Desktop freezes.

[Tecolote]

Hi,
Ihave one desktop here who freezes after Windows xp inicialization. Can you help me?
I'm posting from another pc, since the other can't access the internet. I'm copying the logs to a pen drive and posting here. I had to run the infected pc in safe mode in order to run DDS, etc.
One more thing: in addition to creating th log file, aswMBR created a .dat file named MBR. Is that normal?
Thanks in advance.

DDS (Ver_2012-11-20.01) - NTFS_x86 MINIMAL
Internet Explorer: 8.0.6001.18702
Run by Administrador at 16:55:53 on 2014-04-30
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.760 [GMT -3:00]
.
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Arquivos de programas\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll
BHO: Auxiliar de Conexão do Windows Live: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - c:\arquivos de programas\gbplugin\gbieh.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [NeroHomeFirstStart] c:\arquivos de programas\arquivos comuns\ahead\lib\NMFirstStart.exe
mRun: [SpeedTouch USB Diagnostics] "c:\arquivos de programas\alcatel\speedtouch usb\Dragdiag.exe" /icon
mRun: [MSC] "c:\arquivos de programas\microsoft security client\msseces.exe" -hide -runkey
mRun: [UserFaultCheck] c:\windows\system32\dumprep 0 -u
dRun: [DWQueuedReporting] "c:\arquiv~1\arquiv~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\admini~1\menuin~1\progra~1\inicia~1\recort~1.lnk - c:\arquivos de programas\microsoft office\office12\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\arquivos de programas\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\arquivos de programas\microsoft office\office12\GrooveSystemServices.dll
Notify: GbPluginBb - c:\arquivos de programas\gbplugin\gbieh.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - c:\arquivos de programas\gbplugin\gbieh.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\arquivos de programas\google\chrome\application\34.0.1847.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2013-1-4 46440]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
S2 GbpSv;Gbp Service;c:\arquiv~1\gbplugin\GbpSv.exe [2013-1-4 280168]
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [2012-8-22 36048]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-2-10 1691480]
S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [2013-8-22 31088]
S3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [2013-8-22 31088]
S3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [2002-6-10 31232]
.
=============== Created Last 30 ================
.
2014-04-29 18:07:11 -------- d-----w- c:\documents and settings\administrador\configurações locais\dados de aplicativos\Adobe
2014-04-18 13:27:14 -------- d-----w- c:\documents and settings\administrador\configurações locais\dados de aplicativos\Google
2014-04-15 22:49:55 8049928 ----a-w- c:\documents and settings\all users\dados de aplicativos\microsoft\microsoft antimalware\definition updates\{b7f4ca06-3aca-4b78-9755-227f0bad7424}\mpengine.dll
.
==================== Find3M ====================
.
2014-04-30 19:35:57 31088 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys
2014-03-17 18:18:28 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-17 18:18:28 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-17 18:18:21 5777288 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-01-20 22:46:10 17464864 ----a-w- c:\arquivos de programas\PDFCreator-1_6_2_setup.exe
2012-12-02 21:14:24 13326040 ----a-w- c:\arquivos de programas\MacDrive Standard 9.0.4.21 (en) Setup.exe
2011-10-23 22:48:03 1094656 ----a-w- c:\arquivos de programas\paint.exe
2011-06-26 22:02:27 1029000 ----a-w- c:\arquivos de programas\SkypeSetup.exe
.
============= FINISH: 16:56:25,85 ===============


