• Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   08-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
PauloCesar003

problemas com o hotmail...

9 posts neste tópico

o hotmail aqui no meu notebook não está abrindo, fica aparecendo uma mensagem abaixo do espaço que coloca o email "Sua sessão expirou.Efetue seu login novamente", quando eu coloco email e senha abre uma pagina em branco com isso escrito"Erro abrindo arquivo (gstuff.txt)".

Me ajudem aí, agradeço desde ja...segue a print.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Paulo Cesar at 22:19:26 on 2012-04-20

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1046.18.6038.4497 [GMT -3:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe

C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe

C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files\mcafee.com\agent\mcagent.exe

C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Intel\TurboBoost\TurboBoost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\ProgramData\Battle.net\Agent\Agent.868\Agent.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe

C:\Program Files\Common Files\McAfee\Core\mchost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.hotspotshield.com/g/?c=h

uInternet Settings,ProxyOverride = local

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120413163642.dll

BHO: Auxiliar de Conexão do Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: SSOIEAddonBHO Class: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll

TB: {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No File

uRun: [Google Update] "C:\Users\Paulo Cesar\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [WirelessManager] "C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [FAStartup]

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [<NO NAME>]

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900

mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

StartupFolder: C:\Users\PAULOC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Program Files (x86)\Intel\TurboBoost\SignalIslandUi.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 200.222.145.86 200.149.55.140

TCP: Interfaces\{4CDFDEFC-E013-441C-99A1-DAB1507F4379} : DhcpNameServer = 10.21.24.1

TCP: Interfaces\{95318D88-E912-4F27-9E0D-D32FEB0D8B0F} : DhcpNameServer = 200.222.145.86 200.149.55.140

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll

AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

LSA: Notification Packages = scecli FAPassSync

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{27B4851A-3207-45A2-B947-BE8AFE6163AB}

{3049C3E9-B461-4BC5-8870-4C09146192CA}

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

{7DB2D5A0-7241-4E79-B68D-6309F01C5231}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{DA5BCE70-D057-4D63-943D-5F3927EC59F1}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

TB-X64: {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No File

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun-x64: [FAStartup]

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [(padrÆo)]

mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900

mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll

SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Paulo Cesar\AppData\Roaming\Mozilla\Firefox\Profiles\kkofkqur.default\

FF - prefs.js: network.proxy.socks_port - 80

FF - prefs.js: network.proxy.type - 2

FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Paulo Cesar\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 nvkflt;nvkflt;C:\Windows\system32\DRIVERS\nvkflt.sys --> C:\Windows\system32\DRIVERS\nvkflt.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-3-29 98208]

R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-9-15 1166848]

R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-30 923984]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-30 1001808]

R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]

R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-11-1 2428552]

R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-1-17 331608]

R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-4-13 249936]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-4-13 249936]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-4-13 249936]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-3-29 199272]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-3-29 208536]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-4-13 2348352]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-3-29 1692480]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]

R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + Adaptador virtual de alta velocidade;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]

R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-30 1321296]

R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]

R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]

R3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 NETwNs64;___ Driver do adaptador Intel® Wireless WiFi Link Série 5000 para Windows 7 64 bits;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-18 253088]

S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + Protocolo de alta velocidade;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]

S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]

S3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\system32\DRIVERS\ewusbdev.sys --> C:\Windows\system32\DRIVERS\ewusbdev.sys [?]

S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]

S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-3-29 220528]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-9-15 340240]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-4-13 249936]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-04-20 21:04:04 -------- d-----w- C:\Program Files (x86)\World of Warcraft Beta

2012-04-20 17:21:51 -------- d-----w- C:\Users\Paulo Cesar\AppData\Roaming\TS3Client

2012-04-20 15:14:42 -------- d-----w- C:\Program Files\CCleaner

2012-04-19 02:40:21 8766112 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-04-19 01:46:00 -------- d-----w- C:\ProgramData\McAfee Security Scan

2012-04-19 01:45:58 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan

2012-04-19 01:45:57 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-04-15 18:46:31 -------- d-----w- C:\Users\Paulo Cesar\AppData\Roaming\WirelessManager

2012-04-15 17:20:18 -------- d-----w- C:\ProgramData\Battle.net

2012-04-14 13:04:15 -------- d-----w- C:\Program Files\Dell Support Center

2012-04-14 06:00:42 -------- d-----w- C:\Windows\SysWow64\Wat

2012-04-14 06:00:41 -------- d-----w- C:\Windows\System32\Wat

2012-04-14 05:22:20 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment

2012-04-14 04:44:37 -------- d-----w- C:\Users\Paulo Cesar\AppData\Local\Mozilla

2012-04-13 21:08:17 -------- d-----w- C:\NVIDIA

2012-04-13 20:07:20 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8

2012-04-13 20:06:44 -------- d-----w- C:\Users\Paulo Cesar\AppData\Local\Microsoft Help

2012-04-13 20:00:03 -------- d-----w- C:\Users\Paulo Cesar\SyncUP

2012-04-13 19:51:49 -------- d-----w- C:\Users\Paulo Cesar\AppData\Local\Nero_AG

2012-04-13 19:51:28 -------- d-----w- C:\Users\Paulo Cesar\AppData\Roaming\ZinioReader4

2012-04-13 19:51:21 -------- d-----w- C:\Users\Paulo Cesar\AppData\Local\Adobe

2012-04-13 19:51:20 -------- d-----w- C:\Users\Paulo Cesar\AppData\Local\Nero

2012-04-13 19:37:01 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2012-04-13 19:35:59 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll

2012-04-13 19:35:59 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll

2012-04-13 19:35:59 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-04-13 19:33:24 24376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll

2012-04-13 19:32:57 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-04-13 19:32:57 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-04-13 19:32:57 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-04-13 19:32:44 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-13 19:32:44 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-13 19:32:44 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-13 19:32:43 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-13 19:32:43 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-04-13 19:32:43 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-13 19:32:43 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-13 16:41:22 -------- d-----w- C:\Program Files (x86)\ONGAME

2012-04-13 16:40:09 -------- d-----w- C:\Program Files (x86)\FreeTime

2012-04-13 16:38:52 -------- d-----w- C:\Program Files (x86)\Foxit Software

2012-04-13 16:37:01 -------- d-----w- C:\Program Files (x86)\JDownloader

2012-04-13 15:45:19 -------- d-----w- C:\Users\Paulo Cesar\AppData\Roaming\Macrovision

2012-04-13 15:40:59 -------- d-----w- C:\Users\Paulo Cesar\AppData\Roaming\Roxio Burn

2012-04-13 15:11:55 -------- d-----w- C:\Users\Paulo Cesar\AppData\Roaming\PCDr

2012-04-13 15:11:23 -------- d-----w- C:\ProgramData\PCDr

2012-04-13 13:10:29 -------- d-----w- C:\Diablo-III-8370-ptBR-Installer

2012-04-13 06:40:57 -------- d-----w- C:\Users\Paulo Cesar\Meu Arquivos Backup

2012-04-13 06:30:26 -------- d-----w- C:\ProgramData\Blizzard Entertainment

2012-04-13 06:13:41 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

2012-04-13 06:13:41 634880 ----a-w- C:\Windows\System32\msvcrt.dll

2012-04-13 06:13:39 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys

2012-04-13 03:37:06 -------- d-----w- C:\WoW

2012-04-13 02:31:51 -------- d-----w- C:\Users\Paulo Cesar\AppData\Local\PointBlank

2012-04-13 02:02:46 -------- d-----w- C:\ongame

2012-04-13 01:22:10 -------- d-----w- C:\Program Files (x86)\Conduit

2012-04-13 01:22:06 -------- d-----w- C:\Users\Paulo Cesar\AppData\Local\Conduit

2012-04-13 01:21:57 -------- d-----w- C:\Hotspot Shield

2012-04-13 01:21:13 613704 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll

2012-04-13 01:21:13 597832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor90.dll

2012-04-13 01:21:13 597832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor80.dll

2012-04-13 01:21:13 597832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor70.dll

2012-04-13 01:21:13 597832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor60.dll

2012-04-13 01:21:13 597832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor50.dll

2012-04-13 01:21:13 -------- d-----w- C:\Program Files (x86)\Hotspot Shield

2012-04-13 01:17:23 29696 ----a-w- C:\Windows\System32\drivers\ewdcsc.sys

2012-04-13 01:17:23 243200 ----a-w- C:\Windows\System32\drivers\ewusbnet.sys

2012-04-13 01:17:23 117248 ----a-w- C:\Windows\System32\drivers\ewusbmdm.sys

2012-04-13 01:17:23 114304 ----a-w- C:\Windows\System32\drivers\ewusbdev.sys

2012-04-13 01:17:16 -------- d-----w- C:\ProgramData\OI

2012-04-13 01:17:16 -------- d-----w- C:\ProgramData\lightcomm

2012-04-13 01:17:15 -------- d-----w- C:\Program Files (x86)\OI

2012-04-13 01:15:15 -------- d-----w- C:\Program Files\TeamSpeak 3 Client

2012-04-13 01:13:43 -------- d-----w- C:\Program Files (x86)\VideoLAN

2012-04-13 01:13:25 -------- d-----w- C:\Fraps

2012-04-12 17:05:07 839680 ----a-w- C:\Windows\SysWow64\lameACM.acm

2012-04-12 17:05:07 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll

2012-04-12 17:05:07 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll

2012-04-12 17:05:07 175616 ----a-w- C:\Windows\SysWow64\unrar.dll

2012-04-12 17:05:07 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm

2012-04-12 17:05:06 79360 ----a-w- C:\Windows\SysWow64\ff_vfw.dll

2012-04-12 17:05:04 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack

2012-04-12 17:02:40 -------- d-----w- C:\Users\Paulo Cesar\AppData\Local\Diagnostics

2012-04-12 17:01:30 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared

2012-04-12 16:11:32 -------- d-----w- C:\Users\Paulo Cesar\AppData\Local\Google

2012-04-12 16:11:12 -------- d-----w- C:\Users\Paulo Cesar\AppData\Local\Deployment

2012-04-12 16:11:12 -------- d-----w- C:\Users\Paulo Cesar\AppData\Local\Apps

2012-04-12 15:50:29 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-12 15:50:29 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-12 15:50:29 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-12 15:50:28 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-04-12 15:50:28 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-04-12 15:50:28 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-12 15:50:28 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-04-12 15:48:13 -------- d-sh--w- C:\System Recovery

2012-04-12 15:47:35 -------- d-----w- C:\Users\Paulo Cesar\AppData\Local\Dell

2012-04-12 15:46:57 -------- d-----w- C:\Users\Paulo Cesar\AppData\Roaming\Dell

2012-04-12 15:46:50 -------- d-----w- C:\Users\Paulo Cesar\AppData\Roaming\Fingertapps

