Ionara 2 Denunciar post Postado Janeiro 14, 2011 Bom dia, o internet explorer está com problemas para baixar arquivos, acessar links, mesmo em sites seguros. Já atualizei, instalei o google chrome, nada resolve. Quando tento baixar um arquivo, aparece a barra avisando que o mesmo foi bloqueado, quando autorizo ele não baixa e automaticamente retorna a home. O avast free não detecta vírus.... Segue log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:21:51, on 14/01/2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16700) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\DAP\DAP.exe C:\Program Files\Ares\Ares.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe C:\Users\user\Desktop\SoftonicDownloader_para_hijackthis.exe C:\Users\user\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehCef.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Download Accelerator Plus Integration - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxExt] C:\Windows\system32\IgfxExt.exe /RegServer O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [HotkeyMon] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe O4 - HKLM\..\Run: [HotkeyService] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [synAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -update activex O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: www.bb.com.br O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll O23 - Service: Asus Launcher Service (AsusService) - Unknown owner - C:\Windows\System32\AsusService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe -- End of file - 5917 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Renato Utsch 24 Denunciar post Postado Janeiro 17, 2011 Olá! Seja bem vindo à seção de Remoção de Malwares da IMasters Fóruns! Por favor, siga as instruções abaixo: Faça o Download do DDS e salve no Desktop (Área de trabalho). Temporariamente desative os seus programas de proteção. Duplo clique em dds.scr. Irá surgir uma tela preta com algumas informações. Não clique em nada, apenas aguarde! Quando terminar, duas janelas abrirão: DDS.txt e Attach.txt. Salve o resultado e cole-o no seu tópico. OBS: Caso o link disponibilizado não funcione, tente baixar o DDS por ESTE link. Abraços :D Compartilhar este post Link para o post Compartilhar em outros sites
Ionara 2 Denunciar post Postado Janeiro 17, 2011 Boa noite, Não abriu nenhum dos dois links para download do DDS. Compartilhar este post Link para o post Compartilhar em outros sites
Renato Utsch 24 Denunciar post Postado Janeiro 18, 2011 Olá! Baixe do link abaixo, extraia o .zip e execute o SSS.scr (seguindo as instruções acima). Use um proxy, como o http://www.myninjaproxy.info/ ou o http://hidemyass.com para baixar, caso não estiver conseguindo. Poste o log gerado. Abraços :D Compartilhar este post Link para o post Compartilhar em outros sites
Ionara 2 Denunciar post Postado Janeiro 18, 2011 seguem logs, DDS (Ver_10-12-12.02) - NTFSx86 Run by user at 22:53:41,75 on 17/01/2011 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.2038.982 [GMT -2:00] AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308} SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\PROGRA~1\GbPlugin\GbpSv.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\AsusService.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\igfxtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe C:\Program Files\DAP\DAP.exe C:\Program Files\Ares\Ares.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe c:\program files\windows defender\MpCmdRun.exe C:\Windows\system32\DllHost.exe C:\Users\user\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com.br/ BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - c:\program files\gbplugin\gbieh.dll BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540003} - c:\program files\gbplugin\gbiehCef.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Download Accelerator Plus Integration: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP uRun: [ares] "c:\program files\ares\Ares.exe" -h uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [igfxExt] c:\windows\system32\IgfxExt.exe /RegServer mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui mRun: [HotkeyMon] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotKeyMon.exe mRun: [HotkeyService] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotkeyService.exe mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun: [synAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\recort~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm IE: &Download with &DAP - c:\program files\dap\dapextie.htm IE: Download &all with DAP - c:\program files\dap\dapextie2.htm IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL Trusted Zone: bancobrasil.com.br\www Trusted Zone: bancobrasil.com.br\www14 Trusted Zone: bancobrasil.com.br\www2 Trusted Zone: bb.com.br\www Trusted Zone: caixa.gov.br Trusted Zone: caixa.gov.br\imagem Trusted Zone: caixa.gov.br\internetbanking DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll Notify: GbPluginBb - c:\program files\gbplugin\gbieh.dll Notify: GbPluginCef - c:\program files\gbplugin\gbiehCef.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - c:\program files\gbplugin\gbieh.dll SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399003} - c:\program files\gbplugin\gbiehcef.dll ============= SERVICES / DRIVERS =============== R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2010-11-8 46600] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-21 165584] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2010-10-21 219136] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-21 17744] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-10-21 50768] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-21 40384] R2 GbpSv;Gbp Service;c:\progra~1\gbplugin\GbpSv.exe [2011-1-13 54664] R3 igd;igd;c:\windows\system32\drivers\igdkmd32.sys [2009-8-27 635168] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-6-10 50688] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336] S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-21 40384] S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-21 40384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-2 1343400] =============== Created Last 30 ================ 2011-01-17 21:49:25 -------- d-----w- c:\users\user\appdata\local\ElevatedDiagnostics 2011-01-14 10:36:30 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{ae94e34c-5a1b-462b-8adc-a2b5d582d557}\mpengine.dll 2011-01-13 22:21:00 -------- d-----w- c:\users\user\appdata\local\Google 2011-01-13 22:19:50 -------- d-----w- c:\users\user\appdata\local\Apps 2011-01-13 22:19:49 -------- d-----w- c:\users\user\appdata\local\Deployment 2011-01-13 11:56:48 987136 ----a-w- c:\program files\common files\system\ado\msado15.dll 2011-01-13 11:56:48 573440 ----a-w- c:\windows\system32\odbc32.dll 2011-01-13 11:56:48 208896 ----a-w- c:\program files\common files\system\msadc\msadco.dll 2011-01-13 11:56:47 372736 ----a-w- c:\program files\common files\system\ado\msadox.dll 2011-01-13 11:56:47 352256 ----a-w- c:\program files\common files\system\ado\msadomd.dll 2011-01-13 11:55:01 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2011-01-13 11:55:01 107520 ----a-w- c:\windows\system32\cdd.dll 2011-01-13 11:55:00 218624 ----a-w- c:\windows\system32\d3d10_1core.dll 2011-01-13 11:55:00 161792 ----a-w- c:\windows\system32\d3d10_1.dll 2011-01-13 11:54:59 739840 ----a-w- c:\windows\system32\d2d1.dll 2011-01-13 11:54:57 211968 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2011-01-13 11:54:57 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll 2011-01-13 11:54:56 135168 ----a-w- c:\windows\system32\XpsRasterService.dll 2011-01-13 11:54:56 1170944 ----a-w- c:\windows\system32\d3d10warp.dll 2011-01-13 11:54:55 801792 ----a-w- c:\windows\system32\FntCache.dll 2011-01-13 11:54:55 442880 ----a-w- c:\windows\system32\XpsPrint.dll 2011-01-13 11:54:55 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-01-13 11:54:55 1074176 ----a-w- c:\windows\system32\DWrite.dll 2011-01-10 13:48:17 -------- d-----w- c:\program files\Atlas do Desenvolvimento Humano no Brasil 2011-01-07 15:56:38 -------- d-----w- c:\windows\system32\appmgmt 2011-01-07 15:10:18 -------- d-----w- C:\Epi_Info ==================== Find3M ==================== 2010-11-12 20:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll 2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec 2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll 2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll 2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll 2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll 2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe 2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe 2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll 2010-10-21 20:55:19 172032 ----a-w- c:\windows\system32\AniGIF.ocx 2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-10-20 03:00:24 2327552 ----a-w- c:\windows\system32\win32k.sys 2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll ============= FINISH: 22:55:10,43 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-12-12.02) Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 21/10/2010 15:50:14 System Uptime: 17/01/2011 20:28:41 (2 hours ago) Motherboard: ASUSTeK Computer INC. | | 1201HA Processor: Intel® Atom CPU Z520 @ 1.33GHz | CPU 1 | 1333/133mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 233 GiB total, 208,433 GiB free. ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP31: 01/12/2010 16:59:17 - Windows Update RP32: 03/12/2010 13:29:51 - Windows Update RP33: 09/12/2010 15:06:11 - Windows Update RP34: 16/12/2010 15:54:58 - Windows Update RP35: 16/12/2010 16:13:48 - Windows Update RP36: 17/12/2010 09:04:34 - Windows Update RP37: 20/12/2010 13:26:16 - Windows Update RP38: 21/12/2010 16:41:24 - Windows Update RP39: 22/12/2010 13:33:08 - Windows Update RP40: 22/12/2010 14:11:05 - Installed Java 6 Update 23 RP41: 07/01/2011 09:24:45 - Windows Update RP42: 07/01/2011 13:09:18 - Installed Epi Info RP43: 07/01/2011 13:54:34 - Removed Epi Info RP44: 07/01/2011 13:57:40 - Installed Epi Info RP45: 09/01/2011 17:14:42 - Removed Epi Info RP46: 11/01/2011 09:10:29 - Windows Update RP47: 11/01/2011 16:50:32 - Windows Update RP48: 13/01/2011 09:38:47 - Operação de restauração RP49: 13/01/2011 09:52:10 - Windows Update RP50: 13/01/2011 10:01:00 - Windows Update RP51: 14/01/2011 08:35:34 - Windows Update RP52: 17/01/2011 21:18:45 - Windows Update ==== Installed Programs ====================== Adobe Flash Player 10 ActiveX Ares 2.1.7 Arquivo do WinRAR Atualização do produto Microsoft Office Excel 2007 Help (KB963678) Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) Atualização do produto Microsoft Office Word 2007 Help (KB963665) avast! Free Antivirus D3DX10 Download Accelerator Plus (DAP) Foxit Reader Google Chrome Hotkey Service Java Auto Updater Java 6 Update 23 Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (Portuguese (Brazil)) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (Portuguese (Brazil)) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (Portuguese (Brazil)) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 Microsoft Office Word MUI (Portuguese (Brazil)) 2007 Microsoft Silverlight Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 MSVCRT OGA Notifier 2.0.0048.0 Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2289158) Security Update for 2007 Microsoft Office System (KB2344875) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB2345035) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB982158) Security Update for Microsoft Office PowerPoint Viewer (KB2413381) Security Update for Microsoft Office Publisher 2007 (KB2284697) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Synaptics Pointing Device Driver Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office Outlook 2007 (KB2412171) Update for Outlook 2007 Junk Email Filter (KB2483110) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack ==== End Of File =========================== Compartilhar este post Link para o post Compartilhar em outros sites
Renato Utsch 24 Denunciar post Postado Janeiro 18, 2011 Olá! Por favor, siga as instruções abaixo: Execute o BankerFix e poste o log gerado. Tutorial do BankerFix Abraços :D Compartilhar este post Link para o post Compartilhar em outros sites
Ionara 2 Denunciar post Postado Janeiro 18, 2011 O banker fix não detectou nada. Segue log, BankerFix 3.1 VALKYRIE - Removedor de Bankers Linha Defensiva | http://www.linhadefensiva.org http://www.linhadefensiva.org/bankerfix/ ------------------------------------------------------- Data: 2011-01-18 - 11:24 ------------------------------------------------------- Lista de Definição: 2010-12-25-1 | CORE: 2010-12-28-6 ======================================================= ----- Fim ------------------------- Compartilhar este post Link para o post Compartilhar em outros sites
Renato Utsch 24 Denunciar post Postado Janeiro 18, 2011 Olá! Acesse a página abaixo e diga se está infectado pelo Conficker: http://www.confickerworkinggroup.org/infection_test/cfeyechart-es.html Abraços :D Compartilhar este post Link para o post Compartilhar em outros sites
Ionara 2 Denunciar post Postado Janeiro 19, 2011 Bom dia, não está infectado... Compartilhar este post Link para o post Compartilhar em outros sites
Renato Utsch 24 Denunciar post Postado Janeiro 19, 2011 Olá! Por favor, desinstale o DAP e veja se o problema se resolve. Após desinstalá-lo, poste um novo log do DDS. Abraços :D Compartilhar este post Link para o post Compartilhar em outros sites
Ionara 2 Denunciar post Postado Janeiro 19, 2011 Boa tarde, desinstalei o DAP, seguem logs DDS UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-12-12.02) Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 21/10/2010 15:50:14 System Uptime: 19/01/2011 17:48:04 (0 hours ago) Motherboard: ASUSTeK Computer INC. | | 1201HA Processor: Intel® Atom CPU Z520 @ 1.33GHz | CPU 1 | 1333/133mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 233 GiB total, 208,365 GiB free. ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP32: 03/12/2010 13:29:51 - Windows Update RP33: 09/12/2010 15:06:11 - Windows Update RP34: 16/12/2010 15:54:58 - Windows Update RP35: 16/12/2010 16:13:48 - Windows Update RP36: 17/12/2010 09:04:34 - Windows Update RP37: 20/12/2010 13:26:16 - Windows Update RP38: 21/12/2010 16:41:24 - Windows Update RP39: 22/12/2010 13:33:08 - Windows Update RP40: 22/12/2010 14:11:05 - Installed Java 6 Update 23 RP41: 07/01/2011 09:24:45 - Windows Update RP42: 07/01/2011 13:09:18 - Installed Epi Info RP43: 07/01/2011 13:54:34 - Removed Epi Info RP44: 07/01/2011 13:57:40 - Installed Epi Info RP45: 09/01/2011 17:14:42 - Removed Epi Info RP46: 11/01/2011 09:10:29 - Windows Update RP47: 11/01/2011 16:50:32 - Windows Update RP48: 13/01/2011 09:38:47 - Operação de restauração RP49: 13/01/2011 09:52:10 - Windows Update RP50: 13/01/2011 10:01:00 - Windows Update RP51: 14/01/2011 08:35:34 - Windows Update RP52: 17/01/2011 21:18:45 - Windows Update RP53: 19/01/2011 09:16:42 - Windows Update ==== Installed Programs ====================== Adobe Flash Player 10 ActiveX Ares 2.1.7 Arquivo do WinRAR Atualização do produto Microsoft Office Excel 2007 Help (KB963678) Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) Atualização do produto Microsoft Office Word 2007 Help (KB963665) avast! Free Antivirus D3DX10 Foxit Reader Google Chrome Hotkey Service Java Auto Updater Java 6 Update 23 Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (Portuguese (Brazil)) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (Portuguese (Brazil)) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (Portuguese (Brazil)) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 Microsoft Office Word MUI (Portuguese (Brazil)) 2007 Microsoft Silverlight Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 MSVCRT OGA Notifier 2.0.0048.0 Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2289158) Security Update for 2007 Microsoft Office System (KB2344875) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB2345035) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB982158) Security Update for Microsoft Office PowerPoint Viewer (KB2413381) Security Update for Microsoft Office Publisher 2007 (KB2284697) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Synaptics Pointing Device Driver Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office Outlook 2007 (KB2412171) Update for Outlook 2007 Junk Email Filter (KB2483110) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack ==== End Of File =========================== DDS (Ver_10-12-12.02) - NTFSx86 Run by user at 17:55:35,58 on 19/01/2011 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.2038.1214 [GMT -2:00] AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308} SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\PROGRA~1\GbPlugin\GbpSv.