Ir para conteúdo

Foto

"Vírus" muda página inicial.


Este tópico foi arquivado. Isto significa que você não pode mais responder ao tópico.
16 respostas neste tópico

#1
Raylan Givens

Raylan Givens

    Novato

  • Novato
  • Pip
  • 8 posts
Há uns dias meus dois navegadores (Chrome e IE) estão como site Seach Fever como página inicial e não consigo remove-lo.
Segue o log


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:32:15, on 18/04/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Bruno\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Users\Bruno\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\VPro530.exe
C:\Windows\SysWOW64\soundmen.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_ActiveX.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\Downloads\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-fever.com/find.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-fever.com/find.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: BittorrentBar_PT Toolbar - {29acf17c-1713-4286-8f40-bfd05f1e70c8} - C:\Program Files (x86)\BittorrentBar_PT\tbBitt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BittorrentBar_PT Toolbar - {29acf17c-1713-4286-8f40-bfd05f1e70c8} - C:\Program Files (x86)\BittorrentBar_PT\tbBitt.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~2\GbPlugin\gbiehUni.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O3 - Toolbar: BittorrentBar_PT Toolbar - {29acf17c-1713-4286-8f40-bfd05f1e70c8} - C:\Program Files (x86)\BittorrentBar_PT\tbBitt.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SoundMen] C:\Windows\system32\soundmen.exe
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files (x86)\Philips\Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Bruno\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [NortonUtilities] C:\Program Files (x86)\Norton Utilities 14\RMTray.exe /H
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Bruno\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_ActiveX.exe -update activex
O4 - Startup: Windows Update.lnk = C:\Windows\WindowsUpdate.exe
O4 - Global Startup: VPro530.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking...GbPluginUni.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EDB5532-8540-4163-B01F-9A61018B12A4}: NameServer = 200.165.132.154 200.149.55.142
O17 - HKLM\System\CS1\Services\Tcpip\..\{6EDB5532-8540-4163-B01F-9A61018B12A4}: NameServer = 200.165.132.154 200.149.55.142
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~2\GbPlugin\gbiehUni.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13301 bytes

#2
Majuluan

Majuluan

    Assistente

  • Assistente
  • 2.880 posts
Olá, sou Majuluan,

Bem Vindo(a) à Linha Defensiva

Estarei analisando o seu caso. Peço por gentileza que Leia Atentamente as Observações abaixo;

Observações Importantes;

1 - Para obtermos sucesso nos procedimentos que se seguem, peço por gentileza que siga apenas o que lhe for proposto e não use qualquer ferramenta ou programa, que não seja os aqui recomendados.
NÃO tente realizar sozinho nenhum procedimento de limpeza. Em especial, não execute por conta própria ferramentas utilizadas no fórum Remoção de Malware. O uso indevido de algumas ferramentas poderá danificar o seu computador ou, no mínimo, remover parcialmente os sinais de uma infecção que serviriam de informação ao analista. A equipe não será responsabilizada por consequências resultantes de uso indevido e/ou não-informado das ferramentas. >>> Regra 8 / Regras para Área de Remoção de Malware <<< Link
2 - Não desinstale nenhuma das ferramenta que usaremos, até a finalização dos procedimentos.
3 - Caso tenha um Tópico em andamento em outro fórum, peço por gentileza que o abandone para não haver conflitos nas instruções.
4 - Para melhor acompanhar seu Tópico selecione em
Imagem Postada
(Opções do Tópico), do lado direito, no alto da página e depois clicar em
Imagem Postada
(Assinar este tópico). Você também pode acompanhar este tópico em Painel de Controle/Ver Tópicos. < Link
5 - Para evitarmos conflitos e lentidão ao sistema, se tiver mais de um programa com proteção residente instalado (Antivírus, Antispyware, Firewall), deixe apenas um ativo.
6 - Se tiver alguma dúvida em relação aos procedimentos, não hesite em perguntar.
7 - Se você não receber uma resposta minha em até 5 dias. Me envie uma MP <<< Link

1º Passo:

Solicito Por Gentileza que Abra o Painel de Controle > Adicionar e Remover Programas e desinstale este:

BittorrentBar_PT Toolbar
Conduit Engine


2º Passo:

Baixe o Malwarebytes' Anti-Malware (MBAM) < Link

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

* Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
* Se houver atualizações a serem feitas, serão baixadas e instaladas.
* Ao final da atualização, com o programa aberto, marque >>Verificação Completa<< e clique no botão Verificar.
* Começará então o exame. Aguarde, pois pode demorar.
* Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
* Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
* Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
* O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
* Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta, juntamente com um novo log do HijackThis.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Em caso de dúvidas, leia o tutorial do programa:

MalwareBytes Antimalware, tutorial de instalação e execução < Link

No Aguardo, Abraços e Boa Sorte :legal:
Linha Defensiva no Twitter!!!
Linha Defensiva está no Facebook!!!
Imagem Postada
>>> Dedicamos-Nos Voluntariamente para lhe Ajudar, Tenha Consideração... Não Abandone seu Tópico!!! <<<
CCB Hino 136 - Senhor, conforta meu coração < Link Sirvo a Deus na Congregação Cristã no Brasil.
1 Coríntios 13 < Link "Leia e entenda... a Caridade"

#3
Raylan Givens

Raylan Givens

    Novato

  • Novato
  • Pip
  • 8 posts
Obrigado pela ajuda!
Seguem os Logs

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Versão da Base de Dados: 6394

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

18/04/2011 23:41:41
mbam-log-2011-04-18 (23-41-41).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|)
Objetos escaneados: 370932
Tempo decorrido: 42 minuto(s), 39 segundo(s)

Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 0
Valores de Registro Infectados: 0
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 0
Arquivos Infectados: 1

Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:
(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:
(Não foram detectados ítens maliciosos)

Pastas Infectadas:
(Não foram detectados ítens maliciosos)

Arquivos Infectados:
c:\program files (x86)\online services\UOL\discador.exe (Trojan.Agent) -> Quarantined and deleted successfully.





Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:44:10, on 18/04/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Bruno\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Users\Bruno\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\VPro530.exe
C:\Windows\SysWOW64\soundmen.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\Downloads\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-fever.com/find.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-fever.com/find.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {29acf17c-1713-4286-8f40-bfd05f1e70c8} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~2\GbPlugin\gbiehUni.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SoundMen] C:\Windows\system32\soundmen.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files (x86)\Philips\Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Bruno\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [NortonUtilities] C:\Program Files (x86)\Norton Utilities 14\RMTray.exe /H
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Bruno\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_ActiveX.exe -update activex
O4 - Startup: Windows Update.lnk = C:\Windows\WindowsUpdate.exe
O4 - Global Startup: VPro530.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking...GbPluginUni.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EDB5532-8540-4163-B01F-9A61018B12A4}: NameServer = 200.165.132.154 200.149.55.142
O17 - HKLM\System\CS1\Services\Tcpip\..\{6EDB5532-8540-4163-B01F-9A61018B12A4}: NameServer = 200.165.132.154 200.149.55.142
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~2\GbPlugin\gbiehUni.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12563 bytes

#4
Majuluan

Majuluan

    Assistente

  • Assistente
  • 2.880 posts
Olá Raylan Givens,

Baixe o Kaspersky AVP Tool de um desses 2 links:
http://devbuilds.kas...builds/AVPTool/
http://dnl-us6.kaspe...builds/AVPTool/

Salve-o em sua área de trabalho.