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-04-30 16:57:37
-----------------------------
16:57:37.250 OS Version: Windows 5.1.2600 Service Pack 3
16:57:37.250 Number of processors: 1 586 0xF0D
16:57:37.250 ComputerName: HOME UserName:
16:57:39.406 Initialize success
16:57:58.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:57:58.703 Disk 0 Vendor: Hitachi_HDS721616PLA380 P22OABEA Size: 152626MB BusType: 3
16:57:58.859 Disk 0 MBR read successfully
16:57:58.875 Disk 0 MBR scan
16:57:58.890 Disk 0 Windows XP default MBR code
16:57:58.890 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
16:57:58.921 Disk 0 scanning sectors +312560640
16:57:59.046 Disk 0 scanning C:\WINDOWS\system32\drivers
16:58:15.640 Service scanning
16:58:41.328 Modules scanning
16:58:48.562 Disk 0 trace - called modules:
16:58:48.593 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
16:58:48.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f22ab8]
16:58:48.625 3 CLASSPNP.SYS[f77d6fd7] -> nt!IofCallDriver -> \Device\0000005f[0x86f253b8]
16:58:48.640 5 ACPI.sys[f774d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f6c940]
16:58:48.671 Scan finished successfully
16:59:13.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrador\Desktop\MBR.dat"
16:59:13.031 The log file has been saved successfully to "C:\Documents and Settings\Administrador\Desktop\aswMBR.txt"

[ken545]

Its normal for the mbr dat file to be on your system after running the scan, just leave it be for the time being

FYI
http://techpageone.dell.com/technolo...0#.U2JDt_ldU2l
Without Windows Updates to help keep your system secure, I would not do any online banking or purchases using a credit card

Not really looking at anything bad, lets do this

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Malwarebytes Anti-Malware to your desktop.

• Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
• Once installed, Malwarebytes will ask if you want to Launch Now. Please select to do so and then Malwarebytes will open and update on its own. Please allow this to complete.
• If an update is found, it will download and install the latest version.
• Let's be sure to run a Hyper Scan. Press the Scan tab and then select Hyper Scan.
• Press Scan Now then Skip Update (since we just updated it).
• When the scan is complete, click View Detailed Log, then Export to save the log to your Desktop (name the log MBAM Scan).
• Copy and Paste all of the information in that file to your next reply.

[Tecolote]

Hi,
ADW saved 2 log files. I'm posting both.
I couldn't update Mbam since the desktop is without internet connection. It allowed me to perform only the complete scan ("Threat Scan"), i couldn't do only the requested hyperscan, it was disabled. And more, it detected some 3 or 4 threats and asked me what i do with them. I did nothing. Also, I didn't know if the history .xml log is equal to the exported .txt, so i'm posting both too.
Thank you for the assistance.

# AdwCleaner v3.205 - Relatório criado 01/05/2014 às 11:31:02
# Atualizado 28/04/2014 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : Administrador - HOME
# Executando de : C:\Documents and Settings\Administrador\Desktop\AdwCleaner.exe
# Opção : Examinar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Arquivo Encontrado : C:\Documents and Settings\JOELMA\Dados de aplicativos\Mozilla\Firefox\Profiles\iodhr47x.default\.autoreg
Pasta Encontrado : C:\Documents and Settings\All Users\Dados de aplicativos\Trymedia

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Encontrada : HKLM\Software\Trymedia Systems

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Google Chrome v34.0.1847.116

[ Arquivo : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]


[ Arquivo : C:\Documents and Settings\JOELMA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1122 octets] - [01/05/2014 11:31:02]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1182 octets] ##########


# AdwCleaner v3.205 - Relatório criado 01/05/2014 às 11:31:51
# Atualizado 28/04/2014 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : Administrador - HOME
# Executando de : C:\Documents and Settings\Administrador\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\Trymedia
Arquivo Deletada : C:\Documents and Settings\JOELMA\Dados de aplicativos\Mozilla\Firefox\Profiles\iodhr47x.default\.autoreg

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\Software\Trymedia Systems

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Google Chrome v34.0.1847.116

[ Arquivo : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]


[ Arquivo : C:\Documents and Settings\JOELMA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1262 octets] - [01/05/2014 11:31:02]
AdwCleaner[S0].txt - [1174 octets] - [01/05/2014 11:31:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1234 octets] ##########

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/5/2014
Scan Time: 11:59:12
Logfile: Mbam scan1.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.03.04.09
Rootkit Database: v2014.02.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Administrador

