Ir para conteúdo

Hight templar

Participante
  • Postagens

    52
  • Desde

  • Última visita

Sobre Hight templar

  1. Botão configurações do Menu Iniciar

    Fiz esse procedimento apareceu uns comandos em vermelho reiniciei e continua na mesma
  2. Botão configurações do Menu Iniciar

    Sim está atualizado com a ultima build, versão: 1703 build: 15063.540
  3. Botão configurações do Menu Iniciar

    Começou ontem não fiz nenhuma alteração o engraçado é que criei outro usuário e não tive problema só que já é a terceira vez que faço isso
  4. Botão configurações do Menu Iniciar

    Olá gostaria de Obter ajuda referente ao botão configurações do Menu Iniciar, quando clico no mesmo não ocorre ação nenhuma o mesmo ocorre com a calculadora e os itens do bloco dinâmico desapareceram.
  5. Solicitação de Análise de Logs

    Muito Obrigado pela atenção Mr. Million
  6. Solicitação de Análise de Logs

    parou de aparecer as janelas de propaganda no chrome mas ele fica crashando do nada, o PC esta normal
  7. Solicitação de Análise de Logs

    segue os logs: Zoek.exe v5.0.0.0 Updated 04-May-2015Tool run by Fl vio on 03/07/2015 at 15:45:21,94.Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\FLVIO~1\Desktop\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 03/07/2015 15:47:00 Zoek.exe System Restore Point Created Successfully. ==== Reset Hosts File ====================== # Copyright © 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. 127.0.0.1 localhost ::1 localhost ==== Empty Folders Check ====================== C:\PROGRA~2\Hoplon deleted successfullyC:\PROGRA~2\R.G. Mechanics deleted successfullyC:\PROGRA~2\Softland deleted successfullyC:\PROGRA~2\COMMON~1\Symantec Shared deleted successfullyC:\Users\FLVIO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Hoplon deleted successfullyC:\Users\FLVIO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Joymax deleted successfullyC:\Users\FLVIO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\RaidCall deleted successfullyC:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== Deleted from C:\Users\FLVIO~1\AppData\Roaming\Mozilla\Firefox\Profiles\wvh1r0xq.default-1429623013637\prefs.js: Added to C:\Users\FLVIO~1\AppData\Roaming\Mozilla\Firefox\Profiles\wvh1r0xq.default-1429623013637\prefs.js:user_pref("browser.startup.homepage", "about:home");user_pref("browser.newtab.url", "about:newtab"); ProfilePath: C:\Users\FLVIO~1\AppData\Roaming\Mozilla\Firefox\Profiles\wvh1r0xq.default-1429623013637 user.js not found---- Lines extensions.I2KWlBAW3dV4RAJh removed from prefs.js ----user_pref("extensions.I2KWlBAW3dV4RAJh.epoch", "1435956127");user_pref("extensions.I2KWlBAW3dV4RAJh.url", "http://veterance.com/sync2/?q=hfZ9oftLgfbEtNbPhd9FrjsErdaMg708BNmGWj8ckShGheDUojw8rdgGqdw9rHCEqShIC7n0rj---- Lines extensions.cDQnsixEat3YBiPi removed from prefs.js ----user_pref("extensions.cDQnsixEat3YBiPi.epoch", "1433548208");user_pref("extensions.cDQnsixEat3YBiPi.url", "http://bloggergroupweb.info/sync2/?q=hfZ9oe84hylSBGhEAen0rja7rda7tMqLDe49CNU0nVsMCMlNhd9Fqja7rdnGrTaFqjs---- FireFox user.js and prefs.js backups ---- prefs_072015_1602_.backup ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Hoplon not foundC:\PROGRA~2\R.G. Mechanics not foundC:\PROGRA~2\Softland not foundC:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} not foundC:\PROGRA~2\Instapaper deletedC:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deletedC:\HijackThis.exe deletedC:\PROGRA~3\Package Cache deletedC:\Windows\SysNative\config\systemprofile\Searches deleted"C:\Windows\Installer\3bdddb.msi" deleted"C:\Users\FLVIO~1\AppData\Local\{6FDAD065-C8A4-43E9-AFE4-24B20FEBDE27}" deleted ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\FLVIO~1\AppData\Roaming\Mozilla\Firefox\Profiles\wvh1r0xq.default-1429623013637user_pref("browser.startup.homepage", "about:home");user_pref("browser.newtab.url", "about:newtab"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]"e-webprint@epson.com"="C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on" [28/04/2015 13:19][HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]"{87F8774F-B485-47E2-A755-A40A8A5E886C}"="C:\Users\Fl vio\AppData\Local\GAS Tecnologia\GBBD\bb\xpi" [10/05/2015 10:33] ==== Firefox Extensions ====================== ProfilePath: C:\Users\FLVIO~1\AppData\Roaming\Mozilla\Firefox\Profiles\wvh1r0xq.default-1429623013637- E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on- Undetermined - C:\Users\Flávio\AppData\Local\GAS Tecnologia\GBBD\bb\xpi AppDir: C:\Program Files (x86)\Mozilla Firefox- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi ==== Firefox Plugins ====================== ==== Chromium Look ====================== Google Chrome Version: 43.0.2357.130 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensionslifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[01/05/2015 11:17] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensionsbbjllphbppobebmjpjcijfbakobcheof - No path found[]nnjbodopomfddehlalfilheomcahbpei - C:\Users\Fl vio\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx[] ==== Set IE to Default ====================== Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157" New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Reset Google Chrome ====================== Nothing found to reset ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1816509081-2829320590-1444100945-1000\Software\Mozilla\Firefox\Extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873} deleted successfullyHKEY_USERS\S-1-5-21-1816509081-2829320590-1444100945-1000\Software\Mozilla\Firefox\Extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D} deleted successfully ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Acrobat Reader DC.lnk - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Users\Public\Desktop\ASRock eXtreme Tuner.lnk - C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe C:\Users\Public\Desktop\ASRock InstantBoot.lnk - C:\Program Files (x86)\ASRock Utility\InstantBoot\InstantBoot.exe C:\Users\Public\Desktop\ASRock SmartConnect.lnk - C:\Program Files\ASRock Utility\SmartConnect\AsrSmartConnect.exe C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\DOSBox 0.74.lnk - C:\Games\DOSBox-0.74\DOSBox.exe -userconfC:\Users\Public\Desktop\Epson Easy Photo Print.lnk - C:\Program Files (x86)\EPSON Software\Easy Photo Print\EPQuicker.exe C:\Users\Public\Desktop\EPSON Scan.lnk - C:\Windows\twain_32\escndv\escndv.exe C:\Users\Public\Desktop\Manual Epson L355.lnk - C:\Program Files (x86)\epson\guide\l355_p\index.html C:\Users\Public\Desktop\Maxtor MaxBlast.lnk - C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Public\Desktop\Receitanet 1.07 .lnk - C:\Program Files (x86)\Programas RFB\Receitanet\Windows\Receitanet.exe C:\Users\Public\Desktop\Samsung Kies 3.lnk - C:\Program Files (x86)\Samsung\Kies3\Kies3.exe C:\Users\Public\Desktop\State of Decay Year One.lnk - D:\Games\State of Decay Year One\StateOfDecay.exe C:\Users\Public\Desktop\World of Warcraft Public Test.lnk - D:\World of Warcraft Public Test\World of Warcraft Public Test Launcher.exe ==== shortcuts in Users Start Menu ====================== C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC Universe Online.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\Ajuda do GCAP2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\Desinstalar GCAP2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\GCAP2014 - Ganhos de Capital 2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\Leia-me do GCAP2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC Universe Online.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\Ajuda do GCAP2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\Desinstalar GCAP2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\GCAP2014 - Ganhos de Capital 2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\Leia-me do GCAP2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC Universe Online.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\Ajuda do GCAP2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\Desinstalar GCAP2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\GCAP2014 - Ganhos de Capital 2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\Leia-me do GCAP2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC Universe Online.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\Ajuda do GCAP2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\Desinstalar GCAP2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\GCAP2014 - Ganhos de Capital 2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\Leia-me do GCAP2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC Universe Online.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\Ajuda do GCAP2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\Desinstalar GCAP2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\GCAP2014 - Ganhos de Capital 2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\Leia-me do GCAP2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC Universe Online.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\Ajuda do GCAP2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\Desinstalar GCAP2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\GCAP2014 - Ganhos de Capital 2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\Leia-me do GCAP2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC Universe Online.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\Ajuda do GCAP2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\Desinstalar GCAP2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\GCAP2014 - Ganhos de Capital 2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\Leia-me do GCAP2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC Universe Online.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\Ajuda do GCAP2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\Desinstalar GCAP2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\GCAP2014 - Ganhos de Capital 2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\Leia-me do GCAP2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC Universe Online.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\Ajuda do GCAP2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\Desinstalar GCAP2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\GCAP2014 - Ganhos de Capital 2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\Leia-me do GCAP2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC Universe Online.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\Ajuda do GCAP2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\Desinstalar GCAP2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\GCAP2014 - Ganhos de Capital 2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\GCAP - Ganhos de Capital\Leia-me do GCAP2014.lnk - C:\Users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free\BurnAware Free.lnk - C:\Program Files (x86)\BurnAware Free\BurnAware.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free\Desinstalar BurnAware Free.lnk - C:\Program Files (x86)\BurnAware Free\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free\Help.lnk - C:\Program Files (x86)\BurnAware Free\burnaware.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF\Try Free CutePDF Editor.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF\PDF Writer\Readme.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Just Cause 2.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm Public Test\Heroes of the Storm Public Test.lnk - C:\Games\Heroes of the Storm Public Test\Heroes of the Storm Public Test.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_45\bin\javacpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Obter Ajuda.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_45\bin\javacpl.exe -tab aboutC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visite Java.com.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxtor\Maxtor MaxBlast\Bootable Media Builder.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxtor\Maxtor MaxBlast\Maxtor MaxBlast.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Access 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\accicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Enviar para o OneNote 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\joticon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\xlicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneDrive for Business 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\grv_icons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneNote 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\joticon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\outicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\pptico.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Skype for Business 2015.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\lyncicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Database Compare 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\dbcicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Gerenciador de Gravação do Lync.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Spreadsheet Compare 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\sscicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\Silverlight.Configuration.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /showC:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Disable 3D Vision.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /disableC:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Enable 3D Vision.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /enableC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB\Receitanet\Ajuda do Receitanet 1.07 .lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB\Receitanet\Desinstalar o Receitanet 1.07.lnk - C:\Program Files (x86)\Programas RFB\Receitanet\Desinstalador.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB\Receitanet\Receitanet 1.07 .lnk - C:\Program Files (x86)\Programas RFB\Receitanet\Windows\Receitanet.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proteção de Terminal Trusteer\Console do Trusteer Endpoint Protection.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proteção de Terminal Trusteer\Encerrar Trusteer Endpoint Protection.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proteção de Terminal Trusteer\Iniciar Trusteer Endpoint Protection.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer\Razer Synapse\Razer Synapse.lnk - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe -launchC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer\Razer Synapse 2.0\Razer Synapse 2.0.lnk - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe -launchC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\State of Decay Year One\State of Decay Year One.lnk - D:\Games\State of Decay Year One\StateOfDecay.exe ==== Reset IE Proxy ====================== Value(s) before fix:"ProxyEnable"=dword:00000000 Value(s) after fix:"ProxyEnable"=dword:00000000 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AB1DAB1E8E0C810429187E2D6C0B4747 deleted successfullyHKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfullyHKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\nnjbodopomfddehlalfilheomcahbpei deleted successfullyHKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E1BAD1BA-C0E8-4018-9281-E7D2C6B07474} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\AB1DAB1E8E0C810429187E2D6C0B4747 deleted successfullyHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=58 folders=33 51905285 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfullyC:\Users\Default User\AppData\Local\Temp emptied successfullyC:\Users\USURIO~1\AppData\Local\Temp emptied successfullyC:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at rebootC:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfullyC:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptiedC:\Users\FLVIO~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on 03/07/2015 at 16:13:12,93 ====================== Logfile of Trend Micro HijackThis v2.0.4Scan saved at 16:17:23, on 03/07/2015Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v11.0 (11.00.9600.17840)Boot mode: Normal Running processes:C:\PROGRA~2\GbPlugin\GbpSv.exeC:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exeC:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exeC:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exeC:\Windows\SysWOW64\notepad.exeC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exeC:\Program Files (x86)\XFastUSB\XFastUsb.exeC:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exeC:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exeC:\Program Files (x86)\Razer\Synapse\RzSynapse.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\Maxtor\MaxBlast\TimounterMonitor.exeC:\Users\Flávio\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Users\Flávio\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/p/?LinkId=255141R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe,O1 - Hosts: ::1 localhostO2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dllO2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLLO2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dllO2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dllO2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLLO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dllO3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dllO4 - HKLM\..\Run: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"O4 - HKLM\..\Run: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXEO4 - HKLM\..\Run: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /rO4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exeO4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeO4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exeO4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Maxtor\MaxBlast\TimounterMonitor.exeO4 - HKCU\..\Run: [bankerFixV3] \LinhaDefensiva\rotinas\postreboot.batO4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITORO4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Flávio\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /cO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')O4 - Startup: CurseClientStartup.ccipO4 - Startup: Dropbox.lnk = ?O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dllO9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dllO9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllO9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllO9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dllO9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dllO9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO15 - Trusted Zone: www.bancobrasil.com.brO15 - Trusted Zone: www14.bancobrasil.com.brO15 - Trusted Zone: www2.bancobrasil.com.brO15 - Trusted Zone: www.bb.com.brO15 - Trusted Zone: http://www.bb.com.brO15 - Trusted Zone: *.clonewarsadventures.comO15 - Trusted Zone: *.freerealms.comO15 - Trusted Zone: bankline.itau.com.brO15 - Trusted Zone: clickbanking.itau.com.brO15 - Trusted Zone: guardiao.itau.com.brO15 - Trusted Zone: www.itau.com.brO15 - Trusted Zone: http://www.itau.com.brO15 - Trusted Zone: *.itau.com.brO15 - Trusted Zone: http://www.itaupersonnalite.com.brO15 - Trusted Zone: *.soe.comO15 - Trusted Zone: *.sony.comO16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cabO16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cabO16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cabO18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLLO18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLLO20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dllO20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dllO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exeO23 - Service: BitRaider Mini-Support Service Stub Loader (BRSptStub) - BitRaider, LLC - C:\ProgramData\BitRaider\BRSptStub.exeO23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\ASRock\XFast LAN\spd.exeO23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exeO23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)O23 - Service: EPSON V3 Service4(05) (EPSON_PM_RPCV4_05) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXEO23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exeO23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exeO23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeO23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exeO23 - Service: Intel® ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exeO23 - Service: ISCT Always Updated Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exeO23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeO23 - Service: Maxtor Scheduler2 Service (MaxSch2Svc) - Maxtor - C:\Program Files (x86)\Common Files\Maxtor\Schedule2\schedul2.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeO23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)O23 - Service: Origin Client Service - Electronic Arts - D:\Games\Origin\OriginClientService.exeO23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exeO23 - Service: Razer Game Scanner (Razer Game Scanner Service) - Unknown owner - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exeO23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: Razer Overlay Subsystem Emergency Service (RzOvlMon) - Razer, Inc. - C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exeO23 - Service: RzSurroundVADStreamingService - Unknown owner - C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exeO23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exeO23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exeO23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exeO23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeO23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeO23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exeO23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --End of file - 17505 bytes
  8. Solicitação de Análise de Logs