Execute o arquivo e vá seguindo os prompts. Quando terminar, marque a caixa ao lado de:
  • Meu Computador
  • Disco local (C:)
Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem.

Onde diz Ao detectar ameaça: Perguntar o que fazer mude para Perguntar ao concluir verificação, conforme imagens abaixo:

Imagem Postada
Imagem Postada

Clique no botão
Imagem Postada

Tenha paciência, é um pouco demorado.

Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer.

Marque o quadradinho ao lado de Aplicar para todos os objetos e depois clique em Ignorar (queremos apenas o log).

Imagem Postada

Enquanto durar o exame, o botão Iniciar Verificação será substituído por um quadrado vermelho, com a mensagem Interromper Verificação

Quando o exame terminar, o botão Iniciar Verificação aparecerá novamente.

Caso a ferramenta tenha encontrado algo, este botão
Imagem Postada
ficará vermelho
Imagem Postada

Quando terminar, clique no botão Relatório, no rodapé da janela.

Clique no sinal + ao lado do último Verificação automática: concluído da lista (o mais recente), para expandir o relatório.

Imagem Postada

Clique uma vez sobre Tarefa Iniciada para selecionar a linha, segure a tecla shift pressionada e depois clique uma vez sobre Tarefa Concluída

Clique com o direito sobre a seleção, depois clique em Copiar

Esta etapa deverá ficar como na imagem abaixo:

Imagem Postada

Vá em Iniciar > Executar e digite notepad

Quando o bloco de notas abrir, clique com o direito em qualquer lugar vazio e escolha a opção colar
Salve o log com o nome log.txt, em algum local de fácil acesso.

Copie todo o conteúdo deste log e cole na sua próxima resposta, juntamente com um novo log do HijackThis.

Saia do Kaspersky Removal Tool, clicando em Fechar na janela do Relatório, e depois em Sair, na janela do programa.

O programa lhe perguntará se você deseja desinstalá-lo.


Caso você continue com o programa e decida removê-lo no futuro:

Feche todas as janelas abertas, e salve o que achar necessário.
Entre na pasta Virus Removal Tool (estará na mesma pasta onde você salvou o arquivo de instalação), faça duplo clique sobre o arquivo unins000.exe
Clique em OK duas vezes.

Seu computador será reiniciado.

Se o log do Kaspersky ultrapassar o limite do forum, compacte-o com algum zip ou rar.

No Aguardo, Abraços e Boa Sorte :legal:
Linha Defensiva no Twitter!!!
Linha Defensiva está no Facebook!!!
Imagem Postada
>>> Dedicamos-Nos Voluntariamente para lhe Ajudar, Tenha Consideração... Não Abandone seu Tópico!!! <<<
CCB Hino 136 - Senhor, conforta meu coração < Link Sirvo a Deus na Congregação Cristã no Brasil.
1 Coríntios 13 < Link "Leia e entenda... a Caridade"

#5
Raylan Givens

Raylan Givens

    Novato

  • Novato
  • Pip
  • 8 posts
A verificação "travou" com 99%. Depois de umas duas horas parado no mesmo arquivo eu pedi o relatório. Se for necessário fazer de novo é só me falar. Segue o log.



19/04/2011 22:45:06 Tarefa iniciada Ação padrão selecionada
19/04/2011 23:24:46 Detectados: Trojan.Win32.Regrun.jbn C:\Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/3 Ação padrão selecionada
19/04/2011 23:24:46 Não neutralizado: Trojan.Win32.Regrun.jbn C:\Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/3 Adiado
19/04/2011 23:24:46 Detectados: Trojan.Win32.Regrun.jbn C:\Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/4/3 Ação padrão selecionada
20/04/2011 00:44:25 Detectados: Trojan.Win32.Regrun.jbn C:\Users\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/3 Ação padrão selecionada
20/04/2011 00:44:25 Não neutralizado: Trojan.Win32.Regrun.jbn C:\Users\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/3 Adiado
20/04/2011 00:44:26 Detectados: Trojan.Win32.Regrun.jbn C:\Users\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/4/3 Ação padrão selecionada
20/04/2011 01:22:44 Detectados: Trojan.Win32.Regrun.jbn C:\Windows\SysWOW64\soundmen.exe Ação padrão selecionada
20/04/2011 01:22:44 Não neutralizado: Trojan.Win32.Regrun.jbn C:\Windows\SysWOW64\soundmen.exe Adiado
20/04/2011 01:41:01 Detectados: Trojan.Win32.Regrun.jbn c:\Windows\SysWOW64\soundmen.exe Ação padrão selecionada
20/04/2011 01:41:01 Não neutralizado: Trojan.Win32.Regrun.jbn c:\Windows\SysWOW64\soundmen.exe Adiado
20/04/2011 02:12:00 Detectados: Trojan.Win32.Regrun.jbn C:\Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/3 Ação padrão selecionada
20/04/2011 02:12:00 Não neutralizado: Trojan.Win32.Regrun.jbn C:\Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/3 Adiado
20/04/2011 02:12:00 Detectados: Trojan.Win32.Regrun.jbn C:\Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/4/3 Ação padrão selecionada
20/04/2011 03:22:06 Detectados: Trojan.Win32.Regrun.jbn C:\Users\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/3 Ação padrão selecionada
20/04/2011 03:22:06 Não neutralizado: Trojan.Win32.Regrun.jbn C:\Users\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/3 Adiado
20/04/2011 03:22:06 Detectados: Trojan.Win32.Regrun.jbn C:\Users\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/4/3 Ação padrão selecionada
20/04/2011 03:56:20 Detectados: Trojan.Win32.Regrun.jbn C:\Windows\SysWOW64\soundmen.exe Ação padrão selecionada
20/04/2011 03:56:20 Não neutralizado: Trojan.Win32.Regrun.jbn C:\Windows\SysWOW64\soundmen.exe Adiado
20/04/2011 04:19:00 Detectados: Trojan.Win32.Regrun.jbn C:\Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/3 Ação padrão selecionada
20/04/2011 06:54:49 Não neutralizado: Trojan.Win32.Regrun.jbn C:\Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/3 Gravação sem suporte
20/04/2011 06:54:49 Erro de processamento: Trojan.Win32.Regrun.jbn C:\Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe Erro de leitura
20/04/2011 06:54:49 Tarefa concluída Ação padrão selecionada







Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:41:07, on 20/04/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Norton Utilities 14\RMTray.exe
C:\Users\Bruno\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\VPro530.exe
C:\Users\Bruno\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\soundmen.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\Downloads\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-fever.com/find.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-fever.com/find.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {29acf17c-1713-4286-8f40-bfd05f1e70c8} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~2\GbPlugin\gbiehUni.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SoundMen] C:\Windows\system32\soundmen.exe
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files (x86)\Philips\Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Bruno\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [NortonUtilities] C:\Program Files (x86)\Norton Utilities 14\RMTray.exe /H
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Bruno\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Windows Update.lnk = C:\Windows\WindowsUpdate.exe
O4 - Global Startup: VPro530.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking...GbPluginUni.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EDB5532-8540-4163-B01F-9A61018B12A4}: NameServer = 200.165.132.154 200.149.55.142
O17 - HKLM\System\CS1\Services\Tcpip\..\{6EDB5532-8540-4163-B01F-9A61018B12A4}: NameServer = 200.165.132.154 200.149.55.142
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~2\GbPlugin\gbiehUni.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12180 bytes

#6
Majuluan

Majuluan

    Assistente

  • Assistente
  • 2.880 posts
Olá Raylan Givens,

A verificação "travou" com 99%. Depois de umas duas horas parado no mesmo arquivo eu pedi o relatório. Se for necessário fazer de novo é só me falar. Segue o log.

