[Arquivado] &nbspAnálise de log

[jsg791 0]

Bom dia,

 

Meu computador tem estado um pouco lento, estou enviando um log para análise.

 

 

--

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:11:14 AM, on 1/9/2011

Platform: Windows 7 SP1, v.721 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.7930.16406)

Boot mode: Normal

 

Running processes:

C:\Program Files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Windows\STK02N\STK02NM.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Windows\SysWOW64\aetcrss1.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Users\jose\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\IEToolbar.dll

O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [Google Update] "C:\Users\jose\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Global Startup: STK02N 2.3 PNP Monitor.lnk = ?

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: lxda_device - - C:\Windows\system32\lxdacoms.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe

O23 - Service: BitDefender Desktop Update Service (Updatesrv) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

 

Obrigado.

[Felipe_88 0]

jsg791,

 

1º

*Baixe o AD-Remover

e salve-o no desktop

*Duplo clique em AD-R.exe

*Clique em [Clean]...aguarde o término. A reinicialização do PC poderá ser solicitada pelo programa.

*Cole o relatório criado em C:\Ad-Report-CLEAN.log

 

2º

* Faça o download do DelDomains

* Clique com o botão direito no [DelDomains.inf] e clicar em Instalar.

* Reinicie a máquina.

Obs.: Esse procedimento removerá todas as entradas presentes nos sites confiáveis e nos sites restritos. Caso queira adicionar alguma entrada nos sites restritos, será necessário adicioná-las posteriormente.

[jsg791 0]

O link de download do Ad-Remover não está funcionando, onde mais posso fazer download do programa?

[Felipe_88 0]

jsg791,

 

Link atualizado:

http://www.teamxscript.org/too/AD-R.exe

[jsg791 0]

Procedi conforme orientado, estou enviando abaixo o novo log. Devo alterar minhas senhas?

 

 

======= REPORT FROM AD-REMOVER 2.0.0.2,D | ONLY XP/VISTA/7 =======

 

Updated by TeamXscript on 12/01/11 at 19:00

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

website: http://www.teamxscript.org

 

C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 11:27:20 on 13/01/2011, Normal boot

 

Microsoft Windows 7 Ultimate Service Pack 1, v.721 (X64)

jose@JOSE-PC (Hewlett-Packard HP G60 Notebook PC)

 

============== ACTION(S) ==============

 

 

Folder deleted: C:\Users\jose\AppData\LocalLow\Conduit

Folder deleted: C:\Program Files (x86)\Conduit

Folder deleted: C:\Users\jose\AppData\LocalLow\ConduitEngine

Folder deleted: C:\Program Files (x86)\ConduitEngine

 

(!) -- Temporary files deleted.

 

 

Key deleted: HKLM\Software\Classes\CLSID\{003C44EB-EBFB-4836-A62E-47DCE40A1438}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{003C44EB-EBFB-4836-A62E-47DCE40A1438}

Key deleted: HKLM\Software\Classes\CLSID\{6BE7C1AB-4F2C-4335-B177-244FCE547CB2}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6BE7C1AB-4F2C-4335-B177-244FCE547CB2}

Key deleted: HKLM\Software\Classes\Toolbar.CT2786678

Key deleted: HKLM\Software\Conduit

Key deleted: HKLM\Software\conduitEngine

Key deleted: HKCU\Software\AppDataLow\Toolbar

Key deleted: HKCU\Software\AppDataLow\Software\Conduit

Key deleted: HKCU\Software\AppDataLow\Software\conduitEngine

Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{236A890A-ADF4-44F2-9272-109C0F7AAA73}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

 

Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}

 

 

============== ADDITIONNAL SCAN ==============

 

** Mozilla Firefox Version [3.6.13 (pt-BR)] **

 

-- C:\Users\jose\AppData\Roaming\Mozilla\FireFox\Profiles\64a7pd15.default\Prefs.js --

browser.startup.homepage, hxxp://www.google.com

browser.startup.homepage_override.buildID, 20101214170338

browser.startup.homepage_override.mstone, rv:1.9.2.13

 

========================================

 

** Internet Explorer Version [9.0.7930.16406] **

 

