Ir para conteúdo

Foto

Acho que pode ser banker...


Este tópico foi arquivado. Isto significa que você não pode mais responder ao tópico.
19 respostas neste tópico

#1
edu0982

edu0982

    Novato

  • Novato
  • Pip
  • 13 posts
Bom dia pessoal. Estou com alguns comportamentos estranhos do computador em alguns sites, e um deles é o do Banco do Brasil. Tenho quase certeza que o malware é do tipo banker, mas aquela ferramenta que tem no site (que cria o diretório C:\Linha Defensiva não resolveu. Poderiam me ajudar?

Dados do sistema utilizado:
- Windows 7 Professional 64 bits (original) - totalmente atualizado pela Windows Update
(o Windows é utilizado pelo sistema BootCamp da Apple)
- Microsoft Security Essentials com proteção ativa
- Foram detectados e limpos há dois dias, pelo MSE, os seguintes itens: Trojan:Win32/Dynamer!dtc e VirTool:Win32/Obfuscator.LC

Utilizo, para o trabalho em órgão governamental, acesso VPN algumas vezes (mte.gov.br).

Segue abaixo o log do Hijack This:

Obrigado!
Eduardo


Logfile of HijackThis v1.99.1
Scan saved at 11:30:15, on 09/12/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Running processes:
C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\monitor.exe
C:\Users\Edu\Desktop\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.252.1.231:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 88.80.13.240 www2.bancobrasil.com.br
O1 - Hosts: 88.80.13.241 aapj.bb.com.br
O1 - Hosts: 88.80.13.242 bankline.itau.com.br
O1 - Hosts: 186.202.166.75 www2.infoseg.gov.br
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [monitor] C:\Windows\system32\monitor.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\bonjour\mdnsnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: www.caixa.gov.br
O16 - DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} (SlimClient Class) - https://portal.vpn.m...LL/extender.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = mte.gov.br
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = mte.gov.br
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = mte.gov.br
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\Windows\system32\AppleOSSMgr.exe (file missing)
O23 - Service: Serviço de Tempo da Apple (AppleTimeSrv) - Unknown owner - C:\Windows\system32\AppleTimeSrv.exe (file missing)
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RPCNetSVC - Unknown owner - C:\Windows\system32\rpcnet.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

#2
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 23.339 posts
Tópico sob análise da Equipe de Moderação.

#3
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 23.339 posts
Olá, edu0982.

1)

Baixe o Malwarebytes' Anti-Malware (MBAM)
http://www.malwareby...am-download.php

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.
  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, com o programa aberto, marque Verificação Completa e clique no botão Verificar.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  • Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  • Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  • Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta, juntamente com um novo log do HijackThis.
NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Em caso de dúvidas, leia o tutorial do programa:
http://linhadefensiv...showtopic=75554

2)

Baixe o MbrScan.exe e salve no desktop.
http://eric71.geekst...ols/MbrScan.exe

Execute o arquivo MbrScan.exe.

Clique no botão Scan. Ao final do exame clique no botão Report. Abrirá um bloco de notas com o resultado do exame. É salvo no desktop com o nome de MbrScan.log.

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo MbrScan.exe, depois clique em Imagem Postada

Selecione, copie e cole o seu conteúdo na próxima resposta.

#4
edu0982

edu0982

    Novato

  • Novato
  • Pip
  • 13 posts
Agradeço pela atenção. Só uma observação: sabe me dizer por que é que em todas as páginas do Linha Defensiva meu IE 9 mostra o aviso "A execução de um complemento para este site falhou."?

Seguem abaixo os logs:

Malwarebytes:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Versão da Base de Dados: v2012.12.11.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Edu :: EDU-PC [administrador]
11/12/2012 17:14:13
mbam-log-2012-12-11 (17-14-13).txt
Tipo de Verificação: Verificação Completa (C:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 344672
Tempo decorrido: 1 hora(s), 1 minuto(s), 37 segundo(s)
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
Arquivos Detectados: 0
(Não foram detectados ítens maliciosos)
(fim)


MbrScan:

