Ir para conteúdo

Foto

virus cria atalhos no pendrive

pendrive hamza

Este tópico foi arquivado. Isto significa que você não pode mais responder ao tópico.
18 respostas neste tópico

#1
bunfl

bunfl

    Novato

  • Novato
  • Pip
  • 10 posts

 Bem, meu pendrive recentemente recebeu uma visita de um arquivo chamado Hamza

esse virus transforma minhas pastas de pendrive e até do meu cartão de memória do celular, em arquivos de sistema ocultos e cria atalhos para as mesmas pastas. 

 

 

Já fiz todos esses processos básicos para remover esse tipo de vírus, desses que mandam agente mexer com o cmd e digitar um comando do tipo:

 

attrib -r -a -s -h /d /s 

 

 

 

 

 

MbrScan esta muito grande vou enviar por aki

 

MBRScan v1.1.1
 
OS             : Windows 7 Service Pack 1 (64 bit)
PROCESSOR      : Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
BOOT           : Normal Boot
DATE           : 2013/09/01 (ISO 8601) at 02:33:38
________________________________________________________________________________
 
DISK           : Device\Harddisk0\DR0 __SAMSUNG HD502HJ (1AJ10001)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________
 
DISK           : Device\Harddisk1\DR13 __Kingston DT 101 G2 (PMAP)
BUS_TYPE       : (0x07)  USB
USE_PIO        : NO
MAX_TRANSFER   : 64 Kb
ALIGNMENT_MASK : byte aligned
________________________________________________________________________________
 
Device\Harddisk0\DR0 465.8 Go  [Fixed] ==> 7 MBR Code
 
MBR_MD5   : 71935C0F355ADC6FFEF4C2DEA264AAE6
MBR_SHA1  : C15D945F7D73DE6451973F4DF46300A4F9467C9F
 
Device\Harddisk0\Partition1 100.0 Mo   0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2 195.2 Go   0x07 NTFS / HPFS
Device\Harddisk0\Partition3 270.4 Go   0x07 NTFS / HPFS
________________________________________________________________________________
 
Device\Harddisk1\DR13 7.27 Go  [Removable] ==> XP MBR Code
 
MBR_MD5   : A0B0FCAFBBDFA2D5FAEE4C6D62BE43FA
MBR_SHA1  : 183DF4E8BB2BBD36B0E415D681869D16EC011C6F
 
Device\Harddisk1\Partition1 7.26 Go   0x0B FAT32 [CHS]  __ BOOTABLE __
________________________________________________________________________________
 
############################### Additional scan ################################
 
DRIVER  : C:\Windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0x03018000
SIZE    : 292.0 Ko
 
DRIVER  : C:\Windows\system32\kdcom.dll => Invisible on the disk
ADDRESS : 0x00BA1000
SIZE    : 40.0 Ko
 
DRIVER  : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk
ADDRESS : 0x00C24000
SIZE    : 316.0 Ko
 
DRIVER  : C:\Windows\system32\CLFS.SYS => Invisible on the disk
ADDRESS : 0x00C87000
SIZE    : 376.0 Ko
 
DRIVER  : C:\Windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0x00CE5000
SIZE    : 768.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x00E08000
SIZE    : 656.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x00EAC000
SIZE    : 60.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\ACPI.sys => Invisible on the disk
ADDRESS : 0x00EBB000
SIZE    : 348.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x00F12000
SIZE    : 36.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\msisadrv.sys => Invisible on the disk
ADDRESS : 0x00F1B000
SIZE    : 40.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\pci.sys => Invisible on the disk
ADDRESS : 0x00F25000
SIZE    : 204.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x00F58000
SIZE    : 52.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x00F65000
SIZE    : 84.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\volmgr.sys => Invisible on the disk
ADDRESS : 0x00F7A000
SIZE    : 84.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x00F8F000
SIZE    : 368.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\intelide.sys => Invisible on the disk
ADDRESS : 0x00FEB000
SIZE    : 32.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\PCIIDEX.SYS => Invisible on the disk
ADDRESS : 0x00DA5000
SIZE    : 64.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x00DB5000
SIZE    : 104.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\atapi.sys => Invisible on the disk
ADDRESS : 0x00FF3000
SIZE    : 36.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\ataport.SYS => Invisible on the disk
ADDRESS : 0x00DCF000
SIZE    : 168.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\amdxata.sys => Invisible on the disk
ADDRESS : 0x00C00000
SIZE    : 44.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x010AE000
SIZE    : 304.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x010FA000
SIZE    : 80.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x01202000
SIZE    : 1.64 Mo
 
DRIVER  : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x0110E000
SIZE    : 376.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x013A5000
SIZE    : 108.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x0116C000
SIZE    : 456.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x013C0000
SIZE    : 68.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x013D1000
SIZE    : 40.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x01495000
SIZE    : 972.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x01588000
SIZE    : 384.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x01400000
SIZE    : 168.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x0162B000
SIZE    : 2.02 Mo
 
DRIVER  : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x0182F000
SIZE    : 296.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\epfwwfp.sys => Invisible on the disk
ADDRESS : 0x01879000
SIZE    : 84.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\vmstorfl.sys => Invisible on the disk
ADDRESS : 0x0188E000
SIZE    : 64.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\volsnap.sys => Invisible on the disk
ADDRESS : 0x0189E000
SIZE    : 304.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\spldr.sys => Invisible on the disk
ADDRESS : 0x018EA000
SIZE    : 32.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x018F2000
SIZE    : 232.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x0192C000
SIZE    : 72.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk
ADDRESS : 0x0193E000
SIZE    : 36.0 Ko
 
DRIVER  : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x01947000
SIZE    : 232.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\disk.sys => Invisible on the disk
ADDRESS : 0x01981000
SIZE    : 88.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x01997000
SIZE    : 192.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\dtsoftbus01.sys => Invisible on the disk
ADDRESS : 0x0142A000
SIZE    : 292.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\cdrom.sys => Invisible on the disk
ADDRESS : 0x01600000
SIZE    : 168.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\eamonm.sys => Invisible on the disk
ADDRESS : 0x06431000
SIZE    : 916.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x06516000
SIZE    : 36.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x0651F000
SIZE    : 28.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\ehdrv.sys => Invisible on the disk
ADDRESS : 0x06526000
SIZE    : 164.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\BprotectEx.sys => Invisible on the disk
ADDRESS : 0x0654F000
SIZE    : 100.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\vga.sys => Invisible on the disk
ADDRESS : 0x06568000
SIZE    : 56.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk
ADDRESS : 0x06576000
SIZE    : 148.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x0659B000
SIZE    : 64.0 Ko
 
DRIVER  : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk
ADDRESS : 0x065AB000
SIZE    : 36.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the disk
ADDRESS : 0x065B4000
SIZE    : 36.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the disk
ADDRESS : 0x065BD000
SIZE    : 36.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x065C6000
SIZE    : 44.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x065D1000
SIZE    : 68.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0x06400000
SIZE    : 136.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0x06422000
SIZE    : 52.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0x01000000
SIZE    : 548.0 Ko
 
DRIVER  : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0x0682E000
SIZE    : 276.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk
ADDRESS : 0x06873000
SIZE    : 36.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0x0687C000
SIZE    : 152.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\EpfwLWF.sys => Invisible on the disk
ADDRESS : 0x068A2000
SIZE    : 72.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0x068B4000
SIZE    : 60.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\serial.sys => Invisible on the disk
ADDRESS : 0x068C3000
SIZE    : 116.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the disk
ADDRESS : 0x068E0000
SIZE    : 108.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\termdd.sys => Invisible on the disk
ADDRESS : 0x068FB000
SIZE    : 80.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0x0690F000
SIZE    : 324.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0x06960000
SIZE    : 48.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\mssmbios.sys => Invisible on the disk
ADDRESS : 0x0696C000
SIZE    : 44.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\discache.sys => Invisible on the disk
ADDRESS : 0x06977000
SIZE    : 60.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\csc.sys => Invisible on the disk
ADDRESS : 0x06691000
SIZE    : 524.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0x06714000
SIZE    : 120.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\blbdrive.sys => Invisible on the disk
ADDRESS : 0x06732000
SIZE    : 68.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk
ADDRESS : 0x06743000
SIZE    : 152.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\nvlddmkm.sys => Invisible on the disk
ADDRESS : 0x072C3000
SIZE    : 10.67 Mo
 
DRIVER  : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0x06C51000
SIZE    : 976.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0x06D45000
SIZE    : 280.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\HDAudBus.sys => Invisible on the disk
ADDRESS : 0x06D8B000
SIZE    : 144.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\Rt64win7.sys => Invisible on the disk
ADDRESS : 0x06DAF000
SIZE    : 200.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\usbuhci.sys => Invisible on the disk
ADDRESS : 0x06DE1000
SIZE    : 52.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x07D6E000
SIZE    : 344.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\usbehci.sys => Invisible on the disk
ADDRESS : 0x06DEE000
SIZE    : 68.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\i8042prt.sys => Invisible on the disk
ADDRESS : 0x06C00000
SIZE    : 120.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\kbdclass.sys => Invisible on the disk
ADDRESS : 0x06C1E000
SIZE    : 60.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\fdc.sys => Invisible on the disk
ADDRESS : 0x06C2D000
SIZE    : 52.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\serenum.sys => Invisible on the disk
ADDRESS : 0x06C3A000
SIZE    : 48.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\parport.sys => Invisible on the disk
ADDRESS : 0x07DC4000
SIZE    : 116.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\intelppm.sys => Invisible on the disk
ADDRESS : 0x07DE1000
SIZE    : 88.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\CompositeBus.sys => Invisible on the disk
ADDRESS : 0x07200000
SIZE    : 64.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\msiscsi.sys => Invisible on the disk
ADDRESS : 0x07210000
SIZE    : 284.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\storport.sys => Invisible on the disk
ADDRESS : 0x07257000
SIZE    : 396.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk
ADDRESS : 0x06769000
SIZE    : 88.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk
ADDRESS : 0x0677F000
SIZE    : 144.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk
ADDRESS : 0x067A3000
SIZE    : 48.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk
ADDRESS : 0x067AF000
SIZE    : 188.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk
ADDRESS : 0x067DE000
SIZE    : 108.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the disk
ADDRESS : 0x06600000
SIZE    : 132.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the disk
ADDRESS : 0x06621000
SIZE    : 104.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\rdpbus.sys => Invisible on the disk
ADDRESS : 0x06C46000
SIZE    : 44.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\mouclass.sys => Invisible on the disk
ADDRESS : 0x0663B000
SIZE    : 60.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\swenum.sys => Invisible on the disk
ADDRESS : 0x072BA000
SIZE    : 8.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\ks.sys => Invisible on the disk
ADDRESS : 0x0664A000
SIZE    : 268.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\umbus.sys => Invisible on the disk
ADDRESS : 0x06986000
SIZE    : 72.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the disk
ADDRESS : 0x06998000
SIZE    : 360.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the disk
ADDRESS : 0x06800000
SIZE    : 84.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\nvhda64v.sys => Invisible on the disk
ADDRESS : 0x0821E000
SIZE    : 204.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\portcls.sys => Invisible on the disk
ADDRESS : 0x08251000
SIZE    : 244.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\drmk.sys => Invisible on the disk
ADDRESS : 0x0828E000
SIZE    : 136.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk
ADDRESS : 0x082B0000
SIZE    : 24.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\HdAudio.sys => Invisible on the disk
ADDRESS : 0x082B6000
SIZE    : 368.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0x08312000
SIZE    : 56.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\dump_dumpata.sys => Invisible on the disk
ADDRESS : 0x08320000
SIZE    : 48.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0x0832C000
SIZE    : 36.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x08335000
SIZE    : 76.0 Ko
 
DRIVER  : C:\Windows\System32\win32k.sys => Invisible on the disk
ADDRESS : 0x00040000
SIZE    : 3.09 Mo
 
DRIVER  : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the disk
ADDRESS : 0x08348000
SIZE    : 48.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\hidusb.sys => Invisible on the disk
ADDRESS : 0x08354000
SIZE    : 56.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\HIDCLASS.SYS => Invisible on the disk
ADDRESS : 0x08362000
SIZE    : 100.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\HIDPARSE.SYS => Invisible on the disk
ADDRESS : 0x0837B000
SIZE    : 36.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the disk
ADDRESS : 0x08384000
SIZE    : 8.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\mouhid.sys => Invisible on the disk
ADDRESS : 0x08386000
SIZE    : 52.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk
ADDRESS : 0x08393000
SIZE    : 116.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\usbvideo.sys => Invisible on the disk
ADDRESS : 0x083B0000
SIZE    : 184.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\usbaudio.sys => Invisible on the disk
ADDRESS : 0x083DE000
SIZE    : 108.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the disk
ADDRESS : 0x08200000
SIZE    : 56.0 Ko
 
DRIVER  : C:\Windows\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x00440000
SIZE    : 40.0 Ko
 
DRIVER  : C:\Windows\System32\cdd.dll => Invisible on the disk
ADDRESS : 0x006B0000
SIZE    : 156.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk
ADDRESS : 0x019C7000
SIZE    : 140.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the disk
ADDRESS : 0x01473000
SIZE    : 132.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\epfw.sys => Invisible on the disk
ADDRESS : 0x028B7000
SIZE    : 200.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the disk
ADDRESS : 0x028E9000
SIZE    : 84.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the disk
ADDRESS : 0x028FE000
SIZE    : 96.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk
ADDRESS : 0x02916000
SIZE    : 804.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk
ADDRESS : 0x029DF000
SIZE    : 120.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk
ADDRESS : 0x02800000
SIZE    : 96.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
ADDRESS : 0x02818000
SIZE    : 180.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
ADDRESS : 0x02845000
SIZE    : 312.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
ADDRESS : 0x02893000
SIZE    : 144.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk
ADDRESS : 0x07EF0000
SIZE    : 664.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\secdrv.SYS => Invisible on the disk
ADDRESS : 0x07F96000
SIZE    : 44.0 Ko
 
DRIVER  : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
ADDRESS : 0x07FA1000
SIZE    : 196.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk
ADDRESS : 0x07FD2000
SIZE    : 72.0 Ko
 
DRIVER  : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk
ADDRESS : 0x07E00000
SIZE    : 420.0 Ko
 
DRIVER  : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk
ADDRESS : 0x0ACBE000
SIZE    : 608.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\nwifi.sys => Invisible on the disk
ADDRESS : 0x0AD56000
SIZE    : 332.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\ndisuio.sys => Invisible on the disk
ADDRESS : 0x0ADA9000
SIZE    : 76.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\rdpdr.sys => Invisible on the disk
ADDRESS : 0x0ADBC000
SIZE    : 184.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\fastfat.SYS => Invisible on the disk
ADDRESS : 0x0AC63000
SIZE    : 216.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\avkmgr.sys => Invisible on the disk
ADDRESS : 0x0ACB4000
SIZE    : 40.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\avipbb.sys => Invisible on the disk
ADDRESS : 0x07ECB000
SIZE    : 144.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\avgntflt.sys => Invisible on the disk
ADDRESS : 0x07E69000
SIZE    : 128.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\tdtcp.sys => Invisible on the disk
ADDRESS : 0x0ACA3000
SIZE    : 44.0 Ko
 
DRIVER  : C:\Windows\System32\DRIVERS\tssecsrv.sys => Invisible on the disk
ADDRESS : 0x0ADEA000
SIZE    : 60.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\RDPWD.SYS => Invisible on the disk
ADDRESS : 0x0AC00000
SIZE    : 228.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\qwavedrv.sys => Invisible on the disk
ADDRESS : 0x07EBA000
SIZE    : 64.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\udfs.sys => Invisible on the disk
ADDRESS : 0x08E0A000
SIZE    : 340.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\umpass.sys => Invisible on the disk
ADDRESS : 0x08E69000
SIZE    : 40.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\USBSTOR.SYS => Invisible on the disk
ADDRESS : 0x08FA3000
SIZE    : 108.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\WUDFRd.sys => Invisible on the disk
ADDRESS : 0x08FBE000
SIZE    : 196.0 Ko
 
DRIVER  : C:\Windows\System32\smss.exe => Invisible on the disk
ADDRESS : 0x477D0000
SIZE    : 128.0 Ko
 
BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)
 
SystemStartOptions :  NOEXECUTE=OPTIN
 
________________________________________________________________________________
 
_______MBR   \Device\Harddisk0\DR0  
 
0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.м.|.À.ؾ.|¿.
0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..
0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10   ½¾..~..|......Å.
0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..
0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.
0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t
0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.
0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..ë.¸..».|.V.
0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE   .v..N..n.Í.fas.þ
0x000000A0   4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84   N.u..~......².ë.
0x000000B0   55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55   U2ä.V.Í.]ë..>þ}U
0x000000C0   AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64   ªun.v.è..u.ú°Ñæd
0x000000D0   E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75   è..°ßæ`è|.°.ædèu
0x000000E0   00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54   .û¸.»Í.f#Àu;f.ûT
0x000000F0   43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00   CPAu2.ù..r,fh.».
0x00000100   00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66   .fh....fh....fSf
0x00000110   53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66   SfUfh....fh.|..f
0x00000120   61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD   ah...Í.Z2öê.|..Í
0x00000130   18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4   ..·.ë..¶.ë..µ.2ä
0x00000140   05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD   ....ð¬<.t.»..´.Í
0x00000150   10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8   .ëòôëý+Éädë.$.àø
0x00000160   24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69   $.ÃInvalid parti
0x00000170   74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72   tion table.Error
0x00000180   20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69    loading operati
0x00000190   6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E   ng system.Missin
0x000001A0   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x000001B0   65 6D 00 00 00 63 7B 9A 88 9D 1F A0 00 00 80 20   em...c{........ 
0x000001C0   21 00 07 DF 13 0C 00 08 00 00 00 20 03 00 00 DF   !..ß....... ...ß
0x000001D0   14 0C 07 FE FF FF 00 28 03 00 00 D8 66 18 00 FE   ...þ...(...Øf..þ
0x000001E0   FF FF 07 FE FF FF 00 00 6A 18 00 58 CE 21 00 00   ...þ....j..XÎ!..
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª
 
_______MBR   \Device\Harddisk1\DR13  
 
0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3À.м.|ûP.P.ü¾.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ¿..PW¹å.ó¤Ë½¾.±.
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u..Å.âôÍ..õ
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   .Æ.It.8,tö.µ.´..
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   ð¬<.tü»..´.Í.ëò.
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.èF.s*þF..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t..¶.uÒ.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..è!.s..¶.ë
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   ¼.>þ}Uªt..~..tÈ.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ·.ë©.ü.W.õË¿...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   .´.Í.r#.Á$?..Þ.ü
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C   .w#r.9F.s.¸..».|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V.Í.sQOtN2ä.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V.Í.ëä.V.`»ªU´AÍ
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.ûUªu0öÁ.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.´B.ôÍ.aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 49 6E 76 61   2ä.V.Í.ëÖaùÃInva
0x00000130   6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61   lid partition ta
0x00000140   62 6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69 6E   ble.Error loadin
0x00000150   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x00000160   65 6D 00 4D 69 73 73 69 6E 67 20 6F 70 65 72 61   em.Missing opera
0x00000170   74 69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00   ting system.....
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 63 18 2E 07 C3 00 00 80 00   .....,Dc...Ã....
0x000001C0   01 01 0B 79 FA 60 80 1F 00 00 00 6E E8 00 00 00   ...yú`.....nè...
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª
[/code]

 

 


Arquivo(s) anexado(s)


Editado por bunfl, 01 setembro 2013 - 03:42.


