Ir para conteúdo

Foto

Site da Caixa não abre mais


Este tópico foi arquivado. Isto significa que você não pode mais responder ao tópico.
15 respostas neste tópico

#1
mukabala

mukabala

    Novato

  • Novato
  • Pip
  • 8 posts

Até um dia desses vinha operando normalmente no site da Caixa, quando do nada ele passou a não abrir mais em nenhum dos meus navegadores.

 

Gostaria de saber se está tudo bem com minha máquina.

 

Os logs estão em anexo conforme instruções do site.

Arquivo(s) anexado(s)



#2
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 55.060 posts

mukabala,

 

NÃO tente realizar sozinho nenhum procedimento de limpeza. Em especial, não execute por conta própria ferramentas utilizadas no fórum Remoção de Malware. O uso indevido de algumas ferramentas poderá danificar o seu computador ou, no mínimo, remover parcialmente os sinais de uma infecção que serviriam de informação ao analista. A equipe não será responsabilizada por consequências resultantes de uso indevido e/ou não-informado das ferramentas. - Regra nº8 da Remoção de Malwares

Poste um novo log do Hijackthis.

Por favor, observe o seguinte:

  • Não utilize softwares que não foram indicado.
  • Não inicie novo tópico sobre esse problema. Poste suas respostas sempre neste tópico.
  • As análises podem levar algum tempo, portanto seja paciente.
  • As instruções são específicas para o seu computador, e devem ser aplicadas somente nele.
  • Se algo der errado, não importa. Sempre acompanhe seu tópico, informando-me dos resultados, até que seu computador esteja limpo.
  • Aviso: Evite utilizar as tags <QUOTE> ou <CODE> nos logs, isso prejudica a leitura na hora da analise.
  • Por favor, não abandone seu tópico. Para nós é importante saber se a remoção foi bem sucedida.
  • Se você não receber uma resposta minha em até 5 dias. Me envie uma Mensagem Privada (MP)


** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#3
mukabala

mukabala

    Novato

  • Novato
  • Pip
  • 8 posts

Desculpe-me, mas eu apenas segui a orientação que vocês mesmos oferecem nesse endereço: http://www.linhadefe...mocao-de-virus/

 

Lá é solicitada a execução de 3 programas e o envio dos respectivos logs. Caso o procedimento não seja correto, sugiro que retirem imediatamente essa informação do vosso site.

 

Segue log do Hijackthis:

 

 

Logfile of HijackThis v1.99.1
Scan saved at 20:50:19, on 23/4/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\ATKKBService.exe
C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\GIGABYTE\EnergySaver\GSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\TrueCrypt\TrueCrypt.exe
C:\Arquivos de programas\Java\jre7\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Codebox\BitMeter\BitMeter2.exe
C:\Arquivos de programas\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\UPHClean\uphclean.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Arquivos de programas\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\anderson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\anderson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\anderson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\anderson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\anderson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\anderson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\anderson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\anderson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\anderson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\anderson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\anderson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\anderson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\anderson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\anderson\Desktop\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsof...ss/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 54.245.104.20:80
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\anderson\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [TrueCrypt] "C:\Arquivos de programas\TrueCrypt\TrueCrypt.exe" /q preferences /a logon
O4 - Global Startup: Bitmeter2.lnk = C:\Arquivos de programas\Codebox\BitMeter\BitMeter2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Arquivos de programas\iMacros\imacros.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O15 - Trusted Zone: http://www.bancoreal.com.br
O15 - Trusted Zone: www.caixa.gov.br
O15 - Trusted Zone: http://www.santander.com.br
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1234734059578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1234734025187
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsec...GbPluginABN.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify:  GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe
O23 - Service: Gbp Service (GbpSv) -   - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Arquivos de programas\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre7\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre7\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


#4
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 55.060 posts

mukabala,

 

Foi você quem configurou este proxy?

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 54.245.104.20:80


** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#5
mukabala

mukabala

    Novato

  • Novato
  • Pip
  • 8 posts

Sim, eu configurei há algum tempo esse proxy para realizar um teste com um site de jogo de futebol online, mas ele está desabilitado em meus navegadores.

 

Ontem o site da Caixa voltou a funcionar! Acredito que tenha sido algum problema com meu Velox. 

 

Se você com sua experiência enxergar algo em meu log que precise ser limpo, pode me passar as instruções, caso contrário o tópico pode ser fechado.



#6
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 55.060 posts

mukabala,

 

Vamos fazer um trabalho bem feito e investigar logo tudo.

 

Baixe OTL by OldTimer, e salve na sua área de trabalho.

Feche todas as janelas e execute a ferramenta.

Onde diz Saída, marque Padrão
Marque também estas opções:

  • Data de Criação -> mude para 90 dias
  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity
Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar


CREATERESTOREPOINT
netsvcs
%SYSTEMDRIVE%\*.*
%systemdrive%\drivers\*.* /s
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%PROGRAMFILES%\*.*
%userprofile%\configurações locais\dados de aplicativos\*.exe
%userprofile%\configurações locais\dados de aplicativos\*.txt
%userprofile%\configurações locais\dados de aplicativos\*.ini
%userprofile%\configurações locais\dados de aplicativos\*.dat /30
%userprofile%\configurações locais\dados de aplicativos\*.dll
%userprofile%\*.exe
%userprofile%\.txt
%userprofile%\.ini
%userprofile%\.dat /30
%userprofile%\.dll
%windir%\tasks\*.* /s
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.com
%systemroot%\*.scr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP
HKCU\Software\Microsoft\Internet Explorer\Downloads
/md5start
services.*
/md5stop
%systemdrive%\$Recycle.Bin|@;true;true;true /fp


Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão verif.png

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt
Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.
Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.


** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#7
mukabala

mukabala

    Novato

  • Novato
  • Pip
  • 8 posts

Executei o OTL conforme as orientações, mas ele gerou na área de trabalho apenas um arquivo denominado OTL.txt, que segue abaixo. O arquivo Extras não foi gerado.

