aguardo, Abraços e Boa Sorte :legal:

Compartilhar este post


Link para o post
Compartilhar em outros sites

A verificação "travou" com 99%. Depois de umas duas horas parado no mesmo arquivo eu pedi o relatório. Se for necessário fazer de novo é só me falar. Segue o log.

19/04/2011 22:45:06 Tarefa iniciada Ação padrão selecionada

19/04/2011 23:24:46 Detectados: Trojan.Win32.Regrun.jbn C:\Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/3 Ação padrão selecionada

19/04/2011 23:24:46 Não neutralizado: Trojan.Win32.Regrun.jbn C:\Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/3 Adiado

19/04/2011 23:24:46 Detectados: Trojan.Win32.Regrun.jbn C:\Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/4/3 Ação padrão selecionada

20/04/2011 00:44:25 Detectados: Trojan.Win32.Regrun.jbn C:\Users\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/3 Ação padrão selecionada

20/04/2011 00:44:25 Não neutralizado: Trojan.Win32.Regrun.jbn C:\Users\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/3 Adiado

20/04/2011 00:44:26 Detectados: Trojan.Win32.Regrun.jbn C:\Users\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/4/3 Ação padrão selecionada

20/04/2011 01:22:44 Detectados: Trojan.Win32.Regrun.jbn C:\Windows\SysWOW64\soundmen.exe Ação padrão selecionada

20/04/2011 01:22:44 Não neutralizado: Trojan.Win32.Regrun.jbn C:\Windows\SysWOW64\soundmen.exe Adiado

20/04/2011 01:41:01 Detectados: Trojan.Win32.Regrun.jbn c:\Windows\SysWOW64\soundmen.exe Ação padrão selecionada

20/04/2011 01:41:01 Não neutralizado: Trojan.Win32.Regrun.jbn c:\Windows\SysWOW64\soundmen.exe Adiado

20/04/2011 02:12:00 Detectados: Trojan.Win32.Regrun.jbn C:\Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/3 Ação padrão selecionada

20/04/2011 02:12:00 Não neutralizado: Trojan.Win32.Regrun.jbn C:\Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/3 Adiado

20/04/2011 02:12:00 Detectados: Trojan.Win32.Regrun.jbn C:\Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/4/3 Ação padrão selecionada

20/04/2011 03:22:06 Detectados: Trojan.Win32.Regrun.jbn C:\Users\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/3 Ação padrão selecionada

20/04/2011 03:22:06 Não neutralizado: Trojan.Win32.Regrun.jbn C:\Users\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/3 Adiado

20/04/2011 03:22:06 Detectados: Trojan.Win32.Regrun.jbn C:\Users\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/4/3 Ação padrão selecionada

20/04/2011 03:56:20 Detectados: Trojan.Win32.Regrun.jbn C:\Windows\SysWOW64\soundmen.exe Ação padrão selecionada

20/04/2011 03:56:20 Não neutralizado: Trojan.Win32.Regrun.jbn C:\Windows\SysWOW64\soundmen.exe Adiado

20/04/2011 04:19:00 Detectados: Trojan.Win32.Regrun.jbn C:\Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/3 Ação padrão selecionada

20/04/2011 06:54:49 Não neutralizado: Trojan.Win32.Regrun.jbn C:\Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/3 Gravação sem suporte

20/04/2011 06:54:49 Erro de processamento: Trojan.Win32.Regrun.jbn C:\Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe Erro de leitura

20/04/2011 06:54:49 Tarefa concluída Ação padrão selecionada

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:41:07, on 20/04/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16766)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Norton Utilities 14\RMTray.exe

C:\Users\Bruno\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Windows\VPro530.exe

C:\Users\Bruno\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\SysWOW64\soundmen.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bruno\Downloads\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-fever.com/find.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-fever.com/find.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {29acf17c-1713-4286-8f40-bfd05f1e70c8} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~2\GbPlugin\gbiehUni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [soundMen] C:\Windows\system32\soundmen.exe

O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files (x86)\Philips\Intelligent Agent\Philips Intelligent Agent.exe" /SILENT

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [Google Update] "C:\Users\Bruno\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [NortonUtilities] C:\Program Files (x86)\Norton Utilities 14\RMTray.exe /H

O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Bruno\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: Windows Update.lnk = C:\Windows\WindowsUpdate.exe

O4 - Global Startup: VPro530.lnk = ?

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6EDB5532-8540-4163-B01F-9A61018B12A4}: NameServer = 200.165.132.154 200.149.55.142

O17 - HKLM\System\CS1\Services\Tcpip\..\{6EDB5532-8540-4163-B01F-9A61018B12A4}: NameServer = 200.165.132.154 200.149.55.142

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~2\GbPlugin\gbiehUni.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe

O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 12180 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Raylan Givens,

A verificação "travou" com 99%. Depois de umas duas horas parado no mesmo arquivo eu pedi o relatório. Se for necessário fazer de novo é só me falar. Segue o log.

Saberia dizer qual é este Arquivo?

1º Passo:

Configure seu windows para mostrar todos os Arquivos Ocultos < Link

Acesse o VirusTotal.com (em português) < Link

Clique no botão

send.png
e localize o arquivo abaixo.

C:\Windows\SysWOW64\soundmen.exe

Depois clique em

send2.png

Atente para o nome correto do arquivo e depois clique em Abrir > Enviar Arquivo.

Após o término da análise, copie o link que está localizado em Permalink e/ou o Endereço da barra de endereços do Navegador: e cole no Próximo Post.

2º Passo:

Baixe OTL by OldTimer, e salve na sua área de trabalho.

Feche todas as janelas e execute a ferramenta.

** Usuários do Windows Vista e Windows 7:

Clique com o direito sobre o arquivo, depois clique em

execadmin.png
.

