[Resolvido] &nbspNotebook com virus Abnow.com

isaiaslopes3 · Março 10, 2012

olá. acabei de voltar do trabalho e quando fui pra internet, o avira começou a indicar que o notebook está cheio de vírus. quando fui pro google pesquisar uns arquivos .exe que vi no meu gerenciador de tarefas, me deparo com a situação que todos os links que aparecem no google estão sendo redirecionados pro site abnow.com.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:51:30, on 10/03/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Last.fm\LastFM.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.upe.br:9000

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: (no name) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehCef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll

O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

O23 - Service: Avira Programador (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe

O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe

O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe

O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 10170 bytes

Log do MBRScan

MBRScan v1.1.1

OS             : Windows Vista Service Pack 2 (32 bit)
PROCESSOR      : x86 Family 6 Model 15 Stepping 13, GenuineIntel
BOOT           : Normal Boot
DATE           : 2012/03/10 (ISO 8601) at 18:09:59
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __SAMSUNG HM160HI (HH10)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	149.1 Go  [Fixed] ==> Vista MBR Code

MBR_MD5   : 20D2A9C039755E2902D36B07D34E052B
MBR_SHA1  : DAAA688C1AC2F4539004314DD306B14BB55FD5C6

Device\Harddisk0\Partition1	9.20 Go  	0x27 RE Hidden partition 
Device\Harddisk0\Partition2	139.8 Go  	0x07 NTFS / HPFS __ BOOTABLE __
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\Windows\System32\Drivers\dump_iaStor.sys => Invisible on the disk
ADDRESS : 0x8990D000
SIZE    : 824.0 Ko

SystemStartOptions : /NOEXECUTE=OPTIN

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.Ð¼.|.À.Ø¾.|¿.
0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..
0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 10 01 83 C5 10   ½¾..~..|......Å.
0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..
0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.
0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t
0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.
0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..ë.¸..».|.V.
0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1E FE   .v..N..n.Í.fas.þ
0x000000A0   4E 11 0F 85 0C 00 80 7E 00 80 0F 84 8A 00 B2 80   N......~......².
0x000000B0   EB 82 55 32 E4 8A 56 00 CD 13 5D EB 9C 81 3E FE   ë.U2ä.V.Í.]ë..>þ
0x000000C0   7D 55 AA 75 6E FF 76 00 E8 8A 00 0F 85 15 00 B0   }Uªun.v.è......°
0x000000D0   D1 E6 64 E8 7F 00 B0 DF E6 60 E8 78 00 B0 FF E6   Ñædè..°ßæ`èx.°.æ
0x000000E0   64 E8 71 00 B8 00 BB CD 1A 66 23 C0 75 3B 66 81   dèq.¸.»Í.f#Àu;f.
0x000000F0   FB 54 43 50 41 75 32 81 F9 02 01 72 2C 66 68 07   ûTCPAu2.ù..r,fh.
0x00000100   BB 00 00 66 68 00 02 00 00 66 68 08 00 00 00 66   »..fh....fh....f
0x00000110   53 66 53 66 55 66 68 00 00 00 00 66 68 00 7C 00   SfSfUfh....fh.|.
0x00000120   00 66 61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00   .fah...Í.Z2öê.|.
0x00000130   00 CD 18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07   .Í..·.ë..¶.ë..µ.
0x00000140   32 E4 05 00 07 8B F0 AC 3C 00 74 FC BB 07 00 B4   2ä....ð¬<.tü»..´
0x00000150   0E CD 10 EB F2 2B C9 E4 64 EB 00 24 02 E0 F8 24   .Í.ëò+Éädë.$.àø$
0x00000160   02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69 74   .ÃInvalid partit
0x00000170   69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 20   ion table.Error 
0x00000180   6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 6E   loading operatin
0x00000190   67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E 67   g system.Missing
0x000001A0   20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 65    operating syste
0x000001B0   6D 00 00 00 00 62 7A 99 5D 2E A1 11 00 00 00 20   m....bz.].¡.... 
0x000001C0   21 00 27 FE FF FF 00 08 00 00 00 80 26 01 80 FE   !.'þ........&..þ
0x000001D0   FF FF 07 FE FF FF 00 88 26 01 B0 0E 7B 11 00 00   ...þ....&.°.{...
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

Log do Farbar:

Farbar Service Scanner Version: 01-03-2012

Ran by ISAIAS (administrator) on 10-03-2012 at 18:14:09

Running from "C:\Users\ISAIAS\Desktop"

Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

MpsSvc Service is not running. Checking service configuration:

Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

Checking Start type: Attention! Unable to open WinDefend registry key. The service key does not exist.

Checking ImagePath: Attention! Unable to open WinDefend registry key. The service key does not exist.

Checking ServiceDll: Attention! Unable to open WinDefend registry key. The service key does not exist.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcsvc.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll => MD5 is legit

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

wings · Março 10, 2012

Olá isaiaslopes3

1.

*Baixe o OTL e salve-o no desktop

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

*Selecione:

Verificar All Users

Ignorar Arquivos Microsoft

Usar WhiteList para Nomes de Companhias

Verificar Lop

Verificar Purity

*Clique [Verificar] e cole os relatórios OTL.txt e Extras.txt criados no desktop

*Caso os relatórios sejam grandes, acesse este link

*Clique Properties e ao lado de Lifetime escolha 2

*Clique [selecionar arquivo...], localize o relatório OTL.txt no desktop e clique [Abrir]

*No final da página, clique [upload File]

*Cole o link criado ao lado de Download link:

*Repita o procedimento para o relatório Extras.txt

isaiaslopes3 · Março 11, 2012

OTL logfile created on: 10/03/2012 21:05:39 - Run 1

OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\ISAIAS\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1,87 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 48,82% Memory free

3,98 Gb Paging File | 2,76 Gb Available in Paging File | 69,43% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 139,85 Gb Total Space | 32,31 Gb Free Space | 23,10% Space Free | Partition Type: NTFS

Computer Name: ISAIAS-PC | User Name: ISAIAS | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/10 20:52:14 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\ISAIAS\Desktop\OTL.exe

PRC - [2012/02/17 23:15:30 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe

PRC - [2012/01/11 15:02:56 | 000,194,904 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe

PRC - [2011/12/16 09:53:39 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

PRC - [2011/12/16 09:53:29 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

PRC - [2011/12/16 09:53:18 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011/12/16 09:53:18 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/04/16 22:12:18 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

PRC - [2009/04/11 03:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Sidebar\sidebar.exe

PRC - [2009/04/11 03:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Arquivos de programas\Spybot - Search & Destroy\SDWinSec.exe

PRC - [2008/08/06 18:06:44 | 001,771,360 | ---- | M] (Sony Corporation) -- C:\Arquivos de programas\Sony\VAIO Power Management\SPMgr.exe

