gppabreu

Remoção de Malware: Páginas abrem sozinhas

15 posts neste tópico

Antes era só no Chrome, agora também no Firefox, com certa frequência abrem páginas sozinhas com esse endereço: http://fla15.maxexp.com/tag1.html e o Avast bloqueia como URL Malicioso (Malware). Porém, mesmo passando o avast e o Anti-Malwarebytes o malware (ou vírus) não é removido, pois não é acusado nada; contudo, as páginas continuam abrindo sozinhas. Mesmo após desinstalar e reinstalar o Chrome o problema persiste.

Configuração do Notebook:

Dell Inspiron 15R Windows 7 Home Premium

Processador intel i5 - 1ª geração (2.53 GHz)

HD 320 GB

RAM 4 GB

Navegadores instalados: Google Chrome, Internet Explorer 9, Mozilla Firefox e Opera.

Segue aqui o log do HijackThis.

Logfile of HijackThis v1.99.1

Scan saved at 18:01:38, on 03/04/2012

Platform: Unknown Windows (WinNT 6.01.3505 SP1)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Running processes:

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Users\Guilherme\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Users\Guilherme\AppData\Local\Akamai\netsession_win.exe

C:\Users\Guilherme\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe

C:\Program Files (x86)\Messenger Plus!\PlusService.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe

C:\Program Files (x86)\BrowserCompanion\BCHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Windows\SysWOW64\prevhost.exe

C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe

C:\Users\Guilherme\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Users\Guilherme\Documents\Arquivos\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/5

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: script helper for ie - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\PROGRA~2\GbPlugin\gbiehAbn.dll

O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [backupNowEZtray] "C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe" -k

O4 - HKLM\..\Run: [PlusService] C:\Program Files (x86)\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [DoroServer] C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe

O4 - HKLM\..\Run: [browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=kolgnaidildmdbfgdnoapjdianbpajne

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Guilherme\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Guilherme\AppData\Local\Akamai\netsession_win.exe"

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11g_Plugin.exe -update plugin

O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe

O4 - Startup: Dropbox.lnk = Guilherme\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: Free YouTube Download - C:\Users\Guilherme\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Guilherme\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\bonjour\mdnsnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O11 - Options group: [iNTERNATIONAL] International

O13 - Gopher Prefix:

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{400DFEF0-4A8B-4368-B1AD-C3CFE1772C1C}: NameServer = 200.145.150.1

O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll

O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\PROGRA~2\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: ANSYS, Inc. License Manager - Unknown owner - C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe" -nodaemon -k runservice (file missing)

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: GoToAssist - Unknown owner - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe" Start=service (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: Microsoft SharePoint Workspace Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice (file missing)

O23 - Service: Autodesk Moldflow Inventor Tool Suite Integration 2012 Job Manager (mitsijm2012) - Autodesk, Inc. - C:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NTI BackupNowEZSvr - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe

O23 - Service: StarWind aí Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: DW WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE" "C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Por favor, peço encarecidamente que alguém me ajude a resolver este problema.

Agradeço, desde já, pela atenção.

Atenciosamente,

Guilherme Abreu.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

NÃO tente realizar sozinho nenhum procedimento de limpeza. Em especial, não execute por conta própria ferramentas utilizadas no fórum Remoção de Malware. O uso indevido de algumas ferramentas poderá danificar o seu computador ou, no mínimo, remover parcialmente os sinais de uma infecção que serviriam de informação ao analista. A equipe não será responsabilizada por consequências resultantes de uso indevido e/ou não-informado das ferramentas. - Regra nº8 da Remoção de Malwares

Poste um novo log do Hijackthis.