Saberia dizer qual é este Arquivo?

1º Passo:

Configure seu windows para mostrar todos os Arquivos Ocultos < Link

Acesse o VirusTotal.com (em português) < Link

Clique no botão
Imagem Postada
e localize o arquivo abaixo.

C:\Windows\SysWOW64\soundmen.exe

Depois clique em
Imagem Postada

Atente para o nome correto do arquivo e depois clique em Abrir > Enviar Arquivo.

Após o término da análise, copie o link que está localizado em Permalink e/ou o Endereço da barra de endereços do Navegador: e cole no Próximo Post.

2º Passo:

Baixe OTL by OldTimer, e salve na sua área de trabalho.

Feche todas as janelas e execute a ferramenta.

** Usuários do Windows Vista e Windows 7:
Clique com o direito sobre o arquivo, depois clique em
Imagem Postada
.

Onde diz Saída, marque Padrão
Marque também estas opções:
  • Data de Criação -> mude para 90 dias
  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

netsvcs
%SYSTEMDRIVE%\*.*
%userprofile%\*.*
%systemroot%\system32\drivers\*.* /90
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
CREATERESTOREPOINT
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
%PROGRAMFILES%\Internet Explorer\*.*


Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão Verificar

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a ) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt
Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.
Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.

No Aguardo, Abraços e Boa Sorte :legal:
Linha Defensiva no Twitter!!!
Linha Defensiva está no Facebook!!!
Imagem Postada
>>> Dedicamos-Nos Voluntariamente para lhe Ajudar, Tenha Consideração... Não Abandone seu Tópico!!! <<<
CCB Hino 136 - Senhor, conforta meu coração < Link Sirvo a Deus na Congregação Cristã no Brasil.
1 Coríntios 13 < Link "Leia e entenda... a Caridade"

#7
Raylan Givens

Raylan Givens

    Novato

  • Novato
  • Pip
  • 8 posts
O arquivo que travou foi o Justified S02E09 HDTV XviD-ASAP [eztv] (Arquivo de vídeo, é uma série de TV que eu baixo da Net)



http://www.virustota...8e1e-1303347697






OTL logfile created on: 20/04/2011 22:14:12 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Bruno\Downloads
64bit- Home Basic Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,47 Gb Total Space | 357,70 Gb Free Space | 78,36% Space Free | Partition Type: NTFS
Drive D: | 9,19 Gb Total Space | 1,41 Gb Free Space | 15,36% Space Free | Partition Type: NTFS

Computer Name: BRUNO-PC | User Name: Bruno | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2011/04/20 22:11:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Bruno\Downloads\OTL (1).exe
PRC - [2011/04/18 23:57:02 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe
PRC - [2011/04/05 23:04:36 | 000,220,143 | -HS- | M] ( ) -- C:\Windows\SysWOW64\soundmen.exe
PRC - [2011/03/30 09:18:40 | 000,056,712 | ---- | M] ( ) -- C:\PROGRA~2\GbPlugin\GbpSv.exe
PRC - [2010/10/17 15:40:22 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\Bruno\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2010/02/25 21:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/30 08:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/09/14 10:53:32 | 000,279,912 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Utilities 14\RMTray.exe
PRC - [2009/01/29 19:20:49 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/08 10:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\Bruno\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
PRC - [2008/11/20 09:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/02/15 11:49:40 | 000,155,648 | ---- | M] (Philips) -- C:\Windows\VPro530.exe
PRC - [2007/06/20 11:04:56 | 000,693,600 | ---- | M] (Microsoft® Corporation) -- C:\Program Files (x86)\Microsoft Works\WksWP.exe
PRC - [2007/06/20 11:04:54 | 000,091,488 | ---- | M] (Microsoft® Corporation) -- C:\PROGRA~2\MICROS~1\wkgdcach.exe
PRC - [2007/06/20 11:04:52 | 000,095,584 | ---- | M] (Microsoft® Corporation) -- C:\PROGRA~2\MICROS~1\WkDStore.exe


========== Modules (SafeList) ==========

MOD - [2011/04/20 22:11:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Bruno\Downloads\OTL (1).exe
MOD - [2010/08/21 02:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2011/04/16 03:29:06 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/03/30 09:18:40 | 000,056,712 | ---- | M] ( ) [Unknown | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv)
SRV - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010/02/25 21:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe -- (NIS)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/02/18 23:31:39 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/05/13 22:09:08 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/05/06 01:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2010/04/29 02:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/22 00:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/04/21 23:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/21 23:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/02/25 21:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\cchpx64.sys -- (ccHP)
DRV:64bit: - [2009/10/20 17:20:36 | 000,114,608 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\phaudlwr.sys -- (phaudlwr)
DRV:64bit: - [2009/09/11 22:04:50 | 006,177,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/29 21:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symds64.sys -- (SymDS)
DRV:64bit: - [2009/08/20 21:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 22:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 22:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/17 14:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2008/05/21 14:30:58 | 000,583,168 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC530.sys -- (SPC530)
DRV:64bit: - [2008/05/21 14:30:58 | 000,008,192 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC530m.sys -- (SPC530m)
DRV:64bit: - [2007/02/15 21:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2011/04/15 17:29:04 | 001,127,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110419.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/03/31 09:13:33 | 001,828,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110420.020\EX64.SYS -- (NAVEX15)
DRV - [2011/03/31 09:13:33 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110420.020\ENG64.SYS -- (NAVENG)
DRV - [2011/03/30 09:20:02 | 000,046,600 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\gbpkm.sys -- (GbpKm)
DRV - [2011/03/14 15:58:28 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110419.002\IDSviA64.sys -- (IDSVia64)
DRV - [2011/01/02 02:20:19 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/08/03 00:06:52 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/09/17 02:57:46 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Arquivos de Programas\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV - [2007/02/15 21:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/3
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/3