MBRScan v1.1.1
OS			 : Windows 7 Service Pack 1 (64 bit)
PROCESSOR	 : Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
BOOT		 : Normal Boot
DATE		 : 2012/12/11 (ISO 8601) at 18:34:09
________________________________________________________________________________
DISK		 : Device\Harddisk0\DR0 __ST9250315ASG (0006APM2)
BUS_TYPE	 : (0x03) P-ATA
USE_PIO	 : NO
MAX_TRANSFER : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________
Device\Harddisk0\DR0 232.9 Go [Fixed] ==> 7 MBR Code
MBR_MD5 : 785FC19E134FBA5CBF42C035DE0E1BEA
MBR_SHA1 : B973225427EA49EC77AB18231AB3F5C8542FD485
Device\Harddisk0\Partition1 200.0 Mo 0xEE EFI GPT[1]
Device\Harddisk0\Partition2 148.1 Go 0x07 NTFS / HPFS
Device\Harddisk0\Partition3 84.48 Go 0x07 NTFS / HPFS __ BOOTABLE __
________________________________________________________________________________
############################### Additional scan ################################
DRIVER : C:\Windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0x0300C000
SIZE : 292.0 Ko
DRIVER : C:\Windows\system32\kdcom.dll => Invisible on the disk
ADDRESS : 0x00B9E000
SIZE : 40.0 Ko
DRIVER : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk
ADDRESS : 0x00CFD000
SIZE : 316.0 Ko
DRIVER : C:\Windows\system32\CLFS.SYS => Invisible on the disk
ADDRESS : 0x00D60000
SIZE : 376.0 Ko
DRIVER : C:\Windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0x00C00000
SIZE : 768.0 Ko
DRIVER : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x00E5B000
SIZE : 776.0 Ko
DRIVER : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x00F1D000
SIZE : 64.0 Ko
DRIVER : C:\Windows\system32\drivers\ACPI.sys => Invisible on the disk
ADDRESS : 0x00F2D000
SIZE : 348.0 Ko
DRIVER : C:\Windows\system32\drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x00F84000
SIZE : 36.0 Ko
DRIVER : C:\Windows\system32\drivers\msisadrv.sys => Invisible on the disk
ADDRESS : 0x00F8D000
SIZE : 40.0 Ko
DRIVER : C:\Windows\system32\drivers\pci.sys => Invisible on the disk
ADDRESS : 0x00F97000
SIZE : 204.0 Ko
DRIVER : C:\Windows\system32\drivers\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x00FCA000
SIZE : 52.0 Ko
DRIVER : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x00FD7000
SIZE : 84.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\compbatt.sys => Invisible on the disk
ADDRESS : 0x00FEC000
SIZE : 36.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\BATTC.SYS => Invisible on the disk
ADDRESS : 0x00E00000
SIZE : 48.0 Ko
DRIVER : C:\Windows\system32\drivers\volmgr.sys => Invisible on the disk
ADDRESS : 0x00E0C000
SIZE : 84.0 Ko
DRIVER : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x010DE000
SIZE : 368.0 Ko
DRIVER : C:\Windows\system32\drivers\pciide.sys => Invisible on the disk
ADDRESS : 0x0113A000
SIZE : 28.0 Ko
DRIVER : C:\Windows\system32\drivers\PCIIDEX.SYS => Invisible on the disk
ADDRESS : 0x01141000
SIZE : 64.0 Ko
DRIVER : C:\Windows\System32\Drivers\AppleMNT.sys => Invisible on the disk
ADDRESS : 0x01151000
SIZE : 28.0 Ko
DRIVER : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x01158000
SIZE : 104.0 Ko
DRIVER : C:\Windows\system32\drivers\vmbus.sys => Invisible on the disk
ADDRESS : 0x01172000
SIZE : 240.0 Ko
DRIVER : C:\Windows\system32\drivers\winhv.sys => Invisible on the disk
ADDRESS : 0x011AE000
SIZE : 80.0 Ko
DRIVER : C:\Windows\system32\drivers\atapi.sys => Invisible on the disk
ADDRESS : 0x011C2000
SIZE : 36.0 Ko
DRIVER : C:\Windows\system32\drivers\ataport.SYS => Invisible on the disk
ADDRESS : 0x011CB000
SIZE : 168.0 Ko
DRIVER : C:\Windows\system32\drivers\amdxata.sys => Invisible on the disk
ADDRESS : 0x011F5000
SIZE : 44.0 Ko
DRIVER : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x01000000
SIZE : 304.0 Ko
DRIVER : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x0104C000
SIZE : 80.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\MpFilter.sys => Invisible on the disk
ADDRESS : 0x01060000
SIZE : 224.0 Ko
DRIVER : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x0125C000
SIZE : 1.64 Mo
DRIVER : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x014E4000
SIZE : 376.0 Ko
DRIVER : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x01542000
SIZE : 108.0 Ko
DRIVER : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x0155D000
SIZE : 456.0 Ko
DRIVER : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x015CF000
SIZE : 68.0 Ko
DRIVER : C:\Windows\System32\Drivers\AppleHFS.sys => Invisible on the disk
ADDRESS : 0x015E0000
SIZE : 76.0 Ko
DRIVER : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x015F3000
SIZE : 40.0 Ko
DRIVER : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x01621000
SIZE : 968.0 Ko
DRIVER : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x01713000
SIZE : 384.0 Ko
DRIVER : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x01773000
SIZE : 172.0 Ko
DRIVER : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x018A1000
SIZE : 2.00 Mo
DRIVER : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x01AA2000
SIZE : 296.0 Ko
DRIVER : C:\Windows\system32\drivers\vmstorfl.sys => Invisible on the disk
ADDRESS : 0x01AEC000
SIZE : 64.0 Ko
DRIVER : C:\Windows\system32\drivers\volsnap.sys => Invisible on the disk
ADDRESS : 0x01AFC000
SIZE : 304.0 Ko
DRIVER : C:\Windows\System32\Drivers\spldr.sys => Invisible on the disk
ADDRESS : 0x01B48000
SIZE : 32.0 Ko
DRIVER : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x01B50000
SIZE : 232.0 Ko
DRIVER : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x01B8A000
SIZE : 72.0 Ko
DRIVER : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk
ADDRESS : 0x01B9C000
SIZE : 36.0 Ko
DRIVER : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x01BA5000
SIZE : 232.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\disk.sys => Invisible on the disk
ADDRESS : 0x01BDF000
SIZE : 88.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x01800000
SIZE : 192.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\cdrom.sys => Invisible on the disk
ADDRESS : 0x01866000
SIZE : 168.0 Ko
DRIVER : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x01890000
SIZE : 36.0 Ko
DRIVER : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x01899000
SIZE : 28.0 Ko
DRIVER : C:\Windows\System32\drivers\vga.sys => Invisible on the disk
ADDRESS : 0x0179E000
SIZE : 56.0 Ko
DRIVER : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk
ADDRESS : 0x017AC000
SIZE : 148.0 Ko
DRIVER : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x017D1000
SIZE : 64.0 Ko
DRIVER : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk
ADDRESS : 0x01BF5000
SIZE : 36.0 Ko
DRIVER : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the disk
ADDRESS : 0x017E1000
SIZE : 36.0 Ko
DRIVER : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the disk
ADDRESS : 0x017EA000
SIZE : 36.0 Ko
DRIVER : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x017F3000
SIZE : 44.0 Ko
DRIVER : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x01600000
SIZE : 68.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0x01400000
SIZE : 136.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0x01611000
SIZE : 52.0 Ko
DRIVER : C:\Windows\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0x01422000
SIZE : 548.0 Ko
DRIVER : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0x01200000
SIZE : 276.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk
ADDRESS : 0x014AB000
SIZE : 36.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0x014B4000
SIZE : 152.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\vwififlt.sys => Invisible on the disk
ADDRESS : 0x01245000
SIZE : 88.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\vpcnfltr.sys => Invisible on the disk
ADDRESS : 0x01098000
SIZE : 80.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0x010AC000
SIZE : 60.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the disk
ADDRESS : 0x010BB000
SIZE : 108.0 Ko
DRIVER : C:\Windows\system32\drivers\vpcvmm.sys => Invisible on the disk
ADDRESS : 0x02EFE000
SIZE : 348.0 Ko
DRIVER : C:\Windows\system32\drivers\termdd.sys => Invisible on the disk
ADDRESS : 0x02F55000
SIZE : 80.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0x02F69000
SIZE : 324.0 Ko
DRIVER : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0x02FBA000
SIZE : 48.0 Ko
DRIVER : C:\Windows\system32\drivers\mssmbios.sys => Invisible on the disk
ADDRESS : 0x02FC6000
SIZE : 44.0 Ko
DRIVER : C:\Windows\System32\drivers\discache.sys => Invisible on the disk
ADDRESS : 0x02FD1000
SIZE : 60.0 Ko
DRIVER : C:\Windows\system32\drivers\csc.sys => Invisible on the disk
ADDRESS : 0x02E00000
SIZE : 524.0 Ko
DRIVER : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0x02E83000
SIZE : 120.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\blbdrive.sys => Invisible on the disk
ADDRESS : 0x02EA1000
SIZE : 68.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk
ADDRESS : 0x02EB2000
SIZE : 152.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\intelppm.sys => Invisible on the disk
ADDRESS : 0x02ED8000
SIZE : 88.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\CmBatt.sys => Invisible on the disk
ADDRESS : 0x02EEE000
SIZE : 20.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\nvsmu.sys => Invisible on the disk
ADDRESS : 0x02FE0000
SIZE : 44.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\usbohci.sys => Invisible on the disk
ADDRESS : 0x02FEB000
SIZE : 44.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x04056000
SIZE : 344.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\usbehci.sys => Invisible on the disk
ADDRESS : 0x040AC000
SIZE : 68.0 Ko
DRIVER : C:\Windows\system32\drivers\HDAudBus.sys => Invisible on the disk
ADDRESS : 0x040BD000
SIZE : 144.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\GEARAspiWDM.sys => Invisible on the disk
ADDRESS : 0x040E1000
SIZE : 28.0 Ko
DRIVER : C:\Windows\system32\drivers\1394ohci.sys => Invisible on the disk
ADDRESS : 0x040E8000
SIZE : 248.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\bcmwl664.sys => Invisible on the disk
ADDRESS : 0x044F4000
SIZE : 2.86 Mo
DRIVER : C:\Windows\system32\DRIVERS\vwifibus.sys => Invisible on the disk
ADDRESS : 0x047CF000
SIZE : 52.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\b57nd60a.sys => Invisible on the disk
ADDRESS : 0x04400000
SIZE : 312.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\nvlddmkm.sys => Invisible on the disk
ADDRESS : 0x0F27B000
SIZE : 13.18 Mo
DRIVER : C:\Windows\system32\DRIVERS\nvBridge.kmd => Invisible on the disk
ADDRESS : 0x0FFAA000
SIZE : 8.0 Ko
DRIVER : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0x04272000
SIZE : 976.0 Ko
DRIVER : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0x04366000
SIZE : 280.0 Ko
DRIVER : C:\Windows\system32\drivers\CompositeBus.sys => Invisible on the disk
ADDRESS : 0x043AC000
SIZE : 64.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\serscan.sys => Invisible on the disk
ADDRESS : 0x043BC000
SIZE : 32.0 Ko
DRIVER : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk
ADDRESS : 0x043C4000
SIZE : 24.0 Ko
DRIVER : C:\Windows\system32\drivers\ks.sys => Invisible on the disk
ADDRESS : 0x04200000
SIZE : 268.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk
ADDRESS : 0x04243000
SIZE : 88.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk
ADDRESS : 0x043CA000
SIZE : 144.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk
ADDRESS : 0x043EE000
SIZE : 48.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk
ADDRESS : 0x0FFAC000
SIZE : 188.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk
ADDRESS : 0x0FFDB000
SIZE : 108.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the disk
ADDRESS : 0x0F200000
SIZE : 132.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the disk
ADDRESS : 0x0F221000
SIZE : 104.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\vna.sys => Invisible on the disk
ADDRESS : 0x0F23B000
SIZE : 156.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\rdpbus.sys => Invisible on the disk
ADDRESS : 0x04259000
SIZE : 44.0 Ko
DRIVER : C:\Windows\system32\drivers\kbdclass.sys => Invisible on the disk
ADDRESS : 0x0F262000
SIZE : 60.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\mouclass.sys => Invisible on the disk
ADDRESS : 0x0444E000
SIZE : 60.0 Ko
DRIVER : C:\Windows\system32\drivers\swenum.sys => Invisible on the disk
ADDRESS : 0x04264000
SIZE : 8.0 Ko
DRIVER : C:\Windows\system32\drivers\umbus.sys => Invisible on the disk
ADDRESS : 0x0445D000
SIZE : 72.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\vpcusb.sys => Invisible on the disk
ADDRESS : 0x0446F000
SIZE : 116.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\usbrpm.sys => Invisible on the disk
ADDRESS : 0x0448C000
SIZE : 60.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the disk
ADDRESS : 0x04266000
SIZE : 8.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\vpchbus.sys => Invisible on the disk
ADDRESS : 0x0449B000
SIZE : 240.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the disk
ADDRESS : 0x04126000
SIZE : 360.0 Ko
DRIVER : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the disk
ADDRESS : 0x044D7000
SIZE : 84.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\CS420x64.sys => Invisible on the disk
ADDRESS : 0x047DC000
SIZE : 44.0 Ko
DRIVER : C:\Windows\system32\drivers\HdAudio.sys => Invisible on the disk
ADDRESS : 0x04180000
SIZE : 368.0 Ko
DRIVER : C:\Windows\system32\drivers\portcls.sys => Invisible on the disk
ADDRESS : 0x04000000
SIZE : 244.0 Ko
DRIVER : C:\Windows\system32\drivers\drmk.sys => Invisible on the disk
ADDRESS : 0x041DC000
SIZE : 136.0 Ko
DRIVER : C:\Windows\system32\drivers\nvhda64v.sys => Invisible on the disk
ADDRESS : 0x047E7000
SIZE : 100.0 Ko
DRIVER : C:\Windows\System32\win32k.sys => Invisible on the disk
ADDRESS : 0x00070000
SIZE : 3.09 Mo
DRIVER : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the disk
ADDRESS : 0x0403D000
SIZE : 48.0 Ko
DRIVER : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0x01830000
SIZE : 56.0 Ko
DRIVER : C:\Windows\System32\Drivers\dump_dumpata.sys => Invisible on the disk
ADDRESS : 0x04049000
SIZE : 48.0 Ko
DRIVER : C:\Windows\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0x04268000
SIZE : 36.0 Ko
DRIVER : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x0183E000
SIZE : 76.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\USBSTOR.SYS => Invisible on the disk
ADDRESS : 0x00E21000
SIZE : 108.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk
ADDRESS : 0x00E3C000
SIZE : 116.0 Ko
DRIVER : C:\Windows\System32\Drivers\usbvideo.sys => Invisible on the disk
ADDRESS : 0x00CC0000
SIZE : 184.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\KeyMagic.sys => Invisible on the disk
ADDRESS : 0x01851000
SIZE : 56.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\hidusb.sys => Invisible on the disk
ADDRESS : 0x00CEE000
SIZE : 56.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\HIDCLASS.SYS => Invisible on the disk
ADDRESS : 0x00DBE000
SIZE : 100.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\HIDPARSE.SYS => Invisible on the disk
ADDRESS : 0x0F271000
SIZE : 36.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\applemtp.sys => Invisible on the disk
ADDRESS : 0x00DD7000
SIZE : 68.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\applemtm.sys => Invisible on the disk
ADDRESS : 0x0FFF6000
SIZE : 40.0 Ko
DRIVER : C:\Windows\system32\drivers\kbdhid.sys => Invisible on the disk
ADDRESS : 0x00DE8000
SIZE : 56.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\mouhid.sys => Invisible on the disk
ADDRESS : 0x02021000
SIZE : 52.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\IRFilter.sys => Invisible on the disk
ADDRESS : 0x0202E000
SIZE : 48.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\point64.sys => Invisible on the disk
ADDRESS : 0x0203A000
SIZE : 68.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the disk
ADDRESS : 0x0204B000
SIZE : 56.0 Ko
DRIVER : C:\Windows\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x00540000
SIZE : 40.0 Ko
DRIVER : C:\Windows\System32\cdd.dll => Invisible on the disk
ADDRESS : 0x006D0000
SIZE : 156.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\AppleBtBc.sys => Invisible on the disk
ADDRESS : 0x02059000
SIZE : 48.0 Ko
DRIVER : C:\Windows\System32\Drivers\BTHUSB.sys => Invisible on the disk
ADDRESS : 0x02065000
SIZE : 96.0 Ko
DRIVER : C:\Windows\System32\Drivers\bthport.sys => Invisible on the disk
ADDRESS : 0x0207D000
SIZE : 560.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\rfcomm.sys => Invisible on the disk
ADDRESS : 0x02109000
SIZE : 176.0 Ko
DRIVER : C:\Windows\system32\drivers\BthEnum.sys => Invisible on the disk
ADDRESS : 0x02135000
SIZE : 64.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\bthpan.sys => Invisible on the disk
ADDRESS : 0x02145000
SIZE : 128.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\applebmt.sys => Invisible on the disk
ADDRESS : 0x02165000
SIZE : 76.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\hidbth.sys => Invisible on the disk
ADDRESS : 0x02178000
SIZE : 120.0 Ko
DRIVER : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk
ADDRESS : 0x02196000
SIZE : 140.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the disk
ADDRESS : 0x021B9000
SIZE : 84.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\nwifi.sys => Invisible on the disk
ADDRESS : 0x09EC7000
SIZE : 332.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\ndisuio.sys => Invisible on the disk
ADDRESS : 0x09F1A000
SIZE : 76.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the disk
ADDRESS : 0x09F2D000
SIZE : 96.0 Ko
DRIVER : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk
ADDRESS : 0x0A2B4000
SIZE : 804.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk
ADDRESS : 0x0A37D000
SIZE : 120.0 Ko
DRIVER : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk
ADDRESS : 0x0A39B000
SIZE : 96.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
ADDRESS : 0x0A3B3000
SIZE : 180.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
ADDRESS : 0x0A200000
SIZE : 312.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
ADDRESS : 0x0A24E000
SIZE : 144.0 Ko
DRIVER : C:\Windows\system32\drivers\KeyAgent.sys => Invisible on the disk
ADDRESS : 0x0A272000
SIZE : 32.0 Ko
DRIVER : C:\Windows\system32\drivers\MacHALDriver.sys => Invisible on the disk
ADDRESS : 0x0A27A000
SIZE : 40.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\NisDrvWFP.sys => Invisible on the disk
ADDRESS : 0x0A284000
SIZE : 132.0 Ko
DRIVER : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk
ADDRESS : 0x09F45000
SIZE : 664.0 Ko
DRIVER : C:\Windows\System32\Drivers\secdrv.SYS => Invisible on the disk
ADDRESS : 0x0A2A5000
SIZE : 44.0 Ko
DRIVER : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
ADDRESS : 0x09E00000
SIZE : 196.0 Ko
DRIVER : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk
ADDRESS : 0x0A3E0000
SIZE : 72.0 Ko
DRIVER : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk
ADDRESS : 0x09E31000
SIZE : 420.0 Ko
DRIVER : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk
ADDRESS : 0x0AE96000
SIZE : 608.0 Ko
DRIVER : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the disk
ADDRESS : 0x0AF2E000
SIZE : 100.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\acpials.sys => Invisible on the disk
ADDRESS : 0x0AF47000
SIZE : 40.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\WUDFRd.sys => Invisible on the disk
ADDRESS : 0x0AF51000
SIZE : 216.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\asyncmac.sys => Invisible on the disk
ADDRESS : 0x0AE00000
SIZE : 44.0 Ko
DRIVER : C:\Windows\System32\smss.exe => Invisible on the disk
ADDRESS : 0x47920000
SIZE : 128.0 Ko
BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)
SystemStartOptions : NOEXECUTE=OPTIN
________________________________________________________________________________
_______MBR \Device\Harddisk0\DR0
0x00000000 33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00 3À.м.|.À.ؾ.|¿.
0x00000010 06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00 .¹..üó¤Ph..Ëû¹..
0x00000020 BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10 ½¾..~..|......Å.
0x00000030 E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00 âñÍ..V.UÆF..ÆF..
0x00000040 B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09 ´A»ªUÍ.]r..ûUªu.
0x00000050 F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74 ÷Á..t.þF.f`.~..t
0x00000060 26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00 &fh....f.v.h..h.
0x00000070 7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13 |h..h..´B.V..ôÍ.
0x00000080 9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00 ..Ä..ë.¸..».|.V.
0x00000090 8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE .v..N..n.Í.fas.þ
0x000000A0 4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84 N.u..~......².ë.
0x000000B0 55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55 U2ä.V.Í.]ë..>þ}U
0x000000C0 AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64 ªun.v.è..u.ú°Ñæd
0x000000D0 E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75 è..°ßæ`è|.°.ædèu
0x000000E0 00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54 .û¸.»Í.f#Àu;f.ûT
0x000000F0 43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00 CPAu2.ù..r,fh.».
0x00000100 00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66 .fh....fh....fSf
0x00000110 53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66 SfUfh....fh.|..f
0x00000120 61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD ah...Í.Z2öê.|..Í
0x00000130 18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4 ..·.ë..¶.ë..µ.2ä
0x00000140 05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD ....ð¬<.t.»..´.Í
0x00000150 10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8 .ëòôëý+Éädë.$.àø
0x00000160 24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69 $.ÃInvalid parti
0x00000170 74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 tion table.Error
0x00000180 20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 loading operati
0x00000190 6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E ng system.Missin
0x000001A0 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 g operating syst
0x000001B0 65 6D 00 00 00 63 7B 9A 20 18 00 00 00 00 00 FE em...c{. ......þ
0x000001C0 FF FF EE FE FF FF 01 00 00 00 27 40 06 00 00 FE [email="..îþ......'@...þ"]..îþ......'@...þ[/email]
0x000001D0 FF FF AF FE FF FF 28 40 06 00 C0 91 82 12 80 FE ..¯þ..(@..À....þ
0x000001E0 FF FF 07 FE FF FF 00 D8 8C 12 00 80 8F 0A 00 00 ...þ...Ø........
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª


#5
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 23.339 posts
Olá,

Só uma observação: sabe me dizer por que é que em todas as páginas do Linha Defensiva meu IE 9 mostra o aviso "A execução de um complemento para este site falhou."?

Só acontece no site da Linha Defensiva?

Faça o download do OTL by OldTimer, e salve na sua área de trabalho:
http://oldtimer.geekstogo.com/OTL.exe

** Usuários do Windows Vista e Windows 7/8:
Clique com o direito sobre o arquivo OTL.exe, depois clique em Imagem Postada
.

Onde diz Saída, marque Padrão
Marque também estas opções:
  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity
Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

CREATERESTOREPOINT
netsvcs /all
%SYSTEMDRIVE%\*.*
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%PROGRAMFILES%(x86)\*.*
%LOCALAPPDATA%\*.exe
%LOCALAPPDATA%\*.txt
%LOCALAPPDATA%\*.ini
%LOCALAPPDATA%\*.dll
%LOCALAPPDATA%\*.dat
%USERPROFILE%\*.exe
%USERPROFILE%\*.txt
%USERPROFILE%\*.ini
%USERPROFILE%\*.dll
%USERPROFILE%\*.dat /30
%appdata%\*.*
%programdata%\*.*
%programdata%\*.exe /s
%programdata%\*.dll /s
%PROGRAMFILES%\Internet Explorer\*.*
C:\windows\system32\Tasks\*.* /64
%windir%\tasks\*.*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP
HKCU\Software\Microsoft\Internet Explorer\Downloads
%systemdrive%\$Recycle.Bin|@;true;true;true /fp

/md5start
services.*
/md5stop


Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão Imagem Postada

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt
Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.
Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip e anexe-os à sua resposta.