2012-04-12 15:46:07 -------- d-----w- C:\Users\Paulo Cesar\AppData\Local\VirtualStore

2012-03-30 03:28:38 -------- d-----w- C:\Program Files\STMicroelectronics

2012-03-30 03:27:44 -------- d-----w- C:\Program Files\Synaptics

2012-03-30 03:17:20 -------- d-----w- C:\Program Files\ZinioReader4

2012-03-30 03:04:35 -------- d-----w- C:\Apps

2012-03-30 03:00:08 8604672 ----a-w- C:\Windows\System32\drivers\NETwNs64.sys

2012-03-30 03:00:08 799232 ----a-w- C:\Windows\System32\NETwNc64.dll

2012-03-30 03:00:08 113152 ----a-w- C:\Windows\System32\NETwNr64.dll

2012-03-30 02:58:59 203352 ----a-w- C:\Windows\SysWow64\jmcricon.dll

2012-03-30 02:57:09 995328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2012-03-30 02:53:17 -------- d-----w- C:\Windows\System32\oem

2012-03-30 02:53:11 -------- d-----w- C:\Drivers

2012-03-29 22:40:51 -------- d-----w- C:\Program Files\dell stage

2012-03-29 22:38:40 -------- d-----w- C:\Program Files (x86)\Nero

2012-03-29 22:38:18 -------- d-----w- C:\ProgramData\Nero

2012-03-29 22:35:40 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll

2012-03-29 22:35:16 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll

2012-03-29 22:34:58 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll

2012-03-29 22:30:44 -------- d-----w- C:\ProgramData\Uninstall

2012-03-29 22:29:59 -------- d-----w- C:\Program Files (x86)\Common Files\SureThing Shared

2012-03-29 22:29:53 -------- d-----w- C:\ProgramData\PhotoShow Shared Assets

2012-03-29 22:29:51 -------- d-----w- C:\Program Files\Roxio

2012-03-29 22:29:04 55856 ------w- C:\Windows\System32\drivers\PxHlpa64.sys

2012-03-29 22:29:04 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys

2012-03-29 22:29:04 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys

2012-03-29 22:28:37 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine

2012-03-29 22:28:16 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared

2012-03-29 22:28:03 -------- d-----w- C:\Program Files (x86)\Roxio

2012-03-29 22:24:19 -------- d-----w- C:\Program Files (x86)\Microsoft

2012-03-29 22:22:53 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys

2012-03-29 22:22:48 161168 ----a-w- C:\Windows\System32\mfevtps.exe

2012-03-29 22:22:34 -------- d-----w- C:\Program Files\Common Files\mcafee

2012-03-29 22:22:34 -------- d-----w- C:\Program Files (x86)\mcafee.com

2012-03-29 22:22:34 -------- d-----w- C:\Program Files (x86)\Common Files\mcafee

2012-03-29 22:22:33 -------- d-----w- C:\Program Files\mcafee.com

2012-03-29 22:22:33 -------- d-----w- C:\Program Files\mcafee

2012-03-29 22:22:33 -------- d-----w- C:\Program Files (x86)\McAfee

2012-03-29 22:20:52 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2012-03-29 22:20:05 -------- d-----w- C:\Windows\PCHEALTH

2012-03-29 22:19:30 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll

2012-03-29 22:19:30 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll

2012-03-29 22:19:30 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll

2012-03-29 22:19:30 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll

2012-03-29 22:18:50 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll

2012-03-29 22:18:50 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll

2012-03-29 22:16:56 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a7106b9c1cd0df903\DSETUP.dll

2012-03-29 22:16:56 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a7106b9c1cd0df903\DXSETUP.exe

2012-03-29 22:16:56 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a7106b9c1cd0df903\dsetup32.dll

2012-03-29 22:16:56 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a72f5d7f1cd0df904\MeshBetaRemover.exe

2012-03-29 22:16:55 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a68b1e8c1cd0df902\DSETUP.dll

2012-03-29 22:16:55 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a68b1e8c1cd0df902\DXSETUP.exe

2012-03-29 22:16:55 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a68b1e8c1cd0df902\dsetup32.dll

2012-03-29 22:16:54 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a5d173371cd0df901\Silverlight.4.0.exe

2012-03-29 22:16:53 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

2012-03-29 22:13:14 -------- d-----w- C:\Program Files (x86)\Sensible Vision

2012-03-29 22:12:37 841280 ----a-w- C:\Windows\System32\PhotoStageScrSaver.scr

2012-03-29 22:12:21 -------- d-----w- C:\Program Files (x86)\Dell Stage

2012-03-29 22:11:29 -------- d-----w- C:\Program Files (x86)\Dell

2012-03-29 22:11:11 -------- d-----w- C:\ProgramData\install_clap

2012-03-29 22:10:01 -------- d-----r- C:\Program Files (x86)\Skype

2012-03-29 22:07:12 -------- d-----w- C:\Temp

2012-03-29 22:07:11 151656 ----a-w- C:\Windows\System32\drivers\WimFltr.sys

2012-03-29 22:06:52 -------- d-----w- C:\Program Files (x86)\Dell DataSafe Local Backup

