Ir para conteúdo

Foto

403 forbidden

Criado por daniel muranaka de lima , Nov 12 2012 19:17

Este tópico foi arquivado. Isto significa que você não pode mais responder ao tópico.
8 respostas neste tópico

#1
daniel muranaka de lima
Postado 12 novembro 2012 - 19:17

daniel muranaka de lima

    Novato

  • Membro
  • Pip
  • 4 posts
Boa noite, a todos. Trago um problema que aconteceu comigo hoje.

Estava baixando resident evil 5 para pc desse site:


O download é dividido em mais de 70 partes de 100mb cada. comecei a baixar as 12 primeiras e de repente o site parou e quando tentei reabrir ele me apresentou uma mensagem de erro:

403 Forbidden


Forbidden

You don't have permission to access / on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 mod_fcgid/2.3.6 Phusion_Passenger/3.0.9 mod_bwlimited/1.4 Server at Port 80


E o pior é que não é só isso. Outros sites como facebook.com e hotmail.com não me pemitem acessá-los.
Li na net que isso pode ser algum vírus que eu baixei no meu computado que me proíbe de acessar alguns sites e me redireciona a outros mal intencionados. Ainda não fui redirecionado a nenhum site, apenas não consigo acessar o facebook e o hotmail.
Li também que é possível que o vírus esteja instalado no meu modem, falando nisso, meu pai comprou um modem novo recentemente, ou seja, o modem já pode ter vindo com esse vírus.

Meu facebook estava acessando normalmente e estou receioso que esse problema se espalhe para outros sites, ou pior, para outros computadores. Me ajudem, por favor!




Logfile of HijackThis v1.99.1
Scan saved at 19:41:21, on 12/11/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)

Running processes:
C:\Users\DANIEL\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DANIEL\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DANIEL\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DANIEL\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DANIEL\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DANIEL\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.mocaflix.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.mocaflix.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://tudinsbzin.net/teste/sb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SaveAs - {2563C0CA-883C-21CD-8E73-893DBEE30354} - C:\ProgramData\SaveAs\50a14cb0c9d0a.ocx
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\DANIEL\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - https://www.netcerto...ptX/ScriptX.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~2\mocaflix\sprote~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Arquivo(s) anexado(s)


#2
JoseMelo
Postado 13 novembro 2012 - 15:58

JoseMelo

    Assistente Profissional

  • Assistente Profissional
  • 119.188 posts
Bem-vindo(a) à Linha Defensiva

Meu nome é José Humberto e "nickname" JoseMelo

Para que possamos ter sucesso ao final dos procedimentos, sugiro que siga estritamente o que lhe for proposto e não use qualquer ferramenta ou programa, que não seja os aqui recomendados;
Não desinstale nenhuma ferramenta que esteja sendo usada, até a finalização dos procedimentos;
Caso tenha um tópico em andamento em outro fórum, recomendo que o abandone para que os procedimentos não sejam conflitantes;
Se preferir receber por e-mail um aviso toda vez que houver resposta no seu tópico, clique em Imagem Postada no alto da página.
Se tiver mais de um programa, com proteção residente instalado (antivírus, antispyware, firewall), mantenha somente um para evitar conflitos e lentidão ao sistema.


- Faça o download do OTL de OldTimer e salve-o no desktop:
http://oldtimer.geekstogo.com/OTL.exe
  • Feche todas as janelas e execute a ferramenta.
  • Marque as opções Verificar Lop e Verificar Purity
- Selecione estas linhas abaixo, clique com o direito sobre a seleção, e escolha a opção copiar:
netsvcs
%SYSTEMDRIVE%\*.*
%userprofile%\*.*
%systemroot%\system32\drivers\*.* /90
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
CREATERESTOREPOINT
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
%PROGRAMFILES%\Internet Explorer\*.*
- Volte ao programa, clique com o botão direito do mouse em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar;
- Clique no botão Verificar;
- Poste o log do OTL.
Imagem Postada
Linha Defensiva no twitter / Proteja seu PC
HijackThis \ ARIS / ASAP

#3
daniel muranaka de lima
Postado 13 novembro 2012 - 17:12

daniel muranaka de lima

    Novato

  • Membro
  • Pip
  • 4 posts
OTL logfile created on: 13/11/2012 18:01:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DANIEL\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,95 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 63,74% Memory free
7,89 Gb Paging File | 6,28 Gb Available in Paging File | 79,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 383,55 Gb Total Space | 255,22 Gb Free Space | 66,54% Space Free | Partition Type: NTFS
Drive E: | 67,26 Gb Total Space | 16,80 Gb Free Space | 24,98% Space Free | Partition Type: NTFS
Drive H: | 200,00 Mb Total Space | 167,57 Mb Free Space | 83,78% Space Free | Partition Type: NTFS