#6
edu0982

edu0982

    Novato

  • Novato
  • Pip
  • 13 posts
OTL logfile created on: 11/12/2012 22:05:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Edu\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,74 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 64,18% Memory free
7,48 Gb Paging File | 6,12 Gb Available in Paging File | 81,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 84,48 Gb Total Space | 19,98 Gb Free Space | 23,65% Space Free | Partition Type: NTFS
Drive E: | 148,08 Gb Total Space | 121,69 Gb Free Space | 82,18% Space Free | Partition Type: HFS

Computer Name: EDU-PC | User Name: Edu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/11 22:03:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Edu\Desktop\OTL.exe
PRC - [2012/11/29 13:44:57 | 000,008,704 | ---- | M] () -- C:\Windows\SysWOW64\monitor.exe
PRC - [2012/11/29 13:44:41 | 001,092,608 | ---- | M] () -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2012/10/31 15:52:30 | 000,464,256 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2012/10/09 09:30:12 | 000,280,168 | ---- | M] ( ) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe
PRC - [2012/07/27 17:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/02 10:42:22 | 000,355,504 | ---- | M] (Check Point Software Technologies) -- C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
PRC - [2010/12/20 12:57:04 | 000,602,872 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/06/24 11:57:04 | 000,136,704 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/29 13:44:57 | 000,008,704 | ---- | M] () -- C:\Windows\SysWOW64\monitor.exe
MOD - [2012/05/30 21:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 21:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/08/15 19:35:16 | 000,224,640 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\AppleOSSMgr.exe -- (AppleOSSMgr)
SRV:64bit: - [2010/11/22 12:12:58 | 000,127,800 | R--- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
SRV:64bit: - [2010/03/22 23:53:40 | 000,110,904 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Windows\SysNative\AppleTimeSrv.exe -- (AppleTimeSrv)
SRV:64bit: - [2009/07/13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/11/29 13:44:41 | 001,092,608 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (RPCNetSVC)
SRV - [2012/11/22 07:33:26 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/31 15:52:30 | 000,464,256 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2012/10/19 16:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/09 09:30:12 | 000,280,168 | ---- | M] ( ) [Auto | Running] -- C:\Program Files (x86)\GbPlugin\gbpsv.exe -- (GbpSv)
SRV - [2012/09/12 22:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Arquivos de Programas\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 22:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Arquivos de Programas\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/27 17:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/02 10:42:22 | 000,355,504 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe -- (cpextender)
SRV - [2011/03/28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/12/20 12:57:04 | 000,602,872 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/06/24 11:57:04 | 000,136,704 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/12 17:35:44 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/08/30 23:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 11:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 11:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 14:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/26 15:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/15 19:35:16 | 000,072,024 | ---- | M] (Apple Inc.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AppleHFS.sys -- (AppleHFS)
DRV:64bit: - [2011/08/15 19:35:16 | 000,017,752 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\KeyAgent.sys -- (KeyAgent)
DRV:64bit: - [2011/08/15 19:35:16 | 000,016,216 | ---- | M] (Apple Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AppleMNT.sys -- (AppleMNT)
DRV:64bit: - [2011/06/02 21:36:46 | 000,032,256 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KeyMagic.sys -- (KeyMagic)
DRV:64bit: - [2011/06/02 21:36:41 | 000,052,736 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applebmt.sys -- (applebmt)
DRV:64bit: - [2011/06/02 10:42:22 | 000,161,256 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vna.sys -- (VNA)
DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/31 15:43:51 | 000,038,912 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applemtp.sys -- (applemtp)
DRV:64bit: - [2011/01/31 15:43:51 | 000,012,288 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applemtm.sys -- (applemtm)
DRV:64bit: - [2010/12/20 12:43:42 | 000,022,752 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2010/11/20 10:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 10:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 10:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 08:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 08:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/10/14 23:58:17 | 000,018,432 | ---- | M] (Cirrus Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CS420x64.sys -- (CirrusFilter)
DRV:64bit: - [2010/03/23 02:46:27 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/03/22 23:53:48 | 000,021,048 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\MacHALDriver.sys -- (MacHALDriver)
DRV:64bit: - [2010/03/22 23:44:52 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/03/22 23:44:47 | 000,305,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2010/01/28 00:54:39 | 000,018,944 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AppleBtBc.sys -- (AppleBtBc)
DRV:64bit: - [2009/10/15 23:39:30 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IRFilter.sys -- (IRRemoteFlt)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 21:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/11/29 13:44:30 | 000,005,120 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\MouseUSB.sys -- (MouseUSB)
DRV - [2012/10/09 09:29:58 | 000,046,440 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\GbpKm.sys -- (GbpKm)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Edu\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 78 E5 A3 47 56 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.252.1.231:3128