    Seguem os logs: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by MalwarebytesVersion: 7.2.7 (07.02.2015:2)OS: Windows 7 Ultimate x64Ran by Fl vio on 03/07/2015 at 15:20:03,04~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] C:\Users\Fl vio\AppData\Roaming\appdataFr25.binSuccessfully deleted: [File] C:\Users\Fl vio\appdata\local\google\chrome\user data\default\local storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage ~~~ Folders Failed to delete: [Folder] C:\Program Files (x86)\gbpluginSuccessfully deleted: [Folder] C:\ProgramData\gbpluginSuccessfully deleted: [Folder] C:\ProgramData\productdataSuccessfully deleted: [Folder] C:\ProgramData\surfeasy vpnSuccessfully deleted: [Folder] C:\ProgramData\16866836253651293167Successfully deleted: [Folder] C:\Users\Fl vio\AppData\Roaming\3909 ~~~ Chrome [C:\Users\Fl vio\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\Fl vio\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Users\Fl vio\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\Fl vio\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:[] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 03/07/2015 at 15:23:35,93End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v4.207 - Relatório criado 03/07/2015 às 15:05:46# Atualizado 21/06/2015 por Xplode# Base de dados : 2015-07-02.1 [servidor]# Sistema operacional : Windows 7 Ultimate Service Pack 1 (x64)# Usuário : Flávio - FLAVIO-PC# Executando de : C:\Users\Flávio\Desktop\AdwCleaner.exe# Opção : Limpar ***** [ Serviços ] ***** ***** [ Arquivos / Pastas ] ***** Pasta Excluído : C:\Program Files (x86)\PragmaEngine ***** [ Tarefas agendadas ] ***** ***** [ Atalhos ] ***** ***** [ Registro ] ***** Chave Apagado : HKLM\SOFTWARE\56c8491b-26e9-90c9-91e8-fda6c24833d6 ***** [ Navegadores ] ***** -\\ Internet Explorer v11.0.9600.17840 -\\ Mozilla Firefox v38.0.5 (x86 pt-BR) [wvh1r0xq.default-1429623013637\prefs.js] - Linha Apagado : user_pref("extensions.I2KWlBAW3dV4RAJh.scode", "(function(){try{if(window.location.href.indexOf(\"pjwErjn4pjC8rdU8qdU5rda7rY\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\"[...][wvh1r0xq.default-1429623013637\prefs.js] - Linha Apagado : user_pref("extensions.cDQnsixEat3YBiPi.scode", "(function(){try{if(window.location.href.indexOf(\"pjwErjn4pjC8rdU8qdU5rda7rY\")>-1){return;}}catch(e){}try{var d=[[\"investkingdom.com\",\"www.viracure.[...] -\\ Google Chrome v43.0.2357.130 -\\ Chromium v ************************* AdwCleaner[R0].txt - [1139 bytes] - [20/10/2014 12:25:00]AdwCleaner[R1].txt - [2230 bytes] - [02/02/2015 09:50:18]AdwCleaner[R2].txt - [2740 bytes] - [04/06/2015 20:42:58]AdwCleaner[R3].txt - [1835 bytes] - [03/07/2015 15:04:30]AdwCleaner[s0].txt - [1196 bytes] - [20/10/2014 12:27:16]AdwCleaner[s1].txt - [2258 bytes] - [02/02/2015 09:52:19]AdwCleaner[s2].txt - [2920 bytes] - [04/06/2015 20:44:32]AdwCleaner[s3].txt - [1760 bytes] - [03/07/2015 15:05:46] ########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [1819 bytes] ########## Logfile of Trend Micro HijackThis v2.0.4Scan saved at 15:27:23, on 03/07/2015Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v11.0 (11.00.9600.17840)Boot mode: Normal Running processes:C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exeC:\PROGRA~2\GbPlugin\GbpSv.exeC:\Windows\SysWOW64\notepad.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/p/?LinkId=255141R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe,O1 - Hosts: 5.39.25.104 abgx360.netO2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dllO2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLLO2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dllO2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dllO2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLLO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dllO3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dllO4 - HKLM\..\Run: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"O4 - HKLM\..\Run: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXEO4 - HKLM\..\Run: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /rO4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exeO4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeO4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exeO4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Maxtor\MaxBlast\TimounterMonitor.exeO4 - HKCU\..\Run: [bankerFixV3] \LinhaDefensiva\rotinas\postreboot.batO4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITORO4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Flávio\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /cO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')O4 - Startup: CurseClientStartup.ccipO4 - Startup: Dropbox.lnk = ?O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dllO9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dllO9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllO9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllO9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dllO9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dllO9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO15 - Trusted Zone: www.bancobrasil.com.brO15 - Trusted Zone: www14.bancobrasil.com.brO15 - Trusted Zone: www2.bancobrasil.com.brO15 - Trusted Zone: www.bb.com.brO15 - Trusted Zone: http://www.bb.com.brO15 - Trusted Zone: *.clonewarsadventures.comO15 - Trusted Zone: *.freerealms.comO15 - Trusted Zone: bankline.itau.com.brO15 - Trusted Zone: clickbanking.itau.com.brO15 - Trusted Zone: guardiao.itau.com.brO15 - Trusted Zone: www.itau.com.brO15 - Trusted Zone: http://www.itau.com.brO15 - Trusted Zone: *.itau.com.brO15 - Trusted Zone: http://www.itaupersonnalite.com.brO15 - Trusted Zone: *.soe.comO15 - Trusted Zone: *.sony.comO16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cabO16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cabO16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cabO18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLLO18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLLO20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dllO20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dllO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exeO23 - Service: BitRaider Mini-Support Service Stub Loader (BRSptStub) - BitRaider, LLC - C:\ProgramData\BitRaider\BRSptStub.exeO23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\ASRock\XFast LAN\spd.exeO23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exeO23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)O23 - Service: EPSON V3 Service4(05) (EPSON_PM_RPCV4_05) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXEO23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exeO23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exeO23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeO23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exeO23 - Service: Intel® ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exeO23 - Service: ISCT Always Updated Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exeO23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeO23 - Service: Maxtor Scheduler2 Service (MaxSch2Svc) - Maxtor - C:\Program Files (x86)\Common Files\Maxtor\Schedule2\schedul2.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeO23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)O23 - Service: Origin Client Service - Electronic Arts - D:\Games\Origin\OriginClientService.exeO23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exeO23 - Service: Razer Game Scanner (Razer Game Scanner Service) - Unknown owner - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exeO23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: Razer Overlay Subsystem Emergency Service (RzOvlMon) - Razer, Inc. - C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exeO23 - Service: RzSurroundVADStreamingService - Unknown owner - C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exeO23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exeO23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exeO23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exeO23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeO23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeO23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exeO23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --End of file - 16732 bytes
  9. Solicitação de Análise de Logs