Computer Name: DANIEL-PC | User Name: DANIEL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/13 18:00:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DANIEL\Desktop\OTL.exe
PRC - [2012/10/30 08:52:08 | 000,884,344 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
PRC - [2012/10/30 08:52:06 | 001,073,784 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.exe
PRC - [2012/10/30 08:39:32 | 002,612,336 | ---- | M] (Iminent) -- C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe
PRC - [2012/10/23 07:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/10/06 20:54:35 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/07/27 18:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/31 20:15:05 | 000,460,312 | ---- | M] () -- C:\Users\DANIEL\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
MOD - [2012/10/31 20:15:04 | 012,455,448 | ---- | M] () -- C:\Users\DANIEL\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
MOD - [2012/10/31 20:15:02 | 004,007,448 | ---- | M] () -- C:\Users\DANIEL\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
MOD - [2012/10/31 20:13:47 | 000,587,288 | ---- | M] () -- C:\Users\DANIEL\AppData\Local\Google\Chrome\Application\23.0.1271.64\libglesv2.dll
MOD - [2012/10/31 20:13:46 | 000,123,928 | ---- | M] () -- C:\Users\DANIEL\AppData\Local\Google\Chrome\Application\23.0.1271.64\libegl.dll
MOD - [2012/10/31 20:13:35 | 000,156,712 | ---- | M] () -- C:\Users\DANIEL\AppData\Local\Google\Chrome\Application\23.0.1271.64\avutil-51.dll
MOD - [2012/10/31 20:13:34 | 000,274,984 | ---- | M] () -- C:\Users\DANIEL\AppData\Local\Google\Chrome\Application\23.0.1271.64\avformat-54.dll
MOD - [2012/10/31 20:13:32 | 002,168,360 | ---- | M] () -- C:\Users\DANIEL\AppData\Local\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll
MOD - [2012/10/11 08:54:00 | 000,427,520 | ---- | M] () -- c:\progra~2\mocaflix\sprote~1.dll
MOD - [2012/10/02 19:21:26 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\9d59cf7eb15733ca09736eaaa2acaef6\WindowsFormsIntegration.ni.dll
MOD - [2012/10/02 19:21:19 | 001,859,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\1126dc2c152098ec23d4554405217184\System.Web.Services.ni.dll
MOD - [2012/10/02 19:21:09 | 017,996,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\5be1370b1331393f73af710d0d71b02d\System.ServiceModel.ni.dll
MOD - [2012/10/02 19:20:47 | 001,072,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\a90d8ca6c54f70507704d788fd0d3ded\System.IdentityModel.ni.dll
MOD - [2012/10/02 19:19:45 | 000,148,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\909306caa69b55ffdce3ae5a7f6baa20\System.Configuration.Install.ni.dll
MOD - [2012/10/02 19:19:23 | 000,786,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.ni.dll
MOD - [2012/10/02 19:19:23 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.Wrapper.dll
MOD - [2012/10/02 19:19:22 | 000,646,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\ce2aa3a5e89c326055ac8e2a309232f7\System.Transactions.ni.dll
MOD - [2012/10/02 19:19:21 | 001,020,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\a40c42510e312339018486b1d7076e0a\System.Runtime.DurableInstancing.ni.dll
MOD - [2012/10/02 19:19:20 | 002,637,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\9bfda0add366eea12ea0402e60d01e84\System.Runtime.Serialization.ni.dll
MOD - [2012/10/02 19:19:20 | 000,142,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\9115e9f656b00fc4e46da91537ef1358\SMDiagnostics.ni.dll
MOD - [2012/10/02 19:19:17 | 001,781,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\9b6f1bcb2cf4e6ad429cd721b942f30f\System.Xaml.ni.dll
MOD - [2012/10/01 16:11:53 | 017,998,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\5d585d5428ce69abc28238ffa9f4d3a2\PresentationFramework.ni.dll
MOD - [2012/10/01 16:11:35 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\fe068ba4be8f6cb7d6a58bccff05c75e\PresentationCore.ni.dll
MOD - [2012/10/01 16:11:31 | 013,197,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\54d61af44b1dedee6aea0d1bbc46b13a\System.Windows.Forms.ni.dll
MOD - [2012/10/01 16:11:21 | 003,856,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\62f103f9e662d263ec2ecacc49d4525b\WindowsBase.ni.dll
MOD - [2012/10/01 16:11:21 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ee6e30c355ec2ffab1525b42253f7aef\PresentationFramework.Aero.ni.dll
MOD - [2012/10/01 16:11:18 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4a668799513e369a54fdab8b3f74de92\System.Drawing.ni.dll
MOD - [2012/10/01 15:58:27 | 006,798,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9f5111b0b58258c3a4bbcfb8bf27374c\System.Data.ni.dll
MOD - [2012/10/01 15:58:16 | 007,052,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll
MOD - [2012/10/01 15:58:10 | 005,618,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll
MOD - [2012/10/01 15:58:05 | 000,980,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll
MOD - [2012/10/01 15:58:04 | 009,090,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll
MOD - [2012/10/01 15:57:58 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV:64bit: - [2009/07/13 23:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/30 08:39:32 | 002,612,336 | ---- | M] (Iminent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe -- (SProtection)
SRV - [2012/10/23 07:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/10/19 16:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/06 20:54:35 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/09/12 22:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Arquivos de Programas\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 22:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Arquivos de Programas\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/27 18:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/05 14:41:38 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2011/01/05 14:28:50 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Arquivos de Programas\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2011/01/05 14:26:56 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 19:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/13 15:27:47 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/11/13 15:25:53 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/09/19 18:19:08 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2012/09/19 18:18:56 | 000,030,816 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2012/08/30 23:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 04:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/29 14:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011/07/29 14:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2011/04/07 23:59:58 | 001,430,576 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/25 19:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/10 18:01:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/25 12:48:04 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/11/21 01:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/21 01:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 01:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 01:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 01:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 01:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/21 01:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/21 01:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 01:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/21 01:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/10/15 02:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/30 17:45:22 | 000,299,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/03/15 10:41:14 | 001,800,576 | ---- | M] (Sonix Technology Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/07/13 23:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 23:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 23:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 18:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 18:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 18:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 18:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 18:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/18 20:45:48 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2008/08/18 20:45:46 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2008/08/18 20:45:26 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2011/07/29 14:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 14:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/07/13 23:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.mocaflix.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.moc...q={searchTerms}
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminen...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.iminen...C9-AF54408357CF
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 83 7F C3 01 B7 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}: "URL" = http://www.basicscan...s={searchTerms}
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.moc...q={searchTerms}
IE - HKCU\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminen...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://tudinsbzin.net/teste/sb


