Ir para o conteúdo

Publicidade

 Estatísticas do Fórum

  • 0 Usuários ativos

    0 membro(s), 0 visitante(s) e 0 membros anônimo(s)

Foto:

[Resolvido]  Análise de log

  • Por favor, faça o login para responder
12 respostas neste tópico

#1 leandro aislan

leandro aislan
  • Membros
  • 137 posts

Postado 17 outubro 2011 - 10:16

Bom dia, estou tendo problemas em acesar a pagina do banco, por isso gostaria que analizassem meu log.
No aguardo
Obrigado

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:14:16, on 17/10/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files (x86)\common files\installshield\updateservice\isuspm.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Asafer\AppData\Local\Temp\Temporary Internet Files\Content.IE5\XVJ4WSDC\HijackThis.exe
C:\Users\Asafer\AppData\Local\Temp\Temporary Internet Files\Content.IE5\W4LQJXNU\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/3
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~2\GbPlugin\gbiehuni.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] "c:\Program Files (x86)\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking...GbPluginUni.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~2\GbPlugin\gbiehUni.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12948 bytes
  • 0

#2 wings

wings
  • Masters
  • 3.592 posts

Postado 17 outubro 2011 - 13:54

Olá leandro aislan

Explique melhor...

Qual a dificuldade?
Qual o banco?
Qual o seu navegador?
  • 0

#3 leandro aislan

leandro aislan
  • Membros
  • 137 posts

Postado 17 outubro 2011 - 14:03

Opa beleza, então
Não sei não consigo entrar, quando liguei no suporte tecnico falaram que poderia ser virus apenas....
Banco do brasil,

Quando entro com minha senha e login dá que os dados não conferem.
Internet Explorer 9
Por isso gostaria de uma a~´alise em meu log.
Obrigado.
  • 0

#4 wings

wings
  • Masters
  • 3.592 posts

Postado 17 outubro 2011 - 14:10

1.
*Baixe o Bankerfix e salve-o no desktop
*Execute-o, clique [OK] > [SIM] (se pedir alguma atualização) > [OK] > [ENTER]
*Ao finalizar, tecle [ENTER]
*Cole o relatório C:\LinhaDefensiva\relatorio.txt

2.
*Abra o Malwarebytes, clique [Atualização] > [Baixar Atualizações]
*Na aba [Verificação], selecione Verificação completa
*Clique [Verificar] e selecione a partição onde o Windows está instalado
*Ao finalizar o scan, clique [SIM] > [OK] > [Ver Resultados] > [Remover Selecionados]
*Cole o relatório apresentado
  • 0

#5 leandro aislan

leandro aislan
  • Membros
  • 137 posts

Postado 17 outubro 2011 - 15:17

Conforme solicitado segue....


BankerFix 3.1 VALKYRIE - Removedor de Bankers
Linha Defensiva | http://www.linhadefensiva.org
http://www.linhadefe....org/bankerfix/
-------------------------------------------------------
Data: 2011-10-17 - 15:12
-------------------------------------------------------
Lista de Definição: 2011-08-28-1 | CORE: 2010-12-28-6
=======================================================


----- Fim -------------------------


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Versão da Base de Dados: 7944

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

17/10/2011 16:03:58
mbam-log-2011-10-17 (16-03-58).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objetos escaneados: 364789
Tempo decorrido: 48 minuto(s), 33 segundo(s)

Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 0
Valores de Registro Infectados: 0
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 0
Arquivos Infectados: 0

Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:
(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:
(Não foram detectados ítens maliciosos)

Pastas Infectadas:
(Não foram detectados ítens maliciosos)

Arquivos Infectados:
(Não foram detectados ítens maliciosos)
  • 0

#6 wings

wings
  • Masters
  • 3.592 posts

Postado 17 outubro 2011 - 15:33

1.
*Delete o Bankerfix e a pasta C:\LinhaDefensiva

2.
*Baixe o OTS e salve-o no desktop
*Execute-o e selecione as opções:

Scan All Users
Company Name
Skip Microsoft


*Em Additional Scans selecione:

Reg - NetSvcs
File - Lop Check
File - Purity Scan


*Selecione, copie, e cole o código no espaço abaixo de Custom Scans:

%ALLUSERSPROFILE%\Menu Iniciar\Programas\Inicializar\*.*
%APPDATA%\*
%APPDATA%\*.*
%APPDATA%\Update\*.*
%CommonAppData%\*.*
%LOCALAPPDATA%\*.*
%PROGRAMFILES(X86)%\Internet Explorer\*.*
%SYSTEMDRIVE%\*
%SYSTEMDRIVE%\*.*
%USERPROFILE%\*.*
CREATERESTOREPOINT

*Clique [Run Scan]
*Cole o relatório apresentado

Caso o relatório fique demasiadamente grande...

*Acesse este link
*Selecione 4 jours
*Clique [Enviar arquivo]
*Localize o arquivo OTS.txt no desktop
*Clique [Abrir] > [Créer le lien Cjoint]
*Cole o endereço criado
  • 0

#7 leandro aislan

leandro aislan
  • Membros
  • 137 posts

Postado 17 outubro 2011 - 15:46


OTS logfile created on: 17/10/2011 16:39:54 - Run 1

OTS by OldTimer - Version 3.1.46.0     Folder = C:\Users\Asafer\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

 

4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 28,00% Memory free

7,00 Gb Paging File | 4,00 Gb Available in Paging File | 57,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 921,62 Gb Total Space | 873,19 Gb Free Space | 94,75% Space Free | Partition Type: NTFS

Drive D: | 9,80 Gb Total Space | 1,19 Gb Free Space | 12,14% Space Free | Partition Type: NTFS

Drive E: | 625,07 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ASAFER-HP

Current User Name: Asafer

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 30 Days

 

[Processes - Safe List]

hasplms.exe ->  -> File not found

ots.exe -> C:\Users\Asafer\Downloads\OTS.exe -> [2011/10/17 16:36:29 | 000,646,144 | ---- | M] (OldTimer Tools)

flashutil10x_activex.exe -> C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_ActiveX.exe -> [2011/10/03 08:53:18 | 000,243,360 | ---- | M] (Adobe Systems, Inc.)

mbamgui.exe -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe -> [2011/08/31 18:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation)

mbamservice.exe -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -> [2011/08/31 18:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation)

teamviewer_service.exe -> C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -> [2011/08/30 14:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH)

plusservice.exe -> C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe -> [2011/08/14 11:27:01 | 000,800,768 | ---- | M] (Yuna Software)

gbpsv.exe -> C:\PROGRA~2\GbPlugin\GbpSv.exe -> [2011/08/08 12:23:18 | 000,208,672 | ---- | M] ( )

ccsvchst.exe -> C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe -> [2011/08/04 02:18:43 | 000,126,400 | R--- | M] (Symantec Corporation)

hpdrvmntsvc.exe -> C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -> [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company)

smartmenu.exe -> C:\Arquivos de Programas\Hewlett-Packard\HP MediaSmart\SmartMenu.exe -> [2010/01/18 11:21:08 | 000,568,888 | ---- | M] ()

iastordatamgrsvc.exe -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -> [2010/01/15 13:41:30 | 000,013,336 | ---- | M] (Intel Corporation)

iastoricon.exe -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe -> [2010/01/15 13:41:28 | 000,284,696 | ---- | M] (Intel Corporation)

hpsysdrv.exe -> C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe -> [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard)

agent.exe -> C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe -> [2005/08/11 17:30:30 | 000,618,496 | ---- | M] (Macrovision Corporation)

 

[Modules - No Company Name]

system.runtime.remoting.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll -> [2011/10/14 08:56:51 | 000,771,584 | ---- | M] ()

system.windows.forms.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll -> [2011/10/14 08:56:32 | 012,433,408 | ---- | M] ()

system.drawing.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll -> [2011/10/14 08:56:27 | 001,587,200 | ---- | M] ()

windowsbase.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll -> [2011/10/14 08:56:18 | 003,347,968 | ---- | M] ()

system.xml.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll -> [2011/10/14 08:56:14 | 005,453,312 | ---- | M] ()

system.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll -> [2011/10/14 08:56:11 | 007,963,648 | ---- | M] ()

system.configuration.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll -> [2011/10/14 08:56:11 | 000,971,264 | ---- | M] ()

mscorlib.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll -> [2011/10/14 08:56:07 | 011,490,304 | ---- | M] ()

detour32.dll -> C:\Program Files (x86)\Yuna Software\Messenger Plus!\Detour32.dll -> [2011/08/09 11:57:46 | 000,004,096 | ---- | M] ()

office.odf -> C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf -> [2011/03/17 01:11:16 | 004,297,568 | ---- | M] ()

lame_enc.dll -> C:\Program Files (x86)\Yuna Software\Messenger Plus!\lame_enc.dll -> [2011/03/02 12:11:33 | 000,390,656 | ---- | M] ()

libsndfile.dll -> C:\Program Files (x86)\Yuna Software\Messenger Plus!\libsndfile.dll -> [2011/03/02 12:11:22 | 000,370,688 | ---- | M] ()

mscorlib.resources.dll -> C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll -> [2010/11/12 22:33:11 | 000,303,104 | ---- | M] ()

smartmenu.exe -> C:\Arquivos de Programas\Hewlett-Packard\HP MediaSmart\SmartMenu.exe -> [2010/01/18 11:21:08 | 000,568,888 | ---- | M] ()

 

[Win32 Services - Safe List]

64bit-(FLEXnet Licensing Service 64)  [On_Demand | Running] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -> [2011/09/01 09:35:56 | 001,436,424 | ---- | M] (Acresso Software Inc.)