    segue o log do MBAM: Malwarebytes Anti-Malwarewww.malwarebytes.org Data da verificação: 03/07/2015Hora da verificação: 10:42Arquivo de registro: Mbam.txtAdministrador: Sim Versão: 2.1.8.1057Banco de dados de malware: v2015.07.03.03Banco de dados de rootkit: v2015.07.01.01Licença: GratuitaProteção contra malware: DesabilitadoProteção contra website malicioso: DesabilitadoAutoproteção: Desabilitado Sistema operacional: Windows 7 Service Pack 1CPU: x64Sistema de arquivos: NTFSUsuário: Flávio Tipo de verificação: Verificação da ameaçaResultado: ConcluídoObjetos verificados: 389643Tempo decorrido: 16 min, 56 seg Memória: HabilitadoInicialização: HabilitadoSistema de arquivos: HabilitadoArquivos compactados: HabilitadoRootkits: HabilitadoHeurística: HabilitadoPUP: HabilitadoPUM: Habilitado Processos: 0(Nenhum item malicioso detectado) Módulos: 0(Nenhum item malicioso detectado) Chaves de registro: 2PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Quarentena, [baa5924b206ae056acc94c4c18ed41bf], PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, Quarentena, [d6896c71157541f59bda5f39bb4a946c], Valores de registro: 2PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarentena, [baa5924b206ae056acc94c4c18ed41bf]PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarentena, [d6896c71157541f59bda5f39bb4a946c] Dados de registro: 0(Nenhum item malicioso detectado) Pastas: 4PUP.Optional.MultiPlug.A, C:\Users\Flávio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldjkgaaoikpmhmkelcgkgacicjfbofhh\146, Quarentena, [19466d70860479bd886779168e7759a7], PUP.Optional.MultiPlug.A, C:\Users\Flávio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldjkgaaoikpmhmkelcgkgacicjfbofhh, Quarentena, [19466d70860479bd886779168e7759a7], PUP.Optional.MultiPlug.A, C:\Users\Flávio\AppData\Roaming\Mozilla\Firefox\Profiles\wvh1r0xq.default-1429623013637\extensions\09zV@v.net\content, Quarentena, [fe61924b7e0c94a2807de5aab64f01ff], PUP.Optional.MultiPlug.A, C:\Users\Flávio\AppData\Roaming\Mozilla\Firefox\Profiles\wvh1r0xq.default-1429623013637\extensions\09zV@v.net, Quarentena, [fe61924b7e0c94a2807de5aab64f01ff], Arquivos: 11Trojan.Downloader.BL, C:\Users\Flávio\Downloads\Ultimo_Aviso_Intimacao.pdf.rar, Quarentena, [9ac5b627701a7cbaa6f7db4a4bb754ac], PUP.Optional.AppDataFR.A, C:\Users\Flávio\AppData\Roaming\appdataFr25.bin, Quarentena, [62fd1fbe08823600ce52e616a65da65a], PUP.Optional.MultiPlug.A, C:\Users\Flávio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldjkgaaoikpmhmkelcgkgacicjfbofhh\146\lsdb.js, Quarentena, [19466d70860479bd886779168e7759a7], PUP.Optional.MultiPlug.A, C:\Users\Flávio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldjkgaaoikpmhmkelcgkgacicjfbofhh\146\background.html, Quarentena, [19466d70860479bd886779168e7759a7], PUP.Optional.MultiPlug.A, C:\Users\Flávio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldjkgaaoikpmhmkelcgkgacicjfbofhh\146\content.js, Quarentena, [19466d70860479bd886779168e7759a7], PUP.Optional.MultiPlug.A, C:\Users\Flávio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldjkgaaoikpmhmkelcgkgacicjfbofhh\146\kTxy9Kj.js, Quarentena, [19466d70860479bd886779168e7759a7], PUP.Optional.MultiPlug.A, C:\Users\Flávio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldjkgaaoikpmhmkelcgkgacicjfbofhh\146\manifest.json, Quarentena, [19466d70860479bd886779168e7759a7], PUP.Optional.MultiPlug.A, C:\Users\Flávio\AppData\Roaming\Mozilla\Firefox\Profiles\wvh1r0xq.default-1429623013637\extensions\09zV@v.net\content\bg.js, Quarentena, [fe61924b7e0c94a2807de5aab64f01ff], PUP.Optional.MultiPlug.A, C:\Users\Flávio\AppData\Roaming\Mozilla\Firefox\Profiles\wvh1r0xq.default-1429623013637\extensions\09zV@v.net\bootstrap.js, Quarentena, [fe61924b7e0c94a2807de5aab64f01ff], PUP.Optional.MultiPlug.A, C:\Users\Flávio\AppData\Roaming\Mozilla\Firefox\Profiles\wvh1r0xq.default-1429623013637\extensions\09zV@v.net\chrome.manifest, Quarentena, [fe61924b7e0c94a2807de5aab64f01ff], PUP.Optional.MultiPlug.A, C:\Users\Flávio\AppData\Roaming\Mozilla\Firefox\Profiles\wvh1r0xq.default-1429623013637\extensions\09zV@v.net\install.rdf, Quarentena, [fe61924b7e0c94a2807de5aab64f01ff], Setores físicos: 0(Nenhum item malicioso detectado) (end) Segue o log do hijackthis: Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:19:21, on 03/07/2015Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v11.0 (11.00.9600.17840)Boot mode: Normal Running processes:C:\PROGRA~2\GbPlugin\GbpSv.exeC:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exeC:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exeC:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exeC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exeC:\Program Files (x86)\XFastUSB\XFastUsb.exeC:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exeC:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exeC:\Program Files (x86)\Razer\Synapse\RzSynapse.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\Maxtor\MaxBlast\TimounterMonitor.exeC:\Users\Flávio\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/p/?LinkId=255141R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe,O1 - Hosts: 5.39.25.104 abgx360.netO2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dllO2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLLO2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dllO2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dllO2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLLO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dllO3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dllO4 - HKLM\..\Run: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"O4 - HKLM\..\Run: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXEO4 - HKLM\..\Run: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /rO4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exeO4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeO4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exeO4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Maxtor\MaxBlast\TimounterMonitor.exeO4 - HKCU\..\Run: [bankerFixV3] \LinhaDefensiva\rotinas\postreboot.batO4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITORO4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Flávio\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /cO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')O4 - Startup: CurseClientStartup.ccipO4 - Startup: Dropbox.lnk = ?O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dllO9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dllO9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllO9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllO9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dllO9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dllO9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO15 - Trusted Zone: www.bancobrasil.com.brO15 - Trusted Zone: www14.bancobrasil.com.brO15 - Trusted Zone: www2.bancobrasil.com.brO15 - Trusted Zone: www.bb.com.brO15 - Trusted Zone: http://www.bb.com.brO15 - Trusted Zone: *.clonewarsadventures.comO15 - Trusted Zone: *.freerealms.comO15 - Trusted Zone: bankline.itau.com.brO15 - Trusted Zone: clickbanking.itau.com.brO15 - Trusted Zone: guardiao.itau.com.brO15 - Trusted Zone: www.itau.com.brO15 - Trusted Zone: http://www.itau.com.brO15 - Trusted Zone: *.itau.com.brO15 - Trusted Zone: http://www.itaupersonnalite.com.brO15 - Trusted Zone: *.soe.comO15 - Trusted Zone: *.sony.comO16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cabO16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cabO16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cabO18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLLO18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLLO20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dllO20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dllO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exeO23 - Service: BitRaider Mini-Support Service Stub Loader (BRSptStub) - BitRaider, LLC - C:\ProgramData\BitRaider\BRSptStub.exeO23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\ASRock\XFast LAN\spd.exeO23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exeO23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)O23 - Service: EPSON V3 Service4(05) (EPSON_PM_RPCV4_05) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXEO23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exeO23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exeO23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeO23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exeO23 - Service: Intel® ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exeO23 - Service: ISCT Always Updated Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exeO23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeO23 - Service: Maxtor Scheduler2 Service (MaxSch2Svc) - Maxtor - C:\Program Files (x86)\Common Files\Maxtor\Schedule2\schedul2.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeO23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)O23 - Service: Origin Client Service - Electronic Arts - D:\Games\Origin\OriginClientService.exeO23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exeO23 - Service: Razer Game Scanner (Razer Game Scanner Service) - Unknown owner - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exeO23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: Razer Overlay Subsystem Emergency Service (RzOvlMon) - Razer, Inc. - C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exeO23 - Service: RzSurroundVADStreamingService - Unknown owner - C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exeO23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exeO23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exeO23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exeO23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeO23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeO23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exeO23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --End of file - 17515 bytes
  10. Solicitação de Análise de Logs

    Já fiz todos os procedimentos solicitados no Tópico Oficial Nos navegadores chrome e firefox fica abrindo propagandas, eu removo as extensões mas as janelas e a extensão volta a aparecer e o microsoft c++ redistributable fica dando erro. Segue meu Log para exame: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 03:15:14, on 02/07/2015Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v11.0 (11.00.9600.17840)Boot mode: Normal Running processes:C:\PROGRA~2\GbPlugin\GbpSv.exeC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exeC:\Program Files (x86)\XFastUSB\XFastUsb.exeC:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exeC:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exeC:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exeC:\Program Files (x86)\Razer\Synapse\RzSynapse.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\Maxtor\MaxBlast\TimounterMonitor.exeC:\Users\Flávio\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exeC:\ProgramData\Battle.net\Agent\Agent.4150\Agent.exeC:\Games\Battle.net\Battle.net.5952\Battle.net.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SysWOW64\NOTEPAD.EXEC:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/p/?LinkId=255141R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe,O1 - Hosts: 5.39.25.104 abgx360.netO2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dllO2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLLO2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dllO2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dllO2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLLO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dllO3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dllO4 - HKLM\..\Run: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"O4 - HKLM\..\Run: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXEO4 - HKLM\..\Run: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /rO4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exeO4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeO4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exeO4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Maxtor\MaxBlast\TimounterMonitor.exeO4 - HKCU\..\Run: [bankerFixV3] \LinhaDefensiva\rotinas\postreboot.batO4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITORO4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Flávio\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /cO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')O4 - Startup: CurseClientStartup.ccipO4 - Startup: Dropbox.lnk = ?O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dllO9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dllO9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllO9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllO9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dllO9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dllO9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO15 - Trusted Zone: www.bancobrasil.com.brO15 - Trusted Zone: www14.bancobrasil.com.brO15 - Trusted Zone: www2.bancobrasil.com.brO15 - Trusted Zone: www.bb.com.brO15 - Trusted Zone: http://www.bb.com.brO15 - Trusted Zone: *.clonewarsadventures.comO15 - Trusted Zone: *.freerealms.comO15 - Trusted Zone: bankline.itau.com.brO15 - Trusted Zone: clickbanking.itau.com.brO15 - Trusted Zone: guardiao.itau.com.brO15 - Trusted Zone: www.itau.com.brO15 - Trusted Zone: http://www.itau.com.brO15 - Trusted Zone: *.itau.com.brO15 - Trusted Zone: http://www.itaupersonnalite.com.brO15 - Trusted Zone: *.soe.comO15 - Trusted Zone: *.sony.comO16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cabO16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cabO16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cabO18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLLO18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLLO20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dllO20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dllO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exeO23 - Service: BitRaider Mini-Support Service Stub Loader (BRSptStub) - BitRaider, LLC - C:\ProgramData\BitRaider\BRSptStub.exeO23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\ASRock\XFast LAN\spd.exeO23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exeO23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exeO23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)O23 - Service: EPSON V3 Service4(05) (EPSON_PM_RPCV4_05) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXEO23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exeO23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exeO23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeO23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exeO23 - Service: Intel® ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exeO23 - Service: ISCT Always Updated Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exeO23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeO23 - Service: Maxtor Scheduler2 Service (MaxSch2Svc) - Maxtor - C:\Program Files (x86)\Common Files\Maxtor\Schedule2\schedul2.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeO23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)O23 - Service: Origin Client Service - Electronic Arts - D:\Games\Origin\OriginClientService.exeO23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exeO23 - Service: Razer Game Scanner (Razer Game Scanner Service) - Unknown owner - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exeO23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: Razer Overlay Subsystem Emergency Service (RzOvlMon) - Razer, Inc. - C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exeO23 - Service: RzSurroundVADStreamingService - Unknown owner - C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exeO23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exeO23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exeO23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exeO23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeO23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeO23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exeO23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --End of file - 17493 bytes
  11. Solicitação de analise de logs

    Valeu Mr.Million muito obrigado pela ajuda e atenção.
  12. Solicitação de analise de logs

