electra

O hotmail não está abrindo no Google Chrome

21 posts neste tópico

Havia postado no tópico de e-mail, mas pelo que fui contando, fui orientada a abrir aqui.

 

Olá!

Toda vez que tento entrar no hotmail pelo Google Chrome aparece a seguinte mensagem: 

Sua conexão não é particular

Invasores podem estar tentando roubar suas informações de blu169.mail.live.com (por exemplo, senhas, mensagens ou cartões de crédito).

RecarregarOcultar detalhes

blu169.mail.live.com geralmente usa criptografia para proteger suas informações. Quando o Google Chrome tentou se conectar a blu169.mail.live.com desta vez, o website retornou credenciais incomuns e incorretas. Isso significa que um invasor está fingindo ser blu169.mail.live.com, ou que uma tela de login por Wi-Fi interrompeu a conexão. Suas informações ainda estão protegidas, porque o Chrome interrompeu a conexão antes que os dados fossem trocados.

Não é possível acessar blu169.mail.live.com no momento, porque o website usa HSTS. Ataques e erros de rede geralmente são temporários. Portanto, essa página deve funcionar mais tarde.

NET::ERR_CERT_COMMON_NAME_INVALID

 

Fala tipo erro de privacidade. E diz que o certificado de segurança não está atualizado.
Horário e data estão ok, assim como o Chrome está atualizado e o cookies apagados.

Ah, consigo entrar no IE, mas ele também alerta que pode não ser seguro e pergunta se quero seguir. 

 

 

FSS.txt

MbrScan.log

ZA-Scan.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

electra,

 

NÃO tente realizar sozinho nenhum procedimento de limpeza. Em especial, não execute por conta própria ferramentas utilizadas no fórum Remoção de Malware. O uso indevido de algumas ferramentas poderá danificar o seu computador ou, no mínimo, remover parcialmente os sinais de uma infecção que serviriam de informação ao analista. A equipe não será responsabilizada por consequências resultantes de uso indevido e/ou não informado das ferramentas. - Regra nº8 da Remoção de Malwares

Por favor anexe um novo log da ZA-Scan.

Por favor, observe o seguinte:

  • Não utilize softwares que não foram indicados.
  • Não inicie novo tópico sobre esse problema. Poste suas respostas sempre neste tópico.
  • Clique em Seguir este tópico, segutpld.png,
    para que receba notificação por e-mail quando o mesmo for respondido.
    Você também pode verificar os tópicos assinados usando a opção Conteúdo que sigo acessível através do Painel de Controle do fórum.
  • As análises podem levar algum tempo, portanto seja paciente.
  • As instruções são específicas para o seu computador, e devem ser aplicadas somente nele.
  • Se algo der errado, não importa. Sempre acompanhe seu tópico, informando-me dos resultados, até que seu computador esteja limpo.
  • Aviso: Evite utilizar as tags <QUOTE> ou <CODE> nos logs, isso prejudica a leitura na hora da analise.
  • Por favor, não abandone seu tópico. Para nós é importante saber se a remoção foi bem sucedida.
  • Se em algum momento da análise ficar constatado que trata-se de um PC de empresa, o tópico será sumariamente fechado e sem possibilidade de reabertura.
  • Se você não receber uma resposta minha em até 5 dias. Me envie uma Mensagem Privada (MP)
  • Não execute as ferramentas indicadas mais de uma vez para não sobrescrever os logs gerados, exceto se for orientado para isto.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ok.
Só um aviso, esse computador é da minha casa e viajo para trabalhar na segunda e só volto na sexta, então nesses dias posso ver a orientação, mas não terei acesso a ele, só na sexta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

electra,

 

1)

Faça o download da ferramenta Shortcut Cleaner e salve na sua área de trabalho:
http://www.bleepingcomputer.com/download/shortcut-cleaner/

Clique no botão para iniciar o download da ferramenta: sc-cleaner_zps69359cb4.png

Execute o sc-cleaner.exe

Após o termino da execução uma mensagem irá aparecer informando que terminou. Clique em OK e um bloco de notas será aberto.

Anexe este log na sua próxima resposta.

2)

Baixe o AdwCleaner e salve no desktop.
https://toolslib.net/downloads/viewdownload/1-adwcleaner/

Execute o arquivo adwcleaner.exe

*** Usuários do Windows Vista ou Windows 7/8.1 clique com o direito sobre o arquivo adwcleaner.exe, depois clique em execadmin.png.

Clique no botão Examinar e aguarde o exame finalizar.

Clique no botão Limpar.

Abrirá um bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.

3)

Desative temporariamente seu antivírus, anti spywares e firewall, para não causar conflitos.

Baixe 1268r49.png e salve no desktop.

Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

*** Usuários do Windows Vista ou Windows 7/8.1 Clique com o direito sobre o arquivo JRT.exe, depois clique em execadmin.png.

A ferramenta começará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

4)

Baixe o Malwarebytes' Anti-Malware (MBAM)
http://malwarebytes.org/mbam-download.php

Dê um duplo-clique no mbam-setup.exe, para a instalação.

  • Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO.
  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware (se houver) e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, caso o programa tenha sido instalado em Inglês, com o programa aberto, clique em Settings e no campo Language mude para Portuguese (Brasil).
  • Ainda na tela de Configurações, clique em Detecção e proteção, marque Verificar por Rootkits. Em Detecções PUP (programas potencialmente indesejados):, selecione Tratar detecções como malware.
  • Clique em Verificar em seguida Verificar Ameaça por fim clique em Verificar Agora >>.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, se houver itens encontrados, clique no botão Exportar Log -> Arquivo texto (*.txt) e salve-o na sua área de trabalho.
  • Clique em Aplicar Ações.
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e caso não consiga salva-lo será possível vê-lo clicando na aba Histórico -> Logs de aplicativos na janela principal do programa após a desinfecção ter sido realizada.
  • NÃO USE O FORMATO .XML PARA EXPORTAR O LOG.
  • O log de Proteção é desnecessário para a análise, exporte sempre o log correto.
  • Anexe este log na sua próxima resposta.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

1 pessoa curtiu isso

Compartilhar este post


Link para o post
Compartilhar em outros sites

electra,

 

Baixe OTL by OldTimer, e salve na sua área de trabalho.
http://oldtimer.geekstogo.com/OTL.exe

Clique com o direito sobre o arquivo OTL.exe, depois clique em execadmin.png.

Onde diz Saída, marque Padrão
Marque também estas opções:

  • Data de Criação -> mude para 90 dias
  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar


CREATERESTOREPOINT
netsvcs
%systemroot%\system32\drivers\*.* /90
%systemdrive%\drivers\*.exe
%SYSTEMDRIVE%\*.*
%LOCALAPPDATA%\*.exe
%LOCALAPPDATA%\*.txt
%LOCALAPPDATA%\*.ini
%LOCALAPPDATA%\*.dll
%LOCALAPPDATA%\*.dat
%USERPROFILE%\*.exe
%USERPROFILE%\*.txt
%USERPROFILE%\*.ini
%USERPROFILE%\*.dll
%USERPROFILE%\*.dat /30
C:\windows\system32\Tasks\*.* /s
C:\windows\system32\Tasks\*.* /s /64
%windir%\tasks\*.* /s
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.com
%systemroot%\*.scr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão verif.png

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt
Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.
Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do fórum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
OTL logfile created on: 08/01/2015 20:49:37 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Cristiano\Desktop\ZAScan

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17501)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

 

1,88 Gb Total Physical Memory | 0,29 Gb Available Physical Memory | 15,61% Memory free

3,76 Gb Paging File | 1,42 Gb Available in Paging File | 37,62% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 923,67 Gb Total Space | 871,85 Gb Free Space | 94,39% Space Free | Partition Type: NTFS

 

Computer Name: CRISTIANO-PC | User Name: Cristiano | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

 

========== Processes (SafeList) ==========

 