Onde diz Saída, marque Padrão

Marque também estas opções:

  • Data de Criação -> mude para 90 dias
  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

netsvcs

%SYSTEMDRIVE%\*.*

%userprofile%\*.*

%systemroot%\system32\drivers\*.* /90

%APPDATA%\Adobe\Update\*.*

%ALLUSERSPROFILE%\*.*

%APPDATA%\Microsoft\*.*

%PROGRAMFILES%\*.*

%APPDATA%\Update\*.*

CREATERESTOREPOINT

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

%PROGRAMFILES%\Internet Explorer\*.*

Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão Verificar

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a ) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt

Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.

Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.

No Aguardo, Abraços e Boa Sorte :legal:

Compartilhar este post


Link para o post
Compartilhar em outros sites

O arquivo que travou foi o Justified S02E09 HDTV XviD-ASAP [eztv] (Arquivo de vídeo, é uma série de TV que eu baixo da Net)

http://www.virustotal.com/file-scan/reanal...8e1e-1303347697

OTL logfile created on: 20/04/2011 22:14:12 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Bruno\Downloads

64bit- Home Basic Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free

8,00 Gb Paging File | 6,00 Gb Available in Paging File | 73,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 456,47 Gb Total Space | 357,70 Gb Free Space | 78,36% Space Free | Partition Type: NTFS

Drive D: | 9,19 Gb Total Space | 1,41 Gb Free Space | 15,36% Space Free | Partition Type: NTFS

Computer Name: BRUNO-PC | User Name: Bruno | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2011/04/20 22:11:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Bruno\Downloads\OTL (1).exe

PRC - [2011/04/18 23:57:02 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe

PRC - [2011/04/05 23:04:36 | 000,220,143 | -HS- | M] ( ) -- C:\Windows\SysWOW64\soundmen.exe

PRC - [2011/03/30 09:18:40 | 000,056,712 | ---- | M] ( ) -- C:\PROGRA~2\GbPlugin\GbpSv.exe

PRC - [2010/10/17 15:40:22 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\Bruno\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe

PRC - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe

PRC - [2010/02/25 21:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe

PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

PRC - [2009/10/30 08:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

PRC - [2009/09/14 10:53:32 | 000,279,912 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Utilities 14\RMTray.exe

PRC - [2009/01/29 19:20:49 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe

PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2009/01/08 10:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\Bruno\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

PRC - [2008/11/20 09:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

PRC - [2008/02/15 11:49:40 | 000,155,648 | ---- | M] (Philips) -- C:\Windows\VPro530.exe

PRC - [2007/06/20 11:04:56 | 000,693,600 | ---- | M] (Microsoft® Corporation) -- C:\Program Files (x86)\Microsoft Works\WksWP.exe

PRC - [2007/06/20 11:04:54 | 000,091,488 | ---- | M] (Microsoft® Corporation) -- C:\PROGRA~2\MICROS~1\wkgdcach.exe

PRC - [2007/06/20 11:04:52 | 000,095,584 | ---- | M] (Microsoft® Corporation) -- C:\PROGRA~2\MICROS~1\WkDStore.exe

========== Modules (SafeList) ==========

MOD - [2011/04/20 22:11:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Bruno\Downloads\OTL (1).exe

MOD - [2010/08/21 02:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2011/04/16 03:29:06 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011/03/30 09:18:40 | 000,056,712 | ---- | M] ( ) [unknown | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv)

SRV - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)

SRV - [2010/02/25 21:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe -- (NIS)

SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/02/18 23:31:39 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2010/05/13 22:09:08 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2010/05/06 01:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symtdiv.sys -- (SYMTDIv)

DRV:64bit: - [2010/04/29 02:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\ironx64.sys -- (SymIRON)

DRV:64bit: - [2010/04/22 00:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symefa64.sys -- (SymEFA)

DRV:64bit: - [2010/04/21 23:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2010/04/21 23:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV:64bit: - [2010/02/25 21:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\cchpx64.sys -- (ccHP)

DRV:64bit: - [2009/10/20 17:20:36 | 000,114,608 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\phaudlwr.sys -- (phaudlwr)

DRV:64bit: - [2009/09/11 22:04:50 | 006,177,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/08/29 21:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symds64.sys -- (SymDS)

DRV:64bit: - [2009/08/20 21:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/07/13 22:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/13 22:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 22:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 17:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/02/17 14:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV:64bit: - [2008/05/21 14:30:58 | 000,583,168 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC530.sys -- (SPC530)

DRV:64bit: - [2008/05/21 14:30:58 | 000,008,192 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC530m.sys -- (SPC530m)

DRV:64bit: - [2007/02/15 21:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)

DRV - [2011/04/15 17:29:04 | 001,127,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110419.001\BHDrvx64.sys -- (BHDrvx64)

DRV - [2011/03/31 09:13:33 | 001,828,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110420.020\EX64.SYS -- (NAVEX15)

DRV - [2011/03/31 09:13:33 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110420.020\ENG64.SYS -- (NAVENG)

DRV - [2011/03/30 09:20:02 | 000,046,600 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\gbpkm.sys -- (GbpKm)

DRV - [2011/03/14 15:58:28 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110419.002\IDSviA64.sys -- (IDSVia64)

DRV - [2011/01/02 02:20:19 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2010/08/03 00:06:52 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)

DRV - [2009/09/17 02:57:46 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Arquivos de Programas\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)

DRV - [2007/02/15 21:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/3

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/3

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search-fever.com/find.php

IE - HKCU\..\URLSearchHook: {29acf17c-1713-4286-8f40-bfd05f1e70c8} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/05/25 20:50:28 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/05/14 19:07:32 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011/04/20 13:16:48 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL (Symantec Corporation)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll (Banco do Brasil)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~2\GbPlugin\gbiehUni.dll (Banco Unibanco)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {29ACF17C-1713-4286-8F40-BFD05F1E70C8} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll (Symantec Corporation)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Arquivos de Programas\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)