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\taskhost.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Ares\Ares.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\System32\AsusService.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\ctfmon.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Users\user\Desktop\dds.scr C:\Windows\system32\conhost.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com.br/ BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - c:\program files\gbplugin\gbieh.dll BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540003} - c:\program files\gbplugin\gbiehCef.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll uRun: [ares] "c:\program files\ares\Ares.exe" -h uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [igfxExt] c:\windows\system32\IgfxExt.exe /RegServer mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui mRun: [HotkeyMon] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotKeyMon.exe mRun: [HotkeyService] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotkeyService.exe mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun: [synAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\recort~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL Trusted Zone: bancobrasil.com.br\www Trusted Zone: bancobrasil.com.br\www14 Trusted Zone: bancobrasil.com.br\www2 Trusted Zone: bb.com.br\www Trusted Zone: caixa.gov.br Trusted Zone: caixa.gov.br\imagem Trusted Zone: caixa.gov.br\internetbanking DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: GbPluginBb - c:\program files\gbplugin\gbieh.dll Notify: GbPluginCef - c:\program files\gbplugin\gbiehCef.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - c:\program files\gbplugin\gbieh.dll SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399003} - c:\program files\gbplugin\gbiehcef.dll ============= SERVICES / DRIVERS =============== R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2010-11-8 46600] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-21 294608] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2010-10-21 219136] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-21 17744] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-10-21 51280] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-19 40384] R2 GbpSv;Gbp Service;c:\progra~1\gbplugin\GbpSv.exe [2011-1-13 54664] R3 igd;igd;c:\windows\system32\drivers\igdkmd32.sys [2009-8-27 635168] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-6-10 50688] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-2 1343400] =============== Created Last 30 ================ 2011-01-19 19:47:21 2560 ----a-w- c:\windows\_MSRSTRT.EXE 2011-01-19 11:17:26 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{e0e82370-7ab2-495b-912e-92ad14fd479f}\mpengine.dll 2011-01-18 13:24:15 -------- d-----w- C:\LinhaDefensiva 2011-01-17 21:49:25 -------- d-----w- c:\users\user\appdata\local\ElevatedDiagnostics 2011-01-13 22:21:00 -------- d-----w- c:\users\user\appdata\local\Google 2011-01-13 22:19:50 -------- d-----w- c:\users\user\appdata\local\Apps 2011-01-13 22:19:49 -------- d-----w- c:\users\user\appdata\local\Deployment 2011-01-13 11:56:48 987136 ----a-w- c:\program files\common files\system\ado\msado15.dll 2011-01-13 11:56:48 573440 ----a-w- c:\windows\system32\odbc32.dll 2011-01-13 11:56:48 208896 ----a-w- c:\program files\common files\system\msadc\msadco.dll 2011-01-13 11:56:47 372736 ----a-w- c:\program files\common files\system\ado\msadox.dll 2011-01-13 11:56:47 352256 ----a-w- c:\program files\common files\system\ado\msadomd.dll 2011-01-13 11:55:01 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2011-01-13 11:55:01 107520 ----a-w- c:\windows\system32\cdd.dll 2011-01-13 11:55:00 218624 ----a-w- c:\windows\system32\d3d10_1core.dll 2011-01-13 11:55:00 161792 ----a-w- c:\windows\system32\d3d10_1.dll 2011-01-13 11:54:59 739840 ----a-w- c:\windows\system32\d2d1.dll 2011-01-13 11:54:57 211968 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2011-01-13 11:54:57 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll 2011-01-13 11:54:56 135168 ----a-w- c:\windows\system32\XpsRasterService.dll 2011-01-13 11:54:56 1170944 ----a-w- c:\windows\system32\d3d10warp.dll 2011-01-13 11:54:55 801792 ----a-w- c:\windows\system32\FntCache.dll 2011-01-13 11:54:55 442880 ----a-w- c:\windows\system32\XpsPrint.dll 2011-01-13 11:54:55 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-01-13 11:54:55 1074176 ----a-w- c:\windows\system32\DWrite.dll 2011-01-10 13:48:17 -------- d-----w- c:\program files\Atlas do Desenvolvimento Humano no Brasil 2011-01-07 15:56:38 -------- d-----w- c:\windows\system32\appmgmt 2011-01-07 15:10:18 -------- d-----w- C:\Epi_Info ==================== Find3M ==================== 2011-01-13 08:47:35 38848 ----a-w- c:\windows\avastSS.scr 2010-11-12 20:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll 2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec 2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll 2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll 2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll 2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll 2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe 2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe 2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll ============= FINISH: 17:57:27,27 =============== Compartilhar este post Link para o post Compartilhar em outros sites
Renato Utsch 24 Denunciar post Postado Janeiro 20, 2011 Olá! Por favor, siga as instruções abaixo: *Baixe o OTL e salve-o no desktop *Execute o OTL e selecione as opções abaixo: [X] Verificar All UsersExame Extra do Registro: [X] Nenhum [X] Ignorar Arquivos Microsoft [X] Usar WhiteList para Nomes de Companhias [X] Verificar Lop [X] Verificar Purity *Clique [Verificar] e aguarde o término *Cole o relatório (OTL.txt) apresentado Abraços :D Compartilhar este post Link para o post Compartilhar em outros sites
Ionara 2 Denunciar post Postado Janeiro 21, 2011 Segue log, OTL logfile created on: 21/01/2011 11:18:02 - Run 1 OTL by OldTimer - Version 3.2.20.3 Folder = C:\Users\user\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,79 Gb Total Space | 207,77 Gb Free Space | 89,25% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 360 Days ========== Processes (SafeList) ========== PRC - [2011/01/21 11:04:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe PRC - [2011/01/13 06:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\Alwil Software\Avast5\AvastUI.exe PRC - [2011/01/13 06:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\Alwil Software\Avast5\AvastSvc.exe PRC - [2010/12/28 10:43:18 | 000,054,664 | ---- | M] ( ) -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe PRC - [2010/11/04 03:54:54 | 000,673,040 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Internet Explorer\iexplore.exe PRC - [2010/10/27 07:00:02 | 001,015,808 | ---- | M] (Ares Development Group) -- C:\Arquivos de Programas\Ares\Ares.exe PRC - [2010/10/21 16:12:55 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe PRC - [2010/09/23 00:47:30 | 004,240,760 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Live\Messenger\msnmsgr.exe PRC - [2010/09/21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010/09/21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009/10/31 03:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/10/16 21:43:28 | 001,021,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Arquivos de Programas\EeePC\HotkeyService\HotkeyService.exe PRC - [2009/09/11 11:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Arquivos de Programas\EeePC\HotkeyService\HotKeyMon.exe PRC - [2009/08/18 17:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe PRC - [2009/07/13 23:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe PRC - [2009/07/13 23:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2008/10/25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft Office\Office12\GrooveMonitor.exe ========== Modules (SafeList) ========== MOD - [2011/01/21 11:04:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe MOD - [2011/01/13 06:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\Alwil Software\Avast5\snxhk.dll MOD - [2010/08/21 03:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009/07/13 23:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009/07/13 23:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009/07/13 23:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2009/07/13 23:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009/07/13 23:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2009/07/13 23:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009/07/13 23:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009/07/13 23:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009/07/13 23:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009/07/13 23:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll ========== Win32 Services (SafeList) ========== SRV - [2011/01/13 06:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010/12/28 10:43:18 | 000,054,664 | ---- | M] ( ) [unknown | Running] -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe -- (GbpSv) SRV - [2010/11/02 08:47:01 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/11/02 02:36:16 | 000,801,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/08/18 17:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService) SRV - [2009/07/13 23:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009/07/13 23:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009/07/13 23:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2009/07/13 23:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009/07/13 23:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009/07/13 23:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009/07/13 23:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 23:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/13 23:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009/07/13 23:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009/07/13 23:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009/07/13 23:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009/07/13 23:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/07/13 23:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009/07/13 23:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009/07/13 23:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009/07/13 23:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009/07/13 23:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalador do ActiveX (AxInstSV) SRV - [2009/07/13 23:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009/07/13 23:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) ========== Driver Services (SafeList) ========== DRV - [2011/01/13 06:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011/01/13 06:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011/01/13 06:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011/01/13 06:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011/01/13 06:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010/12/28 10:46:30 | 000,046,600 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\gbpkm.sys -- (GbpKm) DRV - [2009/12/11 05:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009/11/19 21:45:08 | 000,230,448 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2009/10/05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009/08/27 15:36:42 | 000,635,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igd) DRV - [2009/07/13 23:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide) DRV - [2009/07/13 23:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009/07/13 23:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009/07/13 23:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009/07/13 23:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009/07/13 23:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009/07/13 23:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV - [2009/07/13 23:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009/07/13 23:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata) DRV - [2009/07/13 23:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide) DRV - [2009/07/13 23:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor) DRV - [2009/07/13 23:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid) DRV - [2009/07/13 23:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009/07/13 23:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009/07/13 23:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV) DRV - [2009/07/13 23:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009/07/13 23:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009/07/13 23:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009/07/13 23:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009/07/13 23:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009/07/13 23:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009/07/13 23:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2009/07/13 23:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009/07/13 23:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009/07/13 23:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV - [2009/07/13 23:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009/07/13 23:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009/07/13 23:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009/07/13 23:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp) DRV - [2009/07/13 23:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009/07/13 23:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot) DRV - [2009/07/13 23:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009/07/13 23:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009/07/13 23:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide) DRV - [2009/07/13 23:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009/07/13 23:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2009/07/13 23:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009/07/13 23:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009/07/13 23:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009/07/13 23:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009/07/13 23:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009/07/13 23:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG) DRV - [2009/07/13 22:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009/07/13 22:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus) DRV - [2009/07/13 22:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009/07/13 21:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009/07/13 21:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009/07/13 21:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009/07/13 21:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/13 21:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt) DRV - [2009/07/13 21:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009/07/13 21:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci) DRV - [2009/07/13 21:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009/07/13 21:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009/07/13 21:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009/07/13 21:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2009/07/13 21:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID) DRV - [2009/07/13 21:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2009/07/13 21:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009/07/13 21:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009/07/13 21:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009/07/13 21:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi) DRV - [2009/07/13 21:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009/07/13 20:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/13 20:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009/07/13 20:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009/07/13 20:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009/07/13 20:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009/07/13 20:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009/07/13 20:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009/07/13 20:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009/07/13 20:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) DRV - [2009/07/13 20:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-882110567-3725966301-2789595868-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/ IE - HKU\S-1-5-21-882110567-3725966301-2789595868-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp IE - HKU\S-1-5-21-882110567-3725966301-2789595868-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br IE - HKU\S-1-5-21-882110567-3725966301-2789595868-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2B 88 0C A3 5C 71 CB 01 [binary data] IE - HKU\S-1-5-21-882110567-3725966301-2789595868-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2011/01/18 11:29:23 | 000,000,822 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil) O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de Programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [HotkeyMon] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [igfxExt] C:\Windows\System32\IgfxExt.exe (Intel Corporation) O4 - HKLM..