PRC - [2008/08/06 18:06:42 | 000,411,488 | ---- | M] (Sony Corporation) -- C:\Arquivos de programas\Sony\VAIO Power Management\SPMService.exe

PRC - [2008/07/15 18:04:08 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Arquivos de programas\Sony\VAIO Event Service\VESMgr.exe

PRC - [2008/07/15 18:04:08 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Arquivos de programas\Sony\VAIO Event Service\VESMgrSub.exe

PRC - [2008/07/03 03:06:17 | 000,104,992 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE

PRC - [2008/06/20 08:56:44 | 000,415,744 | ---- | M] (Sony Corporation) -- C:\Arquivos de programas\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

PRC - [2008/06/19 08:55:48 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Arquivos de programas\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

PRC - [2008/06/11 19:46:10 | 000,866,144 | ---- | M] (Sony Corporation) -- C:\Arquivos de programas\Sony\VAIO Update 4\VAIOUpdt.exe

PRC - [2008/05/22 14:23:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Arquivos de programas\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

PRC - [2008/03/25 14:32:18 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Arquivos de programas\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe

PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Arquivos de programas\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

PRC - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Arquivos de programas\Common Files\InterVideo\RegMgr\iviRegMgr.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/24 22:29:51 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll

MOD - [2012/02/17 23:15:29 | 001,911,768 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\mozjs.dll

MOD - [2012/02/16 09:48:07 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\0c0985a86f0aa0d6aafe90ccdb1ca856\System.IdentityModel.Selectors.ni.dll

MOD - [2012/02/16 09:48:06 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c12259751030b8fb693006bb6e7dd55f\System.IdentityModel.ni.dll

MOD - [2012/02/16 09:48:04 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a4b9d424cd4509b6b76fba81f347f561\System.Runtime.Serialization.ni.dll

MOD - [2012/02/16 09:48:02 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\696e2d9a6491947cd89ead8cc4cc658a\SMDiagnostics.ni.dll

MOD - [2012/02/16 09:48:00 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\effa6ad5369cea835146937a5635275b\System.ServiceModel.ni.dll

MOD - [2012/02/16 09:47:13 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2598077ccea480c6120d3a1ad4455be0\System.Web.ni.dll

MOD - [2012/02/16 09:46:55 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll

MOD - [2012/02/16 09:22:15 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll

MOD - [2012/02/16 09:21:34 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll

MOD - [2012/02/16 09:21:19 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll

MOD - [2012/02/16 09:19:39 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll

MOD - [2011/10/14 08:10:51 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll

MOD - [2011/02/03 16:59:22 | 000,004,096 | ---- | M] () -- C:\Arquivos de programas\Yuna Software\Messenger Plus!\Detoured.dll

MOD - [2009/12/09 03:50:04 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_pt-BR_b77a5c561934e089\System.ServiceModel.resources.dll

MOD - [2009/03/31 15:04:25 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll

MOD - [2008/09/03 13:59:25 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll

MOD - [2008/09/03 13:59:25 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll

MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Arquivos de programas\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/01/11 15:02:56 | 000,194,904 | ---- | M] ( ) [Auto | Running] -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe -- (GbpSv)

SRV - [2011/12/16 09:53:29 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011/12/16 09:53:18 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009/09/26 13:50:12 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)

SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Arquivos de Programas\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

SRV - [2009/01/21 13:08:06 | 001,095,560 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Arquivos de Programas\Spyware Doctor\pctsSvc.exe -- (sdCoreService)

SRV - [2009/01/07 12:40:56 | 000,348,752 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Arquivos de Programas\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)

SRV - [2008/10/03 14:30:41 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2008/08/06 18:06:42 | 000,411,488 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)

SRV - [2008/07/15 18:04:08 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Arquivos de Programas\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)

SRV - [2008/07/03 03:06:17 | 000,104,992 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService)

SRV - [2008/06/20 08:56:44 | 000,415,744 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)

SRV - [2008/06/19 08:55:48 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)

SRV - [2008/06/11 23:13:24 | 000,337,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)

SRV - [2008/06/11 23:10:48 | 000,083,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)

SRV - [2008/05/22 14:23:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)

SRV - [2008/05/22 14:21:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)

SRV - [2008/05/20 19:05:40 | 000,353,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)

SRV - [2008/05/20 19:05:40 | 000,103,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)

SRV - [2008/05/20 19:05:40 | 000,062,752 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)

SRV - [2008/05/20 01:51:34 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)

SRV - [2008/05/20 01:49:04 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)

SRV - [2008/05/20 01:29:06 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)

SRV - [2008/03/25 14:32:18 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Arquivos de Programas\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe -- (uCamMonitor)

SRV - [2008/01/20 23:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008/01/20 23:32:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2008/01/20 23:32:50 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Arquivos de Programas\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)

SRV - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NDISKIO)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (hwdatacard)

DRV - [2012/02/15 21:38:45 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/12/21 16:32:06 | 000,045,896 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\gbpkm.sys -- (GbpKm)

DRV - [2011/12/16 09:53:39 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011/12/16 09:53:39 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/04/03 11:18:26 | 000,130,936 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)

DRV - [2008/07/11 16:42:58 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)

DRV - [2008/06/27 21:33:45 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2008/06/20 21:03:04 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)

DRV - [2008/06/09 21:04:47 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2008/06/06 21:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)

DRV - [2008/03/10 08:01:26 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)

DRV - [2008/01/30 17:33:28 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)

DRV - [2008/01/24 23:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2007/11/02 10:47:38 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s916mdm.sys -- (s916mdm)

DRV - [2007/11/02 10:47:38 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s916bus.sys -- (s916bus) Sony Ericsson Device 916 driver (WDM)

DRV - [2007/11/02 10:47:38 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s916mdfl.sys -- (s916mdfl)

DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2233703

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3892671904-924784273-1446608767-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-3892671904-924784273-1446608767-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data over 100 bytes]

IE - HKU\S-1-5-21-3892671904-924784273-1446608767-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-3892671904-924784273-1446608767-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/

IE - HKU\S-1-5-21-3892671904-924784273-1446608767-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br

IE - HKU\S-1-5-21-3892671904-924784273-1446608767-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EF 2C 36 33 D7 00 CB 01 [binary data]

IE - HKU\S-1-5-21-3892671904-924784273-1446608767-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-3892671904-924784273-1446608767-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-3892671904-924784273-1446608767-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-3892671904-924784273-1446608767-1000\..\URLSearchHook: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - No CLSID value found

IE - HKU\S-1-5-21-3892671904-924784273-1446608767-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de Programas\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-3892671904-924784273-1446608767-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-3892671904-924784273-1446608767-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IEFM1&src=IE-SearchBox

IE - HKU\S-1-5-21-3892671904-924784273-1446608767-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com.br/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_pt-BR