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2012/10/16 14:08:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: about:blank
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: about:blank
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Edu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Edu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Pesquisa do Google = C:\Users\Edu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\Edu\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
CHR - Extension: Gmail = C:\Users\Edu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/12/11 19:13:05 | 000,000,248 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 88.80.13.240 www2.bancobrasil.com.br
O1 - Hosts: 127.0.0.1 www14.bancobrasil.com.br
O1 - Hosts: 88.80.13.241 aapj.bb.com.br
O1 - Hosts: 88.80.13.242 bankline.itau.com.br
O1 - Hosts: 127.0.0.1 clickbanking.itau.com.br
O1 - Hosts: 186.202.166.75 www2.infoseg.gov.br
O1 - Hosts: 127.0.0.1 www5.infoseg.gov.br
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Apple_KbdMgr] C:\Arquivos de Programas\Boot Camp\Bootcamp.exe (Apple Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [monitor] C:\Windows\SysWOW64\monitor.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Arquivos de Programas\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www] * in Sites confiáveis)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www14] * in Sites confiáveis)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www2] * in Sites confiáveis)
O15 - HKCU\..Trusted Domains: bb.com.br ([www] * in Sites confiáveis)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([imagem] * in Sites confiáveis)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([internetbanking] * in Sites confiáveis)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([www] * in Sites confiáveis)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} https://portal.vpn.m...LL/extender.cab (SlimClient Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48A382F4-D918-4FD7-86DE-3840E3966A02}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3723D44-2BAB-48A9-B62F-3DECB3159E97}: DhcpNameServer = 186.218.228.5 209.55.24.10
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files (x86)\GbPlugin\gbieh.dll) - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Program Files (x86)\GbPlugin\gbiehCef.dll) - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5fd68e15-ef89-11e1-baa1-58b0358eb524}\Shell - "" = AutoRun
O33 - MountPoints2\{5fd68e15-ef89-11e1-baa1-58b0358eb524}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{5fd68e25-ef89-11e1-baa1-58b0358eb524}\Shell - "" = AutoRun
O33 - MountPoints2\{5fd68e25-ef89-11e1-baa1-58b0358eb524}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{5fd68e33-ef89-11e1-baa1-58b0358eb524}\Shell - "" = AutoRun
O33 - MountPoints2\{5fd68e33-ef89-11e1-baa1-58b0358eb524}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{5fd68e48-ef89-11e1-baa1-58b0358eb524}\Shell - "" = AutoRun
O33 - MountPoints2\{5fd68e48-ef89-11e1-baa1-58b0358eb524}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{606de35d-c2bc-11e1-ba5a-58b0358eb524}\Shell - "" = AutoRun
O33 - MountPoints2\{606de35d-c2bc-11e1-ba5a-58b0358eb524}\Shell\AutoRun\command - "" = G:\SISetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AeLookupSvc - C:\Windows\SysNative\aelupsvc.dll (Microsoft Corporation)
NetSvcs:64bit: CertPropSvc - C:\Windows\SysNative\certprop.dll (Microsoft Corporation)
NetSvcs:64bit: SCPolicySvc - C:\Windows\SysNative\certprop.dll (Microsoft Corporation)
NetSvcs:64bit: lanmanserver - C:\Windows\SysNative\srvsvc.dll (Microsoft Corporation)
NetSvcs:64bit: gpsvc - C:\Windows\SysNative\gpsvc.dll (Microsoft Corporation)
NetSvcs:64bit: IKEEXT - C:\Windows\SysNative\IKEEXT.DLL (Microsoft Corporation)
NetSvcs:64bit: AudioSrv - C:\Windows\SysNative\audiosrv.dll (Microsoft Corporation)
NetSvcs:64bit: Ias - C:\Windows\SysNative\ias.dll (Microsoft Corporation)
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Rasauto - C:\Windows\SysNative\rasauto.dll (Microsoft Corporation)
NetSvcs:64bit: Rasman - C:\Windows\SysNative\rasmans.dll (Microsoft Corporation)
NetSvcs:64bit: Remoteaccess - C:\Windows\SysNative\mprdim.dll (Microsoft Corporation)
NetSvcs:64bit: SENS - C:\Windows\SysNative\Sens.dll (Microsoft Corporation)
NetSvcs:64bit: Sharedaccess - C:\Windows\SysNative\ipnathlp.dll (Microsoft Corporation)
NetSvcs:64bit: Tapisrv - C:\Windows\SysNative\tapisrv.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: TermService - C:\Windows\SysNative\termsrv.dll (Microsoft Corporation)
NetSvcs:64bit: wuauserv - C:\Windows\SysNative\wuaueng.dll (Microsoft Corporation)
NetSvcs:64bit: BITS - C:\Windows\SysNative\qmgr.dll (Microsoft Corporation)
NetSvcs:64bit: ShellHWDetection - C:\Windows\SysNative\shsvcs.dll (Microsoft Corporation)
NetSvcs:64bit: iphlpsvc - C:\Windows\SysNative\iphlpsvc.dll (Microsoft Corporation)
NetSvcs:64bit: seclogon - C:\Windows\SysNative\seclogon.dll (Microsoft Corporation)
NetSvcs:64bit: AppInfo - C:\Windows\SysNative\appinfo.dll (Microsoft Corporation)
NetSvcs:64bit: msiscsi - C:\Windows\SysNative\iscsiexe.dll (Microsoft Corporation)
NetSvcs:64bit: MMCSS - C:\Windows\SysNative\mmcss.dll (Microsoft Corporation)
NetSvcs:64bit: winmgmt - C:\Windows\SysNative\wbem\WMIsvc.dll (Microsoft Corporation)
NetSvcs:64bit: SessionEnv - C:\Windows\SysNative\SessEnv.dll (Microsoft Corporation)
NetSvcs:64bit: browser - C:\Windows\SysNative\browser.dll (Microsoft Corporation)
NetSvcs:64bit: EapHost - C:\Windows\SysNative\eapsvc.dll (Microsoft Corporation)
NetSvcs:64bit: schedule - C:\Windows\SysNative\schedsvc.dll (Microsoft Corporation)
NetSvcs:64bit: hkmsvc - C:\Windows\SysNative\KMSVC.DLL (Microsoft Corporation)
NetSvcs:64bit: wercplsupport - C:\Windows\SysNative\wercplsupport.dll (Microsoft Corporation)
NetSvcs:64bit: ProfSvc - C:\Windows\SysNative\profsvc.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWow64\ias.dll (Microsoft Corporation)
NetSvcs: Remoteaccess - C:\Windows\SysWOW64\mprdim.dll (Microsoft Corporation)
NetSvcs: SENS - C:\Windows\SysWOW64\Sens.dll (Microsoft Corporation)
NetSvcs: Tapisrv - C:\Windows\SysWOW64\tapisrv.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWow64\wmi.dll (Microsoft Corporation)
NetSvcs: ShellHWDetection - C:\Windows\SysWOW64\shsvcs.dll (Microsoft Corporation)
NetSvcs: SessionEnv - C:\Windows\SysWOW64\SessEnv.dll (Microsoft Corporation)
NetSvcs: AppMgmt - C:\Windows\SysWOW64\appmgmts.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/11 22:03:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Edu\Desktop\OTL.exe
[2012/12/11 18:32:07 | 000,147,456 | ---- | C] (Eric_71) -- C:\Users\Edu\Desktop\MbrScan.exe
[2012/12/11 17:09:38 | 000,000,000 | ---D | C] -- C:\Users\Edu\AppData\Roaming\Malwarebytes
[2012/12/11 17:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/11 17:07:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/11 17:07:40 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/11 17:07:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/10 09:10:41 | 006,202,631 | ---- | C] (MTE ) -- C:\Users\Edu\Documents\AtualizadorAuditor.exe
[2012/12/09 11:28:20 | 000,000,000 | ---D | C] -- C:\Users\Edu\Desktop\HijackThis
[2012/12/08 13:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/12/08 13:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/12/02 17:41:14 | 000,000,000 | ---D | C] -- C:\Users\Edu\Desktop\APRESENTAÇÕES REPASSE NR-12
[2012/11/26 14:29:16 | 000,000,000 | ---D | C] -- C:\A. R. VASCONCELOS ME (FAZ. COPACABANA)
[2012/11/22 19:00:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/11/22 16:17:52 | 000,000,000 | ---D | C] -- C:\FAZENDA AROEIRA
[2012/11/22 09:05:32 | 000,000,000 | ---D | C] -- C:\Users\Edu\AppData\Local\Programs
[2012/11/17 17:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/17 17:10:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2 C:\Users\Edu\AppData\Local\*.tmp files -> C:\Users\Edu\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/11 22:05:36 | 000,013,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/11 22:05:36 | 000,013,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/11 22:03:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Edu\Desktop\OTL.exe
[2012/12/11 22:03:00 | 001,517,030 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/11 22:03:00 | 000,664,342 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2012/12/11 22:03:00 | 000,616,546 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/11 22:03:00 | 000,128,632 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2012/12/11 22:03:00 | 000,106,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/11 22:00:25 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/11 22:00:21 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/11 22:00:20 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/11 19:12:57 | 000,341,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/11 19:12:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/11 19:12:01 | 3012,501,504 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/11 18:32:07 | 000,147,456 | ---- | M] (Eric_71) -- C:\Users\Edu\Desktop\MbrScan.exe
[2012/12/11 17:07:47 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/11 13:28:01 | 000,019,996 | ---- | M] () -- C:\Users\Edu\Desktop\TABELA-PROPOSTA.pdf
[2012/12/10 16:59:38 | 000,001,090 | ---- | M] () -- C:\Users\Edu\acesso.serpro.gov.br.HOD.properties
[2012/12/10 16:59:38 | 000,000,187 | ---- | M] () -- C:\Users\Edu\acesso.serpro.gov.br.HOD.LOC
[2012/12/10 09:10:55 | 000,000,704 | ---- | M] () -- C:\Users\Public\Desktop\Sistema Auditor.lnk
[2012/12/10 09:10:48 | 006,202,631 | ---- | M] (MTE ) -- C:\Users\Edu\Documents\AtualizadorAuditor.exe
[2012/12/07 14:12:11 | 000,000,000 | ---- | M] () -- C:\Users\Edu\Documents\AtualizadorAuditorComp.exe
[2012/12/06 08:28:38 | 000,252,624 | ---- | M] () -- C:\Users\Edu\Desktop\NT 2005.021 - Intermediação do trabalho rural - terceirização.pdf
[2012/12/04 09:25:03 | 000,000,059 | ---- | M] () -- C:\Windows\wpd99.drv
[2012/11/29 13:45:15 | 000,000,022 | ---- | M] () -- C:\Windows\SysWow64\1353962097
[2012/11/29 13:44:58 | 000,010,240 | ---- | M] () -- C:\Windows\SysWow64\net.dll
[2012/11/29 13:44:57 | 000,008,704 | ---- | M] () -- C:\Windows\SysWow64\monitor.exe
[2012/11/29 13:44:57 | 000,000,299 | ---- | M] () -- C:\Windows\SysWow64\hc.cfg
[2012/11/29 13:44:41 | 001,092,608 | ---- | M] () -- C:\Windows\SysWow64\rpcnet.exe
[2012/11/29 13:44:30 | 000,005,120 | ---- | M] () -- C:\Windows\SysWow64\drivers\MouseUSB.sys
[2012/11/26 14:53:38 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\SisFGTS (A. R. VASCONCELOS ME).lnk
[2012/11/13 08:03:38 | 000,000,699 | ---- | M] () -- C:\Users\Public\Desktop\SEA-MTE 2012.lnk
[2012/11/13 08:03:26 | 000,000,742 | ---- | M] () -- C:\Users\Edu\Desktop\SEA-MTE 2010.lnk
[2 C:\Users\Edu\AppData\Local\*.tmp files -> C:\Users\Edu\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/11 17:07:47 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/11 13:27:59 | 000,019,996 | ---- | C] () -- C:\Users\Edu\Desktop\TABELA-PROPOSTA.pdf
[2012/12/08 15:45:58 | 000,341,080 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/07 13:34:36 | 000,000,000 | ---- | C] () -- C:\Users\Edu\Documents\AtualizadorAuditorComp.exe
[2012/12/06 08:28:45 | 000,252,624 | ---- | C] () -- C:\Users\Edu\Desktop\NT 2005.021 - Intermediação do trabalho rural - terceirização.pdf
[2012/11/29 13:45:15 | 000,000,022 | ---- | C] () -- C:\Windows\SysWow64\1353962097
[2012/11/29 13:44:58 | 001,092,608 | ---- | C] () -- C:\Windows\SysWow64\rpcnet.exe
[2012/11/29 13:44:58 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\net.dll
[2012/11/29 13:44:58 | 000,008,704 | ---- | C] () -- C:\Windows\SysWow64\monitor.exe
[2012/11/29 13:44:58 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\drivers\MouseUSB.sys
[2012/11/29 13:44:58 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\hc.cfg
[2012/11/26 14:53:38 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\SisFGTS (A. R. VASCONCELOS ME).lnk
[2012/11/15 12:15:40 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/13 08:03:38 | 000,000,699 | ---- | C] () -- C:\Users\Public\Desktop\SEA-MTE 2012.lnk
[2012/10/27 16:56:34 | 000,000,187 | ---- | C] () -- C:\Users\Edu\acesso.serpro.gov.br.HOD.LOC
[2012/10/27 16:55:49 | 000,001,090 | ---- | C] () -- C:\Users\Edu\acesso.serpro.gov.br.HOD.properties
[2012/10/16 14:10:07 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/09/17 15:31:57 | 000,001,832 | ---- | C] () -- C:\Users\Edu\AppData\Local\SLC_Edu.prx
[2012/08/02 21:19:25 | 000,116,556 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/07/12 09:04:38 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini
[2012/07/02 08:44:49 | 000,000,257 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/07/02 08:44:49 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/07/02 08:44:03 | 000,000,441 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/07/02 08:42:59 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2012/07/02 08:42:58 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/07/02 08:42:58 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/07/02 08:42:50 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012/07/02 08:42:40 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012/06/30 18:49:07 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\base64.dll
[2012/06/30 18:49:01 | 000,130,560 | ---- | C] () -- C:\Windows\SysWow64\ZipDll.dll
[2012/06/30 18:49:01 | 000,125,440 | ---- | C] () -- C:\Windows\SysWow64\UnzDll.dll
[2012/06/30 15:39:26 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2012/06/30 15:39:26 | 000,000,059 | ---- | C] () -- C:\Windows\wpd99.drv
[2012/06/29 23:24:34 | 001,536,908 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 02:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/09/30 17:33:58 | 000,000,000 | ---D | M] -- C:\Users\Edu\AppData\Roaming\ACD Systems
[2012/10/16 14:08:59 | 000,000,000 | ---D | M] -- C:\Users\Edu\AppData\Roaming\Babylon
[2012/09/27 10:23:30 | 000,000,000 | ---D | M] -- C:\Users\Edu\AppData\Roaming\CheckPoint
[2012/11/02 11:05:26 | 000,000,000 | ---D | M] -- C:\Users\Edu\AppData\Roaming\IObit
[2012/07/12 09:04:38 | 000,000,000 | ---D | M] -- C:\Users\Edu\AppData\Roaming\pdf995
[2012/09/12 19:35:21 | 000,000,000 | ---D | M] -- C:\Users\Edu\AppData\Roaming\VIVO INTERNET