2012-03-29 22:04:27 -------- d-----w- C:\ProgramData\Roaming

2012-03-29 22:03:59 -------- d-----w- C:\Program Files (x86)\Cisco

2012-03-29 22:02:34 -------- d-----w- C:\Program Files (x86)\STMicroelectronics

2012-03-29 22:01:54 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll

2012-03-29 22:01:49 -------- d-----w- C:\Program Files\Dell

2012-03-29 22:01:30 627600 ----a-w- C:\Windows\System32\deployJava1.dll

2012-03-29 22:00:45 544656 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-03-29 21:45:40 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-29 21:45:33 -------- d-----w- C:\Program Files\Dell Inc

2012-03-29 21:43:39 142336 ----a-w- C:\Windows\System32\poqexec.exe

2012-03-29 21:43:39 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe

2012-03-29 21:38:46 -------- d-----w- C:\Windows\SysWow64\NV

2012-03-29 21:38:46 -------- d-----w- C:\Windows\System32\NV

2012-03-29 21:35:44 -------- d-----w- C:\Windows\System32\SRSLabs

2012-03-29 21:34:51 -------- d-----w- C:\Program Files\Realtek

2012-03-29 21:34:48 -------- d-----w- C:\Windows\SysWow64\RTCOM

2012-03-29 21:33:45 -------- d-----w- C:\ProgramData\NVIDIA Corporation

2012-03-29 21:33:40 -------- d-----w- C:\Program Files\NVIDIA Corporation

2012-03-29 21:33:40 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation

2012-03-29 21:33:32 -------- d-----w- C:\Program Files\Common Files\Intel

2012-03-29 21:33:31 -------- d-----w- C:\Program Files (x86)\Common Files\Intel

2012-03-29 21:33:29 -------- d-----w- C:\Intel

2012-03-29 21:33:16 21616 ----a-w- C:\Windows\System32\drivers\stdcfltn.sys

.

==================== Find3M ====================

.

2012-03-30 02:57:09 91648 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe

2012-03-01 00:02:00 9717568 ----a-w- C:\Windows\System32\nvwgf2umx.dll

2012-02-29 21:00:22 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-02-29 21:00:09 6074176 ----a-w- C:\Windows\System32\nvcpl.dll

2012-02-29 20:59:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-02-29 20:59:47 63296 ----a-w- C:\Windows\System32\nvshext.dll

2012-02-29 20:59:47 55616 ----a-w- C:\Windows\System32\nv3dappshextr.dll

2012-02-29 20:59:47 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll

2012-02-29 20:59:47 118080 ----a-w- C:\Windows\System32\nvmctray.dll

2012-02-29 20:59:46 849728 ----a-w- C:\Windows\System32\nv3dappshext.dll

2012-02-29 20:59:29 2515790 ----a-w- C:\Windows\System32\nvcoproc.bin

2012-02-29 16:26:56 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-07 14:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 22:19:57,84 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 12/04/2012 12:43:24

System Uptime: 20/04/2012 22:00:10 (0 hours ago)

.

Motherboard: Dell Inc. | | 04X7VP

Processor: Intel® Core i5-2450M CPU @ 2.50GHz | CPU | 2501/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 685 GiB total, 534,713 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: facap, FastAccess Video Capture

Device ID: ROOT\IMAGE\0000

Manufacturer: Sensible Vision

Name: facap, FastAccess Video Capture

PNP Device ID: ROOT\IMAGE\0000

Service: FACAP

.

==== System Restore Points ===================

.

RP36: 20/04/2012 12:09:30 - Removed Zinio Reader 4

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

AccelerometerP11

Adobe AIR

Adobe Reader 9.1.2 - Português

Advanced Audio FX Engine

Atualização do produto Microsoft Office Excel 2007 Help (KB963678)

Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)

Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)

Atualização do produto Microsoft Office Word 2007 Help (KB963665)

Controle ActiveX do Windows Live Mesh para Conexões Remotas

D3DX10

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell Getting Started Guide

Dell Mobile Broadband Manager

Dell PhotoStage

Dell Stage

Dell VideoStage

Dell Webcam Central

DirectX 9 Runtime

Discador Oi

FormatFactory 2.70

Foxit Reader 5.0

Fraps

Google Chrome

High-Definition Video Playback

Hotspot Shield 2.25

Intel PROSet Wireless

Intel® Processor Graphics

Java Auto Updater

Java 6 Update 31

Java 7 Update 1

JDownloader

Junk Mail filter update

K-Lite Mega Codec Pack 8.6.0

McAfee Security Scan Plus

McAfee SecurityCenter

Mesh Runtime

Metin2(remove only)

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox 11.0 (x86 pt-BR)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 10 Movie ThemePack Basic

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero Update

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

Palco de Música da Dell

PhotoShowExpress

PointBlank

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Skype™ 5.5

Sonic CinePlayer Decoder Pack

SyncUP

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

VLC media player 2.0.1

Windows Live Communications Platform

Windows Live Essentials

Windows Live Galeria de Fotos

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

World of Warcraft Beta

.

==== End Of File ===========================

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-04-20 22:40:05

Windows 6.1.7601 Service Pack 1

Running: gmer.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb425c0fa7

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb425c0fa7 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

post-970464-13884962542325_thumb.jpg

Editado por PauloCesar003

Compartilhar este post


Link para o post
Compartilhar em outros sites

ja limpei todos dados do navegador, escaneei com o McAffe não identificou nenhum virus e passei o CCleaner no not também...ainda n deu jeito ajuda aí!!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Abra o bloco de notas e copie (CTRL + C) e cole (CTRL + V) o seguinte texto entre QUOTE:


reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" > C:\look.txt
notepad C:\look.txt

Salve o arquivo como FixServices.bat

Escolha salvar colocando como tipo de arquivo: Todos os Arquivos.