IE - HKU\S-1-5-21-3892671904-924784273-1446608767-1000\..\SearchScopes\{93D338C5-4995-4C17-940A-15DB6907DC78}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-3892671904-924784273-1446608767-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2233703

IE - HKU\S-1-5-21-3892671904-924784273-1446608767-1000\..\SearchScopes\{D3A914FF-4880-4C5D-BE75-7171BD884C4D}: "URL" = http://br.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}

IE - HKU\S-1-5-21-3892671904-924784273-1446608767-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3892671904-924784273-1446608767-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.upe.br:9000

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=386496&ilc=12"

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..browser.startup.homepage: "http://www.google.com.br/"

FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886C}:1.0.18.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..keyword.URL: "http://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/17 23:15:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/30 15:25:03 | 000,000,000 | ---D | M]

[2010/02/02 12:33:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ISAIAS\AppData\Roaming\mozilla\Extensions

[2012/01/18 13:36:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ISAIAS\AppData\Roaming\mozilla\Firefox\Profiles\lrdbzwws.default\extensions

[2011/02/26 20:35:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\ISAIAS\AppData\Roaming\mozilla\Firefox\Profiles\lrdbzwws.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2012/01/18 13:36:05 | 000,000,000 | ---D | M] (Modulo de Seguranca - Banco do Brasil) -- C:\Users\ISAIAS\AppData\Roaming\mozilla\Firefox\Profiles\lrdbzwws.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}

[2012/01/18 13:34:57 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\extensions

() (No name found) -- C:\USERS\ISAIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LRDBZWWS.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI

[2012/02/17 23:15:30 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012/02/14 20:29:45 | 000,001,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\buscape.xml

[2012/02/14 20:29:45 | 000,001,212 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml

[2012/02/14 20:29:45 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

[2012/02/14 20:29:45 | 000,001,168 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-br.xml

[2012/02/14 20:29:45 | 000,000,952 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: ([2012/01/08 11:25:10 | 000,000,698 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de Programas\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de Programas\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de Programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Auxiliar de Conexão do Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de Programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de Programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de Programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de Programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Barra de Ferramentas do Yahoo!) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de Programas\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKU\S-1-5-21-3892671904-924784273-1446608767-1000\..\Toolbar\WebBrowser: (no name) - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - No CLSID value found.

O3 - HKU\S-1-5-21-3892671904-924784273-1446608767-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de Programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3892671904-924784273-1446608767-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found

O9 - Extra Button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de Programas\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de Programas\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de Programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de Programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Arquivos de Programas\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-3892671904-924784273-1446608767-1000\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)

O15 - HKU\S-1-5-21-3892671904-924784273-1446608767-1000\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)

O15 - HKU\S-1-5-21-3892671904-924784273-1446608767-1000\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)

O15 - HKU\S-1-5-21-3892671904-924784273-1446608767-1000\..Trusted Domains: bb.com.br ([www] * in Trusted sites)

O15 - HKU\S-1-5-21-3892671904-924784273-1446608767-1000\..Trusted Domains: caixa.gov.br ([internetbanking] https in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.124.128.32 189.124.128.33 189.124.128.34

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{658BD3FE-5E57-4930-85FE-EF18F637B1A7}: DhcpNameServer = 169.254.137.10 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{803A8E8F-63A9-4E12-AD24-5FC7651E7FD0}: DhcpNameServer = 189.124.128.32 189.124.128.33 189.124.128.34

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Arquivos de Programas\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de Programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKU\S-1-5-21-3892671904-924784273-1446608767-1000 Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files\GbPlugin\gbieh.dll) - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil)

O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Program Files\GbPlugin\gbiehCef.dll) - C:\Arquivos de Programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)

O24 - Desktop WallPaper:

O24 - Desktop BackupWallPaper:

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Arquivos de Programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 18:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/10 20:51:58 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\ISAIAS\Desktop\OTL.exe

[2012/03/10 12:43:18 | 000,000,000 | -HSD | C] -- C:\Users\ISAIAS\AppData\Local\47df7cd1

[2012/02/10 22:09:48 | 000,000,000 | ---D | C] -- C:\Users\ISAIAS\AppData\Roaming\Avira

[2012/02/10 22:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2012/02/10 22:04:15 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2012/02/10 22:04:13 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2012/02/10 22:04:13 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2012/02/10 22:04:13 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys

[2012/02/10 22:04:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2012/02/10 22:04:07 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

========== Files - Modified Within 30 Days ==========

[2012/03/10 20:59:01 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/03/10 20:53:48 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/03/10 20:53:48 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/03/10 20:52:45 | 000,302,592 | ---- | M] () -- C:\Users\ISAIAS\Desktop\b12xob5d.exe

[2012/03/10 20:52:14 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\ISAIAS\Desktop\OTL.exe

[2012/03/10 18:54:15 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

[2012/03/10 18:54:14 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/03/10 18:53:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/03/10 18:53:28 | 2008,059,904 | -HS- | M] () -- C:\hiberfil.sys

[2012/03/10 18:53:24 | 157,600,188 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/03/10 18:09:59 | 000,000,512 | ---- | M] () -- C:\Users\ISAIAS\Desktop\Dump_Hdd0_DR0.mbr

[2012/03/09 21:55:30 | 000,142,848 | ---- | M] () -- C:\Users\ISAIAS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/03/06 19:44:44 | 001,754,063 | ---- | M] () -- C:\Users\ISAIAS\Documents\Historico Gentil [Modo de Compatibilidade].pdf

[2012/02/24 22:34:00 | 000,643,556 | ---- | M] () -- C:\Windows\System32\prfh0416.dat

[2012/02/24 22:34:00 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/02/24 22:34:00 | 000,125,060 | ---- | M] () -- C:\Windows\System32\prfc0416.dat

[2012/02/24 22:34:00 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/02/16 09:16:18 | 000,405,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/02/15 21:38:45 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2012/02/12 23:51:40 | 000,007,511 | ---- | M] () -- C:\Users\ISAIAS\Desktop\CERTIDÃO DE ANTECEDENTES CRIMINAIS.pdf

[2012/02/12 08:45:05 | 047,532,276 | ---- | M] () -- C:\Users\ISAIAS\Desktop\Dorgival Dantas - CD 2010 - By AmaroCds.rar

[2012/02/12 08:39:12 | 032,870,292 | ---- | M] () -- C:\Users\ISAIAS\Desktop\Dorgival Dantas - O Melhor do Xote e Forró - Top 10.rar

[2012/02/10 22:04:24 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

========== Files Created - No Company Name ==========

[2012/03/10 20:52:43 | 000,302,592 | ---- | C] () -- C:\Users\ISAIAS\Desktop\b12xob5d.exe