O4 - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)

O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)

O4 - HKLM..\Run: [soundMen] C:\Windows\SysWOW64\soundmen.exe ( )

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKCU..\Run: [NortonUtilities] C:\Program Files (x86)\Norton Utilities 14\RMTray.exe (Symantec Corporation)

O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Bruno\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)

O4 - HKCU..\Run: [Philips Intelligent Agent] C:\Program Files (x86)\Philips\Intelligent Agent\Philips Intelligent Agent.exe (Philips Consumer Electronics)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O4 - Startup: C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Update.lnk = File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)

O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)

O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)

O15 - HKCU\..Trusted Domains: bb.com.br ([www] * in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab (PhotoPickConvert Class)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab (GbPluginObj Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\ GbPluginBb: DllName - C:\Program Files (x86)\GbPlugin\gbieh.dll - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)

O20 - Winlogon\Notify\ GbPluginUni: DllName - C:\PROGRA~2\GbPlugin\gbiehUni.dll - C:\PROGRA~2\GbPlugin\gbiehUni.dll (Banco Unibanco)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRA~2\GbPlugin\gbiehUni.dll (Banco Unibanco)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll (Banco do Brasil)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2011/04/20 19:06:37 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{D0D5F0EE-3456-4BA2-AFAB-D3A76430E7CC}

[2011/04/20 07:01:23 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{6BD88F55-FF35-45CA-8CC1-283C6DEEC7B2}

[2011/04/19 22:42:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab

[2011/04/19 22:41:40 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Desktop\Virus Removal Tool

[2011/04/19 20:32:28 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{81074559-5A55-4550-B3B7-C03D337B4F99}

[2011/04/19 11:59:56 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{6F2459A2-549A-4526-9D97-99B763DD4213}

[2011/04/18 22:55:28 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\Malwarebytes

[2011/04/18 22:54:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011/04/18 22:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/04/18 22:54:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/04/18 22:54:16 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011/04/18 22:54:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011/04/18 19:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2011/04/18 19:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2011/04/18 19:23:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2011/04/18 19:07:40 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{D1796DDC-43B5-4BFC-B0D2-A63BF70E2589}

[2011/04/18 13:45:12 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{4C017F59-C6B4-42B1-B0C9-B303401F414E}

[2011/04/17 20:58:17 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{B71B5022-77AC-47D2-B99F-090731B6EDA7}

[2011/04/16 03:27:18 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{7BFC8107-6AFE-4BD7-A515-524D05D1D8A1}

[2011/04/15 17:41:14 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{B71A0F64-7F91-4DAE-BEF2-A8B7EC9E4292}

[2011/04/14 06:44:09 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{3E22F576-65E8-489D-B7B4-288F2CA70E11}

[2011/04/13 21:47:46 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{ACD1B428-8082-418C-A471-F18DC455CF62}

[2011/04/13 21:47:27 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\Opera

[2011/04/13 21:47:27 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\Apple Computer

[2011/04/11 17:23:07 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{4B8EA5E4-697A-4F62-889E-084F0459B3B3}

[2011/04/10 23:17:53 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{C7C0651A-B852-47EC-9908-B7C88CCFFEEF}

[2011/04/10 17:32:20 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{69620291-563C-4028-9B5D-23D5008B1B0C}

[2011/04/10 14:00:48 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{21B29DD6-7627-4EAB-9CA8-B34E95507E68}

[2011/04/10 01:58:53 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{5B371B94-CD64-4D2B-8DE0-76C6E0624BA3}

[2011/04/09 13:56:56 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{95312A40-5307-4175-AB1E-9151EDBABFE1}

[2011/04/09 01:54:59 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{6419DDB9-BA68-4207-950B-2F3880E2C650}

[2011/04/08 20:11:25 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{1561FD39-DA13-4B35-BB2D-CB2EBDE0E8E9}

[2011/04/07 21:17:53 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{347D7570-336C-44E8-A987-C64A09BAD739}

[2011/04/06 22:57:14 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{51C476C6-4D2B-4364-AFEF-50CE06FA1DD5}

[2011/04/06 19:12:27 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{B1DD3CFA-CCF6-4C92-8760-770D407D41F4}

[2011/04/05 23:04:36 | 000,220,143 | -HS- | C] ( ) -- C:\Windows\SysWow64\soundmen.exe

[2011/04/04 23:51:32 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{414FE2C8-F559-4E6F-9BCC-56E78872B877}

[2011/04/04 18:32:12 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{065FD4E4-DCEA-4F16-9B71-7498D8FBA1B4}

[2011/04/03 17:08:29 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{53C976F3-6A7D-4439-8958-F5AE84288A44}

[2011/04/03 14:27:55 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{A38452FC-B014-49EC-8721-861DB659AF51}

[2011/04/02 23:04:53 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{36C4763B-98C0-4628-90E8-E70D324BB341}

[2011/04/02 11:02:58 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{45F86973-54A7-4DFA-94E6-F71AE68A04B9}

[2011/04/01 23:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium

[2011/04/01 23:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate

[2011/04/01 22:04:52 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{57EF54A8-588D-46B7-9EA2-6DA5A38751E4}

[2011/04/01 19:39:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2011/04/01 18:40:38 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{A1656566-F02B-45A5-ABED-1ED69E057AE2}

[2011/03/31 22:25:45 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{C5F67BE4-5A3B-4949-BB00-BFA9CD8ED3D7}

[2011/03/31 09:03:27 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{9C6DE082-7F48-4A6F-9A21-8E2CEB6CE1DF}

[2011/03/21 17:25:17 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Documents\Portal Physics - Inscrições para o simulado UFPA_files

[2011/03/09 23:44:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2011/03/04 23:04:45 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallJammer Registry