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search-fever.com/find.php
IE - HKCU\..\URLSearchHook: {29acf17c-1713-4286-8f40-bfd05f1e70c8} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/05/25 20:50:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/05/14 19:07:32 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/04/20 13:16:48 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll (Banco do Brasil)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~2\GbPlugin\gbiehUni.dll (Banco Unibanco)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {29ACF17C-1713-4286-8F40-BFD05F1E70C8} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Arquivos de Programas\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [SoundMen] C:\Windows\SysWOW64\soundmen.exe ( )
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [NortonUtilities] C:\Program Files (x86)\Norton Utilities 14\RMTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Bruno\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [Philips Intelligent Agent] C:\Program Files (x86)\Philips\Intelligent Agent\Philips Intelligent Agent.exe (Philips Consumer Electronics)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Update.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bb.com.br ([www] * in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} http://appdirectory....ap/PhtPkMSN.cab (PhotoPickConvert Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} https://clickbanking...GbPluginUni.cab (GbPluginObj Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ GbPluginBb: DllName - C:\Program Files (x86)\GbPlugin\gbieh.dll - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\ GbPluginUni: DllName - C:\PROGRA~2\GbPlugin\gbiehUni.dll - C:\PROGRA~2\GbPlugin\gbiehUni.dll (Banco Unibanco)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRA~2\GbPlugin\gbiehUni.dll (Banco Unibanco)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2011/04/20 19:06:37 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{D0D5F0EE-3456-4BA2-AFAB-D3A76430E7CC}
[2011/04/20 07:01:23 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{6BD88F55-FF35-45CA-8CC1-283C6DEEC7B2}
[2011/04/19 22:42:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/04/19 22:41:40 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Desktop\Virus Removal Tool
[2011/04/19 20:32:28 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{81074559-5A55-4550-B3B7-C03D337B4F99}
[2011/04/19 11:59:56 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{6F2459A2-549A-4526-9D97-99B763DD4213}
[2011/04/18 22:55:28 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\Malwarebytes
[2011/04/18 22:54:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/04/18 22:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/18 22:54:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/18 22:54:16 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/04/18 22:54:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/04/18 19:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/18 19:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/04/18 19:23:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/04/18 19:07:40 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{D1796DDC-43B5-4BFC-B0D2-A63BF70E2589}
[2011/04/18 13:45:12 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{4C017F59-C6B4-42B1-B0C9-B303401F414E}
[2011/04/17 20:58:17 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{B71B5022-77AC-47D2-B99F-090731B6EDA7}
[2011/04/16 03:27:18 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{7BFC8107-6AFE-4BD7-A515-524D05D1D8A1}
[2011/04/15 17:41:14 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{B71A0F64-7F91-4DAE-BEF2-A8B7EC9E4292}
[2011/04/14 06:44:09 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{3E22F576-65E8-489D-B7B4-288F2CA70E11}
[2011/04/13 21:47:46 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{ACD1B428-8082-418C-A471-F18DC455CF62}
[2011/04/13 21:47:27 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\Opera
[2011/04/13 21:47:27 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\Apple Computer
[2011/04/11 17:23:07 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{4B8EA5E4-697A-4F62-889E-084F0459B3B3}
[2011/04/10 23:17:53 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{C7C0651A-B852-47EC-9908-B7C88CCFFEEF}
[2011/04/10 17:32:20 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{69620291-563C-4028-9B5D-23D5008B1B0C}
[2011/04/10 14:00:48 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{21B29DD6-7627-4EAB-9CA8-B34E95507E68}
[2011/04/10 01:58:53 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{5B371B94-CD64-4D2B-8DE0-76C6E0624BA3}
[2011/04/09 13:56:56 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{95312A40-5307-4175-AB1E-9151EDBABFE1}
[2011/04/09 01:54:59 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{6419DDB9-BA68-4207-950B-2F3880E2C650}
[2011/04/08 20:11:25 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{1561FD39-DA13-4B35-BB2D-CB2EBDE0E8E9}
[2011/04/07 21:17:53 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{347D7570-336C-44E8-A987-C64A09BAD739}
[2011/04/06 22:57:14 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{51C476C6-4D2B-4364-AFEF-50CE06FA1DD5}
[2011/04/06 19:12:27 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{B1DD3CFA-CCF6-4C92-8760-770D407D41F4}
[2011/04/05 23:04:36 | 000,220,143 | -HS- | C] ( ) -- C:\Windows\SysWow64\soundmen.exe
[2011/04/04 23:51:32 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{414FE2C8-F559-4E6F-9BCC-56E78872B877}
[2011/04/04 18:32:12 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{065FD4E4-DCEA-4F16-9B71-7498D8FBA1B4}
[2011/04/03 17:08:29 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{53C976F3-6A7D-4439-8958-F5AE84288A44}
[2011/04/03 14:27:55 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{A38452FC-B014-49EC-8721-861DB659AF51}
[2011/04/02 23:04:53 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{36C4763B-98C0-4628-90E8-E70D324BB341}
[2011/04/02 11:02:58 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{45F86973-54A7-4DFA-94E6-F71AE68A04B9}
[2011/04/01 23:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2011/04/01 23:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2011/04/01 22:04:52 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{57EF54A8-588D-46B7-9EA2-6DA5A38751E4}
[2011/04/01 19:39:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/04/01 18:40:38 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{A1656566-F02B-45A5-ABED-1ED69E057AE2}
[2011/03/31 22:25:45 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{C5F67BE4-5A3B-4949-BB00-BFA9CD8ED3D7}
[2011/03/31 09:03:27 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\{9C6DE082-7F48-4A6F-9A21-8E2CEB6CE1DF}
[2011/03/21 17:25:17 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Documents\Portal Physics - Inscrições para o simulado UFPA_files
[2011/03/09 23:44:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/03/04 23:04:45 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallJammer Registry
[2011/03/04 23:04:41 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2011
[2011/03/04 23:04:38 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas RFB
[2011/02/24 03:01:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/02/18 23:58:56 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\Sports Interactive
[2011/02/18 23:50:07 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Zero G Registry
[2011/02/18 23:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sports Interactive
[2011/02/18 23:48:21 | 000,000,000 | -H-D | C] -- C:\Users\Bruno\InstallAnywhere
[2011/02/18 23:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011/02/18 23:30:46 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\DAEMON Tools Lite
[2011/02/18 23:30:44 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011/01/22 21:17:58 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\ImgBurn
[2011/01/22 20:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011/01/22 20:46:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2011/01/22 18:50:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft
[2011/01/22 16:32:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlySoft
[2011/01/22 16:22:55 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\abgx360
[2011/01/22 16:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\abgx360
[2011/01/22 16:15:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\abgx360

