lcpleonel

Browser Hijacker.Internet Explorer Zone Hijack, Trojan.Agent/Gen-StartPage etc

10 posts in this topic

Minha irmã desavisadamente instalou Gynias Browser Companion e alguma outra porcaria. Então o internet explorer ficava abrindo o tempo todo, mesmo não sendo o navegador padrão. Consegui remover o Gynias Browser Companion. Executei o bankerfix, que detectou e eliminou bankers. Instalei e executei o SuperAntiSpyware, sendo que ele detectou spywares e trojans, mas mesmo após várias execuções alguns problemas persistem no relatório de saída. Executei também o malware bytes com resultados semelhantes.

Então peço ajuda para que meu computadSUPERAntiSpyware Scan Log - 03-25-2013 - 20-11-01.logor seja definitivamente desinfectado.

De já agradeço a colaboração,

Leonel Carneiro Pereirahijackthis.log

MbrScan.log

FSS.txt

Share this post


Link to post
Share on other sites

lcpleonel,

Por favor, observe o seguinte:

  • NÃO tente realizar sozinho nenhum procedimento de limpeza. Em especial, não execute por conta própria ferramentas utilizadas no fórum Remoção de Malware. O uso indevido de algumas ferramentas poderá danificar o seu computador ou, no mínimo, remover parcialmente os sinais de uma infecção que serviriam de informação ao analista. A equipe não será responsabilizada por consequências resultantes de uso indevido e/ou não-informado das ferramentas. - Regra nº8 da Remoção de Malwares
  • Não inicie novo tópico sobre esse problema. Poste suas respostas sempre neste tópico.
  • Clique em button_seguir.png (se localiza no canto superior direito do post principal) para que receba notificação por e-mail quando o mesmo for respondido. Você também pode verificar os tópicos assinados usando a opção Conteúdo que sigo acessível através do Painel de Controle do fórum.
  • As análises podem levar algum tempo, portanto seja paciente.
  • As instruções são específicas para o seu computador, e devem ser aplicadas somente nele.
  • Se algo der errado, não importa. Sempre acompanhe seu tópico, informando-me dos resultados, até que seu computador esteja limpo.
  • Aviso: Evite utilizar as tags <QUOTE> ou <CODE> nos logs, isso prejudica a leitura na hora da analise.
  • Por favor, não abandone seu tópico. Para nós é importante saber se a remoção foi bem sucedida.
  • Se você não receber uma resposta minha em até 5 dias. Me envie uma MP

Executei também o malware bytes com resultados semelhantes.

Poste o log do malwarebytes.

Siga os procedimentos abaixo.

1)

Baixe o AdwCleaner e salve no desktop.

http://general-chang...de/2-adwcleaner

Execute o arquivo adwcleaner.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo adwcleaner.exe, depois clique em execadmin.png.

Clique em Remover.

Abrirá um bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.

2)

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe 1268r49.png e salve no desktop. Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

* No Windows Vista e Windows 7:

Clique com o direito sobre o JRT.exe e selecione run_as_adm1.png

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

3)

Baixe o RogueKiller e salve no desktop. e salve no desktop.

http://www.sur-la-to...RogueKiller.exe

Execute o arquivo RogueKiller.exe.

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo RogueKiller.exe, depois clique em execadmin.png.

Clique no botão Verificar e aguarde o exame finalizar.

Clique no botão Report. Abrirá um bloco de notas com informações.

Este log é salvo no desktop com o nome de RKreport[1].txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

Share this post


Link to post
Share on other sites

Caríssimo assistente,

Segui suas recomendações. Seguem em anexo os seguintes arquivos:

1 - Log do malwarebytes

2 - Log do AdwCleaner

3 - Log do Junkware Removal Tool

4 - Log do RogueKiller

Como fiquei em dúvida, não cliquei no botão deletar, após a verificação feita pelo RogueKiller. As entradas do registro traziam:

status tipo da chave global chave valor dado

'Encontrado' HJPOL HKCU SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System DisableTaskMgr 0

'Encontrado' HJPOL HKCU SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System DisableRegistryTools 0

'Encontrado' HJ HKLM SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System EnableLua 1

'Encontrado' HJ DESK HKLM SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ HideDesktopIcons\NewStartPanel

cont última linha valor -> {20D04FE0-3AEA-1069-A2D8-08002B30309D} dados -> 1

A guia driver trazia várias linhas, todas relacionadas ao módulo klif.sys

Sds,

Leonel

mbam-log-2013-03-25 (19-17-02).txt

AdwCleanerS5.txt

JRT.txt

RKreport1_S_03262013_02d1451.txt

Share this post


Link to post
Share on other sites
Como fiquei em dúvida, não cliquei no botão deletar, após a verificação feita pelo RogueKiller. As entradas do registro traziam:

Ok. Não era para usar o botão deletar. Pedimos apenas o log antes para poder analisar o que foi encontrado.

Rode novamente o RogueKiller e dessa vez utilize o botão deletar. Poste o log gerado.

Faça o download do OTL by OldTimer, e salve na sua área de trabalho:

http://oldtimer.geekstogo.com/OTL.exe

** Usuários do Windows Vista e Windows 7/8:

Clique com o direito sobre o arquivo OTL.exe, depois clique em execadmin.png .