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\DANIEL\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\DANIEL\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\DANIEL\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - homepage: http://www.linhadefe...-403-forbidden/

O1 HOSTS File: ([2009/06/10 19:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Vid-Saver) - {11111111-1111-1111-1111-110011341191} - C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll (215 Apps)
O2 - BHO: (SaveAs Class) - {2563C0CA-883C-21CD-8E73-893DBEE30354} - C:\ProgramData\SaveAs\50a14cb0c9d0a.ocx ()
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [PrivitizeVPN] C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe (OOO Industry)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\DANIEL\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www.netcerto...ptX/ScriptX.cab (MeadCo ScriptX)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.76.64.57 201.76.64.43
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A51E6C4-DC6C-49E1-9BA5-37DAE483D4B3}: DhcpNameServer = 201.76.64.57 201.76.64.43
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9394211D-50DB-42CC-8C7E-25DE949AD349}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\mocaflix\sprote~1.dll) - c:\progra~2\mocaflix\sprote~1.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/13 18:00:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\DANIEL\Desktop\OTL.exe
[2012/11/13 15:27:46 | 000,564,824 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2012/11/13 15:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012/11/13 15:25:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012/11/13 15:10:32 | 000,000,000 | ---D | C] -- C:\Users\DANIEL\Desktop\revil
[2012/11/13 14:00:40 | 000,000,000 | ---D | C] -- C:\Users\DANIEL\AppData\Roaming\YourFileDownloader
[2012/11/13 14:00:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YourFileDownloader
[2012/11/13 11:01:34 | 000,000,000 | ---D | C] -- C:\Users\DANIEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\chessimo
[2012/11/13 11:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\chessimo
[2012/11/13 11:01:33 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RICHTX32.OCX
[2012/11/13 11:01:33 | 000,244,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSFLXGRD.OCX
[2012/11/13 11:01:33 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX
[2012/11/13 11:01:33 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSINET.OCX
[2012/11/13 11:01:33 | 000,067,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SYSINFO.OCX
[2012/11/13 11:01:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\chessimo
[2012/11/13 11:01:20 | 000,000,000 | ---D | C] -- C:\Users\DANIEL\AppData\Roaming\8 x 8 Media AG
[2012/11/12 22:15:10 | 000,000,000 | ---D | C] -- C:\Temp
[2012/11/12 21:05:09 | 000,000,000 | ---D | C] -- C:\Users\DANIEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivitizeVPN
[2012/11/12 21:05:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PrivitizeVPN
[2012/11/12 21:04:53 | 000,000,000 | ---D | C] -- C:\Users\DANIEL\AppData\Local\Vid-Saver
[2012/11/12 21:04:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vid-Saver
[2012/11/12 21:04:44 | 000,000,000 | ---D | C] -- C:\Users\DANIEL\AppData\Roaming\Iminent
[2012/11/12 21:04:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Iminent
[2012/11/12 21:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IMinent Toolbar
[2012/11/12 21:04:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Umbrella
[2012/11/12 21:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
[2012/11/12 21:04:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent
[2012/11/12 21:00:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent
[2012/11/12 20:58:40 | 000,000,000 | ---D | C] -- C:\Users\DANIEL\AppData\Roaming\BitTorrent
[2012/11/12 19:40:12 | 000,000,000 | ---D | C] -- C:\Users\DANIEL\Desktop\HijackThis
[2012/11/12 17:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/11/12 17:23:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MocaFlix
[2012/11/12 17:23:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/11/12 17:22:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveAs
[2012/11/12 17:22:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs
[2012/11/12 17:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/11/12 12:56:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BasicScan
[2012/11/12 12:56:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PricePeep
[2012/11/12 12:54:50 | 000,000,000 | ---D | C] -- C:\Users\DANIEL\AppData\Local\RavenBleuSA
[2012/11/12 12:49:28 | 000,000,000 | ---D | C] -- C:\Users\DANIEL\AppData\Local\Programs
[2012/11/12 12:49:07 | 000,000,000 | ---D | C] -- C:\Users\DANIEL\AppData\Roaming\GetRightToGo
[2012/11/06 13:25:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012/11/06 13:25:22 | 000,000,000 | ---D | C] -- C:\Users\DANIEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/11/06 00:55:08 | 000,000,000 | ---D | C] -- C:\Users\DANIEL\Desktop\trabalho de ga