========== Files - Modified Within 90 Days ==========

[2011/04/20 22:10:48 | 000,013,774 | ---- | M] () -- C:\Users\Bruno\AppData\Roaming\wklnhst.dat
[2011/04/20 22:10:48 | 000,009,728 | ---- | M] () -- C:\Users\Bruno\Documents\link linha defensiva.wps
[2011/04/20 22:06:26 | 000,013,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/20 22:06:26 | 000,013,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/20 21:45:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-912155494-1377236273-3055624676-1000UA.job
[2011/04/20 21:43:00 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/20 16:45:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-912155494-1377236273-3055624676-1000Core.job
[2011/04/20 16:32:47 | 001,517,030 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/20 16:32:47 | 000,663,606 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2011/04/20 16:32:47 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/20 16:32:47 | 000,127,896 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2011/04/20 16:32:47 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/20 16:28:31 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/20 16:28:26 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2011/04/20 16:28:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/20 16:28:16 | 3212,713,984 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/20 13:16:48 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/04/18 22:54:20 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/18 20:24:31 | 000,001,441 | ---- | M] () -- C:\Users\Bruno\Desktop\HijackThis (1) - Atalho.lnk
[2011/04/18 19:23:45 | 000,001,260 | ---- | M] () -- C:\Users\Bruno\Desktop\Spybot - Search & Destroy.lnk
[2011/04/16 03:25:52 | 000,320,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/10 05:49:03 | 000,000,815 | ---- | M] () -- C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Update.lnk
[2011/04/09 17:03:15 | 000,001,900 | ---- | M] () -- C:\Users\Bruno\Desktop\FM 2011.lnk
[2011/04/05 23:04:36 | 000,220,143 | -HS- | M] ( ) -- C:\Windows\SysWow64\soundmen.exe
[2011/04/01 23:09:50 | 000,003,052 | ---- | M] () -- C:\Users\Bruno\Documents\comprovante.pdf
[2011/04/01 19:39:06 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/04/01 18:48:22 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/03/30 09:20:02 | 000,046,600 | ---- | M] (GAS Tecnologia) -- C:\Windows\SysWow64\drivers\gbpkm.sys
[2011/03/26 00:47:44 | 000,002,361 | ---- | M] () -- C:\Users\Bruno\Desktop\Google Chrome.lnk
[2011/03/21 22:34:18 | 000,068,842 | ---- | M] () -- C:\Users\Bruno\AppData\Local\tmpOGAAAK6US-YP9VPHR41T5HTIGGLORNADYUSZ33VF7SR6GK4RYESBOJJFD9OHRCFFFNF2CVYF5KLAQG5UBBVHEJRWRLQAM1T1UKFANIJSYD4RK9AHAP1SMG_G_CSA.JPG
[2011/03/21 17:25:17 | 000,010,912 | ---- | M] () -- C:\Users\Bruno\Documents\Portal Physics - Inscrições para o simulado UFPA.htm
[2011/03/20 14:38:44 | 000,003,758 | -HS- | M] () -- C:\Windows\SysWow64\msc01.dat
[2011/03/20 14:33:54 | 000,000,921 | -HS- | M] () -- C:\Windows\SysWow64\msc03.dat
[2011/03/20 14:29:26 | 000,061,440 | -HS- | M] () -- C:\Windows\SysWow64\msc02.dat
[2011/03/14 23:50:37 | 000,014,848 | ---- | M] () -- C:\Users\Bruno\Documents\pre projeto pós.wps
[2011/03/04 23:04:45 | 000,001,726 | ---- | M] () -- C:\Users\Bruno\Desktop\IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk
[2011/02/18 23:31:39 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2011/02/06 20:47:23 | 005,098,856 | ---- | M] () -- C:\Users\Bruno\Documents\Vídeo1.mpg
[2011/02/06 20:46:56 | 000,068,389 | ---- | M] () -- C:\Users\Bruno\Documents\Imagem1.jpg
[2011/01/26 17:59:59 | 000,000,041 | -HS- | M] () -- C:\ProgramData\.zreglib
[2011/01/22 20:46:36 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011/01/22 18:51:00 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\CloneCD.lnk

========== Files Created - No Company Name ==========

[2011/04/20 22:10:02 | 000,009,728 | ---- | C] () -- C:\Users\Bruno\Documents\link linha defensiva.wps
[2011/04/18 22:54:20 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/18 20:24:31 | 000,001,441 | ---- | C] () -- C:\Users\Bruno\Desktop\HijackThis (1) - Atalho.lnk
[2011/04/18 19:23:45 | 000,001,260 | ---- | C] () -- C:\Users\Bruno\Desktop\Spybot - Search & Destroy.lnk
[2011/04/10 05:47:50 | 000,000,815 | ---- | C] () -- C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Update.lnk
[2011/04/09 16:41:31 | 025,562,230 | ---- | C] () -- C:\Users\Bruno\Documents\portuguese.ltc
[2011/04/01 23:09:50 | 000,003,052 | ---- | C] () -- C:\Users\Bruno\Documents\comprovante.pdf
[2011/04/01 19:39:05 | 000,002,286 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/03/21 22:34:18 | 000,068,842 | ---- | C] () -- C:\Users\Bruno\AppData\Local\tmpOGAAAK6US-YP9VPHR41T5HTIGGLORNADYUSZ33VF7SR6GK4RYESBOJJFD9OHRCFFFNF2CVYF5KLAQG5UBBVHEJRWRLQAM1T1UKFANIJSYD4RK9AHAP1SMG_G_CSA.JPG
[2011/03/21 17:25:16 | 000,010,912 | ---- | C] () -- C:\Users\Bruno\Documents\Portal Physics - Inscrições para o simulado UFPA.htm
[2011/03/20 14:38:44 | 000,003,758 | -HS- | C] () -- C:\Windows\SysWow64\msc01.dat
[2011/03/20 14:33:54 | 000,000,921 | -HS- | C] () -- C:\Windows\SysWow64\msc03.dat
[2011/03/20 14:29:26 | 000,061,440 | -HS- | C] () -- C:\Windows\SysWow64\msc02.dat
[2011/03/14 23:50:37 | 000,014,848 | ---- | C] () -- C:\Users\Bruno\Documents\pre projeto pós.wps
[2011/03/04 23:04:45 | 000,001,726 | ---- | C] () -- C:\Users\Bruno\Desktop\IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk
[2011/02/19 21:40:22 | 000,001,900 | ---- | C] () -- C:\Users\Bruno\Desktop\FM 2011.lnk
[2011/02/18 23:31:39 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2011/02/06 20:47:00 | 005,098,856 | ---- | C] () -- C:\Users\Bruno\Documents\Vídeo1.mpg
[2011/02/06 20:46:56 | 000,068,389 | ---- | C] () -- C:\Users\Bruno\Documents\Imagem1.jpg
[2011/01/22 20:46:35 | 000,001,867 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011/01/22 18:50:59 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\CloneCD.lnk
[2011/01/22 16:37:09 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/05/24 23:52:48 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010/05/14 21:44:11 | 002,821,242 | ---- | C] () -- C:\Program Files (x86)\wrar393br.exe
[2010/05/14 20:42:00 | 000,013,774 | ---- | C] () -- C:\Users\Bruno\AppData\Roaming\wklnhst.dat
[2010/05/14 19:20:00 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/05/14 19:19:59 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/05/14 19:19:58 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/05/14 19:19:58 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/05/14 19:19:57 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2010/05/14 19:19:56 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/09/29 14:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 02:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 23:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 21:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 20:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 18:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/01/22 16:22:57 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\abgx360
[2011/04/18 23:23:53 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\BitTorrent
[2010/05/24 23:52:57 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Canneverbe Limited
[2011/02/18 23:46:11 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\DAEMON Tools Lite
[2011/01/22 21:42:21 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\ImgBurn
[2010/10/03 21:58:11 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\med2
[2010/10/05 01:31:26 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Octoshape
[2011/04/13 21:47:27 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Opera
[2011/02/18 23:58:56 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Sports Interactive
[2010/05/14 20:42:10 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Template
[2010/08/02 21:27:59 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Tific
[2010/05/27 21:54:33 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\uTorrent
[2010/05/15 00:37:12 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\WinBatch
[2010/10/31 19:59:12 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Windows Live Writer
[2010/05/14 19:07:16 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2011/02/20 23:03:58 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/07/11 14:20:57 | 000,000,500 | ---- | M] () -- C:\FINIS_IT.TXT
[2011/04/20 16:28:16 | 3212,713,984 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/01 22:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011/04/20 16:28:16 | 4283,621,376 | -HS- | M] () -- C:\pagefile.sys