[2012/03/10 18:53:24 | 157,600,188 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2012/03/10 18:05:47 | 000,000,512 | ---- | C] () -- C:\Users\ISAIAS\Desktop\Dump_Hdd0_DR0.mbr

[2012/03/06 19:44:43 | 001,754,063 | ---- | C] () -- C:\Users\ISAIAS\Documents\Historico Gentil [Modo de Compatibilidade].pdf

[2012/02/12 23:51:40 | 000,007,511 | ---- | C] () -- C:\Users\ISAIAS\Desktop\CERTIDÃO DE ANTECEDENTES CRIMINAIS.pdf

[2012/02/12 08:43:06 | 047,532,276 | ---- | C] () -- C:\Users\ISAIAS\Desktop\Dorgival Dantas - CD 2010 - By AmaroCds.rar

[2012/02/12 08:37:57 | 032,870,292 | ---- | C] () -- C:\Users\ISAIAS\Desktop\Dorgival Dantas - O Melhor do Xote e Forró - Top 10.rar

[2012/02/10 22:04:24 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2011/11/05 20:55:10 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini

[2011/07/24 15:43:10 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2011/07/24 15:43:08 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2011/07/24 15:43:08 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2011/07/24 15:43:07 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2011/07/24 15:43:04 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

========== LOP Check ==========

[2011/11/05 20:33:03 | 000,000,000 | ---D | M] -- C:\Users\ISAIAS\AppData\Roaming\Audacity

[2009/09/26 13:56:51 | 000,000,000 | ---D | M] -- C:\Users\ISAIAS\AppData\Roaming\Autodesk

[2009/04/20 18:38:39 | 000,000,000 | ---D | M] -- C:\Users\ISAIAS\AppData\Roaming\FFSJ

[2009/05/02 23:23:34 | 000,000,000 | ---D | M] -- C:\Users\ISAIAS\AppData\Roaming\GrabPro

[2009/03/31 15:40:49 | 000,000,000 | ---D | M] -- C:\Users\ISAIAS\AppData\Roaming\InterVideo

[2009/07/06 15:37:59 | 000,000,000 | ---D | M] -- C:\Users\ISAIAS\AppData\Roaming\Jubler

[2009/06/24 18:37:47 | 000,000,000 | ---D | M] -- C:\Users\ISAIAS\AppData\Roaming\Kingston

[2010/12/24 18:18:46 | 000,000,000 | ---D | M] -- C:\Users\ISAIAS\AppData\Roaming\Lightcomm

[2010/03/05 12:50:56 | 000,000,000 | ---D | M] -- C:\Users\ISAIAS\AppData\Roaming\Lite

[2009/05/03 14:17:33 | 000,000,000 | ---D | M] -- C:\Users\ISAIAS\AppData\Roaming\Orbit

[2009/05/05 16:30:41 | 000,000,000 | ---D | M] -- C:\Users\ISAIAS\AppData\Roaming\pschmid.net

[2012/03/06 00:05:21 | 000,000,000 | ---D | M] -- C:\Users\ISAIAS\AppData\Roaming\uTorrent

[2009/06/24 17:37:12 | 000,000,000 | ---D | M] -- C:\Users\ISAIAS\AppData\Roaming\Windows Live Writer

[2012/03/09 23:23:46 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 310 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst

@Alternate Data Stream - 2 bytes -> C:\Windows\System32:53CA9438_Cef.gbp

@Alternate Data Stream - 2 bytes -> C:\Windows\System32:53CA9438_Bb.gbp

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A8ADE5D8

@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

OTL Extras logfile created on: 10/03/2012 21:05:39 - Run 1

OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\ISAIAS\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1,87 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 48,82% Memory free

3,98 Gb Paging File | 2,76 Gb Available in Paging File | 69,43% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 139,85 Gb Total Space | 32,31 Gb Free Space | 23,10% Space Free | Partition Type: NTFS

Computer Name: ISAIAS-PC | User Name: ISAIAS | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3892671904-924784273-1446608767-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.scr [@ = scrfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 1

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3892671904-924784273-1446608767-1000]

"EnableNotifications" = 1

"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0656D1F9-7061-4A2B-9866-E41DB1831421}" = lport=138 | protocol=17 | dir=in | app=system |

"{08783503-D94A-419C-B113-B605F4D56F9B}" = rport=445 | protocol=6 | dir=out | app=system |

"{1A52083B-2584-4722-A8AA-E7BA67C7BF42}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |

"{468364BC-6FE6-4B1F-A942-AFF48218523F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{4851BE8C-D491-46BE-8F56-70B818A016EF}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{4C792B53-6CF9-4625-9223-0FFDF7A6B82A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{56E11541-D071-4363-8AEF-D1E0E28EBF86}" = lport=2869 | protocol=6 | dir=in | app=system |

"{58939595-90EB-4627-877C-71E599EAADAC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{5A6AAB7E-D2E3-433B-97A9-50C0063A61A7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{7CE53720-90DE-4774-8F53-307D3F42C223}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |

"{85048C5B-B4AE-41F2-838D-53B392CC7952}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{9BC228AC-5DD4-433D-910B-E4B323A7CC53}" = lport=137 | protocol=17 | dir=in | app=system |

"{A0A588A2-BC37-4BA8-B9FC-B5ED96B19AB3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{A882D4CF-47E8-4D35-9162-AB48C07485AC}" = rport=137 | protocol=17 | dir=out | app=system |

"{AD9D4929-AB70-4513-8230-ACB2F951EC25}" = lport=445 | protocol=6 | dir=in | app=system |

"{BD47C820-D437-4878-95A2-16D7545AA394}" = rport=139 | protocol=6 | dir=out | app=system |

"{C30D3C89-8D63-4E9D-B069-5373E0ED9D33}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{C57E2D4D-643B-4F09-AE18-2EA339BE55B0}" = rport=138 | protocol=17 | dir=out | app=system |

"{CCA1FB91-442B-4752-B54B-793A2F6008E7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |

"{E9954118-C297-42F7-971C-543F72CE2F63}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{EE30C486-E49C-4F1F-A873-A026C57F2A26}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |

"{EE5F2BDA-573E-4A12-AF9E-9F38C003F962}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |

"{F8EDEF97-810F-4041-98E5-D398557B16AA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |

"{FA60D89D-9603-443F-98F6-39E27504F332}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{4C2ACF94-A4E8-4C25-983A-D4B05EEE578D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{52CE6D54-4BF0-4ECF-881A-9651505E9DCD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{7A6E0F90-8758-4DD9-A761-C73C0A6C234A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{7C228617-1673-489B-B2DC-60B5536CFF0F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{A2B91669-04FF-4830-BF3D-A6C169C22CB7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{C270A5B7-944C-41CD-B391-0A27FAFC23C7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"{DEC50783-066D-45A8-9688-085357B07E66}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{EC6ECF4A-4636-4BCF-9399-B08236F8377E}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{EDF95381-E457-4F43-A017-D26BB5FF6CC3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{F1CCD746-AEFA-43FA-9797-B9D389F18473}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |

"{FB7AD794-5608-4DC1-AD97-AC0A33588C8A}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"TCP Query User{0CECA7F2-0469-4B11-9742-90B78B1A7085}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |

"TCP Query User{15F8F9B1-3589-4778-8337-41EC03812504}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe |

"TCP Query User{428ED7F9-A686-4007-A650-75A18C8D4AA0}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"TCP Query User{6079D65E-F7B6-449E-92C5-6127E30E3F66}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"TCP Query User{AA97F7AB-05C6-4C18-A9AB-C03C1B50B461}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"TCP Query User{DC6AE02C-08E4-4835-8B71-C0D0C132F0ED}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |

"TCP Query User{F1BCF698-0106-4BD2-B521-ED3FBC9D4472}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |

"UDP Query User{09E1D67C-3A6B-447A-8B69-DE8F09326AA2}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"UDP Query User{48FE3C71-79F5-431E-9EFF-8BF124F0D6EF}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"UDP Query User{77768EFE-6E6D-4EE4-9992-D36BD6B8D5FB}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |

"UDP Query User{78D752E2-980E-4381-9564-0AF3F20D55EB}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |

"UDP Query User{81C845BA-E9EC-48F0-9B23-80314A8051D2}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe |

"UDP Query User{E0FCC238-3C7A-46EA-A92A-4A6A50B097A4}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |

"UDP Query User{F59BF4BE-CD7C-4C93-A89B-D71DC6B616E6}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Assistente de Conexão do Windows Live ID

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data

"{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials

"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp

"{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus

"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch

"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo

"{1438B41C-658C-35B7-9253-780F2E0A0B8E}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ptb

"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher

"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin

"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools

"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = VAIO Presentation Support

"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

"{20A15757-4AE4-3C82-9711-863C84AFE6AA}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack

"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 29

"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg

"{2DF215E0-BD3C-4C98-8616-AFEF09747285}" = Windows Live Sync

"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6

"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey

"{363611D9-1106-41F2-B74E-BD8481C41219}" = Click to Disc

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0

"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing

"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor

"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox

"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ

"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport

"{5783F2D7-4001-0409-0002-0060B0CE6BBA}" = AutoCAD 2006 - English

"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = Ferramenta de Restauração de Dados VAIO

"{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call

"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic

"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =

"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management

"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform

"{6C50525A-2D77-4C22-B058-9AA2F27ACFF2}" = VAIO Content Metadata Intelligent Analyzing Manager

"{6D4A54DD-C9E2-4647-B872-2E83C188584B}" = Windows Live Movie Maker

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center

"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio

"{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects

"{7E823DA5-43A2-46E8-A75E-5A2A0FDE81A1}" = VAIO Content Metadata Manager Setting

"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01

"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01

"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{87A9C015-C2BA-44EE-9C20-6E1A764B8E23}" = Windows Live Galeria de Fotos

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8BD60AEF-3F9D-47AE-B80A-FB7FFCE335A0}" = VAIO Movie Story

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer

"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

"{90120000-0016-0416-0000-0000000FF1CE}_HOMESTUDENTR_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

"{90120000-0018-0416-0000-0000000FF1CE}_HOMESTUDENTR_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007

"{90120000-001B-0416-0000-0000000FF1CE}_HOMESTUDENTR_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007

"{90120000-001F-0416-0000-0000000FF1CE}_HOMESTUDENTR_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0416-0000-0000000FF1CE}" = Pacote de Compatibilidade para o sistema Office 2007

"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007

"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

"{90120000-006E-0416-0000-0000000FF1CE}_HOMESTUDENTR_{51530CD1-8244-4E0F-B536-BCCC05325C7F}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

"{90120000-00A1-0416-0000-0000000FF1CE}_HOMESTUDENTR_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{95120000-00AF-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Portuguese (Brazil))

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9555B4ED-09A3-4722-8E8C-57A49401D059}" = Windows Live Writer

"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =

"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music

"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A552C4EA-D41E-4C61-A0FB-C0E05440F7D7}" = VAIO Entertainment Platform

"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting

"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help

"{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100

"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1046-7B44-A94000000001}" = Adobe Reader 9.4.5 - Português

"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant

"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan

"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd

"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min

"{B513C7B0-024A-498F-B0F5-00C67E2440A9}" = VAIO Content Metadata Intelligent Analyzing Manager

"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy

"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.4

"{BACD22AE-5B6B-4F23-B506-3FCFF13AC137}" = VAIO Media plus

"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00

"{C50BF854-E881-434F-9C67-5A73EBB58F06}" = Windows Live Toolbar

"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service

"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software

"{CB8A8696-93EC-414E-A752-850AB133F68A}" = VAIO Content Metadata XML Interface Library

"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component

"{D2CE03FF-F1EB-4C78-907E-5F034DAC4F1E}" = VAIO OOBE and Welcome Center

"{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support

"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility

"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents

"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext

"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox

"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core

"{EE59BBF9-415C-45DB-8C4B-EE43CF635FEA}" = VAIO Content Metadata XML Interface Library

"{EE5B6291-45EF-4705-A20E-89A3C5D2F87E}" = Microsoft Works

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0

"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =

"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE

"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates

"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0

"{FD72E69E-CF34-4071-BFD6-FD081A365E2C}" = VAIO Content Metadata Intelligent Analyzing Manager

"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status

"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home

"{FE697886-F392-4E0D-A0C0-47587BF60992}" = VAIO Content Metadata Manager Setting

"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0

"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)

"Autodesk DWF Viewer" = Autodesk DWF Viewer

"Avira AntiVir Desktop" = Avira Free Antivirus

"CCleaner" = CCleaner

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP

"CutePDF Writer Installation" = CutePDF Writer 2.7

"eMule" = eMule

"EsetOnlineScanner" = ESET Online Scanner

"Free Video Converter_is1" = Free Video Converter V 2.0

"HDMI" = Intel® Graphics Media Accelerator Driver

"HijackThis" = HijackThis 2.0.2

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP Imaging Device Functions" = HP Imaging Device Functions 9.0

"HP Photosmart Essential" = HP Photosmart Essential 2.01

"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0

"HPExtendedCapabilities" = HP Customer Participation Program 9.0

"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO

"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor

"InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00

"Jubler" = Jubler subtitle editor

"Kit Velox Start_is1" = LightComm Start 1.0

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.7.0

"LastFM_is1" = Last.fm 1.5.4.27091

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware versão 1.51.1.1800

"Messenger Plus!" = Messenger Plus! 5

"Microsoft .NET Framework 3.5 Language Pack SP1 - ptb" = Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

"Mozilla Firefox 10.0.2 (x86 pt-BR)" = Mozilla Firefox 10.0.2 (x86 pt-BR)

"MV AntiSpy 4.0_is1" = MV AntiSpy 4.0

"MV RegClean 5.9_is1" = MV RegClean 5.9

"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1

"pppoe_is1" = Conexão Oi Velox

"PremElem40" = Adobe Premiere Elements 4.0

"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates

"Programador de Modem_is1" = LightModem 3.0

"Revo Uninstaller" = Revo Uninstaller 1.90

"Spyware Doctor" = Spyware Doctor 6.0

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"UserBar Generator_is1" = UserBar Generator 1.2

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = Arquivo do WinRAR

"Yahoo! Companion" = Barra de Ferramentas do Yahoo!