 

 

OTL logfile created on: 24/4/2013 19:23:29 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\anderson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy
 
2,00 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 64,24% Memory free
3,85 Gb Paging File | 3,17 Gb Available in Paging File | 82,42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 698,63 Gb Total Space | 483,51 Gb Free Space | 69,21% Space Free | Partition Type: NTFS
Drive E: | 552,97 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive X: | 14,53 Gb Total Space | 7,12 Gb Free Space | 48,98% Space Free | Partition Type: NTFS
Drive Y: | 465,73 Gb Total Space | 175,89 Gb Free Space | 37,77% Space Free | Partition Type: NTFS
 
Computer Name: WINDOWSXPPRO | User Name: anderson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/04/24 19:21:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\anderson\desktop\OTL.exe
PRC - [2013/04/04 05:32:53 | 000,181,664 | ---- | M] (Oracle Corporation) -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe
PRC - [2013/03/27 19:56:40 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
PRC - [2013/03/27 19:55:33 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013/03/27 19:55:27 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/03/27 19:55:25 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/03/12 07:32:50 | 000,253,816 | ---- | M] (Oracle Corporation) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
PRC - [2012/02/29 20:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de programas\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011/10/02 07:02:59 | 001,517,520 | ---- | M] (TrueCrypt Foundation) -- C:\Arquivos de programas\TrueCrypt\TrueCrypt.exe
PRC - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2011/03/18 01:24:50 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2011/03/13 07:05:06 | 000,055,576 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe
PRC - [2010/04/02 03:42:36 | 001,462,272 | ---- | M] ( ) -- C:\Arquivos de programas\Codebox\BitMeter\BitMeter2.exe
PRC - [2008/05/13 18:07:24 | 000,080,392 | ---- | M] () -- C:\Arquivos de programas\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2008/04/13 18:21:00 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/25 11:15:48 | 000,262,144 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Arquivos de programas\Canon\CAL\CALMAIN.exe
PRC - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\UPHClean\uphclean.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/12/18 11:28:40 | 000,300,544 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.PTB
MOD - [2012/11/07 08:30:17 | 000,397,088 | ---- | M] () -- C:\Arquivos de programas\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009/02/15 18:53:11 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
MOD - [2009/02/15 18:40:21 | 005,449,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
MOD - [2009/02/15 18:40:18 | 012,428,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll
MOD - [2009/02/15 18:40:08 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll
MOD - [2009/02/15 18:39:16 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2009/02/15 18:39:12 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Arquivos de programas\WinRAR\RarExt.dll
MOD - [2008/05/13 18:07:24 | 000,080,392 | ---- | M] () -- C:\Arquivos de programas\GIGABYTE\EnergySaver\GSvr.exe
MOD - [2008/03/11 05:25:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2007/12/07 14:24:56 | 000,117,256 | ---- | M] () -- C:\Arquivos de programas\GIGABYTE\EnergySaver\ycc.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/04/14 06:11:47 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 05:32:53 | 000,181,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/03/27 19:56:40 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/03/27 19:55:27 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/03/16 08:21:10 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/02/29 20:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Arquivos de programas\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2011/03/13 07:05:06 | 000,055,576 | ---- | M] ( ) [Auto | Running] -- C:\Arquivos de programas\GbPlugin\gbpsv.exe -- (GbpSv)
SRV - [2010/01/09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2008/05/13 18:07:24 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Arquivos de programas\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008/03/25 11:15:48 | 000,262,144 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Arquivos de programas\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Arquivos de programas\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de programas\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | Auto | Stopped] -- System32\drivers\aspi32.sys -- (Aspi32)
DRV - [2013/04/24 18:31:18 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2013/03/27 19:56:47 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/03/27 19:56:47 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/03/27 19:56:47 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/08/27 13:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011/10/02 07:02:59 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2011/03/13 07:05:07 | 000,047,512 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GbpKm.sys -- (GbpKm)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/01/05 02:31:32 | 001,714,176 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)
DRV - [2009/04/24 16:03:10 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Arquivos de programas\LG Soft India\forteManager\bin\PII2CDriver.sys -- (LGII2CDevice)
DRV - [2009/04/24 16:03:10 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Arquivos de programas\LG Soft India\forteManager\bin\I2CDriver.sys -- (LGDDCDevice)
DRV - [2009/01/21 16:28:52 | 000,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SndTAudio.sys -- (SndTAudio)
DRV - [2008/05/07 08:21:40 | 004,739,072 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/04/17 11:57:46 | 000,508,544 | ---- | M] (Windows ® 2000/XP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SndTDriverV32.sys -- (SndTDriverV32)
DRV - [2008/04/13 11:40:32 | 000,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/03/25 11:15:50 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2008/03/25 11:15:50 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D)
DRV - [2008/03/25 11:15:48 | 000,011,136 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2008/02/20 13:47:34 | 000,027,936 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2008/01/03 11:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/01/29 17:12:52 | 000,018,432 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AsusVRC.sys -- (ASUSVRC)
DRV - [2006/06/14 13:44:30 | 000,012,288 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO_XP.sys -- (EIO_XP)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/04/30 09:37:02 | 000,160,640 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\a347bus.sys -- (a347bus)
DRV - [2004/04/30 09:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\a347scsi.sys -- (a347scsi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsof...ss/allinone.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
IE - HKCU\..\SearchScopes,DefaultScope = {245B65B0-62A3-4FF4-BB1D-6D7D3B10B9B3}
IE - HKCU\..\SearchScopes\{245B65B0-62A3-4FF4-BB1D-6D7D3B10B9B3}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{6870216E-4334-47AA-81F8-949683FD335B}: "URL" = http://search.zoneal...Id=&ver=&&r=921
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 54.245.104.20:80
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "{BLD_SEARCH_PLUGIN_NAME}"
FF - prefs.js..browser.search.selectedEngine: "{BLD_SEARCH_PLUGIN_NAME}"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com.br/"
FF - prefs.js..extensions.enabledAddons: %7B87F8774F-B485-47E2-A755-A40A8A5E886D%7D:2.12.1.29.170
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7B87F8774F-B485-47E2-A755-A40A8A5E8874%7D:2.12.3.3.190
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E8874}:2.3.5.41
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.3.0.0
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886D}:1.0.16.12
FF - prefs.js..extensions.enabledItems: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}:1.8.73
FF - prefs.js..network.proxy.backup.ftp: "187.44.14.72"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "201.45.252.245"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "187.44.14.72"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "187.44.14.72"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "187.44.14.72"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "201.45.252.245"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "187.44.14.72"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "www.bancoreal.com.br, .realsecureweb.com.br"
FF - prefs.js..network.proxy.pipelining: "false"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "187.44.14.72"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "187.44.14.72"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Arquivos de programas\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Arquivos de programas\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Arquivos de programas\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Arquivos de programas\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\anderson\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\anderson\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/18 13:14:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2013/03/16 08:21:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2013/03/16 08:21:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/18 13:14:06 | 000,000,000 | ---D | M]
 