[2012/11/04 21:18:06 | 000,000,000 | ---D | C] -- C:\Users\DANIEL\AppData\Roaming\Skype
[2012/11/04 21:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/11/04 21:17:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/11/04 21:17:54 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/11/04 21:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/11/04 21:03:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012/11/03 12:13:13 | 000,000,000 | ---D | C] -- C:\Users\DANIEL\Desktop\area
[2012/11/03 12:10:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yu-Gi-Oh! Power Chaos common
[2012/11/01 16:23:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/11/01 15:39:54 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/11/01 15:39:54 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/11/01 15:39:49 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/11/01 15:39:49 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/11/01 15:39:49 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/10/18 13:04:57 | 000,000,000 | ---D | C] -- C:\Users\DANIEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeBlocks
[2012/10/18 13:04:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CodeBlocks
[2012/10/18 13:00:31 | 000,000,000 | ---D | C] -- C:\CodeBlocks
[2012/10/18 10:07:42 | 000,000,000 | ---D | C] -- C:\Users\DANIEL\Desktop\Programas
[2012/10/18 10:05:24 | 000,000,000 | ---D | C] -- C:\Users\DANIEL\AppData\Roaming\codeblocks
[2012/10/18 10:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks
[2012/09/20 16:38:33 | 119,612,240 | ---- | C] (Lenovo Group Limited ) -- C:\Users\DANIEL\dsltttp32.exe
[2012/09/20 16:30:35 | 055,986,640 | ---- | C] (Lenovo Group ) -- C:\Users\DANIEL\IN12STW57WW5.exe
[2012/09/20 16:27:55 | 029,142,216 | ---- | C] (Lenovo Group Limited ) -- C:\Users\DANIEL\lscsetup_x64_11007.exe

========== Files - Modified Within 30 Days ==========

[2012/11/13 18:04:26 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/13 18:04:26 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/13 18:02:17 | 001,517,030 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/13 18:02:17 | 000,663,804 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2012/11/13 18:02:17 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/13 18:02:17 | 000,128,094 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2012/11/13 18:02:17 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/13 18:00:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DANIEL\Desktop\OTL.exe
[2012/11/13 17:57:23 | 000,000,408 | -H-- | M] () -- C:\Windows\tasks\OptimizerProUpdaterTask{587708BA-B329-4B0A-865D-DC878E6ADDB6}.job
[2012/11/13 17:57:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/13 17:56:46 | 3177,074,688 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/13 15:39:35 | 000,423,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/13 15:28:00 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3099947045-3901576250-1567876289-1000UA.job
[2012/11/13 15:27:47 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2012/11/13 15:25:53 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/11/13 14:29:16 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3099947045-3901576250-1567876289-1000Core.job
[2012/11/13 14:08:20 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3099947045-3901576250-1567876289-1000UA.job
[2012/11/13 11:02:16 | 000,000,152 | ---- | M] () -- C:\Windows\SysWow64\sysplog2.dll
[2012/11/13 11:02:08 | 000,000,152 | ---- | M] () -- C:\Windows\SysWow64\sysplog.dll
[2012/11/12 21:04:40 | 000,000,620 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2012/11/12 21:04:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\extensions.sqlite
[2012/11/12 20:09:21 | 000,108,734 | ---- | M] () -- C:\Users\DANIEL\Desktop\FORBIDDEN 403.png
[2012/11/12 20:08:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3099947045-3901576250-1567876289-1000Core.job
[2012/11/12 18:42:58 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/11/12 18:42:58 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/11/12 12:56:11 | 000,000,000 | ---- | M] () -- C:\ProgramData\300e03db16bffeaa359647a4788bdba6_c
[2012/11/01 19:37:35 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/11/01 19:37:35 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/11/01 15:39:43 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/11/01 15:39:42 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/11/01 15:39:42 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/11/01 15:39:42 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/11/01 15:39:41 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/11/01 15:39:41 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/10/21 17:50:35 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/10/19 23:20:49 | 000,007,606 | ---- | M] () -- C:\Users\DANIEL\AppData\Local\Resmon.ResmonCfg