Onde diz Saída, marque Padrão

Marque também estas opções:

  • Data de Criação -> mude para 90 dias
  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

CREATERESTOREPOINT

netsvcs

%SYSTEMDRIVE%\*.*

%systemdrive%\drivers\*.exe

%systemroot%\system32\drivers\*.* /90

%PROGRAMFILES%\*.*

%userprofile%\configurações locais\dados de aplicativos\*.exe

%userprofile%\configurações locais\dados de aplicativos\*.txt

%userprofile%\configurações locais\dados de aplicativos\*.ini

%userprofile%\configurações locais\dados de aplicativos\*.dat /30

%userprofile%\configurações locais\dados de aplicativos\*.dll

%userprofile%\*.exe

%userprofile%\*.txt

%userprofile%\*.ini

%userprofile%\*.dat /30

%userprofile%\*.dll

%appdata%\*.*

%windir%\tasks\*.* /s

%PROGRAMFILES%\Internet Explorer\*.*

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP

HKCU\Software\Microsoft\Internet Explorer\Downloads

%systemdrive%\$Recycle.Bin|@;true;true;true /fp

/md5start

services.*

/md5stop

Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão verif.png

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt

Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.

Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.

Share this post


Link to post
Share on other sites

Carlos,

Os procedimentos foram executados em consonância com suas orientações. Eis o conteúdo do arquivo OTL.Txt:

OTL logfile created on: 27/3/2013 08:47:34 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Usuario\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

1,50 Gb Total Physical Memory | 0,70 Gb Available Physical Memory | 46,72% Memory free

3,35 Gb Paging File | 2,53 Gb Available in Paging File | 75,70% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 78,13 Gb Total Space | 51,56 Gb Free Space | 66,00% Space Free | Partition Type: NTFS

Drive E: | 70,91 Gb Total Space | 1,04 Gb Free Space | 1,46% Space Free | Partition Type: NTFS

Computer Name: DE729CF99A9D4FF | User Name: Usuario | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2013/03/27 08:43:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Usuario\Desktop\OTL.exe

PRC - [2013/03/10 21:22:07 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

PRC - [2012/11/08 01:44:05 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe

PRC - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2012/08/17 21:38:34 | 000,128,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2013\klwtblfs.exe

PRC - [2012/07/11 15:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Arquivos de programas\SUPERAntiSpyware\SASCore.exe

PRC - [2012/06/05 09:50:04 | 000,211,888 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe

PRC - [2008/04/13 23:20:58 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/11/26 14:54:12 | 001,554,728 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

PRC - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

========== Modules (No Company Name) ==========

MOD - [2013/03/10 21:22:06 | 000,459,728 | ---- | M] () -- C:\Arquivos de programas\Google\Chrome\Application\25.0.1364.172\ppgooglenaclpluginchrome.dll

MOD - [2013/03/10 21:22:05 | 012,662,224 | ---- | M] () -- C:\Arquivos de programas\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll

MOD - [2013/03/10 21:22:04 | 004,050,896 | ---- | M] () -- C:\Arquivos de programas\Google\Chrome\Application\25.0.1364.172\pdf.dll

MOD - [2013/03/10 21:21:16 | 001,552,848 | ---- | M] () -- C:\Arquivos de programas\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll

MOD - [2012/11/18 22:56:50 | 001,310,136 | ---- | M] () -- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2013\kpcengine.2.2.dll

MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll

MOD - [2010/02/10 18:10:12 | 000,141,824 | ---- | M] () -- C:\Arquivos de programas\WinRAR\RarExt.dll

MOD - [2009/02/27 18:49:12 | 000,311,296 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\pdfshell.PTB

MOD - [2008/04/13 23:20:33 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2006/07/24 23:33:26 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll

========== Services (SafeList) ==========

SRV - [2013/01/08 12:53:48 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Arquivos de programas\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/11/08 01:44:05 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP)

SRV - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012/09/20 21:21:03 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/07/11 15:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Arquivos de programas\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)

SRV - [2012/06/05 09:50:04 | 000,211,888 | ---- | M] ( ) [Auto | Running] -- C:\Arquivos de programas\GbPlugin\gbpsv.exe -- (GbpSv)

SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2007/11/26 14:54:12 | 001,554,728 | ---- | M] (Nero AG) [Auto | Running] -- C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)

SRV - [2007/06/27 18:04:00 | 000,279,848 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)

SRV - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)

SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LV302V32.SYS -- (PID_PEPI)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lv302af.sys -- (pepifilter)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\PciCon.sys -- (PciCon)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/11/08 01:50:43 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kltdi.sys -- (kltdi)

DRV - [2012/11/08 01:50:42 | 000,586,584 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)

DRV - [2012/09/30 15:16:31 | 000,024,920 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)

DRV - [2012/09/30 15:16:31 | 000,024,408 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klkbdflt.sys -- (klkbdflt)

DRV - [2012/08/13 16:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kneps.sys -- (kneps)

DRV - [2012/06/27 14:09:08 | 000,035,672 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)

DRV - [2012/06/19 17:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)

DRV - [2012/06/05 09:50:36 | 000,044,208 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GbpKm.sys -- (GbpKm)

DRV - [2012/03/02 16:02:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandmodem.sys -- (ANDModem)

DRV - [2012/03/02 16:02:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lganddiag.sys -- (AndDiag)

DRV - [2012/03/02 16:02:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandgps.sys -- (AndGps)

DRV - [2012/03/02 16:02:00 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandbus.sys -- (Andbus)

DRV - [2011/07/22 13:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Arquivos de programas\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/12 18:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/11/29 15:52:44 | 005,117,056 | ---- | M] (Etron) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ETdrv.sys -- (USBET)

DRV - [2008/01/18 15:16:28 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a016obex.sys -- (a016obex)

DRV - [2008/01/18 15:16:26 | 000,110,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a016mdm.sys -- (a016mdm)