[2008/10/04 10:28:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\anderson\Dados de aplicativos\Mozilla\Extensions
[2013/04/17 19:05:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\anderson\Dados de aplicativos\Mozilla\Firefox\Profiles\fjofq5l6.default\extensions
[2013/04/14 20:22:19 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Documents and Settings\anderson\Dados de aplicativos\Mozilla\Firefox\Profiles\fjofq5l6.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2013/02/13 19:48:19 | 000,000,000 | ---D | M] (Modulo de Protecao - Caixa Economica Federal) -- C:\Documents and Settings\anderson\Dados de aplicativos\Mozilla\Firefox\Profiles\fjofq5l6.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D}
[2013/04/17 19:05:34 | 000,000,000 | ---D | M] (Modulo de Protecao - Banco Santander (Brasil) S.A.) -- C:\Documents and Settings\anderson\Dados de aplicativos\Mozilla\Firefox\Profiles\fjofq5l6.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}
[2013/03/02 20:46:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\anderson\Dados de aplicativos\Mozilla\Firefox\Profiles\fjofq5l6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/05/21 15:41:41 | 000,002,396 | ---- | M] () -- C:\Documents and Settings\anderson\Dados de aplicativos\Mozilla\Firefox\Profiles\fjofq5l6.default\searchplugins\askcom.xml
[2013/03/16 08:21:05 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de programas\Mozilla Firefox\extensions
[2013/03/16 08:21:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/03/16 08:21:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/03/16 08:21:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/03/16 08:21:11 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\browsercomps.dll
[2013/02/12 18:10:13 | 000,001,240 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\buscape.xml
[2013/02/12 18:10:13 | 000,001,425 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\mercadolivre.xml
[2013/03/16 08:21:10 | 000,002,086 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\twitter.xml
[2013/02/12 18:10:13 | 000,001,381 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\wikipedia-br.xml
[2013/02/12 18:10:13 | 000,001,165 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\yahoo-br.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\anderson\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\anderson\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\anderson\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Arquivos de programas\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Arquivos de programas\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Arquivos de programas\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Arquivos de programas\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\anderson\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Arquivos de programas\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: iMacros for Chrome = C:\Documents and Settings\anderson\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\6.0.1_0\
CHR - Extension: Click&Clean = C:\Documents and Settings\anderson\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.2_0\
CHR - Extension: FVD Video Downloader = C:\Documents and Settings\anderson\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.0.5_0\
CHR - Extension: Mahjong Solitaire = C:\Documents and Settings\anderson\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc\1.0.0.2_0\
 
O1 HOSTS File: ([2011/07/10 06:36:11 | 000,000,774 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (Banco Real)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [TrueCrypt] C:\Arquivos de programas\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Bitmeter2.lnk = C:\Arquivos de programas\Codebox\BitMeter\BitMeter2.exe ( )
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra Button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Arquivos de programas\iMacros\imacros.dll (iOpus Software GmbH)
O9 - Extra 'Tools' menuitem : Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_04\bin\npjpi160_04.dll (Sun Microsystems, Inc.)
O15 - HKCU\..Trusted Domains: bancoreal.com.br ([www] http in Sites confiáveis)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([www] * in Sites confiáveis)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([www] https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: localhost ([]* in Intranet local)
O15 - HKCU\..Trusted Domains: realsecureweb.com.br ([www] https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: realsecureweb.com.br ([www2] https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: realsecureweb.com.br ([wwws] https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: santander.com.br ([www] http in Sites confiáveis)
O15 - HKCU\..Trusted Domains: santandernet.com.br ([www] https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: secureweb.com.br ([www] https in Sites confiáveis)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Intranet local)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1234734059578 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1234734025187 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} https://wwws.realsec...GbPluginABN.cab (GbPluginObj Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07CC490E-DDF0-42D7-82CA-33A82CD1F4DA}: DhcpNameServer = 192.168.254.254
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginAbn: DllName - (C:\ARQUIV~1\GbPlugin\gbiehabn.dll) - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (Banco Real)
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Alegria.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\anderson\Dados de aplicativos\Mozilla\Firefox\Papel de parede.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Arquivos de programas\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (Banco Real)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/04 08:45:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c65d791c-f6b7-11de-bb6a-001fd0874029}\Shell - "" = AutoRun
O33 - MountPoints2\{c65d791c-f6b7-11de-bb6a-001fd0874029}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c65d791f-f6b7-11de-bb6a-ea527de0b573}\Shell - "" = AutoRun
O33 - MountPoints2\{c65d791f-f6b7-11de-bb6a-ea527de0b573}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ef4dd769-bed1-11dd-ae32-001fd0874029}\Shell\AutoRun\command - "" = D:\npwajy.exe
O33 - MountPoints2\{ef4dd769-bed1-11dd-ae32-001fd0874029}\Shell\explore\Command - "" = D:\npwajy.exe
O33 - MountPoints2\{ef4dd769-bed1-11dd-ae32-001fd0874029}\Shell\open\Command - "" = D:\npwajy.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
========== Files/Folders - Created Within 90 Days ==========
 