[2011/03/04 23:04:41 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2011

[2011/03/04 23:04:38 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas RFB

[2011/02/24 03:01:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET

[2011/02/18 23:58:56 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\Sports Interactive

[2011/02/18 23:50:07 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Zero G Registry

[2011/02/18 23:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sports Interactive

[2011/02/18 23:48:21 | 000,000,000 | -H-D | C] -- C:\Users\Bruno\InstallAnywhere

[2011/02/18 23:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite

[2011/02/18 23:30:46 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\DAEMON Tools Lite

[2011/02/18 23:30:44 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite

[2011/01/22 21:17:58 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\ImgBurn

[2011/01/22 20:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn

[2011/01/22 20:46:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn

[2011/01/22 18:50:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft

[2011/01/22 16:32:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlySoft

[2011/01/22 16:22:55 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\abgx360

[2011/01/22 16:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\abgx360

[2011/01/22 16:15:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\abgx360

========== Files - Modified Within 90 Days ==========

[2011/04/20 22:10:48 | 000,013,774 | ---- | M] () -- C:\Users\Bruno\AppData\Roaming\wklnhst.dat

[2011/04/20 22:10:48 | 000,009,728 | ---- | M] () -- C:\Users\Bruno\Documents\link linha defensiva.wps

[2011/04/20 22:06:26 | 000,013,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/04/20 22:06:26 | 000,013,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/04/20 21:45:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-912155494-1377236273-3055624676-1000UA.job

[2011/04/20 21:43:00 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/04/20 16:45:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-912155494-1377236273-3055624676-1000Core.job

[2011/04/20 16:32:47 | 001,517,030 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/04/20 16:32:47 | 000,663,606 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat

[2011/04/20 16:32:47 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/04/20 16:32:47 | 000,127,896 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat

[2011/04/20 16:32:47 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/04/20 16:28:31 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/04/20 16:28:26 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl

[2011/04/20 16:28:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/04/20 16:28:16 | 3212,713,984 | -HS- | M] () -- C:\hiberfil.sys

[2011/04/20 13:16:48 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2011/04/18 22:54:20 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/04/18 20:24:31 | 000,001,441 | ---- | M] () -- C:\Users\Bruno\Desktop\HijackThis (1) - Atalho.lnk

[2011/04/18 19:23:45 | 000,001,260 | ---- | M] () -- C:\Users\Bruno\Desktop\Spybot - Search & Destroy.lnk

[2011/04/16 03:25:52 | 000,320,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011/04/10 05:49:03 | 000,000,815 | ---- | M] () -- C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Update.lnk

[2011/04/09 17:03:15 | 000,001,900 | ---- | M] () -- C:\Users\Bruno\Desktop\FM 2011.lnk

[2011/04/05 23:04:36 | 000,220,143 | -HS- | M] ( ) -- C:\Windows\SysWow64\soundmen.exe

[2011/04/01 23:09:50 | 000,003,052 | ---- | M] () -- C:\Users\Bruno\Documents\comprovante.pdf

[2011/04/01 19:39:06 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2011/04/01 18:48:22 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2011/03/30 09:20:02 | 000,046,600 | ---- | M] (GAS Tecnologia) -- C:\Windows\SysWow64\drivers\gbpkm.sys

[2011/03/26 00:47:44 | 000,002,361 | ---- | M] () -- C:\Users\Bruno\Desktop\Google Chrome.lnk

[2011/03/21 22:34:18 | 000,068,842 | ---- | M] () -- C:\Users\Bruno\AppData\Local\tmpOGAAAK6US-YP9VPHR41T5HTIGGLORNADYUSZ33VF7SR6GK4RYESBOJJFD9OHRCFFFNF2CVYF5KLAQG5UBBVHEJRWRLQAM1T1UKFANIJSYD4RK9AHAP1SMG_G_CSA.JPG

[2011/03/21 17:25:17 | 000,010,912 | ---- | M] () -- C:\Users\Bruno\Documents\Portal Physics - Inscrições para o simulado UFPA.htm

[2011/03/20 14:38:44 | 000,003,758 | -HS- | M] () -- C:\Windows\SysWow64\msc01.dat

[2011/03/20 14:33:54 | 000,000,921 | -HS- | M] () -- C:\Windows\SysWow64\msc03.dat

[2011/03/20 14:29:26 | 000,061,440 | -HS- | M] () -- C:\Windows\SysWow64\msc02.dat

[2011/03/14 23:50:37 | 000,014,848 | ---- | M] () -- C:\Users\Bruno\Documents\pre projeto pós.wps

[2011/03/04 23:04:45 | 000,001,726 | ---- | M] () -- C:\Users\Bruno\Desktop\IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk

[2011/02/18 23:31:39 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys

[2011/02/06 20:47:23 | 005,098,856 | ---- | M] () -- C:\Users\Bruno\Documents\Vídeo1.mpg

[2011/02/06 20:46:56 | 000,068,389 | ---- | M] () -- C:\Users\Bruno\Documents\Imagem1.jpg

[2011/01/26 17:59:59 | 000,000,041 | -HS- | M] () -- C:\ProgramData\.zreglib

[2011/01/22 20:46:36 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk

[2011/01/22 18:51:00 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\CloneCD.lnk

========== Files Created - No Company Name ==========

[2011/04/20 22:10:02 | 000,009,728 | ---- | C] () -- C:\Users\Bruno\Documents\link linha defensiva.wps

[2011/04/18 22:54:20 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/04/18 20:24:31 | 000,001,441 | ---- | C] () -- C:\Users\Bruno\Desktop\HijackThis (1) - Atalho.lnk

[2011/04/18 19:23:45 | 000,001,260 | ---- | C] () -- C:\Users\Bruno\Desktop\Spybot - Search & Destroy.lnk

[2011/04/10 05:47:50 | 000,000,815 | ---- | C] () -- C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Update.lnk