PRC - [2015/01/08 20:44:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cristiano\Desktop\ZAScan\OTL.exe

PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2014/12/05 22:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

PRC - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

PRC - [2014/11/21 06:12:46 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

PRC - [2014/11/17 19:03:11 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe

PRC - [2014/09/29 10:11:56 | 000,546,104 | ---- | M] (GAS Tecnologia) -- C:\PROGRA~2\GbPlugin\GbpSv.exe

PRC - [2014/07/12 10:40:26 | 000,518,968 | ---- | M] (GAS Tecnologia LTDA) -- C:\Program Files (x86)\Diebold\Warsaw\core.exe

PRC - [2014/05/21 11:34:38 | 000,049,464 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe

PRC - [2014/04/20 16:15:58 | 000,233,552 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe

PRC - [2014/04/20 16:15:18 | 000,192,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe

PRC - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2014/12/05 22:50:51 | 014,913,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

MOD - [2014/12/05 22:50:50 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll

MOD - [2014/12/05 22:50:46 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll

MOD - [2014/12/05 22:50:45 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll

MOD - [2014/12/05 22:50:44 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2014/11/21 23:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2014/04/29 12:45:55 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)

SRV:64bit: - [2009/07/13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2015/01/01 17:50:37 | 000,058,368 | ---- | M] (The Security Team) [Auto | Running] -- C:\Arquivos de Programas\Common Files\WWS\Watchdog.exe -- (WatchdogService)

SRV - [2015/01/01 17:30:55 | 000,077,312 | ---- | M] (Greenwichers) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Clocker\Clocker.exe -- (ClockerService)

SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2014/12/09 23:16:32 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2014/09/29 10:11:56 | 000,546,104 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv)

SRV - [2014/07/12 10:40:26 | 000,518,968 | ---- | M] (GAS Tecnologia LTDA) [Auto | Running] -- C:\Program Files (x86)\Diebold\Warsaw\core.exe -- (Warsaw Technology)

SRV - [2014/05/21 11:34:38 | 000,049,464 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)

SRV - [2014/04/29 13:14:50 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)

SRV - [2014/04/29 12:31:43 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2014/04/20 16:15:58 | 000,233,552 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe -- (AVP15.0.0)

SRV - [2014/03/20 19:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2014/01/28 11:44:56 | 002,412,344 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)

SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)

SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2009/12/31 10:17:42 | 000,013,664 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Auto | Running] -- C:\Arquivos de Programas\Aladdin\eToken\PKIClient\x64\eTSrv.exe -- (eTSrv)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2015/01/08 20:31:29 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)

DRV:64bit: - [2014/11/29 21:40:03 | 000,793,800 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)

DRV:64bit: - [2014/11/29 21:40:03 | 000,141,320 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klflt.sys -- (klflt)

DRV:64bit: - [2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)

DRV:64bit: - [2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2014/04/29 12:45:56 | 002,182,768 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV:64bit: - [2014/04/29 12:32:03 | 005,358,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2014/04/10 17:25:34 | 000,243,808 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klhk.sys -- (klhk)

DRV:64bit: - [2014/03/28 17:51:04 | 000,028,768 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)

DRV:64bit: - [2014/03/26 17:05:28 | 000,179,296 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)

DRV:64bit: - [2014/03/25 16:26:04 | 000,055,904 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)

DRV:64bit: - [2014/03/19 15:23:20 | 000,050,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2014/02/25 13:09:02 | 000,030,304 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)

DRV:64bit: - [2014/02/20 12:59:04 | 000,457,824 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)

DRV:64bit: - [2013/10/01 23:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2013/08/08 17:11:00 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)

DRV:64bit: - [2013/04/12 15:34:48 | 000,015,456 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klpd.sys -- (klpd)

DRV:64bit: - [2012/08/23 11:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 11:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012/06/12 22:00:48 | 000,726,160 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/21 00:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2010/11/21 00:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2008/07/30 11:45:40 | 000,062,632 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aksifdh.sys -- (AKSIFDH)

DRV:64bit: - [2008/07/30 11:45:40 | 000,044,712 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksup.sys -- (AKSUP)

DRV - [2014/01/06 15:05:12 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)

DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://br.search.yahoo.com/yhs/search?hspart=nzn&hsimp=yhs-nzn_test&p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.br/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = https://br.search.yahoo.com/yhs/web?hspart=nzn&hsimp=yhs-nzn_test

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B6 50 C1 84 BE 63 CF 01  [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

 

 

========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@kaspersky.com/content_blocker: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014/11/29 21:40:26 | 000,000,000 | ---D | M]

FF - HKLM\Software\MozillaPlugins\@kaspersky.com/online_banking: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014/11/29 21:40:26 | 000,000,000 | ---D | M]

FF - HKLM\Software\MozillaPlugins\@kaspersky.com/virtual_keyboard: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014/11/29 21:40:27 | 000,000,000 | ---D | M]

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014/11/29 21:40:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014/11/29 21:40:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014/11/29 21:40:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014/11/29 21:40:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014/11/29 21:40:26 | 000,000,000 | ---D | M]

 

 

O1 HOSTS File: ([2015/01/08 13:51:55 | 000,000,862 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com

O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4:64bit: - HKLM..\Run: [eTMonitor] C:\Program Files\Aladdin\eToken\PKIClient\x64\PKIMonitor.exe (Aladdin Knowledge Systems, Ltd.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [Diebold - Warsaw] C:\Program Files (x86)\Diebold\Warsaw\core.exe (GAS Tecnologia LTDA)

O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\SearchScopes present

O8:64bit: - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8:64bit: - Extra context menu item: Adicionar ao Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm ()

O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: Adicionar ao Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm ()

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O9:64bit: - Extra Button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

O9:64bit: - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra Button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

O9 - Extra Button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: itau.com.br ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: itau.com.br ([bankline] * in Trusted sites)

O15 - HKCU\..Trusted Domains: itau.com.br ([clickbanking] * in Trusted sites)

O15 - HKCU\..Trusted Domains: itau.com.br ([guardiao] * in Trusted sites)

O15 - HKCU\..Trusted Domains: itau.com.br ([www] * in Trusted sites)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDE7D3A3-6C2C-4461-BB26-08A0A6DD7ABF}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found

O20 - Winlogon\Notify\ GbPluginUni: DllName - (C:\Program Files (x86)\GbPlugin\gbiehUni.dll) - C:\Program Files (x86)\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)

O20 - Winlogon\Notify\ScCertProp  : DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2015/01/02 00:42:43 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{224d090f-9353-11e4-b7da-ac220bbd981b}\Shell - "" = AutoRun

O33 - MountPoints2\{224d090f-9353-11e4-b7da-ac220bbd981b}\Shell\AutoRun\command - "" = E:\.\ShowModem.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

 

========== Files/Folders - Created Within 90 Days ==========

 

[2015/01/05 23:14:33 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\12144F96.sys

[2015/01/04 22:26:01 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2015/01/04 22:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

[2015/01/04 22:25:21 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys

[2015/01/04 22:25:21 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys

[2015/01/04 22:25:21 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2015/01/04 22:25:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware

[2015/01/04 22:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2015/01/04 22:13:20 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2015/01/04 22:05:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2015/01/04 15:27:51 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\GAS Tecnologia

[2015/01/04 15:27:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diebold

[2015/01/02 21:09:24 | 000,000,000 | ---D | C] -- C:\zoek_backup

[2015/01/02 21:08:23 | 000,000,000 | ---D | C] -- C:\Users\Cristiano\Desktop\ZAScan

[2015/01/02 02:54:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt

[2015/01/02 02:25:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TBD

[2015/01/02 00:42:13 | 000,000,000 | ---D | C] -- C:\Users\Cristiano\Start Menu

[2015/01/02 00:38:15 | 000,000,000 | ---D | C] -- C:\Users\Cristiano\AppData\Local\Skype