Por favor, observe o seguinte:

  • Não utilize softwares que não foram indicado.
  • Não inicie novo tópico sobre esse problema. Poste suas respostas sempre neste tópico.
  • Clique em
    o5an81.jpg
    (se localiza no canto superior direito do post principal),e em
    t0kkmq.jpg
    para que receba notificação por e-mail quando o mesmo for respondido.
    Você também pode verificar os tópicos assinados usando esta opção, acessível através do Painel de Controle do fórum.
  • As análises podem levar algum tempo, portanto seja paciente.
  • As instruções são específicas para o seu computador, e devem ser aplicadas somente nele.
  • Se algo der errado, não importa. Sempre acompanhe seu tópico, informando-me dos resultados, até que seu computador esteja limpo.
  • Aviso: Evite utilizar as tags <QUOTE> ou <CODE> nos logs, isso prejudica a leitura na hora da analise.
  • Por favor, não abandone seu tópico. Para nós é importante saber se a remoção foi bem sucedida.
  • Se você não receber uma resposta minha em até 5 dias. Me envie uma MP

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui está o novo log do HijackThis

Logfile of HijackThis v1.99.1

Scan saved at 23:37:40, on 03/04/2012

Platform: Unknown Windows (WinNT 6.01.3505 SP1)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Running processes:

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Users\Guilherme\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Users\Guilherme\AppData\Local\Akamai\netsession_win.exe

C:\Users\Guilherme\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe

C:\Program Files (x86)\Messenger Plus!\PlusService.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe

C:\Program Files (x86)\BrowserCompanion\BCHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Windows\SysWOW64\prevhost.exe

C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe

C:\Users\Guilherme\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Users\Guilherme\Documents\Arquivos\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/5

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: script helper for ie - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\PROGRA~2\GbPlugin\gbiehAbn.dll

O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [backupNowEZtray] "C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe" -k

O4 - HKLM\..\Run: [PlusService] C:\Program Files (x86)\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [DoroServer] C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe

O4 - HKLM\..\Run: [browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=kolgnaidildmdbfgdnoapjdianbpajne

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Guilherme\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Guilherme\AppData\Local\Akamai\netsession_win.exe"

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11g_Plugin.exe -update plugin

O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe

O4 - Startup: Dropbox.lnk = Guilherme\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: Free YouTube Download - C:\Users\Guilherme\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Guilherme\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\bonjour\mdnsnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O11 - Options group: [iNTERNATIONAL] International

O13 - Gopher Prefix:

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{400DFEF0-4A8B-4368-B1AD-C3CFE1772C1C}: NameServer = 200.145.150.1

O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll

O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\PROGRA~2\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: ANSYS, Inc. License Manager - Unknown owner - C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe" -nodaemon -k runservice (file missing)

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: GoToAssist - Unknown owner - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe" Start=service (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: Microsoft SharePoint Workspace Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice (file missing)

O23 - Service: Autodesk Moldflow Inventor Tool Suite Integration 2012 Job Manager (mitsijm2012) - Autodesk, Inc. - C:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NTI BackupNowEZSvr - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe

O23 - Service: StarWind aí Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: DW WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE" "C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Muito obrigado pela atenção!

Guilherme.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download do BankerFix:

http://www.linhadefensiva.org/dl/bankerfix

** Usuários do Windows Vista e Windows 7:

Clique com o direito sobre o arquivo, depois clique em

UAC_icon.png
Executar como administrador

Importante: A ferramenta irá finalizar o Internet Explorer. Salve qualquer link que você precisa acessar depois antes de executá-la.

Dê dois cliques no bankerfix.exe para executá-lo.

Clique em OK na primeira e [CANCELAR] na segunda tela para impedir a execução do BankerFix.

Feito isso, vá em C:\LinhaDefensiva\ e execute o arquivo Iniciar-Bankerfix.vbs. Confirme que deseja atualizar o software e em [OK] para executar o software.

Quando ele executar, aparecerá uma tela preta pedindo para que aperte qualquer tecla. Tecle Enter e espere ele terminar. Pode levar algum tempo.

Ao terminar, leia a mensagem na tela e aperte Enter novamente. Quando ele terminar, poste o arquivo relatorio.txt localizado em: C:\LinhaDefensiva\relatorio.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Me desculpe a demora para responder ao tópico, eu fiquei sem conexão por esses dias.