< %userprofile%\*.* >
[2011/04/20 22:16:21 | 003,145,728 | -HS- | M] () -- C:\Users\Bruno\ntuser.dat
[2011/04/20 22:16:21 | 000,262,144 | -HS- | M] () -- C:\Users\Bruno\ntuser.dat.LOG1
[2010/05/13 22:00:15 | 000,000,000 | -HS- | M] () -- C:\Users\Bruno\ntuser.dat.LOG2
[2010/05/13 22:32:23 | 000,065,536 | -HS- | M] () -- C:\Users\Bruno\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/05/13 22:32:23 | 000,524,288 | -HS- | M] () -- C:\Users\Bruno\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/05/13 22:32:23 | 000,524,288 | -HS- | M] () -- C:\Users\Bruno\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/08/03 00:19:10 | 000,065,536 | -HS- | M] () -- C:\Users\Bruno\ntuser.dat{d6a86510-9e95-11df-942d-78e7d10089ad}.TM.blf
[2010/08/03 00:19:10 | 000,524,288 | -HS- | M] () -- C:\Users\Bruno\ntuser.dat{d6a86510-9e95-11df-942d-78e7d10089ad}.TMContainer00000000000000000001.regtrans-ms
[2010/08/03 00:19:10 | 000,524,288 | -HS- | M] () -- C:\Users\Bruno\ntuser.dat{d6a86510-9e95-11df-942d-78e7d10089ad}.TMContainer00000000000000000002.regtrans-ms
[2010/05/13 22:00:15 | 000,000,020 | -HS- | M] () -- C:\Users\Bruno\ntuser.ini
[2010/11/02 06:06:56 | 002,285,568 | ---- | M] () -- C:\Users\Bruno\s-1-5-21-912155494-1377236273-3055624676-1000.rrr

< %systemroot%\system32\drivers\*.* /90 >
[2011/03/30 09:20:02 | 000,046,600 | ---- | M] (GAS Tecnologia) -- C:\Windows\SysWOW64\drivers\gbpkm.sys

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\*.* >
[2011/01/26 17:59:59 | 000,000,041 | -HS- | M] () -- C:\ProgramData\.zreglib

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 01:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[2010/05/14 21:44:47 | 002,821,242 | ---- | M] () -- C:\Program Files (x86)\wrar393br.exe

< %APPDATA%\Update\*.* >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >
"DefaultConnectionSettings" = [Binary data over 100 bytes]
"SavedLegacySettings" = 46 00 00 00 B4 14 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"Conexão de Banda Larga" = 46 00 00 00 31 03 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]

< %PROGRAMFILES%\Internet Explorer\*.* >
[2009/07/13 22:14:20 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ExtExport.exe
[2009/07/13 22:15:24 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\hmmapi.dll
[2009/06/10 18:17:22 | 000,002,649 | ---- | M] () -- C:\Program Files (x86)\Internet Explorer\ie8props.propdesc
[2010/10/19 05:10:26 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iecompat.dll
[2011/02/24 02:29:51 | 000,860,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
[2009/07/13 22:14:21 | 000,257,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
[2009/07/13 22:14:21 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
[2011/02/24 02:29:55 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
[2009/07/13 22:15:28 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\IEShims.dll
[2011/02/24 02:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2009/07/13 22:15:35 | 000,524,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
[2009/07/13 22:15:35 | 000,122,880 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
[2009/07/13 22:15:35 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\JSProfilerCore.dll
[2009/07/13 22:15:35 | 000,352,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsprofilerui.dll
[2009/06/10 18:14:14 | 000,265,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\msdbg2.dll
[2009/06/10 18:14:15 | 000,355,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\pdm.dll
[2009/07/13 22:16:15 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\sqmapi.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst
@Alternate Data Stream - 24 bytes -> C:\Windows:E9CAC7DF2414A499
@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:D287FACF

< End of report >

Arquivo(s) anexado(s)


Editado por Raylan Givens, 20 abril 2011 - 22:46.


#8
Majuluan

Majuluan

    Assistente

  • Assistente
  • 2.880 posts
Olá Raylan Givens,

1º Passo:

Configure seu windows para mostrar todos os Arquivos Ocultos < Link

Acesse o VirusTotal.com (em português) < Link

Clique no botão
Imagem Postada
e localize o arquivo abaixo.

C:\Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe

Depois clique em
Imagem Postada

Atente para o nome correto do arquivo e depois clique em Abrir > Enviar Arquivo.

Após o término da análise, copie o link que está localizado em Permalink e/ou o Endereço da barra de endereços do Navegador: e cole no Próximo Post.

Repita a análise para estes outros:
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe
C:\Users\Bruno\AppData\Roaming\wklnhst.dat


2º Passo:

Selecione estas linhas em vermelho, clique com o direito sobre a seleção e escolha a opção copiar:

OBS: Certifique-se de copiar começando pela letra e sinal de dois pontos ":o" de OTL.

:OTL
PRC - [2011/04/05 23:04:36 | 000,220,143 | -HS- | M] ( ) -- C:\Windows\SysWOW64\soundmen.exe
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search-fever.com/find.php
IE - HKCU\..\URLSearchHook: {29acf17c-1713-4286-8f40-bfd05f1e70c8} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {29ACF17C-1713-4286-8F40-BFD05F1E70C8} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:D287FACF

:files
C:\Windows\SysWOW64\soundmen.exe

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"[C:\Windows\SysWOW64\soundmen.exe]"=-

:Commands
[createrestorepoint]
[purity]
[emptytemp]


Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.
Siga estas intruções Assistência Gratuita para Remoção de vírus < Link e peça ajuda em Remoção de Malware < Link

Execute o OTL.exe

** Usuários do Windows Vista e Windows 7:
Clique com o direito sobre o arquivo, depois clique em
Imagem Postada
.

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar.

Feche TODAS as janelas (exceto o próprio OTL).
Clique no botão
Imagem Postada

O programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

No Aguardo, Abraços e Boa Sorte
:legal:
Linha Defensiva no Twitter!!!
Linha Defensiva está no Facebook!!!
Imagem Postada
>>> Dedicamos-Nos Voluntariamente para lhe Ajudar, Tenha Consideração... Não Abandone seu Tópico!!! <<<
CCB Hino 136 - Senhor, conforta meu coração < Link Sirvo a Deus na Congregação Cristã no Brasil.
1 Coríntios 13 < Link "Leia e entenda... a Caridade"

#9
Raylan Givens

Raylan Givens

    Novato

  • Novato
  • Pip
  • 8 posts
Codec.exe

http://www.virustota...82c8-1303450456


FlashUtil10p_ActiveX.exe


http://www.virustota...3262-1303450767


wklnhst.dat


http://www.virustota...9723-1303451087



Log

Files\Folders moved on Reboot...
C:\Users\Bruno\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Bruno\AppData\Local\Temp\FXSTIFFDebugLogFile.txt moved successfully.
C:\Users\Bruno\AppData\Local\Temp\~DFD5DEE117BAB561A4.TMP moved successfully.