64bit-(hasplms)  [Auto | Running] -> C:\Windows\SysNative\hasplms.exe -> [2010/09/27 17:42:04 | 004,180,576 | ---- | M] (SafeNet Inc.)

(MBAMService) MBAMService [Auto | Running] -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -> [2011/08/31 18:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation)

(KMService) KMService [Auto | Stopped] -> C:\Windows\SysWOW64\srvany.exe -> [2011/08/31 10:57:53 | 000,008,192 | ---- | M] ()

(TeamViewer6) TeamViewer 6 [Auto | Running] -> C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -> [2011/08/30 14:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH)

(GbpSv) Gbp Service [Unknown | Running] -> C:\PROGRA~2\GbPlugin\GbpSv.exe -> [2011/08/08 12:23:18 | 000,208,672 | ---- | M] ( )

(NIS) Norton Internet Security [Unknown | Running] -> C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe -> [2011/08/04 02:18:43 | 000,126,400 | R--- | M] (Symantec Corporation)

(HP Support Assistant Service) HP Support Assistant Service [Auto | Running] -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -> [2011/06/21 16:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company)

(HPDrvMntSvc.exe) HP Quick Synchronization Service [Auto | Running] -> C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -> [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company)

(HPSLPSVC) HP Network Devices Support [Auto | Running] -> C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -> [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.)

(clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)

(IAStorDataMgrSvc) Intel(R) Rapid Storage Technology [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -> [2010/01/15 13:41:30 | 000,013,336 | ---- | M] (Intel Corporation)

(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 19:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation)

 

[Driver Services - Safe List]

64bit-(MBAMProtector) MBAMProtector [File_System | On_Demand | Running] -> C:\Windows\SysNative\drivers\mbam.sys -> [2011/08/31 18:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation)

64bit-(SymEvent) SymEvent [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -> [2011/08/31 11:10:47 | 000,173,104 | ---- | M] (Symantec Corporation)

64bit-(SYMTDIv) Symantec Vista Network Dispatch Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NISx64\1109000.00C\symtdiv.sys -> [2011/08/22 00:53:36 | 000,451,704 | ---- | M] (Symantec Corporation)

64bit-(SymEFA) Symantec Extended File Attributes [File_System | Boot | Running] -> C:\Windows\SysNative\drivers\NISx64\1109000.00C\symefa64.sys -> [2011/08/22 00:53:35 | 000,221,304 | ---- | M] (Symantec Corporation)

64bit-(ccHP) Symantec Hash Provider [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NISx64\1109000.00C\cchpx64.sys -> [2011/08/04 02:19:26 | 000,593,544 | ---- | M] (Symantec Corporation)

64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2011/03/11 04:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices)

64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2011/03/11 04:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices)

64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2010/11/20 11:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company)

64bit-(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbFlt.sys -> [2010/11/20 09:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation)

64bit-(akshasp) SafeNet Inc. HASP Key [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\akshasp.sys -> [2010/09/27 17:42:04 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.)

64bit-(aksusb) SafeNet Inc. USB Key [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\aksusb.sys -> [2010/09/27 17:42:00 | 000,025,344 | ---- | M] (Aladdin Knowledge Systems Ltd.)

64bit-(akshhl) SafeNet Inc. Sentinel HASP Key [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\akshhl.sys -> [2010/09/27 17:41:58 | 000,056,960 | ---- | M] (Aladdin Knowledge Systems Ltd.)

64bit-(SymIM) Symantec Network Security Intermediate Filter Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\SymIMV.sys -> [2010/05/06 02:01:44 | 000,053,808 | R--- | M] (Symantec Corporation)

64bit-(SymIRON) Symantec Iron Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NISx64\1109000.00C\ironx64.sys -> [2010/04/29 03:03:51 | 000,150,064 | ---- | M] (Symantec Corporation)

64bit-(SRTSP) Symantec Real Time Storage Protection x64 [File_System | On_Demand | Running] -> C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtsp64.sys -> [2010/04/22 00:29:51 | 000,505,392 | ---- | M] (Symantec Corporation)

64bit-(SRTSPX) Symantec Real Time Storage Protection (PEL) x64 [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtspx64.sys -> [2010/04/22 00:29:51 | 000,032,304 | ---- | M] (Symantec Corporation)

64bit-(RTL8167) Realtek 8167 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Rt64win7.sys -> [2010/03/04 12:43:00 | 000,346,144 | ---- | M] (Realtek                                            )

64bit-(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iaStor.sys -> [2010/01/15 18:22:08 | 000,538,136 | ---- | M] (Intel Corporation)

64bit-(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\igdkmd64.sys -> [2010/01/08 02:32:22 | 007,841,568 | ---- | M] (Intel Corporation)

64bit-(Impcd) Impcd [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\Impcd.sys -> [2009/10/26 02:39:42 | 000,151,936 | ---- | M] (Intel Corporation)

64bit-(HECIx64) Intel(R) Management Engine Interface [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\HECIx64.sys -> [2009/09/17 18:54:54 | 000,056,344 | ---- | M] (Intel Corporation)

64bit-(SymDS) Symantec Data Store [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\NISx64\1109000.00C\symds64.sys -> [2009/08/29 22:17:18 | 000,433,200 | R--- | M] (Symantec Corporation)

64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 23:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)

64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 23:48:04 | 000,065,600 | ---- | M] (LSI Corporation)

64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 23:45:55 | 000,024,656 | ---- | M] (Promise Technology)

64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 18:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)

64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 18:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)

64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 18:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)

64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 18:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)

64bit-(hardlock) hardlock [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\hardlock.sys -> [2007/08/06 15:32:42 | 000,314,880 | ---- | M] (Aladdin Knowledge Systems Ltd.)

64bit-(aksdf) aksdf [Kernel | Auto | Stopped] -> C:\Windows\SysNative\drivers\aksdf.sys -> [2007/08/06 15:32:42 | 000,066,432 | ---- | M] (Aladdin Knowledge Systems Ltd.)

64bit-(aksfridge) Sentinel HASP Fridge [Kernel | Auto | Stopped] -> C:\Windows\SysNative\drivers\aksfridge.sys -> [2007/05/28 10:05:04 | 000,121,088 | ---- | M] (Aladdin Knowledge Systems Ltd.)

(BHDrvx64) BHDrvx64 [Kernel | System | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110929.001\BHDrvx64.sys -> [2011/09/29 19:35:09 | 001,152,632 | ---- | M] (Symantec Corporation)

(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20111017.003\EX64.SYS -> [2011/08/31 11:19:27 | 002,048,632 | ---- | M] (Symantec Corporation)

(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -> [2011/08/31 11:19:27 | 000,481,912 | ---- | M] (Symantec Corporation)

(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2011/08/31 11:19:27 | 000,136,824 | ---- | M] (Symantec Corporation)

(NAVENG) NAVENG [Kernel | On_Demand | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20111017.003\ENG64.SYS -> [2011/08/31 11:19:27 | 000,117,880 | ---- | M] (Symantec Corporation)

(IDSVia64) IDSVia64 [Kernel | System | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20111014.031\IDSviA64.sys -> [2011/08/30 14:19:26 | 000,488,568 | ---- | M] (Symantec Corporation)

(GbpKm) Gbp KernelMode [Kernel | Boot | Stopped] -> C:\Windows\system32\drivers\gbpkm.sys -> [2011/08/08 12:23:42 | 000,044,064 | ---- | M] (GAS Tecnologia)

(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\wimmount.sys -> [2009/07/13 23:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation)

 

[Registry - Safe List]

< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://g.msn.com/HPCON/3 -> 

HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://g.msn.com/HPCON/3 -> 

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://g.msn.com/HPCON/3 -> 

HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> 

HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://g.msn.com/HPCON/3 -> 

< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 

HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 

< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 

HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 

< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 

< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 

< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\] > -> -> 

HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\: Main\\"Default_Page_URL" -> http://g.msn.com/HPCON/3 -> 

HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\: Main\\"Start Page" -> http://g.msn.com/HPCON/3 -> 

HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\: "ProxyEnable" -> 0 -> 

< FireFox Settings [Prefs.js] > -> C:\Users\Asafer\AppData\Roaming\Mozilla\FireFox\Profiles\5r2g6265.default\prefs.js -> 

< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla

HKLM\software\mozilla\Firefox\Extensions ->  -> 

HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB} -> C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN\ [C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN\] -> [2011/09/02 08:44:11 | 000,000,000 | ---D | M]

HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com -> C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3 [C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3] -> [2011/08/31 12:14:19 | 000,000,000 | ---D | M]

HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6 [C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN_2010_9_0_6] -> [2011/10/17 07:46:59 | 000,000,000 | ---D | M]

HKLM\software\mozilla\Mozilla Firefox 6.0.2\extensions ->  -> 

HKLM\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2011/09/30 14:52:00 | 000,000,000 | ---D | M]

HKLM\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS -> 

< FireFox Extensions [User Folders] > -> 

  -> C:\Users\Asafer\AppData\Roaming\mozilla\Extensions -> [2011/08/31 11:07:43 | 000,000,000 | ---D | M]

  -> C:\Users\Asafer\AppData\Roaming\mozilla\Firefox\Profiles\5r2g6265.default\extensions -> [2011/09/05 10:20:23 | 000,000,000 | ---D | M]

  -> C:\Users\Asafer\AppData\Roaming\mozilla\Firefox\Profiles\5r2g6265.default\extensions\ffxtlbr@babylon.com -> [2011/09/05 10:20:24 | 000,000,000 | ---D | M]

< FireFox SearchPlugins [User Folders] > -> 

< FireFox Extensions [Program Folders] > -> 

  -> C:\Program Files (x86)\mozilla firefox\extensions -> [2011/09/02 09:52:21 | 000,000,000 | ---D | M]

Java Console   -> C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} -> [2011/09/02 09:52:22 | 000,000,000 | ---D | M]

Norton IPS -> C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN -> [2011/09/02 08:44:11 | 000,000,000 | ---D | M]

Babylon -> C:\USERS\ASAFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5R2G6265.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM -> [2011/09/05 10:20:24 | 000,000,000 | ---D | M]

< FireFox Components [Program Folders] > -> 

 FFHst.dll -> C:\USERS\ASAFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5R2G6265.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM\components\FFHst.dll -> [2011/08/02 13:05:52 | 000,474,112 | ---- | M] (Babylon Ltd.)

< HOSTS File > ([2011/10/17 08:34:21 | 000,000,698 | ---- | M] - 20 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 

Reset Hosts

127.0.0.1 localhost

< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL [Groove GFS Browser Helper] -> [2011/06/12 12:43:26 | 006,721,936 | ---- | M] (Microsoft Corporation)

{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live ID Sign-in Helper] -> [2011/03/28 22:14:36 | 000,529,280 | ---- | M] (Microsoft Corp.)

{B4F3A835-0E21-4959-BA22-42B3008E02FF} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL [Office Document Cache Handler] -> [2010/12/21 04:49:28 | 000,689,040 | ---- | M] (Microsoft Corporation)

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll [Symantec NCO BHO] -> [2011/07/13 17:05:28 | 000,419,768 | R--- | M] (Symantec Corporation)

{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKLM] -> C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL [Symantec Intrusion Prevention] -> [2010/05/13 23:41:20 | 000,079,224 | R--- | M] (Symantec Corporation)

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [Groove GFS Browser Helper] -> [2011/06/12 12:15:00 | 004,221,328 | ---- | M] (Microsoft Corporation)

{B4F3A835-0E21-4959-BA22-42B3008E02FF} [HKLM] -> C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [Office Document Cache Handler] -> [2010/12/21 02:05:22 | 000,561,552 | ---- | M] (Microsoft Corporation)

{C41A1C0E-EA6C-11D4-B1B8-444553540000} [HKLM] -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [GbIehObj Class] -> [2011/09/15 10:25:56 | 001,719,584 | ---- | M] (Banco do Brasil)

{C41A1C0E-EA6C-11D4-B1B8-444553540003} [HKLM] -> C:\Program Files (x86)\GbPlugin\gbiehCef.dll [GbIehObj Class] -> [2011/04/18 16:12:24 | 000,496,072 | ---- | M] (Caixa Economica Federal)

{C41A1C0E-EA6C-11D4-B1B8-444553540008} [HKLM] -> C:\PROGRA~2\GbPlugin\gbiehuni.dll [GbIehObj Class] -> [2011/04/26 11:38:10 | 000,505,336 | ---- | M] (Banco Unibanco)

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll [Norton Toolbar] -> [2011/07/13 17:05:28 | 000,419,768 | R--- | M] (Symantec Corporation)

< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\] > -> HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> 

WebBrowser\\"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll [Norton Toolbar] -> [2011/07/13 17:05:28 | 000,419,768 | R--- | M] (Symantec Corporation)

< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

"HotKeysCmds" -> C:\Windows\SysNative\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> [2010/02/01 04:06:58 | 000,390,680 | ---- | M] (Intel Corporation)

"hpsysdrv" -> c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe] -> [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard)

"IgfxTray" -> C:\Windows\SysNative\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> [2010/01/08 02:42:52 | 000,166,424 | ---- | M] (Intel Corporation)

"Persistence" -> C:\Windows\SysNative\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> [2010/02/01 04:07:18 | 000,410,136 | ---- | M] (Intel Corporation)

"SmartMenu" -> C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background] -> [2010/01/18 11:21:08 | 000,568,888 | ---- | M] ()

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

"IAStorIcon" -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe] -> [2010/01/15 13:41:28 | 000,284,696 | ---- | M] (Intel Corporation)

"Malwarebytes' Anti-Malware" -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe ["C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray] -> [2011/08/31 18:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation)

"PlusService" -> C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe [C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe] -> [2011/08/14 11:27:01 | 000,800,768 | ---- | M] (Yuna Software)

< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2010/11/20 10:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation)

< RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 

"mctadmin" ->  [C:\Windows\System32\mctadmin.exe] -> File not found

< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2010/11/20 10:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation)

< RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 

"mctadmin" ->  [C:\Windows\System32\mctadmin.exe] -> File not found

< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

\\"NoActiveDesktop" ->  [1] -> File not found

\\"NoActiveDesktopChanges" ->  [1] -> File not found

< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

\\"ConsentPromptBehaviorAdmin" ->  [5] -> File not found

\\"ConsentPromptBehaviorUser" ->  [3] -> File not found

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats

< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000] > -> HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 

< 64bit-Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\] > -> HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> 

&Enviar para o OneNote -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll [res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105] -> [2010/12/21 07:00:08 | 000,804,752 | ---- | M] (Microsoft Corporation)

E&xportar para o Microsoft Excel -> C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE [res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000] -> [2011/07/20 16:42:26 | 028,252,000 | ---- | M] (Microsoft Corporation)

< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\] > -> HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> 

&Enviar para o OneNote -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll [res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105] -> [2010/12/21 07:00:08 | 000,804,752 | ---- | M] (Microsoft Corporation)

E&xportar para o Microsoft Excel -> C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE [res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000] -> [2011/07/20 16:42:26 | 028,252,000 | ---- | M] (Microsoft Corporation)

< 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 

{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll [Button: Enviar para o OneNote] -> [2010/12/21 07:00:08 | 000,804,752 | ---- | M] (Microsoft Corporation)

{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll [Menu: &Enviar para o OneNote] -> [2010/12/21 07:00:08 | 000,804,752 | ---- | M] (Microsoft Corporation)

{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [Button: &Anotações Vinculadas do OneNote] -> [2010/12/21 07:00:08 | 000,595,344 | ---- | M] (Microsoft Corporation)

{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [Menu: &Anotações Vinculadas do OneNote] -> [2010/12/21 07:00:08 | 000,595,344 | ---- | M] (Microsoft Corporation)

< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 

PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix

"" -> http://

< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix

"" -> http://

< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\] > -> HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> 

www_bb.com.br [*] -> Sites confiáveis -> 

caixa.gov.br .[https] -> Sites confiáveis -> 

< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\] > -> HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< 64bit-Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab [Java Plug-in 1.6.0_27] -> 

{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab [Java Plug-in 1.6.0_27] -> 

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab [Reg Error: Key error.] -> 

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab [Java Plug-in 1.6.0_26] -> 