\Run: [synAsusAcpi] C:\Arquivos de Programas\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKU\S-1-5-21-882110567-3725966301-2789595868-1000..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-882110567-3725966301-2789595868-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de Programas\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de Programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-882110567-3725966301-2789595868-1000\..Trusted Domains: bancobrasil.com.br ([www] * in Sites confiáveis) O15 - HKU\S-1-5-21-882110567-3725966301-2789595868-1000\..Trusted Domains: bancobrasil.com.br ([www14] * in Sites confiáveis) O15 - HKU\S-1-5-21-882110567-3725966301-2789595868-1000\..Trusted Domains: bancobrasil.com.br ([www2] * in Sites confiáveis) O15 - HKU\S-1-5-21-882110567-3725966301-2789595868-1000\..Trusted Domains: bb.com.br ([www] * in Sites confiáveis) O15 - HKU\S-1-5-21-882110567-3725966301-2789595868-1000\..Trusted Domains: caixa.gov.br ([]https in Sites confiáveis) O15 - HKU\S-1-5-21-882110567-3725966301-2789595868-1000\..Trusted Domains: caixa.gov.br ([imagem] https in Sites confiáveis) O15 - HKU\S-1-5-21-882110567-3725966301-2789595868-1000\..Trusted Domains: caixa.gov.br ([internetbanking] https in Sites confiáveis) O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 187.85.144.226 187.85.144.228 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKU\S-1-5-21-882110567-3725966301-2789595868-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\ GbPluginBb: DllName - C:\Program Files\GbPlugin\gbieh.dll - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil) O20 - Winlogon\Notify\ GbPluginCef: DllName - C:\Program Files\GbPlugin\gbiehCef.dll - C:\Arquivos de Programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Arquivos de Programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal) O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 19:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 360 Days ========== [2011/01/21 11:04:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2011/01/18 11:24:15 | 000,000,000 | ---D | C] -- C:\LinhaDefensiva [2011/01/18 11:02:43 | 000,178,597 | ---- | C] (Igor Pavlov) -- C:\Users\user\Desktop\51942_bankerfix_30.exe [2011/01/17 19:49:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\ElevatedDiagnostics [2011/01/15 16:55:26 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\para imprimir [2011/01/13 20:45:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2011/01/13 20:21:00 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Google [2011/01/13 20:19:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Apps [2011/01/13 20:19:49 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Deployment [2011/01/13 11:08:32 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\materiais [2011/01/10 11:48:17 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Atlas do Desenvolvimento Humano no Brasil [2011/01/09 17:12:31 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\monografia 0111 [2011/01/07 13:56:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2011/01/07 13:10:18 | 000,000,000 | ---D | C] -- C:\Epi_Info [2010/12/06 16:56:53 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\provas [2010/12/01 16:10:00 | 000,000,000 | ---D | C] -- C:\Users\user\Office Genuine Advantage [2010/11/30 13:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage [2010/11/28 14:57:54 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Blocos de Anotações do OneNote [2010/11/08 18:34:42 | 000,046,600 | ---- | C] (GAS Tecnologia) -- C:\Windows\System32\drivers\gbpkm.sys [2010/11/08 18:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\GbPlugin [2010/11/08 18:34:17 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\GbPlugin [2010/11/08 13:12:26 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Meus arquivos recebidos [2010/11/05 13:58:05 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Diagnostics [2010/11/02 16:25:36 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\My Shared Folder [2010/11/02 16:25:33 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Ares [2010/11/02 16:25:26 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ares [2010/11/02 16:25:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares [2010/11/02 16:25:16 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Ares [2010/11/02 09:17:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat [2010/10/23 08:35:40 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\manuais pops [2010/10/22 20:01:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Microsoft Games [2010/10/21 21:40:21 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2010/10/21 18:55:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010/10/21 18:55:28 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedBit [2010/10/21 18:55:15 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\DAP [2010/10/21 18:22:43 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Macromedia [2010/10/21 18:15:08 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Adobe [2010/10/21 17:47:58 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\backup [2010/10/21 17:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2010/10/21 17:33:46 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Microsoft Works [2010/10/21 17:32:39 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Microsoft Visual Studio [2010/10/21 17:32:39 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Common Files\DESIGNER [2010/10/21 17:31:13 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Microsoft.NET [2010/10/21 17:27:30 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Microsoft Visual Studio 8 [2010/10/21 17:25:30 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Microsoft Office [2010/10/21 17:24:32 | 000,000,000 | RH-D | C] -- C:\MSOCache [2010/10/21 17:23:26 | 000,000,000 | ---D | C] -- C:\Users\user\Tracing [2010/10/21 17:15:37 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2010/10/21 17:14:41 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Windows Live [2010/10/21 17:13:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2010/10/21 17:09:21 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Microsoft Silverlight [2010/10/21 17:02:44 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Windows Live [2010/10/21 17:02:41 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Common Files\Windows Live [2010/10/21 16:59:08 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Synaptics [2010/10/21 16:32:00 | 000,161,064 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynTPAPI.dll [2010/10/21 16:32:00 | 000,120,104 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynTPCo4.dll [2010/10/21 16:31:59 | 000,230,448 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\drivers\SynTP.sys [2010/10/21 16:31:52 | 000,206,120 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynCtrl.dll [2010/10/21 16:31:51 | 000,173,352 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynCOM.dll [2010/10/21 16:31:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Microsoft Help [2010/10/21 16:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2010/10/21 16:22:24 | 000,033,768 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\System32\AsusSender.exe [2010/10/21 16:22:22 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\EeePC [2010/10/21 16:22:20 | 000,000,000 | -H-D | C] -- C:\Arquivos de Programas\InstallShield Installation Information [2010/10/21 16:19:38 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2010/10/21 16:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2010/10/21 16:19:37 | 000,294,608 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2010/10/21 16:19:36 | 000,023,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2010/10/21 16:19:34 | 000,047,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2010/10/21 16:19:30 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2010/10/21 16:18:06 | 000,188,216 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2010/10/21 16:18:06 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2010/10/21 16:18:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software [2010/10/21 16:18:00 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Alwil Software [2010/10/21 16:15:45 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2010/10/21 16:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2010/10/21 16:15:28 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\WinRAR [2010/10/21 16:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010/10/21 16:15:21 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Common Files\Java [2010/10/21 16:14:12 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Java [2010/10/21 16:13:14 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2010/10/21 16:12:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed [2010/10/21 16:12:43 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Foxit Software [2010/10/21 16:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [2010/10/21 16:12:36 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Foxit Software [2010/10/21 15:51:10 | 000,000,000 | R--D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2010/10/21 15:51:10 | 000,000,000 | R--D | C] -- C:\Users\user\Searches [2010/10/21 15:51:10 | 000,000,000 | R--D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2010/10/21 15:51:00 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Identities [2010/10/21 15:50:57 | 000,000,000 | R--D | C] -- C:\Users\user\Contacts [2010/10/21 15:50:42 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\VirtualStore [2010/10/21 15:50:36 | 000,000,000 | -HSD | C] -- C:\Users\user\AppData\Local\Temporary Internet Files [2010/10/21 15:50:36 | 000,000,000 | -HSD | C] -- C:\Users\user\SendTo [2010/10/21 15:50:36 | 000,000,000 | -HSD | C] -- C:\Users\user\Recent [2010/10/21 15:50:36 | 000,000,000 | -HSD | C] -- C:\Users\user\Modelos [2010/10/21 15:50:36 | 000,000,000 | -HSD | C] -- C:\Users\user\Documents\Minhas músicas [2010/10/21 15:50:36 | 000,000,000 | -HSD | C] -- C:\Users\user\Documents\Minhas imagens [2010/10/21 15:50:36 | 000,000,000 | -HSD | C] -- C:\Users\user\Documents\Meus vídeos [2010/10/21 15:50:36 | 000,000,000 | -HSD | C] -- C:\Users\user\Meus documentos [2010/10/21 15:50:36 | 000,000,000 | -HSD | C] -- C:\Users\user\Menu Iniciar [2010/10/21 15:50:36 | 000,000,000 | -HSD | C] -- C:\Users\user\AppData\Local\Histórico [2010/10/21 15:50:36 | 000,000,000 | -HSD | C] -- C:\Users\user\Dados de aplicativos [2010/10/21 15:50:36 | 000,000,000 | -HSD | C] -- C:\Users\user\AppData\Local\Dados de aplicativos [2010/10/21 15:50:36 | 000,000,000 | -HSD | C] -- C:\Users\user\Cookies [2010/10/21 15:50:36 | 000,000,000 | -HSD | C] -- C:\Users\user\Configurações locais [2010/10/21 15:50:36 | 000,000,000 | -HSD | C] -- C:\Users\user\Ambiente de rede [2010/10/21 15:50:36 | 000,000,000 | -HSD | C] -- C:\Users\user\Ambiente de impressão [2010/10/21 15:50:36 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Temp [2010/10/21 15:50:36 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Microsoft [2010/10/21 15:50:36 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Media Center Programs [2010/10/21 15:50:35 | 000,000,000 | --SD | C] -- C:\Users\user\AppData\Roaming\Microsoft [2010/10/21 15:50:35 | 000,000,000 | R--D | C] -- C:\Users\user\Videos [2010/10/21 15:50:35 | 000,000,000 | R--D | C] -- C:\Users\user\Saved Games [2010/10/21 15:50:35 | 000,000,000 | R--D | C] -- C:\Users\user\Pictures [2010/10/21 15:50:35 | 000,000,000 | R--D | C] -- C:\Users\user\Music [2010/10/21 15:50:35 | 000,000,000 | R--D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2010/10/21 15:50:35 | 000,000,000 | R--D | C] -- C:\Users\user\Links [2010/10/21 15:50:35 | 000,000,000 | R--D | C] -- C:\Users\user\Favorites [2010/10/21 15:50:35 | 000,000,000 | R--D | C] -- C:\Users\user\Downloads [2010/10/21 15:50:35 | 000,000,000 | R--D | C] -- C:\Users\user\Documents [2010/10/21 15:50:35 | 000,000,000 | R--D | C] -- C:\Users\user\Desktop [2010/10/21 15:50:35 | 000,000,000 | R--D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2010/10/21 15:50:35 | 000,000,000 | -H-D | C] -- C:\Users\user\AppData [2010/10/21 15:50:07 | 000,000,000 | -HSD | C] -- C:\Arquivos de Programas\Common Files\Sistema [2010/10/21 15:50:07 | 000,000,000 | -HSD | C] -- C:\Recovery [2010/10/21 15:50:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Modelos [2010/10/21 15:50:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Minhas músicas [2010/10/21 15:50:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Minhas imagens [2010/10/21 15:50:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Meus vídeos [2010/10/21 15:50:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Iniciar [2010/10/21 15:50:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoritos [2010/10/21 15:50:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documentos [2010/10/21 15:50:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dados de aplicativos [2010/10/21 15:50:07 | 000,000,000 | -HSD | C] -- C:\Arquivos de Programas [2010/10/21 15:50:07 | 000,000,000 | -HSD | C] -- C:\Arquivos de Programas\Arquivos Comuns [2010/10/21 15:44:44 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2010/10/21 15:41:57 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2010/10/21 15:41:22 | 000,000,000 | -HSD | C] -- C:\System Volume Information ========== Files - Modified Within 360 Days ========== [2011/01/21 11:25:41 | 001,572,864 | -HS- | M] () -- C:\Users\user\ntuser.dat [2011/01/21 11:04:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2011/01/21 10:38:04 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-882110567-3725966301-2789595868-1000UA.job [2011/01/21 10:37:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/01/21 09:51:29 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/01/21 09:51:29 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/01/21 09:44:16 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2011/01/21 09:43:40 | 1602,691,072 | -HS- | M] () -- C:\hiberfil.sys [2011/01/20 11:35:22 | 001,591,350 | -H-- | M] () -- C:\Users\user\AppData\Local\IconCache.db [2011/01/20 11:13:51 | 001,522,764 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2011/01/20 11:13:51 | 000,663,804 | ---- | M] () -- C:\Windows\System32\prfh0416.dat [2011/01/20 11:13:51 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/01/20 11:13:51 | 000,128,094 | ---- | M] () -- C:\Windows\System32\prfc0416.dat [2011/01/20 11:13:51 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/01/19 17:47:23 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE [2011/01/19 09:37:32 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2011/01/18 11:29:23 | 000,000,822 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011/01/18 11:02:46 | 000,178,597 | ---- | M] (Igor Pavlov) -- C:\Users\user\Desktop\51942_bankerfix_30.exe [2011/01/17 22:44:53 | 000,624,128 | ---- | M] () -- C:\Users\user\Desktop\dds.scr [2011/01/17 20:26:01 | 000,000,998 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-882110567-3725966301-2789595868-1000Core.job [2011/01/16 18:38:38 | 000,565,248 | ---- | M] () -- C:\Users\user\Desktop\MONOGRAFIA1.doc [2011/01/14 10:18:57 | 000,293,152 | ---- | M] () -- C:\Users\user\Desktop\SoftonicDownloader_para_hijackthis.exe [2011/01/13 21:53:55 | 000,524,288 | -HS- | M] () -- C:\Users\user\ntuser.dat{c3f2fd42-1f02-11e0-8603-1c4bd6037440}.TMContainer00000000000000000002.regtrans-ms [2011/01/13 21:53:55 | 000,524,288 | -HS- | M] () -- C:\Users\user\ntuser.dat{c3f2fd42-1f02-11e0-8603-1c4bd6037440}.TMContainer00000000000000000001.regtrans-ms [2011/01/13 21:53:55 | 000,065,536 | -HS- | M] () -- C:\Users\user\ntuser.dat{c3f2fd42-1f02-11e0-8603-1c4bd6037440}.TM.blf [2011/01/13 20:45:54 | 000,002,269 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk [2011/01/13 15:53:10 | 000,054,452 | ---- | M] () -- C:\Users\user\Desktop\10.pdf.dap [2011/01/13 15:40:49 | 000,050,211 | ---- | M] () -- C:\Users\user\Desktop\a29v13s0.pdf [2011/01/13 12:14:39 | 000,108,824 | ---- | M] () -- C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT [2011/01/13 09:48:43 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011/01/13 09:02:31 | 000,161,792 | ---- | M] () -- C:\Users\user\Desktop\res357.doc [2011/01/13 06:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2011/01/13 06:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2011/01/13 