========== Files Created - No Company Name ==========

[2012/11/13 11:02:16 | 000,000,152 | ---- | C] () -- C:\Windows\SysWow64\sysplog2.dll
[2012/11/13 11:02:08 | 000,000,152 | ---- | C] () -- C:\Windows\SysWow64\sysplog.dll
[2012/11/13 11:01:34 | 000,008,784 | ---- | C] () -- C:\Windows\SysWow64\Microsoft.InteropFormTools.tlb
[2012/11/13 11:01:34 | 000,006,360 | ---- | C] () -- C:\Windows\SysWow64\ChessimoVB.tlb
[2012/11/12 21:04:30 | 000,000,620 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2012/11/12 21:04:22 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\extensions.sqlite
[2012/11/12 20:09:21 | 000,108,734 | ---- | C] () -- C:\Users\DANIEL\Desktop\FORBIDDEN 403.png
[2012/11/12 17:23:12 | 000,000,408 | -H-- | C] () -- C:\Windows\tasks\OptimizerProUpdaterTask{587708BA-B329-4B0A-865D-DC878E6ADDB6}.job
[2012/11/12 12:56:11 | 000,000,000 | ---- | C] () -- C:\ProgramData\300e03db16bffeaa359647a4788bdba6_c
[2012/11/04 21:03:17 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012/11/04 20:03:57 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3099947045-3901576250-1567876289-1000UA.job
[2012/11/04 20:03:56 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3099947045-3901576250-1567876289-1000Core.job
[2012/11/03 11:46:22 | 000,007,824 | ---- | C] () -- C:\Windows\SysWow64\Unlocker.inf
[2012/11/01 19:37:25 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012/11/01 19:37:25 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2012/10/19 23:20:49 | 000,007,606 | ---- | C] () -- C:\Users\DANIEL\AppData\Local\Resmon.ResmonCfg
[2012/10/09 00:55:24 | 000,001,458 | ---- | C] () -- C:\Users\DANIEL\.recently-used.xbel
[2012/10/05 01:07:06 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/10/05 01:07:02 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/10/05 01:06:58 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2012/09/20 16:35:54 | 026,516,387 | ---- | C] () -- C:\Users\DANIEL\tst_diagnostic-2.3.25.19-618-c3-ne.zip
[2012/09/20 15:20:20 | 002,468,520 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2012/09/20 15:20:20 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2012/09/20 15:20:20 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2012/09/20 15:20:20 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2012/09/20 15:20:20 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2012/09/19 18:17:41 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2011/11/25 16:46:29 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/03/25 19:16:10 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/03/25 19:16:08 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/03/25 19:16:08 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

========== ZeroAccess Check ==========

[2009/07/14 02:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 03:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 02:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 23:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 01:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 23:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/04/15 15:06:46 | 000,302,656 | ---- | M] () -- C:\FaceProv.log
[2012/11/13 17:56:46 | 3177,074,688 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/13 17:56:51 | 4236,099,584 | -HS- | M] () -- C:\pagefile.sys
[2012/03/15 13:12:44 | 000,000,510 | ---- | M] () -- C:\settings.ini

