Tecolote
2014-05-01, 17:32
Hi,
ADW saved 2 log files. I'm posting both.
I couldn't update Mbam since the desktop is without internet connection. It allowed me to perform only the complete scan ("Threat Scan"), i couldn't do only the requested hyperscan, it was disabled. And more, it detected some 3 or 4 threats and asked me what i do with them. I did nothing. Also, I didn't know if the history .xml log is equal to the exported .txt, so i'm posting both too.
Thank you for the assistance.
# AdwCleaner v3.205 - Relatório criado 01/05/2014 às 11:31:02
# Atualizado 28/04/2014 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : Administrador - HOME
# Executando de : C:\Documents and Settings\Administrador\Desktop\AdwCleaner.exe
# Opção : Examinar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Arquivo Encontrado : C:\Documents and Settings\JOELMA\Dados de aplicativos\Mozilla\Firefox\Profiles\iodhr47x.default\.autoreg
Pasta Encontrado : C:\Documents and Settings\All Users\Dados de aplicativos\Trymedia
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Encontrada : HKLM\Software\Trymedia Systems
***** [ Navegadores ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Google Chrome v34.0.1847.116
[ Arquivo : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]
[ Arquivo : C:\Documents and Settings\JOELMA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1122 octets] - [01/05/2014 11:31:02]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1182 octets] ##########
# AdwCleaner v3.205 - Relatório criado 01/05/2014 às 11:31:51
# Atualizado 28/04/2014 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : Administrador - HOME
# Executando de : C:\Documents and Settings\Administrador\Desktop\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\Trymedia
Arquivo Deletada : C:\Documents and Settings\JOELMA\Dados de aplicativos\Mozilla\Firefox\Profiles\iodhr47x.default\.autoreg
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKLM\Software\Trymedia Systems
***** [ Navegadores ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Google Chrome v34.0.1847.116
[ Arquivo : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]
[ Arquivo : C:\Documents and Settings\JOELMA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1262 octets] - [01/05/2014 11:31:02]
AdwCleaner[S0].txt - [1174 octets] - [01/05/2014 11:31:51]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1234 octets] ##########
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 1/5/2014
Scan Time: 11:59:12
Logfile: Mbam scan1.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.03.04.09
Rootkit Database: v2014.02.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Administrador
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 231996
Time Elapsed: 15 min, 28 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 3
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY, 1, Good: (0), Bad: (1),,[e168af50007ad165847d1d0d04009967]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FIREWALLDISABLENOTIFY, 1, Good: (0), Bad: (1),,[1039bd420575f64004fee149a55f25db]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UPDATESDISABLENOTIFY, 1, Good: (0), Bad: (1),,[3415c03f0773d75f83806fbbcf35cd33]
Folders: 0
(No malicious items detected)
Files: 1
Trojan.Banker.ZB, C:\Documents and Settings\JOELMA\Meus documentos\Downloads\cobranca2avia.zip, , [5beed22d99e13afca45a5d7c10f0659b],
Physical Sectors: 0
(No malicious items detected)
(end)
Tecolote
2014-05-06, 19:38
Is there any way to access the internet in safe mode? Because my pc still show a black screen with only the mouse pointer in it after the "welcome" windows xp screen.
Remember that the e:\ drive, if it appears, is the pen drive i'm using to exchange the files between computers.
Posting logs.
OTL Extras logfile created on: 6/5/2014 14:22:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrador\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy
1015,48 Mb Total Physical Memory | 794,62 Mb Available Physical Memory | 78,25% Memory free
2,39 Gb Paging File | 2,27 Gb Available in Paging File | 95,13% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 149,04 Gb Total Space | 126,07 Gb Free Space | 84,58% Space Free | Partition Type: NTFS
Drive E: | 3,65 Gb Total Space | 3,46 Gb Free Space | 94,94% Space Free | Partition Type: FAT32
Computer Name: HOME | User Name: Administrador | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" = C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" = C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Arquivos de programas\Skype\Phone\Skype.exe" = C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66EBD70F-A42C-475F-AEDF-277378151046}" = Nero 7 Essentials
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client PT-BR Language Pack
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0416-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12
"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007
"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1046-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Português
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{D40C0608-033D-43A7-B4D7-B0EE493F938C}" = Microsoft Antimalware Service PT-BR Language Pack
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = Alcatel SpeedTouch USB Software
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"7-Zip" = 7-Zip 4.42
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 9.0.1 (x86 pt-BR)" = Mozilla Firefox 9.0.1 (x86 pt-BR)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Programador de Modem_is1" = SModem 1.0
"Receitanet Java 2010.02d" = Receitanet Java 2010.02d
"TurboADSL_is1" = TurboADSL 0.98
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = Arquivo do WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 1/5/2014 10:37:17 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Falha na recuperação de atualização automática do número de seqüência
de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
com erro: The server name or address could not be resolved
Error - 1/5/2014 10:37:17 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Falha na recuperação de atualização automática do número de seqüência
de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
com erro: Esta conexão de rede não existe.