Registry entries deleted on Reboot...

#10
Majuluan

Majuluan

    Assistente

  • Assistente
  • 2.880 posts
Olá Raylan Givens,

O Log/Resultado do OTL está Incompleto!!! Peço por gentileza que verifique em C:\_OTL\MovedFiles >>> data_hora.log (Ex.: 03142010_145545.log), se copiou todo o resultado corretamente.
Caso o Log/Resultado realmente contenha apenas o que postou, Peço Por Gentileza que repita o Procedimento com o OTL...

No Aguardo, Abraços e Boa Sorte :legal:
Linha Defensiva no Twitter!!!
Linha Defensiva está no Facebook!!!
Imagem Postada
>>> Dedicamos-Nos Voluntariamente para lhe Ajudar, Tenha Consideração... Não Abandone seu Tópico!!! <<<
CCB Hino 136 - Senhor, conforta meu coração < Link Sirvo a Deus na Congregação Cristã no Brasil.
1 Coríntios 13 < Link "Leia e entenda... a Caridade"

#11
Raylan Givens

Raylan Givens

    Novato

  • Novato
  • Pip
  • 8 posts
Refiz o procedimento. Espero que tenha dado certo, obrigado.



All processes killed
========== OTL ==========
No active process named soundmen.exe was found!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{29acf17c-1713-4286-8f40-bfd05f1e70c8} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29acf17c-1713-4286-8f40-bfd05f1e70c8}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{29ACF17C-1713-4286-8F40-BFD05F1E70C8} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29ACF17C-1713-4286-8F40-BFD05F1E70C8}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Unable to delete ADS C:\ProgramData\Temp:D287FACF .
========== FILES ==========
File\Folder C:\Windows\SysWOW64\soundmen.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\[C:\Windows\SysWOW64\soundmen.exe] not found.
========== COMMANDS ==========
Error creating restore point.

[EMPTYTEMP]

User: All Users

User: Bruno
->Temp folder emptied: 3735268 bytes
->Temporary Internet Files folder emptied: 528679 bytes
->Java cache emptied: 455181 bytes
->Google Chrome cache emptied: 24286287 bytes
->Flash cache emptied: 58128 bytes

User: Dayane

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Todos os Usuários

User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32842613 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50521 bytes
RecycleBin emptied: 9812521588 bytes

Total Files Cleaned = 9.417,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04222011_143829

Files\Folders moved on Reboot...
C:\Users\Bruno\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Bruno\AppData\Local\Temp\~DF03AD5F8BEF10D458.TMP moved successfully.

Registry entries deleted on Reboot...

#12
Majuluan

Majuluan

    Assistente

  • Assistente
  • 2.880 posts
Olá Raylan Givens,

1º Passo:

Selecione estas linhas em vermelho, clique com o direito sobre a seleção e escolha a opção copiar:

OBS: Certifique-se de copiar começando pela letra e sinal de dois pontos ":o" de OTL.


:Files
C:\Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe

:Commands
[createrestorepoint]
[purity]
[emptytemp]


Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.
Siga estas intruções Assistência Gratuita para Remoção de vírus < Link e peça ajuda em Remoção de Malware < Link

Execute o OTL.exe

** Usuários do Windows Vista e Windows 7:
Clique com o direito sobre o arquivo, depois clique em
Imagem Postada
.

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar.

Feche TODAS as janelas (exceto o próprio OTL).
Clique no botão
Imagem Postada

O programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

2º Passo:

Peço por gentileza que repita o Procedimento com o Kaspersky AVP Tool, conforme procedimentos de meu 2º Post, mas ao invés de ignorar, selecione a opção remover.

Imagem Postada

No Aguardo, Abraços e Boa Sorte :legal:
Linha Defensiva no Twitter!!!
Linha Defensiva está no Facebook!!!
Imagem Postada
>>> Dedicamos-Nos Voluntariamente para lhe Ajudar, Tenha Consideração... Não Abandone seu Tópico!!! <<<
CCB Hino 136 - Senhor, conforta meu coração < Link Sirvo a Deus na Congregação Cristã no Brasil.
1 Coríntios 13 < Link "Leia e entenda... a Caridade"

#13
Raylan Givens

Raylan Givens

    Novato

  • Novato
  • Pip
  • 8 posts
* Repeti todos os procedimentos do seu segundo post.




All processes killed
========== FILES ==========
C:\Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Bruno
->Temp folder emptied: 91169660 bytes
->Temporary Internet Files folder emptied: 847457 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 18822758 bytes
->Flash cache emptied: 1253 bytes

User: Dayane

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Todos os Usuários

User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1386496 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66016 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2853383 bytes

Total Files Cleaned = 110,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04222011_231617

Files\Folders moved on Reboot...
C:\Users\Bruno\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Bruno\AppData\Local\Temp\~DFBA0DEF26260558F6.TMP moved successfully.

Registry entries deleted on Reboot...






22/04/2011 23:34:10 Tarefa iniciada Ação padrão selecionada
23/04/2011 03:06:25 Detectados: Trojan.Win32.Regrun.jbn C:\_OTL\MovedFiles\04222011_024927\C_Windows\SysWOW64\soundmen.exe Ação padrão selecionada
23/04/2011 03:06:25 Não neutralizado: Trojan.Win32.Regrun.jbn C:\_OTL\MovedFiles\04222011_024927\C_Windows\SysWOW64\soundmen.exe Adiado
23/04/2011 03:06:26 Detectados: Trojan.Win32.Regrun.jbn C:\_OTL\MovedFiles\04222011_231617\C_Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/3 Ação padrão selecionada
23/04/2011 03:06:26 Não neutralizado: Trojan.Win32.Regrun.jbn C:\_OTL\MovedFiles\04222011_231617\C_Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/3 Adiado
23/04/2011 03:06:27 Detectados: Trojan.Win32.Regrun.jbn C:\_OTL\MovedFiles\04222011_231617\C_Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/4/3 Ação padrão selecionada
23/04/2011 05:45:17 Detectados: Trojan.Win32.Regrun.jbn C:\_OTL\MovedFiles\04222011_024927\C_Windows\SysWOW64\soundmen.exe Ação padrão selecionada
23/04/2011 05:45:17 Não neutralizado: Trojan.Win32.Regrun.jbn C:\_OTL\MovedFiles\04222011_024927\C_Windows\SysWOW64\soundmen.exe Adiado
23/04/2011 05:45:18 Detectados: Trojan.Win32.Regrun.jbn C:\_OTL\MovedFiles\04222011_231617\C_Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/3 Ação padrão selecionada
23/04/2011 05:45:18 Não neutralizado: Trojan.Win32.Regrun.jbn C:\_OTL\MovedFiles\04222011_231617\C_Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/3 Adiado
23/04/2011 05:45:18 Detectados: Trojan.Win32.Regrun.jbn C:\_OTL\MovedFiles\04222011_231617\C_Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/4/3 Ação padrão selecionada
23/04/2011 05:47:23 Detectados: Trojan.Win32.Regrun.jbn C:\_OTL\MovedFiles\04222011_024927\C_Windows\SysWOW64\soundmen.exe Ação padrão selecionada
23/04/2011 05:50:18 Excluído: Trojan.Win32.Regrun.jbn C:\_OTL\MovedFiles\04222011_024927\C_Windows\SysWOW64\soundmen.exe Ação padrão selecionada
23/04/2011 05:50:18 Detectados: Trojan.Win32.Regrun.jbn C:\_OTL\MovedFiles\04222011_231617\C_Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/3 Ação padrão selecionada
23/04/2011 05:50:19 Detectados: Trojan.Win32.Regrun.jbn C:\_OTL\MovedFiles\04222011_231617\C_Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe/4/3 Ação padrão selecionada
23/04/2011 05:50:19 Excluído: Trojan.Win32.Regrun.jbn C:\_OTL\MovedFiles\04222011_231617\C_Documents and Settings\Bruno\Downloads\Justified S02E09 HDTV XviD-ASAP [eztv]\Codec.exe Ação padrão selecionada
23/04/2011 05:50:19 Tarefa concluída Ação padrão selecionada