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/11/20 09:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2012/06/29 19:27:46 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/12/11 19:12:01 | 3012,501,504 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/11 19:12:07 | 4016,672,768 | -HS- | M] () -- C:\pagefile.sys

< %systemdrive%\drivers\*.exe >

< %systemroot%\system32\drivers\*.* /90 >
[2012/10/09 09:29:58 | 000,046,440 | ---- | M] (GAS Tecnologia) -- C:\Windows\system32\drivers\GbpKm.sys
[2012/11/29 13:44:30 | 000,005,120 | ---- | M] () -- C:\Windows\system32\drivers\MouseUSB.sys

< %PROGRAMFILES%(x86)\*.* >

< %LOCALAPPDATA%\*.exe >

< %LOCALAPPDATA%\*.txt >

< %LOCALAPPDATA%\*.ini >

< %LOCALAPPDATA%\*.dll >

< %LOCALAPPDATA%\*.dat >
[2012/12/08 15:46:41 | 000,084,984 | ---- | M] () -- C:\Users\Edu\AppData\Local\GDIPFONTCACHEV1.DAT
[2 C:\Users\Edu\AppData\Local\*.tmp files -> C:\Users\Edu\AppData\Local\*.tmp -> ]

< %USERPROFILE%\*.exe >

< %USERPROFILE%\*.txt >

< %USERPROFILE%\*.ini >
[2012/06/29 16:52:52 | 000,000,020 | -HS- | M] () -- C:\Users\Edu\ntuser.ini

< %USERPROFILE%\*.dll >

< %USERPROFILE%\*.dat /30 >
[2012/12/11 22:07:38 | 004,194,304 | ---- | M] () -- C:\Users\Edu\NTUSER.DAT

< %appdata%\*.* >

< %programdata%\*.* >

< %programdata%\*.exe /s >
[2012/08/21 14:01:28 | 001,977,816 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\GEARDIFx.exe
[2012/08/21 14:01:20 | 000,131,544 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DifXInst64.exe
[2011/06/06 17:59:51 | 001,560,520 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1046-7B44-AA1000000001}\setup.exe
[2012/09/27 08:41:24 | 000,073,624 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple Computer\Installer Cache\iTunes 10.7.0.21\SetupAdmin.exe
[2012/09/30 17:41:25 | 000,417,037 | ---- | M] (Brice Lambson) -- C:\ProgramData\Package Cache\{9dfff2f7-5cd7-4fd4-9b75-7d53b042d94b}\ImageResizerSetup.exe

< %programdata%\*.dll /s >
[2012/08/21 14:01:20 | 000,519,048 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DIFxAPI.dll
[2012/08/21 14:01:20 | 000,106,928 | ---- | M] (GEAR Software Inc.) -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspi.dll
[2012/08/21 14:01:20 | 000,125,872 | ---- | M] (GEAR Software Inc.) -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspi64.dll
[2009/06/10 17:31:21 | 000,015,616 | ---- | M] (Microsoft Corp.) -- C:\ProgramData\Microsoft\IdentityCRL\ppcrlconfig.dll
[2009/06/10 17:31:21 | 000,254,216 | ---- | M] (Microsoft Corp.) -- C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll
[2012/06/29 23:14:43 | 000,019,736 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
[2012/11/29 08:00:39 | 000,972,264 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{571D202B-EFF5-4F3A-8635-DBC6C1284CC7}\gapaengine.dll
[2012/11/08 14:24:30 | 009,125,352 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6934A2EA-F574-4930-A179-50CC42772248}\mpengine.dll
[2012/11/08 14:24:30 | 009,125,352 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
[2012/09/28 22:31:20 | 000,972,192 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
[2012/06/18 04:12:50 | 009,013,136 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{14E705D3-4D9D-4614-BB26-9E8BE15059FD}\mpengine.dll

< %PROGRAMFILES%\Internet Explorer\*.* >
[2012/06/29 17:58:05 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ExtExport.exe
[2012/06/29 17:58:05 | 000,002,535 | ---- | M] () -- C:\Program Files (x86)\Internet Explorer\ie9props.propdesc
[2012/06/29 17:58:05 | 000,107,008 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iecleanup.exe
[2012/06/29 17:58:05 | 000,307,200 | ---- | M] () -- C:\Program Files (x86)\Internet Explorer\iediagcmd.exe
[2012/11/13 23:01:45 | 000,678,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
[2012/06/29 17:58:05 | 000,466,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
[2012/06/29 17:58:05 | 000,222,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
[2012/11/13 22:52:27 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
[2012/11/13 22:51:48 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\IEShims.dll
[2012/11/13 23:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2012/11/13 23:00:20 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
[2012/06/29 17:58:05 | 000,104,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
[2012/06/29 17:58:05 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\JSProfilerCore.dll
[2012/06/29 17:58:05 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsprofilerui.dll
[2009/06/10 18:14:14 | 000,265,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\msdbg2.dll
[2012/06/29 17:58:05 | 000,301,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\networkinspection.dll
[2009/06/10 18:14:15 | 000,355,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\pdm.dll
[2012/11/13 23:56:04 | 000,149,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\sqmapi.dll

< C:\windows\system32\Tasks\*.* /64 >
[2012/11/22 07:33:29 | 000,003,840 | ---- | M] () -- C:\Windows\SysNative\Tasks\Adobe Flash Player Updater
[2012/12/08 13:57:56 | 000,002,768 | ---- | M] () -- C:\Windows\SysNative\Tasks\CCleanerSkipUAC
[2012/09/16 22:13:52 | 000,003,806 | ---- | M] () -- C:\Windows\SysNative\Tasks\GoogleUpdateTaskMachineCore
[2012/09/16 22:13:53 | 000,004,058 | ---- | M] () -- C:\Windows\SysNative\Tasks\GoogleUpdateTaskMachineUA
[2012/08/10 15:28:37 | 000,003,056 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft_Hardware_Launch_devicecenter_exe
[2012/08/10 15:28:35 | 000,003,044 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft_Hardware_Launch_ipoint_exe
[2012/08/10 15:28:33 | 000,003,042 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft_Hardware_Launch_itype_exe
[2012/12/08 17:20:36 | 000,003,102 | ---- | M] () -- C:\Windows\SysNative\Tasks\{20B37D25-4DBF-4929-95DB-5423B8B82946}
[2012/06/30 18:45:10 | 000,003,266 | ---- | M] () -- C:\Windows\SysNative\Tasks\{A5C12B44-A0F2-4803-9011-AFAECBD1FAD7}
[2009/07/14 02:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 02:08:49 | 000,032,586 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/29 23:34:32 | 000,001,058 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/06/29 23:34:34 | 000,001,062 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/08/11 11:28:54 | 000,000,902 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< %windir%\tasks\*.* >
[2012/12/11 22:00:21 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/11 22:13:07 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/11 22:00:25 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/11 19:13:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/11/05 07:46:08 | 000,032,586 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >
"DefaultConnectionSettings" = 46 00 00 00 0A 02 00 00 09 00 00 00 11 00 00 00 31 30 2E 32 35 32 2E 31 2E 32 33 31 3A 33 31 32 38 0F 00 00 00 2A 2E 6C 6F 63 61 6C 3B 3C 6C 6F 63 61 6C 3E 00 00 00 00 04 00 00 00 00 00 00 00 A0 5E 4A 6C DA D7 CD 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 00 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [Binary data over 200 bytes]
"SavedLegacySettings" = 46 00 00 00 80 0F 00 00 09 00 00 00 11 00 00 00 31 30 2E 32 35 32 2E 31 2E 32 33 31 3A 33 31 32 38 0F 00 00 00 2A 2E 6C 6F 63 61 6C 3B 3C 6C 6F 63 61 6C 3E 00 00 00 00 04 00 00 00 00 00 00 00 A0 5E 4A 6C DA D7 CD 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 00 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [Binary data over 200 bytes]
"VIVO" = 46 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"VIVO INTERNET" = 46 00 00 00 11 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments >

< HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Advanced SystemCare 6" = "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart -- [2012/09/24 21:59:16 | 000,490,880 | ---- | M] (IObit)

< HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP >

< HKCU\Software\Microsoft\Internet Explorer\Downloads >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< MD5 for: SERVICES >
[2009/06/10 18:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.ASFX >
[2012/07/27 17:51:50 | 000,002,634 | ---- | M] () MD5=912DD5C0C7C8D7572AD598414D56E24A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pt_BR\Services\Services.asfx

< MD5 for: SERVICES.ASFX9 >
[2011/06/06 13:55:34 | 000,000,636 | R--- | M] () MD5=E1EA7707C24F5A84850D5659CA376594 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA76401B744AA0100000010\10.1.0\services.asfx9

< MD5 for: SERVICES.CFG >
[2012/07/27 17:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA76401B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 22:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 22:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/14 14:55:09 | 000,018,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\pt-BR\services.exe.mui
[2009/07/14 14:55:09 | 000,018,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c78e6f42ac5a3207\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 01:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 01:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 01:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 17:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 17:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/06/10 17:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/06/10 18:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/06/10 17:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/06/10 18:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2009/07/14 14:55:08 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\SysNative\pt-BR\services.msc
[2009/07/14 14:55:10 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\SysWOW64\pt-BR\services.msc
[2009/07/14 14:55:08 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_01d03f2e82c3cbfa\services.msc
[2009/07/14 14:55:10 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a5b1a3aaca665ac4\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 17:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 17:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< >
< End of report >

Arquivo(s) anexado(s)



#7
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 23.339 posts
Olá, edu0982.