< %userprofile%\*.* >
[2012/10/09 00:55:24 | 000,001,458 | ---- | M] () -- C:\Users\DANIEL\.recently-used.xbel
[2012/09/20 16:49:54 | 119,612,240 | ---- | M] (Lenovo Group Limited ) -- C:\Users\DANIEL\dsltttp32.exe
[2012/09/20 16:35:53 | 055,986,640 | ---- | M] (Lenovo Group ) -- C:\Users\DANIEL\IN12STW57WW5.exe
[2012/09/20 16:30:31 | 029,142,216 | ---- | M] (Lenovo Group Limited ) -- C:\Users\DANIEL\lscsetup_x64_11007.exe
[2012/11/13 18:10:00 | 001,835,008 | -HS- | M] () -- C:\Users\DANIEL\NTUSER.DAT
[2012/11/13 18:09:59 | 000,262,144 | -HS- | M] () -- C:\Users\DANIEL\ntuser.dat.LOG1
[2012/09/19 16:45:21 | 000,000,000 | -HS- | M] () -- C:\Users\DANIEL\ntuser.dat.LOG2
[2012/09/19 18:36:06 | 000,065,536 | -HS- | M] () -- C:\Users\DANIEL\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012/09/19 18:36:06 | 000,524,288 | -HS- | M] () -- C:\Users\DANIEL\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012/09/19 18:36:06 | 000,524,288 | -HS- | M] () -- C:\Users\DANIEL\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012/09/19 16:45:21 | 000,000,020 | -HS- | M] () -- C:\Users\DANIEL\ntuser.ini
[2012/09/20 16:38:31 | 026,516,387 | ---- | M] () -- C:\Users\DANIEL\tst_diagnostic-2.3.25.19-618-c3-ne.zip

< %systemroot%\system32\drivers\*.* /90 >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\*.* >
[2012/11/12 12:56:11 | 000,000,000 | ---- | M] () -- C:\ProgramData\300e03db16bffeaa359647a4788bdba6_c

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 02:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >
"DefaultConnectionSettings" = 46 00 00 00 C0 00 00 00 0D 00 00 00 00 00 00 00 05 00 00 00 6C 6F 63 61 6C 1E 00 00 00 68 74 74 70 3A 2F 2F 74 75 64 69 6E 73 62 7A 69 6E 2E 6E 65 74 2F 74 65 73 74 65 2F 73 62 04 00 00 00 00 00 00 00 F1 84 AB 67 C8 C1 CD 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 9D 38 95 3C 20 1C 2A 6A 36 B3 A5 5A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [Binary data over 200 bytes]
"SavedLegacySettings" = 46 00 00 00 53 02 00 00 0D 00 00 00 00 00 00 00 05 00 00 00 6C 6F 63 61 6C 1E 00 00 00 68 74 74 70 3A 2F 2F 74 75 64 69 6E 73 62 7A 69 6E 2E 6E 65 74 2F 74 65 73 74 65 2F 73 62 04 00 00 00 00 00 00 00 F1 84 AB 67 C8 C1 CD 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 9D 38 95 3C 20 1C 2A 6A 36 B3 A5 5A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [Binary data over 200 bytes]

< %PROGRAMFILES%\Internet Explorer\*.* >
[2011/03/15 14:19:30 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ExtExport.exe
[2011/03/15 14:19:30 | 000,002,535 | ---- | M] () -- C:\Program Files (x86)\Internet Explorer\ie9props.propdesc
[2011/03/15 14:19:30 | 000,107,008 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iecleanup.exe
[2011/03/15 14:19:30 | 000,307,200 | ---- | M] () -- C:\Program Files (x86)\Internet Explorer\iediagcmd.exe
[2012/08/24 04:53:15 | 000,678,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
[2011/03/15 14:19:30 | 000,466,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
[2011/03/15 14:19:30 | 000,222,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
[2012/08/24 04:49:15 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
[2012/08/24 04:48:46 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\IEShims.dll
[2012/08/24 05:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2012/08/24 04:52:21 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
[2011/03/15 14:19:29 | 000,104,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
[2011/03/15 14:19:30 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\JSProfilerCore.dll
[2011/03/15 14:19:30 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsprofilerui.dll
[2009/06/10 19:14:14 | 000,265,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\msdbg2.dll
[2011/03/15 14:19:30 | 000,301,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\networkinspection.dll
[2009/06/10 19:14:15 | 000,355,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\pdm.dll
[2012/08/24 05:34:41 | 000,140,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\sqmapi.dll

< End of report >

#4
JoseMelo
Postado 14 novembro 2012 - 15:45

JoseMelo

    Assistente Profissional

  • Assistente Profissional
  • 119.188 posts
- Execute o OTL (clique com o botão direito do mouse sobre o executável > Executar como admnistrador), copie o texto abaixo, dentro do "code" e cole no campo Imagem Postada

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://tudinsbzin.net/teste/sb
CHR - homepage: http://www.linhadefe...-403-forbidden/
O2 - BHO: (Vid-Saver) - {11111111-1111-1111-1111-110011341191} - C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll (215 Apps)
O2 - BHO: (SaveAs Class) - {2563C0CA-883C-21CD-8E73-893DBEE30354} - C:\ProgramData\SaveAs\50a14cb0c9d0a.ocx ()
O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)