[HKCU\Software\Microsoft\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Do404Search: 0x01000000

Enable Browser Extensions: yes

Local Page: C:\Windows\system32\blank.htm

Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

Show_ToolBar: yes

Start Page: hxxp://fr.msn.com/

Use Search Asst: no

 

[HKLM\Software\Microsoft\Internet Explorer\Main]

AutoHide: yes

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Delete_Temp_Files_On_Exit: yes

Enable Browser Extensions: yes

Local Page: C:\Windows\SysWOW64\blank.htm

Search bar: hxxp://search.msn.com/spbasic.htm

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Start Page: hxxp://fr.msn.com/

Use Search Asst: no

 

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

Blank: res://mshtml.dll/blank.htm

 

========================================

 

C:\Program Files (x86)\Ad-Remover\Quarantine: 9 File(s)

C:\Program Files (x86)\Ad-Remover\Backup: 14 File(s)

 

C:\Ad-Report-CLEAN[1].txt - 13/01/2011 (3438 Byte(s))

 

End at: 11:29:15, 13/01/2011

 

============== E.O.F ==============

[Renato Utsch 24]

Olá!

 

Desculpe-nos a demora para responder... O Felipe está de férias e se ausentou por um mês, e estamos assim com poucos analistas...

 

Por favor, siga as instruções abaixo:

 

Faça o Download do DDS e salve no Desktop (Área de trabalho).

 

• Temporariamente desative os seus programas de proteção.
  
• Duplo clique em dds.scr.
  
• Irá surgir uma tela preta com algumas informações. Não clique em nada, apenas aguarde!
  
• Quando terminar, duas janelas abrirão: DDS.txt e Attach.txt.
  
• Salve o resultado e cole-o no seu tópico.
  

 

OBS: Caso o link disponibilizado não funcione, tente baixar o DDS por ESTE link.

 

 

 

Abraços :D

[jsg791 0]

Olá,

 

Desculpe a demora na resposta. Segue abaixo o log:

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_10-12-12.02)

 

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume2

Install Date: 12/3/2010 8:06:16 PM

System Uptime: 2/10/2011 3:19:59 AM (40 hours ago)

 

Motherboard: Wistron | | 303C

Processor: AMD Turion Dual-Core RM-75 | Socket A | 2200/133mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 124 GiB total, 84.917 GiB free.

D: is CDROM ()

 

==== Disabled Device Manager Items =============

 

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: SASDIFSV

Device ID: ROOT\LEGACY_SASDIFSV\0000

Manufacturer:

Name: SASDIFSV

PNP Device ID: ROOT\LEGACY_SASDIFSV\0000

Service: SASDIFSV

 

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: SASKUTIL

Device ID: ROOT\LEGACY_SASKUTIL\0000

Manufacturer:

Name: SASKUTIL

PNP Device ID: ROOT\LEGACY_SASKUTIL\0000

Service: SASKUTIL

 

==== System Restore Points ===================

 

RP57: 2/7/2011 7:22:59 AM - Windows Update

RP58: 2/10/2011 3:00:14 AM - Windows Update

RP59: 2/11/2011 7:01:32 PM - Installed DirectX

RP60: 2/11/2011 7:06:01 PM - Installed DirectX

RP61: 2/11/2011 7:08:08 PM - Installed DirectX

 

==== Installed Programs ======================

 

Ad-Remover By C_XX

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.1 - Português

Adobe Shockwave Player 11.5

Apple Application Support

Apple Software Update

Assistente de Instalação Certisign

Feedback Tool

FileZilla Client 3.3.5.1

Foxit Reader

Gerenciador de Certificados Digitais - Certisign

GIMP 2.6.11

Google Chrome

Google Earth Plug-in

Google Update Helper

GTK2-Runtime

HP Quick Launch Buttons

HP Wireless Assistant

IBM ViaVoice Dictation Runtime 9.0 - Português do Brasil

Java Auto Updater

Java 6 Update 22

LightScribe System Software

Malwarebytes' Anti-Malware

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft CAPICOM 2.1.0.2 SDK

Microsoft Expression Blend 3 SDK

Microsoft Expression Blend 4

Microsoft Expression Blend SDK for .NET 4

Microsoft Expression Blend SDK for Silverlight 4

Microsoft Expression Design 4

Microsoft Expression Encoder 4

Microsoft Expression Encoder 4 Screen Capture Codec

Microsoft Expression Studio 4

Microsoft Expression Web 4

Microsoft Silverlight

Microsoft Silverlight 3 SDK

Microsoft Silverlight 4 SDK

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox (3.6.13)