Segue o relatório do BankerFix:

BankerFix 3.1 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2012-04-14 - 11:53

-------------------------------------------------------

Lista de Definição: 2012-03-19-1 | CORE: 2012-01-27-1

=======================================================

Arquivo infectado detectado: C:\Install.exe

O arquivo só será removido quando o sistema for reiniciado

Proxy/Firefox: set.dllconfigs.com

----- Fim -------------------------

Muito obrigado, novamente, pela atenção.

Guilherme Abreu.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe OTL by OldTimer, e salve na sua área de trabalho.

** Usuários do Windows Vista e Windows 7:

Clique com o direito sobre o arquivo, depois clique em

UAC_icon.png
Executar como administrador

Feche todas as janelas e execute a ferramenta.

Onde diz Saída, marque Padrão

Marque também estas opções:

  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

netsvcs

%SYSTEMDRIVE%\*.*

%systemdrive%\drivers\*.exe

%systemroot%\system32\drivers\*.* /90

%PROGRAMFILES%(x86)\*.*

%LOCALAPPDATA%\*.exe

%LOCALAPPDATA%\*.txt

%LOCALAPPDATA%\*.ini

%LOCALAPPDATA%\*.dll

%LOCALAPPDATA%\*.dat

%USERPROFILE%\*.exe

%USERPROFILE%\*.txt

%USERPROFILE%\*.ini

%USERPROFILE%\*.dll

%USERPROFILE%\*.dat /30

C:\windows\system32\Tasks\*.* /s /64

%windir%\tasks\*.*

CREATERESTOREPOINT

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments

Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão Verificar

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt

Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do Extras.txt e cole na sua resposta.

Anexe o arquivo OTL.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.

:legal:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui segue o extra.txt

O OTL.txt segue em anexo.

OTL Extras logfile created on: 14/04/2012 20:51:05 - Run 2

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Guilherme\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,80 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 60,35% Memory free

7,61 Gb Paging File | 5,19 Gb Available in Paging File | 68,27% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 288,11 Gb Total Space | 58,26 Gb Free Space | 20,22% Space Free | Partition Type: NTFS

Computer Name: GUILHERME-PC | User Name: Guilherme | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)

https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)

https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{266597A9-1664-0000-0100-DCBF2B69166B}" = Autodesk Vault 2012 (Client) English Language Pack

"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java 6 Update 21 (64-bit)

"{2D8D14CC-5B31-44B9-87FC-BEC3D8AFFD1D}" = SolidWorks Explorer 2010 SP0 x64 Edition

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Monitor da tecnologia Intel® Turbo Boost

"{46CCB0D4-A98F-4009-B5A5-DE38A667D068}" = Windows Live Family Safety

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{4E1A54A9-FFB3-4BE6-B59B-3CC94C3B31D2}" = Autodesk Inventor Fusion for Inventor 2012 Add-in Language Pack

"{4E3B47F2-21EB-4F20-87C8-5A0E4D5F3858}" = Autodesk Inventor Fusion for Inventor 2012 Add-in

"{542DDF04-9F91-4F36-B2F4-2638B788A4C8}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU

"{5783F2D7-A001-0409-0102-0060B0CE6BBA}" = AutoCAD 2012 - English

"{5783F2D7-A001-0409-1102-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - English

"{5783F2D7-A005-0409-0102-0060B0CE6BBA}" = AutoCAD Mechanical 2012

"{5783F2D7-A005-0409-1102-0060B0CE6BBA}" = AutoCAD Mechanical 2012 Language Pack - English

"{5783F2D7-A028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2012

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6C8EEF0B-C4BE-35A7-BF08-7C3C667EB62A}" = Microsoft .NET Framework 4 Extended PTB Language Pack

"{6E542012-DD29-0000-B703-2376D4CC9C8F}" = Autodesk Inventor Publisher 2012

"{6E542012-DD29-0001-B703-2376D4CC9C8F}" = Autodesk Inventor Publisher 2012 Language Pack

"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{7F4DD591-1664-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2012

"{7F4DD591-1664-0409-0001-7107D70F3DB4}" = Autodesk Inventor Professional 2012 English Language Pack

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer

"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support

"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0015-0416-1000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2010