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3892671904-924784273-1446608767-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

wings · Março 11, 2012

1.

Abra o Spybot

No menu superior, clique em [Modo] > [Avançado] e confirme.

Clique em [Ferramentas] > [Residente]

Desmarque a opção Ativar "TeaTimer" do Residente (proteção geral das configurações de sistema).

Feche o programa.

2.

*Baixe o TDSSKiller e salve-o no desktop

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

*Clique Change parameters

*Selecione Detect TDLFS file system e clique [OK]

*Clique [start scan]

*Caso encontre algo, selecione [skip]

*Ao término, clique Report

*Cole o relatório criado em C:\TDSSKiller.txt

Caso o relatório seja grande....

*Acesse este link

*Selecione 4 jours

*Clique [Enviar arquivo]

*Localize o relatório C:\TDSSKiller.txt

*Clique [Abrir] > [Créer le lien Cjoint]

*Cole o endereço criado

isaiaslopes3 · Março 11, 2012

O outro que faltava:

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-03-10 22:27:05

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.HH10

Running: b12xob5d.exe; Driver: C:\Users\ISAIAS\AppData\Local\Temp\uwdiqpod.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x84923282]

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x84923474]

SSDT 8BA242C6 ZwCreateSection

SSDT 8BA242D0 ZwRequestWaitReplyPort

SSDT 8BA242CB ZwSetContextThread

SSDT 8BA242D5 ZwSetSecurityObject

SSDT 8BA242DA ZwSystemDebugControl

SSDT 8BA24267 ZwTerminateProcess

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8492367C]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 209 83EF998C 3 Bytes [82, 32, 92] {XOR BYTE [EDX], -0x6e}

.text ntkrnlpa.exe!KeSetEvent + 20D 83EF9990 3 Bytes [74, 34, 92] {JZ 0x36; XCHG EDX, EAX}

.text ntkrnlpa.exe!KeSetEvent + 215 83EF9998 4 Bytes [C6, 42, A2, 8B] {MOV BYTE [EDX-0x5e], 0x8b}

.text ntkrnlpa.exe!KeSetEvent + 539 83EF9CBC 4 Bytes [D0, 42, A2, 8B]

.text ntkrnlpa.exe!KeSetEvent + 56D 83EF9CF0 4 Bytes [CB, 42, A2, 8B]

.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\services.exe[720] kernel32.dll!FreeLibrary 76213FA4 5 Bytes JMP 3B68F2AB C:\Program Files\GbPlugin\gbiehCef.dll (Gbieh Module/Caixa Economica Federal)

.text C:\Windows\system32\services.exe[720] kernel32.dll!FreeLibraryAndExitThread 7621485E 5 Bytes JMP 3B68F223 C:\Program Files\GbPlugin\gbiehCef.dll (Gbieh Module/Caixa Economica Federal)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [739F7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73A4A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [739FBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [739EF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [739F75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [739EE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73A28395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [739FDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [739EFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [739EFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [739E71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73A7CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73A1C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [739ED968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [739E6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [739E687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [739F2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dinâmico/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dinâmico/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB50417$\1205828817 0 bytes

File C:\Windows\$NtUninstallKB50417$\1205828817\@ 2048 bytes

File C:\Windows\$NtUninstallKB50417$\1205828817\L 0 bytes

File C:\Windows\$NtUninstallKB50417$\1205828817\L\zjzeqzic 66560 bytes

File C:\Windows\$NtUninstallKB50417$\1205828817\loader.tlb 2632 bytes

File C:\Windows\$NtUninstallKB50417$\1205828817\U 0 bytes

File C:\Windows\$NtUninstallKB50417$\1205828817\U\@00000001 45968 bytes

File C:\Windows\$NtUninstallKB50417$\1205828817\U\@000000c0 2560 bytes

File C:\Windows\$NtUninstallKB50417$\1205828817\U\@000000cb 3072 bytes

File C:\Windows\$NtUninstallKB50417$\1205828817\U\@000000cf 1536 bytes

File C:\Windows\$NtUninstallKB50417$\1205828817\U\@80000000 73728 bytes

File C:\Windows\$NtUninstallKB50417$\1205828817\U\@800000c0 43008 bytes

File C:\Windows\$NtUninstallKB50417$\1205828817\U\@800000cb 25600 bytes

File C:\Windows\$NtUninstallKB50417$\1205828817\U\@800000cf 31232 bytes

File C:\Windows\$NtUninstallKB50417$\4118785352 0 bytes

---- EOF - GMER 1.0.15 ----

Esse última verificação nao apareceu nada.

http://cjoint.com/confirm.php?cjoint=3ClcM4oe6om

wings · Março 11, 2012

Há contaminação pelo ZeroAccess.

1.

*Delete o TDSSKiller e o arquivo C:\TDSSKiller.txt

2.

*Delete o GMER e o seu relatório

3.

*Desative temporariamente seu antivírus

*Baixe o ComboFix e salve-o no desktop

*Execute-o, aceite o contrato e aguarde a conclusão das etapas

1) Não use o mouse nem o teclado durante as etapas!!

2) Para interromper o scan, tecle N

*Cole o relatório apresentado

isaiaslopes3 · Março 11, 2012

Veja so, eu inicio o combofix, passa uns minutos e começa a aparecer uns recados dizendo que está contaminado na pilha tcp/ip e que há infecção por rootkit. Nesse ultimo recado sempre pede para eu clicar em OK para poder reiniciar o computador. Quando é reiniciado, o combofix não continua a rodar, nem gera log tambem, e eu tenho que abri-lo de novo para começar tudo novamente. Começa a aparecer os recados de novo, reiniciar, etc... ja fiz isso umas 4 vezes e nada.

wings · Março 11, 2012

É...este rootkit afetou seu firewall, o Windows Defender.

Vamos tentar um procedimento.