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 231996
Time Elapsed: 15 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 3
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY, 1, Good: (0), Bad: (1),,[e168af50007ad165847d1d0d04009967]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FIREWALLDISABLENOTIFY, 1, Good: (0), Bad: (1),,[1039bd420575f64004fee149a55f25db]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UPDATESDISABLENOTIFY, 1, Good: (0), Bad: (1),,[3415c03f0773d75f83806fbbcf35cd33]

Folders: 0
(No malicious items detected)

Files: 1
Trojan.Banker.ZB, C:\Documents and Settings\JOELMA\Meus documentos\Downloads\cobranca2avia.zip, , [5beed22d99e13afca45a5d7c10f0659b],

Physical Sectors: 0
(No malicious items detected)


(end)

[ken545]

This is what your up against, your computer is considered Compromised, what that means is that its not to be trusted to do any online banking or shopping with a credit card, if you have done online banking you need to use a known clean computer and log into your bank and shopping sites you use and change all your passwords, I would also keep and eye on your credit card bills and banking statements for any unauthorized entries

http://www.microsoft.com/security/po...32%2FBanker.ZB


Run Malwarebytes again and this time have it remove anything it finds and post the log please

[Tecolote]

I've chosen "quarantine all" dealing with the threats found. Posting the log.


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/5/2014
Scan Time: 11:46:02
Logfile: mbam scan2.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.03.04.09
Rootkit Database: v2014.02.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Administrador

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 232048
Time Elapsed: 17 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 3
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY, 1, Good: (0), Bad: (1),Replaced,[48019d62304a69cd11f0280249bbdb25]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FIREWALLDISABLENOTIFY, 1, Good: (0), Bad: (1),Replaced,[c584d926027866d0ef130525b94b748c]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UPDATESDISABLENOTIFY, 1, Good: (0), Bad: (1),Replaced,[58f133ccf08aa0969a699595b450d828]

Folders: 0
(No malicious items detected)

Files: 1
Trojan.Banker.ZB, C:\Documents and Settings\JOELMA\Meus documentos\Downloads\cobranca2avia.zip, Quarantined, [4dfcc83796e40a2cce30f6e3eb1554ac],

Physical Sectors: 0
(No malicious items detected)


(end)

[ken545]

Can you now access the internet ?

OTL by OldTimer

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Click the "Scan All Users" checkbox.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

[Tecolote]

Is there any way to access the internet in safe mode? Because my pc still show a black screen with only the mouse pointer in it after the "welcome" windows xp screen.
Remember that the e:\ drive, if it appears, is the pen drive i'm using to exchange the files between computers.
Posting logs.

OTL Extras logfile created on: 6/5/2014 14:22:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrador\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

1015,48 Mb Total Physical Memory | 794,62 Mb Available Physical Memory | 78,25% Memory free
2,39 Gb Paging File | 2,27 Gb Available in Paging File | 95,13% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 149,04 Gb Total Space | 126,07 Gb Free Space | 84,58% Space Free | Partition Type: NTFS
Drive E: | 3,65 Gb Total Space | 3,46 Gb Free Space | 94,94% Space Free | Partition Type: FAT32

Computer Name: HOME | User Name: Administrador | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" = C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" = C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Arquivos de programas\Skype\Phone\Skype.exe" = C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66EBD70F-A42C-475F-AEDF-277378151046}" = Nero 7 Essentials
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client PT-BR Language Pack
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0416-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12
"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007
"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1046-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Português
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{D40C0608-033D-43A7-B4D7-B0EE493F938C}" = Microsoft Antimalware Service PT-BR Language Pack
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = Alcatel SpeedTouch USB Software
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"7-Zip" = 7-Zip 4.42
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 9.0.1 (x86 pt-BR)" = Mozilla Firefox 9.0.1 (x86 pt-BR)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Programador de Modem_is1" = SModem 1.0
"Receitanet Java 2010.02d" = Receitanet Java 2010.02d
"TurboADSL_is1" = TurboADSL 0.98
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = Arquivo do WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/5/2014 10:37:17 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Falha na recuperação de atualização automática do número de seqüência
de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
com erro: The server name or address could not be resolved

Error - 1/5/2014 10:37:17 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Falha na recuperação de atualização automática do número de seqüência
de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
com erro: Esta conexão de rede não existe.