[2011/04/09 16:41:31 | 025,562,230 | ---- | C] () -- C:\Users\Bruno\Documents\portuguese.ltc

[2011/04/01 23:09:50 | 000,003,052 | ---- | C] () -- C:\Users\Bruno\Documents\comprovante.pdf

[2011/04/01 19:39:05 | 000,002,286 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2011/03/21 22:34:18 | 000,068,842 | ---- | C] () -- C:\Users\Bruno\AppData\Local\tmpOGAAAK6US-YP9VPHR41T5HTIGGLORNADYUSZ33VF7SR6GK4RYESBOJJFD9OHRCFFFNF2CVYF5KLAQG5UBBVHEJRWRLQAM1T1UKFANIJSYD4RK9AHAP1SMG_G_CSA.JPG

[2011/03/21 17:25:16 | 000,010,912 | ---- | C] () -- C:\Users\Bruno\Documents\Portal Physics - Inscrições para o simulado UFPA.htm

[2011/03/20 14:38:44 | 000,003,758 | -HS- | C] () -- C:\Windows\SysWow64\msc01.dat

[2011/03/20 14:33:54 | 000,000,921 | -HS- | C] () -- C:\Windows\SysWow64\msc03.dat

[2011/03/20 14:29:26 | 000,061,440 | -HS- | C] () -- C:\Windows\SysWow64\msc02.dat

[2011/03/14 23:50:37 | 000,014,848 | ---- | C] () -- C:\Users\Bruno\Documents\pre projeto pós.wps

[2011/03/04 23:04:45 | 000,001,726 | ---- | C] () -- C:\Users\Bruno\Desktop\IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk

[2011/02/19 21:40:22 | 000,001,900 | ---- | C] () -- C:\Users\Bruno\Desktop\FM 2011.lnk

[2011/02/18 23:31:39 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys

[2011/02/06 20:47:00 | 005,098,856 | ---- | C] () -- C:\Users\Bruno\Documents\Vídeo1.mpg

[2011/02/06 20:46:56 | 000,068,389 | ---- | C] () -- C:\Users\Bruno\Documents\Imagem1.jpg

[2011/01/22 20:46:35 | 000,001,867 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk

[2011/01/22 18:50:59 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\CloneCD.lnk

[2011/01/22 16:37:09 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib

[2010/05/24 23:52:48 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys

[2010/05/14 21:44:11 | 002,821,242 | ---- | C] () -- C:\Program Files (x86)\wrar393br.exe

[2010/05/14 20:42:00 | 000,013,774 | ---- | C] () -- C:\Users\Bruno\AppData\Roaming\wklnhst.dat

[2010/05/14 19:20:00 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2010/05/14 19:19:59 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2010/05/14 19:19:58 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2010/05/14 19:19:58 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2010/05/14 19:19:57 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll

[2010/05/14 19:19:56 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2009/09/29 14:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL

[2009/07/14 02:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/13 23:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/13 23:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/13 21:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/13 20:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 18:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/10 18:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/01/22 16:22:57 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\abgx360

[2011/04/18 23:23:53 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\BitTorrent

[2010/05/24 23:52:57 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Canneverbe Limited

[2011/02/18 23:46:11 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\DAEMON Tools Lite

[2011/01/22 21:42:21 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\ImgBurn

[2010/10/03 21:58:11 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\med2

[2010/10/05 01:31:26 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Octoshape

[2011/04/13 21:47:27 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Opera

[2011/02/18 23:58:56 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Sports Interactive

[2010/05/14 20:42:10 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Template

[2010/08/02 21:27:59 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Tific

[2010/05/27 21:54:33 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\uTorrent

[2010/05/15 00:37:12 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\WinBatch

[2010/10/31 19:59:12 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Windows Live Writer

[2010/05/14 19:07:16 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job

[2011/02/20 23:03:58 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2010/07/11 14:20:57 | 000,000,500 | ---- | M] () -- C:\FINIS_IT.TXT

[2011/04/20 16:28:16 | 3212,713,984 | -HS- | M] () -- C:\hiberfil.sys

[2006/12/01 22:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll

[2011/04/20 16:28:16 | 4283,621,376 | -HS- | M] () -- C:\pagefile.sys

< %userprofile%\*.* >

[2011/04/20 22:16:21 | 003,145,728 | -HS- | M] () -- C:\Users\Bruno\ntuser.dat

[2011/04/20 22:16:21 | 000,262,144 | -HS- | M] () -- C:\Users\Bruno\ntuser.dat.LOG1

[2010/05/13 22:00:15 | 000,000,000 | -HS- | M] () -- C:\Users\Bruno\ntuser.dat.LOG2

[2010/05/13 22:32:23 | 000,065,536 | -HS- | M] () -- C:\Users\Bruno\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf

[2010/05/13 22:32:23 | 000,524,288 | -HS- | M] () -- C:\Users\Bruno\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms

[2010/05/13 22:32:23 | 000,524,288 | -HS- | M] () -- C:\Users\Bruno\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms

[2010/08/03 00:19:10 | 000,065,536 | -HS- | M] () -- C:\Users\Bruno\ntuser.dat{d6a86510-9e95-11df-942d-78e7d10089ad}.TM.blf

[2010/08/03 00:19:10 | 000,524,288 | -HS- | M] () -- C:\Users\Bruno\ntuser.dat{d6a86510-9e95-11df-942d-78e7d10089ad}.TMContainer00000000000000000001.regtrans-ms

[2010/08/03 00:19:10 | 000,524,288 | -HS- | M] () -- C:\Users\Bruno\ntuser.dat{d6a86510-9e95-11df-942d-78e7d10089ad}.TMContainer00000000000000000002.regtrans-ms