Error - 4/5/2014 10:27:07 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Falha na recuperação de atualização automática do número de seqüência
de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
com erro: The server name or address could not be resolved
Error - 4/5/2014 10:27:08 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Falha na recuperação de atualização automática do número de seqüência
de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
com erro: Esta conexão de rede não existe.
Error - 4/5/2014 10:37:14 | Computer Name = HOME | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4
3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.
Error - 5/5/2014 14:45:36 | Computer Name = HOME | Source = Application Error | ID = 1004
Description = Aplicativo com falha MsMpEng.exe, versão 3.0.8107.0, módulo com falha
mpengine.dll, versão 1.1.10501.0, endereço com falha 0x003d684d.
Error - 5/5/2014 14:45:52 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Aplicativo com falha MsMpEng.exe, versão 3.0.8107.0, módulo com falha
mpengine.dll, versão 1.1.10501.0, endereço com falha 0x003d684d.
Error - 6/5/2014 13:17:54 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Falha na recuperação de atualização automática do número de seqüência
de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
com erro: The server name or address could not be resolved
Error - 6/5/2014 13:17:54 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Falha na recuperação de atualização automática do número de seqüência
de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
com erro: Esta conexão de rede não existe.
Error - 6/5/2014 13:26:42 | Computer Name = HOME | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4
3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.
[ Application Events ]
Error - 1/5/2014 10:37:17 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Falha na recuperação de atualização automática do número de seqüência
de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
com erro: The server name or address could not be resolved
Error - 1/5/2014 10:37:17 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Falha na recuperação de atualização automática do número de seqüência
de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
com erro: Esta conexão de rede não existe.
Error - 4/5/2014 10:27:07 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Falha na recuperação de atualização automática do número de seqüência
de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
com erro: The server name or address could not be resolved
Error - 4/5/2014 10:27:08 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Falha na recuperação de atualização automática do número de seqüência
de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
com erro: Esta conexão de rede não existe.
Error - 4/5/2014 10:37:14 | Computer Name = HOME | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4
3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.
Error - 5/5/2014 14:45:36 | Computer Name = HOME | Source = Application Error | ID = 1004
Description = Aplicativo com falha MsMpEng.exe, versão 3.0.8107.0, módulo com falha
mpengine.dll, versão 1.1.10501.0, endereço com falha 0x003d684d.
Error - 5/5/2014 14:45:52 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Aplicativo com falha MsMpEng.exe, versão 3.0.8107.0, módulo com falha
mpengine.dll, versão 1.1.10501.0, endereço com falha 0x003d684d.
Error - 6/5/2014 13:17:54 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Falha na recuperação de atualização automática do número de seqüência
de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
com erro: The server name or address could not be resolved
Error - 6/5/2014 13:17:54 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Falha na recuperação de atualização automática do número de seqüência
de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
com erro: Esta conexão de rede não existe.
Error - 6/5/2014 13:26:42 | Computer Name = HOME | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4
3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.
[ OSession Events ]
Error - 19/3/2012 18:04:41 | Computer Name = HOME | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2631
seconds with 120 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 7/3/2014 15:30:13 | Computer Name = HOME | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.
Error - 7/3/2014 18:17:26 | Computer Name = HOME | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.
Error - 8/3/2014 10:55:18 | Computer Name = HOME | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.
Error - 8/3/2014 12:55:43 | Computer Name = HOME | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.