#2
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.934 posts

bunfl,

 

Por favor, observe o seguinte:

  • NÃO tente realizar sozinho nenhum procedimento de limpeza. Em especial, não execute por conta própria ferramentas utilizadas no fórum Remoção de Malware. O uso indevido de algumas ferramentas poderá danificar o seu computador ou, no mínimo, remover parcialmente os sinais de uma infecção que serviriam de informação ao analista. A equipe não será responsabilizada por consequências resultantes de uso indevido e/ou não-informado das ferramentas. - Regra nº8 da Remoção de Malwares
  • Não inicie novo tópico sobre esse problema. Poste suas respostas sempre neste tópico.
  • Clique em button_seguir.png (se localiza no canto superior direito do post principal) para que receba notificação por e-mail quando o mesmo for respondido. Você também pode verificar os tópicos assinados usando a opção Conteúdo que sigo acessível através do Painel de Controle do fórum.
  • As análises podem levar algum tempo, portanto seja paciente.
  • As instruções são específicas para o seu computador, e devem ser aplicadas somente nele.
  • Se algo der errado, não importa. Sempre acompanhe seu tópico, informando-me dos resultados, até que seu computador esteja limpo.
  • Aviso: Evite utilizar as tags <QUOTE> ou <CODE> nos logs, isso prejudica a leitura na hora da analise.
  • Se em algum momento da análise ficar constatado que trata-se de um PC de empresa, o tópico será sumariamente fechado e sem possibilidade de reabertura.
  • Não abandone seu tópico. Para nós é importante saber se a remoção foi bem sucedida.
  • Se você não receber uma resposta minha em até 5 dias. Me envie uma MP

worm.png Seu computador está infectado com um tipo de worm que se espalha através de qualquer tipo de dispositivo de armazenamento removível (pendrives, mp3, mp4, celulares, cartões de memória, câmeras fotográficas) e também através de outras máquinas ligadas em rede.

Para evitar que seu computador seja reinfectado, e para não infectar outros computadores, é necessário que você formate o dispositivo em questão.
Se houver mais de um, todos devem ser formatados e não devem ser utilizados em nenhum pc até que terminemos a limpeza, de modo a conseguirmos desinfectar este computador.

É recomendável que você troque todas as senhas armazenadas neste pc. Se você usou ou usa o internet banking, comunique suas instituições financeiras sobre o ocorrido e troque as senhas urgentemente.

Faça o download do Panda USB Vaccine e salve na sua área de trabalho.

  • Conecte todos os dispositivos de armazenamento removível nas portas USBs. Salve o que achar necessário, EXCETO arquivos executáveis, depois formate as mídias, indo em Meu Computador e clicando com o direito sobre a unidade da mídia, escolhendo a opção "Formatar"
  • Execute o Panda USB Vaccine
  • Vá seguindo os prompts que poderão aparecer.
  • Espere até que o programa conclua a busca e depois saia do programa.

 

Conecte todos os dispositivos de armazenamento removível nas portas USBs
 
Desative seu antivírus, antispyware e firewall, para não causar conflitos.

Baixe o Dr.Web CureIt!

O programa será baixado automaticamente. Salve-o na sua Área de Trabalho.

  • Dê um duplo clique sobre o arquivo drweb-cureit.exe, e clique em Executar na janela de aviso de segurança.
  • O Dr.Web será iniciado no Enhanced Protection Mode (EPM). Dê o Cancel para que seja executado no modo normal.
  • Marque a caixa que permite o envio de estatísticas, e clique em Continue.
  • Clique no botão 2iqy61j.png, e clique em Portuguese.
  • Clique no botão bjbceu.jpg, e clique em Definições
  • Clique em Registro e em Especificar o nivel de registro deixe em Mínimo e clique em OK.
    23utt9v.png
  • Clique em Select objects for scanning, embaixo do botão Iniciar Exame
  • Clique em click para selecionar, marque a caixa My computer, depois clique em Ok.
  • Clique na caixa ao lado de Objetos Examinados, e em seguida em nnscja.png

O scan pode demorar, tenha paciência.

  • Se o programa pedir para reiniciar o computador durante a remoção, reinicie e aguarde para que ele termine de neutralizar as ameaças após o reboot.
  • Ao término da varredura, clique no botão 359jt09.png, caso tenham sido encontradas ameaças.
  • Clique em Open Report.
  • Será aberta uma janela do bloco de notas contendo informações. Selecione seu conteúdo, clique com o botão direito sobre a seleção e escolha Copiar. Cole o conteúdo na próxima resposta.

Poste também um novo log do HijackThis.



#3
bunfl

bunfl

    Novato

  • Novato
  • Pip
  • 10 posts
=============================================================================
Dr.Web Scanner SE for Windows v8.2.0.07100
© Doctor Web, Ltd., 1992-2013
Scan session started 2013/09/01 15:23:13 
Module location : c:\users\windows 7\appdata\local\temp\4AA66A00-D7800E00-98DED9A0-C483E20\
=============================================================================
OPTION [Automatic Apply Actions] NO
OPTION [Turn Off Computer After Scan] NO
OPTION [Use Sound Alerts] NO
OPTION [Block Network] NO
OPTION [Protect Process] NO
OPTION [Protect Raw Disk] NO
Using language: "English"
=============================================================================
Dr.Web Scanner SE for Windows v8.2.0.07100
© Doctor Web, Ltd., 1992-2013
Scan session started 2013/09/01 15:23:41 
Module location : c:\users\windows 7\appdata\local\temp\482A414F-6EE1D926-E541A67D-E2B55239\
=============================================================================
OPTION [Automatic Apply Actions] NO
OPTION [Turn Off Computer After Scan] NO
OPTION [Use Sound Alerts] NO
OPTION [Block Network] NO
OPTION [Protect Process] NO
OPTION [Protect Raw Disk] NO
Using language: "English"
Available instances: 6
Instances used: 6
Platform: Windows 7 Ultimate x64/WOW (Build 7601), Service Pack 1
API Version: 2.2
Scanning Engine version: 8.1.0.7100
Virus Finding Engine version: 7.0.5.6250
Total 132 virus bases are loaded from c:\users\windows 7\appdata\local\temp\482A414F-6EE1D926-E541A67D-E2B55239
osy0s7p3 7.0 135a28f63e44ad765c9fcc04447cc16d81f7e059 2013/09/01 10:20:35 1545 records - OK
aj0trcal 7.0 215c2d42a54f5188e8159bfd122292450d16f29b 2011/07/25 10:20:03 2 records - OK
euely8ta 7.0 1e67370ff89648d1d16f73e26ae1bf9967bb63f8 2013/08/31 15:04:13 15365 records - OK
hq5cpaoa 7.0 f806ed4628669b46da54d1f2eb12aa9bcef603a6 2013/08/25 23:08:46 18051 records - OK
f4e9f1qr 7.0 b453f2d6f8659d9dd5b9aa92f2a4cfa16cbfa1db 2013/08/18 23:07:38 30970 records - OK
atgcxco8 7.0 99da1df207839fb44ae24c23590c827a78b79624 2013/08/11 23:07:21 36983 records - OK
f90pzr4g 7.0 f00c8b50a0012e8c42c6739e1326d23df1894610 2013/08/04 23:06:47 34115 records - OK
fwyrgu1e 7.0 896fcf8d5d0cd958da3891b65648d2dc1592338b 2013/07/28 23:07:44 19463 records - OK
1q834p6v 7.0 d690513befab3ea86af2fe671a7f24cc05c9feaa 2013/07/21 23:08:15 35067 records - OK
3k84fbej 7.0 5d7d11b0edc97be077b0771339ba3dc0c75de9e0 2013/07/14 23:08:05 29822 records - OK
07shiodr 7.0 67683402b8212ef4da87f649878865c52e5dc113 2013/07/07 23:08:35 39172 records - OK
7vp2zdkf 7.0 613a3e4bae38b4e00a7432c24a9cd916fb1c654f 2013/06/30 23:06:34 24654 records - OK
u151rc5n 7.0 b81132c4abffd4d2949531a1219b6bb1c3bad6f7 2013/06/23 23:06:30 14062 records - OK
pojq90uc 7.0 9aab251475626c658b193cfa2b5f91da471bf8f2 2013/06/16 23:05:57 13350 records - OK
qak1rtfp 7.0 e1f8aca88745fcdd49dc7ae75e142c41e1faf178 2013/06/09 23:08:13 26371 records - OK
e7ojpcui 7.0 4e8627555a073f6bad5218bad3e69ebc4b93069f 2013/06/02 23:07:47 25525 records - OK
o7s5htth 7.0 f562371c5115143824efde38c9567c34ccbe5d1a 2013/05/26 23:16:19 33200 records - OK
grpvg76g 7.0 eccb30ec8ed44456f9b88fe96d9fe0de40e4fa51 2013/05/19 23:11:05 46384 records - OK
ukd13o14 7.0 9b481fbfbe1f564a84f21552da1d30d24e7b01db 2013/05/12 23:07:01 34270 records - OK
jskqizjp 7.0 1bf754dd720727b5d6803e081c16ff7f4ba7b40b 2013/05/05 23:08:46 41611 records - OK
k6ycsg4d 7.0 4e883c92513c2d991968fb3e4f27910a63d9a2df 2013/04/28 23:06:36 36105 records - OK
44iryy9b 7.0 b047d178295ecde53c3cf1c34e4361004569fa33 2013/04/21 23:07:26 31319 records - OK
8a8xxfmh 7.0 9207e55a924e4aa989dfde4d8d219cf5cc200ce2 2013/04/14 23:07:56 28216 records - OK
rh6jekxm 7.0 78855cfb9fbc063889c5405a577fe73188f08789 2013/04/07 23:05:35 23589 records - OK
l2v1xuet 7.0 cec6d34c79d50608520e81b90a23d91f39df0b27 2013/03/31 23:07:37 26946 records - OK
iv1grb3j 7.0 fd3c78d78ea4dae4e252a7f7d76db22e1a679be9 2013/03/24 23:05:37 34778 records - OK
sxukxqjn 7.0 268e71b1123ab5e60fd2f38d269fe5f3d22b3697 2013/03/17 23:06:19 11271 records - OK
266ddyxi 7.0 d196879775b0dc0ee8286f2e4def9adedb5b88df 2013/03/10 23:05:36 12046 records - OK
fuabsy94 7.0 0db61d4e3235481da8493523538ced712db362c2 2013/03/04 00:05:18 21747 records - OK
s7rl0y35 7.0 65f99faf227b51883c9f1c854a3f76806b60affb 2013/02/25 00:06:28 11540 records - OK
7jji0lgg 7.0 17bd7383b9c4b214c5c9029171db8ae1455984a0 2013/02/18 00:06:38 15568 records - OK
xbqgypaj 7.0 cbe8774953ae403e49370d552b522a5839aa9fdb 2013/02/11 00:06:00 18805 records - OK
7xv8k858 7.0 fb6865c02a3680338e4ee0603579107227313b2b 2013/02/04 00:06:01 32488 records - OK
ede8p1o0 7.0 95fcd2e24cd9b2ec2610656ffa70b8bf46e86a8b 2013/01/28 00:04:52 15470 records - OK
w0mrrdh7 7.0 3d710b3dd4580a7eca8c74d2c886d48f5b8b5172 2013/01/21 00:06:27 30093 records - OK
4smt7s7o 7.0 bddde0b5426b7e5bebd61e1239ca529c87ae6e36 2013/01/14 00:04:41 16158 records - OK
dva4zgnz 7.0 bc40bd9330301e8d7796f489d03357fb711b3121 2013/01/07 00:04:45 19597 records - OK
n2sqq7d6 7.0 805b6089c867549c75f843eac96b759c3f8d101f 2012/12/31 00:05:41 18184 records - OK
hf9942fl 7.0 c680da06ac6ec011d130e7ac765e33da89e2820a 2012/12/24 00:05:33 29945 records - OK
ap3jdh37 7.0 33def496782eb5b7b1cc93fdb036a1b62fa6a2fd 2012/12/17 00:06:21 25519 records - OK
7ox4e9ip 7.0 422abae03c588822f412aa9aae50578a1d61737e 2012/12/10 00:05:04 20358 records - OK
twwegfy6 7.0 a4f0d0ecad4fb6e0afdb1925f4e0b7863b9d03fa 2012/12/03 00:06:19 20133 records - OK
6ds3pcxh 7.0 86daa918ee3de1e4c1e5dea6f9b5f63544cf8814 2012/11/26 00:05:22 27311 records - OK
6edf4gc8 7.0 6556881c748e1f894eb9c7943ebae67017e1aec2 2012/11/19 00:06:09 29434 records - OK
i0o0v9mo 7.0 559141ef34f9e6226bb58560e9b52e4cc5165150 2012/11/12 00:06:22 26900 records - OK
aekd4jiw 7.0 cc55013e63ff89319ec772e34d77056c7108cd3b 2012/11/05 00:05:22 25164 records - OK
6ct9447w 7.0 f477dc247d9b562bb64fd4f46a7dcbdf7124eb60 2012/10/29 00:06:37 30226 records - OK
r8aqkdke 7.0 abaf5f7fda7308fcf7573b193bbf2116723e9802 2012/10/22 00:04:37 16441 records - OK
zltp4jhs 7.0 5adc85528fb49e201d4bc61eca580d6839cc4a4c 2012/10/15 00:05:04 26289 records - OK
adrmz87m 7.0 da8cf3fbd81206bb3d8103347a439f920a74bbe2 2012/10/07 23:05:51 27278 records - OK
7pyk00jd 7.0 5988744d3cb357f1a013427d466e2d79ab5f8907 2012/09/30 23:05:11 17444 records - OK
ccnijrsp 7.0 d4a0dabf4a4df0f79805c6ccdc025f796765e786 2012/09/23 23:06:30 21205 records - OK
5mpp1v7b 7.0 82ed005784d9e258213070a0cd8bfceff345018d 2012/09/16 23:05:43 11686 records - OK
0ii6fhq4 7.0 a95ae63004b8d857c2db055f4e47c15bfc97f626 2012/09/09 23:04:34 12677 records - OK
d2h71ro3 7.0 c39bf233d25242ae9ed8cf204b9b788c8f45ab79 2012/09/02 23:05:28 10118 records - OK
d46bsjyx 7.0 d37b5484b009947b7cdd3837dafe8148615401c2 2012/08/26 23:05:26 12602 records - OK
8lx1i6rn 7.0 41bf1347794ab7060dec7aaecc1d1d95cf6fecb5 2012/08/19 23:04:05 18298 records - OK
rmjpjz0o 7.0 1a997511e5892aaeb69b3db70e06676af36382e3 2012/08/12 23:05:19 17126 records - OK
9qn44pj3 7.0 f7226c59914e3683e538e668c3b664af3232654d 2012/08/05 23:03:53 20539 records - OK
ji50cl5s 7.0 4035c8d3b617bf935a317a8c57efaa8e835a61f4 2012/07/29 23:05:26 19330 records - OK
41cctsbn 7.0 09b55bc000f184ed426f1d8b9665669346fe5e71 2012/07/22 23:05:34 19692 records - OK
s0r7co7q 7.0 f746c097f298e94faa9db94e6f64ef9fd4a7b010 2012/07/15 23:05:43 14727 records - OK
77cfzdz8 7.0 792a6a25a17e764390440cd4c2c6ca5a97ab162f 2012/07/08 23:04:33 19485 records - OK
h03yaj87 7.0 ca9905c39e3d93428a4db65a192debe9fbd7acf7 2012/07/01 23:04:55 22898 records - OK
h1ofprwv 7.0 dc29c610b866c66ba5327e7830452b2460149a35 2012/06/24 23:05:17 20551 records - OK
5t1hcrnb 7.0 c28739bea153508d12942ac9a61abd475d0a0404 2012/06/17 23:03:35 9661 records - OK
v330ttkp 7.0 e5b5835a7c512120c5348e31483a4caa2a845d28 2012/06/10 23:04:32 23632 records - OK
dfy3znym 7.0 61853ce89026ef0ebbd80174f1b7dd5d25bbc63a 2012/06/03 23:04:41 12423 records - OK
e8jko4ab 7.0 4e6c9897e153b47ca97b7da48ceed23e555a7761 2012/05/27 23:04:26 15493 records - OK
czghxvrw 7.0 35f4c105cecd8ec1fd01714abebf30f8f3efb96e 2012/05/20 23:03:29 13065 records - OK
3bico0x8 7.0 3522aa84677411aa7d67796bb05ea3ab62f02a71 2012/05/13 23:04:24 16238 records - OK
ylr1yaju 7.0 7597333540eda537bd42c0a17d4a6526ad247a2e 2012/05/06 23:04:33 11570 records - OK
vuxcdmh5 7.0 867814380363bc6ad605acf4b96e02c54dbd60f7 2012/04/29 23:03:28 15478 records - OK
qz6sgnw8 7.0 3c04f402d91a19039cb9c223c435dc4ea1bb3da4 2012/04/22 23:05:05 11881 records - OK
eqy0ursy 7.0 8d0220a2a50b367e61a51d3b29c2659cde41bb7f 2012/04/15 23:03:29 13578 records - OK
t1rpz71r 7.0 b79dc6f5832ad390108d1880694ec538e8b34bb0 2012/04/08 23:05:02 14292 records - OK
eqo1ffa6 7.0 8ff7cc095c43c2154275b7a54a89bf365e8daf4a 2012/04/01 23:03:24 14084 records - OK
s58talcw 7.0 9502a428b32be4ad08556134e271c9ba03195398 2012/03/25 23:04:43 19126 records - OK
0ttko5x6 7.0 28c2fabbc645aff41baac12b911a8499ea163536 2012/03/18 23:03:23 14920 records - OK
dwbyhmif 7.0 86de597ff06e58206f94263f2eef33cb41b2530c 2012/03/11 23:03:25 19017 records - OK
35x5l97r 7.0 5bd1d666e7c9ca70c34e591dc6c55314ce4b11af 2012/03/05 00:04:32 19691 records - OK
diuoimuv 7.0 15a9d10c451d2fcf124700f29f557d9bf338e671 2012/02/27 00:03:21 23605 records - OK
23dn3lsg 7.0 5647d941e5358105ca6558dce78873f06c48d5dc 2012/02/20 00:03:45 19067 records - OK
e23vkzhx 7.0 c9b2600cb665ce34e0ccd0f19e0a88cd44437f51 2012/02/13 00:04:49 19019 records - OK
orztkx10 7.0 9df2e129e78a9d9ab491186da1329c1dd1190e17 2012/02/06 00:05:25 28028 records - OK
553i6loh 7.0 b69b9504a51b8777b8e95a4680dc8ac1d8d8c25d 2012/01/30 00:08:41 29444 records - OK
doxdm96g 7.0 3d7431bdee1a22d6329e017f348db7760f2645ac 2012/01/23 05:22:13 19353 records - OK
0gdj67p4 7.0 e04570f78fb00d758abdf77c534a460980e102c0 2012/01/16 00:12:31 20747 records - OK
w23260tv 7.0 2de2479b112c4416e2375343f57ca789b042aecc 2012/01/09 00:04:30 28052 records - OK
953lfgez 7.0 c4bd9612ff1f71d8bd23b4f1bc114eed1ae2ee6b 2012/01/02 00:04:40 12183 records - OK
kt49y4uh 7.0 28b1d218ade8f05fdc8550c7456ac3b74f705208 2011/12/26 00:03:33 19984 records - OK
usoxay71 7.0 539e41e8f3d97a6f347600c7cef903d9f34e0518 2011/12/19 00:08:45 22627 records - OK
6s0ri4u0 7.0 f8e81968965f555bce0d02fc9933fee840b97aaf 2011/12/12 17:20:22 49580 records - OK
3cx8eqpp 7.0 14751e0f442bba3efc08ee12d82a2815c61cfeb6 2011/12/04 05:00:00 45195 records - OK
9x4157qq 7.0 1a1e6cb9b3096a2cbba2c31d05e11914c0357d52 2011/12/04 04:00:00 165532 records - OK
n0o01an9 7.0 0f948a7d416c556bfc8a8be2c2c39f998fee6d9e 2011/12/04 03:00:00 170820 records - OK
7rts1nea 7.0 9357c3cc73a4a374346a678f197daa22496c7ae5 2011/12/04 02:00:00 171279 records - OK
aw5lnksc 7.0 ae56b06b3d6f1e13c5f10cce4ed68f2cccbf3298 2011/12/04 01:00:00 170253 records - OK
iydjm93x 7.0 fdaab5c1079d02c94f20d07c39d638cad79d8771 2011/12/04 00:00:00 170291 records - OK
4eopafsf 7.0 b59d8841e65d7670b2aae7f2b65734269f6c4fe3 2011/12/03 23:00:00 170501 records - OK
5ih8jm6f 7.0 3946b1d195434cf7a70d144da71c87559475c58f 2011/12/03 22:00:00 353582 records - OK
751j5hjj 7.0 8df4695f74ea5949551df6044720694e204b13d7 2011/12/03 21:00:00 852776 records - OK
v5m5fq6g 7.0 623996ab15966b611ababc4a62b9a0124d7fd00d 2013/09/01 10:22:11 1322 records - OK
smu0x2xs 7.0 c1d53c2aef72dfab36a8045897938e7a31f279ac 2013/07/14 23:15:07 1590 records - OK
2iflcbol 7.0 0cb77ee7a3e6545553585eb6df267a86d4fecbe4 2013/04/21 23:14:29 1680 records - OK
kgkwb7rh 7.0 6cb68b8fab821702ef054f864ff44917414e50fa 2013/02/04 00:13:43 2078 records - OK
mrpvb1ki 7.0 cfbe9cf43615f7856e4c35f0fc02e2baf12e39e7 2012/12/17 00:14:14 1725 records - OK
s2zfwqwk 7.0 047694e79b1a8d295f27ea9c6565062404f84a57 2012/11/12 00:12:52 2050 records - OK
4uyqqcja 7.0 f3413603f4ee1c88018a78c1f6faf2abeb8fa8c1 2012/09/23 23:13:14 1456 records - OK
d62iwsmg 7.0 8871f579eeb7e5e7b70c6dd898afd27391d7daf4 2012/06/24 23:12:36 1421 records - OK
s2ck88wq 7.0 3ee43130fe7fec4b367a791892a444d0a791b29b 2012/03/25 23:12:30 1385 records - OK
tlhu29x3 7.0 fddc5d687537580c7166dbf117d591593bc62261 2012/01/23 01:56:09 1653 records - OK
7wthoz5h 7.0 daefec8d4f54c544b20b87a589a1f13d18843a16 2013/09/01 10:21:29 1844 records - OK
wkxp963t 7.0 63ff62f7b5aa956912f6c29e7ad7be26569416ff 2013/08/18 23:25:05 1485 records - OK
oziu6azp 7.0 d95d1ab4adf9a869001802f64960356e903dd478 2013/07/21 23:24:06 2214 records - OK
qe3awsbh 7.0 45cdfad530697916adbfea43a8763a4ab0c95beb 2013/05/19 23:24:48 1426 records - OK
2g60ebfi 7.0 bd9fd948b79e07c8676018e17a43ee81f5335e36 2013/04/21 23:24:10 1641 records - OK
gkp7kjsg 7.0 c7f70566b9bae9fd3f5a8d0b56d961f890a55508 2013/03/17 23:23:44 1742 records - OK
gyv51g57 7.0 8893c0d254eb40c78b5c78ea17fbc3be60ea6304 2013/01/21 00:24:33 2016 records - OK
95t0xdus 7.0 cdf3a9d2dcab57f90c378d9eefacbfd358a42699 2012/12/10 00:23:23 1620 records - OK
c96gt7ju 7.0 c0726ba000e840272f0810b89051e6daa8799084 2012/11/05 00:23:16 1658 records - OK
kd42co24 7.0 216611859de0125bf130d6324d43c9115cb05def 2012/10/07 23:23:20 1465 records - OK
79eu4t1e 7.0 264c14ad60c4423ec292f5f8b182e4448504dfa9 2012/09/09 23:23:14 1588 records - OK
4awrwvk6 7.0 33197bfe9efefa9db33725d240757103c625b601 2012/07/22 23:22:36 1702 records - OK
xgcyah1o 7.0 74d8e114edb84b95bc09d5a2a36191d15a61e2cb 2012/06/10 23:22:36 1659 records - OK
t4kgnben 7.0 79ca8239f310688d2b9c314fa3d738a34985cce3 2012/04/29 23:22:34 1670 records - OK
atoslkvh 7.0 aac27e986e3731e5260cb76f5b14558e36660dec 2012/03/11 23:22:28 1729 records - OK
b8vpwb0b 7.0 fa5c96b8be693a20c2a295e3545419e6f117fdc4 2012/01/30 00:23:00 1523 records - OK
1yo8s08d 7.0 e9b21e0a3578ef2e2067f4876309671ddc78f65f 2011/12/19 00:22:29 1805 records - OK
udx7wqey 7.0 8f7a8f6f55130f6becc5331ab38dc2108746b8aa 2011/12/03 20:00:00 26456 records - OK
5gyb5dhq 7.0 e6d52b11d2f7d405ccd31347da3b6fde69825168 2011/12/03 19:00:00 74279 records - OK
ynjqk8hm 7.0 e20ffde4bbc58e0585b0b3b2f324bc91272c2360 2011/12/03 18:00:00 1 record - OK
Total records count: 4439228
Anti-rootkit module version ( ver: 8.6.201308190, api: 5.01/5.01 )
 