{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab [Java Plug-in 1.6.0_26] -> 

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab [Java Plug-in 1.6.0_26] -> 

{E37CB5F0-51F5-4395-A808-5FA49E399008} [HKLM] -> https://clickbanking.itau.com.br/itau/gbplugin/gbplugin2/cab/GbPluginUni.cab [GbPluginObj Class] -> 

< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 

DhcpNameServer -> 192.168.1.1 -> 

< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 

{776A8908-6E25-4400-A29E-2D924479921A}\\DhcpNameServer -> 192.168.1.1   (Realtek PCIe GBE Family Controller) -> 

< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 

explorer.exe -> C:\Windows\explorer.exe -> [2011/02/25 04:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)

*MultiFile Done* -> -> 

64bit-*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 

C:\Windows\system32\userinit.exe -> C:\Windows\SysNative\userinit.exe -> [2010/11/20 11:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation)

*MultiFile Done* -> -> 

64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 

SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 23:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)

/pagefile ->  -> File not found

*MultiFile Done* -> -> 

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 

explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2011/02/25 03:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)

*MultiFile Done* -> -> 

*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 

userinit.exe -> C:\Windows\SysWow64\userinit.exe -> [2010/11/20 10:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation)

*MultiFile Done* -> -> 

*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 

/pagefile ->  -> File not found

*MultiFile Done* -> -> 

< Winlogon settings [HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000] > -> HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

*Shell* -> HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 

explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2011/02/25 03:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)

*MultiFile Done* -> -> 

< 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 

igfxcui -> C:\Windows\SysNative\igfxdev.dll -> [2010/01/08 01:40:48 | 000,268,800 | ---- | M] (Intel Corporation)

< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 

 GbPluginBb -> C:\Program Files (x86)\GbPlugin\gbieh.dll -> [2011/09/15 10:25:56 | 001,719,584 | ---- | M] (Banco do Brasil)

 GbPluginCef -> C:\Program Files (x86)\GbPlugin\gbiehCef.dll -> [2011/04/18 16:12:24 | 000,496,072 | ---- | M] (Caixa Economica Federal)

 GbPluginUni -> C:\PROGRA~2\GbPlugin\gbiehUni.dll -> [2011/04/26 11:38:10 | 000,505,336 | ---- | M] (Banco Unibanco)

< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 

"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found

< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 

"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found

< 64bit-ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL [Groove GFS Stub Execution Hook] -> [2011/06/12 12:43:26 | 006,721,936 | ---- | M] (Microsoft Corporation)

< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [Groove GFS Stub Execution Hook] -> [2011/06/12 12:15:00 | 004,221,328 | ---- | M] (Microsoft Corporation)

"{E37CB5F0-51F5-4395-A808-5FA49E399003}" [HKLM] -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [GbPlugin ShlObj] -> [2011/04/18 16:12:24 | 000,496,072 | ---- | M] (Caixa Economica Federal)

"{E37CB5F0-51F5-4395-A808-5FA49E399008}" [HKLM] -> C:\PROGRA~2\GbPlugin\gbiehuni.dll [GbPlugin ShlObj] -> [2011/04/26 11:38:10 | 000,505,336 | ---- | M] (Banco Unibanco)

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}" [HKLM] -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [GbPlugin ShlObj] -> [2011/09/15 10:25:56 | 001,719,584 | ---- | M] (Banco do Brasil)

< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 

{082C5AE0-F68F-4313-B688-5D1C86CF3100} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system | 

{19FBE748-01B1-4149-A64B-127A8AF44A0A} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28511 | app=system | 

{22A3F79C-222E-48E1-998F-C97E68742468} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28519 | app=system | 

{26908B7E-9CE1-4D7C-A448-FC3488A71A33} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 

{2EA4D0B8-1279-4B18-9194-3D8D841D8BFC} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv | 

{38B15D58-86AB-47DA-BC2D-A8926BFCF751} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28523 | app=system | 

{3DC091EF-E34F-4766-A77B-F13AD15BA358} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28539 | svc=rpcss | 

{469BFD29-78B7-45E4-9260-86F2C6FE92CC} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live communications platform (ssdp) | 

{4ADA5B1C-39E3-4FF5-8FEB-EC6C554F0128} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave | 

{4E5E3B2B-E887-4194-9F2A-AD79BA82C477} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31289 | app=system | 

{50AF90D7-027C-4F90-8866-A80406F68D87} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 

{76CA40E6-93BE-4725-9E26-3670424FF7DE} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 

{8BE7DE48-9231-42BD-9D12-8262D0F81D68} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28531 | app=system | 

{8F63362F-8043-4141-B5F4-CC1935A82DA3} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31277 | app=system | 

{97FDB00A-747A-4EFA-8E73-8066B7E12E50} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28507 | app=system | 

{A5CFA393-F6CA-4A55-8E15-7C575413B856} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 

{ADDFD491-BE76-4CD3-B5A6-2D094178D57D} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live communications platform (upnp) | 

{BB60EDD0-F1F8-4D27-B63C-ACBE983A2FC5} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28515 | app=system | 

{BDFE101C-876E-479F-B180-897685201D1B} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28527 | app=system | 

{C0ED538E-9640-4274-A105-1CA784EAE396} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 

{D3AD57F8-92D2-4330-AB64-00F55428F5C6} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | 

{D570B8F3-67E5-43EE-B21E-72F5AA3B6A17} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31285 | app=system | 

{E243D7CD-0470-40B6-99CC-A7A850AA0C08} -> lport=6004 | profile=private | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files\microsoft office\office14\outlook.exe | 

{E8F946BC-D39B-403D-8299-9C82C4B2E49A} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 

{EBE8DC26-A963-42D1-835E-D8764E7E2D3F} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28503 | app=system | 

{F66FDB9D-0543-4ECD-8C96-590B5E954D17} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave | 

{FA6D6D8C-E2F9-467F-AF9E-AE54FA9EDFEA} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave | 

{FF038BF5-027C-489A-8E90-F7C41172547B} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave | 

< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 

{01A0F993-45A4-4DD3-A40C-6DDD754383DA} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31297 | app=%programfiles%\windows media player\wmplayer.exe | 

{02F28A51-D936-457B-B465-02DE17F76996} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31309 | app=%programfiles%\windows media player\wmpnetwk.exe | 

{0386D796-DDD0-44DE-AA73-E3763EA0076D} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

{03ECFCE7-FAD8-408C-830F-04AFF5709753} -> dir=in | action=allow | name=hp mediasmart dvd | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | 

{0AB3EC94-3BF9-4BCC-BE1D-B69B53383858} -> dir=in | action=allow | name=hpwucli.exe | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 

{10145F78-2840-4835-A633-69F70C50B124} -> dir=in | action=allow | name=hpfccopy.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 

{1942A3F1-C8AA-478D-B4F0-4918C203CFD3} -> dir=in | action=allow | name=smartwebprintexe.exe | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 

{1EE21006-A87F-4966-91E9-9B5B86780893} -> dir=in | action=allow | name=hpqkygrp.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 

{253A0411-6E77-479A-9613-23940AA0DD8C} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31293 | app=%programfiles%\windows media player\wmplayer.exe | 

{34BC452F-A2A2-466D-A2C8-7109F0832870} -> dir=in | action=allow | name=hposfx08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 

{3C464747-D756-4FC4-A146-1CEE36236A5E} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft onenote | app=c:\program files\microsoft office\office14\onenote.exe | 

{3F5D4BCE-6174-4B45-A365-F7F878FDADC2} -> profile=private | protocol=58 | dir=out | action=allow | name=@firewallapi.dll,-28546 | 

{447B8F8C-DCDC-48E1-8801-9C6DBB1B95B7} -> profile=private | protocol=6 | dir=in | action=allow | name=teamviewer remote control application | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 

{45253CA5-CC13-47AD-9D4E-50F7C30D859B} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31003 | app=%programfiles%\windows media player\wmplayer.exe | 

{48FFA551-7889-441B-A953-4FCCD1F3027F} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

{49CA76F3-2BB1-4145-8D3E-F0E673E6373A} -> dir=in | action=allow | name=hpiscnapp.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 

{552BFBE6-5801-4A01-9AB8-A67126D60C5A} -> dir=in | action=allow | name=hpqgpc01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 

{5F27214C-8071-423E-81CC-26146E6A6727} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31011 | app=%programfiles%\windows media player\wmplayer.exe | 

{5F795B23-BF85-429B-BDC8-9F7B579BBEAB} -> dir=in | action=allow | name=hpqtra08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 

{62D9D371-5F14-4BD5-B6A8-C227432A1EA3} -> profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31313 | app=%programfiles%\windows media player\wmpnetwk.exe | 