DRV - [2008/01/18 15:16:26 | 000,104,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a016mgmt.sys -- (a016mgmt)

DRV - [2008/01/18 15:16:24 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a016mdfl.sys -- (a016mdfl)

DRV - [2008/01/18 15:16:22 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a016bus.sys -- (a016bus)

DRV - [2007/11/26 14:54:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)

DRV - [2007/11/26 14:54:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)

DRV - [2007/11/26 14:54:12 | 000,016,040 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)

DRV - [2007/11/26 14:54:02 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)

DRV - [2006/08/31 00:54:44 | 000,081,280 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2006/08/15 03:41:16 | 004,368,896 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)

DRV - [2006/02/23 00:39:06 | 000,011,264 | R--- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\xfilt.sys -- (xfilt)

DRV - [2006/02/23 00:38:32 | 000,009,728 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32)

DRV - [2004/08/12 23:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/

IE - HKCU\..\SearchScopes,DefaultScope =

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: ""

FF - prefs.js..browser.search.selectedEngine: ""

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.4.0.11328

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Arquivos de programas\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Arquivos de programas\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Arquivos de programas\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Arquivos de programas\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Arquivos de programas\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/01 20:28:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2012/12/19 06:30:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2012/12/19 06:30:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2012/12/19 06:30:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2012/09/20 21:21:04 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/01 20:28:13 | 000,000,000 | ---D | M]

[2011/09/22 22:03:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Usuario\Dados de aplicativos\Mozilla\Extensions

[2013/01/22 23:51:24 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de programas\Mozilla Firefox\extensions

[2013/01/25 21:04:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Arquivos de programas\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011/09/30 11:31:09 | 000,000,000 | ---D | M] (Consultor de URLs Kaspersky) -- C:\Arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2

[2010/12/26 16:17:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\ARQUIVOS DE PROGRAMAS\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2012/09/20 21:21:03 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\browsercomps.dll

[2012/09/20 21:21:01 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\buscape.xml

[2012/09/20 21:21:01 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\mercadolivre.xml

[2012/09/20 21:21:01 | 000,002,040 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\twitter.xml

[2012/09/20 21:21:01 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\wikipedia-br.xml

[2012/09/20 21:21:01 | 000,000,952 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\yahoo-br.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - plugin: Shockwave Flash (Enabled) = C:\Arquivos de programas\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Arquivos de programas\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Arquivos de programas\Google\Chrome\Application\25.0.1364.172\pdf.dll

CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Documents and Settings\Usuario\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Arquivos de programas\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Arquivos de programas\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npdrmv2.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Arquivos de programas\Windows Media Player\npdsplay.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll

CHR - plugin: Google Update (Enabled) = C:\Arquivos de programas\Google\Update\1.3.21.135\npGoogleUpdate3.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Arquivos de programas\Microsoft\Office Live\npOLW.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Arquivos de programas\Microsoft Silverlight\5.1.20125.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: Google Docs = C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Pesquisa do Google = C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Conselheiro de URLs da Kaspersky = C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\

CHR - Extension: Teclado virtual = C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\

CHR - Extension: Skype Click to Call = C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.4.0.11328_0\

CHR - Extension: Gmail = C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/03/25 17:51:17 | 000,000,774 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.

O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (Banco Real)

O2 - BHO: (no name) - {DFDCFFF4-2E33-45CD-9325-D87A3DF1FAD6} - No CLSID value found.

O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4 - HKLM..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AVP] C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\npjpi160_26.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

O9 - Extra Button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - res://C:\Arquivos de programas\Flash Capture\fciext.dll/FCIEXT.htm File not found

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe File not found

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe File not found

O15 - HKCU\..Trusted Domains: bancoreal.com.br ([www] http in Sites confiáveis)

O15 - HKCU\..Trusted Domains: bancosantander.com.br ([www] http in Sites confiáveis)

O15 - HKCU\..Trusted Domains: bancosantander.com.br ([www] https in Sites confiáveis)

O15 - HKCU\..Trusted Domains: realsecureweb.com.br ([www] https in Sites confiáveis)

O15 - HKCU\..Trusted Domains: realsecureweb.com.br ([www2] https in Sites confiáveis)

O15 - HKCU\..Trusted Domains: realsecureweb.com.br ([wwws] https in Sites confiáveis)

O15 - HKCU\..Trusted Domains: santander.com.br ([www] http in Sites confiáveis)

O15 - HKCU\..Trusted Domains: santanderempresarial.com.br ([www] http in Sites confiáveis)

O15 - HKCU\..Trusted Domains: santandernet.com.br ([www] https in Sites confiáveis)

O15 - HKCU\..Trusted Domains: santandernet.com.br ([wwws] https in Sites confiáveis)

O15 - HKCU\..Trusted Domains: santandernetibe.com.br ([www] https in Sites confiáveis)

O15 - HKCU\..Trusted Domains: secureweb.com.br ([www] https in Sites confiáveis)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5871D718-E893-43A7-B19E-FFF51005AEB2}: NameServer = 192.168.0.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\livecall - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ GbPluginAbn: DllName - (C:\ARQUIV~1\GbPlugin\gbiehAbn.dll) - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (Banco Real)

O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Arquivos de programas\GbPlugin\gbiehCef.dll) - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)

O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found

O24 - Desktop Components:0 (Minha página inicial atual) - about:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Arquivos de programas\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Arquivos de programas\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (Banco Real)

O32 - HKLM CDRom: AutoRun - 0

O32 - AutoRun File - [2010/03/13 10:34:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (sprecovr \SystemRoot\sprecovr.txt)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 90 Days ==========