"{90140000-0015-0416-1000-0000000FF1CE}_Office14.PROPLUS_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0416-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2010

"{90140000-0016-0416-1000-0000000FF1CE}_Office14.PROPLUS_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0416-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010

"{90140000-0018-0416-1000-0000000FF1CE}_Office14.PROPLUS_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0416-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010

"{90140000-0019-0416-1000-0000000FF1CE}_Office14.PROPLUS_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0416-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010

"{90140000-001A-0416-1000-0000000FF1CE}_Office14.PROPLUS_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0416-1000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2010

"{90140000-001B-0416-1000-0000000FF1CE}_Office14.PROPLUS_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PRJPRO_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PRJPRO_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0416-1000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010

"{90140000-001F-0416-1000-0000000FF1CE}_Office14.PROPLUS_{5A876683-AEAB-45E2-BA33-A767B54DB7E2}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PRJPRO_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PRJPRO_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0416-1000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2010

"{90140000-002C-0416-1000-0000000FF1CE}_Office14.PROPLUS_{0FDF2566-665E-4F8A-B1AD-A0FE52B4224E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003B-0000-1000-0000000FF1CE}" = Microsoft Office Project Professional 2010

"{90140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPRO_{E6F88893-86F0-4CFB-B7E0-733575D1DEB4}" = Microsoft Project 2010 Service Pack 1 (SP1)

"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010

"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PRJPRO_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010

"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PRJPRO_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0043-0416-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010

"{90140000-0043-0416-1000-0000000FF1CE}_Office14.PROPLUS_{0C40F8A4-7695-48F7-8CAE-634D3882009B}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0416-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010

"{90140000-0044-0416-1000-0000000FF1CE}_Office14.PROPLUS_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PRJPRO_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0416-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2010

"{90140000-006E-0416-1000-0000000FF1CE}_Office14.PROPLUS_{8F2AC896-0A49-4054-83BF-3B03E6FBE7CD}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0416-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010

"{90140000-00A1-0416-1000-0000000FF1CE}_Office14.PROPLUS_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00B4-0409-1000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010

"{90140000-00B4-0409-1000-0000000FF1CE}_Office14.PRJPRO_{316A864B-0547-40CE-B136-B02B4D18BF09}" = Microsoft Project 2010 Service Pack 1 (SP1)

"{90140000-00BA-0416-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2010

"{90140000-00BA-0416-1000-0000000FF1CE}_Office14.PROPLUS_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PRJPRO_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes

"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Software WIDCOMM Bluetooth

"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B46DECD1-1664-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2012 (Desktop Content)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{B7693CDE-074B-301C-9584-FC4343696C8B}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack

"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock

"{CF526A26-1664-0000-0000-02E95019B628}" = Autodesk Vault 2012 (Client)

"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{D25FF5C1-1664-469A-9794-69309387C193}" = Quick Uninstall Tool for Autodesk Inventor 2012

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E027C59C-4C47-4BE8-8078-BCD3D2680EC3}" = Eco Materials Adviser (x64)

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour

"{E552C39C-C70E-464F-9733-8311331BDD90}" = Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012

"{E9173A5F-22A6-4152-848E-45851DB99162}" = SolidWorks 2010 x64 Edition SP0

"{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}" = Autodesk Inventor Fusion plug-in for AutoCAD 2012

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012

"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"AutoCAD 2012 - English" = AutoCAD 2012 - English

"AutoCAD Mechanical 2012" = AutoCAD Mechanical 2012

"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012

"Autodesk Inventor Fusion for Inventor 2012 Add-in" = Autodesk Inventor Fusion for Inventor 2012 Add-in

"Autodesk Inventor Fusion plug-in for AutoCAD 2012" = Autodesk Inventor Fusion plug-in for AutoCAD 2012

"Autodesk Inventor Professional 2012" = Autodesk Inventor Professional 2012 English

"Autodesk Inventor Publisher 2012" = Autodesk Inventor Publisher 2012

"CCleaner" = CCleaner

"CutePDF Writer Installation" = CutePDF Writer 2.8

"Dell Support Center" = Dell Support Center

"DW WLAN Card Utility" = DW WLAN Card Utility

"DWG TrueView 2012" = DWG TrueView 2012

"MatlabR2007b" = MATLAB R2007b

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)