    Bom fiz todos os procedimentos, o problema persiste mas deve ser o antovirus mesmo que tem alguma opção que não consigo desligar. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:24:33, on 06/04/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\PROGRA~1\GbPlugin\GbpSv.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\FsUsbExService.Exe C:\Program Files\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe C:\Windows\system32\PnkBstrA.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\svchost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\Windows\system32\rundll32.exe C:\Program Files\Microsoft Office\Office14\GROOVE.EXE C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Windows\system32\sppsvc.exe C:\HijackThis.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\svchost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL O2 - BHO: Application Adobe Virtualization Documents - {718862E3-C964-4143-8836-286C9140C7F4} - C:\IntellDvD\HDMI\DissolveNoise023.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files\GbPlugin\gbiehabn.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKLM\..\Run: [RaidCall] C:\Program Files\RaidCall\raidcall.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKCU\..\Run: [RunAs] C:\IntellDvD\HDMI\DissolveAnother073.cpl O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-21-3772621661-716410254-2455067292-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-3772621661-716410254-2455067292-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://www.bancoreal.com.br O15 - Trusted Zone: http://www.bancosantander.com.br O15 - Trusted Zone: wwws.realsecureweb.com.br O15 - Trusted Zone: www.santander.com.br O15 - Trusted Zone: http://www.santander.com.br O15 - Trusted Zone: http://www.santanderempresarial.com.br O15 - Trusted Zone: www.santandernet.com.br O15 - Trusted Zone: wwws.santandernet.com.br O15 - Trusted Zone: www.secureweb.com.br O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.5.7.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginAbn - C:\Program Files\GbPlugin\gbiehAbn.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 11692 bytes esqueci o log do combofix ComboFix 12-04-04.02 - Flávio 06/04/2012 12:34:25.3.2 - x86 NETWORK Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.2047.1304 [GMT -3:00] Executando de: c:\users\Flávio\Desktop\ComboFix.exe AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Criado um novo ponto de restauração . ADS - drivers: deleted 212 bytes in 1 streams. /wow section - STAGE 4 O arquivo já está sendo usado por outro processo. O arquivo já está sendo usado por outro processo. O arquivo já está sendo usado por outro processo. O arquivo já está sendo usado por outro processo. O arquivo já está sendo usado por outro processo. O arquivo já está sendo usado por outro processo. O arquivo já está sendo usado por outro processo. Acesso negado. . . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Execuções precedente ------- . c:\windows\system32\drivers\seneka.sys . . (((((((((((((((( Arquivos/Ficheiros criados de 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))) . . 2012-04-06 15:44 . 2012-04-06 15:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-04-06 15:44 . 2012-04-06 15:44 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-06 15:32 . 2012-04-06 15:41 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS 2012-04-06 15:22 . 2012-04-06 15:23 -------- d-----w- c:\users\Flávio\AppData\Local\{E5FED734-3C5D-4CFD-938F-DB87420711A0} 2012-04-05 23:46 . 2012-04-05 23:47 -------- d-----w- c:\users\Flávio\AppData\Local\{6230DE78-AD22-4EDF-A61B-00B728BB055D} 2012-04-05 11:46 . 2012-04-05 11:46 -------- d-----w- c:\users\Flávio\AppData\Local\{6467F0CE-8ADA-4840-94B4-732166BD89FD} 2012-04-05 04:02 . 2012-04-06 15:48 -------- d-----w- c:\users\Flávio\AppData\Local\temp 2012-04-05 03:37 . 2012-04-05 03:37 -------- d-----w- C:\backups 2012-04-04 17:48 . 2012-04-04 17:49 -------- d-----w- c:\users\Flávio\AppData\Local\{1ADF041F-4E0F-4590-B878-8A51186B47D8} 2012-04-04 14:24 . 2012-04-04 14:26 -------- d-----w- c:\users\Flávio\AppData\Local\Google 2012-04-04 01:18 . 2012-04-04 01:19 -------- d-----w- c:\users\Flávio\AppData\Local\{F94639C0-0E51-4CFC-83A1-EDA92E2C5A8F} 2012-04-03 21:06 . 2012-04-03 21:06 -------- d-----w- c:\users\Flávio\AppData\Roaming\Malwarebytes 2012-04-03 21:05 . 2012-04-03 21:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-03 21:05 . 2012-04-03 21:05 -------- d-----w- c:\programdata\Malwarebytes 2012-04-03 21:05 . 2011-12-10 18:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-03 20:34 . 2012-04-03 20:34 388608 ----a-w- C:\HijackThis.exe 2012-04-03 20:18 . 2012-02-15 11:38 47304 ----a-w- c:\windows\system32\drivers\GbpKm.sys 2012-04-03 20:17 . 2012-04-03 20:23 -------- d-----w- c:\programdata\GbPlugin 2012-04-03 20:17 . 2012-04-03 20:18 -------- d-----w- c:\program files\GbPlugin 2012-04-03 13:18 . 2012-04-03 13:18 -------- d-----w- c:\users\Flávio\AppData\Local\{6806E37D-42C8-4CE3-80B3-541001AB0317} 2012-04-02 13:35 . 2012-04-02 13:36 -------- d-----w- c:\users\Flávio\AppData\Local\{A8AC4F59-58BB-43B9-AE7F-3305CA916FD4} 2012-04-02 04:14 . 2012-04-02 04:14 -------- d-----w- c:\users\Flávio\AppData\Local\{0CCFDCC1-9846-4DEC-9C7E-BC8BB7918E0E} 2012-04-01 15:16 . 2012-04-01 15:16 -------- d-----w- c:\users\Flávio\AppData\Local\{E1F99D17-8F29-4231-B2AB-EF7E7FAC4046} 2012-04-01 03:15 . 2012-04-01 03:16 -------- d-----w- c:\users\Flávio\AppData\Local\{5A4739EA-3E94-4DFF-8485-5F87CB81690B} 2012-03-31 15:14 . 2012-03-31 15:15 -------- d-----w- c:\users\Flávio\AppData\Local\{48ABD70B-2F1A-444F-8FAC-65A773C9A5B8} 2012-03-30 21:49 . 2012-03-30 21:49 -------- d-----w- c:\users\Flávio\AppData\Local\{7ABCEED9-3BCE-45C8-B971-3CB174282000} 2012-03-30 13:50 . 2012-03-30 13:50 -------- d-----w- c:\users\Flávio\AppData\Local\{F3CD90C4-D681-4260-92E9-4FE0ADC17FAA} 2012-03-29 19:39 . 2012-03-29 19:39 -------- d-----w- c:\users\Flávio\AppData\Local\{D3499AAF-6129-4DAB-AFC2-CEF1130CC873} 2012-03-28 18:09 . 2012-03-28 18:09 -------- d-----w- c:\users\Flávio\AppData\Local\{C51343FA-9E19-44C8-AF71-42301EDB0A14} 2012-03-28 18:08 . 2012-03-28 18:09 -------- d-----w- c:\users\Flávio\AppData\Local\{C4323572-FC26-4802-A5B1-2250BA353C9B} 2012-03-28 15:08 . 2012-03-28 15:08 -------- d-----w- c:\users\Flávio\AppData\Local\{F3D2C02F-79D4-448B-A367-72DA2E132E54} 2012-03-28 15:08 . 2012-03-28 15:08 -------- d-----w- c:\users\Flávio\AppData\Local\{A50C9A45-25B2-4CA7-B928-B3FDC615B7C6} 2012-03-27 18:45 . 2012-03-27 18:46 -------- d-----w- c:\users\Flávio\AppData\Local\{867B7A90-170B-494F-85A3-B561BDED12FC} 2012-03-27 18:44 . 2012-03-27 18:45 -------- d-----w- c:\users\Flávio\AppData\Local\{3633002B-30ED-4707-97A0-5FC9D19ECF6C} 2012-03-27 14:09 . 2012-03-27 14:09 -------- d-----w- c:\users\Flávio\AppData\Local\{4C4187E1-7323-419E-A790-CA6298832EB1} 2012-03-27 14:09 . 2012-03-27 14:09 -------- d-----w- c:\users\Flávio\AppData\Local\{BF5DB456-A649-4EEA-B72B-AB74CD8F9715} 2012-03-26 18:29 . 2012-03-26 18:29 -------- d-----w- c:\users\Flávio\AppData\Local\{BD6EC497-700B-42EC-9255-E651AF56CA87} 2012-03-26 18:28 . 2012-03-26 18:29 -------- d-----w- c:\users\Flávio\AppData\Local\{91B17DDE-15DC-42DA-B5BC-8C8A69A4CDE2} 2012-03-26 01:39 . 2012-03-26 01:39 -------- d-----w- c:\users\Flávio\AppData\Local\{43D87DF8-85DB-47CF-BFCC-070FEA62E202} 2012-03-26 01:38 . 2012-03-26 01:39 -------- d-----w- c:\users\Flávio\AppData\Local\{E634ED72-248D-4AEE-A96C-DF4057EA0EAC} 2012-03-25 13:38 . 2012-03-25 13:38 -------- d-----w- c:\users\Flávio\AppData\Local\{A103B60D-987C-4B35-838A-D5AEA16C2131} 2012-03-25 13:37 . 2012-03-25 13:38 -------- d-----w- c:\users\Flávio\AppData\Local\{1C7C0803-1C65-4641-8EBB-7547959E596B} 2012-03-25 01:37 . 2012-03-25 01:37 -------- d-----w- c:\users\Flávio\AppData\Local\{C02A0ECF-4224-4341-852B-3E9402152BBA} 2012-03-25 01:36 . 2012-03-25 01:37 -------- d-----w- c:\users\Flávio\AppData\Local\{6F994E85-EE5D-4A2E-808C-192CBCA8D51D} 2012-03-24 13:36 . 2012-03-24 13:36 -------- d-----w- c:\users\Flávio\AppData\Local\{5DA5757A-B05A-4ADE-AF71-4C09BB619F2C} 2012-03-24 13:35 . 2012-03-24 13:36 -------- d-----w- c:\users\Flávio\AppData\Local\{963FBEC7-C924-41AC-9245-61CCD939CA2F} 2012-03-24 00:50 . 2012-03-24 00:50 -------- d-----w- c:\windows\Sun 2012-03-23 17:55 . 2012-03-23 17:55 -------- d-----w- c:\users\Flávio\AppData\Local\{92357238-FE7F-44FC-916D-36080AC2FACF} 2012-03-23 17:54 . 2012-03-23 17:55 -------- d-----w- c:\users\Flávio\AppData\Local\{349D801C-281D-408C-BFAA-F77D6ADF4E96} 2012-03-23 12:27 . 2012-03-23 12:27 -------- d-----w- c:\users\Flávio\AppData\Local\{5C1B6056-DDC4-4BC3-ABDF-BD4C15C01CC5} 2012-03-22 20:13 . 2012-03-22 20:13 -------- d-----w- c:\users\Flávio\AppData\Local\{0E75C841-EEBC-4487-BAEF-56B8958E4FBD} 2012-03-22 20:13 . 2012-03-22 20:13 -------- d-----w- c:\users\Flávio\AppData\Local\{7D13A7BE-9B02-49F4-8DA5-97F919D2D0E7} 2012-03-22 12:17 . 2012-03-22 12:17 -------- d-----w- c:\users\Flávio\AppData\Local\{71ED11A5-FDC5-48A4-802B-FCDBC7132FBD} 2012-03-22 01:33 . 2012-03-22 01:33 -------- d-----w- c:\users\Flávio\AppData\Local\{4528890A-FF97-4108-BF5C-C2A788272420} 2012-03-21 13:32 . 2012-03-21 13:32 -------- d-----w- c:\users\Flávio\AppData\Local\{5F626B65-A020-4E50-9A70-E69FCC303A8C} 2012-03-21 13:32 . 2012-03-21 13:32 -------- d-----w- c:\users\Flávio\AppData\Local\{E9F1610B-C178-4C87-A0BC-CD69A4BB5EA5} 2012-03-20 21:50 . 2012-03-20 21:50 -------- d-----w- c:\users\Flávio\AppData\Local\{F1095312-4C11-4CF0-B587-3D848C9A3B03} 2012-03-20 21:49 . 2012-03-20 21:50 -------- d-----w- c:\users\Flávio\AppData\Local\{8812BF0D-2773-4E8C-B6C6-CFBBEEF7711A} 2012-03-20 16:06 . 2012-03-20 16:06 -------- d-----w- c:\program files\CDisplay 2012-03-20 13:15 . 2012-03-20 13:15 -------- d-----w- c:\users\Flávio\AppData\Local\{7ACDC09D-8565-4A99-8EF2-8BEAA24C2B3E} 2012-03-19 15:17 . 2012-03-19 15:17 -------- d-----w- c:\users\Flávio\AppData\Local\{14310FCE-DAD2-4F3A-BC00-48411A03BA85} 2012-03-19 15:17 . 2012-03-19 15:17 -------- d-----w- c:\users\Flávio\AppData\Local\{7EA04CBA-9CEB-442D-9CBC-C7BC13E4F874} 2012-03-19 02:10 . 2012-03-19 02:10 -------- d-----w- c:\users\Flávio\AppData\Local\{4D1E418B-CFD0-4EDB-AE40-9CC37098C251} 2012-03-19 02:09 . 2012-03-19 02:10 -------- d-----w- c:\users\Flávio\AppData\Local\{1F808A74-D093-4E1D-A65B-A1B480E5B9FB} 2012-03-19 01:24 . 2012-03-19 01:24 -------- d-----w- c:\users\Flávio\AppData\Local\{7F915AB6-E416-4FD3-BD07-16C0EA5A1684} 2012-03-19 00:41 . 2012-03-19 00:41 -------- d-----w- c:\users\Flávio\AppData\Roaming\Ubisoft 2012-03-19 00:41 . 2012-03-19 00:41 -------- d-----w- c:\programdata\Ubisoft 2012-03-18 14:36 . 2012-03-18 14:36 -------- d-----w-io c:\users\FLVIO~2 2012-03-18 13:24 . 2012-03-18 13:24 -------- d-----w- c:\users\Flávio\AppData\Local\{2D4EB3B8-D5A8-41C6-9CC5-D677C1084FF2} 2012-03-18 13:23 . 2012-03-18 13:24 -------- d-----w- c:\users\Flávio\AppData\Local\{EE95F4AE-8CFD-4881-A0F7-7135739096CF} 2012-03-18 01:23 . 2012-03-18 01:23 -------- d-----w- c:\users\Flávio\AppData\Local\{4249F6EF-DA13-42B4-AC16-C6F7E5877BFE} 2012-03-18 01:22 . 2012-03-18 01:23 -------- d-----w- c:\users\Flávio\AppData\Local\{2EC1EEA7-6E2F-4783-9DC1-837A39CDCDDF} 2012-03-17 21:00 . 2012-03-17 21:00 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll 2012-03-17 21:00 . 2012-03-17 21:00 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll 2012-03-17 13:21 . 2012-03-17 13:22 -------- d-----w- c:\users\Flávio\AppData\Local\{9A9F9969-7DF6-4F76-83C0-0F966D6714AA} 2012-03-17 13:21 . 2012-03-17 13:21 -------- d-----w- c:\users\Flávio\AppData\Local\{7E053099-AA39-4AF4-A17F-FEBCB744CA55} 2012-03-16 21:22 . 2012-03-16 21:22 -------- d-----w- c:\users\Flávio\AppData\Local\{CFBE8BBD-C79B-4F81-A5F9-0A9894E0ADC0} 2012-03-16 21:21 . 2012-03-16 21:22 -------- d-----w- c:\users\Flávio\AppData\Local\{DE9C57B8-3410-4F6E-A5A0-F1D37C90554E} 2012-03-16 21:06 . 