[2013/03/27 08:43:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Usuario\Desktop\OTL.exe

[2013/03/26 14:49:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Usuario\Desktop\RK_Quarantine

[2013/03/26 14:33:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT

[2013/03/26 14:33:03 | 000,000,000 | ---D | C] -- C:\JRT

[2013/03/26 14:33:00 | 000,550,069 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\Usuario\Desktop\JRT.exe

[2013/03/25 19:12:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Usuario\Dados de aplicativos\Malwarebytes

[2013/03/25 19:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware

[2013/03/25 19:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

[2013/03/25 19:12:06 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2013/03/25 19:12:06 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware

[2013/03/25 18:32:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Usuario\Recent

[2013/03/25 15:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Usuario\Dados de aplicativos\SUPERAntiSpyware.com

[2013/03/25 15:11:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com

[2013/03/25 15:11:59 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\SUPERAntiSpyware

[2013/03/25 11:54:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Chrome

[2013/01/25 21:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Skype

[2013/01/25 21:03:23 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Skype

[2013/01/23 05:08:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer

[2013/01/23 05:08:14 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Reference Assemblies

[2013/01/23 05:07:34 | 000,000,000 | ---D | C] -- C:\f892d111dae6da88ec

[2013/01/23 01:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Silverlight

[2013/01/23 00:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Usuario\AppData

[2013/01/22 20:46:39 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Usuario\Meus documentos\My Stationery

[2013/01/08 00:42:44 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly

[2013/01/08 00:42:01 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft.NET

[2013/01/08 00:42:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET

[2013/01/08 00:15:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Temp

[2013/01/04 19:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Web Camera

[2013/01/04 19:43:59 | 005,117,056 | ---- | C] (Etron) -- C:\WINDOWS\System32\drivers\ETdrv.sys

[2013/01/04 19:43:55 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\ETRON

[2013/01/02 09:14:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Usuario\Dados de aplicativos\Skype

[2013/01/02 09:13:55 | 000,000,000 | R--D | C] -- C:\Arquivos de programas\Skype

[2013/01/02 09:13:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Skype

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2013/03/27 08:50:00 | 000,001,074 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/03/27 08:43:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Usuario\Desktop\OTL.exe

[2013/03/27 08:30:17 | 000,029,204 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2013/03/27 08:30:15 | 000,001,068 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/03/27 08:30:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/03/26 15:13:00 | 000,000,546 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task e395fbc4-70a5-4f6d-a7a1-301126418a5e.job

[2013/03/26 14:47:24 | 000,816,128 | ---- | M] () -- C:\Documents and Settings\Usuario\Desktop\RogueKiller.exe

[2013/03/26 14:32:37 | 000,550,069 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Usuario\Desktop\JRT.exe

[2013/03/26 10:00:11 | 000,609,993 | ---- | M] () -- C:\Documents and Settings\Usuario\Desktop\adwcleaner.exe

[2013/03/26 09:42:55 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013/03/25 19:12:08 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013/03/25 18:35:07 | 000,421,996 | ---- | M] () -- C:\Documents and Settings\Usuario\Meus documentos\cc_20130325_183455.reg

[2013/03/25 15:13:59 | 000,000,546 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 6ef2171d-c288-49a7-8f9b-7638e00f386a.job

[2013/03/25 15:12:06 | 000,001,750 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2013/03/25 11:54:26 | 000,001,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2013/03/25 08:50:16 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/03/15 21:27:50 | 000,516,462 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat

[2013/03/15 21:27:50 | 000,475,272 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/03/15 21:27:50 | 000,089,436 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat

[2013/03/15 21:27:50 | 000,076,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013/03/15 19:13:57 | 000,002,553 | ---- | M] () -- C:\Documents and Settings\Usuario\Desktop\Microsoft Office Word 2007.lnk

[2013/02/08 16:47:04 | 000,002,315 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2013/02/08 16:41:32 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2013/01/23 03:03:35 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2013/01/22 23:54:29 | 000,000,952 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog

[2013/01/04 19:54:45 | 000,310,362 | ---- | M] () -- C:\Documents and Settings\Usuario\Meus documentos\Still0002.jpg

[2013/01/04 19:54:44 | 000,921,654 | ---- | M] () -- C:\WINDOWS\snapshot.bmp

[2013/01/04 19:54:21 | 000,306,641 | ---- | M] () -- C:\Documents and Settings\Usuario\Meus documentos\Still0001.jpg

[2013/01/04 19:44:34 | 000,001,810 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Webcam videocap.lnk

[2013/01/02 03:49:48 | 000,148,992 | ---- | M] () -- C:\WINDOWS\System32\mpg2splt.ax

[2013/01/02 03:49:48 | 000,148,992 | ---- | M] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax

[2012/12/31 13:23:38 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/26 14:49:23 | 000,816,128 | ---- | C] () -- C:\Documents and Settings\Usuario\Desktop\RogueKiller.exe

[2013/03/26 10:01:15 | 000,609,993 | ---- | C] () -- C:\Documents and Settings\Usuario\Desktop\adwcleaner.exe

[2013/03/26 09:42:55 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013/03/25 19:12:08 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013/03/25 18:34:57 | 000,421,996 | ---- | C] () -- C:\Documents and Settings\Usuario\Meus documentos\cc_20130325_183455.reg

[2013/03/25 15:13:59 | 000,000,546 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task e395fbc4-70a5-4f6d-a7a1-301126418a5e.job