[2013/04/22 21:11:47 | 000,354,299 | ---- | C] (Farbar) -- C:\Documents and Settings\anderson\Desktop\FSS.exe
[2013/04/22 21:11:43 | 000,147,456 | ---- | C] (Eric_71) -- C:\Documents and Settings\anderson\Desktop\MbrScan.exe
[2013/04/22 21:11:38 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\anderson\Desktop\HijackThis.exe
[2013/04/22 21:01:49 | 000,000,000 | ---D | C] -- C:\LinhaDefensiva
[2013/04/22 20:29:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\anderson\Dados de aplicativos\Malwarebytes
[2013/04/22 20:29:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware
[2013/04/22 20:29:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes
[2013/04/22 20:29:10 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/04/22 20:29:09 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware
[2013/04/03 06:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\anderson\Desktop\ETS2
[2013/03/31 08:02:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\ZoneAlarm
[2013/03/31 08:02:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2013/03/31 08:02:01 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Zone Labs
[2013/03/31 08:01:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2013/03/28 06:39:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\anderson\Menu Iniciar\Programas\MP3Gain
[2013/03/28 06:39:54 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\MP3Gain
[2013/03/23 07:28:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\anderson\Dados de aplicativos\CheckPoint
[2013/03/23 07:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\CheckPoint
[2013/03/17 08:58:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Euro Truck Simulator 2
[2013/03/17 08:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\anderson\Meus documentos\Euro Truck Simulator 2
[2013/03/16 08:21:04 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Mozilla Firefox
[2013/03/09 15:19:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Programas RFB
[2013/03/09 15:19:13 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Programas RFB
[2013/03/09 15:18:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\anderson\Menu Iniciar\Programas\Programas RFB2013
[2013/02/25 21:01:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\anderson\Configurações locais\Dados de aplicativos\Sun
[2013/02/23 09:24:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\aTube Catcher
[2009/11/28 09:21:37 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\anderson\Dados de aplicativos\pcouffin.sys
[2007/02/12 19:10:44 | 002,682,880 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\VCREDI~3.EXE
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[22 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[2 C:\Documents and Settings\anderson\Meus documentos\*.tmp files -> C:\Documents and Settings\anderson\Meus documentos\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2013/04/24 19:23:01 | 000,001,180 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1960408961-682003330-1004UA.job
[2013/04/24 19:21:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\anderson\Desktop\OTL.exe
[2013/04/24 18:59:16 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/24 18:30:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/24 08:51:22 | 000,331,047 | ---- | M] () -- C:\Documents and Settings\anderson\Desktop\Informe de Rendimentos 2012 - Caixa (Alda).pdf
[2013/04/22 21:11:49 | 000,354,299 | ---- | M] (Farbar) -- C:\Documents and Settings\anderson\Desktop\FSS.exe
[2013/04/22 21:11:44 | 000,147,456 | ---- | M] (Eric_71) -- C:\Documents and Settings\anderson\Desktop\MbrScan.exe
[2013/04/22 21:11:38 | 000,218,112 | ---- | M] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\anderson\Desktop\HijackThis.exe
[2013/04/22 20:29:12 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/21 13:23:00 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1960408961-682003330-1004Core.job
[2013/04/18 20:09:25 | 000,196,608 | ---- | M] () -- C:\WINDOWS\System32\drivers\nStandard.bin
[2013/04/18 20:07:24 | 000,163,328 | ---- | M] () -- C:\Documents and Settings\anderson\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/18 18:28:56 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/17 19:19:46 | 000,002,399 | ---- | M] () -- C:\Documents and Settings\anderson\Desktop\Google Chrome.lnk
[2013/04/13 06:40:55 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/04/06 15:56:44 | 000,208,990 | ---- | M] () -- C:\Documents and Settings\anderson\Desktop\vivasky.JPG
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/03/31 08:02:26 | 000,420,800 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2013/03/31 08:02:10 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2013/03/31 08:02:10 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\anderson\Desktop\ZoneAlarm Security.lnk
[2013/03/27 19:56:47 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013/03/27 19:56:47 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013/03/27 19:56:47 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2013/03/17 08:58:48 | 000,000,887 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Euro Truck Simulator 2.lnk
[2013/03/17 08:54:35 | 579,833,856 | ---- | M] () -- C:\Documents and Settings\anderson\Desktop\Euro.Truck.Simulator 2 FULL- P2P.iso
[2013/03/09 15:19:15 | 000,000,176 | ---- | M] () -- C:\WINDOWS\REC-NET.INI
[2013/02/24 06:38:12 | 000,527,678 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
[2013/02/24 06:38:12 | 000,094,040 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
[2013/02/24 06:38:11 | 000,493,190 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/02/24 06:38:11 | 000,083,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[22 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[2 C:\Documents and Settings\anderson\Meus documentos\*.tmp files -> C:\Documents and Settings\anderson\Meus documentos\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/04/24 08:51:22 | 000,331,047 | ---- | C] () -- C:\Documents and Settings\anderson\Desktop\Informe de Rendimentos 2012 - Caixa (Alda).pdf
[2013/04/22 20:29:12 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/06 15:56:44 | 000,208,990 | ---- | C] () -- C:\Documents and Settings\anderson\Desktop\vivasky.JPG
[2013/03/31 08:02:10 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2013/03/31 08:02:10 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\anderson\Desktop\ZoneAlarm Security.lnk
[2013/03/31 08:02:01 | 000,420,800 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2013/03/17 08:58:48 | 000,000,887 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Euro Truck Simulator 2.lnk
[2013/03/17 08:36:21 | 579,833,856 | ---- | C] () -- C:\Documents and Settings\anderson\Desktop\Euro.Truck.Simulator 2 FULL- P2P.iso
[2012/11/02 21:06:37 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2012/11/02 21:02:17 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\OggEnc.exe
[2012/11/02 21:02:17 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\Lame.exe
[2012/11/02 21:02:17 | 000,076,800 | ---- | C] () -- C:\WINDOWS\System32\Faac.exe
[2012/05/10 18:20:16 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/05/10 18:20:16 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/05/10 18:20:16 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/05/10 18:19:54 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/02/25 07:36:23 | 000,000,176 | ---- | C] () -- C:\WINDOWS\REC-NET.INI
[2012/02/15 19:09:05 | 000,002,979 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat.temp
[2011/09/24 15:20:57 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\anderson\.recently-used.xbel
[2010/11/26 12:05:08 | 000,125,725 | ---- | C] () -- C:\Documents and Settings\anderson\Ficha de Coordenadoria de Estgio em Educao.pdf
[2010/11/26 12:01:10 | 000,038,914 | ---- | C] () -- C:\Documents and Settings\anderson\Estudo caso DP EAD.pdf
[2009/12/10 18:12:22 | 000,015,305 | ---- | C] () -- C:\Documents and Settings\anderson\A_Saga_Crep__sculo__Lua_Nova_2009_TS_Xvid_Dublado_By_Bozano.5183385.TPB.torrent
[2009/11/28 12:59:55 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\anderson\Dados de aplicativos\vso_ts_preview.xml
[2009/11/28 12:59:38 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\anderson\Dados de aplicativos\inst.exe
[2009/11/28 09:21:37 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\anderson\Dados de aplicativos\ezpinst.exe
[2009/11/28 09:21:37 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\anderson\Dados de aplicativos\pcouffin.cat
[2009/11/28 09:21:37 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\anderson\Dados de aplicativos\pcouffin.inf
[2009/02/15 18:37:12 | 000,079,624 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat
[2008/10/04 11:11:12 | 000,163,328 | ---- | C] () -- C:\Documents and Settings\anderson\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2008/11/22 17:54:32 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/04/29 01:34:41 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:56:21 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 18:20:42 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009/11/28 16:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Alawar Stargaze
[2009/12/26 15:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Artist Colony
[2012/05/04 20:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Ask
[2013/04/24 19:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Bitmeter2