[2015/01/02 00:38:02 | 000,000,000 | ---D | C] -- C:\Users\Cristiano\AppData\Roaming\Skype

[2015/01/02 00:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

[2015/01/01 18:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup

[2015/01/01 18:12:29 | 000,000,000 | ---D | C] -- C:\Users\Cristiano\VirtualBox VMs

[2015/01/01 18:04:37 | 000,000,000 | ---D | C] -- C:\Users\Cristiano\.VirtualBox

[2015/01/01 18:02:39 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle

[2015/01/01 17:45:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE

[2015/01/01 17:31:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Clocker

[2015/01/01 17:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\WWS

[2014/12/12 20:05:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache

[2014/12/10 14:28:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser

[2014/12/09 09:36:55 | 000,000,000 | ---D | C] -- C:\Users\Cristiano\AppData\Local\ElevatedDiagnostics

[2014/11/29 20:24:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security

[2014/11/29 20:20:19 | 000,243,808 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klhk.sys

[2014/11/23 22:05:29 | 000,000,000 | ---D | C] -- C:\Users\Cristiano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView

[2014/11/23 22:05:19 | 000,000,000 | ---D | C] -- C:\Users\Cristiano\AppData\Roaming\IrfanView

[2014/11/23 22:05:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView

[2014/11/19 12:36:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2014/11/19 11:14:45 | 000,000,000 | ---D | C] -- C:\Users\Cristiano\Documents\Java

[2014/11/19 11:10:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Baidu Security

[2014/11/17 18:35:50 | 000,000,000 | ---D | C] -- C:\Users\Cristiano\AppData\Roaming\vlc

[2014/11/17 18:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2014/11/17 18:35:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN

[2014/11/17 14:02:28 | 000,000,000 | ---D | C] -- C:\Users\Cristiano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas Secretaria da Fazenda

[2014/11/14 17:02:28 | 000,000,000 | -HSD | C] -- C:\Users\Cristiano\AppData\Local\EmieBrowserModeList

[2014/11/12 10:59:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2014/11/12 10:59:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2014/11/12 10:59:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2014/10/28 17:19:15 | 000,000,000 | ---D | C] -- C:\FFOutput

[2014/10/28 17:17:36 | 000,000,000 | ---D | C] -- C:\Users\Cristiano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory

[2014/10/28 17:16:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeTime

[2014/10/28 16:34:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake

[1 C:\Users\Cristiano\*.tmp files -> C:\Users\Cristiano\*.tmp -> ]

 

========== Files - Modified Within 90 Days ==========

 

[2015/01/08 20:37:35 | 000,031,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2015/01/08 20:37:35 | 000,031,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2015/01/08 20:31:29 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2015/01/08 20:29:59 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2015/01/08 20:29:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2015/01/08 20:29:38 | 1515,540,480 | -HS- | M] () -- C:\hiberfil.sys

[2015/01/08 19:16:04 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2015/01/08 17:08:04 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2015/01/07 09:03:34 | 001,633,534 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2015/01/07 09:03:34 | 000,705,070 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat

[2015/01/07 09:03:34 | 000,653,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2015/01/07 09:03:34 | 000,146,910 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat

[2015/01/07 09:03:34 | 000,121,398 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2015/01/05 23:14:34 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\12144F96.sys

[2015/01/04 15:28:22 | 000,001,024 | ---- | M] () -- C:\.rnd

[2015/01/02 03:25:54 | 000,002,198 | ---- | M] () -- C:\Users\Cristiano\Desktop\Google Chrome.lnk

[2015/01/02 00:42:43 | 000,000,000 | ---- | M] () -- C:\autoexec.bat

[2015/01/01 17:31:03 | 000,000,705 | ---- | M] () -- C:\Windows\SysNative\InstallUtil.InstallLog

[2014/12/12 08:49:30 | 000,053,016 | ---- | M] () -- C:\Users\Cristiano\Documents\MAFIG 15037.pdf

[2014/12/02 15:38:37 | 000,054,315 | ---- | M] () -- C:\Users\Cristiano\Documents\MAFIG 14913.pdf

[2014/11/30 05:18:50 | 000,002,330 | ---- | M] () -- C:\Users\Cristiano\Desktop\Safe Money.lnk

[2014/11/29 21:40:03 | 000,793,800 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys

[2014/11/29 21:40:03 | 000,141,320 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys

[2014/11/29 20:40:54 | 000,001,202 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security.lnk

[2014/11/23 22:05:29 | 000,001,890 | ---- | M] () -- C:\Users\Cristiano\Desktop\IrfanView Thumbnails.lnk

[2014/11/23 22:05:29 | 000,000,998 | ---- | M] () -- C:\Users\Cristiano\Desktop\IrfanView.lnk

[2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys

[2014/11/21 06:14:12 | 000,093,400 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys

[2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2014/11/19 12:36:44 | 000,002,571 | ---- | M] () -- C:\Users\Cristiano\Desktop\Emissor de Nota Fiscal Eletrônica (NF-e) 2.0.lnk

[2014/11/18 20:00:10 | 000,000,045 | ---- | M] () -- C:\user.js

[2014/11/17 18:35:26 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2014/11/14 16:55:50 | 329,654,372 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2014/11/12 11:21:28 | 000,409,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2014/11/12 10:58:49 | 001,598,152 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2014/11/02 11:35:46 | 000,032,768 | ---- | M] () -- C:\Windows\SysNative\persistent_q.db-shm

[2014/10/28 17:17:41 | 000,001,198 | ---- | M] () -- C:\Users\Cristiano\Desktop\Format Factory.lnk

[1 C:\Users\Cristiano\*.tmp files -> C:\Users\Cristiano\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2015/01/02 00:42:43 | 000,000,000 | ---- | C] () -- C:\autoexec.bat

[2015/01/01 18:01:18 | 000,002,198 | ---- | C] () -- C:\Users\Cristiano\Desktop\Google Chrome.lnk

[2015/01/01 17:31:01 | 000,000,705 | ---- | C] () -- C:\Windows\SysNative\InstallUtil.InstallLog

[2014/12/13 10:59:57 | 000,053,016 | ---- | C] () -- C:\Users\Cristiano\Documents\MAFIG 15037.pdf

[2014/12/12 20:06:39 | 000,001,024 | ---- | C] () -- C:\.rnd

[2014/12/02 16:05:03 | 000,054,315 | ---- | C] () -- C:\Users\Cristiano\Documents\MAFIG 14913.pdf

[2014/11/29 20:27:28 | 000,002,330 | ---- | C] () -- C:\Users\Cristiano\Desktop\Safe Money.lnk

[2014/11/29 20:24:41 | 000,001,202 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security.lnk

[2014/11/23 22:05:29 | 000,001,890 | ---- | C] () -- C:\Users\Cristiano\Desktop\IrfanView Thumbnails.lnk

[2014/11/23 22:05:29 | 000,000,998 | ---- | C] () -- C:\Users\Cristiano\Desktop\IrfanView.lnk

[2014/11/18 19:58:48 | 000,000,045 | ---- | C] () -- C:\user.js

[2014/11/17 18:35:26 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2014/10/28 17:17:41 | 000,001,198 | ---- | C] () -- C:\Users\Cristiano\Desktop\Format Factory.lnk

[2014/08/04 10:10:31 | 000,000,070 | ---- | C] () -- C:\Users\Cristiano\AppData\Roaming\Handles.ini

[2014/04/29 16:03:09 | 001,598,152 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2014/04/29 13:15:16 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe

[2014/04/29 12:46:13 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2013/04/17 17:02:26 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2013/04/17 16:59:38 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin

[2013/04/17 16:59:38 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin

 

========== ZeroAccess Check ==========

 

[2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 23:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 22:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 00:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

[2014/08/06 14:19:54 | 000,000,000 | ---D | M] -- C:\Users\Cristiano\AppData\Roaming\.mono