06:41:16 | 000,294,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2011/01/13 06:40:16 | 000,047,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2011/01/13 06:37:30 | 000,023,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2011/01/13 06:37:19 | 000,051,280 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2011/01/13 06:37:09 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2011/01/11 18:02:48 | 000,192,751 | ---- | M] () -- C:\Users\user\Desktop\pag_97a103_INDICADORES.pdf [2011/01/11 15:37:03 | 000,550,912 | ---- | M] () -- C:\Users\user\Desktop\projeto 25 de junho.doc [2011/01/11 09:29:20 | 000,199,788 | ---- | M] () -- C:\Users\user\Desktop\0511121_07_postextual.pdf [2011/01/10 13:17:17 | 000,603,648 | ---- | M] () -- C:\Users\user\Desktop\SC_Vargem_Bonita_Geral.xls [2011/01/10 11:48:50 | 000,000,955 | ---- | M] () -- C:\ads_err.dbf [2011/01/10 09:49:35 | 000,065,024 | ---- | M] () -- C:\Users\user\Desktop\ESTRUTURA DA MONOGRAFIA.doc [2011/01/10 09:45:38 | 000,035,840 | ---- | M] () -- C:\Users\user\Desktop\complemento referencia out 2010.doc [2011/01/07 09:29:36 | 000,094,372 | ---- | M] () -- C:\Users\user\Desktop\Portaria_MS_4217_28_12_2010.pdf [2010/12/28 10:46:30 | 000,046,600 | ---- | M] (GAS Tecnologia) -- C:\Windows\System32\drivers\gbpkm.sys [2010/12/16 19:38:28 | 000,410,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/11/28 14:57:53 | 000,001,278 | ---- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk [2010/11/28 09:14:09 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini [2010/11/25 16:32:31 | 000,001,230 | ---- | M] () -- C:\Users\user\Desktop\Calculator.lnk [2010/11/24 16:38:16 | 000,202,240 | ---- | M] () -- C:\Users\user\Desktop\Licitação 2011a.doc [2010/11/05 18:26:09 | 001,044,682 | ---- | M] () -- C:\Users\user\Desktop\Contratacao farmaceutico judicial.PDF [2010/11/04 16:38:31 | 000,014,145 | ---- | M] () -- C:\Users\user\Desktop\quest.docx [2010/11/04 16:29:56 | 000,143,225 | ---- | M] () -- C:\Users\user\Desktop\apresentacao monografia.pptx [2010/11/02 16:25:27 | 000,000,909 | ---- | M] () -- C:\Users\user\Desktop\Ares.lnk [2010/11/02 09:13:31 | 000,146,432 | ---- | M] () -- C:\Users\user\Desktop\PG_AF-modelo_apres.ppt [2010/10/23 09:43:17 | 000,069,632 | ---- | M] () -- C:\Users\user\Desktop\trabalho Ana Paula2.doc [2010/10/22 20:23:55 | 000,054,272 | ---- | M] () -- C:\Users\user\Documents\ASMA.doc [2010/10/22 20:23:55 | 000,054,272 | ---- | M] () -- C:\Users\user\Desktop\ASMA.doc [2010/10/21 19:09:21 | 000,002,432 | ---- | M] () -- C:\Users\user\Desktop\Windows Live Messenger.lnk [2010/10/21 17:42:31 | 000,002,699 | ---- | M] () -- C:\Users\user\Desktop\Microsoft Office Word 2007.lnk [2010/10/21 17:42:27 | 000,002,669 | ---- | M] () -- C:\Users\user\Desktop\Microsoft Office PowerPoint 2007.lnk [2010/10/21 17:42:21 | 000,002,635 | ---- | M] () -- C:\Users\user\Desktop\Microsoft Office Excel 2007.lnk [2010/10/21 16:59:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf [2010/10/21 16:12:37 | 000,001,188 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2010/10/21 16:11:38 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010/10/21 15:58:44 | 000,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2010/10/21 15:58:44 | 000,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010/10/21 15:58:44 | 000,065,536 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010/10/21 15:50:36 | 000,000,020 | -HS- | M] () -- C:\Users\user\ntuser.ini [2010/10/21 15:46:49 | 000,051,953 | ---- | M] () -- C:\Windows\System32\license.rtf ========== Files Created - No Company Name ========== [2011/01/19 17:47:21 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2011/01/17 22:44:12 | 000,624,128 | ---- | C] () -- C:\Users\user\Desktop\dds.scr [2011/01/14 10:19:11 | 000,293,152 | ---- | C] () -- C:\Users\user\Desktop\SoftonicDownloader_para_hijackthis.exe [2011/01/13 20:45:54 | 000,002,269 | ---- | C] () -- C:\Users\user\Desktop\Google Chrome.lnk [2011/01/13 20:21:05 | 000,001,050 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-882110567-3725966301-2789595868-1000UA.job [2011/01/13 20:21:03 | 000,000,998 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-882110567-3725966301-2789595868-1000Core.job [2011/01/13 15:53:09 | 000,054,452 | ---- | C] () -- C:\Users\user\Desktop\10.pdf.dap [2011/01/13 15:41:01 | 000,050,211 | ---- | C] () -- C:\Users\user\Desktop\a29v13s0.pdf [2011/01/13 09:46:33 | 000,524,288 | -HS- | C] () -- C:\Users\user\ntuser.dat{c3f2fd42-1f02-11e0-8603-1c4bd6037440}.TMContainer00000000000000000002.regtrans-ms [2011/01/13 09:46:33 | 000,524,288 | -HS- | C] () -- C:\Users\user\ntuser.dat{c3f2fd42-1f02-11e0-8603-1c4bd6037440}.TMContainer00000000000000000001.regtrans-ms [2011/01/13 09:46:33 | 000,065,536 | -HS- | C] () -- C:\Users\user\ntuser.dat{c3f2fd42-1f02-11e0-8603-1c4bd6037440}.TM.blf [2011/01/13 09:02:17 | 000,161,792 | ---- | C] () -- C:\Users\user\Desktop\res357.doc [2011/01/11 18:02:46 | 000,192,751 | ---- | C] () -- C:\Users\user\Desktop\pag_97a103_INDICADORES.pdf [2011/01/11 15:39:22 | 000,565,248 | ---- | C] () -- C:\Users\user\Desktop\MONOGRAFIA1.doc [2011/01/11 09:29:17 | 000,199,788 | ---- | C] () -- C:\Users\user\Desktop\0511121_07_postextual.pdf [2011/01/10 13:17:13 | 000,603,648 | ---- | C] () -- C:\Users\user\Desktop\SC_Vargem_Bonita_Geral.xls [2011/01/10 11:48:50 | 000,000,955 | ---- | C] () -- C:\ads_err.dbf [2011/01/10 09:49:33 | 000,065,024 | ---- | C] () -- C:\Users\user\Desktop\ESTRUTURA DA MONOGRAFIA.doc [2011/01/09 17:24:43 | 000,035,840 | ---- | C] () -- C:\Users\user\Desktop\complemento referencia out 2010.doc [2011/01/09 17:18:24 | 000,054,272 | ---- | C] () -- C:\Users\user\Documents\ASMA.doc [2011/01/07 09:32:18 | 000,094,372 | ---- | C] () -- C:\Users\user\Desktop\Portaria_MS_4217_28_12_2010.pdf [2010/11/28 14:57:53 | 000,001,278 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk [2010/11/25 16:32:31 | 000,001,230 | ---- | C] () -- C:\Users\user\Desktop\Calculator.lnk [2010/11/23 15:56:24 | 000,202,240 | ---- | C] () -- C:\Users\user\Desktop\Licitação 2011a.doc [2010/11/05 18:31:12 | 001,044,682 | ---- | C] () -- C:\Users\user\Desktop\Contratacao farmaceutico judicial.PDF [2010/11/04 13:25:37 | 000,014,145 | ---- | C] () -- C:\Users\user\Desktop\quest.docx [2010/11/02 16:25:27 | 000,000,909 | ---- | C] () -- C:\Users\user\Desktop\Ares.lnk [2010/11/02 10:45:00 | 000,550,912 | ---- | C] () -- C:\Users\user\Desktop\projeto 25 de junho.doc [2010/11/02 10:14:47 | 000,143,225 | ---- | C] () -- C:\Users\user\Desktop\apresentacao monografia.pptx [2010/11/02 09:13:37 | 000,146,432 | ---- | C] () -- C:\Users\user\Desktop\PG_AF-modelo_apres.ppt [2010/10/22 17:31:10 | 000,069,632 | ---- | C] () -- C:\Users\user\Desktop\trabalho Ana Paula2.doc [2010/10/22 15:41:39 | 000,054,272 | ---- | C] () -- C:\Users\user\Desktop\ASMA.doc [2010/10/21 19:09:21 | 000,002,432 | ---- | C] () -- C:\Users\user\Desktop\Windows Live Messenger.lnk [2010/10/21 17:42:31 | 000,002,699 | ---- | C] () -- C:\Users\user\Desktop\Microsoft Office Word 2007.lnk [2010/10/21 17:42:27 | 000,002,669 | ---- | C] () -- C:\Users\user\Desktop\Microsoft Office PowerPoint 2007.lnk [2010/10/21 17:42:21 | 000,002,635 | ---- | C] () -- C:\Users\user\Desktop\Microsoft Office Excel 2007.lnk [2010/10/21 17:02:19 | 000,108,824 | ---- | C] () -- C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT [2010/10/21 16:59:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf [2010/10/21 16:22:24 | 000,219,136 | ---- | C] () -- C:\Windows\System32\AsusService.exe [2010/10/21 16:22:24 | 000,021,864 | ---- | C] () -- C:\Windows\AsAcpiSvrLang.ini [2010/10/21 16:19:38 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2010/10/21 16:12:37 | 000,001,188 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2010/10/21 16:11:38 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010/10/21 15:58:42 | 001,591,350 | -H-- | C] () -- C:\Users\user\AppData\Local\IconCache.db [2010/10/21 15:56:56 | 001,522,764 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI [2010/10/21 15:50:36 | 000,524,288 | -HS- | C] () -- C:\Users\user\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2010/10/21 15:50:36 | 000,524,288 | -HS- | C] () -- C:\Users\user\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010/10/21 15:50:36 | 000,262,144 | -HS- | C] () -- C:\Users\user\ntuser.dat.LOG1 [2010/10/21 15:50:36 | 000,065,536 | -HS- | C] () -- C:\Users\user\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010/10/21 