{63F50964-4EA5-4A55-95F9-20515EBB2919} -> dir=in | action=allow | name=hpqfxt08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 

{68D7E8CD-DDED-423F-95DE-3F4DCD8790DE} -> dir=in | action=allow | name=hposid01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 

{68F697DC-2B9D-48B6-867C-30204E74A6EE} -> dir=in | action=allow | name=hpofxs08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 

{69ABBE0A-C979-4D15-AA66-E3F705AB8D66} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

{73A62146-8A39-4BDE-89E0-8C7153246429} -> profile=private | protocol=58 | dir=in | action=allow | name=@firewallapi.dll,-28545 | 

{75E9138F-7571-4EC2-AE12-F98B69385AC4} -> dir=in | action=allow | name=hpqste08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 

{795CCB61-93C9-4950-863C-F2FE2FA4A259} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost | 

{857D112F-D818-46F6-93D8-29689C95F1E7} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft onenote | app=c:\program files\microsoft office\office14\onenote.exe | 

{88D582D4-1D92-4308-8F18-AB382741911B} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

{8EA11726-31BD-4BC5-81E3-ED8DF31DE772} -> dir=in | action=allow | name=hpzwiz01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 

{94F863F1-4836-4596-83EC-024D5CD5AC9F} -> dir=in | action=allow | name=hpqusgh.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 

{9797B766-0AD2-4B5A-96C1-5A485BDF3AC9} -> dir=in | action=allow | name=windows live sync | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 

{A21A6A14-1738-49AB-9015-F084F33FCB8B} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31281 | app=system | 

{A41F9503-4E46-4F05-8E69-6CDAC0150621} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31007 | app=%programfiles%\windows media player\wmplayer.exe | 

{A7D504E3-B9B7-43D3-B34B-BAB41DAADE1E} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31317 | app=%programfiles%\windows media player\wmpnetwk.exe | 

{A9E170EB-6E3E-4476-BBFD-5666295CC518} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | 

{AC28D269-2C3D-489C-9EE5-015565EFFBEB} -> profile=private | protocol=1 | dir=in | action=allow | name=@firewallapi.dll,-28543 | 

{B1F3768F-C37D-4AB6-9C15-8A4E12A07A04} -> dir=in | action=allow | name=windows live communications platform | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

{B29935FE-8BC7-4156-AB3F-F452680C4B9F} -> profile=private | protocol=17 | dir=in | action=allow | name=teamviewer remote control service | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 

{B3A1BCDD-6414-4BF9-BC86-0341F507A181} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31301 | app=%programfiles%\windows media player\wmplayer.exe | 

{B5141E6C-3DF6-4E5F-885D-C5608180352C} -> profile=private | protocol=17 | dir=in | action=allow | name=teamviewer remote control application | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 

{BE4F893D-458B-4125-AAF8-8F2B73261EF9} -> dir=in | action=allow | name=hpqusgm.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 

{C175CC87-22D0-44FB-BC2D-0A13141A89C4} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31305 | app=%programfiles%\windows media player\wmpnetwk.exe | 

{C212BCDF-5972-4C60-99A5-E031C79BB530} -> dir=in | action=allow | name=hpofxm08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 

{E46B62C9-3978-4450-A80F-30DE152F6AA0} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft sharepoint workspace | app=c:\program files\microsoft office\office14\groove.exe | 

{E4B3CEE8-1C58-46EA-8EB6-0E163627FE00} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft sharepoint workspace | app=c:\program files\microsoft office\office14\groove.exe | 

{E8EF2847-ADB0-4EAB-A29F-CBFB44D77A7E} -> profile=private | protocol=6 | dir=in | action=allow | name=teamviewer remote control service | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 

{ECA5D405-869C-4E1D-87AF-4113A3F02D65} -> dir=in | action=allow | name=hpoews01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 

{F105B450-CE0B-4BB5-87DF-313C7403CB6A} -> profile=private | protocol=1 | dir=out | action=allow | name=@firewallapi.dll,-28544 | 

{F3718402-7542-44E4-B9E6-74101903A419} -> dir=in | action=allow | name=hpqgplgtupl.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 

{F82C6CD2-D2BB-4CDD-B7F8-00BB55DEE279} -> dir=in | action=allow | name=hp touchsmart music | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe | 

< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 

< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->

"AutoRun" -> 1 -> 

"DisplayName" -> Driver de CD-ROM -> 

"ImagePath" ->  [\SystemRoot\system32\drivers\cdrom.sys] -> File not found

< Drives with AutoRun files > ->  -> 

E:\autorun.inf [[autorun] | open=setup.exe | icon=setup.exe | ] -> E:\autorun.inf [ CDFS ] -> [2008/09/03 09:57:20 | 000,000,043 | R--- | M] ()

< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 

\{efcfc746-d343-11e0-b7ce-806e6f6e6963}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efcfc746-d343-11e0-b7ce-806e6f6e6963}\shell

\{efcfc746-d343-11e0-b7ce-806e6f6e6963}\shell\\"" ->  [AutoRun] -> File not found

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efcfc746-d343-11e0-b7ce-806e6f6e6963}\shell\AutoRun\command

\{efcfc746-d343-11e0-b7ce-806e6f6e6963}\shell\AutoRun\command\\"" -> E:\setup.exe [E:\setup.exe] -> [2004/10/21 20:38:02 | 000,126,976 | R--- | M] (Macrovision Corporation)

< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 

64bit-comfile [open] -> "%1" %*

64bit-exefile [open] -> "%1" %*

comfile [open] -> "%1" %* -> 

exefile [open] -> "%1" %* -> 

< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 

.com [@ = comfile] -> "%1" %* -> 

.exe [@ = exefile] -> "%1" %* -> 

< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 

.com [@ = comfile] -> "%1" %* -> 

.exe [@ = exefile] -> "%1" %* -> 

 

[Registry - Additional Scans - Safe List]

 

[Files/Folders - Created Within 30 Days]

 LinhaDefensiva -> C:\LinhaDefensiva -> [2011/10/17 08:33:41 | 000,000,000 | ---D | C]

 {3978F0C4-252D-41AF-AF3C-D43D71120394} -> C:\Users\Asafer\AppData\Local\{3978F0C4-252D-41AF-AF3C-D43D71120394} -> [2011/10/17 07:49:38 | 000,000,000 | ---D | C]

 {BCC61691-9BD7-43E5-BFBD-8E5FC0FF5D00} -> C:\Users\Asafer\AppData\Local\{BCC61691-9BD7-43E5-BFBD-8E5FC0FF5D00} -> [2011/10/17 07:49:18 | 000,000,000 | ---D | C]

 {470637DC-C2B1-4020-AA3E-D2B02EA03A74} -> C:\Users\Asafer\AppData\Local\{470637DC-C2B1-4020-AA3E-D2B02EA03A74} -> [2011/10/14 08:58:15 | 000,000,000 | ---D | C]

 {CDCF1FF1-198E-47AE-B742-D8F5D285FC7F} -> C:\Users\Asafer\AppData\Local\{CDCF1FF1-198E-47AE-B742-D8F5D285FC7F} -> [2011/10/14 08:58:01 | 000,000,000 | ---D | C]

 {1F0431B7-74C9-4D1A-920B-9B425D4F3406} -> C:\Users\Asafer\AppData\Local\{1F0431B7-74C9-4D1A-920B-9B425D4F3406} -> [2011/10/13 08:43:16 | 000,000,000 | ---D | C]

 {E118C3A5-3BC6-4355-A095-F9379872855F} -> C:\Users\Asafer\AppData\Local\{E118C3A5-3BC6-4355-A095-F9379872855F} -> [2011/10/13 08:43:06 | 000,000,000 | ---D | C]

 {A794AE43-FB11-4BF4-A534-3BC7112B5222} -> C:\Users\Asafer\AppData\Local\{A794AE43-FB11-4BF4-A534-3BC7112B5222} -> [2011/10/11 08:58:38 | 000,000,000 | ---D | C]

 {AA13F719-9694-47E7-8E5E-B33B538B0050} -> C:\Users\Asafer\AppData\Local\{AA13F719-9694-47E7-8E5E-B33B538B0050} -> [2011/10/11 08:58:28 | 000,000,000 | ---D | C]

 {C2FB6AE7-73E9-4C83-86B3-F828EC41E293} -> C:\Users\Asafer\AppData\Local\{C2FB6AE7-73E9-4C83-86B3-F828EC41E293} -> [2011/10/10 09:02:06 | 000,000,000 | ---D | C]