  1. Ficará um ícone como este 4qhg48p.jpg.
  2. Dê um duplo clique em FixServices.bat.
  3. Espere o bat terminar de executar. Ao terminar a execução, aparecerá um arquivo de texto, copie-o e cole-o e sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde Renato,

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

IE5_UA_Backup_Flag REG_SZ 5.0

User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 8.0; Win32)

EmailName REG_SZ User@

PrivDiscUiShown REG_DWORD 0x1

EnableHttp1_1 REG_DWORD 0x1

WarnOnIntranet REG_DWORD 0x1

MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges

AutoConfigProxy REG_SZ wininet.dll

UseSchannelDirectly REG_BINARY 01000000

EnableNegotiate REG_DWORD 0x1

WarnOnPost REG_BINARY 01000000

UrlEncoding REG_DWORD 0x0

SecureProtocols REG_DWORD 0x28

PrivacyAdvanced REG_DWORD 0x0

ZonesSecurityUpgrade REG_BINARY 5EF34E5FC318CD01

DisableCachingOfSSLPages REG_DWORD 0x0

WarnonZoneCrossing REG_DWORD 0x0

CertificateRevocation REG_DWORD 0x1

MigrateProxy REG_DWORD 0x1

ProxyEnable REG_DWORD 0x0

GlobalUserOffline REG_DWORD 0x0

ProxyOverride REG_SZ local

AutoConfigURL REG_SZ http://www.atualizarsistemasv2.me/sistemasvs.txt

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CACHE

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

Compartilhar este post


Link para o post
Compartilhar em outros sites

Evite sites bancários.

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 12-04-23.03 - Paulo Cesar 24/04/2012 0:24.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1046.18.6038.4694 [GMT -3:00]

Executando de: c:\users\Paulo Cesar\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Roaming

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-03-24 to 2012-04-24 ))))))))))))))))))))))))))))

.

.

2012-04-24 03:29 . 2012-04-24 03:29 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-20 21:04 . 2012-04-21 13:03 -------- d-----w- c:\program files (x86)\World of Warcraft Beta

2012-04-20 15:14 . 2012-04-20 15:14 -------- d-----w- c:\program files\CCleaner

2012-04-19 02:40 . 2012-04-19 02:40 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-19 01:46 . 2012-04-19 01:46 -------- d-----w- c:\programdata\McAfee Security Scan

2012-04-19 01:45 . 2012-04-21 02:18 -------- d-----w- c:\program files (x86)\McAfee Security Scan

2012-04-19 01:45 . 2012-04-19 02:40 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-04-17 06:02 . 2012-04-17 06:02 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2012-04-15 17:20 . 2012-04-15 17:21 -------- d-----w- c:\programdata\Battle.net

2012-04-14 13:04 . 2012-04-19 00:27 -------- d-----w- c:\program files\Dell Support Center

2012-04-14 06:00 . 2012-04-14 06:00 -------- d-----w- c:\windows\SysWow64\Wat

2012-04-14 06:00 . 2012-04-14 06:00 -------- d-----w- c:\windows\system32\Wat

2012-04-14 05:22 . 2012-04-20 21:11 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment

2012-04-13 21:13 . 2012-04-13 21:13 -------- d-----w- c:\users\UpdatusUser

2012-04-13 21:08 . 2012-04-13 21:12 -------- d-----w- C:\NVIDIA

2012-04-13 20:09 . 2012-04-17 06:03 -------- d-----w- c:\program files (x86)\Microsoft Works

2012-04-13 20:07 . 2012-04-13 20:07 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8

2012-04-13 20:06 . 2012-04-18 05:40 -------- d-----w- c:\programdata\Microsoft Help

2012-04-13 20:06 . 2012-04-13 20:06 -------- d-----r- C:\MSOCache

2012-04-13 19:37 . 2012-04-13 19:37 -------- d-----w- c:\program files (x86)\MSXML 4.0

2012-04-13 19:35 . 2012-02-28 06:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2012-04-13 19:35 . 2012-02-28 06:49 1390080 ----a-w- c:\windows\system32\wininet.dll

2012-04-13 19:35 . 2012-02-28 01:13 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll

2012-04-13 19:32 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-13 19:32 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-04-13 19:32 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-13 19:32 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-13 19:32 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-13 19:32 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-13 19:32 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-13 19:32 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-13 19:32 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-13 19:32 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-13 16:41 . 2012-04-13 16:41 -------- d-----w- c:\program files (x86)\ONGAME

2012-04-13 16:40 . 2012-04-13 16:40 -------- d-----w- c:\program files (x86)\FreeTime

2012-04-13 16:38 . 2012-04-13 16:38 -------- d-----w- c:\program files (x86)\Foxit Software

2012-04-13 16:37 . 2012-04-13 16:37 -------- d-----w- c:\program files (x86)\JDownloader

2012-04-13 15:11 . 2012-04-13 15:11 -------- d-----w- c:\programdata\PCDr

2012-04-13 13:10 . 2012-04-15 15:41 -------- d-----w- C:\Diablo-III-8370-ptBR-Installer

2012-04-13 06:30 . 2012-04-13 06:30 -------- d-----w- c:\programdata\Blizzard Entertainment