[2013/03/23 07:25:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\CheckPoint
[2009/09/19 19:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\DivoGames
[2010/08/22 04:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Electronic Arts
[2012/03/11 07:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Elephant Games
[2010/06/02 20:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\EPSON
[2011/06/16 21:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\gas
[2011/07/31 08:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin
[2009/11/28 14:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\HideAndSecret3
[2008/12/24 14:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\HipSoft
[2009/05/01 10:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\iOpus-i-M
[2012/08/11 17:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Lightcomm
[2010/07/17 17:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Merscom
[2009/08/23 14:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\MumboJumbo
[2011/09/24 15:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Oi
[2012/08/25 14:44:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\OUTLAWS
[2012/11/02 21:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Pianosoft
[2010/07/11 09:14:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PlayFirst
[2009/09/12 18:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PoBros
[2009/09/19 10:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Princess Isabella
[2009/07/20 13:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\RapidSolution
[2012/08/25 14:44:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Remedy
[2009/06/12 14:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Slapdash Games
[2009/09/05 09:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\SulusGames
[2008/11/14 19:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TechSmith
[2011/03/26 08:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP
[2011/10/28 17:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TP-LINK
[2009/12/13 08:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\vsosdk
[2008/10/05 07:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\WinZip
[2012/04/07 14:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\Amaranth Games
[2012/04/09 14:13:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\Artogon
[2009/11/17 15:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\Big Fish Games
[2010/04/29 20:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\Bitmeter2
[2008/10/05 08:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\BSplayer Pro
[2009/12/21 12:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\ChaYoWo Games
[2013/03/23 07:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\CheckPoint
[2012/03/18 08:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\EleFun Games
[2012/03/11 07:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\Elephant Games
[2009/07/28 08:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\Enlightenus
[2009/08/17 07:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\EPSON
[2009/12/22 16:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\ERS G-Studio
[2011/03/28 07:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\Free AVI MPEG WMV MP4 FLV Video Joiner
[2012/11/02 21:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\FreeAudioPack
[2012/04/05 08:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\Friday's games
[2012/03/31 17:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\GameInvest
[2009/08/09 09:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\Games
[2009/06/20 09:44:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\GlarySoft
[2010/03/13 20:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\GrabPro
[2010/11/21 08:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\gtk-2.0
[2009/03/07 07:09:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\InterVideo
[2009/06/20 08:52:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\IObit
[2009/06/06 10:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\IronCode
[2009/07/05 10:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\Leadertech
[2009/09/06 09:24:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\MA
[2010/07/10 13:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\Mariaglorum
[2010/07/17 17:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\Merscom
[2012/04/15 10:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\My Games
[2009/05/01 10:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\Notepad++
[2010/03/13 20:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\Orbit
[2012/03/10 08:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\Orneon
[2009/08/15 19:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\Peace Craft
[2010/07/11 09:14:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\PlayFirst
[2009/09/12 18:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\PoBros
[2012/04/28 16:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\Quest3D
[2010/07/21 20:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\RigNRoll_eng
[2012/04/28 17:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\Roaming
[2009/05/24 18:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\RobinsonCrusoe
[2010/07/09 08:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\Skunk Studios
[2009/09/05 09:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\SulusGames
[2012/12/30 05:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\TeamViewer
[2009/02/15 09:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\temp
[2008/11/22 17:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\Tourney Master 3 ES1 Professional
[2012/07/28 06:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\TrueCrypt
[2009/07/20 13:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\Tunebite
[2013/03/17 08:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\uTorrent
[2009/08/02 09:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\V-Games
[2010/06/28 06:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\VitySoft
[2011/01/30 09:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\Vso
[2009/06/22 10:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\Windows Desktop Search
[2010/01/08 17:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\Windows Search
[2008/12/28 14:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anderson\Dados de aplicativos\World-LooM
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2009/12/05 14:34:24 | 000,330,694 | ---- | M] () -- C:\AnalysisLog.sr0
[2008/10/04 08:45:47 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/10/04 14:14:35 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2001/10/28 10:06:10 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2012/08/29 19:57:21 | 000,369,002 | ---- | M] () -- C:\clickclean3.6.3.0.crx
[2008/10/04 08:45:47 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/11/21 05:40:42 | 000,022,809 | ---- | M] () -- C:\corinthians.jpg
[2008/10/04 09:21:50 | 000,000,197 | ---- | M] () -- C:\csb.log
[2012/05/06 21:58:26 | 000,000,200 | ---- | M] () -- C:\drwtsn32.log
[2010/11/11 14:34:12 | 000,201,728 | ---- | M] (Freebyte.com) -- C:\hjsplit.exe
[2008/10/04 08:45:47 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/03/17 18:59:29 | 000,000,000 | RHS- | M] () -- C:\kht
[2009/07/20 13:33:03 | 000,000,364 | ---- | M] () -- C:\Log.txt
[2008/10/04 08:45:47 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/05/06 17:10:21 | 000,000,000 | ---- | M] () -- C:\Novo(a) Documento de texto.txt
[2008/04/13 08:43:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/13 10:31:44 | 000,251,696 | RHS- | M] () -- C:\ntldr
[2013/04/24 18:30:01 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2008/10/04 09:20:08 | 000,000,488 | ---- | M] () -- C:\RHDSetup.log
[2013/04/24 18:31:17 | 000,000,125 | ---- | M] () -- C:\service.log
[2011/11/13 18:17:20 | 000,000,000 | ---- | M] () -- C:\sms_msoffice.log
[2008/10/04 10:18:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/10/04 10:34:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/10/04 14:05:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/10/04 14:15:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2008/10/04 14:18:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/01/02 21:29:00 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/02/02 21:02:32 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/02/18 22:46:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/03/06 06:25:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2008/10/04 10:18:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/10/04 10:34:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/10/04 14:05:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/10/04 14:15:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008/10/04 14:18:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008/10/04 14:21:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/01/02 21:29:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/02/02 21:02:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/02/18 22:46:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/03/06 06:25:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2013/03/20 19:30:08 | 000,203,264 | ---- | M] () -- C:\TCC JOGOS NO PROCESSO ENSINO APRENDIZAGEM - ALDA.doc
[2009/02/15 08:30:59 | 000,054,178 | ---- | M] () -- C:\test.log
[2012/11/27 17:24:49 | 000,118,149 | ---- | M] () -- C:\wmpChrome.crx
 