Error - 4/5/2014 10:27:07 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Falha na recuperação de atualização automática do número de seqüência
de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
com erro: The server name or address could not be resolved

Error - 4/5/2014 10:27:08 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Falha na recuperação de atualização automática do número de seqüência
de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
com erro: Esta conexão de rede não existe.

Error - 4/5/2014 10:37:14 | Computer Name = HOME | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4
3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 5/5/2014 14:45:36 | Computer Name = HOME | Source = Application Error | ID = 1004
Description = Aplicativo com falha MsMpEng.exe, versão 3.0.8107.0, módulo com falha
mpengine.dll, versão 1.1.10501.0, endereço com falha 0x003d684d.

Error - 5/5/2014 14:45:52 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Aplicativo com falha MsMpEng.exe, versão 3.0.8107.0, módulo com falha
mpengine.dll, versão 1.1.10501.0, endereço com falha 0x003d684d.

Error - 6/5/2014 13:17:54 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Falha na recuperação de atualização automática do número de seqüência
de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
com erro: The server name or address could not be resolved

Error - 6/5/2014 13:17:54 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Falha na recuperação de atualização automática do número de seqüência
de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
com erro: Esta conexão de rede não existe.

Error - 6/5/2014 13:26:42 | Computer Name = HOME | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4
3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

[ Application Events ]
Error - 1/5/2014 10:37:17 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Falha na recuperação de atualização automática do número de seqüência
de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
com erro: The server name or address could not be resolved

Error - 1/5/2014 10:37:17 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Falha na recuperação de atualização automática do número de seqüência
de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
com erro: Esta conexão de rede não existe.

Error - 4/5/2014 10:27:07 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Falha na recuperação de atualização automática do número de seqüência
de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
com erro: The server name or address could not be resolved

Error - 4/5/2014 10:27:08 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Falha na recuperação de atualização automática do número de seqüência
de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
com erro: Esta conexão de rede não existe.

Error - 4/5/2014 10:37:14 | Computer Name = HOME | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4
3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 5/5/2014 14:45:36 | Computer Name = HOME | Source = Application Error | ID = 1004
Description = Aplicativo com falha MsMpEng.exe, versão 3.0.8107.0, módulo com falha
mpengine.dll, versão 1.1.10501.0, endereço com falha 0x003d684d.

Error - 5/5/2014 14:45:52 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Aplicativo com falha MsMpEng.exe, versão 3.0.8107.0, módulo com falha
mpengine.dll, versão 1.1.10501.0, endereço com falha 0x003d684d.

Error - 6/5/2014 13:17:54 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Falha na recuperação de atualização automática do número de seqüência
de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
com erro: The server name or address could not be resolved

Error - 6/5/2014 13:17:54 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Falha na recuperação de atualização automática do número de seqüência
de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
com erro: Esta conexão de rede não existe.

Error - 6/5/2014 13:26:42 | Computer Name = HOME | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4
3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

[ OSession Events ]
Error - 19/3/2012 18:04:41 | Computer Name = HOME | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2631
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/3/2014 15:30:13 | Computer Name = HOME | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.

Error - 7/3/2014 18:17:26 | Computer Name = HOME | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.

Error - 8/3/2014 10:55:18 | Computer Name = HOME | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.

Error - 8/3/2014 12:55:43 | Computer Name = HOME | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.

Error - 8/3/2014 16:59:29 | Computer Name = HOME | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.

Error - 9/3/2014 09:39:40 | Computer Name = HOME | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.

Error - 9/3/2014 14:42:26 | Computer Name = HOME | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.

Error - 9/3/2014 15:10:35 | Computer Name = HOME | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.

Error - 9/3/2014 16:21:34 | Computer Name = HOME | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.

Error - 9/3/2014 19:12:48 | Computer Name = HOME | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.


< End of report >


Next.