[2014/11/23 22:05:19 | 000,000,000 | ---D | M] -- C:\Users\Cristiano\AppData\Roaming\IrfanView

[2014/04/29 21:00:31 | 000,000,000 | ---D | M] -- C:\Users\Cristiano\AppData\Roaming\TuneUp Software

[2014/08/06 14:19:44 | 000,000,000 | ---D | M] -- C:\Users\Cristiano\AppData\Roaming\Unity

 

========== Custom Scans ==========

 

< %systemroot%\system32\drivers\*.* /90 >

 

< %systemdrive%\drivers\*.exe >

 

< %SYSTEMDRIVE%\*.* >

[2015/01/04 15:28:22 | 000,001,024 | ---- | M] () -- C:\.rnd

[2015/01/02 00:42:43 | 000,000,000 | ---- | M] () -- C:\autoexec.bat

[2014/04/29 12:56:21 | 000,383,786 | RHS- | M] () -- C:\bootmgr

[2014/04/29 16:43:52 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2015/01/08 20:29:38 | 1515,540,480 | -HS- | M] () -- C:\hiberfil.sys

[2015/01/08 20:29:39 | 2020,720,640 | -HS- | M] () -- C:\pagefile.sys

[2015/01/04 22:02:23 | 000,001,820 | ---- | M] () -- C:\sc-cleaner.txt

[2014/11/18 20:00:10 | 000,000,045 | ---- | M] () -- C:\user.js

[2014/04/29 12:56:29 | 000,206,312 | RHS- | M] () -- C:\XELDZ

[2015/01/04 15:21:57 | 000,015,388 | ---- | M] () -- C:\ZA-Scan.txt

[2015/01/02 21:11:18 | 000,001,701 | ---- | M] () -- C:\zoek-results2015-01-03-001118.log

[2015/01/02 21:12:47 | 000,002,602 | ---- | M] () -- C:\zoek-results2015-01-03-001247.log

[2015/01/02 21:15:51 | 000,015,539 | ---- | M] () -- C:\zoek-results2015-01-03-001551.log

[2015/01/03 21:27:40 | 000,001,949 | ---- | M] () -- C:\zoek-results2015-01-04-002740.log

[2015/01/03 21:30:11 | 000,017,628 | ---- | M] () -- C:\zoek-results2015-01-04-003011.log

 

< %LOCALAPPDATA%\*.exe >

 

< %LOCALAPPDATA%\*.txt >

 

< %LOCALAPPDATA%\*.ini >

 

< %LOCALAPPDATA%\*.dll >

 

< %LOCALAPPDATA%\*.dat >

[2014/11/12 13:54:45 | 000,109,688 | ---- | M] () -- C:\Users\Cristiano\AppData\Local\GDIPFONTCACHEV1.DAT

 

< %USERPROFILE%\*.exe >

 

< %USERPROFILE%\*.txt >

 

< %USERPROFILE%\*.ini >

[2014/04/29 12:12:39 | 000,000,020 | -HS- | M] () -- C:\Users\Cristiano\ntuser.ini

[1 C:\Users\Cristiano\*.tmp files -> C:\Users\Cristiano\*.tmp -> ]

 

< %USERPROFILE%\*.dll >

 

< %USERPROFILE%\*.dat /30 >

[2015/01/08 20:59:33 | 006,815,744 | -HS- | M] () -- C:\Users\Cristiano\ntuser.dat

[1 C:\Users\Cristiano\*.tmp files -> C:\Users\Cristiano\*.tmp -> ]

 

< C:\windows\system32\Tasks\*.* /s >

[2009/07/14 02:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT

[2009/07/14 02:08:49 | 000,032,608 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2014/04/29 13:28:27 | 000,000,902 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

[2014/04/29 13:28:39 | 000,001,066 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

[2014/04/29 13:28:41 | 000,001,070 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

 

< C:\windows\system32\Tasks\*.* /s /64 >

[2014/12/29 10:01:02 | 000,003,886 | ---- | M] () -- C:\Windows\SysNative\Tasks\Adobe Acrobat Update Task

[2014/12/09 23:16:35 | 000,003,840 | ---- | M] () -- C:\Windows\SysNative\Tasks\Adobe Flash Player Updater

[2014/11/17 19:03:28 | 000,003,814 | ---- | M] () -- C:\Windows\SysNative\Tasks\GoogleUpdateTaskMachineCore

[2014/11/17 19:03:29 | 000,004,066 | ---- | M] () -- C:\Windows\SysNative\Tasks\GoogleUpdateTaskMachineUA

[2014/11/20 14:18:23 | 000,003,704 | ---- | M] () -- C:\Windows\SysNative\Tasks\Java Update Scheduler

[2014/04/29 17:54:35 | 000,003,092 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft_Hardware_Launch_ipoint_exe

[2014/04/29 17:54:31 | 000,003,090 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft_Hardware_Launch_itype_exe

[2014/04/29 17:54:38 | 000,003,118 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe

[2014/04/29 17:54:29 | 000,003,062 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe

[2014/04/29 17:54:25 | 000,003,060 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft_MKC_Logon_Task_itype.exe

[2015/01/01 17:36:37 | 000,003,784 | ---- | M] () -- C:\Windows\SysNative\Tasks\PostPoneInstall

[2014/12/16 07:07:45 | 000,003,694 | ---- | M] () -- C:\Windows\SysNative\Tasks\Programa de atualização online Adobe

[2014/04/30 10:49:29 | 000,002,770 | ---- | M] () -- C:\Windows\SysNative\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013

[2015/01/08 19:39:16 | 000,003,974 | ---- | M] () -- C:\Windows\SysNative\Tasks\User_Feed_Synchronization-{4D7C714B-00F8-4BCB-BD68-B102F61E1A92}

[2014/07/22 13:13:42 | 000,003,170 | ---- | M] () -- C:\Windows\SysNative\Tasks\{4EC2ACDE-CC3E-4C76-8833-F410C57E58CA}

[2015/01/02 02:56:28 | 000,003,174 | ---- | M] () -- C:\Windows\SysNative\Tasks\{6F2F0BC5-173A-4E5B-938A-4F28FB984103}

[2015/01/08 20:37:39 | 000,003,856 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows Defender\MP Scheduled Scan

[2009/07/14 01:53:29 | 000,004,472 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)

[2009/07/14 01:53:29 | 000,003,854 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)

[2009/07/14 01:54:39 | 000,002,900 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\AppID\PolicyConverter

[2009/07/14 01:54:39 | 000,003,790 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck

[2009/07/14 01:54:05 | 000,003,458 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Application Experience\AitAgent

[2014/12/10 14:30:03 | 000,003,936 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser

[2014/12/10 14:30:01 | 000,004,252 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater

[2009/07/14 01:49:22 | 000,003,026 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Autochk\Proxy

[2009/07/14 01:57:09 | 000,001,862 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask

[2009/07/14 01:53:22 | 000,004,130 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\SystemTask

[2009/07/14 01:53:22 | 000,003,868 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask

[2009/07/14 02:09:01 | 000,003,134 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam

[2014/04/29 21:06:27 | 000,004,192 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator

[2009/07/14 01:53:33 | 000,003,946 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask

[2009/07/14 01:54:08 | 000,003,598 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip

[2009/07/14 01:57:12 | 000,003,886 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag

[2009/07/14 01:57:07 | 000,004,018 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Diagnosis\Scheduled

[2014/06/22 07:12:59 | 000,003,760 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector

[2014/04/29 11:48:16 | 000,002,538 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver

[2009/07/14 01:57:13 | 000,003,554 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Location\Notifications

[2014/05/21 10:18:53 | 000,004,084 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Maintenance\WinSAT

[2014/04/29 11:48:27 | 000,002,420 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch

[2014/04/29 11:48:25 | 000,002,448 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService

[2015/01/08 13:52:13 | 000,003,650 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks

[2014/04/29 11:48:24 | 000,002,400 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\ehDRMInit

[2014/04/29 11:48:26 | 000,002,546 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\InstallPlayReady

[2014/04/29 11:48:32 | 000,002,790 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\mcupdate

[2015/01/08 10:47:02 | 000,004,078 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled

[2014/04/29 11:48:34 | 000,002,954 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask

[2014/04/29 11:48:33 | 000,002,958 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask

[2014/04/29 11:48:23 | 000,002,380 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\OCURActivate

[2014/04/29 11:48:22 | 000,002,400 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\OCURDiscovery

[2014/04/29 11:48:23 | 000,002,384 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\PBDADiscovery

[2014/04/29 11:48:29 | 000,003,226 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1

[2014/04/29 11:48:30 | 000,003,228 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2

[2014/04/29 11:48:21 | 000,003,822 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry

[2014/04/29 11:48:32 | 000,002,926 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask

[2014/04/29 11:48:34 | 000,002,918 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask

[2014/04/29 11:48:20 | 000,003,078 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\RecordingRestart

[2014/04/29 11:48:25 | 000,002,408 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\RegisterSearch

[2014/04/29 11:48:26 | 000,002,432 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot

[2014/04/29 11:48:33 | 000,002,942 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask

[2015/01/08 10:46:57 | 000,003,418 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\StartRecording

[2014/04/29 11:48:24 | 000,002,736 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath

[2009/07/14 01:53:33 | 000,003,304 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector

[2009/07/14 01:53:33 | 000,003,510 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector

[2014/04/29 11:48:22 | 000,003,576 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\MobilePC\HotStart

[2014/05/22 19:26:19 | 000,003,456 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\MUI\Lpksetup

[2009/07/14 01:54:22 | 000,003,168 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\MUI\LPRemove

[2014/05/23 08:18:20 | 000,003,324 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\MUI\Mcbuilder

[2009/07/14 01:57:07 | 000,002,602 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Multimedia\SystemSoundsService

[2009/07/14 01:54:39 | 000,002,044 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo

[2014/04/29 12:12:01 | 000,004,082 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Offline Files\Background Synchronization

[2014/04/29 11:48:15 | 000,003,058 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Offline Files\Logon Synchronization

[2009/07/14 01:55:03 | 000,002,832 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor

[2009/07/14 01:53:47 | 000,003,752 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem

[2009/07/14 01:57:07 | 000,004,370 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\RAC\RacTask

[2009/07/14 01:49:35 | 000,003,052 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Ras\MobilityManager

[2009/07/14 01:54:36 | 000,003,956 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Registry\RegIdleBackup

[2009/07/14 01:57:09 | 000,004,596 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask

[2009/07/14 01:57:07 | 000,003,616 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Shell\WindowsParentalControls

[2009/07/14 02:09:03 | 000,003,912 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration

[2014/04/29 11:48:17 | 000,003,784 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\SideShow\AutoWake

[2014/04/29 11:48:18 | 000,003,612 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\SideShow\GadgetManager

[2014/04/29 12:12:57 | 000,003,698 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\SideShow\SessionAgent

[2014/04/29 12:13:12 | 000,003,792 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\SideShow\SystemDataProviders

[2009/07/14 01:49:17 | 000,003,942 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask

[2009/07/14 02:01:13 | 000,003,506 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\SystemRestore\SR

[2009/07/14 01:53:50 | 000,002,614 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Task Manager\Interactive

[2009/07/14 01:53:21 | 000,003,950 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1

[2009/07/14 01:53:21 | 000,004,066 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2

[2009/07/14 01:53:46 | 000,002,978 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\TextServicesFramework\MsCtfMonitor

[2009/07/14 01:49:48 | 000,003,388 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime

[2009/07/14 01:49:26 | 000,001,730 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig

[2009/07/14 01:53:37 | 000,003,420 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\User Profile Service\HiveUploadTask

[2009/07/14 01:49:24 | 000,002,682 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\WDI\ResolutionHost

[2014/10/29 11:52:19 | 000,004,364 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask

[2014/10/29 11:52:19 | 000,004,362 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline

[2009/07/14 01:49:16 | 000,003,048 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting

[2009/07/14 01:49:42 | 000,003,290 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange

[2009/07/14 01:57:13 | 000,003,304 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary

[2010/11/20 23:53:42 | 000,004,330 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification

[2009/07/14 02:09:01 | 000,003,532 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader

[2014/04/29 14:16:48 | 000,003,540 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Wininet\CacheTask

[2014/04/29 13:07:00 | 000,004,392 | ---- | M] () -- C:\Windows\SysNative\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask

[2014/04/30 08:12:50 | 000,004,490 | ---- | M] () -- C:\Windows\SysNative\Tasks\WPD\SqmUpload_S-1-5-21-231099840-1885441394-660648490-1000

 

< %windir%\tasks\*.* /s >

[2015/01/08 19:16:04 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2015/01/08 20:29:59 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2015/01/08 17:08:04 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2015/01/08 20:29:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2014/12/25 18:42:12 | 000,032,608 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

 

< %systemroot%\Fonts\*.dll >

 

< %systemroot%\Fonts\*.ini >

[2009/06/10 17:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

 

< %systemroot%\Fonts\*.ini2 >

 

< %systemroot%\Fonts\*.com >

[2009/07/14 02:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont

[2009/07/14 02:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont

[2009/07/14 02:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

[2009/07/14 02:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

 

< %systemroot%\*.scr >

 

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >

"DefaultConnectionSettings" = 46 00 00 00 34 06 00 00 01 00 00 00 00 00 00 00 0B 00 00 00 3C 2D 6C 6F 6F 70 62 61 63 6B 3E 00 00 00 00 00 00 00 00 00 00 00 00 D0 E5 EE 42 CA 63 CF 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 01 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 9D 38 90 D7 1C 1C 3C 1A 44 C5 A4 F1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [binary data over 200 bytes]

"SavedLegacySettings" = 46 00 00 00 79 29 00 00 01 00 00 00 00 00 00 00 0B 00 00 00 3C 2D 6C 6F 6F 70 62 61 63 6B 3E 00 00 00 00 00 00 00 00 00 00 00 00 D0 E5 EE 42 CA 63 CF 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 01 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 9D 38 90 D7 1C 1C 3C 1A 44 C5 A4 F1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [binary data over 200 bytes]

 

< End of report >

 

Extras.Txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

electra,

 

A ferramenta OTL não detectou o Google Chrome, por acaso você o desinstalou?

 

 

Selecione e copie o texto dentro do CODE, clique com o direito sobre a seleção e escolha a opção copiar:

OBS: Certifique-se de copiar começando pela letra e sinal de dois pontos ":O" de OTL.

:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
[2014/11/19 11:10:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Baidu Security

:Commands
[createrestorepoint]
[purity]

Clique com o direito sobre o arquivo OTL.exe, depois clique em execadmin.png.

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).

Clique no botão fixotl.png

O programa executará o script e poderá ser necessário reiniciar o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Que estanho. Estou usando o Chrome agorinha mesmo... será que foi porque esqueci de fechá-lo quando foi verificar ?  :wacko: 
 

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
C:\Users\Public\Documents\Baidu Security\PC Faster\4.0.0.0\Dump folder moved successfully.
C:\Users\Public\Documents\Baidu Security\PC Faster\4.0.0.0 folder moved successfully.
C:\Users\Public\Documents\Baidu Security\PC Faster folder moved successfully.
C:\Users\Public\Documents\Baidu Security\Bav\Dump\5.0.4.87531 folder moved successfully.
C:\Users\Public\Documents\Baidu Security\Bav\Dump folder moved successfully.
C:\Users\Public\Documents\Baidu Security\Bav folder moved successfully.
C:\Users\Public\Documents\Baidu Security folder moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 01092015_210142

Compartilhar este post


Link para o post
Compartilhar em outros sites

electra,

 

A versão do Chrome é a de 64 bits? Se sim, pode ter sido o motivo então.