2012-04-13 06:13 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll

2012-04-13 06:13 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll

2012-04-13 06:13 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys

2012-04-13 03:37 . 2012-04-20 21:25 -------- d-----w- C:\WoW

2012-04-13 02:02 . 2012-04-13 02:02 -------- d-----w- C:\ongame

2012-04-13 01:22 . 2012-04-13 01:22 -------- d-----w- c:\program files (x86)\Conduit

2012-04-13 01:21 . 2012-04-13 01:23 -------- d-----w- C:\Hotspot Shield

2012-04-13 01:21 . 2012-04-13 01:23 -------- d-----w- c:\program files (x86)\Hotspot Shield

2012-04-13 01:17 . 2010-03-04 14:14 29696 ----a-w- c:\windows\system32\drivers\ewdcsc.sys

2012-04-13 01:17 . 2010-03-04 14:14 243200 ----a-w- c:\windows\system32\drivers\ewusbnet.sys

2012-04-13 01:17 . 2010-03-04 14:14 117248 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys

2012-04-13 01:17 . 2010-03-04 14:14 114304 ----a-w- c:\windows\system32\drivers\ewusbdev.sys

2012-04-13 01:17 . 2012-04-13 01:17 -------- d-----w- c:\programdata\OI

2012-04-13 01:17 . 2012-04-13 01:17 -------- d-----w- c:\programdata\lightcomm

2012-04-13 01:17 . 2012-04-13 01:17 -------- d-----w- c:\program files (x86)\OI

2012-04-13 01:15 . 2012-04-13 01:15 -------- d-----w- c:\program files\TeamSpeak 3 Client

2012-04-13 01:13 . 2012-04-13 01:13 -------- d-----w- c:\program files (x86)\VideoLAN

2012-04-13 01:13 . 2012-04-13 01:13 -------- d-----w- C:\Fraps

2012-04-12 17:05 . 2011-12-21 18:14 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm

2012-04-12 17:05 . 2011-06-24 15:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll

2012-04-12 17:05 . 2011-06-24 15:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll

2012-04-12 17:05 . 2011-03-02 11:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll

2012-04-12 17:05 . 2008-09-24 19:41 839680 ----a-w- c:\windows\SysWow64\lameACM.acm

2012-04-12 17:05 . 2012-03-22 18:00 79360 ----a-w- c:\windows\SysWow64\ff_vfw.dll

2012-04-12 17:05 . 2012-04-12 17:05 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack

2012-04-12 17:01 . 2012-04-12 17:01 -------- d-----w- c:\program files (x86)\Common Files\xing shared

2012-04-12 17:01 . 2012-04-12 17:01 -------- d-----w- c:\program files (x86)\Real

2012-04-12 15:50 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-12 15:50 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-12 15:50 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-04-12 15:50 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-04-12 15:50 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-04-12 15:50 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-12 15:50 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-04-12 15:48 . 2012-04-12 15:48 -------- d-sh--w- C:\System Recovery

2012-03-30 03:28 . 2012-03-30 03:28 -------- d-----w- c:\program files\STMicroelectronics

2012-03-30 03:27 . 2012-03-30 03:27 -------- d-----w- c:\program files\Synaptics

2012-03-30 03:17 . 2012-03-30 03:17 -------- d-----w- c:\program files\ZinioReader4

2012-03-30 03:17 . 2012-03-29 22:12 -------- d-----w- c:\programdata\Dell

2012-03-30 03:04 . 2012-03-29 22:31 -------- d-----w- C:\Apps

2012-03-30 03:00 . 2011-09-18 11:26 8604672 ----a-w- c:\windows\system32\drivers\NETwNs64.sys

2012-03-30 03:00 . 2010-05-19 07:30 113152 ----a-w- c:\windows\system32\NETwNr64.dll

2012-03-30 03:00 . 2010-05-19 07:30 799232 ----a-w- c:\windows\system32\NETwNc64.dll

2012-03-30 02:58 . 2010-12-15 17:02 203352 ----a-w- c:\windows\SysWow64\jmcricon.dll

2012-03-30 02:57 . 2012-03-30 02:57 995328 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2012-03-30 02:53 . 2012-04-12 16:16 -------- d-----w- c:\windows\system32\oem

2012-03-30 02:53 . 2012-03-30 03:01 -------- d-----w- C:\Drivers

2012-03-29 22:40 . 2012-03-29 22:40 -------- d-----w- c:\program files\dell stage

2012-03-29 22:38 . 2012-03-29 22:39 -------- d-----w- c:\program files (x86)\Common Files\Nero

2012-03-29 22:38 . 2012-03-29 22:39 -------- d-----w- c:\program files (x86)\Nero

2012-03-29 22:38 . 2012-03-29 22:39 -------- d-----w- c:\programdata\Nero

2012-03-29 22:35 . 2009-09-04 20:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll

2012-03-29 22:35 . 2009-09-04 20:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll

2012-03-29 22:34 . 2008-10-15 09:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll

2012-03-29 22:33 . 2012-04-13 19:53 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR

2012-03-29 22:30 . 2012-03-29 22:30 -------- d-----w- c:\programdata\Uninstall

2012-03-29 22:29 . 2012-03-29 22:30 -------- d-----w- c:\program files (x86)\Common Files\SureThing Shared

2012-03-29 22:29 . 2012-03-29 22:29 -------- d-----w- c:\programdata\PhotoShow Shared Assets