2012-03-16 21:06 -------- d-----w- C:\tmp 2012-03-16 18:27 . 2012-03-16 18:27 -------- d-----w- C:\IntellDvD 2012-03-16 13:35 . 2012-03-16 13:35 -------- d-----w- c:\users\Flávio\AppData\Local\{277BB3B6-6C4B-4B37-8AC2-305A4BA6078F} 2012-03-16 13:35 . 2012-03-16 13:35 -------- d-----w- c:\users\Flávio\AppData\Local\{36EFDFD1-5323-4948-98B3-596645593964} 2012-03-15 16:20 . 2012-03-15 16:20 -------- d-----w- c:\users\Flávio\AppData\Local\{3EF5AFAD-DF78-4A2F-9661-61EBA2B13A01} 2012-03-15 16:20 . 2012-03-15 16:20 -------- d-----w- c:\users\Flávio\AppData\Local\{096D4688-058A-4CE8-8FC5-3D93B1659596} 2012-03-15 01:37 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-15 01:37 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-14 16:51 . 2012-03-14 16:51 -------- d-----w- c:\users\Flávio\AppData\Local\{3DE715EB-F5E6-4975-8B44-4990F53BDBC1} 2012-03-14 16:50 . 2012-03-14 16:51 -------- d-----w- c:\users\Flávio\AppData\Local\{0E171081-F79D-4924-9E3A-E4C04725CEA2} 2012-03-14 13:10 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 13:09 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 13:00 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-14 13:00 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-14 13:00 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-14 13:00 . 2012-02-17 05:34 919040 ----a-w- c:\windows\system32\rdpcorets.dll 2012-03-14 13:00 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-14 13:00 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-14 13:00 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-14 01:02 . 2012-03-14 01:02 -------- d-----w- c:\users\Flávio\AppData\Local\{49135F73-BFD8-4814-B373-45BFB975FF75} 2012-03-14 01:01 . 2012-03-14 01:02 -------- d-----w- c:\users\Flávio\AppData\Local\{E45F466B-1C50-4EA4-9CE9-EDE9CFDBE8CC} 2012-03-13 13:01 . 2012-03-13 13:01 -------- d-----w- c:\users\Flávio\AppData\Local\{FD021E19-E1E3-404B-B42C-507BDCBF370D} 2012-03-13 13:00 . 2012-03-13 13:00 -------- d-----w- c:\users\Flávio\AppData\Local\{52A8CB19-4EF7-4980-8AF1-F25C572EA8EC} 2012-03-12 21:36 . 2012-03-12 21:36 -------- d-----w- c:\programdata\IBUpdaterService 2012-03-12 16:32 . 2012-03-12 16:33 -------- d-----w- c:\users\Flávio\AppData\Local\{A08FE4AF-71C6-4F42-BE8F-5A0AB3A7400F} 2012-03-12 16:32 . 2012-03-12 16:32 -------- d-----w- c:\users\Flávio\AppData\Local\{0EBCA874-B55D-4A1A-91B4-78D0A77873B3} 2012-03-12 01:01 . 2012-03-12 01:01 -------- d-----w- c:\users\Flávio\AppData\Local\{FBA703C0-27CB-4C04-917A-EDEDAF72436B} 2012-03-12 01:00 . 2012-03-12 01:01 -------- d-----w- c:\users\Flávio\AppData\Local\{D3988E32-4F22-4E56-B908-8420E00A6435} 2012-03-11 12:59 . 2012-03-11 12:59 -------- d-----w- c:\users\Flávio\AppData\Local\{ADF152E5-EEA9-4E4A-B142-4C18EA6C1737} 2012-03-11 12:59 . 2012-03-11 12:59 -------- d-----w- c:\users\Flávio\AppData\Local\{F00694D9-24BF-4ECF-AF7C-A3C6BC6BB4C9} 2012-03-10 23:50 . 2012-03-10 23:50 -------- d-----w- c:\users\Flávio\AppData\Local\{4A5E6C17-7F0C-4247-891A-6D70927B8CEC} 2012-03-10 23:49 . 2012-03-10 23:50 -------- d-----w- c:\users\Flávio\AppData\Local\{86C4A9DC-B6A0-4150-80D4-4A9F331189EA} 2012-03-10 21:13 . 2012-03-23 12:50 -------- d-----w- c:\program files\Symantec 2012-03-10 21:13 . 2012-03-23 12:49 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2012-03-10 21:13 . 2012-03-10 21:27 -------- d-----w- c:\program files\Common Files\Symantec Shared 2012-03-10 21:12 . 2012-03-23 20:18 -------- d-----w- c:\windows\system32\drivers\NIS 2012-03-10 21:12 . 2012-03-10 21:12 -------- d-----w- c:\program files\Norton Internet Security 2012-03-10 21:12 . 2012-03-10 21:12 -------- d-----w- c:\program files\NortonInstaller 2012-03-10 11:49 . 2012-03-10 11:49 -------- d-----w- c:\users\Flávio\AppData\Local\{674A0385-9864-4128-B448-F25B4FA12CED} 2012-03-10 11:49 . 2012-03-10 11:49 -------- d-----w- c:\users\Flávio\AppData\Local\{35B2F110-2064-4FC9-AF2D-827BD19FAFDD} 2012-03-09 16:37 . 2012-03-09 16:37 -------- d-----w- c:\users\Flávio\AppData\Local\{2DC9A346-FE72-4A09-A404-6C80938DA487} 2012-03-09 16:36 . 2012-03-09 16:37 -------- d-----w- c:\users\Flávio\AppData\Local\{F91E6236-1BB6-4E94-80F9-42BD966E874C} 2012-03-08 15:57 . 2012-03-08 15:57 -------- d-----w- c:\users\Flávio\AppData\Local\{A4E3774E-959C-431E-B0D8-F749AFE80D2D} 2012-03-08 15:56 . 2012-03-08 15:57 -------- d-----w- c:\users\Flávio\AppData\Local\{0CD2B54D-362B-498D-BABA-6E6E5856F7F3} 2012-03-08 03:54 . 2012-03-08 03:54 -------- d-----w- c:\users\Flávio\AppData\Local\{8F58FEA9-B4A7-49DA-B757-994BFF5DAFCA} 2012-03-08 03:53 . 2012-03-08 03:54 -------- d-----w- c:\users\Flávio\AppData\Local\{BECD32BE-B191-4846-90C0-1C8A9876DF5C} 2012-03-07 15:53 . 2012-03-07 15:53 -------- d-----w- c:\users\Flávio\AppData\Local\{3E552D1E-2732-448D-9946-33BD6059DBF9} . . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-26 22:15 . 2011-10-03 16:57 139176 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2012-03-26 22:15 . 2011-10-03 16:57 76888 ----a-w- c:\windows\system32\PnkBstrA.exe 2012-03-26 22:14 . 2011-11-26 15:04 282864 ----a-w- c:\windows\system32\PnkBstrB.xtr 2012-03-26 22:14 . 2011-10-03 16:57 282864 ----a-w- c:\windows\system32\PnkBstrB.exe 2012-03-26 22:14 . 2011-10-03 16:57 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0 2012-02-27 16:07 . 2011-10-02 01:47 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-02-24 11:40 . 2011-10-01 01:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-01-29 07:10 . 2011-01-21 03:15 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-17 06:39 . 2012-02-17 05:53 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E86D9A3B-AEEC-4124-93F0-6CE3EFB725A0}\mpengine.dll 2012-01-17 05:08 . 2012-01-17 05:08 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll 2012-01-17 05:08 . 2011-10-03 00:12 578896 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-01-14 16:18 . 2012-01-14 03:08 21840 ----atw- c:\windows\system32\SIntfNT.dll 2012-01-14 16:18 . 2012-01-14 03:08 17212 ----atw- c:\windows\system32\SIntf32.dll 2012-01-14 16:18 . 2012-01-14 03:08 12067 ----atw- c:\windows\system32\SIntf16.dll 2012-01-14 16:15 . 2012-01-14 16:15 94208 ----a-w- c:\windows\DIIUnin.exe 2012-01-14 16:15 . 2012-01-14 16:15 2829 ----a-w- c:\windows\DIIUnin.pif 2012-03-17 21:00 . 2011-10-01 03:23 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por padrão não são apresentadas. REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{718862E3-C964-4143-8836-286C9140C7F4}] 2012-03-16 12:02 1673651 --sh--w- c:\intelldvd\HDMI\DissolveNoise023.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552] "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720] "RunAs"="c:\intelldvd\HDMI\DissolveAnother073.cpl" [2012-03-15 182784] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-15 8120864] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976] "RaidCall"="c:\program files\RaidCall\raidcall.exe" [2012-03-28 2596536] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . c:\users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft SharePoint Workspace.lnk - c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn] 2012-02-15 11:40 607472 ----a-w- c:\program files\GbPlugin\gbiehabn.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent] 2010-07-29 07:47 95576 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-15 158856] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-01-14 98432] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-01-14 14848] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-01-14 123648] R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-02 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2012-02-15 47304] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-10-05 436792] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1306020.00A\SYMDS.SYS [2011-07-26 340088] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1306020.00A\SYMEFA.SYS [2012-01-17 905336] S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx86.sys [2012-03-02 820856] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1306020.00A\ccSetx86.sys [2011-11-29 132744] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120404.002\IDSvix86.sys [2012-03-09 368248] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1306020.00A\Ironx86.SYS [2012-01-17 149624] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1306020.00A\SYMNETS.SYS [2012-01-17 318584] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-29 238952] S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2012-02-15 206280] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 1373576] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 138232] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-10 106104] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608] S3 HPMo4DE3;Mouse Suite Driver_4DE3 (WDF Version);c:\windows\system32\DRIVERS\HPMo4DE3.sys [2011-03-09 20992] S3 HPub4DE3;USB Mouse Low Filter Driver_4DE3 (WDF Version);c:\windows\system32\Drivers\HPub4DE3.sys [2011-04-12 13824] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] . . --- =Outros Serviços/Drivers Na Memória --- . *NewlyCreated* - FSUSBEXDISK . . ------- Scan Suplementar ------- . IE: &Enviar para o OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: E&xportar para o Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000 Trusted Zone: bancoreal.com.br\www Trusted Zone: bancosantander.com.br\www Trusted Zone: realsecureweb.com.br\www Trusted Zone: realsecureweb.com.br\www2 Trusted Zone: realsecureweb.com.br\wwws Trusted Zone: santander.com.br\www Trusted Zone: santanderempresarial.com.br\www Trusted Zone: santandernet.com.br\www Trusted Zone: santandernet.com.br\wwws Trusted Zone: santandernetibe.com.br\www Trusted Zone: secureweb.com.br\www TCP: DhcpNameServer = 201.55.232.76 201.55.232.81 192.168.0.1 FF - ProfilePath - c:\users\Flávio\AppData\Roaming\Mozilla\Firefox\Profiles\mh3nr23t.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.6.2.10\diMaster.dll\" /prefetch:1" . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- . [HKEY_USERS\S-1-5-21-3772621661-716410254-2455067292-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (S-1-5-21-3772621661-716410254-2455067292-1000) @Denied: (2) (LocalSystem) "Progid"="Outlook.File.eml.14" . [HKEY_USERS\S-1-5-21-3772621661-716410254-2455067292-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (S-1-5-21-3772621661-716410254-2455067292-1000) @Denied: (2) (LocalSystem) "Progid"="Outlook.File.vcf.14" . [HKEY_USERS\S-1-5-21-3772621661-716410254-2455067292-1000\Software\SecuROM\License information*] "datasecu"=hex:81,85,70,70,c6,09,85,26,ec,9b,72,40,0c,3c,8b,c3,4c,da,b1,1c,41, de,ed,e9,fd,f0,04,43,83,b9,e7,48,25,4a,aa,8f,42,1f,55,e9,9a,da,3a,7a,55,68,\ "rkeysecu"=hex:62,d2,19,f3,06,db,5f,3d,15,23,65,ce,b6,88,a1,18 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (Users) @Denied: (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (Users) @Denied: (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (Users) @Denied: (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (Users) @Denied: (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- . - - - - - - - > 'Explorer.exe'(5428) c:\program files\GbPlugin\gbiehAbn.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\NVIDIA Corporation\Display\nvxdsync.exe c:\windows\system32\nvvsvc.exe c:\windows\system32\PnkBstrA.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\NVIDIA Corporation\Display\nvtray.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\rundll32.exe c:\windows\system32\DllHost.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Tempo para conclusão: 2012-04-06 12:53:58 - Máquina reiniciou ComboFix-quarantined-files.txt 2012-04-06 15:53 ComboFix2.txt 2012-04-04 16:20 . Pré-execução: 5.850.988.544 bytes disponíveis Pós execução: 5.803.659.264 bytes disponíveis . - - End Of File - - E35A471F51808B5C74A4AB5E210BD839
  13. Solicitação de analise de logs

    executei o combofix ele fez o que devia fazer, aqui estão os logs e o problema persiste Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:29:13, on 04/04/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\PROGRA~1\GbPlugin\GbpSv.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\FsUsbExService.Exe C:\Program Files\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe C:\Windows\system32\PnkBstrA.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files\raidcall\raidcall.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files\Microsoft Office\Office14\GROOVE.EXE C:\Windows\system32\rundll32.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=19.6.2.10 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL O2 - BHO: Application Adobe Virtualization Documents - {718862E3-C964-4143-8836-286C9140C7F4} - C:\IntellDvD\HDMI\DissolveNoise023.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files\GbPlugin\gbiehabn.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKLM\..\Run: [RaidCall] C:\Program Files\RaidCall\raidcall.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKCU\..\Run: [RunAs] C:\IntellDvD\HDMI\DissolveAnother073.cpl O4 - HKUS\S-1-5-21-3772621661-716410254-2455067292-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-3772621661-716410254-2455067292-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://www.bancoreal.com.br O15 - Trusted Zone: http://www.bancosantander.com.br O15 - Trusted Zone: wwws.realsecureweb.com.br O15 - Trusted Zone: www.santander.com.br O15 - Trusted Zone: http://www.santander.com.br O15 - Trusted Zone: http://www.santanderempresarial.com.br O15 - Trusted Zone: www.santandernet.com.br O15 - Trusted Zone: wwws.santandernet.com.br O15 - Trusted Zone: www.secureweb.com.br O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginAbn - C:\Program Files\GbPlugin\gbiehAbn.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 11684 bytes ComboFix 12-04-04.02 - Flávio 04/04/2012 13:05:23.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.2047.1098 [GMT -3:00] Executando de: c:\users\Flßvio\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Criado um novo ponto de restauração . ADS - system32: deleted 2 bytes in 1 streams. ADS - drivers: deleted 212 bytes in 1 streams. . (((((((((((((((( Arquivos/Ficheiros criados de 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))) . . 2012-04-04 14:24 . 2012-04-04 14:26 -------- d-----w- c:\users\Flávio\AppData\Local\Google 2012-04-04 01:18 . 2012-04-04 01:19 -------- d-----w- c:\users\Flávio\AppData\Local\{F94639C0-0E51-4CFC-83A1-EDA92E2C5A8F} 2012-04-03 21:06 . 2012-04-03 21:06 -------- d-----w- c:\users\Flávio\AppData\Roaming\Malwarebytes 2012-04-03 21:05 . 2012-04-03 21:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-03 21:05 . 2012-04-03 21:05 -------- d-----w- c:\programdata\Malwarebytes 2012-04-03 21:05 . 2011-12-10 18:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-03 20:34 . 2012-04-03 20:34 388608 ----a-w- C:\HijackThis.exe 2012-04-03 20:18 . 2012-02-15 11:38 47304 ----a-w- c:\windows\system32\drivers\GbpKm.sys 2012-04-03 20:17 . 2012-04-03 20:23 -------- d-----w- c:\programdata\GbPlugin 2012-04-03 20:17 . 2012-04-03 20:18 -------- d-----w- c:\program files\GbPlugin 2012-04-03 13:18 . 2012-04-03 13:18 -------- d-----w- c:\users\Flávio\AppData\Local\{6806E37D-42C8-4CE3-80B3-541001AB0317} 2012-04-02 13:35 . 2012-04-02 13:36 -------- d-----w- c:\users\Flávio\AppData\Local\{A8AC4F59-58BB-43B9-AE7F-3305CA916FD4} 2012-04-02 04:14 . 2012-04-02 04:14 -------- d-----w- c:\users\Flávio\AppData\Local\{0CCFDCC1-9846-4DEC-9C7E-BC8BB7918E0E} 2012-04-01 15:16 . 2012-04-01 15:16 -------- d-----w- c:\users\Flávio\AppData\Local\{E1F99D17-8F29-4231-B2AB-EF7E7FAC4046} 2012-04-01 03:15 . 2012-04-01 03:16 -------- d-----w- c:\users\Flávio\AppData\Local\{5A4739EA-3E94-4DFF-8485-5F87CB81690B} 2012-03-31 15:14 . 2012-03-31 15:15 -------- d-----w- c:\users\Flávio\AppData\Local\{48ABD70B-2F1A-444F-8FAC-65A773C9A5B8} 2012-03-30 21:49 . 2012-03-30 21:49 -------- d-----w- c:\users\Flávio\AppData\Local\{7ABCEED9-3BCE-45C8-B971-3CB174282000} 2012-03-30 13:50 . 2012-03-30 13:50 -------- d-----w- c:\users\Flávio\AppData\Local\{F3CD90C4-D681-4260-92E9-4FE0ADC17FAA} 2012-03-29 19:39 . 2012-03-29 19:39 -------- d-----w- c:\users\Flávio\AppData\Local\{D3499AAF-6129-4DAB-AFC2-CEF1130CC873} 2012-03-28 18:09 . 2012-03-28 18:09 -------- d-----w- c:\users\Flávio\AppData\Local\{C51343FA-9E19-44C8-AF71-42301EDB0A14} 2012-03-28 18:08 . 2012-03-28 18:09 -------- d-----w- c:\users\Flávio\AppData\Local\{C4323572-FC26-4802-A5B1-2250BA353C9B} 2012-03-28 15:08 . 2012-03-28 15:08 -------- d-----w- c:\users\Flávio\AppData\Local\{F3D2C02F-79D4-448B-A367-72DA2E132E54} 2012-03-28 15:08 . 2012-03-28 15:08 -------- d-----w- c:\users\Flávio\AppData\Local\{A50C9A45-25B2-4CA7-B928-B3FDC615B7C6} 2012-03-27 18:45 . 2012-03-27 18:46 -------- d-----w- c:\users\Flávio\AppData\Local\{867B7A90-170B-494F-85A3-B561BDED12FC} 2012-03-27 18:44 . 2012-03-27 18:45 -------- d-----w- c:\users\Flávio\AppData\Local\{3633002B-30ED-4707-97A0-5FC9D19ECF6C} 2012-03-27 14:09 . 2012-03-27 14:09 -------- d-----w- c:\users\Flávio\AppData\Local\{4C4187E1-7323-419E-A790-CA6298832EB1} 2012-03-27 14:09 . 2012-03-27 14:09 -------- d-----w- c:\users\Flávio\AppData\Local\{BF5DB456-A649-4EEA-B72B-AB74CD8F9715} 2012-03-26 18:29 . 2012-03-26 18:29 -------- d-----w- c:\users\Flávio\AppData\Local\{BD6EC497-700B-42EC-9255-E651AF56CA87} 2012-03-26 18:28 . 2012-03-26 18:29 -------- d-----w- c:\users\Flávio\AppData\Local\{91B17DDE-15DC-42DA-B5BC-8C8A69A4CDE2} 2012-03-26 01:39 . 2012-03-26 01:39 -------- d-----w- c:\users\Flávio\AppData\Local\{43D87DF8-85DB-47CF-BFCC-070FEA62E202} 2012-03-26 01:38 . 2012-03-26 01:39 -------- d-----w- c:\users\Flávio\AppData\Local\{E634ED72-248D-4AEE-A96C-DF4057EA0EAC} 2012-03-25 13:38 . 2012-03-25 13:38 -------- d-----w- c:\users\Flávio\AppData\Local\{A103B60D-987C-4B35-838A-D5AEA16C2131} 2012-03-25 13:37 . 2012-03-25 13:38 -------- d-----w- c:\users\Flávio\AppData\Local\{1C7C0803-1C65-4641-8EBB-7547959E596B} 2012-03-25 01:37 . 2012-03-25 01:37 -------- d-----w- c:\users\Flávio\AppData\Local\{C02A0ECF-4224-4341-852B-3E9402152BBA} 2012-03-25 01:36 . 2012-03-25 01:37 -------- d-----w- c:\users\Flávio\AppData\Local\{6F994E85-EE5D-4A2E-808C-192CBCA8D51D} 2012-03-24 13:36 . 2012-03-24 13:36 -------- d-----w- c:\users\Flávio\AppData\Local\{5DA5757A-B05A-4ADE-AF71-4C09BB619F2C} 2012-03-24 13:35 . 2012-03-24 13:36 -------- d-----w- c:\users\Flávio\AppData\Local\{963FBEC7-C924-41AC-9245-61CCD939CA2F} 2012-03-24 00:50 . 2012-03-24 00:50 -------- d-----w- c:\windows\Sun 2012-03-23 17:55 . 2012-03-23 17:55 -------- d-----w- c:\users\Flávio\AppData\Local\{92357238-FE7F-44FC-916D-36080AC2FACF} 2012-03-23 17:54 . 2012-03-23 17:55 -------- d-----w- c:\users\Flávio\AppData\Local\{349D801C-281D-408C-BFAA-F77D6ADF4E96} 2012-03-23 12:27 . 2012-03-23 12:27 -------- d-----w- c:\users\Flávio\AppData\Local\{5C1B6056-DDC4-4BC3-ABDF-BD4C15C01CC5} 2012-03-22 20:13 . 2012-03-22 20:13 -------- d-----w- c:\users\Flávio\AppData\Local\{0E75C841-EEBC-4487-BAEF-56B8958E4FBD} 2012-03-22 20:13 . 2012-03-22 20:13 -------- d-----w- c:\users\Flávio\AppData\Local\{7D13A7BE-9B02-49F4-8DA5-97F919D2D0E7} 2012-03-22 12:17 . 2012-03-22 12:17 -------- d-----w- c:\users\Flávio\AppData\Local\{71ED11A5-FDC5-48A4-802B-FCDBC7132FBD} 2012-03-22 01:33 . 2012-03-22 01:33 -------- d-----w- c:\users\Flávio\AppData\Local\{4528890A-FF97-4108-BF5C-C2A788272420} 2012-03-21 13:32 . 2012-03-21 13:32 -------- d-----w- c:\users\Flávio\AppData\Local\{5F626B65-A020-4E50-9A70-E69FCC303A8C} 2012-03-21 13:32 . 2012-03-21 13:32 -------- d-----w- c:\users\Flávio\AppData\Local\{E9F1610B-C178-4C87-A0BC-CD69A4BB5EA5} 2012-03-20 21:50 . 2012-03-20 21:50 -------- d-----w- c:\users\Flávio\AppData\Local\{F1095312-4C11-4CF0-B587-3D848C9A3B03} 2012-03-20 21:49 . 2012-03-20 21:50 -------- d-----w- c:\users\Flávio\AppData\Local\{8812BF0D-2773-4E8C-B6C6-CFBBEEF7711A} 2012-03-20 16:06 . 2012-03-20 16:06 -------- d-----w- c:\program files\CDisplay 2012-03-20 13:15 . 2012-03-20 13:15 -------- d-----w- c:\users\Flávio\AppData\Local\{7ACDC09D-8565-4A99-8EF2-8BEAA24C2B3E} 2012-03-19 15:17 . 2012-03-19 15:17 -------- d-----w- c:\users\Flávio\AppData\Local\{14310FCE-DAD2-4F3A-BC00-48411A03BA85} 2012-03-19 15:17 . 2012-03-19 15:17 -------- d-----w- c:\users\Flávio\AppData\Local\{7EA04CBA-9CEB-442D-9CBC-C7BC13E4F874} 2012-03-19 02:10 . 2012-03-19 02:10 -------- d-----w- c:\users\Flávio\AppData\Local\{4D1E418B-CFD0-4EDB-AE40-9CC37098C251} 2012-03-19 02:09 . 2012-03-19 02:10 -------- d-----w- c:\users\Flávio\AppData\Local\{1F808A74-D093-4E1D-A65B-A1B480E5B9FB} 2012-03-19 01:24 . 2012-03-19 01:24 -------- d-----w- c:\users\Flávio\AppData\Local\{7F915AB6-E416-4FD3-BD07-16C0EA5A1684} 2012-03-19 00:41 . 2012-03-19 00:41 -------- d-----w- c:\users\Flávio\AppData\Roaming\Ubisoft 2012-03-19 00:41 . 2012-03-19 00:41 -------- d-----w- c:\programdata\Ubisoft 2012-03-18 14:36 . 2012-03-18 14:36 -------- d-----w-io c:\users\FLVIO~2 2012-03-18 13:24 . 2012-03-18 13:24 -------- d-----w- c:\users\Flávio\AppData\Local\{2D4EB3B8-D5A8-41C6-9CC5-D677C1084FF2} 2012-03-18 13:23 . 2012-03-18 13:24 -------- d-----w- c:\users\Flávio\AppData\Local\{EE95F4AE-8CFD-4881-A0F7-7135739096CF} 2012-03-18 01:23 . 2012-03-18 01:23 -------- d-----w- c:\users\Flávio\AppData\Local\{4249F6EF-DA13-42B4-AC16-C6F7E5877BFE} 2012-03-18 01:22 . 2012-03-18 01:23 -------- d-----w- c:\users\Flávio\AppData\Local\{2EC1EEA7-6E2F-4783-9DC1-837A39CDCDDF} 2012-03-17 21:00 . 2012-03-17 21:00 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll 2012-03-17 21:00 . 2012-03-17 21:00 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll 2012-03-17 13:21 . 2012-03-17 13:22 -------- d-----w- c:\users\Flávio\AppData\Local\{9A9F9969-7DF6-4F76-83C0-0F966D6714AA} 2012-03-17 13:21 . 2012-03-17 13:21 -------- d-----w- c:\users\Flávio\AppData\Local\{7E053099-AA39-4AF4-A17F-FEBCB744CA55} 2012-03-16 21:22 . 2012-03-16 21:22 -------- d-----w- c:\users\Flávio\AppData\Local\{CFBE8BBD-C79B-4F81-A5F9-0A9894E0ADC0} 2012-03-16 21:21 . 2012-03-16 21:22 -------- d-----w- c:\users\Flávio\AppData\Local\{DE9C57B8-3410-4F6E-A5A0-F1D37C90554E} 2012-03-16 21:06 . 2012-03-16 21:06 -------- d-----w- C:\tmp 2012-03-16 18:27 . 2012-03-16 18:27 -------- d-----w- C:\IntellDvD 2012-03-16 13:35 . 2012-03-16 13:35 -------- d-----w- c:\users\Flávio\AppData\Local\{277BB3B6-6C4B-4B37-8AC2-305A4BA6078F} 2012-03-16 13:35 . 2012-03-16 13:35 -------- d-----w- c:\users\Flávio\AppData\Local\{36EFDFD1-5323-4948-98B3-596645593964} 2012-03-15 16:20 . 2012-03-15 16:20 -------- d-----w- c:\users\Flávio\AppData\Local\{3EF5AFAD-DF78-4A2F-9661-61EBA2B13A01} 2012-03-15 16:20 . 2012-03-15 16:20 -------- d-----w- c:\users\Flávio\AppData\Local\{096D4688-058A-4CE8-8FC5-3D93B1659596} 2012-03-15 01:37 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-15 01:37 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-14 16:51 . 2012-03-14 16:51 -------- d-----w- c:\users\Flávio\AppData\Local\{3DE715EB-F5E6-4975-8B44-4990F53BDBC1} 2012-03-14 16:50 . 2012-03-14 16:51 -------- d-----w- c:\users\Flávio\AppData\Local\{0E171081-F79D-4924-9E3A-E4C04725CEA2} 2012-03-14 13:10 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 13:09 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 13:00 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-14 13:00 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-14 13:00 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-14 13:00 . 2012-02-17 05:34 919040 ----a-w- c:\windows\system32\rdpcorets.dll 2012-03-14 13:00 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-14 13:00 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-14 13:00 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-14 01:02 . 2012-03-14 01:02 -------- d-----w- c:\users\Flávio\AppData\Local\{49135F73-BFD8-4814-B373-45BFB975FF75} 2012-03-14 01:01 . 2012-03-14 01:02 -------- d-----w- c:\users\Flávio\AppData\Local\{E45F466B-1C50-4EA4-9CE9-EDE9CFDBE8CC} 2012-03-13 13:01 . 2012-03-13 13:01 -------- d-----w- c:\users\Flávio\AppData\Local\{FD021E19-E1E3-404B-B42C-507BDCBF370D} 2012-03-13 13:00 . 2012-03-13 13:00 -------- d-----w- c:\users\Flávio\AppData\Local\{52A8CB19-4EF7-4980-8AF1-F25C572EA8EC} 2012-03-12 21:36 . 2012-03-12 21:36 -------- d-----w- c:\programdata\IBUpdaterService 2012-03-12 16:32 . 2012-03-12 16:33 -------- d-----w- c:\users\Flávio\AppData\Local\{A08FE4AF-71C6-4F42-BE8F-5A0AB3A7400F} 2012-03-12 16:32 . 2012-03-12 16:32 -------- d-----w- c:\users\Flávio\AppData\Local\{0EBCA874-B55D-4A1A-91B4-78D0A77873B3} 2012-03-12 01:01 . 2012-03-12 01:01 -------- d-----w- c:\users\Flávio\AppData\Local\{FBA703C0-27CB-4C04-917A-EDEDAF72436B} 2012-03-12 01:00 . 2012-03-12 01:01 -------- d-----w- c:\users\Flávio\AppData\Local\{D3988E32-4F22-4E56-B908-8420E00A6435} 2012-03-11 12:59 . 2012-03-11 12:59 -------- d-----w- c:\users\Flávio\AppData\Local\{ADF152E5-EEA9-4E4A-B142-4C18EA6C1737} 2012-03-11 12:59 . 2012-03-11 12:59 -------- d-----w- c:\users\Flávio\AppData\Local\{F00694D9-24BF-4ECF-AF7C-A3C6BC6BB4C9} 2012-03-10 23:50 . 2012-03-10 23:50 -------- d-----w- c:\users\Flávio\AppData\Local\{4A5E6C17-7F0C-4247-891A-6D70927B8CEC} 2012-03-10 23:49 . 2012-03-10 23:50 -------- d-----w- c:\users\Flávio\AppData\Local\{86C4A9DC-B6A0-4150-80D4-4A9F331189EA} 2012-03-10 21:13 . 2012-03-23 12:50 -------- d-----w- c:\program files\Symantec 2012-03-10 21:13 . 2012-03-23 12:49 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2012-03-10 21:13 . 2012-03-10 21:27 -------- d-----w- c:\program files\Common Files\Symantec Shared 2012-03-10 21:12 . 2012-03-23 20:18 -------- d-----w- c:\windows\system32\drivers\NIS 2012-03-10 21:12 . 2012-03-10 21:12 -------- d-----w- c:\program files\Norton Internet Security 2012-03-10 21:12 . 2012-03-10 21:12 -------- d-----w- c:\program files\NortonInstaller 2012-03-10 11:49 . 2012-03-10 11:49 -------- d-----w- c:\users\Flávio\AppData\Local\{674A0385-9864-4128-B448-F25B4FA12CED} 2012-03-10 11:49 . 2012-03-10 11:49 -------- d-----w- c:\users\Flávio\AppData\Local\{35B2F110-2064-4FC9-AF2D-827BD19FAFDD} 2012-03-09 16:37 . 2012-03-09 16:37 -------- d-----w- c:\users\Flávio\AppData\Local\{2DC9A346-FE72-4A09-A404-6C80938DA487} 2012-03-09 16:36 . 2012-03-09 16:37 -------- d-----w- c:\users\Flávio\AppData\Local\{F91E6236-1BB6-4E94-80F9-42BD966E874C} 2012-03-08 15:57 . 2012-03-08 15:57 -------- d-----w- c:\users\Flávio\AppData\Local\{A4E3774E-959C-431E-B0D8-F749AFE80D2D} 2012-03-08 15:56 . 2012-03-08 15:57 -------- d-----w- c:\users\Flávio\AppData\Local\{0CD2B54D-362B-498D-BABA-6E6E5856F7F3} 2012-03-08 03:54 . 2012-03-08 03:54 -------- d-----w- c:\users\Flávio\AppData\Local\{8F58FEA9-B4A7-49DA-B757-994BFF5DAFCA} 2012-03-08 03:53 . 2012-03-08 03:54 -------- d-----w- c:\users\Flávio\AppData\Local\{BECD32BE-B191-4846-90C0-1C8A9876DF5C} 2012-03-07 15:53 . 2012-03-07 15:53 -------- d-----w- c:\users\Flávio\AppData\Local\{3E552D1E-2732-448D-9946-33BD6059DBF9} 2012-03-07 15:52 . 2012-03-07 15:53 -------- d-----w- c:\users\Flávio\AppData\Local\{A8620F67-6179-446B-BF5B-31002F6F82E3} 2012-03-07 12:45 . 2012-03-07 12:45 -------- d-----w- c:\users\Flávio\AppData\Local\{92059793-5C0F-4DB2-ADB6-EBF6B82E4B77} 2012-03-06 19:53 . 2012-03-06 19:53 -------- d-----w- c:\users\Flávio\AppData\Local\{0DD3D7FD-7C59-4DD1-BB2D-659920DDB62F} 2012-03-06 19:52 . 2012-03-06 19:53 -------- d-----w- c:\users\Flávio\AppData\Local\{3406B1B0-1CE6-4087-B247-D09059D12CFB} 2012-03-06 13:06 . 2012-03-06 13:06 -------- d-----w- c:\program files\Common Files\Skype 2012-03-06 01:19 . 2012-03-06 01:19 -------- d-----w- c:\users\Flávio\AppData\Local\{ECDA3ABB-D630-4877-BC8D-51C8425BE432} 2012-03-06 01:19 . 2012-03-06 01:19 -------- d-----w- c:\users\Flávio\AppData\Local\{80D6E7E8-C750-4847-8A55-68E30514DBB4} . . . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-26 22:15 . 2011-10-03 16:57 139176 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2012-03-26 22:15 . 2011-10-03 16:57 76888 ----a-w- c:\windows\system32\PnkBstrA.exe 2012-03-26 22:14 . 2011-11-26 15:04 282864 ----a-w- c:\windows\system32\PnkBstrB.xtr 2012-03-26 22:14 . 2011-10-03 16:57 282864 ----a-w- c:\windows\system32\PnkBstrB.exe 2012-03-26 22:14 . 2011-10-03 16:57 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0 2012-02-27 16:07 . 2011-10-02 01:47 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-02-24 11:40 . 2011-10-01 01:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-01-29 07:10 . 2011-01-21 03:15 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-17 06:39 . 2012-02-17 05:53 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E86D9A3B-AEEC-4124-93F0-6CE3EFB725A0}\mpengine.dll 2012-01-17 05:08 . 2012-01-17 05:08 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll 2012-01-17 05:08 . 2011-10-03 00:12 578896 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-01-14 16:18 . 2012-01-14 03:08 21840 ----atw- c:\windows\system32\SIntfNT.dll 2012-01-14 16:18 . 2012-01-14 03:08 17212 ----atw- c:\windows\system32\SIntf32.dll 2012-01-14 16:18 . 2012-01-14 03:08 12067 ----atw- c:\windows\system32\SIntf16.dll 2012-01-14 16:15 . 2012-01-14 16:15 94208 ----a-w- c:\windows\DIIUnin.exe 2012-01-14 16:15 . 2012-01-14 16:15 2829 ----a-w- c:\windows\DIIUnin.pif 2012-03-17 21:00 . 2011-10-01 03:23 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por padrão não são apresentadas. REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{718862E3-C964-4143-8836-286C9140C7F4}] 2012-03-16 12:02 1673651 --sh--w- c:\intelldvd\HDMI\DissolveNoise023.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552] "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720] "RunAs"="c:\intelldvd\HDMI\DissolveAnother073.cpl" [2012-03-15 182784] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-15 8120864] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976] "RaidCall"="c:\program files\RaidCall\raidcall.exe" [2012-03-28 2596536] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . c:\users\Flávio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft SharePoint Workspace.lnk - c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn] 2012-02-15 11:40 607472 ----a-w- c:\program files\GbPlugin\gbiehabn.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent] 2010-07-29 07:47 95576 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-15 158856] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-01-14 98432] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-01-14 14848] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-01-14 123648] R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-02 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2012-02-15 47304] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-10-05 436792] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1306020.00A\SYMDS.SYS [2011-07-26 340088] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1306020.00A\SYMEFA.SYS [2012-01-17 905336] S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx86.sys [2012-03-02 820856] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1306020.00A\ccSetx86.sys [2011-11-29 132744] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120403.002\IDSvix86.sys [2012-03-09 368248] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1306020.00A\Ironx86.SYS [2012-01-17 149624] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1306020.00A\SYMNETS.SYS [2012-01-17 318584] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-29 238952] S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2012-02-15 206280] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 1373576] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 138232] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-10 106104] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608] S3 HPMo4DE3;Mouse Suite Driver_4DE3 (WDF Version);c:\windows\system32\DRIVERS\HPMo4DE3.sys [2011-03-09 20992] S3 HPub4DE3;USB Mouse Low Filter Driver_4DE3 (WDF Version);c:\windows\system32\Drivers\HPub4DE3.sys [2011-04-12 13824] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] . . --- =Outros Serviços/Drivers Na Memória --- . *NewlyCreated* - FSUSBEXDISK . Conteúdo da pasta 'Tarefas Agendadas' . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=19.6.2.10 IE: &Enviar para o OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: E&xportar para o Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000 Trusted Zone: bancoreal.com.br\www Trusted Zone: bancosantander.com.br\www Trusted Zone: realsecureweb.com.br\www Trusted Zone: realsecureweb.com.br\www2 Trusted Zone: realsecureweb.com.br\wwws Trusted Zone: santander.com.br\www Trusted Zone: santanderempresarial.com.br\www Trusted Zone: santandernet.com.br\www Trusted Zone: santandernet.com.br\wwws Trusted Zone: santandernetibe.com.br\www Trusted Zone: secureweb.com.br\www FF - ProfilePath - c:\users\Flávio\AppData\Roaming\Mozilla\Firefox\Profiles\mh3nr23t.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= . - - - - ORFÃOS REMOVIDOS - - - - . HKLM-Run-NPSStartup - (no file) AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe AddRemove-22_MS_USB_Modem_Driver - c:\program files\SAMSUNG\USB Drivers\22_MS_USB_Modem_Driver\Uninstall.exe AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.6.2.10\diMaster.dll\" /prefetch:1" . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- . [HKEY_USERS\S-1-5-21-3772621661-716410254-2455067292-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (S-1-5-21-3772621661-716410254-2455067292-1000) @Denied: (2) (LocalSystem) "Progid"="Outlook.File.eml.14" . [HKEY_USERS\S-1-5-21-3772621661-716410254-2455067292-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (S-1-5-21-3772621661-716410254-2455067292-1000) @Denied: (2) (LocalSystem) "Progid"="Outlook.File.vcf.14" . [HKEY_USERS\S-1-5-21-3772621661-716410254-2455067292-1000\Software\SecuROM\License information*] "datasecu"=hex:81,85,70,70,c6,09,85,26,ec,9b,72,40,0c,3c,8b,c3,4c,da,b1,1c,41, de,ed,e9,fd,f0,04,43,83,b9,e7,48,25,4a,aa,8f,42,1f,55,e9,9a,da,3a,7a,55,68,\ "rkeysecu"=hex:62,d2,19,f3,06,db,5f,3d,15,23,65,ce,b6,88,a1,18 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (Users) @Denied: (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (Users) @Denied: (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (Users) @Denied: (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (Users) @Denied: (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- . - - - - - - - > 'winlogon.exe'(516) c:\program files\GbPlugin\gbiehAbn.dll . Tempo para conclusão: 2012-04-04 13:20:07 ComboFix-quarantined-files.txt 2012-04-04 16:20 . Pré-execução: 6.227.488.768 bytes disponíveis Pós execução: 6.203.482.112 bytes disponíveis . - - End Of File - - DEC949BF0AFEF89A26DFF37433917484 obrigado
  14. Solicitação de analise de logs

    olá, bom o adwcleaner ficava travando o PC direto, então resolvi rodar em modo seguro ai ele rodou só que o problema persiste aqui está o log do adwcleanaer antes dele rodar. # AdwCleaner v1.504 - Logfile created 04/04/2012 at 09:40:43 # Updated 01/04/2012 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (32 bits) # User : Flávio - FCBDESKTOP # Running from : C:\Users\Flávio\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\Users\Flávio\AppData\Roaming\GetRightToGo Folder Deleted : C:\Users\FLVIO~1\AppData\Local\Temp\AskSearch File Deleted : C:\Users\Flávio\AppData\Roaming\Mozilla\FireFox\Profiles\mh3nr23t.default\searchplugins\Askcom.xml ***** [H. Navipromo] ***** ***** [Registry] ***** Key Deleted : HKCU\Software\Headlight Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v11.0 (pt-BR) Profile name : default File : C:\Users\Flávio\AppData\Roaming\Mozilla\FireFox\Profiles\mh3nr23t.default\prefs.js Deleted : user_pref("browser.search.defaultengine", "Ask.com"); Deleted : user_pref("browser.search.defaultenginename", "Ask.com"); Deleted : user_pref("browser.search.order.1", "Ask.com"); ************************* AdwCleaner[s1].txt - [331 octets] - [03/04/2012 20:54:10] AdwCleaner[R1].txt - [1449 octets] - [03/04/2012 21:03:48] AdwCleaner[s2].txt - [331 octets] - [03/04/2012 21:04:12] AdwCleaner[R2].txt - [1568 octets] - [04/04/2012 09:31:36] AdwCleaner[s3].txt - [331 octets] - [04/04/2012 09:33:17] AdwCleaner[R3].txt - [1687 octets] - [04/04/2012 09:40:30] AdwCleaner[s4].txt - [1635 octets] - [04/04/2012 09:40:43] ########## EOF - C:\AdwCleaner[s4].txt - [1763 octets] ########## Este log é o que saiu depois que o programa rodou. # AdwCleaner v1.504 - Logfile created 04/04/2012 at 09:50:57 # Updated 01/04/2012 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (32 bits) # User : Flávio - FCBDESKTOP # Running from : C:\Users\Flávio\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [H. Navipromo] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v11.0 (pt-BR) Profile name : default File : C:\Users\Flávio\AppData\Roaming\Mozilla\FireFox\Profiles\mh3nr23t.default\prefs.js [OK] File is clean. ************************* AdwCleaner[s1].txt - [331 octets] - [03/04/2012 20:54:10] AdwCleaner[R1].txt - [1449 octets] - [03/04/2012 21:03:48] AdwCleaner[s2].txt - [331 octets] - [03/04/2012 21:04:12] AdwCleaner[R2].txt - [1568 octets] - [04/04/2012 09:31:36] AdwCleaner[s3].txt - [331 octets] - [04/04/2012 09:33:17] AdwCleaner[R3].txt - [1687 octets] - [04/04/2012 09:40:30] AdwCleaner[s4].txt - [1764 octets] - [04/04/2012 09:40:43] AdwCleaner[R4].txt - [1249 octets] - [04/04/2012 09:48:26] AdwCleaner[R5].txt - [1180 octets] - [04/04/2012 09:50:57] ########## EOF - C:\AdwCleaner[R5].txt - [1308 octets] ##########
  15. Solicitação de analise de logs