< %systemdrive%\drivers\*.* /s >
 
< %systemdrive%\drivers\*.exe >
 
< %systemroot%\system32\drivers\*.* /90 >
[2013/03/27 19:56:47 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\system32\drivers\avgntflt.sys
[2013/03/27 19:56:47 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\system32\drivers\avipbb.sys
[2013/03/27 19:56:47 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\system32\drivers\avkmgr.sys
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2013/04/18 20:09:25 | 000,196,608 | ---- | M] () -- C:\WINDOWS\system32\drivers\nStandard.bin
[22 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]
 
< %PROGRAMFILES%\*.* >
 
< %userprofile%\configurações locais\dados de aplicativos\*.exe >
 
< %userprofile%\configurações locais\dados de aplicativos\*.txt >
 
< %userprofile%\configurações locais\dados de aplicativos\*.ini >
[2013/04/18 20:07:24 | 000,163,328 | ---- | M] () -- C:\Documents and Settings\anderson\configurações locais\dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
< %userprofile%\configurações locais\dados de aplicativos\*.dat /30 >
 
< %userprofile%\configurações locais\dados de aplicativos\*.dll >
 
< %userprofile%\*.exe >
 
< %userprofile%\.txt >
 
< %userprofile%\.ini >
 
< %userprofile%\.dat /30 >
 
< %userprofile%\.dll >
 
< %windir%\tasks\*.* /s >
[2013/04/24 18:59:16 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2001/10/28 10:07:04 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\tasks\desktop.ini
[2013/04/21 13:23:00 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1960408961-682003330-1004Core.job
[2013/04/24 19:23:01 | 000,001,180 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1960408961-682003330-1004UA.job
[2013/04/24 18:30:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2008/10/04 08:45:25 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\*.scr >
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >
"DefaultConnectionSettings" = 46 00 00 00 73 02 00 00 01 00 00 00 10 00 00 00 35 34 2E 32 34 35 2E 31 30 34 2E 32 30 3A 38 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 77 87 35 1C 26 C9 01 01 00 00 00 C0 A1 01 E1 00 00 00 00 00 00 00 00 00 00 00 00  [binary data]
"SavedLegacySettings" = 46 00 00 00 F8 62 00 00 01 00 00 00 10 00 00 00 35 34 2E 32 34 35 2E 31 30 34 2E 32 30 3A 38 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 77 87 35 1C 26 C9 01 01 00 00 00 C0 A1 01 E1 00 00 00 00 00 00 00 00 00 00 00 00  [binary data]
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations >
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments >
 
< HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\CTFMON.EXE -- [2008/04/13 18:20:56 | 000,015,360 | ---- | M] (Microsoft Corporation)
 
< HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP >
 
< HKCU\Software\Microsoft\Internet Explorer\Downloads >
 
< MD5 for: SERVICES  >
[2001/10/28 10:07:26 | 000,006,953 | ---- | M] () MD5=89ABDE406B847C6C8B4BEAA1E0B42BEE -- C:\WINDOWS\system32\drivers\etc\services
 
< MD5 for: SERVICES.ASFX  >
[2012/12/18 11:28:40 | 000,002,634 | ---- | M] () MD5=912DD5C0C7C8D7572AD598414D56E24A -- C:\Arquivos de programas\Adobe\Reader 10.0\Reader\Locale\pt_BR\Services\Services.asfx
 
< MD5 for: SERVICES.ASFX9  >
[2011/06/06 12:55:34 | 000,000,636 | R--- | M] () MD5=E1EA7707C24F5A84850D5659CA376594 -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA76401B744AA0100000010\10.1.0\services.asfx9
 
< MD5 for: SERVICES.CFG  >
[2012/12/18 11:28:18 | 000,558,791 | ---- | M] () MD5=A9983CC532F9B3FB1E87918D2313731D -- C:\Arquivos de programas\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA76401B744AA0100000010\10.1.0\services.cfg
 
< MD5 for: SERVICES.CNF  >
[2005/06/20 16:29:23 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Documents and Settings\anderson\Meus documentos\Minhas Webs\_vti_pvt\services.cnf
 
< MD5 for: SERVICES.EXE  >
[2009/02/09 08:17:04 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=38867483E0CB504BB8F277E05729881E -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009/02/09 08:17:04 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=38867483E0CB504BB8F277E05729881E -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/09 08:17:04 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=38867483E0CB504BB8F277E05729881E -- C:\WINDOWS\system32\services.exe
[2009/02/09 08:25:05 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=C52DEB6D8CD4B096BF1A9EC001F36507 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 18:21:18 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=EE7999BAACA84CFAA03726E677EE2A33 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe
 
< MD5 for: SERVICES.LOG  >
[2010/08/21 10:53:07 | 000,012,381 | ---- | M] () MD5=B5A4C0BA9FF583D0205872F1D0183A1D -- C:\Documents and Settings\anderson\Dados de aplicativos\RigNRoll_eng\GameWorld\warnings\services.log
 
< MD5 for: SERVICES.MSC  >
[2001/10/28 10:07:26 | 000,033,074 | ---- | M] () MD5=420018D54146F64F42AC7D60525549F3 -- C:\WINDOWS\system32\services.msc
 
< MD5 for: SERVICES.PNG  >
[2013/04/06 20:46:51 | 000,000,653 | ---- | M] () MD5=F4FFE88C8F84EE82D9EB026D42F449D4 -- C:\Documents and Settings\anderson\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.2_0\i\menu\services.png
 
< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:5EF1AD34
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:5E9B629B
@Alternate Data Stream - 262 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:18BFD8F8
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:9638A27E
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:E80802C7
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:CF61CE5A
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:436DEE1E
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:8DF68137
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:EEB25EAE
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:A4510F75
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:870649A4
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:569CEE83
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:A58B27C9
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:957E9765
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:12EA4DC9
 
< End of report >


#8
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 55.060 posts

mukabala,

 

Acesse o VirusTotal.com

Clique no botão Choose File e localize o arquivo abaixo.