[2010/05/13 22:00:15 | 000,000,020 | -HS- | M] () -- C:\Users\Bruno\ntuser.ini

[2010/11/02 06:06:56 | 002,285,568 | ---- | M] () -- C:\Users\Bruno\s-1-5-21-912155494-1377236273-3055624676-1000.rrr

< %systemroot%\system32\drivers\*.* /90 >

[2011/03/30 09:20:02 | 000,046,600 | ---- | M] (GAS Tecnologia) -- C:\Windows\SysWOW64\drivers\gbpkm.sys

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\*.* >

[2011/01/26 17:59:59 | 000,000,041 | -HS- | M] () -- C:\ProgramData\.zreglib

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

[2009/07/14 01:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

[2010/05/14 21:44:47 | 002,821,242 | ---- | M] () -- C:\Program Files (x86)\wrar393br.exe

< %APPDATA%\Update\*.* >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >

"DefaultConnectionSettings" = [binary data over 100 bytes]

"SavedLegacySettings" = 46 00 00 00 B4 14 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]

"Conexão de Banda Larga" = 46 00 00 00 31 03 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]

< %PROGRAMFILES%\Internet Explorer\*.* >

[2009/07/13 22:14:20 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ExtExport.exe

[2009/07/13 22:15:24 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\hmmapi.dll

[2009/06/10 18:17:22 | 000,002,649 | ---- | M] () -- C:\Program Files (x86)\Internet Explorer\ie8props.propdesc

[2010/10/19 05:10:26 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iecompat.dll

[2011/02/24 02:29:51 | 000,860,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iedvtool.dll

[2009/07/13 22:14:21 | 000,257,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieinstal.exe

[2009/07/13 22:14:21 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ielowutil.exe

[2011/02/24 02:29:55 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll

[2009/07/13 22:15:28 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\IEShims.dll

[2011/02/24 02:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

[2009/07/13 22:15:35 | 000,524,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll

[2009/07/13 22:15:35 | 000,122,880 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll

[2009/07/13 22:15:35 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\JSProfilerCore.dll

[2009/07/13 22:15:35 | 000,352,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsprofilerui.dll

[2009/06/10 18:14:14 | 000,265,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\msdbg2.dll

[2009/06/10 18:14:15 | 000,355,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\pdm.dll

[2009/07/13 22:16:15 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\sqmapi.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst

@Alternate Data Stream - 24 bytes -> C:\Windows:E9CAC7DF2414A499

@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:D287FACF

< End of report >

Extras.rar

Editado por Raylan Givens

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Raylan Givens,

1º Passo:

Configure seu windows para mostrar todos os Arquivos Ocultos < Link

Acesse o VirusTotal.com (em português) < Link

Clique no botão

send.png
e localize o arquivo abaixo.

C:\Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe

Depois clique em

send2.png

Atente para o nome correto do arquivo e depois clique em Abrir > Enviar Arquivo.

Após o término da análise, copie o link que está localizado em Permalink e/ou o Endereço da barra de endereços do Navegador: e cole no Próximo Post.

Repita a análise para estes outros:

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe

C:\Users\Bruno\AppData\Roaming\wklnhst.dat

2º Passo:

Selecione estas linhas em vermelho, clique com o direito sobre a seleção e escolha a opção copiar:

OBS: Certifique-se de copiar começando pela letra e sinal de dois pontos ":o" de OTL.

:OTL

PRC - [2011/04/05 23:04:36 | 000,220,143 | -HS- | M] ( ) -- C:\Windows\SysWOW64\soundmen.exe

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search-fever.com/find.php

IE - HKCU\..\URLSearchHook: {29acf17c-1713-4286-8f40-bfd05f1e70c8} - Reg Error: Key error. File not found

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {29ACF17C-1713-4286-8F40-BFD05F1E70C8} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.

O4 - HKLM..\Run: [] File not found

@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:D287FACF

:files

C:\Windows\SysWOW64\soundmen.exe

:reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"[C:\Windows\SysWOW64\soundmen.exe]"=-

:Commands

[createrestorepoint]

[purity]

[emptytemp]

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.

Siga estas intruções Assistência Gratuita para Remoção de vírus < Link e peça ajuda em Remoção de Malware < Link

Execute o OTL.exe

** Usuários do Windows Vista e Windows 7:

Clique com o direito sobre o arquivo, depois clique em

execadmin.png
.

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar.

Feche TODAS as janelas (exceto o próprio OTL).

Clique no botão

BotaoConsertar.png

O programa executará o script e reiniciará o seu computador.

Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.

Um bloco de notas será aberto, contendo algumas informações.

Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

No Aguardo, Abraços e Boa Sorte

:legal:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Codec.exe

http://www.virustotal.com/file-scan/reanal...82c8-1303450456

FlashUtil10p_ActiveX.exe

http://www.virustotal.com/file-scan/reanal...3262-1303450767

wklnhst.dat

http://www.virustotal.com/file-scan/report...9723-1303451087

Log

Files\Folders moved on Reboot...

C:\Users\Bruno\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Bruno\AppData\Local\Temp\FXSTIFFDebugLogFile.txt moved successfully.

C:\Users\Bruno\AppData\Local\Temp\~DFD5DEE117BAB561A4.TMP moved successfully.

Registry entries deleted on Reboot...

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Raylan Givens,

O Log/Resultado do OTL está Incompleto!!! Peço por gentileza que verifique em C:\_OTL\MovedFiles >>> data_hora.log (Ex.: 03142010_145545.log), se copiou todo o resultado corretamente.

Caso o Log/Resultado realmente contenha apenas o que postou, Peço Por Gentileza que repita o Procedimento com o OTL...

No Aguardo, Abraços e Boa Sorte :legal:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Refiz o procedimento. Espero que tenha dado certo, obrigado.