1)

Selecione estas linhas dentro do CODE, clique com o direito sobre a seleção e escolha a opção copiar

OBS: Certifique-se de copiar começando pela letra e sinal de dois pontos ":C"

:Commands
[createrestorepoint]

:OTL
PRC - [2012/11/29 13:44:57 | 000,008,704 | ---- | M] () -- C:\Windows\SysWOW64\monitor.exe
MOD - [2012/11/29 13:44:57 | 000,008,704 | ---- | M] () -- C:\Windows\SysWOW64\monitor.exe
O4 - HKLM..\Run: [monitor] C:\Windows\SysWOW64\monitor.exe ()
PRC - [2012/11/29 13:44:41 | 001,092,608 | ---- | M] () -- C:\Windows\SysWOW64\rpcnet.exe
SRV - [2012/11/29 13:44:41 | 001,092,608 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (RPCNetSVC)
[2012/11/29 13:44:58 | 001,092,608 | ---- | C] () -- C:\Windows\SysWow64\rpcnet.exe
[2012/11/29 13:45:15 | 000,000,022 | ---- | M] () -- C:\Windows\SysWow64\1353962097
[2012/11/29 13:44:58 | 000,010,240 | ---- | M] () -- C:\Windows\SysWow64\net.dll
[2012/11/29 13:44:57 | 000,000,299 | ---- | M] () -- C:\Windows\SysWow64\hc.cfg
DRV - [2012/11/29 13:44:30 | 000,005,120 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\MouseUSB.sys -- (MouseUSB)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.252.1.231:3128
O33 - MountPoints2\{5fd68e15-ef89-11e1-baa1-58b0358eb524}\Shell - "" = AutoRun
O33 - MountPoints2\{5fd68e15-ef89-11e1-baa1-58b0358eb524}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{5fd68e25-ef89-11e1-baa1-58b0358eb524}\Shell - "" = AutoRun
O33 - MountPoints2\{5fd68e25-ef89-11e1-baa1-58b0358eb524}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{5fd68e33-ef89-11e1-baa1-58b0358eb524}\Shell - "" = AutoRun
O33 - MountPoints2\{5fd68e33-ef89-11e1-baa1-58b0358eb524}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{5fd68e48-ef89-11e1-baa1-58b0358eb524}\Shell - "" = AutoRun
O33 - MountPoints2\{5fd68e48-ef89-11e1-baa1-58b0358eb524}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{606de35d-c2bc-11e1-ba5a-58b0358eb524}\Shell - "" = AutoRun
O33 - MountPoints2\{606de35d-c2bc-11e1-ba5a-58b0358eb524}\Shell\AutoRun\command - "" = G:\SISetup.exe

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]


Execute o OTL.exe

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).
Clique no botão Imagem Postada

O programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

2)

Conecte todos os dispositivos de armazenamento removível pendrives, mp3, mp4, celulares, cartões de memória, câmeras fotográficas) nas portas USBs.

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ComboFix
http://download.blee...Bs/ComboFix.exe

Salve-o na sua área de trabalho.
  • Feche todas as janelas e programas. Rode o ComboFix.
  • Dê um duplo-clique no combofix.exe e tecle "Sim" para prosseguir.
  • Quando perguntado se deseja instalar o Console de Recuperação, clique em Sim e agüarde.
  • Clique em OK para aceitar o EULA, e depois clique em Sim para continuar a busca por malwares.
Não clique em nada e não aperte nenhuma tecla durante o exame, pois a ferramenta não funcionará corretamente.

Quando a ferramenta terminar de rodar, gerará um log. Poste o conteúdo do arquivo C:\ComboFix.txt na sua próxima resposta.

Importante:
  • É necessário estar conectado durante o procedimento com o ComboFix;
  • É preciso estar logado no sistema com privilégios de administrador.
  • Baixe e SALVE o ComboFix. Na janela de download, onde aparecem as opções Executar / Salvar, clique em Salvar. Não execute o ComboFix na janela do seu navegador.
  • Mantenha seu antivirus, antispywares e firewall desativados durante os procedimentos com o ComboFix. Torne a ativá-los quando terminar tudo.
  • Caso você já tenha usado o Combofix anteriormente, então delete-o e baixe-o novamente.
  • Caso o Console de Recuperação já esteja instalado nesta máquina, o ComboFix não irá lhe sugerir a instalação.
  • Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e atrasará a remoção do(s) malware(s)
  • O ComboFix é uma ferramenta que pode danificar o sistema se for usada incorretamente. Use-o apenas sob supervisão de um analista de malwares.

Editado por CarlosTurco, 11 dezembro 2012 - 23:02.


#8
edu0982

edu0982

    Novato

  • Novato
  • Pip
  • 13 posts
Duas dúvidas antes de fazer o procedimento:

a) no item 1 (OTL), devem ser ativadas aquelas mesmas opções da primeira vez que o programa foi executado? ("usar WhiteList" etc)...

B) Depois de colados os comandos na sessão Exames Personalizados/Correções, qual é o botão a ser clicado? (o IE não exibe a figura) Seria "Verificar", "Consertar" ou "Limpeza"?

Obrigado!

#9
edu0982

edu0982

    Novato

  • Novato
  • Pip
  • 13 posts
OTL:


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
No active process named monitor.exe was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\monitor deleted successfully.
C:\Windows\SysWOW64\monitor.exe moved successfully.
Process rpcnet.exe killed successfully!
Service RPCNetSVC stopped successfully!
Service RPCNetSVC deleted successfully!
C:\Windows\SysWOW64\rpcnet.exe moved successfully.
File C:\Windows\SysWow64\rpcnet.exe not found.
C:\Windows\SysWOW64\1353962097 moved successfully.
C:\Windows\SysWOW64\net.dll moved successfully.
C:\Windows\SysWOW64\hc.cfg moved successfully.
Service MouseUSB stopped successfully!
Service MouseUSB deleted successfully!
C:\Windows\SysWOW64\drivers\MouseUSB.sys moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5fd68e15-ef89-11e1-baa1-58b0358eb524}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5fd68e15-ef89-11e1-baa1-58b0358eb524}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5fd68e15-ef89-11e1-baa1-58b0358eb524}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5fd68e15-ef89-11e1-baa1-58b0358eb524}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5fd68e25-ef89-11e1-baa1-58b0358eb524}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5fd68e25-ef89-11e1-baa1-58b0358eb524}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5fd68e25-ef89-11e1-baa1-58b0358eb524}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5fd68e25-ef89-11e1-baa1-58b0358eb524}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5fd68e33-ef89-11e1-baa1-58b0358eb524}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5fd68e33-ef89-11e1-baa1-58b0358eb524}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5fd68e33-ef89-11e1-baa1-58b0358eb524}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5fd68e33-ef89-11e1-baa1-58b0358eb524}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5fd68e48-ef89-11e1-baa1-58b0358eb524}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5fd68e48-ef89-11e1-baa1-58b0358eb524}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5fd68e48-ef89-11e1-baa1-58b0358eb524}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5fd68e48-ef89-11e1-baa1-58b0358eb524}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{606de35d-c2bc-11e1-ba5a-58b0358eb524}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{606de35d-c2bc-11e1-ba5a-58b0358eb524}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{606de35d-c2bc-11e1-ba5a-58b0358eb524}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{606de35d-c2bc-11e1-ba5a-58b0358eb524}\ not found.
File G:\SISetup.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Configura‡Æo de IP do Windows
Libera‡Æo do Cache do DNS Resolver bem-sucedida.
C:\Users\Edu\Desktop\cmd.bat deleted successfully.
C:\Users\Edu\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Edu
->Temp folder emptied: 1765393 bytes
->Temporary Internet Files folder emptied: 121463339 bytes
->Java cache emptied: 23187980 bytes
->Google Chrome cache emptied: 280357638 bytes
->Flash cache emptied: 1955 bytes

User: Public

User: Todos os Usuários

User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 126997 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50521 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 407,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12122012_165015

Files\Folders moved on Reboot...
C:\Users\Edu\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\{EE32A514-CEE2-489D-B3AD-9965EEE76B2E}\fpi.tmp moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Arquivo(s) anexado(s)



#10
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 23.339 posts
Olá,

Você conhece esse arquivo?

c:\users\Edu\Documents\AtualizadorAuditorComp.exe



#11
edu0982

edu0982

    Novato

  • Novato
  • Pip
  • 13 posts
Carlos, esse arquivo é o atualizador de um dos sistemas que utilizo no Ministério do Trabalho. Para alguns outros sistemas, utilizamos também configurações de proxy e às vezes acesso via VPN.