C:\WINDOWS\system32\drivers\a347bus.sys

Depois clique no botão Scan it!

Aguarde a análise terminar, depois copie o link que estará na barra de endereço do seu navegador e cole na sua próxima resposta. Exemplo:

https://www.virustot...sis/1331728637/

Obs: Se você usar o VirusTotal, caso o arquivo já tenha sido analisado anteriormente pelo site, você verá uma imagem semelhante a esta:

virustotalrt7.jpg

Se isso acontecer, reanalise o arquivo.


** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#9
mukabala

mukabala

    Novato

  • Novato
  • Pip
  • 8 posts

Arquivo analisado:

 

https://www.virustot...sis/1366928675/



#10
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 55.060 posts

mukabala,

 

Selecione e copie o texto dentro do CODE, clique com o direito sobre a seleção e escolha a opção copiar:

OBS: Certifique-se de copiar começando pela letra e sinal de dois pontos ": O" de OTL.

:OTL
IE - HKCU\..\SearchScopes\{6870216E-4334-47AA-81F8-949683FD335B}: "URL" = http://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&q=%7BsearchTerms%7D&gu=e75661bd82184331b46bcdb29b4f7e86&tu=10Q80007D2B000v&sku=&tstsId=&ver=&&r=921
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
[2012/05/04 20:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Ask
[2009/03/17 18:59:29 | 000,000,000 | RHS- | M] () -- C:\kht
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:5EF1AD34
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:5E9B629B
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:18BFD8F8
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:9638A27E
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:E80802C7
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:CF61CE5A
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:436DEE1E
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:8DF68137
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:EEB25EAE
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:A4510F75
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:870649A4
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:569CEE83
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:A58B27C9
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:957E9765
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:12EA4DC9

:Commands
[createrestorepoint]
[purity]
[emptytemp]

Clique com o direito sobre o arquivo OTL.exe, depois clique em execadmin.png.

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).

Clique no botão fixotl.png

O programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log
** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#11
mukabala

mukabala

    Novato

  • Novato
  • Pip
  • 8 posts
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6870216E-4334-47AA-81F8-949683FD335B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6870216E-4334-47AA-81F8-949683FD335B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
C:\Documents and Settings\All Users\Dados de aplicativos\Ask\APN-Stub\ATU2 folder moved successfully.
C:\Documents and Settings\All Users\Dados de aplicativos\Ask\APN-Stub folder moved successfully.
C:\Documents and Settings\All Users\Dados de aplicativos\Ask folder moved successfully.
C:\kht moved successfully.
ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:5EF1AD34 deleted successfully.
ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:5E9B629B deleted successfully.
ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:18BFD8F8 deleted successfully.
ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:9638A27E deleted successfully.
ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:E80802C7 deleted successfully.
ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:CF61CE5A deleted successfully.
ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:436DEE1E deleted successfully.
ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:8DF68137 deleted successfully.
ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:EEB25EAE deleted successfully.
ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:A4510F75 deleted successfully.
ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:870649A4 deleted successfully.
ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:569CEE83 deleted successfully.
ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:A58B27C9 deleted successfully.
ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:957E9765 deleted successfully.
ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:12EA4DC9 deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
 
[EMPTYTEMP]
 
User: All Users
 
User: Ander
 
User: anderson
->Temp folder emptied: 3801256 bytes
->Temporary Internet Files folder emptied: 628392674 bytes
->Java cache emptied: 2273258 bytes
->FireFox cache emptied: 887123760 bytes
->Google Chrome cache emptied: 509657225 bytes
->Flash cache emptied: 90836 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 400868 bytes
 
User: LocalService
->Temp folder emptied: 66680 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 3599190 bytes
 
User: NetworkService
->Temp folder emptied: 1893846 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: UpdatusUser
->Temp folder emptied: 520 bytes
->Temporary Internet Files folder emptied: 400868 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2339411 bytes
%systemroot%\System32 .tmp files removed: 5335961 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 2123264 bytes
Windows Temp folder emptied: 1342201 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.954,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04252013_221356
 
Files\Folders moved on Reboot...
C:\Documents and Settings\anderson\Configurações locais\Temp\~DF5D4E.tmp moved successfully.
File\Folder C:\WINDOWS\temp\ZLT0650f.TMP not found!
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...


#12
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 55.060 posts

mukabala,

 

   Desative temporiariamente seu AntiVirus 

  • Utilize o Navegador Internet Explorer para utilizar o serviço!
  • Acesse o site    AQUI   
  • Faça o scan de acordo com a imagem abaixo:

    nWRSC.gif
  • Ao final da verificação clique em List of found threats, clique em Export to text file... e marque a caixa "Delete Quarantined files", clique em [FINISH]
    Será gerado um relatório, que estará em:

C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt

Poste esse log.


** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#13
mukabala

mukabala

    Novato

  • Novato
  • Pip
  • 8 posts
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7a54c656ffaad645bc5304a6c9442d37
# engine=13707
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-04-26 11:32:40
# local_time=2013-04-26 08:32:40 (-0300, Hora oficial do Brasil)
# country="Brazil"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1799 16775165 100 97 0 136754465 0 0
# compatibility_mode=5892 16776574 100 100 12434649 206850706 0 0
# compatibility_mode=9217 16777214 75 70 1373374 65680472 0 0
# scanned=78352
# found=6
# cleaned=6
# scan_time=4951
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting (after the next restart) - quarantined)" ac=C fn="C:\Arquivos de programas\Avira\AntiVir Desktop\apnic.dll"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting (after the next restart) - quarantined)" ac=C fn="C:\Arquivos de programas\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=D436DECEDB5BAAB304BA66B3AD740D1166E4BADF ft=0 fh=0000000000000000 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\anderson\Configurações locais\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\45\2601e1ad-5adfb2ee"
sh=2FC2047ADACEF51DB6985979E9684543033BA118 ft=0 fh=0000000000000000 vn="Win32/Tifaut.C worm (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\autorun.i"
sh=5F1F1C988A64E129DFB3BFC2CAF4B6768A0A3E13 ft=0 fh=0000000000000000 vn="Win32/Tifaut.C worm (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\autorun.in"
sh=886271A59B6E513DE79B853354A67CB9D0B6F9E0 ft=1 fh=e47de79839fbeae1 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\_OTL\MovedFiles\04252013_221356\C_Documents and Settings\All Users\Dados de aplicativos\Ask\APN-Stub\ATU2\APNIC.dll"


#14
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 55.060 posts

mukabala,

 

Para finalizar:

  • Execute o OTL.exe
    Clique no botão Botao_Limpeza_OTL.png.