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 06:25:13, on 23/04/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Philips\Intelligent Agent\Philips Intelligent Agent.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Norton Utilities 14\RMTray.exe
C:\Users\Bruno\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\VPro530.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Bruno\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\Downloads\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-fever.com/find.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~2\GbPlugin\gbiehUni.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SoundMen] C:\Windows\system32\soundmen.exe
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files (x86)\Philips\Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Bruno\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [NortonUtilities] C:\Program Files (x86)\Norton Utilities 14\RMTray.exe /H
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Bruno\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Windows Update.lnk = C:\Windows\WindowsUpdate.exe
O4 - Global Startup: VPro530.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking...GbPluginUni.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EDB5532-8540-4163-B01F-9A61018B12A4}: NameServer = 200.165.132.154 200.149.55.142
O17 - HKLM\System\CS1\Services\Tcpip\..\{6EDB5532-8540-4163-B01F-9A61018B12A4}: NameServer = 200.165.132.154 200.149.55.142
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~2\GbPlugin\gbiehUni.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12236 bytes

#14
Majuluan

Majuluan

    Assistente

  • Assistente
  • 2.880 posts
Olá Raylan Givens,

Abra o HijackThis e clique em Do a system scan only e marque as entradas listadas abaixo, em seguida clique em
Imagem Postada

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-fever.com/find.php

Reinicie o Sistema.

Gere um Novo Log do Hijack This e inclua em sua Próxima Resposta

:legal:
Linha Defensiva no Twitter!!!
Linha Defensiva está no Facebook!!!
Imagem Postada
>>> Dedicamos-Nos Voluntariamente para lhe Ajudar, Tenha Consideração... Não Abandone seu Tópico!!! <<<
CCB Hino 136 - Senhor, conforta meu coração < Link Sirvo a Deus na Congregação Cristã no Brasil.
1 Coríntios 13 < Link "Leia e entenda... a Caridade"

#15
Raylan Givens

Raylan Givens

    Novato

  • Novato
  • Pip
  • 8 posts
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:06:18, on 23/04/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Norton Utilities 14\RMTray.exe
C:\Users\Bruno\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\VPro530.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Users\Bruno\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\Downloads\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~2\GbPlugin\gbiehUni.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SoundMen] C:\Windows\system32\soundmen.exe
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files (x86)\Philips\Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Bruno\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [NortonUtilities] C:\Program Files (x86)\Norton Utilities 14\RMTray.exe /H
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Bruno\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Windows Update.lnk = C:\Windows\WindowsUpdate.exe
O4 - Global Startup: VPro530.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking...GbPluginUni.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EDB5532-8540-4163-B01F-9A61018B12A4}: NameServer = 200.165.132.154 200.149.55.142
O17 - HKLM\System\CS1\Services\Tcpip\..\{6EDB5532-8540-4163-B01F-9A61018B12A4}: NameServer = 200.165.132.154 200.149.55.142
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~2\GbPlugin\gbiehUni.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11954 bytes

#16
Majuluan

Majuluan

    Assistente

  • Assistente
  • 2.880 posts
Olá Raylan Givens,

Log Limpo... ^_^

Finalizando:

1 - Abra o OTL e clique no botão
Imagem Postada
.
Feche o OTL.

2 -
Imagem Postada
Atualize o Java. Versões antigas têm vunerabilidades que alguns malwares podem usar para infectar seu sistema.

- Faça download da última versão do Java Runtime Environment (JRE) 6u24.
- Procure onde está escrito "Java Platform, Standard Edition".
- Clique no botão Download JRE.
- Em Plataform: selecione Windows.
- Marque a caixa I agree to the Java SE Runtime Environment 6u24 with JavaFX License Agreement..
- Clique em Continue.
- Clique no link para download Windows Offline Installation e salve no seu desktop.
- Feche qualquer programa que esteja executando, especialmente navegadores.
- Vá em Iniciar > Painel de Controle duplo clique em Adicionar ou Remover Programas e remova todas as versões antigas do Java.
- Exemplos de versões antigas:
Java 2 Runtime Environment, SE v1.4.2
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 6

- Selecione qualquer item com nome Java Runtime Environment (JRE ou J2SE).
- Clique no botão Remover ou Alterar/Remover.
- Repita quantas vezes for necessária para remover cada versão do Java.
- Reincie seu computador uma vez que todas as versões do Java tenham sido removidas.
- Agora vá no seu desktop, clique duas vezes em jre-6u23-windows-i586.exe para instalar a mais nova versão.

3 -
Imagem Postada
Atualize o Adobe Reader. Versões antigas têm vulnerabilidades que são exploradas por malwares.

Clique aqui e instale a mais nova versão.

4 - Faça o download do
Imagem Postada
< Link

- Clique em Salvar e quando terminado o download, faça a instalação;
- Abra o programa e clique em Executar Limpeza;
- Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados

5 - Visite o Windows Update regularmente e verifique por atualizações.
Novas brechas de segurança são descobertas com freqüência. Muitos malwares exploram essas brechas, infectando sistemas sem depender de nenhuma ação do usuário. A Microsoft corrige essas brechas através das atualizações.
Por isso é fundamental manter o seu sistema atualizado.


6 - Aprenda alguns cuidados e dicas para manter seu computador limpo. Leia o artigo Proteja seu PC < Link

7 - Se não há mais nenhum problema relacionado a malwares, clique no botão
Imagem Postada
e peça para fecharem seu tópico.

Se você tiver alguma dúvida relacionada a informática e tecnologia, sinta-se à vontade para postar em qualquer área do forum Linha Defensiva.

Abraços e Boa Sorte :legal:
Linha Defensiva no Twitter!!!
Linha Defensiva está no Facebook!!!
Imagem Postada
>>> Dedicamos-Nos Voluntariamente para lhe Ajudar, Tenha Consideração... Não Abandone seu Tópico!!! <<<
CCB Hino 136 - Senhor, conforta meu coração < Link Sirvo a Deus na Congregação Cristã no Brasil.
1 Coríntios 13 < Link "Leia e entenda... a Caridade"

#17
Astromech

Astromech

    Moderador

  • Moderador
  • 2.046 posts
Problema Resolvido!

Caso o autor necessite que o tópico seja reaberto, entre em contato com um dos membros da equipe de moderação.