"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU

"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"Office14.PRJPRO" = Microsoft Project Professional 2010

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable

"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup

"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online

"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool

"{17D95DC6-0FF1-40CF-9C09-B7C8B314D45B}" = PDF Text Reader

"{1959101B-E34C-4266-8915-20F23B5BCF43}" = SolidWorks eDrawings 2010

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FD5861E-57EE-49F2-9854-93B846D4E54F}" = BrOffice.org 3.2

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{205ACCD7-5342-4694-91F3-3A99E4FD5AA6}" = Mathcad 14.0 M020 Help

"{2420ed27-e0fe-4a58-b948-b61fd55e9b46}" = Nero 9

"{24FF088D-CDCF-480C-8A4B-98F14A54CAA8}" = Autodesk Material Library Low Resolution Image Library 2012

"{26A24AE4-039D-4CA4-87B4-2F83216011F0}" = Java 6 Update 11

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in

"{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1" = Pokemon Online 1.0.30 Patch 1

"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed

"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode

"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent

"{3889988F-762B-4B85-AB17-71C9CC3AE445}" = Messenger Companion

"{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}" = Controle ActiveX do Windows Live Mesh para Conexões Remotas

"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11

"{43430FA0-49F0-4B13-B4C5-611000008100}" = Super Street Fighter IV: Arcade Edition

"{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010

"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials

"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision

"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City

"{4B99950B-795E-404F-8A60-E84B20B9A6C5}_is1" = ALLSubtitleSearcher 1.3

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)

"{5545EEE6-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.7)

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{56DCD20A-E558-4396-AF59-14D15AA737BB}" = DWGeditor

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress

"{5A06BC95-C59E-438D-AA8D-A97690AD628C}" = Encore 5

"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX

"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner

"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{736D2DAD-3D87-4CAA-8646-83D238AD68E0}" = PhotoView 360

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{7786E684-E12B-4738-85B4-7F2A65AF87C7}_is1" = GAME STOCK CAR versão 1.600

"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar

"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{78D80EAF-1ADB-46A8-AF6F-EBB18B6ADBCE}" = ISO Creator 1.0

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{7F6F9DC1-048A-4CAC-BC3F-2B626A8029EB}" = MenuUninstaller

"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable

"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed Hot Pursuit

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8796E14E-2031-463F-8A9A-31062B2652B4}" = Mathcad 14.0 M020

"{886F91D5-4B45-45DC-938E-6B0276C6B015}" = Solid Edge V20

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8BCAC8C7-0F4F-4AC0-98C9-D766D8B64B30}" = FLEXnet Server for OriginLab

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012

"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components

"{90140000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2010 Primary Interop Assemblies

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58

"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6

"{9773450C-E2F3-46C3-9464-1D7EDE5EFB63}" = Pro Evolution Soccer 2011

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail

"{9E2EE2F7-33BD-4D30-9E5D-8469A9F32009}" = Windows Live Sync

"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap

"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget

"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker

"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor

"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn

"{A49BDCBE-590E-43A6-AB77-7C40E499B7C1}" = Autodesk Design Review 2012

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A8E9FAEE-4AC2-4A38-99D9-55D1F26F8163}" = TOEFL Sample Questions

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-7AD7-1046-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Português

"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles

"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn

"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center

"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common

"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer

"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit

"{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ

"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax

"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari

"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU

"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live

"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012

"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer

"{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6

"{EBD38AE9-D52D-448D-9DB4-4D5F66E1DAFC}" = Mathcad 14.0 M020 Resource Center

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.192

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio

"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos

"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Advanced Audio FX Engine" = Advanced Audio FX Engine

"Akamai" = Akamai NetSession Interface Service

"Autodesk Design Review 2012" = Autodesk Design Review 2012

"Autodesk Vault 2012 (Client)" = Autodesk Vault 2012 (Client)