2012-03-29 22:29 . 2012-03-29 22:29 -------- d-----w- c:\program files\Roxio

2012-03-29 22:29 . 2012-04-17 10:40 -------- d-----w- c:\programdata\Sonic

2012-03-29 22:29 . 2010-03-19 06:00 55856 ------w- c:\windows\system32\drivers\PxHlpa64.sys

2012-03-29 22:29 . 2009-10-20 06:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys

2012-03-29 22:29 . 2009-10-20 06:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys

2012-03-29 22:28 . 2012-03-29 22:59 -------- d-----w- c:\programdata\Roxio

2012-03-29 22:28 . 2012-03-29 22:30 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine

2012-03-29 22:28 . 2012-03-29 22:30 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared

2012-03-29 22:28 . 2012-03-29 22:30 -------- d-----w- c:\program files (x86)\Roxio

2012-03-29 22:28 . 2012-03-29 22:28 -------- d-----w- c:\programdata\Macrovision

2012-03-29 22:24 . 2012-04-21 00:58 -------- d-----w- c:\program files (x86)\Microsoft

2012-03-29 22:22 . 2011-10-15 15:16 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2012-03-29 22:22 . 2011-12-06 20:25 161168 ----a-w- c:\windows\system32\mfevtps.exe

2012-03-29 22:22 . 2012-03-29 22:23 -------- d-----w- c:\program files (x86)\Common Files\mcafee

2012-03-29 22:22 . 2012-03-29 22:22 -------- d-----w- c:\program files\Common Files\mcafee

2012-03-29 22:22 . 2012-03-29 22:22 -------- d-----w- c:\program files (x86)\mcafee.com

2012-03-29 22:22 . 2012-04-13 21:16 -------- d-----w- c:\program files (x86)\McAfee

2012-03-29 22:22 . 2012-03-29 22:23 -------- d-----w- c:\program files\mcafee

2012-03-29 22:22 . 2012-04-20 15:36 -------- d-----w- c:\programdata\McAfee

2012-03-29 22:20 . 2012-03-29 22:20 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

2012-03-29 22:20 . 2012-03-29 22:21 -------- d-----w- c:\program files (x86)\Windows Live

2012-03-29 22:20 . 2012-03-29 22:20 -------- d-----w- c:\windows\PCHEALTH

2012-03-29 22:19 . 2012-03-29 22:20 -------- d-----w- c:\program files\Windows Live

2012-03-29 22:19 . 2009-09-04 20:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll

2012-03-29 22:19 . 2009-09-04 20:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll

2012-03-29 22:19 . 2009-09-04 20:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll

2012-03-29 22:19 . 2009-09-04 20:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-12 16:18 . 2010-06-24 14:33 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-03-30 03:24 . 2012-03-30 03:24 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-03-30 03:24 . 2012-03-30 03:24 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-03-30 03:24 . 2012-03-30 03:24 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-02-29 21:00 . 2011-04-21 23:35 3089728 ----a-w- c:\windows\system32\nvsvc64.dll

2012-02-29 21:00 . 2011-04-21 23:35 6074176 ----a-w- c:\windows\system32\nvcpl.dll

2012-02-29 20:59 . 2011-04-21 23:35 889664 ----a-w- c:\windows\system32\nvvsvc.exe

2012-02-29 20:59 . 2011-04-21 23:35 63296 ----a-w- c:\windows\system32\nvshext.dll

2012-02-29 20:59 . 2011-04-21 23:35 55616 ----a-w- c:\windows\system32\nv3dappshextr.dll

2012-02-29 20:59 . 2011-04-21 23:35 2561856 ----a-w- c:\windows\system32\nvsvcr.dll

2012-02-29 20:59 . 2011-04-21 23:35 118080 ----a-w- c:\windows\system32\nvmctray.dll

2012-02-29 20:59 . 2011-04-21 23:35 849728 ----a-w- c:\windows\system32\nv3dappshext.dll

2012-02-29 20:59 . 2011-04-21 23:35 2515790 ----a-w- c:\windows\system32\nvcoproc.bin

2012-02-29 16:26 . 2012-02-29 16:26 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-02-07 14:02 . 2012-02-07 14:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-11-02 93832]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]

"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2011-12-31 66872]

"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-11-03 957440]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-04-12 296056]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

.

c:\users\Paulo Cesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Monitor da tecnologia Intel® Turbo Boost 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]

2010-11-02 01:40 147080 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli FAPassSync

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 253088]

R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + Protocolo de alta velocidade;c:\windows\system32\DRIVERS\amppal.sys [x]

R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-30 220528]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-09-15 340240]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-15 1166848]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]

S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]

S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-11-02 2428552]

S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-01-17 331608]

S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-01-04 329544]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-12-06 208536]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]

S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + Adaptador virtual de alta velocidade;c:\windows\system32\DRIVERS\AMPPAL.sys [x]

S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]

S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]

S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]

S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

S3 NETwNs64;___ Driver do adaptador Intel® Wireless WiFi Link Série 5000 para Windows 7 64 bits;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]

.

.

--- =Outros Serviços/Drivers Na Memória ---

.

*Deregistered* - mfeavfk01

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 02:40]

.

2012-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-161454365-913874447-687471935-1001Core.job

- c:\users\Paulo Cesar\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-12 16:11]

.

2012-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-161454365-913874447-687471935-1001UA.job

- c:\users\Paulo Cesar\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-12 16:11]

.