    Permita que seu computador seja reiniciado.


  • iconjava.png Atualize o Java. Versões antigas têm vunerabilidades que alguns malwares podem usar para infectar seu sistema.
    • Faça download da última versão do Java SE 7u21.
    • Clique em JRE Download
    • Marque a caixa Accept License Agreement..
    • Clique no link para download Windows x86 Offline 30.2 MB jre-7u21-windows-i586.exe e salve no seu desktop.
    • Feche qualquer programa que esteja executando, especialmente navegadores.
    • Vá em Iniciar > Painel de Controle duplo clique em Adicionar ou Remover Programas e remova todas as versões antigas do Java.
      Exemplos de versões antigas
      Java 2 Runtime Environment, SE v1.4.2
      J2SE Runtime Environment 5.0
      J2SE Runtime Environment 5.0 Update 6
    • Selecione qualquer item com nome Java Runtime Environment (JRE ou J2SE).
    • Clique no botão Remover ou Alterar/Remover.
    • Repita quantas vezes for necessária para remover cada versão do Java.
    • Reincie seu computador uma vez que todas as versões do Java tenham sido removidas.
    • Agora vá no seu desktop, clique duas vezes em jre-7u21-windows-i586.exe para instalar a mais nova versão.
    • ATENÇÃO: Desmarque a caixa de instalação da ASK Toolbar.


  • iconadobe.png  Atualize o Adobe Reader. Versões antigas têm vulnerabilidades que são exploradas por malwares.

    Clique aqui e instale a mais nova versão.

  • iconflash.png Mantenha o Flash Player atualizado. Versões antigas também têm vulnerabilidades que são exploradas por malwares. Clique nos dois links abaixo e baixe a versão mais atual:
    http://download.macr...11_active_x.exe
    http://download.macr...r_11_plugin.exe

  • worm.png Worms USB (vírus de pendrive) podem infectar qualquer tipo de dispositivo de armazenamento removível (pendrives, mp3, mp4, celulares, cartões de memória, câmeras fotográficas). Este tipo de malware explora um recurso nativo do Windows chamado Autorun, ou Autoplay (é aquele assistente que aparece quando você insere um cd ou pendrive, perguntando com qual programa você deseja abri-lo). O Autoplay precisa de um arquivo chamado autorun.inf para funcionar.

    Mantenha um cópia limpa e protegida do arquivo autorun.inf em todos os dispositivos removíveis e em todas as unidades do sistema. Deste modo, se acaso você plugar o seu pendrive em algum pc infectado, o malware não vai conseguir sobreescrever o arquivo pré-existente. Mas ainda assim ele poderá copiar seus executáveis maliciosos para o pendrive, tais como .EXE, .SCR, .CMD, .PIF, .BAT, .COM.
    Se você plugar este pendrive em uma máquina limpa e executar algum desses arquivos maliciosos, esse sistema será infectado da mesma forma. Portanto, tenha cuidado e use o bom senso.

    Para criar um arquivo autorun.inf protegido no Windows XP:

    Faça o download do Flash_Disinfector.exe e salve na sua área de trabalho.
    • Conecte todos os dispositivos de armazenamento removível nas portas USBs. Salve o que achar necessário, EXCETO arquivos executáveis, depois formate as mídias, indo em Meu Computador e clicando com o direito sobre a unidade da mídia, escolhendo a opção "Formatar"
    • Execute o Flash_Disinfector.exe.
    • Vá seguindo os prompts que poderão aparecer.
    • Espere até que o programa conclua a busca e depois saia do programa.


    Para Windows Vista e 7: Panda USB Vaccine

  • TFC_icon.pngPara manutenção de sistema, remoção de arquivos temporários e inválidos, baixe TFC, by OldTimer.

    Feche TODOS os programas e execute o TFC. Clique no botão Start e aguarde. Sua área de trabalho irá desaparecer, não se preocupe, isso faz parte do processo.

    Tenha paciência, conforme a quantidade de dados a serem excluídos, o processo pode demorar mais de 2 minutos.

    Quando terminar, você será solicitado a reiniciar seu computador. REINICIE.

    Caso não lhe seja solicitado, reinicie manualmente.

  • iconwu.pngVisite o Windows Update regularmente e verifique por atualizações.
    Novas brechas de segurança são descobertas com freqüência. Muitos malwares exploram essas brechas, infectando sistemas sem depender de nenhuma ação do usuário. A Microsoft corrige essas brechas através das atualizações.
    Por isso é fundamental manter o seu sistema atualizado.


  • Aprenda alguns cuidados e dicas para manter seu computador limpo. Leia o artigo Proteja seu pc:
    http://linhadefensiv...proteja-seu-pc/

  • Se não há mais nenhum problema relacionado a malwares, clique no botão denunld.png e peça para fecharem seu tópico.


Se você tiver alguma dúvida relacionada a informática e tecnologia, sinta-se à vontade para postar em qualquer área do forum Linha Defensiva.


** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#15
mukabala

mukabala

    Novato

  • Novato
  • Pip
  • 8 posts

Agradeço muito sua atenção e prestatividade. É um ótimo trabalho que o Linha Defensiva oferece aos visitantes.

 

Vou fechar o tópico.



#16
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 55.060 posts
PROBLEMA RESOLVIDO
 
Caso queira solicitar a reabertura do tópico, utilize o botão Denunciar para entrar em contato com a moderação.

Nota: Somente o autor pode realizar essa solicitação na área Remoção de Malware.
** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota