Jump to content

Ganhe $$$ escrevendo tutoriais para nós!

Foto

Link redirecionando para sites desconhecidos

Criado por gbusatta, Jul 20 2012 04:04 PM
Redirecionamento automatico




  • Faça login para responder
14 respostas neste tópico

#1 gbusatta

gbusatta
  • Participante
  • 193 mensagens

Publicado 20 July 2012 - 04:04 PM

Ola. Estou aqui porque meu notebook esta com um problema bem chato...
Vou descrever o que acontece detalhadamente...
Exemplo:

Entro no www.google.com.br e procuro por um certo site (que aqui utilizarei como exemplo o site da caixa economica federal), ele aparece na primeira opcao o site (www.caixa.gov.br), ao clicar nele ele me redireciona para um site desconhecido, outro link, sempre diferente um do outro, desta vez ele me redirecionou para o http://newsfudge.com...carbon-deniers/.
Acredito que se trata de um malware ou algum worm... Passei um Combofix e retirei alguns virus e pastas infectadas. Mas mesmo assim continua com esse problema. Ja executei o Malwarebyte`s, e nada, o problema continua. Passei antivírus (AVIRA), nada.
Estou pedindo auxilio para o pessoal do BABOO para solucionar este problema.

Obs.: Este problema ocorre em qualquer navegador, google chrome, IE, firefox...

Segue abaixo log do HijackThis:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:56:37, on 20/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\HPSIsvc.exe
C:\Windows\system32\srvany.exe
C:\Windows\KMService.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Brigada\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense ISG - {C41A1C0E-EA6C-11D4-B1B8-444553540015} - C:\Program Files\GbPlugin\gbiehisg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [USB Security] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: www.caixa.gov.br
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: GbPluginIsg - C:\Program Files\GbPlugin\gbiehIsg.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Agendamento (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\Windows\system32\HPSIsvc.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

--
End of file - 8117 bytes

"Niguem nasceu com a sabedoria, por isto estamos aqui, para a compartilharmos e aprendermos coisas novas!"
Paciência é uma virtude da qual poucos a possuem!
 




#2 Mr.Million

Mr.Million

    Consumer Security MVP

  • Especialista
  • 59639 mensagens

Publicado 20 July 2012 - 04:09 PM

Baixe OTL by OldTimer, e salve na sua Área de Trabalho.

Feche todas as janelas e execute a Ferramenta.

** Usuários do Windows Vista e Windows 7:
Clique com o direito sobre o arquivo, depois clique em Posted Image.

Onde diz Saída, marque Padrão
Marque também estas opções:
  • Data de Criação -> mude para 90 dias
  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

    Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

    CREATERESTOREPOINT
    netsvcs
    msconfig
    safebootminimal
    %SYSTEMDRIVE%\*.*
    %systemdrive%\drivers\*.* /s
    %systemdrive%\drivers\*.exe
    %systemroot%\system32\drivers\*.* /90
    %PROGRAMFILES%\*.*
    %userprofile%\configurações locais\dados de aplicativos\*.exe
    %userprofile%\configurações locais\dados de aplicativos\*.txt
    %userprofile%\configurações locais\dados de aplicativos\*.ini
    %userprofile%\configurações locais\dados de aplicativos\*.dat /30
    %userprofile%\configurações locais\dados de aplicativos\*.dll
    %userprofile%\*.exe
    %userprofile%\.txt
    %userprofile%\.ini
    %userprofile%\.dat /30
    %userprofile%\.dll
    %windir%\tasks\*.* /s
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.com
    %systemroot%\*.scr
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\InternetSettings\Connections
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP
    HKCU\Software\Microsoft\Internet Explorer\Downloads
    /md5start
    services.*
    /md5stop
Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão Verificar

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a ) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois Blocos de notas serão exibidos: OTL.txt e Extras.txt
Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua próxima resposta.
Posted Image

#3 gbusatta

gbusatta
  • Participante
  • 193 mensagens

Publicado 20 July 2012 - 04:38 PM

Log do OTL.txt:

OTL logfile created on: 20/07/2012 16:20:36 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Brigada\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,50 Gb Total Physical Memory | 2,57 Gb Available Physical Memory | 73,46% Memory free
6,99 Gb Paging File | 5,99 Gb Available in Paging File | 85,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 437,72 Gb Free Space | 94,00% Space Free | Partition Type: NTFS
Drive D: | 363,97 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: BRIGADA-PC | User Name: Brigada | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2012/07/20 16:15:14 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Brigada\Desktop\OTL.exe
PRC - [2012/06/05 09:50:04 | 000,211,888 | ---- | M] ( ) -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe
PRC - [2012/01/11 16:03:34 | 000,350,576 | ---- | M] (Microsoft Corporation) -- c:\Arquivos de Programas\Microsoft Silverlight\4.1.10111.0\Silverlight.Configuration.exe
PRC - [2011/09/16 14:49:42 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Arquivos de Programas\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/13 08:24:34 | 000,151,552 | ---- | M] () -- C:\Windows\KMService.exe
PRC - [2011/09/13 08:24:34 | 000,008,192 | ---- | M] () -- C:\Windows\System32\srvany.exe
PRC - [2011/09/12 17:45:43 | 001,190,920 | ---- | M] (Dritek System Inc.) -- C:\Arquivos de Programas\Launch Manager\LManager.exe
PRC - [2011/06/24 01:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/05/10 15:06:25 | 000,099,896 | R--- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe
PRC - [2011/04/21 08:00:22 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Arquivos de Programas\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/04/21 07:59:53 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Arquivos de Programas\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/21 07:59:31 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Arquivos de Programas\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/03/28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011/03/28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/29 15:52:10 | 000,623,520 | ---- | M] (Zbshareware Lab) -- C:\Arquivos de Programas\USB Disk Security\USBGuard.exe
PRC - [2010/11/20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe
PRC - [2010/11/20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/08/18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/06/24 10:57:04 | 000,136,704 | ---- | M] (HP) -- C:\Arquivos de Programas\HP\HPLaserJetService\HPLaserJetService.exe


========== Modules (No Company Name) ==========

MOD - [2011/05/28 22:04:58 | 000,140,288 | ---- | M] () -- C:\Arquivos de Programas\WinRAR\RarExt.dll
MOD - [2011/03/15 07:13:46 | 004,254,560 | ---- | M] () -- C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Win32 Services (SafeList) ==========

SRV - [2012/06/05 09:50:04 | 000,211,888 | ---- | M] ( ) [Auto | Running] -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe -- (GbpSv)
SRV - [2011/09/16 14:49:42 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Arquivos de Programas\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/09/15 14:55:38 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/09/13 08:24:34 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/05/10 15:06:25 | 000,099,896 | R--- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService)
SRV - [2011/04/21 07:59:53 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Arquivos de Programas\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/11/20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010/01/09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/24 10:57:04 | 000,136,704 | ---- | M] (HP) [Auto | Running] -- C:\Arquivos de Programas\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Brigada\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/06/05 09:50:36 | 000,044,208 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\GbpKm.sys -- (GbpKm)
DRV - [2011/09/16 14:49:43 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/16 14:49:43 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/04/04 11:25:17 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2010/11/20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/06/17 15:29:17 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/08/18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 20:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 27 03 CC A2 66 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/19 21:32:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/19 21:32:26 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Brigada\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

O1 HOSTS File: ([2012/07/20 13:48:13 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de Programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540015} - C:\Arquivos de Programas\GbPlugin\gbiehisg.dll (Infoseg - Senasp)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LManager] C:\Arquivos de Programas\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [USB Security] C:\Arquivos de Programas\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([imagem] * in Sites confiáveis)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([internetbanking] * in Sites confiáveis)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([www] * in Sites confiáveis)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F305771-0524-482D-9AB7-9EE84CDC1EB3}: DhcpNameServer = 10.1.1.1 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de Programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Program Files\GbPlugin\gbiehCef.dll) - C:\Arquivos de Programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O20 - Winlogon\Notify\ GbPluginIsg: DllName - (C:\Program Files\GbPlugin\gbiehIsg.dll) - C:\Arquivos de Programas\GbPlugin\gbiehisg.dll (Infoseg - Senasp)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Arquivos de Programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399015} - C:\Arquivos de Programas\GbPlugin\gbiehisg.dll (Infoseg - Senasp)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/07/20 10:00:30 | 000,000,057 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2008/08/26 22:16:15 | 000,000,000 | ---D | M] - D:\AutoRun -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Arquivos de Programas\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

========== Files/Folders - Created Within 90 Days ==========

[2012/07/20 16:14:55 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Brigada\Desktop\OTL.exe
[2012/07/20 15:53:21 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Brigada\Desktop\HijackThis.exe
[2012/07/20 15:35:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/20 15:33:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/20 13:58:48 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Roaming\Malwarebytes
[2012/07/20 13:58:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/20 13:58:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/07/20 13:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/20 13:58:39 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/07/20 13:58:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/18 10:58:41 | 000,000,000 | ---D | C] -- C:\Users\Brigada\Desktop\fotos
[2012/07/15 22:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/07/04 12:20:28 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{8C4B6E80-8C19-4771-BEC6-7C410ADC7F7F}
[2012/07/04 12:20:13 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{F4AE9D43-DD19-4E52-83F8-D2DF2BDEDB3B}
[2012/07/03 14:20:12 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{B2D46B2F-21B5-4188-BBA4-83C20D65D938}
[2012/07/03 14:20:00 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{344EB59A-54F6-4FAC-89BE-79E2B93DC06B}
[2012/07/03 14:15:32 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{3C4922C2-82E3-49AF-8046-9FC5B0F6E348}
[2012/07/03 14:15:09 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{8FA377C8-7960-4E50-A4AC-FCA5F1ACB028}
[2012/06/26 11:19:17 | 000,000,000 | ---D | C] -- C:\Users\Brigada\Desktop\CNHS 2
[2012/06/21 10:07:36 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{7910C8D0-D570-483F-A281-CB24BC79FDE8}
[2012/06/21 10:06:54 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{340F566D-DBA0-43D3-8301-4E78923FA59E}
[2012/06/19 07:05:46 | 000,000,000 | ---D | C] -- C:\Users\Brigada\BA1028963 - Paque de Exposição
[2012/06/15 14:28:28 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{AFD1EDF2-257B-4068-97D4-B4D7CDCC885B}
[2012/06/15 14:27:25 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{B57B0AD3-B696-4387-87E3-6CDF7D50FBD0}
[2012/06/14 12:52:23 | 000,000,000 | ---D | C] -- C:\Users\Brigada\JOGO UNIAO
[2012/06/11 13:38:41 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{8D40D70B-6688-4D8A-A953-626C90448FE2}
[2012/06/11 13:38:18 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{1898FF87-934D-4BFC-95DC-77FD74A8C783}
[2012/06/10 08:42:42 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{1DED01F5-E0C8-48C0-B648-08DFC811D07B}
[2012/06/10 08:42:17 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{0626E0DC-52ED-45B0-BD2C-B641E41C06A3}
[2012/06/08 13:22:47 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{DDBB4A47-65C6-42F1-8AEA-E331612F145B}
[2012/06/08 13:22:22 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{AF2C5764-BFDC-46F2-B67D-700B0A993E5F}
[2012/06/08 02:37:12 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{B0D94EF0-6DDA-4F0C-88AD-FBF4B93528FB}
[2012/06/08 02:36:49 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{12099F7B-257F-4E91-A17A-B1738F11CC40}
[2012/06/08 02:12:04 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{2BDB882F-0673-4AC4-93F8-A217706C186B}
[2012/06/08 02:11:39 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{847EA1D0-157E-4703-AF05-A9B1B375570F}
[2012/06/08 01:46:35 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{3EA20B84-B032-4854-8E08-296CEEBEA1AD}
[2012/06/08 01:46:09 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{86CA776C-26F7-495B-961A-913B183444F5}
[2012/06/04 17:39:28 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{7FA0C741-A8CE-493E-95CE-E54BBDE7525F}
[2012/06/04 17:38:55 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{F1B567A3-581B-4F57-9427-FC4E85D5BA07}
[2012/06/04 10:13:30 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{02D89DB2-9300-4AE7-995B-57563BDF5799}
[2012/06/04 10:13:17 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{0A8CA3CA-B1AB-46D4-B952-B28C216D5837}
[2012/06/03 18:11:16 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{860D1FEC-3CBD-4087-B6E3-37DF986F8BDA}
[2012/06/03 18:11:02 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{E218FE30-0EEE-4B31-8345-F93D01A6B92F}
[2012/05/25 17:14:52 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{71CED3A4-3400-402D-A49C-8FF007B13535}
[2012/05/25 17:14:28 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{B375B2CD-E78A-432E-BCE9-529F0262AE74}
[2012/05/25 13:53:41 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{83ADC2EB-1FDF-410C-8E25-0FA051FAB7CD}
[2012/05/25 13:53:19 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{F736612C-09C5-481E-A6AB-3B45812DDB7F}
[2012/05/24 15:48:48 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{0882F036-E315-485C-98AC-14026917B4A4}
[2012/05/24 15:48:23 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{0A449336-AA90-4644-B4B2-8EEF0C6462E6}
[2012/05/18 18:47:23 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{1A35B215-4CC9-47E3-B1FE-2BFCF4C42C23}
[2012/05/18 18:46:59 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{212C3F05-FF55-436A-9F5A-7AC244D1A557}
[2012/05/18 16:56:17 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{C36196D8-BABB-4B74-B365-7760229107C0}
[2012/05/18 16:56:03 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{84150B6F-149A-4DED-BE5D-632EF24BCD82}
[2012/05/16 12:40:28 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{2BF1AA53-46E1-42D9-B977-4877871036A0}
[2012/05/16 12:40:11 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{701BE1CB-7753-4591-85AB-46E7A4B4A844}
[2012/05/15 13:14:51 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{DFE346C4-D6B4-45FE-A008-F7562EB7044F}
[2012/05/15 05:21:39 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{737A3E13-584B-4121-A16F-1FCA23F8553D}
[2012/05/14 14:47:41 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{8858643E-F450-4747-9186-AFCFEB12709B}
[2012/05/14 14:36:44 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{3B136A5F-C06B-4EA8-85CC-380D43D5AF22}
[2012/05/09 12:15:25 | 000,000,000 | ---D | C] -- C:\Users\Brigada\AppData\Local\{856DFA5A-865A-45BC-8FBE-BF264E1E4453}
[2012/04/26 15:54:21 | 000,000,000 | ---D | C] -- C:\Users\Brigada\Desktop\Planilha Apreensao
[2012/04/26 13:01:31 | 000,000,000 | ---D | C] -- C:\Users\Brigada\SUMÁRIOS

========== Files - Modified Within 90 Days ==========

[2012/07/20 16:15:14 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Brigada\Desktop\OTL.exe
[2012/07/20 16:14:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/20 16:11:49 | 000,015,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/20 16:11:49 | 000,015,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/20 15:54:00 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Brigada\Desktop\HijackThis.exe
[2012/07/20 15:43:45 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/20 15:43:40 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\Bstdeawx.job
[2012/07/20 15:43:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/20 15:43:27 | 2815,463,424 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/20 14:43:02 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/20 13:58:46 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2012/07/20 13:48:13 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/07/20 13:01:55 | 000,663,804 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2012/07/20 13:01:55 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/20 13:01:55 | 000,128,094 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2012/07/20 13:01:55 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/15 22:53:25 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/07/12 13:34:07 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/07/02 16:18:17 | 000,000,142 | ---- | M] () -- C:\Users\Brigada\Desktop\INTRANET.url
[2012/07/02 16:17:49 | 000,000,157 | ---- | M] () -- C:\Users\Brigada\Desktop\MBDI.url
[2012/06/26 11:00:51 | 000,000,284 | ---- | M] () -- C:\Users\Brigada\Desktop\Direto.url
[2012/06/09 18:25:23 | 000,126,976 | RHS- | M] () -- C:\Windows\System32\IdListena.dll
[2012/06/05 09:50:36 | 000,044,208 | ---- | M] (GAS Tecnologia) -- C:\Windows\System32\drivers\GbpKm.sys
[2012/04/24 09:41:03 | 000,000,140 | ---- | M] () -- C:\Users\Brigada\Desktop\RHE.url

========== Files Created - No Company Name ==========

[2012/07/20 13:58:46 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2012/07/15 22:52:40 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/07/15 22:52:40 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/07/02 16:18:06 | 000,000,142 | ---- | C] () -- C:\Users\Brigada\Desktop\INTRANET.url
[2012/07/02 16:17:35 | 000,000,157 | ---- | C] () -- C:\Users\Brigada\Desktop\MBDI.url
[2012/06/09 18:25:23 | 000,126,976 | RHS- | C] () -- C:\Windows\System32\IdListena.dll
[2012/06/09 18:25:23 | 000,000,322 | ---- | C] () -- C:\Windows\tasks\Bstdeawx.job
[2012/04/24 09:40:51 | 000,000,140 | ---- | C] () -- C:\Users\Brigada\Desktop\RHE.url
[2012/04/10 20:42:01 | 001,511,424 | ---- | C] () -- C:\Windows\System32\HP1100SM.EXE
[2012/04/10 20:42:01 | 000,151,552 | ---- | C] () -- C:\Windows\System32\HP1100LM.DLL
[2012/04/10 20:41:03 | 000,081,920 | ---- | C] () -- C:\Windows\System32\mvusbews.dll
[2012/04/10 20:41:01 | 000,050,176 | ---- | C] () -- C:\Windows\System32\HP1100SMs.dll
[2011/12/19 21:17:11 | 000,229,583 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011/12/19 21:17:11 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011/09/13 08:25:45 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe
[2011/09/13 08:25:45 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011/09/12 17:59:41 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/09/12 17:59:37 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/09/12 17:59:37 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/09/12 17:59:36 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2011/09/12 17:59:33 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/09/12 17:28:55 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/09/12 17:01:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/04/03 03:11:44 | 000,284,160 | R--- | C] () -- C:\Windows\System32\mvhlewsi.dll

========== LOP Check ==========

[2012/03/07 12:27:16 | 000,000,000 | ---D | M] -- C:\Users\Brigada\AppData\Roaming\.minecraft
[2012/03/25 22:19:00 | 000,000,000 | ---D | M] -- C:\Users\Brigada\AppData\Roaming\Babylon
[2011/09/12 18:00:31 | 000,000,000 | ---D | M] -- C:\Users\Brigada\AppData\Roaming\Canneverbe Limited
[2012/03/25 22:32:56 | 000,000,000 | ---D | M] -- C:\Users\Brigada\AppData\Roaming\GetRightToGo
[2011/09/15 07:18:11 | 000,000,000 | ---D | M] -- C:\Users\Brigada\AppData\Roaming\Windows Live Writer
[2011/09/12 17:57:19 | 000,000,000 | ---D | M] -- C:\Users\Brigada\AppData\Roaming\Zbshareware Lab
[2012/07/20 15:43:40 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\Bstdeawx.job
[2012/05/25 07:07:11 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/06/10 18:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/06/10 18:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012/07/20 15:43:27 | 2815,463,424 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/04 16:31:29 | 000,931,132 | ---- | M] () -- C:\HpuInstall.log
[2012/07/20 15:43:27 | 3753,955,328 | -HS- | M] () -- C:\pagefile.sys
[2012/03/25 22:32:52 | 000,002,984 | ---- | M] () -- C:\user.js

< %systemdrive%\drivers\*.* /s >

< %systemdrive%\drivers\*.exe >

< %systemroot%\system32\drivers\*.* /90 >
[2012/06/05 09:50:36 | 000,044,208 | ---- | M] (GAS Tecnologia) -- C:\Windows\system32\drivers\GbpKm.sys

< %PROGRAMFILES%\*.* >
[2009/07/14 01:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %userprofile%\configurações locais\dados de aplicativos\*.exe >

< %userprofile%\configurações locais\dados de aplicativos\*.txt >

< %userprofile%\configurações locais\dados de aplicativos\*.ini >

< %userprofile%\configurações locais\dados de aplicativos\*.dat /30 >

< %userprofile%\configurações locais\dados de aplicativos\*.dll >

< %userprofile%\*.exe >

< %userprofile%\.txt >

< %userprofile%\.ini >

< %userprofile%\.dat /30 >

< %userprofile%\.dll >

< %windir%\tasks\*.* /s >
[2012/07/20 15:43:40 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\Bstdeawx.job
[2012/07/20 15:43:45 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/20 16:14:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/20 15:43:38 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/05/25 07:07:11 | 000,032,608 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 18:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.com >
[2009/07/14 01:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\*.scr >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\InternetSettings\Connections >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments >

< HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s >

< HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP >

< HKCU\Software\Microsoft\Internet Explorer\Downloads >

< MD5 for: SERVICES >
[2009/06/10 18:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 18:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.EXE >
[2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\ERDNT\cache\services.exe
[2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/14 05:30:36 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=DF8309CE62330C8D8AFBAA936531DA93 -- C:\Windows\System32\pt-BR\services.exe.mui
[2009/07/14 05:30:36 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=DF8309CE62330C8D8AFBAA936531DA93 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6b6fd3bef3fcc0d1\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 01:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 01:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 01:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 18:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 18:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2009/06/10 18:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/06/10 18:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2009/07/14 05:30:33 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\System32\pt-BR\services.msc
[2009/07/14 05:30:33 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a5b1a3aaca665ac4\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 17:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 17:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

========== Alternate Data Streams ==========

@Alternate Data Stream - 312 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst

< End of report >







Log do Extras.txt:


OTL Extras logfile created on: 20/07/2012 16:20:36 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Brigada\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,50 Gb Total Physical Memory | 2,57 Gb Available Physical Memory | 73,46% Memory free
6,99 Gb Paging File | 5,99 Gb Available in Paging File | 85,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 437,72 Gb Free Space | 94,00% Space Free | Partition Type: NTFS
Drive D: | 363,97 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: BRIGADA-PC | User Name: Brigada | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AAB8D9F-A9F4-4A13-933B-9879D7A8EC9B}" = rport=445 | protocol=6 | dir=out | app=system |
"{0D27FEF3-66D7-4262-93B5-38FA00C63676}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0F858611-3678-40C2-ADD4-81EF771C1723}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{25D9DEEE-4EF0-409E-AA47-5E4C90D12251}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3ADFB4EE-B4A6-4840-9C48-C781147C8DFC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3BBAAAC0-2D15-4E20-A41B-FF8E91925293}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3D2963E5-DC0C-4E3C-925B-C529AADA4BAC}" = lport=138 | protocol=17 | dir=in | app=system |
"{408E43BC-ADF5-49BB-AF07-CC6870CE47A1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4C5F0FFF-E137-4A28-8BEB-A54FC363BD3F}" = rport=139 | protocol=6 | dir=out | app=system |
"{4E344AD6-ADEA-4A44-B190-BD8A36C18E01}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{62CD0B7B-7887-4666-8164-A706368263A0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{636192C4-C2E2-4F2A-90C9-C737F074DDAE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6E651404-7992-4BCC-8B98-837D4AB1DAF2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{740C1A3D-1D15-41C5-9E0B-973B6218A798}" = lport=2869 | protocol=6 | dir=in | app=system |
"{80F29DF9-9C35-421E-86DC-5D9478241DCC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{81412641-EE75-4D37-AB21-ED5725B47315}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{87A16E87-846A-4ED0-B1F6-F30F2A23DE31}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8847B345-8E26-4C5F-B33B-F554DAFC981C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9115A803-2A1B-4DF0-8865-85DF115CE330}" = lport=445 | protocol=6 | dir=in | app=system |
"{9FB4233E-8D0E-4CE0-A710-32E96F09523F}" = lport=137 | protocol=17 | dir=in | app=system |
"{A79F1A3E-EE88-40D4-A3D7-A223C38FE37D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B34CAF9F-ECA2-407E-87CE-3D12C0D13833}" = rport=137 | protocol=17 | dir=out | app=system |
"{B795DF56-3582-45AB-A8D7-A8E87519E366}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D185A423-8506-4B5C-A66E-AAA1E70A77E7}" = rport=138 | protocol=17 | dir=out | app=system |
"{E1CA0DCD-BFCA-4CFF-A68D-67B19B8B2207}" = lport=139 | protocol=6 | dir=in | app=system |
"{E991C2BE-A230-443B-9D03-168FC561A0D3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{ECB35A6D-B462-4BBE-AA9A-3274EDD09422}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F16A6F68-056E-4D1B-9D4F-4E57EC27916A}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04372304-D1D9-4AB0-9808-B33CD78E8E08}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{064F5C70-B86E-4855-AAD5-A0038019E99E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{08AB2C1C-63E8-4AD4-873A-2F0009F8B18E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{0BCF334D-9BE6-4BE9-BB36-CCB7CDFB08A3}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{13BB6C4E-E37F-4A10-9ED6-CC26846C40C7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{2634DA46-63C7-47AB-921E-225C562AD7D3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{294352B6-C9BA-48C0-9341-94B13427CC5B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{2FF25A66-E85A-49D2-BE73-EDE0C6E08B22}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{3578553B-13A0-40E8-8E02-F62B08EC831D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{3938BB37-490F-490A-B392-550B02044B7B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3BC255C5-291E-40CF-A786-AD5EF67CC9ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{42645A73-951D-457F-8FA2-3E92A0839AB4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{42ECBD54-FF96-454F-9F1F-03A5D40FC04A}" = protocol=6 | dir=out | app=system |
"{4C1777EA-4F58-4998-8F1C-A2ED6EBE6AF8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{506DD844-6F1D-4A78-AC01-C41B808CCA48}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{50E45306-E694-48EB-A125-59FD096062C1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{52A31A80-E180-44AD-B5BC-E048507956B1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{583F053C-C296-43B5-A139-C7CBB301CBDB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{5A30721C-D91A-4CE0-87DC-37CA60128604}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{60025627-0081-4FF0-B8B2-A16E0A754435}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6FC35506-F8B9-4548-8B71-B9B112FCA8A4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{730F1647-4107-492A-A603-438D4285260F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{733270E1-ED1D-41F7-A5D5-3C336843C9CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{81929E28-7D91-4449-8E4E-8A0530732E57}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{83CCC915-C87F-4AEF-8DD2-1A0C314C86F4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{840A2C56-52FE-48EB-9CC3-AD12469252C4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{87A8848D-69FB-4078-8063-770227D709D7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8845A44B-4BEE-4BF4-8343-8D75D85F7013}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{998F04B3-A71C-4B93-9D7C-7E467E4E5FB3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A54F8A3B-3AA2-4F76-BAEA-65A2E03C1804}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{A8420B9E-9DA0-4C7C-AD73-C0B4F38BA281}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AC3EAD12-0BEE-45FD-B801-FDC1D9682BA0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ACFB3615-1BE6-400F-AEE6-B1DF4FF04EC6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{AECAD1EF-E97B-40EB-871B-C28643644389}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{B46CB78A-9707-4212-95CB-4E72849CDB2F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{B916EDC5-F839-49C7-9925-7CB2122BECEB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{CFE02B0A-2F01-424D-9051-C6E58C528F86}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D2ADAFCC-D48F-40DE-BFD0-54CA4A0F57CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E3EB1FDE-3596-4E1C-8415-18531ABC0D49}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{E463DF1F-2321-487F-8D70-F6D224BC1FDB}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{E4E7AB8C-3790-4AEC-BB38-04BEC13D3768}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8E5F10F-2686-4132-8BCC-205CA1DA1FD7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{EA3799AB-FFA4-49BB-9399-4B85A18FA57C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EB085312-5510-4F7B-89EC-B7FE013AB825}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F46938F7-9C47-4DF4-ADE5-E7B91C5B14C8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{FADCD9D5-78BC-4B2C-B642-452FD6BA8639}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}" = hppP1100P1560P1600SeriesLaserJetService
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{100C1109-EA6C-0000-B1B8-F0312515C015}" = GbpSetup Infoseg - Senasp
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20A15757-4AE4-3C82-9711-863C84AFE6AA}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java™ SE Development Kit 6 Update 23
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2010
"{90140000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
"{90140000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
"{90140000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
"{90140000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
"{90140000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2010
"{90140000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
"{90140000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
"{90140000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
"{90140000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1046-7B44-A95000000001}" = Adobe Reader 9.5.1 - Português
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}" = hppLaserJetService
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free antivírus
"CCleaner" = CCleaner
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.5.3
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB Disk Security_is1" = USB Disk Security
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 20/07/2012 14:37:27 | Computer Name = Brigada-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 20/07/2012 14:37:27 | Computer Name = Brigada-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 20/07/2012 14:37:27 | Computer Name = Brigada-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 20/07/2012 14:37:27 | Computer Name = Brigada-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 20/07/2012 14:37:28 | Computer Name = Brigada-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 20/07/2012 14:37:28 | Computer Name = Brigada-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 20/07/2012 14:37:28 | Computer Name = Brigada-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 20/07/2012 14:37:28 | Computer Name = Brigada-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 20/07/2012 14:43:44 | Computer Name = Brigada-PC | Source = SideBySide | ID = 16842785
Description = Falha na geração de contexto de ativação para "C:\Program Files\USB
Disk Security\MFC80U.DLL". Assembly dependente Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
não pôde ser localizado. Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error - 20/07/2012 14:43:48 | Computer Name = Brigada-PC | Source = SideBySide | ID = 16842785
Description = Falha na geração de contexto de ativação para "C:\Program Files\USB
Disk Security\MFC80U.DLL". Assembly dependente Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
não pôde ser localizado. Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

[ System Events ]
Error - 14/05/2012 17:00:23 | Computer Name = Brigada-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 14/05/2012 18:44:41 | Computer Name = Brigada-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 14/05/2012 19:23:18 | Computer Name = Brigada-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 15/05/2012 00:17:59 | Computer Name = Brigada-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 15/05/2012 00:38:19 | Computer Name = Brigada-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 15/05/2012 03:47:08 | Computer Name = Brigada-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 15/05/2012 05:30:21 | Computer Name = Brigada-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 15/05/2012 11:55:34 | Computer Name = Brigada-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 15/05/2012 12:06:29 | Computer Name = Brigada-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 15/05/2012 16:51:56 | Computer Name = Brigada-PC | Source = atikmdag | ID = 43029
Description = Display is not active


< End of report >

"Niguem nasceu com a sabedoria, por isto estamos aqui, para a compartilharmos e aprendermos coisas novas!"
Paciência é uma virtude da qual poucos a possuem!
 

#4 Mr.Million

Mr.Million

    Consumer Security MVP

  • Especialista
  • 59639 mensagens

Publicado 20 July 2012 - 04:53 PM

Selecione estas linhas em vermelho, clique com o direito sobre a seleção e escolha a opção copiar:

:OTL
PRC - [2011/09/13 08:24:34 | 000,151,552 | ---- | M] () -- C:\Windows\KMService.exe
PRC - [2011/09/13 08:24:34 | 000,008,192 | ---- | M] () -- C:\Windows\System32\srvany.exe
SRV - [2011/09/13 08:24:34 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\System32\srvany.exe -- (KMService)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 27 03 CC A2 66 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/07/20 10:00:30 | 000,000,057 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2008/08/26 22:16:15 | 000,000,000 | ---D | M] - D:\AutoRun -- [ CDFS ]
[2012/07/20 16:11:49 | 000,015,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/20 16:11:49 | 000,015,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/20 15:43:40 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\Bstdeawx.job
[2011/09/13 08:25:45 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe
[2011/09/13 08:25:45 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2012/07/20 15:43:40 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\Bstdeawx.job


:Files
C:\Windows\KMService.exe
C:\Windows\System32\srvany.exe
C:\Windows\tasks\Bstdeawx.job


:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"DefaultConnectionSettings"=hex:3c,00,00,00,15,00,00,00,01,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,\
01,00,00,00,c0,a8,83,41,00,00,00,00,00,00,00,00
"SavedLegacySettings"=hex:3c,00,00,00,e6,01,00,00,01,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,01,00,\
00,00,c0,a8,83,41,00,00,00,00,00,00,00,00

:Commands
[createrestorepoint]
[purity]
[emptytemp]

Execute o OTL.exe

** Usuários do Windows Vista e Windows 7:
Clique com o direito sobre o arquivo, depois clique em Posted Image.

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).
Clique no botão Posted Image

O Programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

Poste também um novo Log do Hijackthis.
Posted Image

#5 gbusatta

gbusatta
  • Participante
  • 193 mensagens

Publicado 20 July 2012 - 05:03 PM

Log OTL:


All processes killed
========== OTL ==========
Process KMService.exe killed successfully!
Process srvany.exe killed successfully!
Service KMService stopped successfully!
Service KMService deleted successfully!
C:\Windows\System32\srvany.exe moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
C:\autoexec.bat moved successfully.
File move failed. D:\AUTORUN.INF scheduled to be moved on reboot.
File not found.
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 moved successfully.
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 moved successfully.
C:\Windows\Tasks\Bstdeawx.job moved successfully.
C:\Windows\KMService.exe moved successfully.
File C:\Windows\System32\srvany.exe not found.
File C:\Windows\tasks\Bstdeawx.job not found.
========== FILES ==========
File\Folder C:\Windows\KMService.exe not found.
File\Folder C:\Windows\System32\srvany.exe not found.
File\Folder C:\Windows\tasks\Bstdeawx.job not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\ deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\"DefaultConnectionSettings"|hex:3c,00,00,00,15,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,01,00,00,00,c0,a8,83,41,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\"SavedLegacySettings"|hex:3c,00,00,00,e6,01,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,01,00,00,00,c0,a8,83,41,00,00,00,00,00,00,00,00 /E : value set successfully!
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Brigada
->Temp folder emptied: 245045 bytes
->Temporary Internet Files folder emptied: 2673893 bytes
->Java cache emptied: 4082664 bytes
->Google Chrome cache emptied: 14312997 bytes
->Flash cache emptied: 529 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Todos os Usuários

User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30073 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 20,00 mb


OTL by OldTimer - Version 3.2.54.0 log created on 07202012_165714

Files\Folders moved on Reboot...
File move failed. D:\AUTORUN.INF scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2005/07/20 10:00:30 | 000,000,057 | R--- | M] () D:\AUTORUN.INF : MD5=4396CAD5F51393B0637E39886381C9F4

Registry entries deleted on Reboot...





Log HijackThis:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:02:17, on 20/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\notepad.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Brigada\Desktop\HijackThis.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense ISG - {C41A1C0E-EA6C-11D4-B1B8-444553540015} - C:\Program Files\GbPlugin\gbiehisg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [USB Security] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: www.caixa.gov.br
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: GbPluginIsg - C:\Program Files\GbPlugin\gbiehIsg.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Agendamento (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\Windows\system32\HPSIsvc.exe

--
End of file - 6235 bytes

"Niguem nasceu com a sabedoria, por isto estamos aqui, para a compartilharmos e aprendermos coisas novas!"
Paciência é uma virtude da qual poucos a possuem!
 

#6 Mr.Million

Mr.Million

    Consumer Security MVP

  • Especialista
  • 59639 mensagens

Publicado 20 July 2012 - 06:07 PM

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)
Feche todas as janelas e programas.

É necessário estar conectado durante o procedimento com o ComboFix;

Execute o combofix.exe, tecle "Sim" para prosseguir. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.
Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.
Mais informações sobre o Console: http://support.microsoft.com/kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.
Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE:Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.
Posted Image

#7 Mr.Million

Mr.Million

    Consumer Security MVP

  • Especialista
  • 59639 mensagens

Publicado 21 July 2012 - 06:48 PM

Aguardando...
Posted Image

#8 gbusatta

gbusatta
  • Participante
  • 193 mensagens

Publicado 23 July 2012 - 12:28 AM

Ainda não pude passar o combofix, pois o notebook ficou na empresa.. Pretendo passar amanhã mesmo!

"Niguem nasceu com a sabedoria, por isto estamos aqui, para a compartilharmos e aprendermos coisas novas!"
Paciência é uma virtude da qual poucos a possuem!
 

#9 gbusatta

gbusatta
  • Participante
  • 193 mensagens

Publicado 24 July 2012 - 12:13 AM

ComboFix 12-07-24.01 - Brigada 23/07/2012 16:50:37.3.2 - x86 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1046.18.3580.2896 [GMT -3:00]
Executando de: c:\users\Brigada\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Criado um novo ponto de restauração
.
ADS - drivers: deleted 314 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\spsys.log
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-06-23 to 2012-07-23 ))))))))))))))))))))))))))))
.
.
2012-07-23 19:57 . 2012-07-23 19:58 -------- d-----w- c:\users\Brigada\AppData\Local\temp
2012-07-23 19:57 . 2012-07-23 19:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-20 20:38 . 2012-07-20 20:38 -------- d-----w- c:\users\Brigada\AppData\Local\Ahead
2012-07-20 20:36 . 2012-07-20 20:36 -------- d-----w- c:\program files\Nero
2012-07-20 20:36 . 2012-07-20 20:36 -------- d-----w- c:\program files\Common Files\Ahead
2012-07-20 20:36 . 2012-07-20 20:36 -------- d-----w- c:\programdata\Nero
2012-07-20 19:57 . 2012-07-20 19:57 -------- d-----w- C:\_OTL
2012-07-20 19:19 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-20 19:19 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-07-20 19:19 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-20 19:19 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-20 19:19 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-07-20 19:19 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-07-20 19:19 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-20 19:18 . 2012-06-02 18:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-20 19:18 . 2012-06-02 18:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-07-20 16:58 . 2012-07-20 16:58 -------- d-----w- c:\users\Brigada\AppData\Roaming\Malwarebytes
2012-07-20 16:58 . 2009-09-10 17:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-20 16:58 . 2012-07-20 16:58 -------- d-----w- c:\programdata\Malwarebytes
2012-07-20 16:58 . 2012-07-20 17:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-20 16:58 . 2009-09-10 17:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-05 12:50 . 2012-02-27 16:34 44208 ----a-w- c:\windows\system32\drivers\GbpKm.sys
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2011-09-12 1190920]
"USB Security"="c:\program files\USB Disk Security\USBGuard.exe" [2011-01-29 623520]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-18 1537320]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-07-14 570664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399015}"= "c:\program files\GbPlugin\gbiehisg.dll" [2011-10-21 694960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]
2012-06-05 12:48 607664 ----a-w- c:\program files\GbPlugin\gbiehcef.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginIsg]
2011-10-21 19:34 694960 ------w- c:\program files\GbPlugin\gbiehisg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 13:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 17:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 14:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 AntiVirSchedulerService;Avira AntiVir Agendamento;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
R2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [x]
R2 gupdate;Serviço do Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [x]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [x]
R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-29 16:01]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-29 16:01]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
Trusted Zone: caixa.gov.br\imagem
Trusted Zone: caixa.gov.br\internetbanking
Trusted Zone: caixa.gov.br\www
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-3813587863-2473618373-1381299660-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3813587863-2473618373-1381299660-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(444)
c:\program files\GbPlugin\gbiehCef.dll
.
Tempo para conclusão: 2012-07-23 17:00:32
ComboFix-quarantined-files.txt 2012-07-23 20:00
.
Pré-execução: 468.374.433.792 bytes disponíveis
Pós execução: 468.626.878.464 bytes disponíveis
.
- - End Of File - - 98C2F419ABD10DC60D83FB063C754015

"Niguem nasceu com a sabedoria, por isto estamos aqui, para a compartilharmos e aprendermos coisas novas!"
Paciência é uma virtude da qual poucos a possuem!
 

#10 Mr.Million

Mr.Million

    Consumer Security MVP

  • Especialista
  • 59639 mensagens

Publicado 24 July 2012 - 10:45 AM

Ok, o PC está limpo (Y)
Finalizando.......
Renomeie o ComboFix para Uninstall, execute-o e aguarde a remoção da Ferramenta.

Limpe a Restauração do Sistema, criando um Ponto de Restauração do sistema limpo.

Clique com o botão direito do mouse em cima do MEU COMPUTADOR > Propiedades > Proteção do Sistema > Configurar > Excluir.
Ainda em Proteção do Sistema > Criar.


Execute o OTL.exe
Clique no botão Posted Image.

Permita que o PC seja reiniciado....
Posted Image
Voltar para Malwares




Tópicos Relacionados Collapse

  Tópico Fórum Criado por Estatísticas Última atualização
  1. Forum do BABOO
  2. Segurança e Redes
  3. Malwares
  4. Política de Privacidade
  5. Termos, Condições Gerais e Regras ·




Ganhe $$$ escrevendo tutoriais para nós!