Error - 8/3/2014 16:59:29 | Computer Name = HOME | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.
Error - 9/3/2014 09:39:40 | Computer Name = HOME | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.
Error - 9/3/2014 14:42:26 | Computer Name = HOME | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.
Error - 9/3/2014 15:10:35 | Computer Name = HOME | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.
Error - 9/3/2014 16:21:34 | Computer Name = HOME | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.
Error - 9/3/2014 19:12:48 | Computer Name = HOME | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.
< End of report >
Next.
OTL logfile created on: 6/5/2014 14:22:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrador\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy
1015,48 Mb Total Physical Memory | 794,62 Mb Available Physical Memory | 78,25% Memory free
2,39 Gb Paging File | 2,27 Gb Available in Paging File | 95,13% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 149,04 Gb Total Space | 126,07 Gb Free Space | 84,58% Space Free | Partition Type: NTFS
Drive E: | 3,65 Gb Total Space | 3,46 Gb Free Space | 94,94% Space Free | Partition Type: FAT32
Computer Name: HOME | User Name: Administrador | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Administrador\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Arquivos de programas\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Arquivos de programas\WinRAR\RarExt.dll ()
MOD - C:\Arquivos de programas\7-Zip\7-zip.dll ()
========== Services (SafeList) ==========
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (GbpSv) -- C:\Arquivos de programas\GbPlugin\GbpSv.exe ( )
SRV - (MsMpSvc) -- c:\Arquivos de programas\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (NMIndexingService) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (odserv) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\JOELMA\CONFIG~1\Temp\catchme.sys File not found
DRV - (NdisrdMP) -- C:\WINDOWS\system32\drivers\GbpNdisrd.sys (GbPlugin NDIS Device Driver)
DRV - (Ndisrd) -- C:\WINDOWS\system32\drivers\GbpNdisrd.sys (GbPlugin NDIS Device Driver)
DRV - (GbpKm) -- C:\WINDOWS\system32\drivers\gbpkm.sys (GAS Tecnologia)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (alcan5ln) -- C:\WINDOWS\system32\drivers\alcan5ln.sys (THOMSON multimedia)
DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON multimedia)
DRV - (RMSPPPOE) -- C:\WINDOWS\system32\drivers\RMSPPPOE.SYS (Robert Schlabbach)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-329068152-1801674531-725345543-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-329068152-1801674531-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Arquivos de programas\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Arquivos de programas\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Arquivos de programas\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Arquivos de programas\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2012/10/18 17:05:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins
[2012/10/18 17:05:49 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de programas\Mozilla Firefox\extensions
[2011/12/21 05:04:21 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\browsercomps.dll
[2011/12/21 02:07:30 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\buscape.xml
[2011/12/21 02:07:30 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\mercadolivre.xml
[2011/12/21 01:46:39 | 000,002,040 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\twitter.xml
[2011/12/21 02:07:30 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\wikipedia-br.xml
[2011/12/21 02:07:30 | 000,000,952 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\yahoo-br.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Error reading preferences file
O1 HOSTS File: ([2013/05/08 09:24:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)
O4 - HKLM..\Run: [MSC] c:\Arquivos de programas\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Arquivos de programas\Alcatel\SpeedTouch USB\Dragdiag.exe (THOMSON multimedia)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] c:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-329068152-1801674531-725345543-500..\RunOnce: [NeroHomeFirstStart] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMFirstStart.exe (Nero AG)
O4 - HKU\S-1-5-21-329068152-1801674531-725345543-500..\RunOnce: [Report] C:\AdwCleaner\AdwCleaner[S0].txt ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-1801674531-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Arquivos de programas\GbPlugin\gbieh.dll) - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/09 22:06:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/05/06 14:18:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe
[2014/05/04 11:27:27 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\48230029.sys
[2014/05/01 12:14:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrador\PrivacIE
[2014/05/01 11:41:32 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/05/01 11:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes Anti-Malware
[2014/05/01 11:40:45 | 000,050,648 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/05/01 11:40:45 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/05/01 11:40:45 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes Anti-Malware
[2014/05/01 11:40:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes
[2014/05/01 11:30:47 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/01 11:30:13 | 017,305,616 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrador\Desktop\mbam-setup-2.0.1.1004.exe
[2014/04/30 16:55:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrador\Meus documentos\Minhas músicas
[2014/04/30 16:55:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrador\Meus documentos\Minhas imagens
[2014/04/30 16:55:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrador\Meus documentos\Meus vídeos
[2014/04/30 16:55:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Ferramentas administrativas
[2014/04/30 16:39:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\ERUNT
[2014/04/30 16:39:58 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\ERUNT
[2014/04/30 16:36:38 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrador\Desktop\aswMBR.exe
[2014/04/30 16:36:38 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Administrador\Desktop\erunt-setup.exe
[2014/04/30 16:36:38 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrador\Desktop\dds.scr
[2014/04/29 15:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Adobe
[2014/04/29 15:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Adobe
[2014/04/18 10:27:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google
[2013/01/20 19:39:28 | 017,464,864 | ---- | C] (pdfforge GbR) -- C:\Arquivos de programas\PDFCreator-1_6_2_setup.exe
[2012/12/02 18:04:23 | 013,326,040 | ---- | C] (Mediafour Corporation, info@mediafour.com) -- C:\Arquivos de programas\MacDrive Standard 9.0.4.21 (en) Setup.exe
[2011/06/26 19:02:27 | 001,029,000 | ---- | C] (Skype Technologies S.A.) -- C:\Arquivos de programas\SkypeSetup.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/05/06 14:21:27 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2014/05/06 14:17:44 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) -- C:\WINDOWS\System32\drivers\GbpNdisrd.sys
[2014/05/06 14:15:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/05/06 14:12:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe
[2014/05/06 14:07:14 | 000,001,068 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/05 18:08:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/05/05 17:52:37 | 000,001,072 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/05 15:57:52 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2014/05/05 15:41:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/05/04 11:27:27 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/05/04 11:27:27 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\48230029.sys
[2014/05/01 11:41:02 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/01 11:14:52 | 017,305,616 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrador\Desktop\mbam-setup-2.0.1.1004.exe
[2014/05/01 11:10:06 | 001,310,621 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\AdwCleaner.exe
[2014/04/30 17:00:11 | 000,000,105 | ---- | M] () -- C:\Documents and Settings\Administrador\default.pls
[2014/04/30 16:59:13 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\MBR.dat
[2014/04/30 16:39:58 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\ERUNT.lnk
[2014/04/30 16:32:26 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrador\Desktop\aswMBR.exe
[2014/04/30 16:12:02 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrador\Desktop\dds.scr
[2014/04/30 16:10:26 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Administrador\Desktop\erunt-setup.exe
[2014/04/11 15:00:01 | 000,001,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/05/01 11:41:02 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/01 11:30:13 | 001,310,621 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\AdwCleaner.exe
[2014/04/30 16:59:13 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\MBR.dat
[2014/04/30 16:39:58 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\ERUNT.lnk
[2013/05/08 08:56:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/05/08 08:56:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/05/08 08:56:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/05/08 08:56:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/05/08 08:56:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/08/22 15:42:49 | 000,005,607 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2011/10/23 19:44:27 | 001,094,656 | ---- | C] () -- C:\Arquivos de programas\paint.exe
[2011/06/29 19:59:05 | 000,000,105 | ---- | C] () -- C:\Documents and Settings\Administrador\default.pls
========== ZeroAccess Check ==========
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/16 13:07:52 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:53:26 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:20:42 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2011/02/10 06:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software
[2013/02/13 19:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\gas
[2013/01/04 15:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin
[2011/12/08 18:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Zylom
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 208 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst
@Alternate Data Stream - 12 bytes -> C:\WINDOWS\System32\drivers:IncompleteBoot.cnt
< End of report >
Tecolote
2014-05-10, 02:37
Posting log. Didn't tried the internet, but Combofix didn't too and ran offline. No Recovery Console installed.
ComboFix 14-05-07.03 - Administrador 09/05/2014 21:15:01.2.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.781 [GMT -3:00]
Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
ADS - drivers: deleted 220 bytes in 2 streams.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2014-04-10 to 2014-05-10 ))))))))))))))))))))))))))))
.
.