 {9A8A6B28-37FC-4BA0-8D6B-76B1C984A9CC} -> C:\Users\Asafer\AppData\Local\{9A8A6B28-37FC-4BA0-8D6B-76B1C984A9CC} -> [2011/10/10 09:01:56 | 000,000,000 | ---D | C]

 SymIMV.sys -> C:\Windows\SysNative\drivers\SymIMV.sys -> [2011/10/07 15:39:44 | 000,053,808 | R--- | C] (Symantec Corporation)

 {CBCF4C5C-18E1-49CB-A487-013FD29D0BE0} -> C:\Users\Asafer\AppData\Local\{CBCF4C5C-18E1-49CB-A487-013FD29D0BE0} -> [2011/10/07 08:46:06 | 000,000,000 | ---D | C]

 {86DD5E7C-2E1D-4D37-B416-8121E74A541D} -> C:\Users\Asafer\AppData\Local\{86DD5E7C-2E1D-4D37-B416-8121E74A541D} -> [2011/10/07 08:45:55 | 000,000,000 | ---D | C]

 Google Earth -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth -> [2011/10/06 18:35:43 | 000,000,000 | ---D | C]

 {FDDC129C-1B27-4419-82EA-F48C057A553F} -> C:\Users\Asafer\AppData\Local\{FDDC129C-1B27-4419-82EA-F48C057A553F} -> [2011/10/06 08:50:50 | 000,000,000 | ---D | C]

 {3A12D778-555E-4CE2-BC3A-6E475D7A6D3B} -> C:\Users\Asafer\AppData\Local\{3A12D778-555E-4CE2-BC3A-6E475D7A6D3B} -> [2011/10/06 08:50:40 | 000,000,000 | ---D | C]

 CyberLink -> C:\Users\Asafer\AppData\Roaming\CyberLink -> [2011/10/05 12:23:52 | 000,000,000 | ---D | C]

 {6D89930D-C8B4-45CF-8E2D-91CB07ED7D99} -> C:\Users\Asafer\AppData\Local\{6D89930D-C8B4-45CF-8E2D-91CB07ED7D99} -> [2011/10/05 08:42:40 | 000,000,000 | ---D | C]

 {FC72EA9B-DFEC-41EB-B8F3-FBE20F57FB78} -> C:\Users\Asafer\AppData\Local\{FC72EA9B-DFEC-41EB-B8F3-FBE20F57FB78} -> [2011/10/05 08:42:27 | 000,000,000 | ---D | C]

 {E7EE81FD-E9B8-42F1-BB6B-B933C411E46A} -> C:\Users\Asafer\AppData\Local\{E7EE81FD-E9B8-42F1-BB6B-B933C411E46A} -> [2011/10/04 08:38:20 | 000,000,000 | ---D | C]

 {C2C9DFD1-854D-4752-AF75-0098AFFBCC51} -> C:\Users\Asafer\AppData\Local\{C2C9DFD1-854D-4752-AF75-0098AFFBCC51} -> [2011/10/04 08:38:09 | 000,000,000 | ---D | C]

 {9EB0184A-2293-4AD9-AB4A-440A7C224EB2} -> C:\Users\Asafer\AppData\Local\{9EB0184A-2293-4AD9-AB4A-440A7C224EB2} -> [2011/10/03 08:53:23 | 000,000,000 | ---D | C]

 {DAEE7FB1-372D-4E51-9932-D1EDCA1633C4} -> C:\Users\Asafer\AppData\Local\{DAEE7FB1-372D-4E51-9932-D1EDCA1633C4} -> [2011/10/03 08:53:13 | 000,000,000 | ---D | C]

 Google -> C:\Program Files (x86)\Google -> [2011/09/30 14:24:04 | 000,000,000 | ---D | C]

 Google -> C:\Users\Asafer\AppData\Local\Google -> [2011/09/30 14:23:57 | 000,000,000 | ---D | C]

 {B5937021-1307-4991-BFDB-1AD7FBD6AFC9} -> C:\Users\Asafer\AppData\Local\{B5937021-1307-4991-BFDB-1AD7FBD6AFC9} -> [2011/09/30 08:50:00 | 000,000,000 | ---D | C]

 {D6FD73FE-9F3E-4EC1-9137-BC3F1D1479A2} -> C:\Users\Asafer\AppData\Local\{D6FD73FE-9F3E-4EC1-9137-BC3F1D1479A2} -> [2011/09/30 08:49:49 | 000,000,000 | ---D | C]

 {6E8099EB-3C2D-4C82-8ACE-14B27857FF5D} -> C:\Users\Asafer\AppData\Local\{6E8099EB-3C2D-4C82-8ACE-14B27857FF5D} -> [2011/09/29 08:40:54 | 000,000,000 | ---D | C]

 {427F2C0D-4F59-4511-B673-6A90B9542655} -> C:\Users\Asafer\AppData\Local\{427F2C0D-4F59-4511-B673-6A90B9542655} -> [2011/09/29 08:40:44 | 000,000,000 | ---D | C]

 {A40A6761-F046-4C7B-B4EA-D718E46ADF5F} -> C:\Users\Asafer\AppData\Local\{A40A6761-F046-4C7B-B4EA-D718E46ADF5F} -> [2011/09/28 20:40:31 | 000,000,000 | ---D | C]

 {1E76E2D8-065D-4037-A386-7DE4333F1C7E} -> C:\Users\Asafer\AppData\Local\{1E76E2D8-065D-4037-A386-7DE4333F1C7E} -> [2011/09/28 20:40:21 | 000,000,000 | ---D | C]

 {895FC1D7-EA58-49F5-9C26-F02E3E5E6F4C} -> C:\Users\Asafer\AppData\Local\{895FC1D7-EA58-49F5-9C26-F02E3E5E6F4C} -> [2011/09/28 08:40:08 | 000,000,000 | ---D | C]

 {A7E33AD1-1CDD-493D-9A53-6EAB2A8C7378} -> C:\Users\Asafer\AppData\Local\{A7E33AD1-1CDD-493D-9A53-6EAB2A8C7378} -> [2011/09/28 08:39:57 | 000,000,000 | ---D | C]

 {B04AAD00-70C7-4E97-A929-B25F70D85B02} -> C:\Users\Asafer\AppData\Local\{B04AAD00-70C7-4E97-A929-B25F70D85B02} -> [2011/09/27 10:23:25 | 000,000,000 | ---D | C]

 {86BD3007-4B76-4BD8-8030-01647BBD65AF} -> C:\Users\Asafer\AppData\Local\{86BD3007-4B76-4BD8-8030-01647BBD65AF} -> [2011/09/27 10:23:14 | 000,000,000 | ---D | C]

 {18E64EF8-5620-4B0E-8946-B0070D55284A} -> C:\Users\Asafer\AppData\Local\{18E64EF8-5620-4B0E-8946-B0070D55284A} -> [2011/09/26 08:47:00 | 000,000,000 | ---D | C]

 {02BBE3F7-5AD0-47A9-86E2-5394FA5796CB} -> C:\Users\Asafer\AppData\Local\{02BBE3F7-5AD0-47A9-86E2-5394FA5796CB} -> [2011/09/26 08:46:35 | 000,000,000 | ---D | C]

 Fatalyzer -> C:\Program Files (x86)\Fatalyzer -> [2011/09/23 16:21:42 | 000,000,000 | ---D | C]

 {DEC779A0-02D0-4838-9696-42A1E4955367} -> C:\Users\Asafer\AppData\Local\{DEC779A0-02D0-4838-9696-42A1E4955367} -> [2011/09/23 10:48:15 | 000,000,000 | ---D | C]

 {93B5E325-9DAA-4176-94B1-8E88457BD27C} -> C:\Users\Asafer\AppData\Local\{93B5E325-9DAA-4176-94B1-8E88457BD27C} -> [2011/09/23 10:48:04 | 000,000,000 | ---D | C]

 {21E2D4B0-E751-41FB-88E7-A1A60F60A595} -> C:\Users\Asafer\AppData\Local\{21E2D4B0-E751-41FB-88E7-A1A60F60A595} -> [2011/09/23 10:10:35 | 000,000,000 | ---D | C]

 {6C18F5BF-24C2-413D-9A07-68DC34E927BD} -> C:\Users\Asafer\AppData\Local\{6C18F5BF-24C2-413D-9A07-68DC34E927BD} -> [2011/09/23 09:00:42 | 000,000,000 | ---D | C]

 {50C68694-B776-431F-8D27-9B065F7C3007} -> C:\Users\Asafer\AppData\Local\{50C68694-B776-431F-8D27-9B065F7C3007} -> [2011/09/23 08:43:22 | 000,000,000 | ---D | C]

 Microsoft Games -> C:\Users\Asafer\AppData\Local\Microsoft Games -> [2011/09/22 15:24:55 | 000,000,000 | ---D | C]