Using c:\users\windows 7\appdata\local\temp\482A414F-6EE1D926-E541A67D-E2B55239\e1e29fkh.key as Dr.Web ® Key file
This Dr.Web ® Key is for 1 computer (A User)
-----------------------------------------------------------------------------
Start scanning
-----------------------------------------------------------------------------
Command line used:-rpcep:\pipe\5382027E2 -rpcpr:np /protmode 
 
Object(s) to scan:
 - Scan processes in memory
 - Scan boot sectors
 - Scanning for rootkits 
 - C:\Favoritos - Atalho.lnk
 - C:\hiberfil.sys
 - C:\pagefile.sys
 - C:\Windows\system32\
 - C:\Windows\SysWOW64\
 - D:\Documents\
 - C:\Windows\TEMP\
 - C:\Users\WINDOW~1\AppData\Local\Temp\
 
Computer\Motherboard\SYSTEM BIOS - Ok
c:\windows\system32\ntoskrnl.exe - Ok
c:\windows\system32\hal.dll - Ok
c:\windows\system32\kdcom.dll - Ok
c:\windows\system32\mcupdate_genuineintel.dll - Ok
c:\windows\system32\pshed.dll - Ok
c:\windows\system32\clfs.sys - Ok
c:\windows\system32\ci.dll - Ok
c:\windows\system32\drivers\wdf01000.sys - Ok
c:\windows\system32\drivers\wdfldr.sys - Ok
c:\windows\system32\drivers\acpi.sys - Ok
c:\windows\system32\drivers\wmilib.sys - Ok
c:\windows\system32\drivers\msisadrv.sys - Ok
c:\windows\system32\drivers\pci.sys - Ok
c:\windows\system32\drivers\vdrvroot.sys - Ok
c:\windows\system32\drivers\partmgr.sys - Ok
c:\windows\system32\drivers\volmgr.sys - Ok
c:\windows\system32\drivers\volmgrx.sys - Ok
c:\windows\system32\drivers\intelide.sys - Ok
c:\windows\system32\drivers\pciidex.sys - Ok
c:\windows\system32\drivers\mountmgr.sys - Ok
c:\windows\system32\drivers\atapi.sys - Ok
c:\windows\system32\drivers\ataport.sys - Ok
c:\windows\system32\drivers\amdxata.sys - Ok
c:\windows\system32\drivers\fltmgr.sys - Ok
c:\windows\system32\drivers\fileinfo.sys - Ok
c:\windows\system32\drivers\ntfs.sys - Ok
c:\windows\system32\drivers\msrpc.sys - Ok
c:\windows\system32\drivers\ksecdd.sys - Ok
c:\windows\system32\drivers\cng.sys - Ok
c:\windows\system32\drivers\pcw.sys - Ok
c:\windows\system32\drivers\fs_rec.sys - Ok
c:\windows\system32\drivers\ndis.sys - Ok
c:\windows\system32\drivers\netio.sys - Ok
c:\windows\system32\drivers\ksecpkg.sys - Ok
c:\windows\system32\drivers\tcpip.sys - Ok
c:\windows\system32\drivers\fwpkclnt.sys - Ok
c:\windows\system32\drivers\epfwwfp.sys - Ok
c:\windows\system32\drivers\vmstorfl.sys - Ok
c:\windows\system32\drivers\volsnap.sys - Ok
c:\windows\system32\drivers\spldr.sys - Ok
c:\windows\system32\drivers\rdyboost.sys - Ok
c:\windows\system32\drivers\mup.sys - Ok
c:\windows\system32\drivers\hwpolicy.sys - Ok
c:\windows\system32\drivers\fvevol.sys - Ok
c:\windows\system32\drivers\disk.sys - Ok
c:\windows\system32\drivers\classpnp.sys - Ok
c:\windows\system32\drivers\dtsoftbus01.sys - Ok
c:\windows\system32\drivers\cdrom.sys - Ok
c:\windows\system32\drivers\eamonm.sys - Ok
c:\windows\system32\drivers\null.sys - Ok
c:\windows\system32\drivers\beep.sys - Ok
c:\windows\system32\drivers\ehdrv.sys - Ok
c:\program files\eset\eset smart security\em006_64.dat - Ok
c:\program files\eset\eset smart security\em018_64.dat - Ok
c:\windows\system32\drivers\bprotectex.sys - Ok
c:\windows\system32\drivers\vga.sys - Ok
c:\windows\system32\drivers\videoprt.sys - Ok
c:\windows\system32\drivers\watchdog.sys - Ok
c:\windows\system32\drivers\rdpcdd.sys - Ok
c:\windows\system32\drivers\rdpencdd.sys - Ok
c:\windows\system32\drivers\rdprefmp.sys - Ok
c:\windows\system32\drivers\msfs.sys - Ok
c:\windows\system32\drivers\npfs.sys - Ok
c:\windows\system32\drivers\tdx.sys - Ok
c:\windows\system32\drivers\tdi.sys - Ok
c:\windows\system32\drivers\afd.sys - Ok
c:\windows\system32\drivers\netbt.sys - Ok
c:\windows\system32\drivers\wfplwf.sys - Ok
c:\windows\system32\drivers\pacer.sys - Ok
c:\windows\system32\drivers\epfwlwf.sys - Ok
c:\windows\system32\drivers\netbios.sys - Ok
c:\windows\system32\drivers\serial.sys - Ok
c:\windows\system32\drivers\wanarp.sys - Ok
c:\windows\system32\drivers\termdd.sys - Ok
c:\windows\system32\drivers\rdbss.sys - Ok
c:\windows\system32\drivers\nsiproxy.sys - Ok
c:\windows\system32\drivers\mssmbios.sys - Ok
c:\windows\system32\drivers\discache.sys - Ok
c:\windows\system32\drivers\csc.sys - Ok
c:\windows\system32\drivers\dfsc.sys - Ok
c:\windows\system32\drivers\blbdrive.sys - Ok
c:\windows\system32\drivers\avkmgr.sys - Ok
c:\windows\system32\drivers\avipbb.sys - Ok
c:\windows\system32\drivers\tunnel.sys - Ok
c:\windows\system32\drivers\nvlddmkm.sys - Ok
c:\windows\system32\drivers\dxgkrnl.sys - Ok
c:\windows\system32\drivers\dxgmms1.sys - Ok
c:\windows\system32\drivers\hdaudbus.sys - Ok
c:\windows\system32\drivers\rt64win7.sys - Ok
c:\windows\system32\drivers\usbuhci.sys - Ok
c:\windows\system32\drivers\usbport.sys - Ok
c:\windows\system32\drivers\usbehci.sys - Ok
c:\windows\system32\drivers\i8042prt.sys - Ok
c:\windows\system32\drivers\kbdclass.sys - Ok
c:\windows\system32\drivers\fdc.sys - Ok
c:\windows\system32\drivers\serenum.sys - Ok
c:\windows\system32\drivers\parport.sys - Ok
c:\windows\system32\drivers\intelppm.sys - Ok
c:\windows\system32\drivers\compositebus.sys - Ok
c:\windows\system32\drivers\msiscsi.sys - Ok
c:\windows\system32\drivers\storport.sys - Ok
c:\windows\system32\drivers\agilevpn.sys - Ok
c:\windows\system32\drivers\rasl2tp.sys - Ok
c:\windows\system32\drivers\ndistapi.sys - Ok
c:\windows\system32\drivers\ndiswan.sys - Ok
c:\windows\system32\drivers\raspppoe.sys - Ok
c:\windows\system32\drivers\raspptp.sys - Ok
c:\windows\system32\drivers\rassstp.sys - Ok
c:\windows\system32\drivers\rdpbus.sys - Ok
c:\windows\system32\drivers\mouclass.sys - Ok
c:\windows\system32\drivers\swenum.sys - Ok
c:\windows\system32\drivers\ks.sys - Ok
c:\windows\system32\drivers\umbus.sys - Ok
c:\windows\system32\drivers\usbhub.sys - Ok
c:\windows\system32\drivers\ndproxy.sys - Ok
c:\windows\system32\drivers\nvhda64v.sys - Ok
c:\windows\system32\drivers\portcls.sys - Ok
c:\windows\system32\drivers\drmk.sys - Ok
c:\windows\system32\drivers\ksthunk.sys - Ok
c:\windows\system32\drivers\hdaudio.sys - Ok
c:\windows\system32\drivers\crashdmp.sys - Ok
c:\windows\system32\drivers\dump_dumpata.sys - file not found
c:\windows\system32\drivers\dump_atapi.sys - file not found
c:\windows\system32\drivers\dump_dumpfve.sys - file not found
c:\windows\system32\win32k.sys - Ok
c:\windows\system32\drivers\dxapi.sys - Ok
c:\windows\system32\drivers\monitor.sys - Ok
c:\windows\system32\tsddd.dll - Ok
c:\windows\system32\cdd.dll - Ok
c:\windows\system32\drivers\hidusb.sys - Ok
c:\windows\system32\drivers\hidclass.sys - Ok
c:\windows\system32\drivers\hidparse.sys - Ok
c:\windows\system32\drivers\usbd.sys - Ok
c:\windows\system32\drivers\mouhid.sys - Ok
c:\windows\system32\drivers\usbccgp.sys - Ok
c:\windows\system32\drivers\usbvideo.sys - Ok
c:\windows\system32\drivers\usbaudio.sys - Ok
c:\windows\system32\drivers\luafv.sys - Ok
c:\windows\system32\drivers\avgntflt.sys - Ok
c:\windows\system32\drivers\wudfpf.sys - Ok
c:\windows\system32\drivers\epfw.sys - Ok
c:\program files\eset\eset smart security\em008_64.dat - Ok
c:\windows\system32\drivers\lltdio.sys - Ok
c:\windows\system32\drivers\rspndr.sys - Ok
>c:\windows\system32\drivers\http.sys is BINARYRES container
c:\windows\system32\drivers\http.sys - container
c:\windows\system32\drivers\bowser.sys - Ok
c:\windows\system32\drivers\mpsdrv.sys - Ok
c:\windows\system32\drivers\mrxsmb.sys - Ok
c:\windows\system32\drivers\mrxsmb10.sys - Ok
c:\windows\system32\drivers\mrxsmb20.sys - Ok
c:\windows\system32\drivers\peauth.sys - Ok
c:\windows\system32\drivers\secdrv.sys - Ok
c:\windows\system32\drivers\srvnet.sys - Ok
c:\windows\system32\drivers\tcpipreg.sys - Ok
c:\windows\system32\drivers\srv2.sys - Ok
c:\windows\system32\drivers\udfs.sys - Ok
c:\windows\system32\drivers\srv.sys - Ok
c:\windows\system32\drivers\rdpdr.sys - Ok
c:\windows\system32\drivers\nwifi.sys - Ok
c:\windows\system32\drivers\ndisuio.sys - Ok
c:\windows\system32\drivers\tdtcp.sys - Ok
c:\windows\system32\drivers\tssecsrv.sys - Ok
c:\windows\system32\drivers\rdpwd.sys - Ok
c:\windows\system32\drivers\cdfs.sys - Ok
c:\windows\system32\atmfd.dll - Ok
c:\windows\system32\drivers\usbstor.sys - Ok
c:\windows\system32\drivers\fastfat.sys - Ok
c:\windows\system32\drivers\wudfrd.sys - Ok
c:\users\windows 7\appdata\local\temp\532ae567f.sys - file not found
c:\users\windows 7\appdata\local\temp\5341ccefc.sys - file not found
c:\windows\system32\ntdll.dll - Ok
c:\windows\system32\smss.exe - Ok
c:\windows\system32\apisetschema.dll - Ok
c:\windows\system32\autochk.exe - Ok
>c:\windows\system32\wininet.dll is BINARYRES container
c:\windows\system32\wininet.dll - container
c:\windows\system32\lpk.dll - Ok
>c:\windows\system32\ole32.dll is BINARYRES container
c:\windows\system32\ole32.dll - container
c:\windows\system32\ws2_32.dll - Ok
c:\windows\system32\normaliz.dll - Ok
c:\windows\system32\imm32.dll - Ok
c:\windows\system32\user32.dll - Ok
c:\windows\system32\wldap32.dll - Ok
c:\windows\system32\msctf.dll - Ok
c:\windows\system32\comdlg32.dll - Ok
c:\windows\system32\difxapi.dll - Ok
c:\windows\system32\oleaut32.dll - Ok
>c:\windows\system32\shell32.dll is BINARYRES container
c:\windows\system32\shell32.dll - container
c:\windows\system32\iertutil.dll - Ok
c:\windows\system32\usp10.dll - Ok
c:\windows\system32\shlwapi.dll - Ok
c:\windows\system32\gdi32.dll - Ok
>c:\windows\system32\urlmon.dll is BINARYRES container
c:\windows\system32\urlmon.dll - container
c:\windows\system32\msvcrt.dll - Ok
c:\windows\system32\rpcrt4.dll - Ok
c:\windows\system32\psapi.dll - Ok
>c:\windows\system32\setupapi.dll - packed by BINARYRES
>>c:\windows\system32\setupapi.dll - packed by MS COMPRESS
c:\windows\system32\setupapi.dll - Ok
c:\windows\system32\advapi32.dll - Ok
c:\windows\system32\kernel32.dll - Ok
c:\windows\system32\imagehlp.dll - Ok
c:\windows\system32\sechost.dll - Ok
c:\windows\system32\nsi.dll - Ok
c:\windows\system32\clbcatq.dll - Ok
c:\windows\system32\comctl32.dll - Ok
c:\windows\system32\devobj.dll - Ok
c:\windows\system32\crypt32.dll - Ok
c:\windows\system32\wintrust.dll - Ok
c:\windows\system32\cfgmgr32.dll - Ok
c:\windows\system32\kernelbase.dll - Ok
c:\windows\system32\msasn1.dll - Ok
System Idle Process - file not found
System Process - file not found
c:\windows\system32\csrss.exe - Ok
c:\windows\system32\wininit.exe - Ok
c:\windows\system32\services.exe - Ok
c:\windows\system32\lsass.exe - Ok
c:\windows\system32\lsm.exe - Ok
c:\windows\system32\winlogon.exe - Ok
c:\windows\system32\svchost.exe - Ok
c:\windows\system32\nvvsvc.exe - Ok
c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe - Ok
>c:\program files (x86)\gbplugin\gbpsv.exe - packed by FLY-CODE
>>c:\program files (x86)\gbplugin\gbpsv.exe - packed by VMPROTECT
>>>c:\program files (x86)\gbplugin\gbpsv.exe is BINARYRES container
>>>>c:\program files (x86)\gbplugin\gbpsv.exe\data002 is BINARYRES container
c:\program files (x86)\gbplugin\gbpsv.exe - container
c:\program files\nvidia corporation\display\nvxdsync.exe - Ok
c:\windows\system32\dwm.exe - Ok
c:\windows\explorer.exe - Ok
c:\windows\system32\spoolsv.exe - Ok
c:\program files (x86)\avira\antivir desktop\sched.exe - Ok
c:\program files (x86)\avira\antivir desktop\avguard.exe - Ok
c:\program files (x86)\askpartnernetwork\toolbar\apnmcp.exe - Ok
c:\program files\eset\eset smart security\x86\ekrn.exe - Ok
c:\program files (x86)\common files\microsoft shared\vs7debug\mdm.exe - Ok
c:\windows\system32\taskhost.exe - Ok
c:\program files (x86)\motorola mobility\motorola device manager\motohelperservice.exe - Ok
c:\program files (x86)\baidu security\pc faster\3.7.0.0\pcfastersvc.exe - Ok
c:\program files (x86)\motorola\motforwarddaemon\forwarddaemon.exe - Ok
c:\program files (x86)\motorola mobility\motorola device manager\motohelperagent.exe - Ok
>c:\program files\eset\eset smart security\egui.exe is ZLIB container
c:\program files\eset\eset smart security\egui.exe - container
 