 

 

Faça o download do ESET Online Scanner e salve na sua área de trabalho.
http://download.eset.com/special/eos/esetsmartinstaller_enu.exe

  • Execute o arquivo esetsmartinstaller_enu.exe.
  • Marque YES, I accept the Terms of Use.
  • Clique em Start. Aguarde até que a ferramenta faça o download dos componentes necessários de instalação.
  • Marque as opções abaixo:
  • Enable detection of potencially unwanted applications.
  • Clique em Advanced settings e marque:
  • Remove found threats
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • Clique em Start para iniciar o download da base de dados do antivírus e a verificação irá iniciar.



Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas dependendo da quantidade de arquivos presentes em seu PC.

Quando o scan terminar, clique em List of found threats e em seguida clique em Export to text file... e salve o arquivo na sua área de trabalho. Cole o conteúdo ou anexe o arquivo em sua próxima resposta.

Obs: Se nada for encontrado, nenhum log será gerado. Clique em Back e por fim em Finish.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Não. Meu Chrome é o de 36 bits.
 

C:\AdwCleaner\Quarantine\C\Program Files\shopperz\bwbk64.dll.vir a variant of Win64/Toolbar.Perion.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\I - Cinema\I - Cinema-bho64.dll.vir a variant of Win64/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir a variant of Win32/ELEX.BH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Cristiano\AppData\Local\BoBrowser\User Data\Default\Cache\f_00003f.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Cristiano\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_0\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Cristiano\AppData\Local\BoBrowser\User Data\Default\Local Extension Settings\ebpeonjdeofpjegbdiibbdjlgfohngee\000003.log.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Cristiano\AppData\Roaming\RHEng\A76886D0B240445D98E251399479B851\Installer.exe.vir a variant of Win32/TrojanDropper.MsiDrop.A trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Cristiano\AppData\Roaming\RHEng\CB53A54F15464B0E937A2A7FC2FB3577\dm317c.exe.vir a variant of Win32/OpenCandy.A potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Cristiano\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir Win32/Systweak.G potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\lsdprn.exe.vir a variant of Win64/Toolbar.Perion.B potentially unwanted application deleted - quarantined
C:\backup\Cristiano\AppData\Local\Temp\ICReinstall_PDFReaderSetup.exe a variant of Win32/InstallCore.BB potentially unwanted application deleted - quarantined
C:\backup\Cristiano\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Codec Pack Packages\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application deleted - quarantined
C:\backup\Cristiano\AppData\Roaming\1H1Q\Media Player Packages\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application deleted - quarantined
C:\backup\Cristiano\AppData\Roaming\systweak\ssd\SSDPTstub.exe Win32/Systweak.G potentially unwanted application deleted - quarantined
C:\backup\Cristiano\Desktop\BACKUP CRISTIANO -31617\Ticiana\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.36.zip a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\backup\Cristiano\Desktop\BACKUP CRISTIANO -31617\Ticiana\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\backup\Cristiano\Desktop\BACKUP CRISTIANO -31617\Ticiana\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\backup\Cristiano\Desktop\BACKUP CRISTIANO -31617\Ticiana\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk a variant of Android/Mobserv.A potentially unwanted application deleted - quarantined
C:\backup\Cristiano\Desktop\BACKUP CRISTIANO -31617\Ticiana\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\backup\Cristiano\Desktop\BACKUP CRISTIANO -31617\Ticiana\Desktop\PDFReaderSetup.exe a variant of Win32/InstallCore.BB potentially unwanted application deleted - quarantined
C:\backup\Cristiano\Desktop\BACKUP CRISTIANO -31617\Ticiana\Documents\Cristiano\PDFReaderSetup.exe a variant of Win32/InstallCore.AT potentially unwanted application deleted - quarantined
C:\backup\Cristiano\Desktop\BACKUP CRISTIANO -31617\Ticiana\Documents\Cristiano\VDownloaderInstallerICW.exe Win32/Somoto.A potentially unwanted application deleted - quarantined
C:\backup\Cristiano\Desktop\BACKUP CRISTIANO -31617\Ticiana\Downloads\everest-ultimate-edition-550-32-bits.exe a variant of Win32/InstallCore.BY potentially unwanted application deleted - quarantined
C:\backup\Cristiano\Desktop\BACKUP CRISTIANO -31617\Ticiana\Downloads\FLVPlayerSetup-bGdrL9j.exe Win32/Somoto.A potentially unwanted application deleted - quarantined
C:\backup\Cristiano\Desktop\BACKUP CRISTIANO -31617\WinRAR\Keygen\keygen.exe a variant of Win32/Keygen.AI potentially unsafe application deleted - quarantined
C:\backup\Cristiano\Documents\Cristiano\PDFReaderSetup.exe a variant of Win32/InstallCore.AT potentially unwanted application deleted - quarantined
C:\backup\Cristiano\Documents\Cristiano\VDownloaderInstallerICW.exe Win32/Somoto.A potentially unwanted application deleted - quarantined
C:\backup\Cristiano\Downloads\flashplayer.exe a variant of Win32/InstallCore.IO potentially unwanted application deleted - quarantined
C:\backup\Cristiano\Downloads\FreeMp3WmaConverterSetup-r0-n-bc.exe a variant of Win32/KoyoteLab.A potentially unwanted application deleted - quarantined
C:\backup\Cristiano\Downloads\Matemática Básica Para Concursos - Apostilas.exe a variant of Win32/4Shared.V potentially unwanted application deleted - quarantined
C:\backup\Cristiano\Downloads\MediaPlayerSetup.exe a variant of Win32/InstallCore.BY potentially unwanted application deleted - quarantined
C:\backup\Cristiano\Downloads\PdfCreatorSetup.exe a variant of Win32/InstallCore.JW potentially unwanted application deleted - quarantined
C:\backup\Cristiano\Downloads\PhotoScape_V3.6.5.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
C:\backup\Cristiano\Downloads\SoftonicDownloader_para_realtek-hd-audio-drivers.exe a variant of Win32/SoftonicDownloader.F potentially unwanted application deleted - quarantined
C:\backup\Cristiano\Downloads\SoftonicDownloader_para_tuneup-utilities.exe a variant of Win32/SoftonicDownloader.F potentially unwanted application deleted - quarantined
C:\backup\Cristiano\Downloads\UltimateCodec.exe a variant of Win32/InstallCore.NC potentially unwanted application deleted - quarantined
C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\Ask\AskPIP_FF_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined
C:\Users\Cristiano\AppData\Local\Temp\n1223\ContentExplorerInstaller.exe a variant of MSIL/Adware.iBryte.H application cleaned by deleting - quarantined
C:\Users\Cristiano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\726f92d7-51b92582 a variant of Java/JShrink.A potentially unsafe application deleted - quarantined
C:\Users\Cristiano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\726f92d7-539e6111-2.4.0.1- a variant of Java/JShrink.A potentially unsafe application deleted - quarantined
C:\Users\Cristiano\Desktop\BACKUP CRISTIANO -31617\Ticiana\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.36.zip a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\Users\Cristiano\Desktop\BACKUP CRISTIANO -31617\Ticiana\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\Users\Cristiano\Desktop\BACKUP CRISTIANO -31617\Ticiana\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\Users\Cristiano\Desktop\BACKUP CRISTIANO -31617\Ticiana\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk a variant of Android/Mobserv.A potentially unwanted application deleted - quarantined
C:\Users\Cristiano\Desktop\BACKUP CRISTIANO -31617\Ticiana\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\Users\Cristiano\Desktop\BACKUP CRISTIANO -31617\Ticiana\Desktop\PDFReaderSetup.exe a variant of Win32/InstallCore.BB potentially unwanted application deleted - quarantined
C:\Users\Cristiano\Desktop\BACKUP CRISTIANO -31617\Ticiana\Documents\Cristiano\PDFReaderSetup.exe a variant of Win32/InstallCore.AT potentially unwanted application deleted - quarantined
C:\Users\Cristiano\Desktop\BACKUP CRISTIANO -31617\Ticiana\Documents\Cristiano\VDownloaderInstallerICW.exe Win32/Somoto.A potentially unwanted application deleted - quarantined
C:\Users\Cristiano\Desktop\BACKUP CRISTIANO -31617\WinRAR\Keygen\keygen.exe a variant of Win32/Keygen.AI potentially unsafe application deleted - quarantined
C:\Users\Cristiano\Documents\Cristiano\PDFReaderSetup.exe a variant of Win32/InstallCore.AT potentially unwanted application deleted - quarantined
C:\Users\Cristiano\Documents\Cristiano\VDownloaderInstallerICW.exe Win32/Somoto.A potentially unwanted application deleted - quarantined
C:\Users\Cristiano\Downloads\FFSetup3.3.5.0.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined
C:\Users\Cristiano\Downloads\nfe.rar Win32/TrojanDownloader.Banload.UVO trojan deleted - quarantined
C:\Users\Cristiano\Downloads\setup (2).exe a variant of Win32/AdGazelle.B potentially unwanted application deleted - quarantined
C:\Users\Cristiano\Downloads\Ativador W7\w7lxe.exe Win32/HackTool.WinActivator.J potentially unsafe application deleted - quarantined

Compartilhar este post


Link para o post
Compartilhar em outros sites

esse negócio do certificado da página estar desatualizado não tem nada a ver não ?

Compartilhar este post


Link para o post
Compartilhar em outros sites

electra,

 

Confira se a data e hora estão corretas.

 

 

Baixe o RogueKiller e salve no desktop. e salve no desktop.
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Execute o arquivo RogueKiller.exe.

*** Usuários do Windows Vista ou Windows 7/8.1 clique com o direito sobre o arquivo RogueKiller.exe, depois clique em execadmin.png.

Clique em Aceitar para aceitar o contrato e iniciar a ferramenta

Clique no botâo Verificar e aguarde o exame finalizar.

Clique no botão Report. Abrirá um bloco de notas com informações.

Este log é salvo no desktop com o nome de RKreport[1].txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Hora e data ok.

RogueKiller V10.1.2.0 [Jan  7 2015] por Adlice Software
 
Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniciou : Modo normal
Usuário : Cristiano [Administrador]
Modo : Escanear -- Data : 01/11/2015  19:05:51
 
¤¤¤ Processos : 0 ¤¤¤
 
¤¤¤ Registro : 8 ¤¤¤
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-231099840-1885441394-660648490-1000\Software\Microsoft\Internet Explorer\Main | Search Page : https://br.search.yahoo.com/yhs/search?hspart=nzn&hsimp=yhs-nzn_test&p={searchTerms}  -> Encontrado
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-231099840-1885441394-660648490-1000\Software\Microsoft\Internet Explorer\Main | Search Page : https://br.search.yahoo.com/yhs/search?hspart=nzn&hsimp=yhs-nzn_test&p={searchTerms}  -> Encontrado
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-231099840-1885441394-660648490-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Encontrado
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-231099840-1885441394-660648490-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Encontrado
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Encontrado
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Encontrado
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Encontrado
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Encontrado
 
¤¤¤ Tarefas : 1 ¤¤¤
[suspicious.Path] \\PostPoneInstall -- C:\Users\CRISTI~1\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe (C:\Users\CRISTI~1\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe /INSTALL /dwlurl=http://dl.newonlinedatastack.com/appsi/icinem/setup.exe /zdata=appinstanceuid%3df67aa39e-8968-4955-8fee-d999a4479a18%26appkey%3d3c91fcc2-ce59-42b3-b901-f68079520898  /bagkey=CxhHRxZP /configid=7 /configurationfields=117) -> Encontrado
 
¤¤¤ Arquivos : 0 ¤¤¤
 
¤¤¤ Arquivos de hosts : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 validation.sls.microsoft.com
 
¤¤¤ Antirootkit : 0 (Driver: Não carregado [0xc000036b]) ¤¤¤
 
¤¤¤ Navegadores : 0 ¤¤¤
 
¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1ER162 ATA Device +++++
--- User ---
[MBR] 4655f11274f63f4b2be6f930191f616d
[bSP] 26e175e9dbe8d487e315a61cdcd42d97 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 8032 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 16450560 | Size: 945834 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] O dispositivo não está pronto. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Não há suporte para o pedido. )
 
+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] O dispositivo não está pronto. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Não há suporte para o pedido. )
 
+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] O dispositivo não está pronto. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Não há suporte para o pedido. )
 
+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] O dispositivo não está pronto. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Não há suporte para o pedido. )
 
+++++ PhysicalDrive5: SKYMEDI USB Drive USB Device +++++
--- User ---
[MBR] 435966f66e5aaa979059df89d0b28e26
[bSP] ec038f3ca5091360f60d743d6f1c7fdb : Legit.Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x6) [VISIBLE] Offset (sectors): 3552 | Size: 1888 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Não há suporte para o pedido. )

Compartilhar este post


Link para o post
Compartilhar em outros sites

electra,

 

Execute o arquivo RogueKiller.exe.

*** Usuários do Windows Vista ou Windows 7/8.1 clique com o direito sobre o arquivo RogueKiller.exe, depois clique em execadmin.png.

Clique no botâo Verificar e aguarde o exame finalizar.

Clique na guia Registro e marque somente as entradas abaixo:

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-231099840-1885441394-660648490-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Encontrado
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-231099840-1885441394-660648490-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Encontrado

 

Clique na guia Tarefas e marque somente a entradas abaixo:

 

[suspicious.Path] \\PostPoneInstall -- C:\Users\CRISTI~1\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe (C:\Users\CRISTI~1\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe /INSTALL /dwlurl=http://dl.newonlined...cinem/setup.exe /zdata=appinstanceuid%3df67aa39e-8968-4955-8fee-d999a4479a18%26appkey%3d3c91fcc2-ce59-42b3-b901-f68079520898  /bagkey=CxhHRxZP /configid=7 /configurationfields=117) -> Encontrado

 

Clique no botão Deletar. Aguarde o processo finalizar.
Clique no botão Report. Abrirá um bloco de notas com informações.
Este log é salvo no desktop com o nome  de RKreport[2].txt.
Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
RogueKiller V10.1.2.0 [Jan  7 2015] por Adlice Software





 

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Iniciou : Modo normal

Usuário : Cristiano [Administrador]

Modo : Deletar -- Data : 01/14/2015  06:44:45

 

¤¤¤ Processos : 0 ¤¤¤

 

¤¤¤ Registro : 8 ¤¤¤

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-231099840-1885441394-660648490-1000\Software\Microsoft\Internet Explorer\Main | Search Page : https://br.search.yahoo.com/yhs/search?hspart=nzn&hsimp=yhs-nzn_test&p={searchTerms}  -> Não selecionado

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-231099840-1885441394-660648490-1000\Software\Microsoft\Internet Explorer\Main | Search Page : https://br.search.yahoo.com/yhs/search?hspart=nzn&hsimp=yhs-nzn_test&p={searchTerms}  -> Não selecionado

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-231099840-1885441394-660648490-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Substituído (1)

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-231099840-1885441394-660648490-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Substituído (1)

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Não selecionado

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Não selecionado

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Não selecionado

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Não selecionado

 