 Arquivos -> C:\Users\Asafer\Desktop\Arquivos -> [2011/09/22 10:53:36 | 000,000,000 | R--D | C]

 {26091D14-F7C6-49A5-A6A1-747D79F6C342} -> C:\Users\Asafer\AppData\Local\{26091D14-F7C6-49A5-A6A1-747D79F6C342} -> [2011/09/22 08:33:25 | 000,000,000 | ---D | C]

 {36CAD7A4-CCD0-47EF-97D1-3A0B4D8E2DB2} -> C:\Users\Asafer\AppData\Local\{36CAD7A4-CCD0-47EF-97D1-3A0B4D8E2DB2} -> [2011/09/22 08:33:14 | 000,000,000 | ---D | C]

 {F3EDDD4D-A629-40F6-BE23-520E5F58E5E3} -> C:\Users\Asafer\AppData\Local\{F3EDDD4D-A629-40F6-BE23-520E5F58E5E3} -> [2011/09/21 08:43:20 | 000,000,000 | ---D | C]

 {D371C016-AF30-4609-BE61-BB0CB0B45E96} -> C:\Users\Asafer\AppData\Local\{D371C016-AF30-4609-BE61-BB0CB0B45E96} -> [2011/09/21 08:43:08 | 000,000,000 | ---D | C]

 Malwarebytes -> C:\Users\Asafer\AppData\Roaming\Malwarebytes -> [2011/09/20 08:56:59 | 000,000,000 | ---D | C]

 Malwarebytes' Anti-Malware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2011/09/20 08:55:35 | 000,000,000 | ---D | C]

 Malwarebytes -> C:\ProgramData\Malwarebytes -> [2011/09/20 08:55:34 | 000,000,000 | ---D | C]

 mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2011/09/20 08:55:31 | 000,025,416 | ---- | C] (Malwarebytes Corporation)

 Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2011/09/20 08:55:31 | 000,000,000 | ---D | C]

 {ACDCC761-5320-4A07-93CB-DA248F20540A} -> C:\Users\Asafer\AppData\Local\{ACDCC761-5320-4A07-93CB-DA248F20540A} -> [2011/09/20 08:35:46 | 000,000,000 | ---D | C]

 {C9BCAE34-1815-46BA-B6B6-BBFCA92D9409} -> C:\Users\Asafer\AppData\Local\{C9BCAE34-1815-46BA-B6B6-BBFCA92D9409} -> [2011/09/20 08:35:33 | 000,000,000 | ---D | C]

 Meus arquivos recebidos -> C:\Users\Asafer\Documents\Meus arquivos recebidos -> [2011/09/19 09:37:12 | 000,000,000 | ---D | C]

 {EA0B8A84-C688-4F8F-A2F5-487A1729D970} -> C:\Users\Asafer\AppData\Local\{EA0B8A84-C688-4F8F-A2F5-487A1729D970} -> [2011/09/19 08:42:44 | 000,000,000 | ---D | C]

 {A4506285-64D1-4235-B673-8CF14117291C} -> C:\Users\Asafer\AppData\Local\{A4506285-64D1-4235-B673-8CF14117291C} -> [2011/09/19 08:42:33 | 000,000,000 | ---D | C]

 Implode.dll -> C:\Windows\SysWow64\Implode.dll -> [2011/09/16 10:00:18 | 000,018,944 | ---- | C] ( )

 Zipdll.dll -> C:\Windows\SysWow64\Zipdll.dll -> [2011/09/05 11:41:23 | 000,099,840 | ---- | C] ( )

 Unzdll.dll -> C:\Windows\SysWow64\Unzdll.dll -> [2011/09/05 11:41:23 | 000,094,208 | ---- | C] ( )

 

[Files/Folders - Modified Within 30 Days]

 GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2011/10/17 16:34:01 | 000,001,068 | ---- | M] ()

 206476_203575283009293_100000704682409_642699_1260483_n.jpg -> C:\Users\Asafer\Desktop\206476_203575283009293_100000704682409_642699_1260483_n.jpg -> [2011/10/17 14:03:14 | 000,101,289 | ---- | M] ()

 218183_203573959676092_100000704682409_642694_7225002_n.jpg -> C:\Users\Asafer\Desktop\218183_203573959676092_100000704682409_642694_7225002_n.jpg -> [2011/10/17 14:03:14 | 000,088,321 | ---- | M] ()

 GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2011/10/17 13:34:00 | 000,001,064 | ---- | M] ()

 Drawing1.dwl2 -> C:\Users\Asafer\Documents\Drawing1.dwl2 -> [2011/10/17 11:51:24 | 000,000,214 | -H-- | M] ()

 Drawing1.dwl -> C:\Users\Asafer\Documents\Drawing1.dwl -> [2011/10/17 11:51:24 | 000,000,064 | -H-- | M] ()

 Default.rdp -> C:\Users\Asafer\Documents\Default.rdp -> [2011/10/17 11:40:00 | 000,002,016 | -H-- | M] ()

 Cat.DB -> C:\Windows\SysNative\drivers\NISx64\1109000.00C\Cat.DB -> [2011/10/17 09:26:16 | 001,689,848 | ---- | M] ()

 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/10/17 07:58:30 | 000,015,792 | -H-- | M] ()

 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/10/17 07:58:30 | 000,015,792 | -H-- | M] ()

 PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2011/10/17 07:53:03 | 001,654,760 | ---- | M] ()

 prfh0416.dat -> C:\Windows\SysNative\prfh0416.dat -> [2011/10/17 07:53:03 | 000,715,524 | ---- | M] ()

 perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2011/10/17 07:53:03 | 000,662,518 | ---- | M] ()

 prfc0416.dat -> C:\Windows\SysNative\prfc0416.dat -> [2011/10/17 07:53:03 | 000,146,702 | ---- | M] ()

 perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2011/10/17 07:53:03 | 000,123,772 | ---- | M] ()

 bootstat.dat -> C:\Windows\bootstat.dat -> [2011/10/17 07:46:38 | 000,067,584 | --S- | M] ()

 hiberfil.sys -> C:\hiberfil.sys -> [2011/10/17 07:46:31 | 2962,550,784 | -HS- | M] ()

 FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2011/10/14 08:52:06 | 000,516,448 | ---- | M] ()

 Norton Internet Security.lnk -> C:\Users\Public\Desktop\Norton Internet Security.lnk -> [2011/10/14 08:46:03 | 000,002,491 | ---- | M] ()

 HPCeeScheduleForAsafer.job -> C:\Windows\tasks\HPCeeScheduleForAsafer.job -> [2011/10/14 08:45:57 | 000,000,336 | ---- | M] ()

 I.R.I.S. Resource Center.lnk -> C:\Users\Asafer\Desktop\I.R.I.S. Resource Center.lnk -> [2011/10/13 16:24:02 | 000,001,256 | ---- | M] ()

 IMG_4841.JPG -> C:\Users\Asafer\Desktop\IMG_4841.JPG -> [2011/10/11 09:19:22 | 004,906,973 | ---- | M] ()

 ACRILICO - BRAHMA COUNTRY.dwg -> C:\Users\Asafer\Desktop\ACRILICO - BRAHMA COUNTRY.dwg -> [2011/10/10 10:56:12 | 000,017,033 | ---- | M] ()

 Boleto_14362680000010489-0.pdf -> C:\Users\Asafer\Desktop\Boleto_14362680000010489-0.pdf -> [2011/10/07 18:29:31 | 000,049,656 | ---- | M] ()

 111003_DISCO+DISPERSOR+MAIOR.dxf -> C:\Users\Asafer\Desktop\111003_DISCO+DISPERSOR+MAIOR.dxf -> [2011/10/04 10:40:41 | 000,161,491 | ---- | M] ()

 111003_DISCO+DISPERSOR+MAIOR.dwg -> C:\Users\Asafer\Desktop\111003_DISCO+DISPERSOR+MAIOR.dwg -> [2011/10/04 10:38:04 | 000,056,783 | ---- | M] ()

 CCleaner.lnk -> C:\Users\Public\Desktop\CCleaner.lnk -> [2011/10/04 09:35:59 | 000,000,824 | ---- | M] ()

 PCDRScheduledMaintenance.job -> C:\Windows\tasks\PCDRScheduledMaintenance.job -> [2011/09/30 11:17:09 | 000,000,544 | ---- | M] ()

 Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/09/20 08:55:36 | 000,001,115 | ---- | M] ()

 isolate.ini -> C:\Windows\SysNative\drivers\NISx64\1109000.00C\isolate.ini -> [2011/09/19 20:59:44 | 000,000,172 | ---- | M] ()

 cc_20110919_090828.reg -> C:\Users\Asafer\Documents\cc_20110919_090828.reg -> [2011/09/19 10:08:32 | 000,022,372 | ---- | M] ()