"avast" = avast! Free Antivirus

"Azteca_is1" = Azteca

"BrowserCompanion" = BrowserCompanion

"Catt3" = Computer-Aided Thermodynamic Tables 3

"City Racing_is1" = City Racing

"Combat Arms" = Combat Arms

"Dell Dock" = Dell Dock

"Dell Webcam Central" = Dell Webcam Central

"Doro_is1" = Doro 1.66

"DVD Decrypter" = DVD Decrypter (Remove Only)

"EADM" = EA Download Manager

"Finale Reader" = Finale Reader 2011

"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1

"Free Studio_is1" = Free Studio version 5.1.7

"GFWL_{43430FA0-49F0-4B13-B4C5-611000008100}" = Super Street Fighter IV: Arcade Edition

"GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010

"GoToAssist" = GoToAssist 8.0.0.514

"HijackThis" = HijackThis 1.99.1

"InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ

"InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6

"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio

"JDownloader" = JDownloader

"KLiteCodecPack_is1" = K-Lite Codec Pack 7.7.0 (Full)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Messenger Plus!" = Messenger Plus! 5

"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU

"MiKTeX 2.8" = MiKTeX 2.8

"Mozilla Firefox 11.0 (x86 pt-BR)" = Mozilla Firefox 11.0 (x86 pt-BR)

"Mozilla Firefox 4.0 (x86 pt-BR)" = Mozilla Firefox 4.0 (x86 pt-BR)

"OpenAL" = OpenAL

"Opera 11.62.1347" = Opera 11.62

"RealPlayer 12.0" = RealPlayer

"SolidWorks Installation Manager 20100-40000-1100-100" = SolidWorks 2010 x64 Edition SP0

"Steam App 400" = Portal

"Steam App 440" = Team Fortress 2

"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1

"TmNationsForever_is1" = TmNationsForever

"Truck Racing" = Truck Racing by Renault Trucks

"Uninstall_is1" = Uninstall 1.0.0.1

"Volvo - The Game_is1" = Volvo - The Game

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

"WizFlow" = WizFlow Trial

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"8C1A28F014D5B1E4398987CA544BE8A2009D0228" = Autodesk Inventor Publisher 2012 Word Add-in

"Akamai" = Akamai NetSession Interface

"Dropbox" = Dropbox

"f031ef6ac137efc5" = Dell Driver Download Manager

"Google Chrome" = Google Chrome

"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

OTL.rar

Compartilhar este post


Link para o post
Compartilhar em outros sites

Selecione estas linhas em vermelho, clique com o direito sobre a seleção e escolha a opção copiar:

:OTL

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

:Commands

[EMPTYTEMP]

[EMPTYFLASH]

[CREATERESTOREPOINT]

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.

Siga as intruções desta página e peça ajuda em Remoção de Malware

Execute o OTL.exe

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL) e clique no botão

imagemal.png

O programa executará o script e reiniciará o seu computador.

Poste o novo log na próxima resposta.

Obs: Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

:legal:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui segue o novo log:

All processes killed

========== OTL ==========

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Guilherme

->Temp folder emptied: 5395476 bytes

->Temporary Internet Files folder emptied: 297973640 bytes

->Java cache emptied: 3718854 bytes

->FireFox cache emptied: 55677379 bytes

->Google Chrome cache emptied: 201901743 bytes

->Apple Safari cache emptied: 18264064 bytes

->Opera cache emptied: 240 bytes

->Flash cache emptied: 3109372 bytes

User: Public

User: Todos os Usuários

User: Usuário Padrão

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 1619120 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 23448382 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68140 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 583,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Guilherme

->Flash cache emptied: 0 bytes

User: Public

User: Todos os Usuários

User: Usuário Padrão

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.39.2 log created on 04152012_203744

Files\Folders moved on Reboot...

File\Folder C:\Users\Guilherme\AppData\Local\Temp\OICE_C9D7A6D2-C22A-4C33-97F1-A5EF92A14A9B.0\562B27CF. not found!

C:\Users\Guilherme\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File\Folder C:\Windows\temp\_avast_\Webshlock.txt not found!