[2013/03/25 15:13:59 | 000,000,546 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 6ef2171d-c288-49a7-8f9b-7638e00f386a.job

[2013/03/25 15:12:06 | 000,001,750 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2013/03/25 11:54:25 | 000,001,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2013/03/25 10:45:47 | 000,001,074 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/03/25 10:10:05 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Mozilla Firefox.lnk

[2013/01/08 07:20:08 | 000,273,138 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\WPFFontCache_v0400-S-1-5-21-1177238915-179605362-839522115-1003-0.dat

[2013/01/08 06:09:26 | 000,273,138 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\WPFFontCache_v0400-System.dat

[2013/01/08 00:55:59 | 000,000,952 | ---- | C] () -- C:\WINDOWS\System32\InstallUtil.InstallLog

[2013/01/04 19:54:44 | 000,310,362 | ---- | C] () -- C:\Documents and Settings\Usuario\Meus documentos\Still0002.jpg

[2013/01/04 19:54:21 | 000,921,654 | ---- | C] () -- C:\WINDOWS\snapshot.bmp

[2013/01/04 19:54:21 | 000,306,641 | ---- | C] () -- C:\Documents and Settings\Usuario\Meus documentos\Still0001.jpg

[2013/01/04 19:44:34 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Webcam videocap.lnk

[2013/01/04 19:44:01 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\Etprop.ax

[2013/01/04 19:43:55 | 000,921,654 | ---- | C] () -- C:\WINDOWS\VGA9.bmp

[2013/01/04 19:43:55 | 000,921,654 | ---- | C] () -- C:\WINDOWS\VGA8.bmp

[2013/01/04 19:43:55 | 000,921,654 | ---- | C] () -- C:\WINDOWS\VGA7.bmp

[2013/01/04 19:43:55 | 000,921,654 | ---- | C] () -- C:\WINDOWS\VGA6.bmp

[2013/01/04 19:43:55 | 000,921,654 | ---- | C] () -- C:\WINDOWS\VGA5.bmp

[2013/01/04 19:43:55 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ETCoInst.dll

[2013/01/04 19:43:54 | 000,921,656 | ---- | C] () -- C:\WINDOWS\4_640_480.bmp

[2013/01/04 19:43:54 | 000,921,656 | ---- | C] () -- C:\WINDOWS\3_640_480.bmp

[2013/01/04 19:43:54 | 000,921,656 | ---- | C] () -- C:\WINDOWS\2_640_480.bmp

[2013/01/04 19:43:54 | 000,921,656 | ---- | C] () -- C:\WINDOWS\1_640_480.bmp

[2013/01/04 19:43:54 | 000,921,654 | ---- | C] () -- C:\WINDOWS\VGA4.bmp

[2013/01/04 19:43:54 | 000,921,654 | ---- | C] () -- C:\WINDOWS\VGA3.bmp

[2013/01/04 19:43:54 | 000,921,654 | ---- | C] () -- C:\WINDOWS\VGA2.bmp

[2013/01/04 19:43:54 | 000,921,654 | ---- | C] () -- C:\WINDOWS\VGA10.bmp

[2013/01/04 19:43:54 | 000,921,654 | ---- | C] () -- C:\WINDOWS\VGA1.bmp

[2013/01/02 09:13:56 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2013/01/02 03:49:48 | 000,148,992 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax

[2012/04/12 14:32:51 | 000,000,176 | ---- | C] () -- C:\WINDOWS\REC-NET.INI

[2011/09/30 11:36:37 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\WebpageIcons.db

[2011/04/21 21:34:01 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2011/04/21 21:34:01 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2011/04/21 21:33:59 | 000,631,808 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2011/04/21 21:33:59 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2011/04/21 21:33:59 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2011/04/20 17:33:43 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\MSJCE.dll

[2010/04/25 09:34:11 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2007/01/02 00:07:08 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 23:20:40 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:53:26 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 23:20:41 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2010/09/28 20:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software

[2012/09/27 02:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

[2012/01/10 19:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Dados de aplicativos\GetRightToGo

[2010/03/13 12:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Dados de aplicativos\Orbit

[2010/06/09 14:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Dados de aplicativos\Windows Desktop Search

[2010/07/05 18:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Dados de aplicativos\Windows Search

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2013/03/26 12:13:34 | 000,013,304 | ---- | M] () -- C:\AdwCleaner[R1].txt

[2013/03/26 14:03:43 | 000,013,424 | ---- | M] () -- C:\AdwCleaner[R2].txt

[2013/03/26 10:02:13 | 000,000,399 | ---- | M] () -- C:\AdwCleaner[s1].txt

[2013/03/26 11:19:59 | 000,000,399 | ---- | M] () -- C:\AdwCleaner[s2].txt

[2013/03/26 11:57:35 | 000,000,399 | ---- | M] () -- C:\AdwCleaner[s3].txt

[2013/03/26 12:13:53 | 000,000,364 | ---- | M] () -- C:\AdwCleaner[s4].txt

[2010/03/13 10:34:25 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2010/03/13 11:58:40 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2001/10/28 09:06:10 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin

[2010/03/13 10:34:25 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2011/12/22 11:07:18 | 000,926,048 | ---- | M] () -- C:\HpuInstall.log

[2010/03/13 10:34:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010/03/13 10:34:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2004/08/03 22:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2010/09/05 09:54:29 | 000,251,696 | RHS- | M] () -- C:\ntldr

[2013/03/27 08:30:04 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

[2013/03/26 14:06:27 | 000,033,786 | ---- | M] () -- C:\Tela AdwCleaner.docx

[1 C:\*.tmp files -> C:\*.tmp -> ]