Total 107143084 bytes in 237 files scanned (304 objects)
Total 230 files (297 objects) are clean
There are no infected objects detected
Total 7 files are raised error condition
Scan time is 00:00:33.481
 
=============================================================================
Dr.Web Scanner SE for Windows v8.2.0.07100
© Doctor Web, Ltd., 1992-2013
Scan session started 2013/09/01 15:24:52 
Module location : c:\users\windows 7\appdata\local\temp\59274DF5-5761439B-CE654F39-8A6FCC53\
=============================================================================
OPTION [Automatic Apply Actions] NO
OPTION [Turn Off Computer After Scan] NO
OPTION [Use Sound Alerts] NO
OPTION [Block Network] NO
OPTION [Protect Process] NO
OPTION [Protect Raw Disk] NO
Using language: "English"
Available instances: 6
Instances used: 6
Platform: Windows 7 Ultimate x64/WOW (Build 7601), Service Pack 1
API Version: 2.2
Scanning Engine version: 8.1.0.7100
Virus Finding Engine version: 7.0.5.6250
Total 132 virus bases are loaded from c:\users\windows 7\appdata\local\temp\59274DF5-5761439B-CE654F39-8A6FCC53
osy0s7p3 7.0 135a28f63e44ad765c9fcc04447cc16d81f7e059 2013/09/01 10:20:35 1545 records - OK
aj0trcal 7.0 215c2d42a54f5188e8159bfd122292450d16f29b 2011/07/25 10:20:03 2 records - OK
euely8ta 7.0 1e67370ff89648d1d16f73e26ae1bf9967bb63f8 2013/08/31 15:04:13 15365 records - OK
hq5cpaoa 7.0 f806ed4628669b46da54d1f2eb12aa9bcef603a6 2013/08/25 23:08:46 18051 records - OK
f4e9f1qr 7.0 b453f2d6f8659d9dd5b9aa92f2a4cfa16cbfa1db 2013/08/18 23:07:38 30970 records - OK
atgcxco8 7.0 99da1df207839fb44ae24c23590c827a78b79624 2013/08/11 23:07:21 36983 records - OK
f90pzr4g 7.0 f00c8b50a0012e8c42c6739e1326d23df1894610 2013/08/04 23:06:47 34115 records - OK
fwyrgu1e 7.0 896fcf8d5d0cd958da3891b65648d2dc1592338b 2013/07/28 23:07:44 19463 records - OK
1q834p6v 7.0 d690513befab3ea86af2fe671a7f24cc05c9feaa 2013/07/21 23:08:15 35067 records - OK
3k84fbej 7.0 5d7d11b0edc97be077b0771339ba3dc0c75de9e0 2013/07/14 23:08:05 29822 records - OK
07shiodr 7.0 67683402b8212ef4da87f649878865c52e5dc113 2013/07/07 23:08:35 39172 records - OK
7vp2zdkf 7.0 613a3e4bae38b4e00a7432c24a9cd916fb1c654f 2013/06/30 23:06:34 24654 records - OK
u151rc5n 7.0 b81132c4abffd4d2949531a1219b6bb1c3bad6f7 2013/06/23 23:06:30 14062 records - OK
pojq90uc 7.0 9aab251475626c658b193cfa2b5f91da471bf8f2 2013/06/16 23:05:57 13350 records - OK
qak1rtfp 7.0 e1f8aca88745fcdd49dc7ae75e142c41e1faf178 2013/06/09 23:08:13 26371 records - OK
e7ojpcui 7.0 4e8627555a073f6bad5218bad3e69ebc4b93069f 2013/06/02 23:07:47 25525 records - OK
o7s5htth 7.0 f562371c5115143824efde38c9567c34ccbe5d1a 2013/05/26 23:16:19 33200 records - OK
grpvg76g 7.0 eccb30ec8ed44456f9b88fe96d9fe0de40e4fa51 2013/05/19 23:11:05 46384 records - OK
ukd13o14 7.0 9b481fbfbe1f564a84f21552da1d30d24e7b01db 2013/05/12 23:07:01 34270 records - OK
jskqizjp 7.0 1bf754dd720727b5d6803e081c16ff7f4ba7b40b 2013/05/05 23:08:46 41611 records - OK
k6ycsg4d 7.0 4e883c92513c2d991968fb3e4f27910a63d9a2df 2013/04/28 23:06:36 36105 records - OK
44iryy9b 7.0 b047d178295ecde53c3cf1c34e4361004569fa33 2013/04/21 23:07:26 31319 records - OK
8a8xxfmh 7.0 9207e55a924e4aa989dfde4d8d219cf5cc200ce2 2013/04/14 23:07:56 28216 records - OK
rh6jekxm 7.0 78855cfb9fbc063889c5405a577fe73188f08789 2013/04/07 23:05:35 23589 records - OK
l2v1xuet 7.0 cec6d34c79d50608520e81b90a23d91f39df0b27 2013/03/31 23:07:37 26946 records - OK
iv1grb3j 7.0 fd3c78d78ea4dae4e252a7f7d76db22e1a679be9 2013/03/24 23:05:37 34778 records - OK
sxukxqjn 7.0 268e71b1123ab5e60fd2f38d269fe5f3d22b3697 2013/03/17 23:06:19 11271 records - OK
266ddyxi 7.0 d196879775b0dc0ee8286f2e4def9adedb5b88df 2013/03/10 23:05:36 12046 records - OK
fuabsy94 7.0 0db61d4e3235481da8493523538ced712db362c2 2013/03/04 00:05:18 21747 records - OK
s7rl0y35 7.0 65f99faf227b51883c9f1c854a3f76806b60affb 2013/02/25 00:06:28 11540 records - OK
7jji0lgg 7.0 17bd7383b9c4b214c5c9029171db8ae1455984a0 2013/02/18 00:06:38 15568 records - OK
xbqgypaj 7.0 cbe8774953ae403e49370d552b522a5839aa9fdb 2013/02/11 00:06:00 18805 records - OK
7xv8k858 7.0 fb6865c02a3680338e4ee0603579107227313b2b 2013/02/04 00:06:01 32488 records - OK
ede8p1o0 7.0 95fcd2e24cd9b2ec2610656ffa70b8bf46e86a8b 2013/01/28 00:04:52 15470 records - OK
w0mrrdh7 7.0 3d710b3dd4580a7eca8c74d2c886d48f5b8b5172 2013/01/21 00:06:27 30093 records - OK
4smt7s7o 7.0 bddde0b5426b7e5bebd61e1239ca529c87ae6e36 2013/01/14 00:04:41 16158 records - OK
dva4zgnz 7.0 bc40bd9330301e8d7796f489d03357fb711b3121 2013/01/07 00:04:45 19597 records - OK
n2sqq7d6 7.0 805b6089c867549c75f843eac96b759c3f8d101f 2012/12/31 00:05:41 18184 records - OK
hf9942fl 7.0 c680da06ac6ec011d130e7ac765e33da89e2820a 2012/12/24 00:05:33 29945 records - OK
ap3jdh37 7.0 33def496782eb5b7b1cc93fdb036a1b62fa6a2fd 2012/12/17 00:06:21 25519 records - OK
7ox4e9ip 7.0 422abae03c588822f412aa9aae50578a1d61737e 2012/12/10 00:05:04 20358 records - OK
twwegfy6 7.0 a4f0d0ecad4fb6e0afdb1925f4e0b7863b9d03fa 2012/12/03 00:06:19 20133 records - OK
6ds3pcxh 7.0 86daa918ee3de1e4c1e5dea6f9b5f63544cf8814 2012/11/26 00:05:22 27311 records - OK
6edf4gc8 7.0 6556881c748e1f894eb9c7943ebae67017e1aec2 2012/11/19 00:06:09 29434 records - OK
i0o0v9mo 7.0 559141ef34f9e6226bb58560e9b52e4cc5165150 2012/11/12 00:06:22 26900 records - OK
aekd4jiw 7.0 cc55013e63ff89319ec772e34d77056c7108cd3b 2012/11/05 00:05:22 25164 records - OK
6ct9447w 7.0 f477dc247d9b562bb64fd4f46a7dcbdf7124eb60 2012/10/29 00:06:37 30226 records - OK
r8aqkdke 7.0 abaf5f7fda7308fcf7573b193bbf2116723e9802 2012/10/22 00:04:37 16441 records - OK
zltp4jhs 7.0 5adc85528fb49e201d4bc61eca580d6839cc4a4c 2012/10/15 00:05:04 26289 records - OK
adrmz87m 7.0 da8cf3fbd81206bb3d8103347a439f920a74bbe2 2012/10/07 23:05:51 27278 records - OK
7pyk00jd 7.0 5988744d3cb357f1a013427d466e2d79ab5f8907 2012/09/30 23:05:11 17444 records - OK
ccnijrsp 7.0 d4a0dabf4a4df0f79805c6ccdc025f796765e786 2012/09/23 23:06:30 21205 records - OK
5mpp1v7b 7.0 82ed005784d9e258213070a0cd8bfceff345018d 2012/09/16 23:05:43 11686 records - OK
0ii6fhq4 7.0 a95ae63004b8d857c2db055f4e47c15bfc97f626 2012/09/09 23:04:34 12677 records - OK
d2h71ro3 7.0 c39bf233d25242ae9ed8cf204b9b788c8f45ab79 2012/09/02 23:05:28 10118 records - OK
d46bsjyx 7.0 d37b5484b009947b7cdd3837dafe8148615401c2 2012/08/26 23:05:26 12602 records - OK
8lx1i6rn 7.0 41bf1347794ab7060dec7aaecc1d1d95cf6fecb5 2012/08/19 23:04:05 18298 records - OK
rmjpjz0o 7.0 1a997511e5892aaeb69b3db70e06676af36382e3 2012/08/12 23:05:19 17126 records - OK
9qn44pj3 7.0 f7226c59914e3683e538e668c3b664af3232654d 2012/08/05 23:03:53 20539 records - OK
ji50cl5s 7.0 4035c8d3b617bf935a317a8c57efaa8e835a61f4 2012/07/29 23:05:26 19330 records - OK
41cctsbn 7.0 09b55bc000f184ed426f1d8b9665669346fe5e71 2012/07/22 23:05:34 19692 records - OK
s0r7co7q 7.0 f746c097f298e94faa9db94e6f64ef9fd4a7b010 2012/07/15 23:05:43 14727 records - OK
77cfzdz8 7.0 792a6a25a17e764390440cd4c2c6ca5a97ab162f 2012/07/08 23:04:33 19485 records - OK
h03yaj87 7.0 ca9905c39e3d93428a4db65a192debe9fbd7acf7 2012/07/01 23:04:55 22898 records - OK
h1ofprwv 7.0 dc29c610b866c66ba5327e7830452b2460149a35 2012/06/24 23:05:17 20551 records - OK
5t1hcrnb 7.0 c28739bea153508d12942ac9a61abd475d0a0404 2012/06/17 23:03:35 9661 records - OK
v330ttkp 7.0 e5b5835a7c512120c5348e31483a4caa2a845d28 2012/06/10 23:04:32 23632 records - OK
dfy3znym 7.0 61853ce89026ef0ebbd80174f1b7dd5d25bbc63a 2012/06/03 23:04:41 12423 records - OK
e8jko4ab 7.0 4e6c9897e153b47ca97b7da48ceed23e555a7761 2012/05/27 23:04:26 15493 records - OK
czghxvrw 7.0 35f4c105cecd8ec1fd01714abebf30f8f3efb96e 2012/05/20 23:03:29 13065 records - OK
3bico0x8 7.0 3522aa84677411aa7d67796bb05ea3ab62f02a71 2012/05/13 23:04:24 16238 records - OK
ylr1yaju 7.0 7597333540eda537bd42c0a17d4a6526ad247a2e 2012/05/06 23:04:33 11570 records - OK
vuxcdmh5 7.0 867814380363bc6ad605acf4b96e02c54dbd60f7 2012/04/29 23:03:28 15478 records - OK
qz6sgnw8 7.0 3c04f402d91a19039cb9c223c435dc4ea1bb3da4 2012/04/22 23:05:05 11881 records - OK
eqy0ursy 7.0 8d0220a2a50b367e61a51d3b29c2659cde41bb7f 2012/04/15 23:03:29 13578 records - OK
t1rpz71r 7.0 b79dc6f5832ad390108d1880694ec538e8b34bb0 2012/04/08 23:05:02 14292 records - OK
eqo1ffa6 7.0 8ff7cc095c43c2154275b7a54a89bf365e8daf4a 2012/04/01 23:03:24 14084 records - OK
s58talcw 7.0 9502a428b32be4ad08556134e271c9ba03195398 2012/03/25 23:04:43 19126 records - OK
0ttko5x6 7.0 28c2fabbc645aff41baac12b911a8499ea163536 2012/03/18 23:03:23 14920 records - OK
dwbyhmif 7.0 86de597ff06e58206f94263f2eef33cb41b2530c 2012/03/11 23:03:25 19017 records - OK
35x5l97r 7.0 5bd1d666e7c9ca70c34e591dc6c55314ce4b11af 2012/03/05 00:04:32 19691 records - OK
diuoimuv 7.0 15a9d10c451d2fcf124700f29f557d9bf338e671 2012/02/27 00:03:21 23605 records - OK
23dn3lsg 7.0 5647d941e5358105ca6558dce78873f06c48d5dc 2012/02/20 00:03:45 19067 records - OK
e23vkzhx 7.0 c9b2600cb665ce34e0ccd0f19e0a88cd44437f51 2012/02/13 00:04:49 19019 records - OK
orztkx10 7.0 9df2e129e78a9d9ab491186da1329c1dd1190e17 2012/02/06 00:05:25 28028 records - OK
553i6loh 7.0 b69b9504a51b8777b8e95a4680dc8ac1d8d8c25d 2012/01/30 00:08:41 29444 records - OK
doxdm96g 7.0 3d7431bdee1a22d6329e017f348db7760f2645ac 2012/01/23 05:22:13 19353 records - OK
0gdj67p4 7.0 e04570f78fb00d758abdf77c534a460980e102c0 2012/01/16 00:12:31 20747 records - OK
w23260tv 7.0 2de2479b112c4416e2375343f57ca789b042aecc 2012/01/09 00:04:30 28052 records - OK
953lfgez 7.0 c4bd9612ff1f71d8bd23b4f1bc114eed1ae2ee6b 2012/01/02 00:04:40 12183 records - OK
kt49y4uh 7.0 28b1d218ade8f05fdc8550c7456ac3b74f705208 2011/12/26 00:03:33 19984 records - OK
usoxay71 7.0 539e41e8f3d97a6f347600c7cef903d9f34e0518 2011/12/19 00:08:45 22627 records - OK
6s0ri4u0 7.0 f8e81968965f555bce0d02fc9933fee840b97aaf 2011/12/12 17:20:22 49580 records - OK
3cx8eqpp 7.0 14751e0f442bba3efc08ee12d82a2815c61cfeb6 2011/12/04 05:00:00 45195 records - OK
9x4157qq 7.0 1a1e6cb9b3096a2cbba2c31d05e11914c0357d52 2011/12/04 04:00:00 165532 records - OK
n0o01an9 7.0 0f948a7d416c556bfc8a8be2c2c39f998fee6d9e 2011/12/04 03:00:00 170820 records - OK
7rts1nea 7.0 9357c3cc73a4a374346a678f197daa22496c7ae5 2011/12/04 02:00:00 171279 records - OK
aw5lnksc 7.0 ae56b06b3d6f1e13c5f10cce4ed68f2cccbf3298 2011/12/04 01:00:00 170253 records - OK
iydjm93x 7.0 fdaab5c1079d02c94f20d07c39d638cad79d8771 2011/12/04 00:00:00 170291 records - OK
4eopafsf 7.0 b59d8841e65d7670b2aae7f2b65734269f6c4fe3 2011/12/03 23:00:00 170501 records - OK
5ih8jm6f 7.0 3946b1d195434cf7a70d144da71c87559475c58f 2011/12/03 22:00:00 353582 records - OK
751j5hjj 7.0 8df4695f74ea5949551df6044720694e204b13d7 2011/12/03 21:00:00 852776 records - OK
v5m5fq6g 7.0 623996ab15966b611ababc4a62b9a0124d7fd00d 2013/09/01 10:22:11 1322 records - OK
smu0x2xs 7.0 c1d53c2aef72dfab36a8045897938e7a31f279ac 2013/07/14 23:15:07 1590 records - OK
2iflcbol 7.0 0cb77ee7a3e6545553585eb6df267a86d4fecbe4 2013/04/21 23:14:29 1680 records - OK
kgkwb7rh 7.0 6cb68b8fab821702ef054f864ff44917414e50fa 2013/02/04 00:13:43 2078 records - OK
mrpvb1ki 7.0 cfbe9cf43615f7856e4c35f0fc02e2baf12e39e7 2012/12/17 00:14:14 1725 records - OK
s2zfwqwk 7.0 047694e79b1a8d295f27ea9c6565062404f84a57 2012/11/12 00:12:52 2050 records - OK
4uyqqcja 7.0 f3413603f4ee1c88018a78c1f6faf2abeb8fa8c1 2012/09/23 23:13:14 1456 records - OK
d62iwsmg 7.0 8871f579eeb7e5e7b70c6dd898afd27391d7daf4 2012/06/24 23:12:36 1421 records - OK
s2ck88wq 7.0 3ee43130fe7fec4b367a791892a444d0a791b29b 2012/03/25 23:12:30 1385 records - OK
tlhu29x3 7.0 fddc5d687537580c7166dbf117d591593bc62261 2012/01/23 01:56:09 1653 records - OK
7wthoz5h 7.0 daefec8d4f54c544b20b87a589a1f13d18843a16 2013/09/01 10:21:29 1844 records - OK
wkxp963t 7.0 63ff62f7b5aa956912f6c29e7ad7be26569416ff 2013/08/18 23:25:05 1485 records - OK
oziu6azp 7.0 d95d1ab4adf9a869001802f64960356e903dd478 2013/07/21 23:24:06 2214 records - OK
qe3awsbh 7.0 45cdfad530697916adbfea43a8763a4ab0c95beb 2013/05/19 23:24:48 1426 records - OK
2g60ebfi 7.0 bd9fd948b79e07c8676018e17a43ee81f5335e36 2013/04/21 23:24:10 1641 records - OK
gkp7kjsg 7.0 c7f70566b9bae9fd3f5a8d0b56d961f890a55508 2013/03/17 23:23:44 1742 records - OK
gyv51g57 7.0 8893c0d254eb40c78b5c78ea17fbc3be60ea6304 2013/01/21 00:24:33 2016 records - OK
95t0xdus 7.0 cdf3a9d2dcab57f90c378d9eefacbfd358a42699 2012/12/10 00:23:23 1620 records - OK
c96gt7ju 7.0 c0726ba000e840272f0810b89051e6daa8799084 2012/11/05 00:23:16 1658 records - OK
kd42co24 7.0 216611859de0125bf130d6324d43c9115cb05def 2012/10/07 23:23:20 1465 records - OK
79eu4t1e 7.0 264c14ad60c4423ec292f5f8b182e4448504dfa9 2012/09/09 23:23:14 1588 records - OK
4awrwvk6 7.0 33197bfe9efefa9db33725d240757103c625b601 2012/07/22 23:22:36 1702 records - OK
xgcyah1o 7.0 74d8e114edb84b95bc09d5a2a36191d15a61e2cb 2012/06/10 23:22:36 1659 records - OK
t4kgnben 7.0 79ca8239f310688d2b9c314fa3d738a34985cce3 2012/04/29 23:22:34 1670 records - OK
atoslkvh 7.0 aac27e986e3731e5260cb76f5b14558e36660dec 2012/03/11 23:22:28 1729 records - OK
b8vpwb0b 7.0 fa5c96b8be693a20c2a295e3545419e6f117fdc4 2012/01/30 00:23:00 1523 records - OK
1yo8s08d 7.0 e9b21e0a3578ef2e2067f4876309671ddc78f65f 2011/12/19 00:22:29 1805 records - OK
udx7wqey 7.0 8f7a8f6f55130f6becc5331ab38dc2108746b8aa 2011/12/03 20:00:00 26456 records - OK
5gyb5dhq 7.0 e6d52b11d2f7d405ccd31347da3b6fde69825168 2011/12/03 19:00:00 74279 records - OK
ynjqk8hm 7.0 e20ffde4bbc58e0585b0b3b2f324bc91272c2360 2011/12/03 18:00:00 1 record - OK
Total records count: 4439228
Anti-rootkit module version ( ver: 8.6.201308190, api: 5.01/5.01 )
 
Using c:\users\windows 7\appdata\local\temp\59274DF5-5761439B-CE654F39-8A6FCC53\e1e29fkh.key as Dr.Web ® Key file
This Dr.Web ® Key is for 1 computer (A User)
Change language: "Portuguese (Português)"
-----------------------------------------------------------------------------
Start scanning
-----------------------------------------------------------------------------
Command line used:-rpcep:\pipe\544D8D238 -rpcpr:np 
 
Object(s) to scan:
 - C:\
 - D:\
 - E:\
 - F:\
 - G:\
 
C:\pagefile.sys - read error
C:\hiberfil.sys - read error
C:\Arquivos de Programas - directory
C:\$Recycle.Bin\S-1-5-18 - directory
C:\Documents and Settings - directory
C:\NVIDIA\DisplayDriver\314.22\Win8_WinVista_Win7_64\International\Display.Driver\nvidia-smi.1.pd_ - container, read error
C:\Program Files\Arquivos Comuns - directory
C:\Program Files\Common Files\Sistema - directory
C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{7BF17944-D68F-4877-8408-8F7C986C5820}\nvidia-smi.1.pd_ - container, read error
C:\Program Files\Windows NT\Acessórios - directory
C:\ProgramData\Application Data - directory
C:\ProgramData\Avira\AntiVir Desktop\TEMP\avguard1.tmp - read error
C:\ProgramData\Dados de aplicativos - directory
C:\ProgramData\Desktop - directory
C:\ProgramData\Documentos - directory
C:\ProgramData\Documents - directory
C:\ProgramData\Favorites - directory
C:\ProgramData\Favoritos - directory
C:\ProgramData\Menu Iniciar - directory
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log - read error
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log - read error
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - read error
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb - read error
C:\ProgramData\Microsoft\Windows\Start Menu\Programas - directory
C:\ProgramData\Modelos - directory
C:\ProgramData\Start Menu - directory
C:\ProgramData\Templates - directory
C:\System Volume Information - directory
C:\Users\All Users\Application Data - directory
C:\Users\All Users\Desktop - directory
C:\Users\All Users\Documentos - directory
C:\Users\All Users\Documents - directory
C:\Users\All Users\Dados de aplicativos - directory
C:\Users\All Users\Favorites - directory
C:\Users\All Users\Favoritos - directory
C:\Users\All Users\Menu Iniciar - directory
C:\Users\All Users\Modelos - directory
C:\Users\All Users\Start Menu - directory
C:\Users\All Users\Templates - directory
C:\Users\Default User - directory
C:\Users\Default\Ambiente de impressão - directory
C:\Users\Default\Ambiente de rede - directory
C:\Users\Default\AppData\Local\Application Data - directory
C:\Users\Default\AppData\Local\Dados de aplicativos - directory
C:\Users\Default\AppData\Local\History - directory
C:\Users\Default\AppData\Local\Histórico - directory
C:\Users\Default\AppData\Local\Temporary Internet Files - directory
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programas - directory
C:\Users\Default\Application Data - directory
C:\Users\Default\Configurações locais - directory
C:\Users\Default\Dados de aplicativos - directory
C:\Users\Default\Cookies - directory
C:\Users\Default\Documents\Meus vídeos - directory
C:\Users\Default\Documents\Minhas imagens - directory
C:\Users\Default\Documents\Minhas músicas - directory
C:\Users\Default\Documents\My Music - directory
C:\Users\Default\Documents\My Pictures - directory
C:\Users\Default\Documents\My Videos - directory
C:\Users\Default\Menu Iniciar - directory
C:\Users\Default\Meus documentos - directory
C:\Users\Default\Local Settings - directory
C:\Users\Default\My Documents - directory
C:\Users\Default\NetHood - directory
C:\Users\Default\Modelos - directory
C:\Users\Default\PrintHood - directory
C:\Users\Default\Recent - directory
C:\Users\Default\Templates - directory
C:\Users\Default\SendTo - directory
C:\Users\Mcx1-WINDOWS7-PC.Windows7-PC\ntuser.dat.LOG1 - read error
C:\Users\Default\Start Menu - directory
C:\Users\Mcx1-WINDOWS7-PC.Windows7-PC\ntuser.dat.LOG2 - read error
C:\Users\Mcx1-WINDOWS7-PC.Windows7-PC\NTUSER.DAT - read error
C:\Users\Mcx1-WINDOWS7-PC.Windows7-PC\Ambiente de impressão - directory
C:\Users\Mcx1-WINDOWS7-PC.Windows7-PC\Ambiente de rede - directory
C:\Users\Mcx1-WINDOWS7-PC.Windows7-PC\AppData\Local\Dados de aplicativos - directory
C:\Users\Mcx1-WINDOWS7-PC.Windows7-PC\AppData\Local\Histórico - directory
C:\Users\Mcx1-WINDOWS7-PC.Windows7-PC\AppData\Local\Temporary Internet Files - directory
C:\Users\Mcx1-WINDOWS7-PC.Windows7-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programas - directory
C:\Users\Mcx1-WINDOWS7-PC.Windows7-PC\Configurações locais - directory
C:\Users\Mcx1-WINDOWS7-PC.Windows7-PC\Documents\Meus vídeos - directory
C:\Users\Mcx1-WINDOWS7-PC.Windows7-PC\Cookies - directory
C:\Users\Mcx1-WINDOWS7-PC.Windows7-PC\Documents\Minhas músicas - directory
C:\Users\Mcx1-WINDOWS7-PC.Windows7-PC\Documents\Minhas imagens - directory
C:\Users\Mcx1-WINDOWS7-PC.Windows7-PC\Dados de aplicativos - directory
C:\Users\Mcx1-WINDOWS7-PC.Windows7-PC\Menu Iniciar - directory
C:\Users\Mcx1-WINDOWS7-PC.Windows7-PC\Meus documentos - directory
C:\Users\Mcx1-WINDOWS7-PC.Windows7-PC\Recent - directory
C:\Users\Mcx1-WINDOWS7-PC.Windows7-PC\Modelos - directory
C:\Users\Mcx1-WINDOWS7-PC.Windows7-PC\SendTo - directory
C:\Users\Public\Documents\Meus vídeos - directory
C:\Users\Public\Documents\Minhas imagens - directory
C:\Users\Public\Documents\Minhas músicas - directory
C:\Users\Public\Documents\My Music - directory
C:\Users\Public\Documents\My Pictures - directory
C:\Users\Public\Documents\My Videos - directory
C:\Users\Todos os Usuários\Application Data - directory
C:\Users\Todos os Usuários\Dados de aplicativos - directory
C:\Users\Todos os Usuários\Desktop - directory
C:\Users\Todos os Usuários\Documentos - directory
C:\Users\Todos os Usuários\Documents - directory
C:\Users\Todos os Usuários\Favorites - directory
C:\Users\Todos os Usuários\Favoritos - directory
C:\Users\Todos os Usuários\Menu Iniciar - directory
C:\Users\Todos os Usuários\Modelos - directory
C:\Users\Todos os Usuários\Templates - directory
C:\Users\Todos os Usuários\Start Menu - directory
C:\Users\UpdatusUser\NTUSER.DAT - read error
C:\Users\UpdatusUser\ntuser.dat.LOG1 - read error
C:\Users\UpdatusUser\ntuser.dat.LOG2 - read error
C:\Users\UpdatusUser\Ambiente de impressão - directory
C:\Users\UpdatusUser\Ambiente de rede - directory
C:\Users\UpdatusUser\AppData\Local\Dados de aplicativos - directory
C:\Users\UpdatusUser\AppData\Local\Histórico - directory
C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\UsrClass.dat - read error
C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - read error
C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - read error
C:\Users\UpdatusUser\AppData\Local\Temporary Internet Files - directory
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programas - directory
C:\Users\UpdatusUser\Configurações locais - directory
C:\Users\UpdatusUser\Cookies - directory
C:\Users\UpdatusUser\Dados de aplicativos - directory
C:\Users\UpdatusUser\Documents\Meus vídeos - directory
C:\Users\UpdatusUser\Documents\Minhas imagens - directory
C:\Users\UpdatusUser\Menu Iniciar - directory
C:\Users\UpdatusUser\Meus documentos - directory
C:\Users\UpdatusUser\Documents\Minhas músicas - directory
C:\Users\UpdatusUser\Recent - directory
C:\Users\UpdatusUser\Modelos - directory
C:\Users\UpdatusUser\SendTo - directory
C:\Users\Usuário Padrão - directory
C:\Users\Windows 7\NTUSER.DAT - read error
C:\Users\Windows 7\ntuser.dat.LOG1 - read error
C:\Users\Windows 7\ntuser.dat.LOG2 - read error
C:\Users\Windows 7\Ambiente de impressão - directory
C:\Users\Windows 7\Ambiente de rede - directory
C:\Users\Windows 7\AppData\Local\Dados de aplicativos - directory
C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Current Session - read error
C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Current Tabs - read error
C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK - read error
C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOCK - read error
C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK - read error
C:\Users\Windows 7\AppData\Local\Histórico - directory
C:\Users\Windows 7\AppData\Local\Microsoft\Windows\UsrClass.dat - read error
C:\Users\Windows 7\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - read error
C:\Users\Windows 7\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - read error
C:\Users\Windows 7\AppData\Local\Temp\APNStub.exe - is adware program Adware.Toolbar.174
C:\Users\Windows 7\AppData\Local\Temp\APNStub.exe - infected
C:\Users\Windows 7\AppData\Local\Temp\nsp5EE5.tmp-2\APN_ATU3_.exe - is adware program Adware.Downware.1417
C:\Users\Windows 7\AppData\Local\Temp\nsp5EE5.tmp-2\APN_ATU3_.exe - infected
C:\Users\Windows 7\AppData\Local\Temporary Internet Files - directory
C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programas - directory
C:\Users\Windows 7\Configurações locais - directory
C:\Users\Windows 7\Dados de aplicativos - directory
C:\Users\Windows 7\Cookies - directory
C:\Users\Windows 7\Menu Iniciar - directory
C:\Users\Windows 7\Meus documentos - directory
C:\Users\Windows 7\Modelos - directory
C:\Users\Windows 7\Recent - directory
C:\Users\Windows 7\SendTo - directory
C:\Users\Windows 7\Doctor Web\cureit.log - decompression error
C:\Windows\CSC\v2.0.6 - directory
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - read error
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 - read error
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 - read error
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - read error
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - read error
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - read error
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 - read error
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 - read error
C:\Windows\System32\LogFiles\WMI\RtBackup - directory
C:\Windows\System32\catroot2\edb.log - read error
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - read error
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - read error
C:\Windows\System32\config\DEFAULT - read error
C:\Windows\System32\config\DEFAULT.LOG1 - read error
C:\Windows\System32\config\DEFAULT.LOG2 - read error
C:\Windows\System32\config\SAM - read error
C:\Windows\System32\config\SAM.LOG1 - read error
C:\Windows\System32\config\SAM.LOG2 - read error
C:\Windows\System32\config\SECURITY - read error
C:\Windows\System32\config\SECURITY.LOG1 - read error
C:\Windows\System32\config\SECURITY.LOG2 - read error
C:\Windows\System32\config\SOFTWARE - read error
C:\Windows\System32\config\SOFTWARE.LOG1 - read error
C:\Windows\System32\config\SOFTWARE.LOG2 - read error
C:\Windows\System32\config\SYSTEM - read error
C:\Windows\System32\config\SYSTEM.LOG1 - read error
C:\Windows\System32\config\SYSTEM.LOG2 - read error
C:\Windows\System32\config\RegBack\DEFAULT - read error
C:\Windows\System32\config\RegBack\SAM - read error
C:\Windows\System32\config\RegBack\SECURITY - read error
C:\Windows\System32\config\RegBack\SYSTEM - read error
C:\Windows\System32\config\RegBack\SOFTWARE - read error
D:\Downloads\aTubeCatcher.exe\_ÇÇ - is adware program Adware.Downware.1417
D:\Downloads\aTubeCatcher.exe - infected container
D:\System Volume Information - directory
E: - read error
G:\AUTORUN.INF - read error
 
Total 202605298852 bytes in 131354 files scanned (322817 objects)
Total 131159 files (322621 objects) are clean
Total 3 files are infected
Total 63 files are raised error condition
Scan time is 01:14:16.238
 
-----------------------------------------------------------------------------
Start curing
-----------------------------------------------------------------------------
C:\Users\Windows 7\AppData\Local\Temp\APNStub.exe - quarantined
C:\Users\Windows 7\AppData\Local\Temp\nsp5EE5.tmp-2\APN_ATU3_.exe - quarantined
D:\Downloads\aTubeCatcher.exe - quarantined
 
Total 202605298852 bytes in 131354 files scanned (322817 objects)
Total 131159 files (322621 objects) are clean
Total 3 files are infected
Total 3 files are neutralized
Total 63 files are raised error condition
Scan time is 01:14:16.238

Logfile of HijackThis v1.99.1

Scan saved at 16:51:47, on 01/09/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
 
Running processes:
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFaster.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\USB Disk Security\USBGuard.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
c:\users\windows 7\appdata\local\temp\4AA66A00-D7800E00-98DED9A0-C483E20\bn1k73ir.exe
c:\users\windows 7\appdata\local\temp\482A414F-6EE1D926-E541A67D-E2B55239\bn1k73ir.exe
C:\Windows\SysWOW64\ctfmon.exe
D:\Desktop\drweb-cureit.exe
c:\users\windows 7\appdata\local\temp\59274DF5-5761439B-CE654F39-8A6FCC53\a5r3uo3b.exe
c:\users\windows 7\appdata\local\temp\59274DF5-5761439B-CE654F39-8A6FCC53\x6cuqgw3.exe
c:\users\windows 7\appdata\local\temp\59274DF5-5761439B-CE654F39-8A6FCC53\bn1k73ir.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
D:\Desktop\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://maps.google.c...A:actbar-saveto
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Avira SearchFree Toolbar plus Web Protection BHO - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" (file missing)
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKLM\..\Run: [Baidu PC Faster 3.7.0.0] "C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFaster.exe" -auto -start
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [USB Security] C:\Program Files (x86)\USB Disk Security\USBGuard.exe
O4 - HKCU\..\Run: [Hamza] wscript.exe //B "C:\Users\WINDOW~1\AppData\Local\Temp\Hamza.vbs"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - Startup: Hamza.vbs
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\avira\antivir desktop\avsda.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\avira\antivir desktop\avsda.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\avira\antivir desktop\avsda.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\avira\antivir desktop\avsda.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\avira\antivir desktop\avsda.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\avira\antivir desktop\avsda.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\avira\antivir desktop\avsda.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\avira\antivir desktop\avsda.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wtfastdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wtfastdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wtfastdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wtfastdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wtfastdrv.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\avira\antivir desktop\avsda.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix: 
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Serviço de atualização Ask (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Motorola Mobility LLC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Baidu PC Faster Service 3.7.0.0 (PCFasterSvc_{PCFaster_3.7.0.0}) - Baidu Inc. - C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFasterSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PST Service - Motorola - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)


#4
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.934 posts

Faça o download do OTL by OldTimer, e salve na sua área de trabalho:
http://oldtimer.geekstogo.com/OTL.exe

** Usuários do Windows Vista e Windows 7/8:
Clique com o direito sobre o arquivo OTL.exe, depois clique em execadmin.png
.

Onde diz Saída, marque Padrão
Marque também estas opções:

  • Data de Criação -> mude para 90 dias
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

netsvcs
%SYSTEMDRIVE%\*.*
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%PROGRAMFILES%(x86)\*.*
%LOCALAPPDATA%\*.exe
%LOCALAPPDATA%\*.txt
%LOCALAPPDATA%\*.ini
%LOCALAPPDATA%\*.dll
%LOCALAPPDATA%\*.dat
%USERPROFILE%\*.exe
%USERPROFILE%\*.txt
%USERPROFILE%\*.ini
%USERPROFILE%\*.dll
%USERPROFILE%\*.dat /30
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.com
%systemroot%\*.scr
%appdata%\*.*
%programdata%\*.*
%programdata%\*.exe /s
%programdata%\*.dll /s
%PROGRAMFILES%\Internet Explorer\*.*
C:\windows\system32\Tasks\*.* /64
%windir%\tasks\*.* /s

CREATERESTOREPOINT
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP
HKCU\Software\Microsoft\Internet Explorer\Downloads

%systemdrive%\$Recycle.Bin|@;true;true;true /fp
Net User /c
/md5start
services.*
/md5stop

Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão verif.png

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt
Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.
Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.



#5
bunfl

bunfl

    Novato

  • Novato
  • Pip
  • 10 posts
OTL logfile created on: 01/09/2013 18:40:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
4,00 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 38,55% Memory free
7,99 Gb Paging File | 4,93 Gb Available in Paging File | 61,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 139,37 Gb Free Space | 71,39% Space Free | Partition Type: NTFS
Drive D: | 270,45 Gb Total Space | 123,64 Gb Free Space | 45,72% Space Free | Partition Type: NTFS
Drive F: | 1,70 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 7,26 Gb Total Space | 7,26 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
 
Computer Name: WINDOWS7-PC | User Name: Windows 7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/09/01 18:39:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2013/09/01 15:24:51 | 000,233,144 | ---- | M] (Doctor Web, Ltd.) -- c:\users\windows 7\appdata\local\temp\59274DF5-5761439B-CE654F39-8A6FCC53\bn1k73ir.exe
PRC - [2013/09/01 15:23:38 | 000,233,144 | ---- | M] (Doctor Web, Ltd.) -- c:\users\windows 7\appdata\local\temp\482A414F-6EE1D926-E541A67D-E2B55239\bn1k73ir.exe
PRC - [2013/09/01 15:23:08 | 000,233,144 | ---- | M] (Doctor Web, Ltd.) -- c:\users\windows 7\appdata\local\temp\4AA66A00-D7800E00-98DED9A0-C483E20\bn1k73ir.exe
PRC - [2013/08/31 17:48:03 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/08/31 17:44:50 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2013/08/31 17:43:47 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/08/31 17:43:40 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/08/31 17:43:27 | 000,328,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files (x86)\avira\antivir desktop\avcenter.exe
PRC - [2013/08/29 08:33:56 | 000,636,912 | ---- | M] (Baidu Inc.) -- C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFasterSvc.exe
PRC - [2013/08/29 08:33:52 | 001,808,368 | ---- | M] (Baidu Inc.) -- C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFaster.exe
PRC - [2013/08/24 13:49:56 | 000,829,392 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/08/16 04:49:09 | 000,164,816 | ---- | M] (APN LLC.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
PRC - [2013/08/16 04:49:02 | 001,601,488 | ---- | M] (APN) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
PRC - [2013/07/15 11:23:42 | 000,409,640 | ---- | M] (GAS Tecnologia) -- C:\PROGRA~2\GbPlugin\GbpSv.exe
PRC - [2013/06/28 14:02:06 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2013/06/20 22:30:20 | 000,687,336 | ---- | M] (Zbshareware Lab) -- C:\Program Files (x86)\USB Disk Security\USBGuard.exe
PRC - [2013/03/25 15:45:52 | 000,694,584 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2013/03/25 15:45:52 | 000,121,144 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2013/03/15 01:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/03/14 21:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/12/21 12:08:56 | 001,333,424 | ---- | M] (ESET) -- C:\Arquivos de Programas\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2010/05/17 17:02:44 | 011,189,048 | ---- | M] (Ensemble Studios) -- C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/08/24 13:49:53 | 000,410,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll
MOD - [2013/08/24 13:49:52 | 013,594,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll
MOD - [2013/08/24 13:49:51 | 004,053,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll
MOD - [2013/08/24 13:49:01 | 000,709,584 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\libglesv2.dll
MOD - [2013/08/24 13:49:00 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\libegl.dll
MOD - [2013/08/24 13:48:58 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ffmpegsumo.dll
MOD - [2013/06/27 09:53:06 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\USB Disk Security\locales\portuese.dll
MOD - [2007/08/07 09:22:07 | 000,071,040 | ---- | M] () -- C:\Program Files (x86)\Microsoft Games\Age of Empires III\deformerdll.dll
MOD - [2005/09/19 12:28:42 | 000,389,632 | R--- | M] () -- C:\Program Files (x86)\Microsoft Games\Age of Empires III\granny2.dll
MOD - [2005/09/19 12:28:38 | 000,192,512 | R--- | M] () -- C:\Program Files (x86)\Microsoft Games\Age of Empires III\binkw32.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/08/31 17:48:03 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/08/31 17:44:50 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013/08/31 17:43:47 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/08/29 08:33:56 | 000,636,912 | ---- | M] (Baidu Inc.) [Auto | Running] -- C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFasterSvc.exe -- (PCFasterSvc_{PCFaster_3.7.0.0})
SRV - [2013/08/20 21:23:41 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/16 04:49:09 | 000,164,816 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2013/07/15 11:23:42 | 000,409,640 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv)
SRV - [2013/06/28 14:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/06/21 10:57:12 | 000,162,408 | ---- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/03/25 15:45:52 | 000,121,144 | ---- | M] (Motorola Mobility LLC) [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2013/03/15 01:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/03/14 21:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/21 12:08:56 | 001,333,424 | ---- | M] (ESET) [Auto | Running] -- C:\Arquivos de Programas\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/08/31 17:49:55 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/08/31 17:49:55 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/08/31 17:49:55 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/08/27 05:56:24 | 000,078,144 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BprotectEx.sys -- (BprotectEx)
DRV:64bit: - [2013/05/28 11:26:08 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/04/07 16:40:44 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/01/10 08:25:22 | 000,190,232 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2013/01/10 08:25:22 | 000,059,440 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2013/01/10 08:25:22 | 000,057,904 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2013/01/10 08:25:20 | 000,213,416 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2013/01/10 08:25:20 | 000,150,616 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012/12/19 01:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/06/11 10:56:34 | 000,022,016 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2012/06/08 15:09:12 | 000,027,136 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2012/06/08 15:08:54 | 000,008,832 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2012/01/25 13:57:46 | 000,009,728 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2011/11/08 12:59:12 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2010/11/20 23:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 23:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/01/29 17:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2013/05/08 09:52:48 | 000,049,536 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\gbpkm.sys -- (GbpKm)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.c...campaign=portal
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.c...campaign=portal
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.c...campaign=portal
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{CAE439BF-D226-4829-9DDD-20FFEEC30861}: "URL" = http://websearch.ask...J&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYBR&apn_uid=E040947F-8300-454A-A14F-46C3789CEF5E&apn_sauid=B3844EE2-4DF8-4206-94E5-51167A9A164F
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/bb: C:\Users\Windows 7\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013/04/04 13:57:36 | 000,000,000 | ---D | M]
 
[2013/08/31 17:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows 7\AppData\Roaming\mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions
[2013/07/26 16:31:20 | 000,713,729 | ---- | M] () (No name found) -- C:\Users\Windows 7\AppData\Roaming\mozilla\firefox\profiles\{DefaultProfilesFolder}\extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Avira SearchFree Toolbar plus Web Protection = C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\20.53263_0\
CHR - Extension: Google Docs = C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Pesquisa do Google = C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Web Navigation = C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkemddiljapcmhicklfpcbpfffahfbja\1.0_0\
CHR - Extension: Web Navigation = C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkemddiljapcmhicklfpcbpfffahfbja\1.0_0\.bak
CHR - Extension: Chrome In-App Payments service = C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: GBBD Banco do Brasil = C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh\3.0.0_0\
CHR - Extension: Gmail = C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/05/31 16:30:54 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [Hamza] wscript.exe //B "C:\Users\WINDOW~1\AppData\Local\Temp\Hamza.vbs" File not found
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Baidu PC Faster 3.7.0.0] C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFaster.exe (Baidu Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [USB Security] C:\Program Files (x86)\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Hamza] wscript.exe //B "C:\Users\WINDOW~1\AppData\Local\Temp\Hamza.vbs" File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - Startup: C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hamza.vbs ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\WTFastDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\WTFastDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\WTFastDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\WTFastDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000023 - C:\Windows\SysNative\WTFastDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000024 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\WTFastDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\WTFastDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\WTFastDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\WTFastDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\SysWOW64\WTFastDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bb.com.br ([www] * in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B518F5FB-2154-4CA7-99E2-EFF2B636BD06}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files (x86)\GbPlugin\gbieh.dll) - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/01 11:44:27 | 000,000,225 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2005/09/16 15:51:12 | 000,999,424 | R--- | M] (Microsoft Corporation) - F:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2013/09/01 15:02:22 | 000,000,016 | -H-- | M] () - G:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{183066ff-eda5-11e2-b594-7071bc6719df}\Shell - "" = AutoRun
O33 - MountPoints2\{183066ff-eda5-11e2-b594-7071bc6719df}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{18306701-eda5-11e2-b594-7071bc6719df}\Shell - "" = AutoRun
O33 - MountPoints2\{18306701-eda5-11e2-b594-7071bc6719df}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{cfa44575-c7a6-11e2-82dd-7071bc6719df}\Shell - "" = AutoRun
O33 - MountPoints2\{cfa44575-c7a6-11e2-82dd-7071bc6719df}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2005/09/16 15:51:12 | 000,999,424 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{cfa44575-c7a6-11e2-82dd-7071bc6719df}\Shell\directx\command - "" = DirectX9\dxsetup.exe
O33 - MountPoints2\{cfa44575-c7a6-11e2-82dd-7071bc6719df}\Shell\setup\command - "" = F:\setup.exe -- [2005/09/19 18:04:52 | 000,253,952 | R--- | M] (Microsoft Game Studios                                    )
O33 - MountPoints2\{d0936e3c-0b32-11e3-bf15-7071bc6719df}\Shell - "" = AutoRun
O33 - MountPoints2\{d0936e3c-0b32-11e3-bf15-7071bc6719df}\Shell\AutoRun\command - "" = G:\MotorolaDeviceManagerSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 90 Days ==========
 
[2013/09/01 18:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2013/09/01 17:32:21 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\AppData\Local\LogMeIn Hamachi
[2013/09/01 17:31:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/09/01 17:31:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013/09/01 17:15:45 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013/09/01 16:59:01 | 000,000,000 | ---D | C] -- D:\Documents\My Games
[2013/09/01 16:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Age of Empires 3
[2013/09/01 16:50:58 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- D:\Desktop\HijackThis.exe
[2013/09/01 16:37:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Games
[2013/09/01 16:16:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2013/09/01 16:12:06 | 000,000,000 | ---D | C] -- D:\Desktop\Nova pasta (2)
[2013/09/01 15:23:13 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\Doctor Web
[2013/09/01 14:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2013/09/01 14:57:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine
[2013/09/01 14:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2013/09/01 14:55:50 | 000,848,856 | ---- | C] (Panda Security                                              ) -- D:\Desktop\USBVaccineSetup.exe
[2013/09/01 12:53:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013/09/01 02:27:24 | 000,358,571 | ---- | C] (Farbar) -- D:\Desktop\FSS.exe
[2013/09/01 01:56:48 | 000,147,456 | ---- | C] (Eric_71) -- D:\Desktop\MbrScan.exe
[2013/09/01 01:01:13 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\AppData\Roaming\Zbshareware Lab
[2013/09/01 01:01:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Disk Security
[2013/09/01 01:01:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USB Disk Security
[2013/08/31 23:56:34 | 000,083,672 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013/08/31 17:53:01 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\AppData\Roaming\Avira
[2013/08/31 17:52:14 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\AppData\Roaming\Mozilla
[2013/08/31 17:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/08/31 17:50:50 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/08/31 17:50:50 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013/08/31 17:50:49 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/08/31 17:50:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/08/31 17:50:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013/08/31 08:38:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
[2013/08/31 08:38:02 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
[2013/08/28 12:57:12 | 000,078,144 | ---- | C] (Baidu, Inc.) -- C:\Windows\SysNative\drivers\BprotectEx.sys
[2013/08/26 10:55:36 | 000,000,000 | ---D | C] -- D:\Desktop\Nova pasta
[2013/08/22 18:11:09 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\AppData\Roaming\Tibia
[2013/08/22 11:10:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Motorola
[2013/08/22 11:10:34 | 000,000,000 | ---D | C] -- C:\Temp
[2013/08/22 11:10:34 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\AppData\Roaming\Motorola Mobility
[2013/08/22 11:09:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2013/08/22 11:09:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola Mobility
[2013/08/22 11:09:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola
[2013/08/22 11:09:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013/08/22 11:09:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2013/08/22 11:09:01 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Inc
[2013/08/22 11:07:55 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\AppData\Roaming\Motorola
[2013/08/20 19:48:04 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\AppData\Roaming\Tibiacast
[2013/08/20 19:45:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibiacast
[2013/08/20 19:45:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tibiacast
[2013/08/18 09:01:55 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\jagexcache
[2013/08/04 14:26:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/08/02 23:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asprate
[2013/08/02 23:52:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Asprate
[2013/08/01 23:54:27 | 000,000,000 | ---D | C] -- D:\Documents\Baidu Security
[2013/08/01 23:54:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Baidu Security
[2013/07/27 20:16:59 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\AppData\Local\ElevatedDiagnostics
[2013/07/25 22:35:07 | 000,000,000 | ---D | C] -- C:\Level Up! Games
[2013/07/25 11:58:47 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\AppData\Local\IsolatedStorage
[2013/07/25 11:58:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Level Up! Games
[2013/07/24 21:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games
[2013/07/24 21:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2013/07/24 21:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PopCap Games
[2013/07/24 10:03:51 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\AppData\Local\WpfApplication1
[2013/07/24 09:39:10 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\AppData\Local\Apps
[2013/07/24 09:36:31 | 000,000,000 | ---D | C] -- D:\Documents\Visual Studio 2005
[2013/07/23 12:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2013/07/23 12:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Level Up!
[2013/07/16 18:58:38 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\aTubeCatcher
[2013/07/16 10:14:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AskPartnerNetwork
[2013/07/16 10:14:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AskPartnerNetwork
[2013/07/16 10:13:53 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/07/16 10:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
[2013/07/16 10:13:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DsNET Corp
[2013/07/16 09:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013/07/16 07:55:47 | 000,049,536 | ---- | C] (GAS Tecnologia) -- C:\Windows\SysWow64\drivers\gbpkm.sys
[2013/07/16 07:55:47 | 000,031,088 | ---- | C] (GbPlugin NDIS Device Driver) -- C:\Windows\SysWow64\drivers\gbpndisrd.sys
[2013/07/16 07:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\GbPlugin
[2013/07/16 07:55:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GbPlugin
[2013/07/16 07:54:22 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\AppData\Local\GAS Tecnologia
[2013/07/16 07:54:21 | 000,000,000 | ---D | C] -- C:\ProgramData\GAS Tecnologia
[2013/07/16 07:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2013/07/12 15:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/07/12 10:02:57 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/07/12 10:02:55 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/07/12 10:02:55 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/07/12 10:02:55 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/06/24 19:11:00 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars
[2013/06/24 19:11:00 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\AppData\Local\PokerStars
[2013/06/24 19:10:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars
[2013/06/18 11:43:02 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\AppData\Local\SWTORPerf
[2013/06/18 11:31:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2013/06/18 11:31:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2013/06/17 20:11:55 | 000,079,464 | ---- | C] (Initex) -- C:\Windows\SysNative\WTFastDrv.dll
[2013/06/17 20:11:55 | 000,072,296 | ---- | C] (Initex) -- C:\Windows\SysWow64\WTFastDrv.dll
[2013/06/17 20:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WTFast
[2013/06/17 20:11:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WTFast
[2013/06/16 13:53:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/06/16 13:53:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013/06/16 00:32:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Logs
[2013/06/15 00:06:46 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\AppData\Roaming\LolClient
[2013/06/14 19:25:41 | 000,000,000 | ---D | C] -- C:\Riot Games
[2013/06/14 19:25:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewFeature1
[2013/06/14 19:25:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/06/14 12:49:23 | 000,000,000 | ---D | C] -- C:\League of Legends
[2013/06/14 12:48:12 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\AppData\Local\PMB Files
[2013/06/14 12:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013/06/14 12:46:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013/06/14 12:43:17 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\.swt
 
========== Files - Modified Within 90 Days ==========
 
[2013/09/01 18:23:30 | 000,002,166 | ---- | M] () -- C:\Users\Public\Desktop\Age of Empires III.lnk
[2013/09/01 18:21:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/01 18:19:01 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/01 17:42:22 | 000,584,616 | ---- | M] () -- D:\Desktop\Sem título.gif
[2013/09/01 17:33:18 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/09/01 16:51:01 | 000,218,112 | ---- | M] (Soeperman Enterprises Ltd.) -- D:\Desktop\HijackThis.exe
[2013/09/01 15:20:07 | 129,400,048 | ---- | M] () -- D:\Desktop\drweb-cureit.exe
[2013/09/01 14:59:45 | 001,636,908 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/01 14:59:45 | 000,706,486 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2013/09/01 14:59:45 | 000,655,054 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/01 14:59:45 | 000,147,212 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2013/09/01 14:59:45 | 000,121,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/01 14:55:58 | 000,848,856 | ---- | M] (Panda Security                                              ) -- D:\Desktop\USBVaccineSetup.exe
[2013/09/01 13:16:14 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/01 13:16:02 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) -- C:\Windows\SysWow64\drivers\gbpndisrd.sys
[2013/09/01 13:16:02 | 000,010,266 | ---- | M] () -- C:\Windows\SysWow64\drivers\ndisrd.cat
[2013/09/01 13:16:02 | 000,003,641 | ---- | M] () -- C:\Windows\SysWow64\drivers\ndisrd.inf
[2013/09/01 13:16:02 | 000,001,814 | ---- | M] () -- C:\Windows\SysWow64\drivers\ndisrd_m.inf
[2013/09/01 13:16:02 | 000,001,402 | ---- | M] () -- C:\Windows\SysWow64\drivers\gas.cer
[2013/09/01 13:15:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/01 13:15:53 | 3217,756,160 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/01 02:27:42 | 000,358,571 | ---- | M] (Farbar) -- D:\Desktop\FSS.exe
[2013/09/01 01:56:49 | 000,147,456 | ---- | M] (Eric_71) -- D:\Desktop\MbrScan.exe
[2013/08/31 23:56:34 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013/08/31 18:48:23 | 000,000,390 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/08/31 17:51:09 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013/08/31 17:49:55 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/08/31 17:49:55 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/08/31 17:49:55 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013/08/31 09:05:13 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013/08/31 08:38:03 | 000,001,188 | ---- | M] () -- D:\Desktop\Baidu PC Faster.lnk
[2013/08/29 16:27:05 | 000,002,192 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/08/27 21:03:16 | 000,000,468 | RHS- | M] () -- C:\Users\Windows 7\ntuser.pol
[2013/08/27 05:56:24 | 000,078,144 | ---- | M] (Baidu, Inc.) -- C:\Windows\SysNative\drivers\BprotectEx.sys
[2013/08/23 11:14:20 | 000,009,216 | ---- | M] () -- C:\Users\Windows 7\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/22 11:10:03 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf
[2013/08/22 11:10:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2013/08/22 11:09:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2013/08/22 11:09:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgp_01007.Wdf
[2013/08/22 11:09:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2013/08/20 21:23:41 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/08/20 21:23:41 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/08/18 09:21:02 | 000,000,001 | ---- | M] () -- C:\Users\Windows 7\random.dat
[2013/08/18 09:01:55 | 000,000,048 | ---- | M] () -- C:\Users\Windows 7\jagex_cl_runescape_LIVE.dat
[2013/08/14 13:04:02 | 000,087,651 | -HS- | M] () -- C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hamza.vbs
[2013/08/02 23:52:10 | 000,002,194 | ---- | M] () -- C:\Users\Public\Desktop\Tibia MULTI-IP Changer.lnk
[2013/07/30 12:00:24 | 001,604,660 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/07/26 08:46:38 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Warface.lnk
[2013/07/25 23:06:43 | 000,000,191 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2013/07/24 21:50:10 | 000,001,322 | ---- | M] () -- C:\Users\Public\Desktop\Plants vs. Zombies.lnk
[2013/07/24 09:33:44 | 000,000,136 | ---- | M] () -- D:\Documents\black.pkm
[2013/07/16 10:13:54 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\Video Search.lnk
[2013/07/16 10:13:53 | 000,001,195 | ---- | M] () -- C:\Users\Public\Desktop\aTube Catcher.lnk
[2013/07/16 07:54:24 | 000,011,498 | ---- | M] () -- C:\Users\Windows 7\AppData\Roaming\unins000.dat
[2013/07/16 07:54:21 | 000,720,082 | ---- | M] () -- C:\Users\Windows 7\AppData\Roaming\unins000.exe
[2013/07/12 10:02:51 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/07/12 10:02:48 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/07/12 10:02:48 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/07/12 10:02:48 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/07/12 10:02:47 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/07/12 10:02:47 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/07/10 20:23:27 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/06/30 00:40:58 | 000,000,363 | ---- | M] () -- D:\Documents\Favoritos - Atalho.lnk
[2013/06/30 00:40:58 | 000,000,363 | ---- | M] () -- C:\Favoritos - Atalho.lnk
[2013/06/24 19:11:00 | 000,000,948 | ---- | M] () -- D:\Desktop\PokerStars.lnk
[2013/06/17 20:11:55 | 000,000,988 | ---- | M] () -- C:\Users\Public\Desktop\WTFast.lnk
[2013/06/16 13:53:41 | 000,139,816 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/06/14 19:28:54 | 000,001,731 | ---- | M] () -- D:\Desktop\Jogar League Of Legends.lnk
 
========== Files Created - No Company Name ==========
 
[2013/09/01 18:23:30 | 000,002,166 | ---- | C] () -- C:\Users\Public\Desktop\Age of Empires III.lnk
[2013/09/01 17:42:20 | 000,584,616 | ---- | C] () -- D:\Desktop\Sem título.gif
[2013/09/01 15:00:06 | 129,400,048 | ---- | C] () -- D:\Desktop\drweb-cureit.exe
[2013/08/31 17:51:09 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013/08/31 08:22:50 | 000,087,651 | -HS- | C] () -- C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hamza.vbs
[2013/08/28 12:57:11 | 000,001,188 | ---- | C] () -- D:\Desktop\Baidu PC Faster.lnk
[2013/08/26 19:22:03 | 000,000,390 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/08/22 11:10:03 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf
[2013/08/22 11:10:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2013/08/22 11:09:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2013/08/22 11:09:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgp_01007.Wdf
[2013/08/22 11:09:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2013/08/18 09:01:55 | 000,000,048 | ---- | C] () -- C:\Users\Windows 7\jagex_cl_runescape_LIVE.dat
[2013/08/18 09:01:55 | 000,000,001 | ---- | C] () -- C:\Users\Windows 7\random.dat
[2013/08/06 16:10:06 | 000,009,216 | ---- | C] () -- C:\Users\Windows 7\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/02 23:52:10 | 000,002,194 | ---- | C] () -- C:\Users\Public\Desktop\Tibia MULTI-IP Changer.lnk
[2013/07/25 11:58:31 | 000,000,191 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2013/07/25 11:58:14 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Warface.lnk
[2013/07/24 21:50:10 | 000,001,322 | ---- | C] () -- C:\Users\Public\Desktop\Plants vs. Zombies.lnk
[2013/07/24 09:29:38 | 000,000,136 | ---- | C] () -- D:\Documents\black.pkm
[2013/07/16 10:13:54 | 000,002,127 | ---- | C] () -- C:\Users\Public\Desktop\Video Search.lnk
[2013/07/16 10:13:53 | 000,001,195 | ---- | C] () -- C:\Users\Public\Desktop\aTube Catcher.lnk
[2013/07/16 07:55:47 | 000,010,266 | ---- | C] () -- C:\Windows\SysWow64\drivers\ndisrd.cat
[2013/07/16 07:55:47 | 000,003,641 | ---- | C] () -- C:\Windows\SysWow64\drivers\ndisrd.inf
[2013/07/16 07:55:47 | 000,001,814 | ---- | C] () -- C:\Windows\SysWow64\drivers\ndisrd_m.inf
[2013/07/16 07:55:47 | 000,001,402 | ---- | C] () -- C:\Windows\SysWow64\drivers\gas.cer
[2013/07/16 07:54:21 | 000,720,082 | ---- | C] () -- C:\Users\Windows 7\AppData\Roaming\unins000.exe
[2013/07/16 07:54:21 | 000,011,498 | ---- | C] () -- C:\Users\Windows 7\AppData\Roaming\unins000.dat
[2013/07/12 15:08:27 | 000,002,192 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/12 15:03:15 | 000,001,074 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/12 15:03:15 | 000,001,070 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/10 20:23:27 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/06/30 10:22:55 | 001,604,660 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/30 00:41:28 | 000,000,363 | ---- | C] () -- D:\Documents\Favoritos - Atalho.lnk
[2013/06/30 00:41:11 | 000,000,363 | ---- | C] () -- C:\Favoritos - Atalho.lnk
[2013/06/24 19:11:00 | 000,000,948 | ---- | C] () -- D:\Desktop\PokerStars.lnk
[2013/06/17 20:11:55 | 000,000,988 | ---- | C] () -- C:\Users\Public\Desktop\WTFast.lnk
[2013/06/16 13:53:41 | 000,139,816 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/06/14 19:28:54 | 000,001,731 | ---- | C] () -- D:\Desktop\Jogar League Of Legends.lnk
[2013/05/31 00:58:02 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Nadeo.ini
[2013/05/12 21:05:49 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2013/04/07 17:13:54 | 000,000,468 | RHS- | C] () -- C:\Users\Windows 7\ntuser.pol
[2013/04/05 10:15:08 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2013/04/04 13:50:25 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013/04/04 13:50:25 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2013/04/04 13:50:24 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2013/04/04 13:50:24 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013/04/04 13:50:24 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013/04/04 13:50:23 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/04/07 16:53:23 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/04/07 16:53:24 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/07/24 10:07:11 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\.minecraft
[2013/04/07 17:13:10 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Baidu
[2013/04/07 17:12:54 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Baidu Security
[2013/08/31 19:01:05 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\DAEMON Tools Lite
[2013/04/04 13:59:40 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\ESET
[2013/05/13 18:03:40 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Foxit Software
[2013/06/15 00:06:46 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\LolClient
[2013/08/22 11:07:55 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Motorola
[2013/08/22 11:10:34 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Motorola Mobility
[2013/08/22 18:12:10 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Tibia
[2013/08/20 20:33:16 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Tibiacast
[2013/09/01 16:29:41 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\uTorrent
[2013/09/01 01:01:13 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Zbshareware Lab
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2013/06/30 00:40:58 | 000,000,363 | ---- | M] () -- C:\Favoritos - Atalho.lnk
[2013/09/01 13:15:53 | 3217,756,160 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/01 13:15:55 | 4290,342,912 | -HS- | M] () -- C:\pagefile.sys
 
< %systemdrive%\drivers\*.exe >
 
< %systemroot%\system32\drivers\*.* /90 >
[2013/09/01 13:16:02 | 000,001,402 | ---- | M] () -- C:\Windows\system32\drivers\gas.cer
[2013/09/01 13:16:02 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) -- C:\Windows\system32\drivers\gbpndisrd.sys
[2013/09/01 13:16:02 | 000,010,266 | ---- | M] () -- C:\Windows\system32\drivers\ndisrd.cat
[2013/09/01 13:16:02 | 000,003,641 | ---- | M] () -- C:\Windows\system32\drivers\ndisrd.inf
[2013/09/01 13:16:02 | 000,001,814 | ---- | M] () -- C:\Windows\system32\drivers\ndisrd_m.inf
 
< %PROGRAMFILES%(x86)\*.* >
 
< %LOCALAPPDATA%\*.exe >
 
< %LOCALAPPDATA%\*.txt >
 
< %LOCALAPPDATA%\*.ini >
[2013/08/23 11:14:20 | 000,009,216 | ---- | M] () -- C:\Users\Windows 7\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
< %LOCALAPPDATA%\*.dll >
 
< %LOCALAPPDATA%\*.dat >
[2013/04/04 13:58:53 | 000,108,840 | ---- | M] () -- C:\Users\Windows 7\AppData\Local\GDIPFONTCACHEV1.DAT
 
< %USERPROFILE%\*.exe >
 
< %USERPROFILE%\*.txt >
 
< %USERPROFILE%\*.ini >
[2013/04/04 13:35:29 | 000,000,020 | -HS- | M] () -- C:\Users\Windows 7\ntuser.ini
 
< %USERPROFILE%\*.dll >
 
< %USERPROFILE%\*.dat /30 >
[2013/08/18 09:01:55 | 000,000,048 | ---- | M] () -- C:\Users\Windows 7\jagex_cl_runescape_LIVE.dat
[2013/09/01 18:46:35 | 001,835,008 | -HS- | M] () -- C:\Users\Windows 7\NTUSER.DAT
[2013/08/18 09:21:02 | 000,000,001 | ---- | M] () -- C:\Users\Windows 7\random.dat
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\*.scr >
 
< %appdata%\*.* >
[2013/07/16 07:54:24 | 000,011,498 | ---- | M] () -- C:\Users\Windows 7\AppData\Roaming\unins000.dat
[2013/07/16 07:54:21 | 000,720,082 | ---- | M] () -- C:\Users\Windows 7\AppData\Roaming\unins000.exe
 
< %programdata%\*.* >
[2013/07/25 23:06:43 | 000,000,191 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2013/08/31 18:48:23 | 000,000,390 | RHS- | M] () -- C:\ProgramData\ntuser.pol
 
< %programdata%\*.exe /s >
[2013/08/31 08:48:30 | 000,023,744 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\mpsyschk_84fb1cb79a54db987c62dcded4ae9b6b1494622e.exe
[2013/08/02 00:08:08 | 000,173,608 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\msipatchregfix-amd64_5011cb29b096fb674a4795ee8fc2f7fdad33863a.exe
[2013/07/27 19:01:51 | 000,132,392 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\msipatchregfix-amd64_fdc2d81714535111f2c69c70b39ed1b7cd2c6266.exe
[2013/07/30 21:31:10 | 001,748,400 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\ndp40-kb2656368-v2-x64_0df360442fc0808cc47e2b73e45bc178d808227e.exe
[2013/07/30 21:30:49 | 012,126,824 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\ndp40-kb2656405-x64_0a6d8bf8c91cb5c494365c35c00a16b45139652c.exe
[2013/07/30 21:31:58 | 004,348,008 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\ndp40-kb2686827-x64_fcfbb9ae55e5c0844320930cc366392b59692916.exe
[2013/08/02 00:08:24 | 001,555,984 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\ndp40-kb2804576-x64_1901eb4a352decf21a602f8cd154fd8a69956496.exe
[2013/04/04 15:29:20 | 000,286,840 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\00003109\drsupdate.15334346_RUNASUSER.exe
[2013/07/16 07:55:08 | 004,897,216 | ---- | M] (                                                            ) -- C:\ProgramData\Temp\gbplugin_ie_bb_setup.exe
[2013/07/16 07:54:16 | 002,790,056 | ---- | M] (GAS Tecnologia                                              ) -- C:\ProgramData\Temp\sf.exe
 
< %programdata%\*.dll /s >
[2009/06/10 16:31:21 | 000,015,616 | ---- | M] (Microsoft Corp.) -- C:\ProgramData\Microsoft\IdentityCRL\ppcrlconfig.dll
[2009/06/10 16:31:21 | 000,254,216 | ---- | M] (Microsoft Corp.) -- C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll
[2013/07/02 04:34:27 | 009,460,976 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CDE47DBB-61E3-4E6D-B68B-9C1EF4014280}\mpengine.dll
[2013/06/11 23:08:52 | 009,552,976 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
 
< %PROGRAMFILES%\Internet Explorer\*.* >
[2010/11/20 23:25:08 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ExtExport.exe
[2009/07/13 21:15:24 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\hmmapi.dll
[2009/06/10 17:17:22 | 000,002,649 | ---- | M] () -- C:\Program Files (x86)\Internet Explorer\ie8props.propdesc
[2010/11/20 23:25:07 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iecompat.dll
[2013/04/07 19:18:35 | 000,860,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
[2010/11/20 23:25:08 | 000,373,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
[2009/07/13 21:14:21 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
[2013/04/07 19:18:35 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
[2010/11/20 23:25:08 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\IEShims.dll
[2010/11/20 23:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2013/04/07 19:18:35 | 000,525,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
[2009/07/13 21:15:35 | 000,122,880 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
[2009/07/13 21:15:35 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\JSProfilerCore.dll
[2010/11/20 23:25:08 | 000,353,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsprofilerui.dll
[2009/06/10 17:14:14 | 000,265,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\msdbg2.dll
[2009/06/10 17:14:15 | 000,355,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\pdm.dll
[2010/11/20 23:24:03 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
 
< C:\windows\system32\Tasks\*.* /64 >
[2013/08/21 12:21:00 | 000,003,840 | ---- | M] () -- C:\Windows\SysNative\Tasks\Adobe Flash Player Updater
[2013/08/31 08:38:04 | 000,003,370 | ---- | M] () -- C:\Windows\SysNative\Tasks\Baidu PC Faster Update
[2013/07/15 19:14:48 | 000,003,818 | ---- | M] () -- C:\Windows\SysNative\Tasks\GoogleUpdateTaskMachineCore
[2013/07/15 19:14:49 | 000,004,070 | ---- | M] () -- C:\Windows\SysNative\Tasks\GoogleUpdateTaskMachineUA
[2013/08/22 11:10:34 | 000,003,476 | ---- | M] () -- C:\Windows\SysNative\Tasks\Motorola Device Manager Engine
[2013/08/22 11:10:35 | 000,003,302 | ---- | M] () -- C:\Windows\SysNative\Tasks\Motorola Device Manager Initial Update
[2013/08/22 11:10:33 | 000,003,494 | ---- | M] () -- C:\Windows\SysNative\Tasks\Motorola Device Manager Update
[2013/09/01 15:03:06 | 000,003,072 | ---- | M] () -- C:\Windows\SysNative\Tasks\PandaUSBVaccine
[2013/09/01 18:40:41 | 000,003,970 | ---- | M] () -- C:\Windows\SysNative\Tasks\User_Feed_Synchronization-{21649084-A672-49CF-B28E-1C654969E1FD}
[2013/04/29 15:07:32 | 000,003,056 | ---- | M] () -- C:\Windows\SysNative\Tasks\{380F538B-053A-4F67-B71F-20BA5359B244}
[2013/06/22 14:57:13 | 000,003,106 | ---- | M] () -- C:\Windows\SysNative\Tasks\{4A0D9E30-78FC-4C4B-8FB2-C16774EE1194}
[2013/09/01 13:10:45 | 000,003,168 | ---- | M] () -- C:\Windows\SysNative\Tasks\{698A68F1-9B66-4E8D-9BAC-C98E180F60A3}
[2013/09/01 13:30:47 | 000,003,172 | ---- | M] () -- C:\Windows\SysNative\Tasks\{D2D5FE49-AE52-4A6E-8AE5-779155EBE93E}
[2013/09/01 13:31:38 | 000,003,154 | ---- | M] () -- C:\Windows\SysNative\Tasks\{E8C57A22-0A1D-433D-BA5B-B29C84E64197}
[2009/07/14 01:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 01:08:49 | 000,032,608 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013/04/04 13:49:50 | 000,000,902 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/07/12 15:03:15 | 000,001,070 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013/07/12 15:03:15 | 000,001,074 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
 
< %windir%\tasks\*.* /s >
[2013/09/01 18:21:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/01 13:16:14 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/01 18:19:01 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/01 13:16:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2013/07/21 14:29:51 | 000,032,608 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >
"DefaultConnectionSettings" = 46 00 00 00 3F 02 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 20 9F 34 DA 5A A7 CE 01 00 00 00 00 00 00 00 00 00 00 00 00 07 00 00 00 17 00 00 00 00 00 00 00 FE 80 00 00 00 00 00 00 9D 42 59 17 11 E1 C7 F6 0B 00 00 00 00 00 06 00 00 00 00 06 00 00 06 00 0A 00 00 01 00 00 00 00 01 00 00 00 00 00 00 00 00 4B 81 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0B 00 00 06 00 00 00 00 0B 00 00 06 00 19 00 00 01 00 00 00 00 01 00 00 00 0A 00 00 00 18 4B 81 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 06 00 17 00 00 00 00 00 00 00 FE 80 00 00 00 00 00 00 15 6B 80 82 00 47 15 A7 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 06 00 00 00 00 06 00 00 06 00 00 00 00 00 00 00 00 00 01 00 00 00 0A 00 00 FF 20 4B 81 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 06 00 00 00 00 06 00 00 06 00 00 00 00 00 00 00 00 00 01 00 00 00 19 00 00 00 08 4B 81 03 00 00 00 00 17 00 00 00 00 00 00 00 26 20 00 9B 00 00 00 00 00 00 00 00 19 CB 4B 89 00 00 00 00 00 00 00 00 01 00 00 00 19 CB 4B 89 20 4B 81 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0B 00 00 06 00 00 00 00 0B 00 00 06 00 00 00 00 00 00 00 00 00 01 00 00 00 19 FF FF FF 20 4B 81 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0B 00 00 06 00 00 00 00 0B 00 00 06 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 FE 80 00 00 00 00 00 00 24 63 09 12 F5 FF FF 9A 0C 00 00 00 00 00 18 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 00 00 01 00 00 00 7F 00 00 01 20 4B 81 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 00 00 01 00 00 00 7F FF FF FF 20 4B 81 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 00 02 00 00 00 0A 00 00 65 00 00 00 00 00 00 00 00 01 00 00 00 E0 00 00 00 04 4B 81 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 00 00 00 04 4B 81 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 06 00 00 00 00 06 00 00 06 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 00 00 00 04 4B 81 03 00 00 00 00 02 00 00 00 19 CB 4B 89 00 00 00 00 00 00 00 00 00 00 00 0B 00 00 06 00 00 00 00 00 00 00 00 00 01 00 00 00 FF FF FF FF 20 4B 81 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 00 00 01 00 00 00 FF FF FF FF 20 4B 81 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 06 00 00 00 00 06 00 00 06 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 9D 38 6A BD 24 63 09 12 F5 FF FF 9A 00 00 00 00 00 00 06 00 00 00 00 0B 00 00 06 00 00 00 00 00 00 00 00 00 01 00 00 00 FF FF FF FF 20 4B 81 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0B 00 00 06 00 00 00 00 0B 00 00 06 00 00 00 00 00 00 00 00 00 3A 00 39 00 62 00 3A 00 3A 00 31 00 39 00 63 00 62 00 3A 00 34 00 62 00 38 00 39 00 00 00 00 00  [Binary data over 200 bytes]
"SavedLegacySettings" = 46 00 00 00 4F 0A 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 20 9F 34 DA 5A A7 CE 01 00 00 00 00 00 00 00 00 00 00 00 00 07 00 00 00 17 00 00 00 00 00 00 00 FE 80 00 00 00 00 00 00 9D 42 59 17 11 E1 C7 F6 0B 00 00 00 00 00 06 00 00 00 00 06 00 00 06 00 0A 00 00 01 00 00 00 00 01 00 00 00 00 00 00 00 00 4B 81 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0B 00 00 06 00 00 00 00 0B 00 00 06 00 19 00 00 01 00 00 00 00 01 00 00 00 0A 00 00 00 18 4B 81 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 06 00 17 00 00 00 00 00 00 00 FE 80 00 00 00 00 00 00 15 6B 80 82 00 47 15 A7 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 06 00 00 00 00 06 00 00 06 00 00 00 00 00 00 00 00 00 01 00 00 00 0A 00 00 FF 20 4B 81 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 06 00 00 00 00 06 00 00 06 00 00 00 00 00 00 00 00 00 01 00 00 00 19 00 00 00 08 4B 81 03 00 00 00 00 17 00 00 00 00 00 00 00 26 20 00 9B 00 00 00 00 00 00 00 00 19 CB 4B 89 00 00 00 00 00 00 00 00 01 00 00 00 19 CB 4B 89 20 4B 81 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0B 00 00 06 00 00 00 00 0B 00 00 06 00 00 00 00 00 00 00 00 00 01 00 00 00 19 FF FF FF 20 4B 81 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0B 00 00 06 00 00 00 00 0B 00 00 06 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 FE 80 00 00 00 00 00 00 24 63 09 12 F5 FF FF 9A 0C 00 00 00 00 00 18 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 00 00 01 00 00 00 7F 00 00 01 20 4B 81 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 00 00 01 00 00 00 7F FF FF FF 20 4B 81 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 00 02 00 00 00 0A 00 00 65 00 00 00 00 00 00 00 00 01 00 00 00 E0 00 00 00 04 4B 81 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 00 00 00 04 4B 81 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 06 00 00 00 00 06 00 00 06 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 00 00 00 04 4B 81 03 00 00 00 00 02 00 00 00 19 CB 4B 89 00 00 00 00 00 00 00 00 00 00 00 0B 00 00 06 00 00 00 00 00 00 00 00 00 01 00 00 00 FF FF FF FF 20 4B 81 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 00 00 01 00 00 00 FF FF FF FF 20 4B 81 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 06 00 00 00 00 06 00 00 06 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 9D 38 6A BD 24 63 09 12 F5 FF FF 9A 00 00 00 00 00 00 06 00 00 00 00 0B 00 00 06 00 00 00 00 00 00 00 00 00 01 00 00 00 FF FF FF FF 20 4B 81 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0B 00 00 06 00 00 00 00 0B 00 00 06 00 00 00 00 00 00 00 00 00 3A 00 39 00 62 00 3A 00 3A 00 31 00 39 00 63 00 62 00 3A 00 34 00 62 00 38 00 39 00 00 00 00 00  [Binary data over 200 bytes]
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations >
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments >
 
< HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s >
 
< HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP >
 
< HKCU\Software\Microsoft\Internet Explorer\Downloads >
 
< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
 
< Net User /c >
Contas de usu rio para \\WINDOWS7-PC
-------------------------------------------------------------------------------
Administrador            Convidado                Mcx1-WINDOWS7-PC         
UpdatusUser              Windows 7                
Comando conclu¡do com ˆxito.
 
< MD5 for: SERVICES  >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2011/01/27 19:10:42 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=50535783545434F9F2AB62A53C706EFA -- C:\Windows\SysNative\pt-BR\services.exe.mui
[2011/01/27 19:10:42 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=50535783545434F9F2AB62A53C706EFA -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c78e6f42ac5a3207\services.exe.mui
[2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2011/01/27 19:10:39 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\SysNative\pt-BR\services.msc
[2011/01/27 19:10:44 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\SysWOW64\pt-BR\services.msc
[2011/01/27 19:10:39 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_01d03f2e82c3cbfa\services.msc
[2011/01/27 19:10:44 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a5b1a3aaca665ac4\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
========== Files - Unicode (All) ==========
[2013/07/23 12:37:38 | 000,000,000 | ---D | M](D:\Documents\?? ???) -- D:\Documents\넥슨 플러그
[2013/07/23 12:37:38 | 000,000,000 | ---D | C](D:\Documents\?? ???) -- D:\Documents\넥슨 플러그
 
< End of report >
 


#6
bunfl

bunfl

    Novato

  • Novato
  • Pip
  • 10 posts

extras

Arquivo(s) anexado(s)



#7
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.934 posts

Ok,
 
1)

Selecione estas linhas dentro do CODE, clique com o direito sobre a seleção e escolha a opção copiar

OBS: Certifique-se de copiar começando pela letra e sinal de dois pontos ": O" de OTL.
 

:OTL
IE - HKCU\..\SearchScopes\{CAE439BF-D226-4829-9DDD-20FFEEC30861}: "URL" = http://websearch.ask...J&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYBR&apn_uid=E040947F-8300-454A-A14F-46C3789CEF5E&apn_sauid=B3844EE2-4DF8-4206-94E5-51167A9A164F
O4:64bit: - HKLM..\Run: [Hamza] wscript.exe //B "C:\Users\WINDOW~1\AppData\Local\Temp\Hamza.vbs" File not found
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKCU..\Run: [Hamza] wscript.exe //B "C:\Users\WINDOW~1\AppData\Local\Temp\Hamza.vbs" File not found
O4 - Startup: C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hamza.vbs ()
O32 - AutoRun File - [2005/08/01 11:44:27 | 000,000,225 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2005/09/16 15:51:12 | 000,999,424 | R--- | M] (Microsoft Corporation) - F:\autorun.exe -- [ CDFS ]
O33 - MountPoints2\{18306701-eda5-11e2-b594-7071bc6719df}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{cfa44575-c7a6-11e2-82dd-7071bc6719df}\Shell - "" = AutoRun
O33 - MountPoints2\{cfa44575-c7a6-11e2-82dd-7071bc6719df}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2005/09/16 15:51:12 | 000,999,424 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{cfa44575-c7a6-11e2-82dd-7071bc6719df}\Shell\directx\command - "" = DirectX9\dxsetup.exe
O33 - MountPoints2\{cfa44575-c7a6-11e2-82dd-7071bc6719df}\Shell\setup\command - "" = F:\setup.exe -- [2005/09/19 18:04:52 | 000,253,952 | R--- | M] (Microsoft Game Studios )
O33 - MountPoints2\{d0936e3c-0b32-11e3-bf15-7071bc6719df}\Shell - "" = AutoRun
O33 - MountPoints2\{d0936e3c-0b32-11e3-bf15-7071bc6719df}\Shell\AutoRun\command - "" = G:\MotorolaDeviceManagerSetup.exe -a
[2013/07/23 12:37:38 | 000,000,000 | ---D | M](D:\Documents\?? ???) -- D:\Documents\넥슨 플러그
[2013/07/23 12:37:38 | 000,000,000 | ---D | C](D:\Documents\?? ???) -- D:\Documents\넥슨 플러그

:files
C:\Users\WINDOW~1\AppData\Local\Temp\Hamza.vbs
ipconfig /flushdns /c

:Commands
[createrestorepoint]
[purity]
[emptytemp]

Execute o OTL.exe

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).
Clique no botão BotaoConsertar.png

O programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

2)

Poste um novo log do HijackThis.


Editado por CarlosTurco, 02 setembro 2013 - 07:23.


#8
bunfl

bunfl

    Novato

  • Novato
  • Pip
  • 10 posts
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CAE439BF-D226-4829-9DDD-20FFEEC30861}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAE439BF-D226-4829-9DDD-20FFEEC30861}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Hamza deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon deleted successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Hamza deleted successfully.
C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hamza.vbs moved successfully.
File move failed. F:\Autorun.inf scheduled to be moved on reboot.
File move failed. F:\autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18306701-eda5-11e2-b594-7071bc6719df}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18306701-eda5-11e2-b594-7071bc6719df}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfa44575-c7a6-11e2-82dd-7071bc6719df}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfa44575-c7a6-11e2-82dd-7071bc6719df}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfa44575-c7a6-11e2-82dd-7071bc6719df}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfa44575-c7a6-11e2-82dd-7071bc6719df}\ not found.
File move failed. F:\autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfa44575-c7a6-11e2-82dd-7071bc6719df}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfa44575-c7a6-11e2-82dd-7071bc6719df}\ not found.
File DirectX9\dxsetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfa44575-c7a6-11e2-82dd-7071bc6719df}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfa44575-c7a6-11e2-82dd-7071bc6719df}\ not found.
File move failed. F:\setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0936e3c-0b32-11e3-bf15-7071bc6719df}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0936e3c-0b32-11e3-bf15-7071bc6719df}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0936e3c-0b32-11e3-bf15-7071bc6719df}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0936e3c-0b32-11e3-bf15-7071bc6719df}\ not found.
File G:\MotorolaDeviceManagerSetup.exe -a not found.
D:\Documents\넥슨 플러그 folder moved successfully.
Folder D:\Documents\넥슨 플러그\ not found.
========== FILES ==========
File move failed. C:\Users\WINDOW~1\AppData\Local\Temp\Hamza.vbs scheduled to be moved on reboot.
< ipconfig /flushdns /c >
Configura‡Æo de IP do Windows
Libera‡Æo do Cache do DNS Resolver bem-sucedida.
D:\Downloads\cmd.bat deleted successfully.
D:\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57472 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: hedev
->Temp folder emptied: 43164427 bytes
 
User: Mcx1-WINDOWS7-PC
 
User: Mcx1-WINDOWS7-PC.Windows7-PC
->Temp folder emptied: 516 bytes
->Temporary Internet Files folder emptied: 9091975 bytes
->Flash cache emptied: 57472 bytes
 
User: Public
 
User: Todos os Usuários
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Windows 7
->Temp folder emptied: 1788973252 bytes
->Temporary Internet Files folder emptied: 36829844 bytes
->Java cache emptied: 3238454 bytes
->Google Chrome cache emptied: 7810409 bytes
->Flash cache emptied: 59794 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 533386 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50521 bytes
RecycleBin emptied: 5488772360 bytes
 
Total Files Cleaned = 7.037,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 09022013_105623
 
Files\Folders moved on Reboot...
File\Folder F:\Autorun.inf not found!
File\Folder F:\autorun.exe not found!
File\Folder F:\setup.exe not found!
C:\Users\WINDOW~1\AppData\Local\Temp\Hamza.vbs moved successfully.
C:\Users\Windows 7\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Windows 7\AppData\Local\Temp\Hamza.vbs not found!
C:\Windows\temp\optboottime.dat moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...

Arquivo(s) anexado(s)



#9
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.934 posts

Ok,

 

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ComboFix
http://www.bleepingc...nload/combofix/

Salve-o na sua área de trabalho.

  • Feche todas as janelas e programas. Rode o ComboFix.
  • Dê um duplo-clique no combofix.exe e tecle "Sim" para prosseguir.
  • Quando perguntado se deseja instalar o Console de Recuperação, clique em Sim e agüarde.
  • Clique em OK para aceitar o EULA, e depois clique em Sim para continuar a busca por malwares.

Não clique em nada e não aperte nenhuma tecla durante o exame, pois a ferramenta não funcionará corretamente.

Quando a ferramenta terminar de rodar, gerará um log. Poste o conteúdo do arquivo C:\ComboFix.txt na sua próxima resposta.

Importante:

  • É necessário estar conectado durante o procedimento com o ComboFix;
  • É preciso estar logado no sistema com privilégios de administrador.
  • Baixe e SALVE o ComboFix. Na janela de download, onde aparecem as opções Executar / Salvar, clique em Salvar. Não execute o ComboFix na janela do seu navegador.
  • Mantenha seu antivirus, antispywares e firewall desativados durante os procedimentos com o ComboFix. Torne a ativá-los quando terminar tudo.
  • Caso você já tenha usado o Combofix anteriormente, então delete-o e baixe-o novamente.
  • Caso o Console de Recuperação já esteja instalado nesta máquina, o ComboFix não irá lhe sugerir a instalação.
  • Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e atrasará a remoção do(s) malware(s)
  • O ComboFix é uma ferramenta que pode danificar o sistema se for usada incorretamente. Use-o apenas sob supervisão de um analista de malwares.


#10
bunfl

bunfl

    Novato

  • Novato
  • Pip
  • 10 posts

feito

Arquivo(s) anexado(s)

  • Arquivo anexado  log.txt   16,73K   1 Downloads


#11
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.934 posts

Desative seu antivírus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções.

Selecione e copie o texto dentro do CODE. Abra o Bloco de Notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.
  
 

ClearJavaCache::

File::
c:\users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hamza.vbs
C:\Users\WINDOW~1\AppData\Local\Temp\Hamza.vbs

Reboot::

 
 
Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.


cfscript.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.
* Caso isso não aconteça, então reinicie manualmente.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.


Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

Poste também um novo log do HijackThis.



#12
bunfl

bunfl

    Novato

  • Novato
  • Pip
  • 10 posts

pronto

Arquivo(s) anexado(s)



#13
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.934 posts

bunfl,

 

1)

 

Abra o HijackThis.
 
** Usuários do Windows Vista e Windows 7/8:
Clique com o direito , depois clique em execadmin.png
.
 
Clique em Do a system scan only e marque as entradas listadas abaixo, em seguida clique em ht-fix.png
 
O4 - Startup: Hamza.vbs

Reinicie o computador

 

2)

 

Faça download do Microsoft Safety Scanner.

  • Execute a ferramenta, selecione Aceitar, depois em Avançar.
  • Na outra tela clique em Avançar novamente. Depois selecione Exame Geral e depois em avançar.
  • O exame irá começar, tenha paciência ele é demorado.
  • Quando terminar clique em Finish e depois em Ok.
  • O log do programa ficará localizado em C:\Windows\Debug\msert.log , abra esse arquivo, copie o conteúdo e cole-o na íntegra na sua próxima resposta.

 

 

Poste também um novo log do HijackThis.



#14
bunfl

bunfl

    Novato

  • Novato
  • Pip
  • 10 posts

pronto

Arquivo(s) anexado(s)



#15
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.934 posts

Bom dia.

 

Faça o download do Windows Repair Portable.
http://www.tweaking....all_in_one.html
 
Escolha a opção: Portable (3.12 MB)

tweaking_download.gif - Direct Download


Instale o programa e execute-o.

Clique na aba Step 4 > Clique em Create para criar um ponto de restauração e em seguida em Backup para fazer backup do registro.
dFaOZ.png

Clique em Next em seguida Start.

Clique no botão 5wyy38.png para desmarcar todas as opções. Então marque:

Reset Registry Permissions
Reset File Permissions
Register System Files

Repair WMI
Repair Windows Firewall
Repair Internet Explorer

Remove Policies Set By Infections
Repair Icons
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Repair Windows Updates

Repair Volume Shadow Copy Service
Restore Important Windows Services
Set Windows Services To Default Startup
Repair MSI (Windows Installer)
Repair File Associations
 
 
Em seguida deixe marcado como está na imagem e dê o Start:

2hcjhvc.png

Aguarde e ao término o PC será reiniciado.

 

Poste um novo log do HijackThis.



#16
bunfl

bunfl

    Novato

  • Novato
  • Pip
  • 10 posts

pronto

Arquivo(s) anexado(s)


Editado por bunfl, 04 setembro 2013 - 12:54.


#17
bunfl

bunfl

    Novato

  • Novato
  • Pip
  • 10 posts

agora qando inicia o pc ele fica pedindo para ativar o windows 



#18
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.934 posts

agora qando inicia o pc ele fica pedindo para ativar o windows 

 

Se seu sistema for original, ative-o.

 

Os logs estão limpos. :)
 
Para finalizar:

  • Vá em Iniciar > Executar > digite (ou copie e cole): ComboFix /Uninstall

    2egd02b.png

    Dê o OK. Aguarde, pois isso irá desinstalar o ComboFix.
  • Execute o OTL.exe

    Clique no botão Botao_Limpeza_OTL.png.
  • iconjava.png Atualize o Java. Versões antigas têm vulnerabilidades que alguns malwares podem usar para infectar seu sistema.
    • Faça download da última versão do Java SE 7u25.
    • Clique em JRE Download
    • Marque a caixa Accept License Agreement..
    • Clique no link para download Windows x86 Offline 30.25 MB jre-7u25-windows-i586.exe e salve no seu desktop.
    • Feche qualquer programa que esteja executando, especialmente navegadores.
    • Vá em Iniciar > Painel de Controle duplo clique em Adicionar ou Remover Programas e remova todas as versões antigas do Java.
      Exemplos de versões antigas
      Java 2 Runtime Environment, SE v1.4.2
      J2SE Runtime Environment 5.0
      J2SE Runtime Environment 5.0 Update 6
    • Selecione qualquer item com nome Java Runtime Environment (JRE ou J2SE).
    • Clique no botão Remover ou Alterar/Remover.
    • Repita quantas vezes for necessária para remover cada versão do Java.
    • Reincie seu computador uma vez que todas as versões do Java tenham sido removidas.
    • Agora vá no seu desktop, clique duas vezes em jre-7u25-windows-i586.exe para instalar a mais nova versão.
    • ATENÇÃO: Desmarque a caixa de instalação da ASK Toolbar.
  • iconadobe.png  Atualize o Adobe Reader. Versões antigas têm vulnerabilidades que são exploradas por malwares.

    Clique aqui e instale a mais nova versão.
  • iconflash.png Mantenha o Flash Player atualizado. Versões antigas também têm vulnerabilidades que são exploradas por malwares. Clique aqui e instale a mais nova versão.
  • worm.pngWorms USB (vírus de pendrive) podem infectar qualquer tipo de dispositivo de armazenamento removível (pendrives, mp3, mp4, celulares, cartões de memória, câmeras fotográficas). Este tipo de malware explora um recurso nativo do Windows chamado Autorun, ou Autoplay (é aquele assistente que aparece quando você insere um cd ou pendrive, perguntando com qual programa você deseja abri-lo). O Autoplay precisa de um arquivo chamado autorun.inf para funcionar.

    Mantenha um cópia limpa e protegida do arquivo autorun.inf em todos os dispositivos removíveis e em todas as unidades do sistema. Deste modo, se acaso você plugar o seu pendrive em algum pc infectado, o malware não vai conseguir sobreescrever o arquivo pré-existente. Mas ainda assim ele poderá copiar seus executáveis maliciosos para o pendrive, tais como .EXE, .SCR, .CMD, .PIF, .BAT, .COM.
    Se você plugar este pendrive em uma máquina limpa e executar algum desses arquivos maliciosos, esse sistema será infectado da mesma forma. Portanto, tenha cuidado e use o bom senso.

    Para criar um arquivo autorun.inf protegido no Windows XP:

    Faça o download do Flash_Disinfector.exe e salve na sua área de trabalho.
    • Conecte todos os dispositivos de armazenamento removível nas portas USBs. Salve o que achar necessário, EXCETO arquivos executáveis, depois formate as mídias, indo em Meu Computador e clicando com o direito sobre a unidade da mídia, escolhendo a opção "Formatar"
    • Execute o Flash_Disinfector.exe.
    • Vá seguindo os prompts que poderão aparecer.
    • Espere até que o programa conclua a busca e depois saia do programa.
    Para Windows Vista e 7: Panda USB Vaccine
  • TFC_icon.pngPara manutenção de sistema, remoção de arquivos temporários e inválidos, baixe TFC, by OldTimer.

    Feche TODOS os programas e execute o TFC. Clique no botão Start e aguarde. Sua área de trabalho irá desaparecer, não se preocupe, isso faz parte do processo.

    Tenha paciência, conforme a quantidade de dados a serem excluídos, o processo pode demorar mais de 2 minutos.

    Quando terminar, você será solicitado a reiniciar seu computador. REINICIE.

    Caso não lhe seja solicitado, reinicie manualmente.
  • iconwu.pngVisite o Windows Update regularmente e verifique por atualizações.
    Novas brechas de segurança são descobertas com freqüência. Muitos malwares exploram essas brechas, infectando sistemas sem depender de nenhuma ação do usuário. A Microsoft corrige essas brechas através das atualizações.
    Por isso é fundamental manter o seu sistema atualizado.
  • Desative e ative novamente a Restauração do Sistema.
  • Aprenda alguns cuidados e dicas para manter seu computador limpo. Leia o artigo Proteja seu pc:
    http://linhadefensiv...proteja-seu-pc/
  • Se não há mais nenhum problema relacionado a malwares, clique no botão denunld.png e peça para fecharem seu tópico.
  • Se você tiver alguma dúvida relacionada a informática e tecnologia, sinta-se à vontade para postar em qualquer área do forum Linha Defensiva.

    Abraço. :legal:
     


#19
Felipe-rj

Felipe-rj

    Moderador

  • Moderador
  • 837 posts
PROBLEMA RESOLVIDO
 
Caso queira solicitar a reabertura do tópico, utilize o botão Denunciar para entrar em contato com a moderação.

Nota: Somente o autor pode realizar essa solicitação na área Remoção de Malware.