¤¤¤ Tarefas : 1 ¤¤¤

[suspicious.Path] \\PostPoneInstall -- C:\Users\CRISTI~1\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe (C:\Users\CRISTI~1\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe /INSTALL /dwlurl=http://dl.newonlinedatastack.com/appsi/icinem/setup.exe /zdata=appinstanceuid%3df67aa39e-8968-4955-8fee-d999a4479a18%26appkey%3d3c91fcc2-ce59-42b3-b901-f68079520898  /bagkey=CxhHRxZP /configid=7 /configurationfields=117) -> Deletado

 

¤¤¤ Arquivos : 0 ¤¤¤

 

¤¤¤ Arquivos de hosts : 1 ¤¤¤

[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 validation.sls.microsoft.com

 

¤¤¤ Antirootkit : 0 (Driver: Não carregado [0xc000036b]) ¤¤¤

 

¤¤¤ Navegadores : 0 ¤¤¤

 

¤¤¤ Verificação da MBR : ¤¤¤

+++++ PhysicalDrive0: ST1000DM003-1ER162 ATA Device +++++

--- User ---

[MBR] 4655f11274f63f4b2be6f930191f616d

[bSP] 26e175e9dbe8d487e315a61cdcd42d97 : Windows Vista/7/8 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 8032 MB

1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 16450560 | Size: 945834 MB

User = LL1 ... OK

User = LL2 ... OK

 

+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++

Error reading User MBR! ([15] O dispositivo não está pronto. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] Não há suporte para o pedido. )

 

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++

Error reading User MBR! ([15] O dispositivo não está pronto. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] Não há suporte para o pedido. )

 

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++

Error reading User MBR! ([15] O dispositivo não está pronto. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] Não há suporte para o pedido. )

 

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++

Error reading User MBR! ([15] O dispositivo não está pronto. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] Não há suporte para o pedido. )

 

 

============================================

RKreport_SCN_01112015_190551.log - RKreport_SCN_01142015_064308.log

Compartilhar este post


Link para o post
Compartilhar em outros sites

electra,

 

Ainda há algum problema com o PC? Caso não, siga os passos abaixo para encerrar o tópico.

Para finalizar:


    Baixe o Delfix e salve na sua área de trabalho.
    https://toolslib.net/downloads/viewdownload/2-delfix/

    Dê dois cliques no arquivo delfix.exe para executá-lo. Marque as caixas conforme imagem abaixo.

    *** Usuários do Windows Vista ou Windows 7/8.1 clique com o direito sobre o arquivo adwcleaner.exe, depois clique em execadmin.png.

    delfix_zpse6269570.png

    Clique no botão Executar.

    Ao final será gerado um log, mas não é necessário postar.
  1. iconjava.png Atualize o Java. Versões antigas têm vulnerabilidades que alguns malwares podem usar para infectar seu sistema.
    • Faça download da última versão do Java SE 8u25.
    • Clique em JRE
    • Marque a caixa Accept License Agreement..
    • Clique no link para download Windows x86 Offline 28,35 MB jre-8u25-windows-i586.exe e salve no seu desktop.
    • Feche qualquer programa que esteja executando, especialmente navegadores.
    • Vá em Iniciar > Painel de Controle duplo clique em Adicionar ou Remover Programas e remova todas as versões antigas do Java.
      Exemplos de versões antigas
      Java 2 Runtime Environment, SE v1.4.2
      J2SE Runtime Environment 5.0
      J2SE Runtime Environment 5.0 Update 6
    • Selecione qualquer item com nome Java Runtime Environment (JRE ou J2SE).
    • Clique no botão Remover ou Alterar/Remover.
    • Repita quantas vezes for necessária para remover cada versão do Java.
    • Reincie seu computador uma vez que todas as versões do Java tenham sido removidas.
    • Agora vá no seu desktop, clique duas vezes em jre-8u25-windows-i586.exe para instalar a mais nova versão.
    • ATENÇÃO: Se solicitado, desmarque a caixa de instalação da ASK Toolbar.


[*]iconadobe.png  Desinstale o Adobe Reader. Versões antigas têm vulnerabilidades que são exploradas por malwares.

Instale o Sumatra PDF, leitor de PDFs simples e eficiente.
https://kjkpub.s3.amazonaws.com/sumatrapdf/rel/SumatraPDF-3.0-install.exe

[*]iconflash.png Mantenha o Flash Player atualizado. Versões antigas também têm vulnerabilidades que são exploradas por malwares. Clique nos dois links abaixo, baixe e instale as versões mais atuais:
http://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe (Internet Explorer)
http://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe (Outros navegadores)

[*]worm.png Worms USB (vírus de pendrive) podem infectar qualquer tipo de dispositivo de armazenamento removível (pendrives, mp3, mp4, celulares, cartões de memória, câmeras fotográficas). Este tipo de malware explora um recurso nativo do Windows chamado Autorun, ou Autoplay (é aquele assistente que aparece quando você insere um CD ou pendrive, perguntando com qual programa você deseja abri-lo). O Autoplay precisa de um arquivo chamado autorun.inf para funcionar.

Mantenha um cópia limpa e protegida do arquivo autorun.inf em todos os dispositivos removíveis e em todas as unidades do sistema. Deste modo, se acaso você plugar o seu pendrive em algum pc infectado, o malware não vai conseguir sobrescrever o arquivo pré-existente. Mas ainda assim ele poderá copiar seus executáveis maliciosos para o pendrive, tais como .EXE, .SCR, .CMD, .PIF, .BAT, .COM.
Se você plugar este pendrive em uma máquina limpa e executar algum desses arquivos maliciosos, esse sistema será infectado da mesma forma. Portanto, tenha cuidado e use o bom senso.

Faça o download da Panda USB Vaccine e salve-a na sua área de trabalho.
http://research.pandasecurity.com/panda-usb-and-autorun-vaccine/
Execute a sua instalação.
Após concluído o programa abrirá, clique em Vaccinate USB.

[*]TFC_icon.pngPara manutenção de sistema, remoção de arquivos temporários e inválidos, baixe TFC, by OldTimer.

Feche TODOS os programas e execute o TFC. Clique no botão Start e aguarde. Sua área de trabalho irá desaparecer, não se preocupe, isso faz parte do processo.
Tenha paciência, conforme a quantidade de dados a serem excluídos, o processo pode demorar mais de 2 minutos.
Quando terminar, você será solicitado a reiniciar seu computador.
Caso não lhe seja solicitado, reinicie manualmente.

[*]iconwu.pngVisite o Windows Update regularmente e verifique por atualizações.
Novas brechas de segurança são descobertas com frequência. Muitos malwares exploram essas brechas, infectando sistemas sem depender de nenhuma ação do usuário. A Microsoft corrige essas brechas através das atualizações.
Por isso é fundamental manter o seu sistema atualizado.

[*]Você utiliza o serviço de Conexão remota? Caso não então desabilite-o por questões de segurança. Clique em Iniciar -> Painel de Controle -> Sistema -> Configurações avançadas do sistema -> guia Remoto -> desmarque a caixa 'Permitir conexões de Assistência Remota para este computador.' e marque 'Não permitir conexões com este computador.' -> clique em Ok.

rdp_zps9c641882.png

[*]Aprenda alguns cuidados e dicas para manter seu computador limpo. Leia o artigo Proteja seu pc:
http://linhadefensiva.org/artigos/proteja-seu-pc/

[*]É recomendado que mude todas as suas senhas por precaução.

[*]Se não há mais nenhum problema relacionado a malwares, clique no botão denunld.png e peça para fecharem seu tópico.



Se você tiver alguma dúvida relacionada a informática e tecnologia, sinta-se à vontade para postar em qualquer área do fórum Linha Defensiva.

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO


Caso queira solicitar a reabertura do tópico, utilize o botão Denunciar para entrar em contato com a moderação.

Nota: Somente o autor pode realizar essa solicitação na área Remoção de Malware.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.

  • Quem Está Navegando   0 membros estão online

    Nenhum usuário registrado visualizando esta página.