2012-04-19 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]

.

2012-04-19 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]

.

2012-04-23 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]

2012-01-04 23:02 287048 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-01-25 4479648]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]

"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-09-15 1935120]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]

"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-11-03 2190704]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.hotspotshield.com/g/?c=h

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = local

IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 200.222.145.86 200.149.55.140

FF - ProfilePath - c:\users\Paulo Cesar\AppData\Roaming\Mozilla\Firefox\Profiles\kkofkqur.default\

FF - prefs.js: network.proxy.socks_port - 80

FF - prefs.js: network.proxy.type - 2

.

- - - - ORFÃOS REMOVIDOS - - - -

.

URLSearchHooks-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-FAStartup - (no file)

Toolbar-Locked - (no file)

WebBrowser-{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2012-04-24 00:30:24

ComboFix-quarantined-files.txt 2012-04-24 03:30

.

Pré-execução: 552.354.643.968 bytes disponíveis

Pós execução: 551.839.596.544 bytes disponíveis

.

- - End Of File - - C511EAE82DE68C961F502567C689C690

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Kaspersky AVP Tool de um desses 2 links:

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/

Você será conduzido a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. Somente o campo "email" é obrigatório.

Informe seu email depois clique no botão Submit Form.

A página será recarregada. Clique no botão Download

Salve-o em sua área de trabalho.

Execute o arquivo e aguarde a instalação.

** Usuários do Windows Vista e Windows 7:

Clique com o direito sobre o arquivo, depois clique em Executar como administrador

Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start. Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

KRT_settings.png

Nesta tela, marque a caixa ao lado de:

  • Meu Computador
  • Disco local (C:)

Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem. Depois clique na aba Automatic Scan

KRT_install2_.png

De volta à tela inicial do programa, clique no botão Start scanning

Tenha paciência, é um pouco demorado.

Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer.

Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

KRT_detection_.png

Enquanto durar o exame, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor laranja, caso nada tenha sido detectado, e na cor vermelha, caso tenha encontrado algo.

Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão No, thanks.

De volta à tela principal, caso tenha sido detectado algo, então salve o log. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.

Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings"). Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.

Escolha um local de fácil acesso e salve como log.txt

Copie todo o conteúdo desse bloco de notas e cole na sua próxima resposta.

Se nada for detectado, então não precisa salvar o log. Apenas poste aqui avisando.

Para sair do programa, basta clicar no X no canto superior direito.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite, desculpa a demora tava ocupado na faculdade...

segue o log,

Status: Detected (events: 8)

28/04/2012 01:59:11 Detected Trojan program HEUR:Trojan.Script.Generic C:\Documents and Settings\Paulo Cesar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WXXXD0K3\sistemasvs[1].cache High

28/04/2012 02:01:12 Detected Trojan program HEUR:Trojan.Script.Generic C:\Documents and Settings\Paulo Cesar\AppData\Local\Temporary Internet Files\Content.IE5\WXXXD0K3\sistemasvs[1].cache High

28/04/2012 02:02:47 Detected Trojan program HEUR:Trojan.Script.Generic C:\Documents and Settings\Paulo Cesar\Configurações locais\Microsoft\Windows\Temporary Internet Files\Content.IE5\WXXXD0K3\sistemasvs[1].cache High

28/04/2012 02:04:25 Detected Trojan program HEUR:Trojan.Script.Generic C:\Documents and Settings\Paulo Cesar\Configurações locais\Temporary Internet Files\Content.IE5\WXXXD0K3\sistemasvs[1].cache High

28/04/2012 03:07:21 Detected Trojan program HEUR:Trojan.Script.Generic C:\Users\Paulo Cesar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WXXXD0K3\sistemasvs[1].cache High

28/04/2012 03:09:02 Detected Trojan program HEUR:Trojan.Script.Generic C:\Users\Paulo Cesar\AppData\Local\Temporary Internet Files\Content.IE5\WXXXD0K3\sistemasvs[1].cache High

28/04/2012 03:10:17 Detected Trojan program HEUR:Trojan.Script.Generic C:\Users\Paulo Cesar\Configurações locais\Microsoft\Windows\Temporary Internet Files\Content.IE5\WXXXD0K3\sistemasvs[1].cache High

28/04/2012 03:11:53 Detected Trojan program HEUR:Trojan.Script.Generic C:\Users\Paulo Cesar\Configurações locais\Temporary Internet Files\Content.IE5\WXXXD0K3\sistemasvs[1].cache High

Compartilhar este post


Link para o post
Compartilhar em outros sites

As únicas ameaças estão nos arquivos temporários da internet, que será zerado nos procedimentos abaixo.

Parabéns, seu log está limpo.

De agora em diante fique ALERTA!

Para finalizar faça o seguinte:

Vá em Iniciar > Executar e digite ComboFix /Uninstall . Isso desinstalará o ComboFix de sua máquina.

Faça download do OTC

  • Salve no seu desktop (área/ambiente de trabalho).
  • Duplo-clique no icone do OTC.
  • Clique no botão "Cleanup" 8gehxg0.gif
  • Permita que o seu computador seja reiniciado.

Sugiro que rode o CCleaner para fazer uma limpeza em sua máquina. Faça o download dele aqui CCleaner

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Erros >> Procurar erros >> Corrigir Erros

Sugiro também que consulte este artigo: Proteja seu PC

Mais algum problema com o computador?

Compartilhar este post


Link para o post
Compartilhar em outros sites