2014-05-04 14:27 . 2014-05-04 14:27 107736 ----a-w- c:\windows\system32\drivers\48230029.sys
2014-05-01 15:14 . 2014-05-01 15:14 -------- d-sh--w- c:\documents and settings\Administrador\PrivacIE
2014-05-01 14:41 . 2014-05-04 14:27 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-01 14:40 . 2014-05-01 14:40 -------- d-----w- c:\arquivos de programas\Malwarebytes Anti-Malware
2014-05-01 14:40 . 2014-05-01 14:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2014-05-01 14:40 . 2014-04-03 12:51 50648 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-01 14:40 . 2014-04-03 12:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-01 14:30 . 2014-05-01 14:32 -------- d-----w- C:\AdwCleaner
2014-04-30 19:39 . 2014-04-30 19:40 -------- d-----w- c:\arquivos de programas\ERUNT
2014-04-29 18:07 . 2014-04-29 18:07 -------- d-----w- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Adobe
2014-04-18 13:27 . 2014-04-18 13:27 -------- d-----w- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google
2014-04-15 22:49 . 2014-04-01 02:32 8049928 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{B7F4CA06-3ACA-4B78-9755-227F0BAD7424}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-10 00:08 . 2013-08-22 16:21 31088 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys
2014-03-17 18:18 . 2012-10-18 20:08 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-17 18:18 . 2012-10-18 20:08 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-17 18:18 . 2014-03-17 18:18 5777288 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2014-03-07 04:35 . 2013-10-09 13:16 7969936 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-20 22:46 . 2013-01-20 22:39 17464864 ----a-w- c:\arquivos de programas\PDFCreator-1_6_2_setup.exe
2012-12-02 21:14 . 2012-12-02 21:04 13326040 ----a-w- c:\arquivos de programas\MacDrive Standard 9.0.4.21 (en) Setup.exe
2011-10-23 22:48 . 2011-10-23 22:44 1094656 ----a-w- c:\arquivos de programas\paint.exe
2011-06-26 22:02 . 2011-06-26 22:02 1029000 ----a-w- c:\arquivos de programas\SkypeSetup.exe
2011-12-21 08:04 . 2012-10-18 20:05 121816 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="c:\arquivos de programas\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-11-12 860672]
"MSC"="c:\arquivos de programas\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\
Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2012-11-22 18:05 1585768 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^JOELMA^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]
path=c:\documents and settings\JOELMA\Menu Iniciar\Programas\Inicializar\Recorte de tela e Iniciador do OneNote 2007.lnk
backup=c:\windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-01 12:21 153136 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 22:20 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 02:47 31016 ----a-w- c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-28 07:00 166424 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-28 07:00 141848 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 17:57 153136 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-28 07:00 137752 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-11-02 11:36 19580520 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [4/1/2013 15:57 46440]
S2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [4/1/2013 15:57 280168]
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [22/8/2012 15:42 36048]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/2/2011 08:45 1691480]
S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [22/8/2013 13:21 31088]
S3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [22/8/2013 13:21 31088]
S3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [10/6/2002 00:09 31232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-11 17:55 1077576 ----a-w- c:\arquivos de programas\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2014-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-18 18:18]
.
2014-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-02-10 09:36]
.
2014-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-02-10 09:36]
.
2014-05-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\arquivos de programas\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 15:26]
.
.
------- Scan Suplementar -------
.
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-09 21:21
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-329068152-1801674531-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,0d,7f,52,0b,fc,18,42,8b,eb,d0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,0d,7f,52,0b,fc,18,42,8b,eb,d0,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(232)
c:\arquivos de programas\GbPlugin\gbieh.dll
.
- - - - - - - > 'explorer.exe'(1864)
c:\windows\system32\WININET.dll
c:\arquivos de programas\GbPlugin\gbieh.dll
.
Tempo para conclusão: 2014-05-09 21:23:19
ComboFix-quarantined-files.txt 2014-05-10 00:23
ComboFix2.txt 2013-05-08 12:26
.
Pré-execução: 9 pasta(s) 135.420.063.744 bytes disponíveis
Pós execução: 11 pasta(s) 135.415.095.296 bytes disponíveis
.
- - End Of File - - 66DA97922CF7A121650B27768918C343
239FC8B1C26D5286165A956F5A98D8D7