Mozilla Thunderbird (3.1.7)

Opera 11.01

QLBCASL

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek USB 2.0 Card Reader

RealUpgrade 1.1

Safari

SafeSign

STK02N 2.3

uTorrentBar Toolbar

Windows Media Player Firefox Plugin

WPF Toolkit February 2010 (Version 3.5.50211.1)

 

==== Event Viewer Messages From Past Week ========

 

2/10/2011 3:21:08 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL

 

==== End Of File ===========================

 

Esqueci de adicionar a outra parte, segue abaixo:

 

 

 

DDS (Ver_10-12-12.02) - NTFS_AMD64

Run by jose at 19:42:32.25 on Fri 02/11/2011

Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_22

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2814.785 [GMT -2:00]

 

AV: BitDefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: BitDefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}

FW: BitDefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k HsfXAudioService

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe

C:\Windows\Explorer.EXE

C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch64.exe

C:\Program Files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Windows\STK02N\STK02NM.exe

C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Users\jose\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\jose\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\jose\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\jose\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Users\jose\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe

C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Users\jose\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe

C:\Users\jose\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\jose\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\jose\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1159615.exe

C:\Windows\splwow64.exe

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

C:\Users\jose\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\jose\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\notepad.exe

C:\Program Files (x86)\Bluefish\bluefish.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Users\jose\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Users\jose\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Microsoft Expression\Web 4\ExpressionWeb.exe

C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugin-container.exe

C:\Program Files (x86)\Safari\Safari.exe

C:\Users\jose\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\jose\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\jose\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\jose\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\AUDIODG.EXE

C:\Users\jose\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = 200.102.249.253:3128

mURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\IEToolbar.dll

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [Google Update] "C:\Users\jose\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STK02N~1.LNK - C:\Windows\STK02N\STK02NM.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - C:\Program Files (x86)\GbPlugin\gbieh.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

TB-X64: BitDefender Toolbar: {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\IEToolbar.dll

mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun-x64: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe"

mRun-x64: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe"

mRun-x64: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

 

================= FIREFOX ===================

 

FF - ProfilePath - C:\Users\jose\AppData\Roaming\Mozilla\Firefox\Profiles\64a7pd15.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - component: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\components\bdaphff3.6.dll

FF - component: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\components\bdaphff3.dll

FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll

FF - component: C:\Users\jose\AppData\Roaming\Mozilla\Firefox\Profiles\64a7pd15.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\jose\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org

FF - Ext: Verificador Ortográfico para Português do Brasil.: pt-BR@dellalibera.sf.net - %profile%\extensions\pt-BR@dellalibera.sf.net

FF - Ext: SEO For Firefox: seo4firefox@seobook.com - %profile%\extensions\seo4firefox@seobook.com

FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}

FF - Ext: Módulo de Segurança - Banco do Brasil: {87F8774F-B485-47E2-A755-A40A8A5E886C} - %profile%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}

FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}

FF - Ext: BitDefender Antiphishing Toolbar: FFToolbar@bitdefender.com - C:\Program Files\BitDefender\BitDefender 2011\bdaphffext

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

 

============= SERVICES / DRIVERS ===============

 

R1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys [2010-8-20 88144]

R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-8-20 99408]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2011-1-5 54664]

R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 27136]

R2 Updatesrv;BitDefender Desktop Update Service;C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe [2010-10-11 51688]

R3 BDFM;BDFM;C:\Windows\System32\drivers\bdfm.sys [2010-5-13 162896]

R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-2-12 292864]

R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-12-3 228408]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-5 136176]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-10-1 71168]

S3 GemCCID;GemCCID;C:\Windows\System32\drivers\GemCCID.sys [2009-8-10 119680]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 51456888]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-9-30 20992]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-12-3 216064]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-10-1 88960]