*Baixe o FixZeroAccess e salve-o no desktop

*Feche todos os programas ativos

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

*Clique [i Accept] > [Proceed] > [OK] e o PC será reiniciado

*Após a reinicialização a ferramenta informará o estado da contaminação

*Se nada for encontrado clique [Close], caso contrário clique [Repair]

Informe.

isaiaslopes3 · Março 11, 2012

Nenhum virus encontrado.

wings · Março 11, 2012

OK...

Delete o FixZeroAccess.

Renomeie o combofix para uninstall e execute-o.

Baixe novamente o combofix.

Entre em Modo de Segurança e execute o combofix.

isaiaslopes3 · Março 11, 2012

ocorre a mesma coisa no modo de segurança. pede para reiniciar o windows porque tem um rootkit e quando é reinicializado, o programa nao volta automaticamente para continuar de onte parou. ainda esperei uns 10 minutos pra ver se abria, mas nada.

wings · Março 11, 2012

Faça um backup dos seus arquivos pessoais.

Iremos fazer alguns procedimentos e não quero que você perca algo.

1.

*Baixe o GrantPerms e extraia para o desktop

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

*Cole as linhas em marrom no espaço

C:\Windows\$NtUninstallKB50417$

*Clique [unlock]

2.

*Execute o OTL

*Cole as linhas em marrom no espaço abaixo de Exames Personalizados/Correções:

:OTL

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NDISKIO)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (hwdatacard)

:Files

fsutil reparsepoint delete C:\Windows\$NtUninstallKB50417$ /C

C:\Windows\$NtUninstallKB50417$

:Commands

[emptytemp]

*Clique [Consertar] e o PC será reiniciado

*Cole o relatório apresentado

isaiaslopes3 · Março 11, 2012

All processes killed

========== OTL ==========

Service NwlnkFwd stopped successfully!

Service NwlnkFwd deleted successfully!

Service NwlnkFlt stopped successfully!

Service NwlnkFlt deleted successfully!

Service NDISKIO stopped successfully!

Service NDISKIO deleted successfully!

Service IpInIp stopped successfully!

Service IpInIp deleted successfully!

Service hwdatacard stopped successfully!

Service hwdatacard deleted successfully!

========== FILES ==========

< fsutil reparsepoint delete C:\Windows\$NtUninstallKB50417$ /C >

Erro: O arquivo ou pasta não é um ponto de nova análise.

C:\Users\ISAIAS\Desktop\cmd.bat deleted successfully.

C:\Users\ISAIAS\Desktop\cmd.txt deleted successfully.

C:\Windows\$NtUninstallKB50417$\1205828817\U folder moved successfully.

C:\Windows\$NtUninstallKB50417$\1205828817\L folder moved successfully.

C:\Windows\$NtUninstallKB50417$\1205828817 folder moved successfully.

C:\Windows\$NtUninstallKB50417$ folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: ISAIAS

->Temp folder emptied: 63763645 bytes

->Temporary Internet Files folder emptied: 198375015 bytes

->Java cache emptied: 511104 bytes

->FireFox cache emptied: 72579325 bytes

->Flash cache emptied: 3098277 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1759527 bytes

RecycleBin emptied: 326342370 bytes

Total Files Cleaned = 636,00 mb

OTL by OldTimer - Version 3.2.36.3 log created on 03112012_163722

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

wings · Março 11, 2012

OK...

Baixe e execute novamente o GMER e cole um novo relatório dele.

isaiaslopes3 · Março 12, 2012

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-03-11 21:28:11

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.HH10

Running: w35ocwds.exe; Driver: C:\Users\ISAIAS\AppData\Local\Temp\uwdiqpod.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x84926282]

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x84926474]

SSDT 8C027A76 ZwCreateSection

SSDT 8C027A80 ZwRequestWaitReplyPort

SSDT 8C027A7B ZwSetContextThread

SSDT 8C027A85 ZwSetSecurityObject

SSDT 8C027A8A ZwSystemDebugControl

SSDT 8C027A17 ZwTerminateProcess

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8492667C]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 209 83EED98C 3 Bytes [82, 62, 92]

.text ntkrnlpa.exe!KeSetEvent + 20D 83EED990 3 Bytes [74, 64, 92] {JZ 0x66; XCHG EDX, EAX}

.text ntkrnlpa.exe!KeSetEvent + 215 83EED998 4 Bytes [76, 7A, 02, 8C]

.text ntkrnlpa.exe!KeSetEvent + 539 83EEDCBC 4 Bytes [80, 7A, 02, 8C] {CMP BYTE [EDX+0x2], 0x8c}

.text ntkrnlpa.exe!KeSetEvent + 56D 83EEDCF0 4 Bytes [7B, 7A, 02, 8C]

.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\services.exe[672] kernel32.dll!FreeLibrary 76D53FA4 5 Bytes JMP 3B68F2AB C:\Program Files\GbPlugin\gbiehCef.dll (Gbieh Module/Caixa Economica Federal)

.text C:\Windows\system32\services.exe[672] kernel32.dll!FreeLibraryAndExitThread 76D5485E 5 Bytes JMP 3B68F223 C:\Program Files\GbPlugin\gbiehCef.dll (Gbieh Module/Caixa Economica Federal)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2460] kernel32.dll!FindResourceExA 76D3260D 7 Bytes JMP 280A78D0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2460] kernel32.dll!FindResourceA 76D326EB 5 Bytes JMP 280A7840 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2460] kernel32.dll!CreateEventA 76D546DC 5 Bytes JMP 280A6F80 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2460] kernel32.dll!LockResource 76D56AFF 5 Bytes JMP 280A7A80 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2460] kernel32.dll!FindResourceExW 76D56C1D 7 Bytes JMP 280A77C0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2460] kernel32.dll!LoadResource 76D56CFB 7 Bytes JMP 280A7960 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2460] kernel32.dll!FindResourceW 76D581C1 5 Bytes JMP 280A7740 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2460] kernel32.dll!SizeofResource 76D581DF 7 Bytes JMP 280A7A10 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2460] ADVAPI32.dll!CryptDeriveKey 770DFCAE 7 Bytes JMP 280A6A80 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2460] ADVAPI32.dll!CryptDecrypt 770DFE91 7 Bytes JMP 280A6AE0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2460] USER32.dll!CreateDialogParamW 767472A2 5 Bytes JMP 280AB810 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2460] USER32.dll!SetWindowPlacement 76747963 5 Bytes JMP 280AB6C0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2460] USER32.dll!SetWindowRgn 7674A221 7 Bytes JMP 280AB760 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2460] USER32.dll!LoadImageW 7674C9E5 5 Bytes JMP 280ABE60 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2460] USER32.dll!LoadIconW 7674DA9F 5 Bytes JMP 280ABFE0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2460] USER32.dll!CreateWindowExW 76751305 5 Bytes JMP 280A8ED0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2460] USER32.dll!GetWindowLongW 7675F8BF 7 Bytes JMP 280AC110 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2460] USER32.dll!PeekMessageW 7676045A 5 Bytes JMP 280A9BB0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2460] USER32.dll!TrackPopupMenuEx 76770CE7 5 Bytes JMP 280AA2A0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2460] USER32.dll!MessageBoxIndirectW 7679D5D3 5 Bytes JMP 280ABA40 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2460] WS2_32.dll!closesocket 767E330C 5 Bytes JMP 280B06E0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2460] WS2_32.dll!recv 767E343A 5 Bytes JMP 280B00C0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2460] WS2_32.dll!WSASend 767E4496 5 Bytes JMP 280B0510 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2460] WS2_32.dll!send 767E659B 5 Bytes JMP 280B03A0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2460] WS2_32.dll!WSARecv 767E8400 5 Bytes JMP 280B01F0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2460] SHELL32.dll!Shell_NotifyIconW 75988642 5 Bytes JMP 280A8640 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2460] ole32.dll!CoRegisterClassObject 769C7DBE 5 Bytes JMP 280A7DE0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2460] ole32.dll!CoCreateInstance 76A09F3E 5 Bytes JMP 280A8060 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2460] ole32.dll!CoInitializeEx 76A0ADFB 5 Bytes JMP 280A7CE0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2460] WININET.dll!InternetCloseHandle 76DFC704 5 Bytes JMP 280AF440 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2460] WININET.dll!InternetReadFile 76DFF978 5 Bytes JMP 280AF300 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2460] WININET.dll!HttpOpenRequestA 76E4B841 5 Bytes JMP 280AF1A0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2460] WININET.dll!HttpSendRequestA 76E55172 5 Bytes JMP 280AF3A0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