:Services

:Reg

:Files

:Commands
[emptyjava]
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]

- Clique no botão Consertar
- Quando terminado, clique em Ok para reiniciar o computador.
- Na janela que aparecer, clique em "Executar", copie o conteúdo do log que for aberto e cole na sua próxima resposta, juntamente com um novo log do HijackThis.
Imagem Postada
Linha Defensiva no twitter / Proteja seu PC
HijackThis \ ARIS / ASAP

#5
daniel muranaka de lima
Postado 14 novembro 2012 - 18:03

daniel muranaka de lima

    Novato

  • Membro
  • Pip
  • 4 posts
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL deleted successfully.
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011341191}\ deleted successfully.
C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2563C0CA-883C-21CD-8E73-893DBEE30354}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2563C0CA-883C-21CD-8E73-893DBEE30354}\ deleted successfully.
C:\ProgramData\SaveAs\50a14cb0c9d0a.ocx moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\ deleted successfully.
C:\Program Files (x86)\PricePeep\pricepeep.dll moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: DANIEL
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: Todos os Usuários

User: Usuário Padrão

Total Java Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: DANIEL
->Temp folder emptied: 358566043 bytes
->Temporary Internet Files folder emptied: 18934816 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 427046862 bytes
->Flash cache emptied: 59757 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 58264 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Todos os Usuários

User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 83808228 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50521 bytes
RecycleBin emptied: 5613304620 bytes

Total Files Cleaned = 6.201,00 mb


[EMPTYFLASH]

User: All Users

User: DANIEL
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Todos os Usuários

User: Usuário Padrão
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11142012_185609

Files\Folders moved on Reboot...
C:\Users\DANIEL\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



Logfile of HijackThis v1.99.1
Scan saved at 19:02:46, on 14/11/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)

Running processes:
C:\Users\DANIEL\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DANIEL\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DANIEL\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DANIEL\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DANIEL\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.mocaflix.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.mocaflix.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PrivitizeVPN] C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe /autorun
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\DANIEL\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - https://www.netcerto...ptX/ScriptX.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~2\mocaflix\sprote~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

#6
JoseMelo
Postado 15 novembro 2012 - 07:28

JoseMelo

    Assistente Profissional

  • Assistente Profissional
  • 119.188 posts
Faça o download do AdwCleaner e salve no desktop.
http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner

Clique no ícone Imagem Postada para baixar o arquivo.

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo AdwCleaner.exe, depois clique em Imagem Postada

Clique em Delete.

Será aberto o bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.


- Faça o download do Malwarebytes Anti-Malware
http://www.malwarebytes.org/mbam-download.php
  • Desative o antivírus;
  • Faça a instalação dando um duplo clique em "mbam-setup.exe";
  • Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir;
  • Marque "Verificação Completa" e depois clique em Verificar;
  • Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;
  • Se algo for detectado, veja se tudo está marcado e clique em "Remover";
  • O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;
  • Copie e cole o conteúdo desse log na sua próxima resposta.
- Poste novo log do HijackThis.
Imagem Postada
Linha Defensiva no twitter / Proteja seu PC
HijackThis \ ARIS / ASAP

#7
daniel muranaka de lima
Postado 15 novembro 2012 - 18:24

daniel muranaka de lima

    Novato

  • Membro
  • Pip
  • 4 posts
# AdwCleaner v2.007 - Logfile created 11/15/2012 at 12:10:10
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : DANIEL - DANIEL-PC
# Boot Mode : Normal
# Running from : C:\Users\DANIEL\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\BasicScan
Folder Deleted : C:\Program Files (x86)\PricePeep
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Users\DANIEL\AppData\LocalLow\Toolbar4

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PricePeep
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho
Key Deleted : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.64

File : C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [12588 octets] - [15/11/2012 12:10:10]

########## EOF - C:\AdwCleaner[S1].txt - [12649 octets] ##########




Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Versão da Base de Dados: v2012.09.29.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
DANIEL :: DANIEL-PC [administrador]

Proteção: Permitir

15/11/2012 16:00:17
mbam-log-2012-11-15 (16-00-17).txt

Tipo de Verificação: Verificação Completa (C:\|E:\|H:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 518211
Tempo decorrido: 2 hora(s), 33 minuto(s), 15 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\RavenBleuSA (Adware.Hotbar.RB) -> Enviado para a Quarentena e deletado com sucesso.