15:50:36 | 000,000,020 | -HS- | C] () -- C:\Users\user\ntuser.ini [2010/10/21 15:50:36 | 000,000,000 | -HS- | C] () -- C:\Users\user\ntuser.dat.LOG2 [2010/10/21 15:50:35 | 001,572,864 | -HS- | C] () -- C:\Users\user\ntuser.dat [2010/10/21 15:41:22 | 1602,691,072 | -HS- | C] () -- C:\hiberfil.sys [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/07/14 02:41:57 | 000,000,174 | -HS- | C] () -- C:\Arquivos de Programas\desktop.ini [2009/07/14 00:04:57 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2009/07/14 00:04:23 | 000,000,478 | ---- | C] () -- C:\Windows\win.ini [2009/07/14 00:04:23 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini [2009/07/13 21:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/13 21:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009/07/13 19:40:44 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys [2009/07/13 19:40:43 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS [2009/07/13 19:40:43 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS [2009/07/13 19:40:41 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS [2009/07/13 19:40:40 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS [2009/07/13 19:40:39 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS [2009/07/13 19:40:35 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS [2009/07/13 19:40:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS [2009/07/13 19:40:27 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS [2009/07/13 19:40:23 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS [2009/07/13 19:40:19 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS [2009/07/13 19:40:17 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS [2009/07/13 19:40:15 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS [2009/07/13 19:40:13 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS [2009/07/13 19:40:11 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS [2009/07/13 19:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll [2009/07/13 18:29:46 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll [2009/06/10 19:39:59 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini ========== LOP Check ========== [2010/10/21 16:12:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Foxit Software [2009/07/14 02:53:46 | 000,025,314 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Files - Unicode (All) ========== [2011/01/11 09:09:01 | 000,513,897 | ---- | C] ()(C:\Users\user\Documents\Assist?ncia_farmac?utica_na_aten??o_?_sa?de_-_FUNED_Corrigido.pdf) -- C:\Users\user\Documents\Assist↑ncia_farmac↑utica_na_aten ̄o_¢_sade_-_FUNED_Corrigido.pdf [2011/01/10 20:07:08 | 000,513,897 | ---- | M] ()(C:\Users\user\Documents\Assist?ncia_farmac?utica_na_aten??o_?_sa?de_-_FUNED_Corrigido.pdf) -- C:\Users\user\Documents\Assist↑ncia_farmac↑utica_na_aten ̄o_¢_sade_-_FUNED_Corrigido.pdf ========== Alternate Data Streams ========== @Alternate Data Stream - 304 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst @Alternate Data Stream - 2 bytes -> C:\Windows\System32:BC3BD2D8_Cef.gbp @Alternate Data Stream - 2 bytes -> C:\Windows\System32:BC3BD2D8_Bb.gbp @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2B11E0DF < End of report > Compartilhar este post Link para o post Compartilhar em outros sites
Renato Utsch 24 Denunciar post Postado Janeiro 25, 2011 Olá! Desculpe-me pela demora para responder... Por favor, siga as instruções abaixo e poste os logs dos programas gerados (com o ad-remover, utilize a opção Clean): Tutorial do Ad-Remover Tutorial do Malwarebyte's Anti-Malware Tutorial do Kaspersky Virus Removal Tool Abraços :D Compartilhar este post Link para o post Compartilhar em outros sites
Ionara 2 Denunciar post Postado Janeiro 30, 2011 Boa tarde, O malwarebytes não detectou nada, segue abaixo log do ADR, não estou conseguindo baixar o kasperski, estou sem acelerador de download e está muito demorado, qual acelerador poderia usar? ======= REPORT FROM AD-REMOVER 2.0.0.2,D | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 20/01/11 at 19:00 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 19:01:00 on 30/01/2011, Normal boot Microsoft Windows 7 Ultimate (X86) user@USER-PC (ASUSTeK Computer INC. 1201HA) ============== ACTION(S) ============== (!) -- Temporary files deleted. ============== ADDITIONNAL SCAN ============== ** Internet Explorer Version [8.0.7600.16385] ** [HKCU\Software\Microsoft\Internet Explorer\Main] Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\Windows\system32\blank.htm Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Show_ToolBar: yes Start Page: hxxp://fr.msn.com/ [HKLM\Software\Microsoft\Internet Explorer\Main] AutoHide: yes Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Delete_Temp_Files_On_Exit: yes Local Page: C:\Windows\System32\blank.htm Search bar: hxxp://search.msn.com/spbasic.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://fr.msn.com/ [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm ======================================== C:\Program Files\Ad-Remover\Quarantine: 0 File(s) C:\Program Files\Ad-Remover\Backup: 14 File(s) C:\Ad-Report-CLEAN[1].txt - 30/01/2011 (1732 Byte(s)) End at: 19:05:22, 30/01/2011 ============== E.O.F ============== Compartilhar este post Link para o post Compartilhar em outros sites
Renato Utsch 24 Denunciar post Postado Fevereiro 2, 2011 Olá! Será que não dava para você deixar baixando? Tente em um dos links abaixo: http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/ http://www.softpedia.com/get/Antivirus/Kaspersky-Virus-Removal-Tool.shtml Abraços :D Compartilhar este post Link para o post Compartilhar em outros sites
Ionara 2 Denunciar post Postado Fevereiro 6, 2011 Boa tarde, sempre que tento baixar o kaspersky, mesmo renomeando o arquivo como o tutorial indica, no momento de executar sempre resulta em arquivo corrompido... tentei o download dos sites que indicou e também direto do kaspersky... O que pode estar acontecendo? Compartilhar este post Link para o post Compartilhar em outros sites
Renato Utsch 24 Denunciar post Postado Fevereiro 8, 2011 Olá! Seu IE ainda está com problemas? Talvez seja o caso de desativar complementos que estejam dando problema, pois não consigo detectar nada no seu PC. Abraços :D Compartilhar este post Link para o post Compartilhar em outros sites
Ionara 2 Denunciar post Postado Fevereiro 10, 2011 Boa tarde, ainda continuo tendo problemas com downloads, baixei o kaspersky removal em outro pc e o mesmo não detectou nada. Quais complementos poderiam interferir? Você poderia listá-los? Compartilhar este post Link para o post Compartilhar em outros sites
Renato Utsch 24 Denunciar post Postado Fevereiro 14, 2011 Olá! Por favor, siga as instruções abaixo ATENTAMENTE: PS: Não se esqueça de marcar as entradas em vermelho (se existirem) com vermelho: Faça o Download do GMER e salve no seu Desktop. Extraia/tire do zip o arquivo para uma pasta própria. Feito isso, desligue o PC da Internet e feche todos os programas. Existe uma pequena hipótese desta aplicação desligar o seu PC. Por isso, salve qualquer trabalho que tenha aberto. Clique duas vezes em Se lhe for perguntado, permita que o driver gmer.sys seja rodado. Se receber um aviso acerca de atividade de rootkit e se quer fazer um scan clique em NO. Clique nas setas ao lado de Rootkit/Malware No lado direito (debaixo de file, desmarque todos os drives exceto os seus discos, usualmente o C:\). Certifique-se que todas as outras caixas, do lado direito do ecrã estejam marcadas, EXCETO para Show All Clique em Scan e aguarde que o scan seja efetuado. Nota: Antes do scan, certifique-se que todos os outros programas estejam fechados. Também não use o computador durante o scan. Quando terminar, clique no botão Copiar e depois clique com o botão direito no seu Desktop, escolha Novo e depois -> Documento de Texto. Ao ter criado o arquivo, abra-o e novamente botão direito do mouse clique Colar ou Ctrl+V. Não se esqueça de colorir as linhas que aparecerem em vermelho com a tag [ color=red]linha que apareceu em vermelho[/color] (sem o espaço entre [ e color). Salve o arquivo como gmer.txt e poste o conteúdo em sua próxima resposta. Nota: Caso tenha problemas, tente executar o GMER em Modo Seguro (apertando F8, ou F5 em alguns computadores enquanto o computador liga) Importante! Por favor não marque a caixa "Show all" durante o scan. Depois, poste um novo log do DDS. Abraços :D Compartilhar este post Link para o post Compartilhar em outros sites