OTL logfile created on: 6/5/2014 14:22:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrador\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

1015,48 Mb Total Physical Memory | 794,62 Mb Available Physical Memory | 78,25% Memory free
2,39 Gb Paging File | 2,27 Gb Available in Paging File | 95,13% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 149,04 Gb Total Space | 126,07 Gb Free Space | 84,58% Space Free | Partition Type: NTFS
Drive E: | 3,65 Gb Total Space | 3,46 Gb Free Space | 94,94% Space Free | Partition Type: FAT32

Computer Name: HOME | User Name: Administrador | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrador\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Arquivos de programas\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Arquivos de programas\WinRAR\RarExt.dll ()
MOD - C:\Arquivos de programas\7-Zip\7-zip.dll ()


========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (GbpSv) -- C:\Arquivos de programas\GbPlugin\GbpSv.exe ( )
SRV - (MsMpSvc) -- c:\Arquivos de programas\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (NMIndexingService) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (odserv) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\JOELMA\CONFIG~1\Temp\catchme.sys File not found
DRV - (NdisrdMP) -- C:\WINDOWS\system32\drivers\GbpNdisrd.sys (GbPlugin NDIS Device Driver)
DRV - (Ndisrd) -- C:\WINDOWS\system32\drivers\GbpNdisrd.sys (GbPlugin NDIS Device Driver)
DRV - (GbpKm) -- C:\WINDOWS\system32\drivers\gbpkm.sys (GAS Tecnologia)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (alcan5ln) -- C:\WINDOWS\system32\drivers\alcan5ln.sys (THOMSON multimedia)
DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON multimedia)
DRV - (RMSPPPOE) -- C:\WINDOWS\system32\drivers\RMSPPPOE.SYS (Robert Schlabbach)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-329068152-1801674531-725345543-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-329068152-1801674531-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Arquivos de programas\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Arquivos de programas\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Arquivos de programas\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Arquivos de programas\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2012/10/18 17:05:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins

[2012/10/18 17:05:49 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de programas\Mozilla Firefox\extensions
[2011/12/21 05:04:21 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\browsercomps.dll
[2011/12/21 02:07:30 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\buscape.xml
[2011/12/21 02:07:30 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\mercadolivre.xml
[2011/12/21 01:46:39 | 000,002,040 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\twitter.xml
[2011/12/21 02:07:30 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\wikipedia-br.xml
[2011/12/21 02:07:30 | 000,000,952 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\yahoo-br.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Error reading preferences file