Obrigado,

Eduardo.

#12
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 23.339 posts

Carlos, esse arquivo é o atualizador de um dos sistemas que utilizo no Ministério do Trabalho. Para alguns outros sistemas, utilizamos também configurações de proxy e às vezes acesso via VPN.

Obrigado,

Eduardo.

O Combofix, tinha feito a exclusão, vamos recuperá-lo.

Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções.

Selecione e copie o texto dentro do QUOTE. Abra o Bloco de Notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

OBS: Certifique-se de copiar começando pela letra "D"

DeQuarantine::
C:\Qoobox\Quarantine\c:\users\Edu\Documents\AtualizadorAuditorComp.exe

JavaClearCache::


Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

Imagem Postada

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.
* Caso isso não aconteça, então reinicie manualmente.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.


Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s)

Faça um novo log do HijackThis e cole na sua resposta.
Poste também o novo log do ComboFix.

Editado por CarlosTurco, 12 dezembro 2012 - 21:55.


#13
edu0982

edu0982

    Novato

  • Novato
  • Pip
  • 13 posts
Bom dia,

não é necessário efetuar a recuperação desse arquivo não. No próprio sistema que utilizo tenho a opção de atualizá-lo automaticamente, e ele acaba baixando de novo esse arquivo.

Obrigado!

#14
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 23.339 posts
Ok,

Vamos fazer mais uma verificação.

1)

Desative temporiariamente seu AntiVirus
  • Utilize o Navegador Internet Explorer para utilizar o serviço!
  • Acesse o site AQUI
  • Faça o scan de acordo com a imagem abaixo:

    Imagem Postada
  • Ao final da verificação marque a caixa "Delete Quarantined files" e clique em [FINISH]
    Será gerado um relatório, que estará em:
C:\Arquivos de programas\EsetOnlineScanner\log.txt
Ou
C:\Arquivos de programas\Eset\EsetOnlineScanner\log.txt

Poste esse log.

2)

Poste um novo log do HijackThis.

Editado por CarlosTurco, 13 dezembro 2012 - 10:26.


#15
edu0982

edu0982

    Novato

  • Novato
  • Pip
  • 13 posts
Olá. Executei o ESET Online Scanner e ele não acusou nada. Só não deixei até o final porque ele acabou a partição do Windows e começou a verificar a partição do Mac, então não tenho arquivo de log para postar. Segue abaixo o novo log do HikackThis:
Obrigado!


Logfile of HijackThis v1.99.1
Scan saved at 20:52:57, on 17/12/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Running processes:
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Edu\Desktop\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.252.1.231:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\bonjour\mdnsnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: www.caixa.gov.br
O16 - DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} (SlimClient Class) - https://portal.vpn.m...LL/extender.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = mte.gov.br
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = mte.gov.br
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = mte.gov.br
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\Windows\system32\AppleOSSMgr.exe (file missing)
O23 - Service: Serviço de Tempo da Apple (AppleTimeSrv) - Unknown owner - C:\Windows\system32\AppleTimeSrv.exe (file missing)
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

#16
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 23.339 posts
Ok,

Como está seu computador?

#17
edu0982

edu0982

    Novato

  • Novato
  • Pip
  • 13 posts
Não houve mais o pedido, ao entrar no homebaking do Banco do Brasil, de colocar a senha de 6 dígitos, que era o indicativo de banker (esse procedimento não é normal, o sistema só deve pedir a senha de 8 dígitos, que é a senha de autoatendimento). Assim, acho que o problema foi solucionado.

Muito obrigado!

#18
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 23.339 posts
Ok,

Os logs estão limpos. :)

Para finalizar:
  • Renomeie o Combofix para uninstall e execute-o.

    IMPORTANTE: Preste atenção na grafia, para não haver erros de digitação!
  • Execute o OTL.exe
    Clique no botão Imagem Postada.

    Permita que seu computador seja reiniciado.
  • Faça o Download do CCleaner
    • Instale o programa
    • Clique em Registro > procurar erros > corrigir erros selecionados.
    • Depois, clique em Limpador > analisar > executar limpeza.
  • Imagem Postada Atualize o Java. Versões antigas têm vunerabilidades que alguns malwares podem usar para infectar seu sistema.
    • Faça download da última versão do Java SE 7u10.
    • Clique em JRE Download
    • Marque a caixa Accept License Agreement..
    • Clique no link para download Windows x86 Offline 29.73 MB jre-7u10-windows-i586.exe e salve no seu desktop.
    • Feche qualquer programa que esteja executando, especialmente navegadores.
    • Vá em Iniciar > Painel de Controle duplo clique em Adicionar ou Remover Programas e remova todas as versões antigas do Java.
      Exemplos de versões antigas
      Java 2 Runtime Environment, SE v1.4.2
      J2SE Runtime Environment 5.0
      J2SE Runtime Environment 5.0 Update 6
    • Selecione qualquer item com nome Java Runtime Environment (JRE ou J2SE).
    • Clique no botão Remover ou Alterar/Remover.
    • Repita quantas vezes for necessária para remover cada versão do Java.
    • Reincie seu computador uma vez que todas as versões do Java tenham sido removidas.
    • Agora vá no seu desktop, clique duas vezes em jre-7u9-windows-i586.exe para instalar a mais nova versão.
    • ATENÇÃO: Desmarque a caixa de instalação da ASK Toolbar.
  • Imagem Postada Atualize o Adobe Reader. Versões antigas têm vulnerabilidades que são exploradas por malwares.

    Clique aqui e instale a mais nova versão.
  • Imagem Postada Mantenha o Flash Player atualizado. Versões antigas também têm vulnerabilidades que são exploradas por malwares. Clique aqui e instale a mais nova versão.
  • Imagem Postada Worms USB (vírus de pendrive) podem infectar qualquer tipo de dispositivo de armazenamento removível (pendrives, mp3, mp4, celulares, cartões de memória, câmeras fotográficas). Este tipo de malware explora um recurso nativo do Windows chamado Autorun, ou Autoplay (é aquele assistente que aparece quando você insere um cd ou pendrive, perguntando com qual programa você deseja abri-lo). O Autoplay precisa de um arquivo chamado autorun.inf para funcionar.

    Mantenha um cópia limpa e protegida do arquivo autorun.inf em todos os dispositivos removíveis e em todas as unidades do sistema. Deste modo, se acaso você plugar o seu pendrive em algum pc infectado, o malware não vai conseguir sobreescrever o arquivo pré-existente. Mas ainda assim ele poderá copiar seus executáveis maliciosos para o pendrive, tais como .EXE, .SCR, .CMD, .PIF, .BAT, .COM.
    Se você plugar este pendrive em uma máquina limpa e executar algum desses arquivos maliciosos, esse sistema será infectado da mesma forma. Portanto, tenha cuidado e use o bom senso.

    Para criar um arquivo autorun.inf protegido no Windows XP:

    Faça o download do Flash_Disinfector.exe e salve na sua área de trabalho.
    • Conecte todos os dispositivos de armazenamento removível nas portas USBs. Salve o que achar necessário, EXCETO arquivos executáveis, depois formate as mídias, indo em Meu Computador e clicando com o direito sobre a unidade da mídia, escolhendo a opção "Formatar"
    • Execute o Flash_Disinfector.exe.
    • Vá seguindo os prompts que poderão aparecer.
    • Espere até que o programa conclua a busca e depois saia do programa.
    Para Windows Vista e 7: Panda USB Vaccine
  • Imagem PostadaPara manutenção de sistema, remoção de arquivos temporários e inválidos, baixe TFC, by OldTimer.

    Feche TODOS os programas e execute o TFC. Clique no botão Start e aguarde. Sua área de trabalho irá desaparecer, não se preocupe, isso faz parte do processo.

    Tenha paciência, conforme a quantidade de dados a serem excluídos, o processo pode demorar mais de 2 minutos.

    Quando terminar, você será solicitado a reiniciar seu computador. REINICIE.

    Caso não lhe seja solicitado, reinicie manualmente.
  • Imagem PostadaVisite o Windows Update regularmente e verifique por atualizações.
    Novas brechas de segurança são descobertas com freqüência. Muitos malwares exploram essas brechas, infectando sistemas sem depender de nenhuma ação do usuário. A Microsoft corrige essas brechas através das atualizações.
    Por isso é fundamental manter o seu sistema atualizado.
  • Aprenda alguns cuidados e dicas para manter seu computador limpo. Leia o artigo Proteja seu pc:
    http://linhadefensiv...proteja-seu-pc/
  • Se não há mais nenhum problema relacionado a malwares, clique no botão Imagem Postada e peça para fecharem seu tópico.
Se você tiver alguma dúvida relacionada a informática e tecnologia, sinta-se à vontade para postar em qualquer área do forum Linha Defensiva.

Abraço. :legal:

#19
edu0982

edu0982

    Novato

  • Novato
  • Pip
  • 13 posts
Parece que o problema está resolvido. Não há mais comportamentos 'duvidosos' do computador...
Obrigado!!!

#20
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 23.339 posts
PROBLEMA RESOLVIDO
 
Caso queira solicitar a reabertura do tópico, utilize o botão Denunciar para entrar em contato com a moderação.

Nota: Somente o autor pode realizar essa solicitação na área Remoção de Malware.