< %systemdrive%\drivers\*.exe >

< %systemroot%\system32\drivers\*.* /90 >

[2013/02/11 21:32:23 | 000,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys

[2013/02/11 21:32:23 | 000,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys

< %PROGRAMFILES%\*.* >

< %userprofile%\configurações locais\dados de aplicativos\*.exe >

< %userprofile%\configurações locais\dados de aplicativos\*.txt >

< %userprofile%\configurações locais\dados de aplicativos\*.ini >

[2012/12/31 13:23:38 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Usuario\configurações locais\dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

< %userprofile%\configurações locais\dados de aplicativos\*.dat /30 >

[2013/03/26 11:56:22 | 000,069,640 | ---- | M] () -- C:\Documents and Settings\Usuario\configurações locais\dados de aplicativos\GDIPFONTCACHEV1.DAT

< %userprofile%\configurações locais\dados de aplicativos\*.dll >

< %userprofile%\*.exe >

< %userprofile%\*.txt >

< %userprofile%\*.ini >

[2013/03/26 15:58:52 | 000,000,210 | -HS- | M] () -- C:\Documents and Settings\Usuario\ntuser.ini

< %userprofile%\*.dat /30 >

[2013/03/26 15:59:16 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Usuario\NTUSER.DAT

< %userprofile%\*.dll >

< %appdata%\*.* >

[2010/03/13 07:26:36 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Usuario\Dados de aplicativos\desktop.ini

< %windir%\tasks\*.* /s >

[2001/10/28 09:07:04 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\tasks\desktop.ini

[2013/03/27 08:30:15 | 000,001,068 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/03/27 08:50:00 | 000,001,074 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/03/27 08:30:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2013/03/25 15:13:59 | 000,000,546 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 6ef2171d-c288-49a7-8f9b-7638e00f386a.job

[2013/03/26 15:13:00 | 000,000,546 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task e395fbc4-70a5-4f6d-a7a1-301126418a5e.job

< %PROGRAMFILES%\Internet Explorer\*.* >

[2009/03/08 04:35:04 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\ExtExport.exe

[2009/03/08 04:24:28 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\hmmapi.dll

[2009/01/11 21:05:26 | 000,002,649 | ---- | M] () -- C:\Arquivos de programas\Internet Explorer\ie8props.propdesc

[2009/03/08 04:35:04 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\iecompat.dll

[2013/02/05 17:13:13 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\iedvtool.dll

[2008/04/13 23:21:01 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\iedw.exe

[2013/02/05 17:13:23 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\ieproxy.dll

[2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe

[2009/03/08 14:33:36 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe.mui

[2013/02/05 17:13:26 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\jsdbgui.dll

[2009/03/08 04:35:02 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\jsdebuggeride.dll

[2009/03/08 04:35:04 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\JSProfilerCore.dll

[2009/03/08 04:35:12 | 000,233,984 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\jsprofilerui.dll

[2009/01/07 18:20:18 | 000,355,832 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\pdm.dll

[2009/01/07 18:20:54 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\sqmapi.dll

[2013/02/05 17:13:36 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\xpshims.dll

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >

"DefaultConnectionSettings" = 46 00 00 00 42 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 12 19 2D B4 C2 CA 01 01 00 00 00 C0 A8 01 43 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]

"SavedLegacySettings" = 46 00 00 00 76 80 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 12 19 2D B4 C2 CA 01 01 00 00 00 C0 A8 01 43 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments >

< HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s >

"CTFMON.EXE" = C:\WINDOWS\system32\CTFMON.EXE -- [2008/04/13 23:20:54 | 000,015,360 | ---- | M] (Microsoft Corporation)

"DWQueuedReporting" = "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t -- [2011/07/27 05:13:08 | 000,434,080 | ---- | M] (Microsoft Corporation)

< HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP >

< HKCU\Software\Microsoft\Internet Explorer\Downloads >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< MD5 for: SERVICES >

[2001/10/28 09:07:26 | 000,006,953 | ---- | M] () MD5=89ABDE406B847C6C8B4BEAA1E0B42BEE -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.DAT >

[2013/02/12 18:45:04 | 000,001,529 | ---- | M] () MD5=E8685F466FABD90B42D32D7898417207 -- C:\JRT\services.dat

< MD5 for: SERVICES.EXE >

[2009/02/09 08:17:04 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=38867483E0CB504BB8F277E05729881E -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe

[2009/02/09 07:08:21 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=96D7D86D3AA68A57BBE835441DC23107 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

[2009/02/09 08:25:05 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=C52DEB6D8CD4B096BF1A9EC001F36507 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe

[2009/02/09 08:25:05 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=C52DEB6D8CD4B096BF1A9EC001F36507 -- C:\WINDOWS\system32\dllcache\services.exe

[2009/02/09 08:25:05 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=C52DEB6D8CD4B096BF1A9EC001F36507 -- C:\WINDOWS\system32\services.exe

[2009/02/09 06:53:30 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=E64296F1D45C776FAC6EE8F89EF3C303 -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe

[2008/04/13 23:21:17 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=EE7999BAACA84CFAA03726E677EE2A33 -- C:\WINDOWS\ServicePackFiles\i386\services.exe

< MD5 for: SERVICES.MSC >

[2001/10/28 09:07:26 | 000,033,074 | ---- | M] () MD5=420018D54146F64F42AC7D60525549F3 -- C:\WINDOWS\system32\services.msc

========== Alternate Data Streams ==========

@Alternate Data Stream - 314 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst

@Alternate Data Stream - 2 bytes -> C:\WINDOWS\system32:A0D87BBF_Cef.gbp

@Alternate Data Stream - 2 bytes -> C:\WINDOWS\system32:A0D87BBF_Abn.gbp

@Alternate Data Stream - 12 bytes -> C:\WINDOWS\System32\drivers:IncompleteBoot.cnt

< End of report >

Em anexo seguem os arquivos Extras.Txt e RKreport[3]_D_03272013_02d0840

Sds,

Leonel

Extras.Txt

RKreport3_D_03272013_02d0840.txt

Share this post


Link to post
Share on other sites

Boa tarde lcpleonel,

Desative temporiariamente seu AntiVirus

  • Segure o botão Ctrl e clique neste link para abrir o ESET Online Scanner em uma nova janela.
  • Clique neste botão: j9Byf.png?1
  • Para navegadores alternativos: (Caso use o Internet Explorer, pule esta etapa)esetsmartinstaller_enu.png
    1. Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Intaller. Salve-o em seu desktop.
    2. Duplo clique no ícone em seu desktop.

    [*]Marque "YES, I accept the Terms of Use."

    [*]Clique em Start.

    [*]Aceite qualquer aviso de segurança de seu browser.

    [*]Em scan settings, marque "Scan Archives" e "Remove found threats"

    [*]Clique em Advanced settings e marque o seguinte:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

    [*]Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas.

    [*]Quando o scan terminar, clique em List Threats

    [*]Copie e cole o conteúdo em sua próxima resposta. Obs: Se nada for encontrado, nenhum log será gerado.

    [*]Clique em Back.

    [*]Clique em Finish.

Poste também um novo log do HijackThis.

Share this post


Link to post
Share on other sites

Caríssimo,

Eis o resultado da execução do eset online scanner:

C:\Documents and Settings\Usuario\Configurações locais\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined

C:\Documents and Settings\Usuario\Configurações locais\Temp\bdg51C.tmp a variant of Win32/Hao123.A application cleaned by deleting - quarantined

C:\Documents and Settings\Usuario\Configurações locais\Temp\bdg612.tmp a variant of Win32/Hao123.A application cleaned by deleting - quarantined

C:\Documents and Settings\Usuario\Configurações locais\Temp\BI_RunOnce.exe a variant of Win32/Somoto.A application cleaned by deleting - quarantined

C:\Documents and Settings\Usuario\Configurações locais\Temp\Setup.exe a variant of Win32/MessengerPlus.A application cleaned by deleting - quarantined

C:\Documents and Settings\Usuario\Configurações locais\Temp\Shortcut_BundleSweetIMSetup-1-.exe probably a variant of Win32/SweetIM.C application cleaned by deleting - quarantined

C:\Documents and Settings\Usuario\Configurações locais\Temp\tn-sft_sc_hao123_br_hao123inst-brazil.exe a variant of Win32/Hao123.A application cleaned by deleting - quarantined

C:\Documents and Settings\Usuario\Configurações locais\Temp\2FE86FB4-BAB0-7891-8A1D-50BCCC51E83A\BExternal.dll a variant of Win32/Toolbar.Babylon.C application cleaned by deleting - quarantined

C:\Documents and Settings\Usuario\Configurações locais\Temp\2FE86FB4-BAB0-7891-8A1D-50BCCC51E83A\Latest\BExternal.dll a variant of Win32/Toolbar.Babylon.C application cleaned by deleting - quarantined

C:\Documents and Settings\Usuario\Configurações locais\Temp\2FE86FB4-BAB0-7891-8A1D-50BCCC51E83A\Latest\MyBabylonTB.exe a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined

C:\Documents and Settings\Usuario\Configurações locais\Temp\8F7C7A35-BAB0-7891-BD9B-2D07B9C06930\BExternal.dll a variant of Win32/Toolbar.Babylon.C application cleaned by deleting - quarantined

C:\Documents and Settings\Usuario\Configurações locais\Temp\8F7C7A35-BAB0-7891-BD9B-2D07B9C06930\Latest\BExternal.dll a variant of Win32/Toolbar.Babylon.C application cleaned by deleting - quarantined

C:\Documents and Settings\Usuario\Configurações locais\Temp\8F7C7A35-BAB0-7891-BD9B-2D07B9C06930\Latest\MyBabylonTB.exe a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined

C:\Documents and Settings\Usuario\Configurações locais\Temp\AskToolbarTemp\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined

C:\Documents and Settings\Usuario\Configurações locais\Temp\is701137889\MyBabylonTB.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined

C:\Documents and Settings\Usuario\Meus documentos\Downloads\aTube_Catcher_Setup.exe multiple threats cleaned by deleting - quarantined

C:\Documents and Settings\Usuario\Meus documentos\Downloads\FFSetup296.zip multiple threats deleted - quarantined

C:\Documents and Settings\Usuario\Meus documentos\Downloads\spybot--search-&-destroy-20120-baixaki-32-bits.exe Win32/InstallCore.BL application cleaned by deleting - quarantined

C:\Downloads\Facemoods.exe a variant of Win32/SweetIM.B application cleaned by deleting - quarantined

C:\Downloads\FFSetup270.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined

C:\Downloads\FFSetup270.zip a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined

C:\Downloads\FFSetup296.exe multiple threats cleaned by deleting - quarantined

C:\Downloads\Babylon_Pro_6.0.0_R32_Tradutor_Portugues_Brasil\Registro\Testado\Babylon PRO 6.XX - Patch.exe a variant of Win32/HackTool.Patcher.A application cleaned by deleting - quarantined

O log do hijackthis vai em anexo.