.text C:\Program Files\Mozilla Firefox\firefox.exe[5288] ntdll.dll!LdrLoadDll 771C9378 5 Bytes JMP 5EB75B60 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5432] USER32.dll!SetWindowLongA 7674E7CD 5 Bytes JMP 5EF601A3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5432] USER32.dll!SetWindowLongW 767513B4 5 Bytes JMP 5EF60135 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5432] USER32.dll!GetWindowInfo 7675428E 5 Bytes JMP 5ECF0924 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5432] USER32.dll!TrackPopupMenu 767614F3 5 Bytes JMP 5ECF0ECF C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74087817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [740DA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7408BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7407F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [740875E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7407E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [740B8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7408DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7407FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7407FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [740771CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7410CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [740AC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7407D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74076853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7407687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74082AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dinâmico/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dinâmico/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gerenciador de Filtro do Filesystem Microsoft/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

wings · Março 12, 2012

OK...

Bom...vamos dar uma olhada no MBR.

1.

*Baixe o aswMBR e salve-o no desktop

*Mantenha-se conectado a internet

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

*Clique [sim] e aguarde o término do download do database...pode demorar!

*Clique [scan]

*Ao término, clique [save log] e salve no desktop

*Cole o relatório

isaiaslopes3 · Março 12, 2012

Ocorreu uma coisa: enquanto estava escaneando, apareceu isso em vermelho:

22:23:47.734 File: C:\Users\ISAIAS\AppData\Local\47df7cd1\X **INFECTED** Win32:Sirefef-PV [Trj]

logo quando apareceu,o realtime protection do avira começou a acusar a detecção de virus: o siresef.b.1040

Run date: 2012-03-11 22:14:36

-----------------------------

22:14:36.711 OS Version: Windows 6.0.6002 Service Pack 2

22:14:36.711 Number of processors: 2 586 0xF0D

22:14:36.711 ComputerName: ISAIAS-PC UserName: ISAIAS

22:14:38.286 Initialize success

22:14:57.693 AVAST engine defs: 12031101

22:15:02.201 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

22:15:02.201 Disk 0 Vendor: SAMSUNG_ HH10 Size: 152627MB BusType: 3

22:15:02.217 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000077

22:15:02.217 Disk 1 Vendor: RICOH 01 Size: 152627MB BusType: 0

22:15:02.217 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000078

22:15:02.217 Disk 2 Vendor: RICOH 02 Size: 152627MB BusType: 0

22:15:02.248 Disk 0 MBR read successfully

22:15:02.248 Disk 0 MBR scan

22:15:02.248 Disk 0 Windows VISTA default MBR code

22:15:02.264 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9424 MB offset 2048

22:15:02.295 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 143201 MB offset 19302400

22:15:02.326 Disk 0 scanning sectors +312579760

22:15:02.420 Disk 0 scanning C:\Windows\system32\drivers

22:15:26.553 Service scanning

22:15:35.273 Service GbpKm C:\Windows\system32\drivers\gbpkm.sys **LOCKED** 32

22:16:02.292 Modules scanning

22:16:17.814 Disk 0 trace - called modules:

22:16:17.846 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys

22:16:17.861 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87882ac8]

22:16:17.861 3 CLASSPNP.SYS[89ba38b3] -> nt!IofCallDriver -> [0x872d3368]

22:16:17.861 5 acpi.sys[806936bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x872d6028]

22:16:19.016 AVAST engine scan C:\Windows

22:16:28.719 AVAST engine scan C:\Windows\system32

22:23:13.289 AVAST engine scan C:\Windows\system32\drivers

22:23:47.219 AVAST engine scan C:\Users\ISAIAS

22:23:47.734 File: C:\Users\ISAIAS\AppData\Local\47df7cd1\X **INFECTED** Win32:Sirefef-PV [Trj]

22:36:26.487 AVAST engine scan C:\ProgramData

22:41:19.845 Scan finished successfully

22:41:51.201 Disk 0 MBR has been saved successfully to "C:\Users\ISAIAS\Desktop\MBR.dat"

22:41:51.201 The log file has been saved successfully to "C:\Users\ISAIAS\Desktop\aswMBR.txt"

wings · Março 12, 2012

Desative temporariamente o Avira.

1.

*Execute novamente o aswMBR e clique [scan]

*Ao término clique [Fix]

*Clique [save log] e salve no desktop

*Cole o relatório

*Reinicie o PC

isaiaslopes3 · Março 12, 2012

dessa vez nao apareceu nada em vermelho. o botao fix nao pode ser clicado, apenas o fixMBR. clico nesse?

wings · Março 12, 2012

dessa vez nao apareceu nada em vermelho. o botao fix nao pode ser clicado, apenas o fixMBR. clico nesse?

Não...

Cole um novo relatório do aswMBR

Arquivado

[Resolvido] &nbspNotebook com virus Abnow.com

Recommended Posts

isaiaslopes3 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

isaiaslopes3 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

isaiaslopes3 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

isaiaslopes3 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

isaiaslopes3 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

isaiaslopes3 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

isaiaslopes3 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

isaiaslopes3 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

isaiaslopes3 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

isaiaslopes3 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22