All processes killed

========== OTL ==========

No active process named soundmen.exe was found!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{29acf17c-1713-4286-8f40-bfd05f1e70c8} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29acf17c-1713-4286-8f40-bfd05f1e70c8}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{29ACF17C-1713-4286-8F40-BFD05F1E70C8} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29ACF17C-1713-4286-8F40-BFD05F1E70C8}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.

Unable to delete ADS C:\ProgramData\Temp:D287FACF .

========== FILES ==========

File\Folder C:\Windows\SysWOW64\soundmen.exe not found.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\[C:\Windows\SysWOW64\soundmen.exe] not found.

========== COMMANDS ==========

Error creating restore point.

[EMPTYTEMP]

User: All Users

User: Bruno

->Temp folder emptied: 3735268 bytes

->Temporary Internet Files folder emptied: 528679 bytes

->Java cache emptied: 455181 bytes

->Google Chrome cache emptied: 24286287 bytes

->Flash cache emptied: 58128 bytes

User: Dayane

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Todos os Usuários

User: Usuário Padrão

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 32842613 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50521 bytes

RecycleBin emptied: 9812521588 bytes

Total Files Cleaned = 9.417,00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04222011_143829

Files\Folders moved on Reboot...

C:\Users\Bruno\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Bruno\AppData\Local\Temp\~DF03AD5F8BEF10D458.TMP moved successfully.

Registry entries deleted on Reboot...

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Raylan Givens,

1º Passo:

Selecione estas linhas em vermelho, clique com o direito sobre a seleção e escolha a opção copiar:

OBS: Certifique-se de copiar começando pela letra e sinal de dois pontos ":o" de OTL.

:Files

C:\Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe

:Commands

[createrestorepoint]

[purity]

[emptytemp]

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.

Siga estas intruções Assistência Gratuita para Remoção de vírus < Link e peça ajuda em Remoção de Malware < Link

Execute o OTL.exe

** Usuários do Windows Vista e Windows 7:

Clique com o direito sobre o arquivo, depois clique em

execadmin.png
.

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar.

Feche TODAS as janelas (exceto o próprio OTL).

Clique no botão

BotaoConsertar.png

O programa executará o script e reiniciará o seu computador.

Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.

Um bloco de notas será aberto, contendo algumas informações.

Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

2º Passo:

Peço por gentileza que repita o Procedimento com o Kaspersky AVP Tool, conforme procedimentos de meu 2º Post, mas ao invés de ignorar, selecione a opção remover.

capture_26022011_115902.png

No Aguardo, Abraços e Boa Sorte :legal:

Compartilhar este post


Link para o post
Compartilhar em outros sites

* Repeti todos os procedimentos do seu segundo post.

All processes killed

========== FILES ==========

C:\Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe moved successfully.

========== COMMANDS ==========

Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Bruno

->Temp folder emptied: 91169660 bytes

->Temporary Internet Files folder emptied: 847457 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 18822758 bytes

->Flash cache emptied: 1253 bytes

User: Dayane

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Todos os Usuários

User: Usuário Padrão

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 1386496 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 66016 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 2853383 bytes

Total Files Cleaned = 110,00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04222011_231617

Files\Folders moved on Reboot...

C:\Users\Bruno\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Bruno\AppData\Local\Temp\~DFBA0DEF26260558F6.TMP moved successfully.

Registry entries deleted on Reboot...

22/04/2011 23:34:10 Tarefa iniciada Ação padrão selecionada

23/04/2011 03:06:25 Detectados: Trojan.Win32.Regrun.jbn C:\_OTL\MovedFiles\04222011_024927\C_Windows\SysWOW64\soundmen.exe Ação padrão selecionada

23/04/2011 03:06:25 Não neutralizado: Trojan.Win32.Regrun.jbn C:\_OTL\MovedFiles\04222011_024927\C_Windows\SysWOW64\soundmen.exe Adiado

23/04/2011 03:06:26 Detectados: Trojan.Win32.Regrun.jbn C:\_OTL\MovedFiles\04222011_231617\C_Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/3 Ação padrão selecionada

23/04/2011 03:06:26 Não neutralizado: Trojan.Win32.Regrun.jbn C:\_OTL\MovedFiles\04222011_231617\C_Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/3 Adiado

23/04/2011 03:06:27 Detectados: Trojan.Win32.Regrun.jbn C:\_OTL\MovedFiles\04222011_231617\C_Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/4/3 Ação padrão selecionada

23/04/2011 05:45:17 Detectados: Trojan.Win32.Regrun.jbn C:\_OTL\MovedFiles\04222011_024927\C_Windows\SysWOW64\soundmen.exe Ação padrão selecionada

23/04/2011 05:45:17 Não neutralizado: Trojan.Win32.Regrun.jbn C:\_OTL\MovedFiles\04222011_024927\C_Windows\SysWOW64\soundmen.exe Adiado

23/04/2011 05:45:18 Detectados: Trojan.Win32.Regrun.jbn C:\_OTL\MovedFiles\04222011_231617\C_Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/3 Ação padrão selecionada

23/04/2011 05:45:18 Não neutralizado: Trojan.Win32.Regrun.jbn C:\_OTL\MovedFiles\04222011_231617\C_Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/3 Adiado

23/04/2011 05:45:18 Detectados: Trojan.Win32.Regrun.jbn C:\_OTL\MovedFiles\04222011_231617\C_Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/4/3 Ação padrão selecionada

23/04/2011 05:47:23 Detectados: Trojan.Win32.Regrun.jbn C:\_OTL\MovedFiles\04222011_024927\C_Windows\SysWOW64\soundmen.exe Ação padrão selecionada

23/04/2011 05:50:18 Excluído: Trojan.Win32.Regrun.jbn C:\_OTL\MovedFiles\04222011_024927\C_Windows\SysWOW64\soundmen.exe Ação padrão selecionada

23/04/2011 05:50:18 Detectados: Trojan.Win32.Regrun.jbn C:\_OTL\MovedFiles\04222011_231617\C_Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/3 Ação padrão selecionada