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 23
C:\Users\DANIEL\Downloads\mplayer_Setup.exe (PUP.Bundle.Installer.OI) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\DANIEL\Downloads\SaveAs.exe (Affiliate.Downloader) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\DANIEL\Downloads\video_downloader.exe (PUP.BundleInstaller.VG) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old.000\Program Files (x86)\I Want This\I Want This.dll (Adware.GamePlayLabs) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old.000\Program Files (x86)\I Want This\I Want This.exe (Adware.GamePlayLabs) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old.000\Program Files (x86)\I Want This\I Want ThisGui.exe (Adware.GamePlayLabs) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old.000\Program Files (x86)\I Want This\Uninstall.exe (Adware.GamePlayLabs) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old.000\Program Files (x86)\Uninstall Information\ib_uninst_0\uninstall.exe (PUP.BundleInstaller.IB) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old.000\Program Files (x86)\Uninstall Information\ib_uninst_358\uninstall.exe (PUP.BundleInstaller.IB) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old.000\Program Files (x86)\Uninstall Information\ib_uninst_455\uninstall.exe (PUP.BundleInstaller.IB) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old.000\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old.000\Users\Daniel\Downloads\7Loader_Release_5.exe (Trojan.Agent) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old.000\Users\Daniel\Downloads\filmes (1).exe (Adware.Bundler) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old.000\Users\Daniel\Downloads\filmes (2).exe (Adware.Bundler) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old.000\Users\Daniel\Downloads\filmes (3).exe (Adware.Bundler) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old.000\Users\Daniel\Downloads\filmes.exe (Adware.Bundler) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old.000\Users\Daniel\Downloads\PCPerformer_Setup (1).exe (PUP.BundleInstaller.IB) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows.old.000\Users\Daniel\Downloads\PCPerformer_Setup.exe (PUP.BundleInstaller.IB) -> Enviado para a Quarentena e deletado com sucesso.
E:\programas importantes\Antivírus\Gerador de serial eset\bdl39100-lf\bdl3.9.10.0.exe (Riskware.KG) -> Enviado para a Quarentena e deletado com sucesso.
C:\ProgramData\WLSetup\dXrDZcjgNFUaIAqy.cfg (Trojan.Agent) -> Enviado para a Quarentena e deletado com sucesso.
C:\ProgramData\WLSetup\dXrDZcjgNFUaIAqy.dll (Trojan.Agent) -> Enviado para a Quarentena e deletado com sucesso.
C:\ProgramData\WLSetup\dXrDZcjgNFUaIAqy.usr (Trojan.Agent) -> Enviado para a Quarentena e deletado com sucesso.
C:\ProgramData\WLSetup\dXrDZcjgNFUaIAqy.zip (Trojan.Agent) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

Logfile of HijackThis v1.99.1
Scan saved at 19:23:45, on 15/11/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\DANIEL\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DANIEL\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DANIEL\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DANIEL\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DANIEL\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.mocaflix.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.mocaflix.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\DANIEL\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - https://www.netcerto...ptX/ScriptX.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~2\mocaflix\sprote~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

#8
JoseMelo
Postado 16 novembro 2012 - 16:19

JoseMelo

    Assistente Profissional

  • Assistente Profissional
  • 119.188 posts
- Clique com o botão direito do mouse sobre o executável do HijackThis > Executar como administrador, clique em Do a system scan only e marque as entradas abaixo:


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.mocaflix.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.mocaflix.com/

- Feche todas as janelas, clique em Fix checked e em Sim;


Faça o download do Kaspersky Virus Removal Tool de um desses 2 links:
http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/

Salve-o em sua área de trabalho.

- Duplo clique no arquivo "setup" e aguarde a instalação;
- Na próxima tela marque I accept the licence agreement e clique em Start
- Clique no botão Imagem Postada e marque:
  • Meu computador
  • Disco local (C:) (a letra do disco local pode variar)
- Clique em Actions e desmarque os dois quadros:
Imagem Postada
- Clique na aba Automatic Scan e aguarde o término da verificação.

- Clique no botão Imagem Postada, em Detected threats e no botão "Save".
- Copie o conteúdo do arquivo salvo (se houver algo detectado) e poste na sua próxima resposta.
Imagem Postada
Linha Defensiva no twitter / Proteja seu PC
HijackThis \ ARIS / ASAP

#9
Felipe-rj
Postado 27 novembro 2012 - 09:35

Felipe-rj

    Moderador

  • Moderador
  • 816 posts
Tópico Arquivado

Como o autor não respondeu ao tópico por mais de 10 dias, o mesmo foi arquivado.

Caso você seja o autor do tópico e quer que o mesmo seja reaberto, envie uma mensagem privada para um moderador ou assistente com um link para este tópico e justifique porque você precisa dele reaberto.
Imagem Postada
DEIXE SEU PC E INTERNET MAIS RÁPIDOS
Voltar para Arquivo


  1. Fórum Linha Defensiva
  2. Serviços
  3. Remoção de Malware
  4. Arquivo
IPB skins by Skinbox