Sds,

Leonel

hijackthis_2.txt

Share this post


Link to post
Share on other sites

Ok,

Os logs estão limpos. :)

Para finalizar:

  1. Execute o OTL.exe
    Clique no botão Botao_Limpeza_OTL.png.
  2. Faça o Download do CCleaner
    • Instale o programa
    • Clique em Registro > procurar erros > corrigir erros selecionados.
    • Depois, clique em Limpador > analisar > executar limpeza.

[*]iconjava.png Atualize o Java. Versões antigas têm vunerabilidades que alguns malwares podem usar para infectar seu sistema.

  • Faça download da última versão do Java SE 7u17.
  • Clique em JRE Download
  • Marque a caixa Accept License Agreement..
  • Clique no link para download Windows x86 Offline 30.06 MB jre-7u17-windows-i586.exe e salve no seu desktop.
  • Feche qualquer programa que esteja executando, especialmente navegadores.
  • Vá em Iniciar > Painel de Controle duplo clique em Adicionar ou Remover Programas e remova todas as versões antigas do Java.
    Exemplos de versões antigas
    Java 2 Runtime Environment, SE v1.4.2
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 6
  • Selecione qualquer item com nome Java Runtime Environment (JRE ou J2SE).
  • Clique no botão Remover ou Alterar/Remover.
  • Repita quantas vezes for necessária para remover cada versão do Java.
  • Reincie seu computador uma vez que todas as versões do Java tenham sido removidas.
  • Agora vá no seu desktop, clique duas vezes em jre-7u17-windows-i586.exe para instalar a mais nova versão.
  • ATENÇÃO: Desmarque a caixa de instalação da ASK Toolbar.

[*]iconadobe.png Atualize o Adobe Reader. Versões antigas têm vulnerabilidades que são exploradas por malwares.

Clique aqui e instale a mais nova versão.

[*]iconflash.png Mantenha o Flash Player atualizado. Versões antigas também têm vulnerabilidades que são exploradas por malwares. Clique aqui e instale a mais nova versão.

[*]worm.pngWorms USB (vírus de pendrive) podem infectar qualquer tipo de dispositivo de armazenamento removível (pendrives, mp3, mp4, celulares, cartões de memória, câmeras fotográficas). Este tipo de malware explora um recurso nativo do Windows chamado Autorun, ou Autoplay (é aquele assistente que aparece quando você insere um cd ou pendrive, perguntando com qual programa você deseja abri-lo). O Autoplay precisa de um arquivo chamado autorun.inf para funcionar.

Mantenha um cópia limpa e protegida do arquivo autorun.inf em todos os dispositivos removíveis e em todas as unidades do sistema. Deste modo, se acaso você plugar o seu pendrive em algum pc infectado, o malware não vai conseguir sobreescrever o arquivo pré-existente. Mas ainda assim ele poderá copiar seus executáveis maliciosos para o pendrive, tais como .EXE, .SCR, .CMD, .PIF, .BAT, .COM.

Se você plugar este pendrive em uma máquina limpa e executar algum desses arquivos maliciosos, esse sistema será infectado da mesma forma. Portanto, tenha cuidado e use o bom senso.

Para criar um arquivo autorun.inf protegido no Windows XP:

Faça o download do Flash_Disinfector.exe e salve na sua área de trabalho.

  • Conecte todos os dispositivos de armazenamento removível nas portas USBs. Salve o que achar necessário, EXCETO arquivos executáveis, depois formate as mídias, indo em Meu Computador e clicando com o direito sobre a unidade da mídia, escolhendo a opção "Formatar"
  • Execute o Flash_Disinfector.exe.
  • Vá seguindo os prompts que poderão aparecer.
  • Espere até que o programa conclua a busca e depois saia do programa.

Para Windows Vista e 7: Panda USB Vaccine[*]TFC_icon.pngPara manutenção de sistema, remoção de arquivos temporários e inválidos, baixe TFC, by OldTimer.

Feche TODOS os programas e execute o TFC. Clique no botão Start e aguarde. Sua área de trabalho irá desaparecer, não se preocupe, isso faz parte do processo.

Tenha paciência, conforme a quantidade de dados a serem excluídos, o processo pode demorar mais de 2 minutos.

Quando terminar, você será solicitado a reiniciar seu computador. REINICIE.

Caso não lhe seja solicitado, reinicie manualmente.

[*]iconwu.pngVisite o Windows Update regularmente e verifique por atualizações.

Novas brechas de segurança são descobertas com freqüência. Muitos malwares exploram essas brechas, infectando sistemas sem depender de nenhuma ação do usuário. A Microsoft corrige essas brechas através das atualizações.

Por isso é fundamental manter o seu sistema atualizado.

[*]Desative e ative novamente a Restauração do Sistema.

[*]Aprenda alguns cuidados e dicas para manter seu computador limpo. Leia o artigo Proteja seu pc:

http://linhadefensiv...proteja-seu-pc/

[*]Se não há mais nenhum problema relacionado a malwares, clique no botão denunld.png e peça para fecharem seu tópico.

Se você tiver alguma dúvida relacionada a informática e tecnologia, sinta-se à vontade para postar em qualquer área do forum Linha Defensiva.

Abraço. :legal:

Share this post


Link to post
Share on other sites

PROBLEMA RESOLVIDO


Caso queira solicitar a reabertura do tópico, utilize o botão Denunciar para entrar em contato com a moderação.

Nota: Somente o autor pode realizar essa solicitação na área Remoção de Malware.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.