    Efetuei todos os procedimentos só que o problema persiste, aqui vão os logs Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Versão da Base de Dados: v2012.04.03.12 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Flávio :: FCBDESKTOP [administrador] Proteção: Permitir 03/04/2012 18:07:35 mbam-log-2012-04-03 (18-07-35).txt Tipo de Verificação: Verificação Rápida Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM Opções de verificação desativadas: P2P Objetos escaneados: 209821 Tempo decorrido: 8 minuto(s), 11 segundo(s) Processos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Módulos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Chaves de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Valores de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Itens de Dados no Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Pastas Detectadas: 0 (Não foram detectados ítens maliciosos) Arquivos Detectados: 1 C:\Users\Public\Desktop\MP3 Downloader.lnk (Rogue.Link) -> Enviado para a Quarentena e deletado com sucesso. (fim) BankerFix 3.1 VALKYRIE - Removedor de Bankers Linha Defensiva | http://www.linhadefensiva.org http://www.linhadefe....org/bankerfix/ ------------------------------------------------------- Data: 2012-04-03 - 18:03 ------------------------------------------------------- Lista de Definição: 2012-03-19-1 | CORE: 2012-01-27-1 ======================================================= Arquivo infectado detectado: C:\Install.exe Arquivo infectado removido com sucesso! ----- Fim ------------------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:21:25, on 03/04/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\PROGRA~1\GbPlugin\GbpSv.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\FsUsbExService.Exe C:\Program Files\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe C:\Windows\system32\PnkBstrA.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\rundll32.exe C:\Program Files\Microsoft Office\Office14\GROOVE.EXE C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Windows\system32\svchost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\system32\DllHost.exe C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Windows\system32\taskhost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HijackThis.exe C:\Windows\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=19.6.2.10 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL O2 - BHO: Application Adobe Virtualization Documents - {718862E3-C964-4143-8836-286C9140C7F4} - C:\IntellDvD\HDMI\DissolveNoise023.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files\GbPlugin\gbiehabn.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKLM\..\Run: [RaidCall] C:\Program Files\RaidCall\raidcall.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKCU\..\Run: [RunAs] C:\IntellDvD\HDMI\DissolveAnother073.cpl O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-21-3772621661-716410254-2455067292-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-3772621661-716410254-2455067292-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://www.bancoreal.com.br O15 - Trusted Zone: http://www.bancosantander.com.br O15 - Trusted Zone: wwws.realsecureweb.com.br O15 - Trusted Zone: www.santander.com.br O15 - Trusted Zone: http://www.santander.com.br O15 - Trusted Zone: http://www.santanderempresarial.com.br O15 - Trusted Zone: www.santandernet.com.br O15 - Trusted Zone: wwws.santandernet.com.br O15 - Trusted Zone: www.secureweb.com.br O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.5.7.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginAbn - C:\Program Files\GbPlugin\gbiehAbn.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 12112 bytes
×