O1 HOSTS File: ([2013/05/08 09:24:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)
O4 - HKLM..\Run: [MSC] c:\Arquivos de programas\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Arquivos de programas\Alcatel\SpeedTouch USB\Dragdiag.exe (THOMSON multimedia)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] c:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-329068152-1801674531-725345543-500..\RunOnce: [NeroHomeFirstStart] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMFirstStart.exe (Nero AG)
O4 - HKU\S-1-5-21-329068152-1801674531-725345543-500..\RunOnce: [Report] C:\AdwCleaner\AdwCleaner[S0].txt ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-1801674531-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Arquivos de programas\GbPlugin\gbieh.dll) - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/09 22:06:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/06 14:18:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe
[2014/05/04 11:27:27 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\48230029.sys
[2014/05/01 12:14:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrador\PrivacIE
[2014/05/01 11:41:32 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/05/01 11:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes Anti-Malware
[2014/05/01 11:40:45 | 000,050,648 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/05/01 11:40:45 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/05/01 11:40:45 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes Anti-Malware
[2014/05/01 11:40:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes
[2014/05/01 11:30:47 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/01 11:30:13 | 017,305,616 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrador\Desktop\mbam-setup-2.0.1.1004.exe
[2014/04/30 16:55:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrador\Meus documentos\Minhas músicas
[2014/04/30 16:55:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrador\Meus documentos\Minhas imagens
[2014/04/30 16:55:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrador\Meus documentos\Meus vídeos
[2014/04/30 16:55:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Ferramentas administrativas
[2014/04/30 16:39:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\ERUNT
[2014/04/30 16:39:58 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\ERUNT
[2014/04/30 16:36:38 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrador\Desktop\aswMBR.exe
[2014/04/30 16:36:38 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Administrador\Desktop\erunt-setup.exe
[2014/04/30 16:36:38 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrador\Desktop\dds.scr
[2014/04/29 15:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Adobe
[2014/04/29 15:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Adobe
[2014/04/18 10:27:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google
[2013/01/20 19:39:28 | 017,464,864 | ---- | C] (pdfforge GbR) -- C:\Arquivos de programas\PDFCreator-1_6_2_setup.exe
[2012/12/02 18:04:23 | 013,326,040 | ---- | C] (Mediafour Corporation, info@mediafour.com) -- C:\Arquivos de programas\MacDrive Standard 9.0.4.21 (en) Setup.exe
[2011/06/26 19:02:27 | 001,029,000 | ---- | C] (Skype Technologies S.A.) -- C:\Arquivos de programas\SkypeSetup.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/05/06 14:21:27 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2014/05/06 14:17:44 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) -- C:\WINDOWS\System32\drivers\GbpNdisrd.sys
[2014/05/06 14:15:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/05/06 14:12:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe
[2014/05/06 14:07:14 | 000,001,068 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/05 18:08:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/05/05 17:52:37 | 000,001,072 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/05 15:57:52 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2014/05/05 15:41:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/05/04 11:27:27 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/05/04 11:27:27 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\48230029.sys
[2014/05/01 11:41:02 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/01 11:14:52 | 017,305,616 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrador\Desktop\mbam-setup-2.0.1.1004.exe
[2014/05/01 11:10:06 | 001,310,621 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\AdwCleaner.exe
[2014/04/30 17:00:11 | 000,000,105 | ---- | M] () -- C:\Documents and Settings\Administrador\default.pls
[2014/04/30 16:59:13 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\MBR.dat
[2014/04/30 16:39:58 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\ERUNT.lnk
[2014/04/30 16:32:26 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrador\Desktop\aswMBR.exe
[2014/04/30 16:12:02 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrador\Desktop\dds.scr
[2014/04/30 16:10:26 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Administrador\Desktop\erunt-setup.exe
[2014/04/11 15:00:01 | 000,001,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/05/01 11:41:02 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/01 11:30:13 | 001,310,621 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\AdwCleaner.exe
[2014/04/30 16:59:13 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\MBR.dat
[2014/04/30 16:39:58 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\ERUNT.lnk
[2013/05/08 08:56:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/05/08 08:56:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/05/08 08:56:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/05/08 08:56:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/05/08 08:56:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/08/22 15:42:49 | 000,005,607 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2011/10/23 19:44:27 | 001,094,656 | ---- | C] () -- C:\Arquivos de programas\paint.exe
[2011/06/29 19:59:05 | 000,000,105 | ---- | C] () -- C:\Documents and Settings\Administrador\default.pls

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/16 13:07:52 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:53:26 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:20:42 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/02/10 06:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software
[2013/02/13 19:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\gas
[2013/01/04 15:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin
[2011/12/08 18:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Zylom

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 208 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst
@Alternate Data Stream - 12 bytes -> C:\WINDOWS\System32\drivers:IncompleteBoot.cnt

< End of report >

[ken545]

I am seeing a lot bad on your OTL log, the reason for no internet is that your heavily infected . Lets see what Combofix removes and it it helps your connection



Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• See this Link for programs that need to be disabled and instruction on how to disable them.
• Remember to re-enable them when we're done.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

[Tecolote]

Posting log. Didn't tried the internet, but Combofix didn't too and ran offline. No Recovery Console installed.


ComboFix 14-05-07.03 - Administrador 09/05/2014 21:15:01.2.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.781 [GMT -3:00]
Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
ADS - drivers: deleted 220 bytes in 2 streams.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2014-04-10 to 2014-05-10 ))))))))))))))))))))))))))))
.
.
2014-05-04 14:27 . 2014-05-04 14:27 107736 ----a-w- c:\windows\system32\drivers\48230029.sys
2014-05-01 15:14 . 2014-05-01 15:14 -------- d-sh--w- c:\documents and settings\Administrador\PrivacIE
2014-05-01 14:41 . 2014-05-04 14:27 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-01 14:40 . 2014-05-01 14:40 -------- d-----w- c:\arquivos de programas\Malwarebytes Anti-Malware
2014-05-01 14:40 . 2014-05-01 14:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2014-05-01 14:40 . 2014-04-03 12:51 50648 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-01 14:40 . 2014-04-03 12:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-01 14:30 . 2014-05-01 14:32 -------- d-----w- C:\AdwCleaner
2014-04-30 19:39 . 2014-04-30 19:40 -------- d-----w- c:\arquivos de programas\ERUNT
2014-04-29 18:07 . 2014-04-29 18:07 -------- d-----w- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Adobe
2014-04-18 13:27 . 2014-04-18 13:27 -------- d-----w- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google
2014-04-15 22:49 . 2014-04-01 02:32 8049928 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{B7F4CA06-3ACA-4B78-9755-227F0BAD7424}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-10 00:08 . 2013-08-22 16:21 31088 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys
2014-03-17 18:18 . 2012-10-18 20:08 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-17 18:18 . 2012-10-18 20:08 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-17 18:18 . 2014-03-17 18:18 5777288 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2014-03-07 04:35 . 2013-10-09 13:16 7969936 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-20 22:46 . 2013-01-20 22:39 17464864 ----a-w- c:\arquivos de programas\PDFCreator-1_6_2_setup.exe
2012-12-02 21:14 . 2012-12-02 21:04 13326040 ----a-w- c:\arquivos de programas\MacDrive Standard 9.0.4.21 (en) Setup.exe
2011-10-23 22:48 . 2011-10-23 22:44 1094656 ----a-w- c:\arquivos de programas\paint.exe
2011-06-26 22:02 . 2011-06-26 22:02 1029000 ----a-w- c:\arquivos de programas\SkypeSetup.exe
2011-12-21 08:04 . 2012-10-18 20:05 121816 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="c:\arquivos de programas\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-11-12 860672]
"MSC"="c:\arquivos de programas\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\
Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2012-11-22 18:05 1585768 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^JOELMA^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]
path=c:\documents and settings\JOELMA\Menu Iniciar\Programas\Inicializar\Recorte de tela e Iniciador do OneNote 2007.lnk
backup=c:\windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-01 12:21 153136 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 22:20 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 02:47 31016 ----a-w- c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-28 07:00 166424 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-28 07:00 141848 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 17:57 153136 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-28 07:00 137752 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-11-02 11:36 19580520 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [4/1/2013 15:57 46440]
S2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [4/1/2013 15:57 280168]
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [22/8/2012 15:42 36048]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/2/2011 08:45 1691480]
S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [22/8/2013 13:21 31088]
S3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [22/8/2013 13:21 31088]
S3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [10/6/2002 00:09 31232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-11 17:55 1077576 ----a-w- c:\arquivos de programas\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2014-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-18 18:18]
.
2014-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-02-10 09:36]
.
2014-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-02-10 09:36]
.
2014-05-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\arquivos de programas\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 15:26]
.
.
------- Scan Suplementar -------
.
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-09 21:21
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-329068152-1801674531-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,0d,7f,52,0b,fc,18,42,8b,eb,d0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,0d,7f,52,0b,fc,18,42,8b,eb,d0,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(232)
c:\arquivos de programas\GbPlugin\gbieh.dll
.
- - - - - - - > 'explorer.exe'(1864)
c:\windows\system32\WININET.dll
c:\arquivos de programas\GbPlugin\gbieh.dll
.
Tempo para conclusão: 2014-05-09 21:23:19
ComboFix-quarantined-files.txt 2014-05-10 00:23
ComboFix2.txt 2013-05-08 12:26
.
Pré-execução: 9 pasta(s) 135.420.063.744 bytes disponíveis
Pós execução: 11 pasta(s) 135.415.095.296 bytes disponíveis
.
- - End Of File - - 66DA97922CF7A121650B27768918C343
239FC8B1C26D5286165A956F5A98D8D7

[Tecolote]

Still freezing. What more can we do?