23/04/2011 05:50:19 Detectados: Trojan.Win32.Regrun.jbn C:\_OTL\MovedFiles\04222011_231617\C_Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/4/3 Ação padrão selecionada

23/04/2011 05:50:19 Excluído: Trojan.Win32.Regrun.jbn C:\_OTL\MovedFiles\04222011_231617\C_Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe Ação padrão selecionada

23/04/2011 05:50:19 Tarefa concluída Ação padrão selecionada

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 06:25:13, on 23/04/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16766)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files (x86)\Philips\Intelligent Agent\Philips Intelligent Agent.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\Norton Utilities 14\RMTray.exe

C:\Users\Bruno\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Windows\VPro530.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Users\Bruno\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe

C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bruno\Downloads\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-fever.com/find.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~2\GbPlugin\gbiehUni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [soundMen] C:\Windows\system32\soundmen.exe

O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files (x86)\Philips\Intelligent Agent\Philips Intelligent Agent.exe" /SILENT

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [Google Update] "C:\Users\Bruno\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [NortonUtilities] C:\Program Files (x86)\Norton Utilities 14\RMTray.exe /H

O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Bruno\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: Windows Update.lnk = C:\Windows\WindowsUpdate.exe

O4 - Global Startup: VPro530.lnk = ?

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6EDB5532-8540-4163-B01F-9A61018B12A4}: NameServer = 200.165.132.154 200.149.55.142

O17 - HKLM\System\CS1\Services\Tcpip\..\{6EDB5532-8540-4163-B01F-9A61018B12A4}: NameServer = 200.165.132.154 200.149.55.142

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~2\GbPlugin\gbiehUni.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe

O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 12236 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Raylan Givens,

Abra o HijackThis e clique em Do a system scan only e marque as entradas listadas abaixo, em seguida clique em

ht-fix.png

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-fever.com/find.php

Reinicie o Sistema.

Gere um Novo Log do Hijack This e inclua em sua Próxima Resposta

:legal:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:06:18, on 23/04/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16766)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Norton Utilities 14\RMTray.exe

C:\Users\Bruno\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Windows\VPro530.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Users\Bruno\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe

C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bruno\Downloads\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~2\GbPlugin\gbiehUni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [soundMen] C:\Windows\system32\soundmen.exe

O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files (x86)\Philips\Intelligent Agent\Philips Intelligent Agent.exe" /SILENT

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [Google Update] "C:\Users\Bruno\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [NortonUtilities] C:\Program Files (x86)\Norton Utilities 14\RMTray.exe /H

O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Bruno\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: Windows Update.lnk = C:\Windows\WindowsUpdate.exe

O4 - Global Startup: VPro530.lnk = ?

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6EDB5532-8540-4163-B01F-9A61018B12A4}: NameServer = 200.165.132.154 200.149.55.142

O17 - HKLM\System\CS1\Services\Tcpip\..\{6EDB5532-8540-4163-B01F-9A61018B12A4}: NameServer = 200.165.132.154 200.149.55.142

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~2\GbPlugin\gbiehUni.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe

O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 11954 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Raylan Givens,

Log Limpo... ^_^

Finalizando:

1 - Abra o OTL e clique no botão

imagemza.png
.

Feche o OTL.

2 -

java2.png
Atualize o Java. Versões antigas têm vunerabilidades que alguns malwares podem usar para infectar seu sistema.

- Faça download da última versão do Java Runtime Environment (JRE) 6u24.

- Procure onde está escrito "Java Platform, Standard Edition".

- Clique no botão Download JRE.

- Em Plataform: selecione Windows.

- Marque a caixa I agree to the Java SE Runtime Environment 6u24 with JavaFX License Agreement..

- Clique em Continue.

- Clique no link para download Windows Offline Installation e salve no seu desktop.

- Feche qualquer programa que esteja executando, especialmente navegadores.

- Vá em Iniciar > Painel de Controle duplo clique em Adicionar ou Remover Programas e remova todas as versões antigas do Java.

- Exemplos de versões antigas:

Java 2 Runtime Environment, SE v1.4.2

J2SE Runtime Environment 5.0

J2SE Runtime Environment 5.0 Update 6

- Selecione qualquer item com nome Java Runtime Environment (JRE ou J2SE).

- Clique no botão Remover ou Alterar/Remover.

- Repita quantas vezes for necessária para remover cada versão do Java.

- Reincie seu computador uma vez que todas as versões do Java tenham sido removidas.

- Agora vá no seu desktop, clique duas vezes em jre-6u23-windows-i586.exe para instalar a mais nova versão.

3 -

AdobeReader.png
Atualize o Adobe Reader. Versões antigas têm vulnerabilidades que são exploradas por malwares.

Clique aqui e instale a mais nova versão.

4 - Faça o download do

ccleaner2.png
< Link

- Clique em Salvar e quando terminado o download, faça a instalação;

- Abra o programa e clique em Executar Limpeza;

- Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados

5 - Visite o Windows Update regularmente e verifique por atualizações.

Novas brechas de segurança são descobertas com freqüência. Muitos malwares exploram essas brechas, infectando sistemas sem depender de nenhuma ação do usuário. A Microsoft corrige essas brechas através das atualizações.

Por isso é fundamental manter o seu sistema atualizado.

6 - Aprenda alguns cuidados e dicas para manter seu computador limpo. Leia o artigo Proteja seu PC < Link

7 - Se não há mais nenhum problema relacionado a malwares, clique no botão

ReportButton.png
e peça para fecharem seu tópico.

Se você tiver alguma dúvida relacionada a informática e tecnologia, sinta-se à vontade para postar em qualquer área do forum Linha Defensiva.

Abraços e Boa Sorte :legal:

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.

  • Quem Está Navegando   0 membros estão online

    Nenhum usuário registrado visualizando esta página.