S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-10-1 34816]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-9-30 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-9-30 31232]

S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-10-1 117248]

S3 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-10-11 467248]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-4 1255736]

S4 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2010-6-28 692816]

S4 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2010-6-28 1040976]

 

=============== Created Last 30 ================

 

2011-02-11 21:05:12 -------- d-----w- C:\Program Files (x86)\WPF Toolkit

2011-02-11 21:02:20 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll

2011-02-11 20:58:54 -------- d-----w- C:\Program Files (x86)\Microsoft Expression

2011-02-11 05:54:27 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{06F46759-68B3-4642-ABAC-1B0160AF1CCC}\mpengine.dll

2011-02-10 05:02:29 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-02-10 05:02:29 366080 ----a-w- C:\Windows\System32\atmfd.dll

2011-02-10 05:02:29 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2011-02-10 05:02:29 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll

2011-02-10 05:01:03 2381824 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-02-10 05:01:03 2381824 ----a-w- C:\Windows\System32\mshtml.tlb

2011-02-10 05:00:58 1502208 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-02-10 05:00:58 1448448 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-02-07 09:20:28 187013 ----a-w- C:\Windows\Submitter Uninstaller.exe

2011-02-07 09:20:26 -------- d-----w- C:\Users\jose\AppData\Roaming\Sick Marketing

2011-02-05 04:03:31 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2011-02-03 06:03:23 -------- d-----w- C:\Users\jose\AppData\Roaming\EurekaLog

2011-02-02 11:44:29 -------- d-----w- C:\zip

2011-02-02 10:27:06 -------- d-----w- C:\MGtools

2011-02-02 10:10:05 -------- d-----w- C:\$RECYCLE.BIN

2011-02-02 09:59:38 0 ----a-w- C:\Windows\System32\wnlogon.sys

2011-02-02 09:50:50 98816 ----a-w- C:\Windows\sed.exe

2011-02-02 09:50:50 89088 ----a-w- C:\Windows\MBR.exe

2011-02-02 09:50:50 256512 ----a-w- C:\Windows\PEV.exe

2011-02-02 09:50:50 161792 ----a-w- C:\Windows\SWREG.exe

2011-02-02 09:04:28 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-02-02 09:04:23 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-02-02 06:18:29 -------- d-----w- C:\Users\jose\AppData\Roaming\SUPERAntiSpyware.com

2011-02-02 06:18:29 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com

2011-02-02 06:13:05 -------- d-----w- C:\Users\jose\AppData\Local\CrashDumps

2011-02-02 05:36:08 -------- d-----w- C:\Program Files\CCleaner

2011-02-02 05:29:28 -------- d-----w- C:\Users\jose\AppData\Roaming\Malwarebytes

2011-02-02 05:29:11 -------- d-----w- C:\PROGRA~3\Malwarebytes

2011-02-02 05:29:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-02-01 06:58:26 -------- d-----w- C:\Users\jose\AppData\Local\Opera

2011-01-31 05:34:21 -------- d-----w- C:\Program Files\Symantec

2011-01-31 05:33:22 -------- d-----w- C:\Program Files (x86)\Norton 360

2011-01-31 05:33:20 -------- d-----w- C:\PROGRA~3\Norton

2011-01-31 05:32:52 -------- d-----w- C:\Program Files (x86)\NortonInstaller

2011-01-31 05:32:52 -------- d-----w- C:\PROGRA~3\NortonInstaller

2011-01-21 20:24:08 -------- d-----w- C:\Users\jose\AppData\Local\Apple Computer

2011-01-21 20:20:58 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2011-01-21 20:20:58 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2011-01-21 20:20:58 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2011-01-21 20:20:58 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2011-01-21 20:20:58 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2011-01-21 20:20:58 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2011-01-21 20:20:58 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2011-01-21 20:19:52 -------- d-----w- C:\Program Files\Bonjour

2011-01-21 20:19:52 -------- d-----w- C:\Program Files (x86)\Bonjour

2011-01-21 20:19:21 -------- d-----w- C:\Users\jose\AppData\Local\Apple

2011-01-20 15:05:16 -------- d-----w- C:\Program Files (x86)\Article Marketing Robot

2011-01-15 19:44:24 -------- d-----w- C:\Users\jose\AppData\Roaming\Article Marketing Robot

2011-01-15 18:29:07 -------- d-----w- C:\Users\jose\AppData\Roaming\Foxit Software

2011-01-15 18:27:51 -------- d-----w- C:\Program Files (x86)\Foxit Software

2011-01-14 12:54:52 565760 ----a-w- C:\Windows\SysWow64\MSVCP50.DLL

2011-01-14 12:54:03 32256 ----a-w- C:\Windows\SysWow64\vvprodreg.dll

2011-01-14 12:50:47 -------- d-----w- C:\Program Files\Microsoft Windows Script

2011-01-14 12:50:03 65536 ----a-w- C:\Windows\SysWow64\viavoiceps.dll

2011-01-14 12:50:03 61440 ----a-w- C:\Windows\SysWow64\vvrtkclients.dll

2011-01-14 12:50:03 49152 ----a-w- C:\Windows\SysWow64\setnote.cpl

2011-01-14 12:50:03 37888 ----a-w- C:\Windows\SysWow64\vvrtkreg.dll

2011-01-14 12:50:03 317952 ----a-w- C:\Windows\SysWow64\roboex32.dll

2011-01-14 12:50:03 20480 ----a-w- C:\Windows\SysWow64\setresbr.dll

2011-01-14 12:50:02 -------- d-----w- C:\Program Files (x86)\ViaVoice

2011-01-14 12:47:48 308224 ----a-w- C:\Windows\IsUn0416.exe

2011-01-14 06:32:53 -------- d-----w- C:\Users\jose\AppData\Local\Xenocode

2011-01-14 04:15:12 758272 ----a-w- C:\Windows\System32\cohelper.dll

2011-01-14 04:15:12 11164 ----a-w- C:\Windows\System32\drivers\nvphy.bin

2011-01-14 04:15:12 -------- d-----w- C:\Program Files\NVIDIA Corporation

2011-01-14 03:41:19 -------- d-----w- C:\Program Files (x86)\UBot

2011-01-13 13:27:18 -------- d-----w- C:\Program Files (x86)\Ad-Remover

2011-01-13 05:01:39 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll

2011-01-13 05:01:39 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll

2011-01-13 05:01:39 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2011-01-13 05:01:38 720896 ----a-w- C:\Windows\System32\odbc32.dll

2011-01-13 05:01:38 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll

2011-01-13 05:01:38 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2011-01-13 04:19:41 -------- d-----w- C:\Program Files (x86)\TypeFaster

 

==================== Find3M ====================

 

2010-12-24 17:04:52 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2010-12-24 17:04:52 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2010-12-22 17:08:52 173840 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys

2010-12-22 17:08:50 54864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys

2010-12-22 17:08:50 226448 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys

2010-12-22 17:08:50 154256 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys

2010-12-22 17:08:48 318992 ----a-w- C:\Windows\System32\VBoxNetFltNotify.dll

2010-12-08 16:26:18 73728 ----a-w- C:\Windows\system\vdremote.dll

2010-12-08 16:26:18 65536 ----a-w- C:\Windows\system\vdsvrlnk.dll

2010-12-06 11:05:55 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2010-12-04 05:19:53 61694 ----a-w- C:\PROGRA~3\bdinstall.bin

2010-12-03 22:21:15 6656 ----a-w- C:\Windows\System32\bcmwlrc.dll

2010-11-29 19:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2010-11-29 19:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2010-07-08 11:37:14 101544 ----a-w- C:\Program Files\Common Files\LinkInstaller.exe

 

============= FINISH: 19:46:23.27 ===============

[Renato Utsch 24]

Olá!

 

Por favor, siga as instruções abaixo:

 

Siga o tutorial abaixo e execute o Kaspersky Removal Tool. Depois poste o log gerado.

 

Tutorial do Kaspersky Virus Removal Tool

 

 

 

 

Depois poste um novo log do DDS.

 

 

Abraços :D

[wings 22]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.