Registry entries deleted on Reboot...

:legal:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Poste um novo log do Hijackthis

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 01:37:03, on 17/04/2012

Platform: Unknown Windows (WinNT 6.01.3505 SP1)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Running processes:

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Users\Guilherme\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Users\Guilherme\AppData\Roaming\Dropbox\bin\Dropbox.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Users\Guilherme\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe

C:\Program Files (x86)\Messenger Plus!\PlusService.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe

C:\Program Files (x86)\BrowserCompanion\BCHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe

C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NMDllHost.exe

C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe

C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe

C:\Users\Guilherme\Documents\Arquivos\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/5

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: script helper for ie - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\PROGRA~2\GbPlugin\gbiehAbn.dll

O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [backupNowEZtray] "C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe" -k

O4 - HKLM\..\Run: [PlusService] C:\Program Files (x86)\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [DoroServer] C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe

O4 - HKLM\..\Run: [browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=kolgnaidildmdbfgdnoapjdianbpajne

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Guilherme\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Guilherme\AppData\Local\Akamai\netsession_win.exe"

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount

O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe

O4 - Startup: Dropbox.lnk = Guilherme\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: Free YouTube Download - C:\Users\Guilherme\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Guilherme\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\bonjour\mdnsnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O11 - Options group: [iNTERNATIONAL] International

O13 - Gopher Prefix:

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{400DFEF0-4A8B-4368-B1AD-C3CFE1772C1C}: NameServer = 200.145.150.1

O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll

O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\PROGRA~2\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: ANSYS, Inc. License Manager - Unknown owner - C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe" -nodaemon -k runservice (file missing)

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: GoToAssist - Unknown owner - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe" Start=service (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: Microsoft SharePoint Workspace Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice (file missing)

O23 - Service: Autodesk Moldflow Inventor Tool Suite Integration 2012 Job Manager (mitsijm2012) - Autodesk, Inc. - C:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NTI BackupNowEZSvr - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe

O23 - Service: StarWind aí Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: DW WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE" "C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

:legal:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ao que parece não estão abrindo mais essas páginas, esses links sozinhos. Parece que está tudo ok novamente. Está resolvido então?

Vendo esses logs você consegue dizer se o problema ainda existe?

Muito obrigado pela atenção e disponibilidade! Sempre podemos confiar no Linha Defensiva e nas pessoas que participam dele! :)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Vendo esses logs você consegue dizer se o problema ainda existe?

Log limpo.

1. Abra o OTL e clique no botão

UQC5f.png

Feche o OTL.

2. Faça o Download do Ccleaner Slim ( Atenção: Esta versão não possui a Yahoo Toolbar para Internet Explorer, caso queira, sugiro que visite esta pagina.)

  • Instale o programa
  • Clique em Registro > procurar erros > corrigir erros selecionados.
  • Depois, clique em Limpador > analisar > executar limpeza.

Se desejar, leia o tutorial do programa:

http://linhadefensiva.org/forum/index.php?showtopic=12395

3. - Versões antigas do Java, têm vulnerabilidades que alguns malwares podem usar para infectar seu sistema. Verifique se o seu sistema tem a última versão instalada:

java2.png
Acesse o site Java.com/Download. Clique na opção Tenho o java?

Aguarde o site analisar qual é a sua versão do Java. Se a versão for antiga, será oferecido o download da mais nova versão. Clique em Faça o download do Java agora e instale a nova versão do Java.

4.

AdobeReader.png
Atualize o Adobe Reader. Versões antigas têm vulnerabilidades que são exploradas por malwares.

Remova a versão mais antiga e clique aqui para instalar a mais nova versão.

5. - Ok, o log está limpo

smile.gif

- Desative e ative novamente a Restauração do Sistema

- Leia o artigo Proteja seu PC para maiores informações sobre como evitar infecções;

- Se não há mais nenhum problema relacionado a malwares, clique no botão

p_report.gif
e diga que o seu caso foi resolvido.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.

  • Quem Está Navegando   0 membros estão online

    Nenhum usuário registrado visualizando esta página.