 

[Files - No Company Name]

 206476_203575283009293_100000704682409_642699_1260483_n.jpg -> C:\Users\Asafer\Desktop\206476_203575283009293_100000704682409_642699_1260483_n.jpg -> [2011/10/17 14:03:33 | 000,101,289 | ---- | C] ()

 218183_203573959676092_100000704682409_642694_7225002_n.jpg -> C:\Users\Asafer\Desktop\218183_203573959676092_100000704682409_642694_7225002_n.jpg -> [2011/10/17 14:03:25 | 000,088,321 | ---- | C] ()

 Drawing1.dwl2 -> C:\Users\Asafer\Documents\Drawing1.dwl2 -> [2011/10/17 11:51:24 | 000,000,214 | -H-- | C] ()

 Drawing1.dwl -> C:\Users\Asafer\Documents\Drawing1.dwl -> [2011/10/17 11:51:24 | 000,000,064 | -H-- | C] ()

 Norton Internet Security.lnk -> C:\Users\Public\Desktop\Norton Internet Security.lnk -> [2011/10/14 08:46:03 | 000,002,491 | ---- | C] ()

 I.R.I.S. Resource Center.lnk -> C:\Users\Asafer\Desktop\I.R.I.S. Resource Center.lnk -> [2011/10/13 16:24:02 | 000,001,256 | ---- | C] ()

 IMG_4841.JPG -> C:\Users\Asafer\Desktop\IMG_4841.JPG -> [2011/10/11 08:59:22 | 004,906,973 | ---- | C] ()

 ACRILICO - BRAHMA COUNTRY.dwg -> C:\Users\Asafer\Desktop\ACRILICO - BRAHMA COUNTRY.dwg -> [2011/10/10 10:56:10 | 000,017,033 | ---- | C] ()

 Boleto_14362680000010489-0.pdf -> C:\Users\Asafer\Desktop\Boleto_14362680000010489-0.pdf -> [2011/10/07 18:29:31 | 000,049,656 | ---- | C] ()

 111003_DISCO+DISPERSOR+MAIOR.dxf -> C:\Users\Asafer\Desktop\111003_DISCO+DISPERSOR+MAIOR.dxf -> [2011/10/04 10:40:41 | 000,161,491 | ---- | C] ()

 111003_DISCO+DISPERSOR+MAIOR.dwg -> C:\Users\Asafer\Desktop\111003_DISCO+DISPERSOR+MAIOR.dwg -> [2011/10/04 10:38:04 | 000,056,783 | ---- | C] ()

 GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2011/09/30 14:24:08 | 000,001,068 | ---- | C] ()

 GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2011/09/30 14:24:07 | 000,001,064 | ---- | C] ()

 Fatalyzer.LNK -> C:\Users\Asafer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fatalyzer.LNK -> [2011/09/23 16:21:42 | 000,001,075 | ---- | C] ()

 HPCeeScheduleForAsafer.job -> C:\Windows\tasks\HPCeeScheduleForAsafer.job -> [2011/09/22 18:25:34 | 000,000,336 | ---- | C] ()

 Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/09/20 08:55:36 | 000,001,115 | ---- | C] ()

 cc_20110919_090828.reg -> C:\Users\Asafer\Documents\cc_20110919_090828.reg -> [2011/09/19 10:08:31 | 000,022,372 | ---- | C] ()

 Co2c40en.dll -> C:\Windows\SysWow64\Co2c40en.dll -> [2011/09/16 10:00:17 | 000,748,160 | ---- | C] ()

 hpwins26.dat.temp -> C:\Windows\hpwins26.dat.temp -> [2011/08/31 12:13:30 | 000,223,041 | ---- | C] ()

 hpwmdl26.dat.temp -> C:\Windows\hpwmdl26.dat.temp -> [2011/08/31 12:13:30 | 000,000,370 | ---- | C] ()

 hpwins26.dat -> C:\Windows\hpwins26.dat -> [2011/08/31 11:46:32 | 000,223,200 | ---- | C] ()

 srvany.exe -> C:\Windows\SysWow64\srvany.exe -> [2011/08/31 10:58:32 | 000,008,192 | ---- | C] ()

 wklnhst.dat -> C:\Users\Asafer\AppData\Roaming\wklnhst.dat -> [2011/08/31 09:22:06 | 000,000,000 | ---- | C] ()

 PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2011/08/31 08:54:35 | 001,515,172 | ---- | C] ()

 igkrng575.bin -> C:\Windows\SysWow64\igkrng575.bin -> [2010/06/09 18:12:22 | 000,870,544 | ---- | C] ()

 iglhsip32.dll -> C:\Windows\SysWow64\iglhsip32.dll -> [2010/06/09 18:12:22 | 000,208,896 | ---- | C] ()

 iglhcp32.dll -> C:\Windows\SysWow64\iglhcp32.dll -> [2010/06/09 18:12:22 | 000,143,360 | ---- | C] ()

 igcompkrng575.bin -> C:\Windows\SysWow64\igcompkrng575.bin -> [2010/06/09 18:12:21 | 000,127,896 | ---- | C] ()

 igfcg575m.bin -> C:\Windows\SysWow64\igfcg575m.bin -> [2010/06/09 18:12:21 | 000,051,068 | ---- | C] ()

 LPRES.DLL -> C:\Windows\LPRES.DLL -> [2010/02/09 19:58:12 | 000,012,800 | ---- | C] ()

 hpwmdl26.dat -> C:\Windows\hpwmdl26.dat -> [2009/08/18 04:31:57 | 000,000,370 | ---- | C] ()

 bootstat.dat -> C:\Windows\bootstat.dat -> [2009/07/14 03:38:36 | 000,067,584 | --S- | C] ()

 NOISE.DAT -> C:\Windows\SysWow64\NOISE.DAT -> [2009/07/14 00:35:51 | 000,000,741 | ---- | C] ()

 dssec.dat -> C:\Windows\SysWow64\dssec.dat -> [2009/07/14 00:34:42 | 000,215,943 | ---- | C] ()

 mib.bin -> C:\Windows\mib.bin -> [2009/07/13 22:10:29 | 000,043,131 | ---- | C] ()

 BWContextHandler.dll -> C:\Windows\SysWow64\BWContextHandler.dll -> [2009/07/13 21:42:10 | 000,064,000 | ---- | C] ()

 msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/07/13 19:03:59 | 000,364,544 | ---- | C] ()

 mlang.dat -> C:\Windows\SysWow64\mlang.dat -> [2009/06/10 19:26:10 | 000,673,088 | ---- | C] ()

 

[File - Lop Check]

 Autodesk -> C:\Users\Asafer\AppData\Roaming\Autodesk -> [2011/09/02 10:44:32 | 000,000,000 | ---D | M]

 Babylon -> C:\Users\Asafer\AppData\Roaming\Babylon -> [2011/09/05 10:20:16 | 000,000,000 | ---D | M]

 EurekaLog -> C:\Users\Asafer\AppData\Roaming\EurekaLog -> [2011/10/10 14:26:18 | 000,000,000 | ---D | M]

 SigmaTEK -> C:\Users\Asafer\AppData\Roaming\SigmaTEK -> [2011/08/31 09:17:03 | 000,000,000 | ---D | M]

 TeamViewer -> C:\Users\Asafer\AppData\Roaming\TeamViewer -> [2011/10/07 12:13:24 | 000,000,000 | ---D | M]

 Template -> C:\Users\Asafer\AppData\Roaming\Template -> [2011/08/31 09:22:07 | 000,000,000 | ---D | M]

 Tific -> C:\Users\Asafer\AppData\Roaming\Tific -> [2011/08/31 11:26:32 | 000,000,000 | ---D | M]

 WinBatch -> C:\Users\Asafer\AppData\Roaming\WinBatch -> [2011/09/14 08:59:47 | 000,000,000 | ---D | M]

 PCDRScheduledMaintenance.job -> C:\Windows\Tasks\PCDRScheduledMaintenance.job -> [2011/09/30 11:17:09 | 000,000,544 | ---- | M] ()

 SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2009/07/14 03:08:49 | 000,017,326 | ---- | M] ()

 

[File - Purity Scan]

 

[Custom Scans]

< %ALLUSERSPROFILE%\Menu Iniciar\Programas\Inicializar\*.* >

< %APPDATA%\* >

 wklnhst.dat -> C:\Users\Asafer\AppData\Roaming\wklnhst.dat -> [2011/08/31 09:22:06 | 000,000,000 | ---- | M] ()

< %APPDATA%\*.* >

 wklnhst.dat -> C:\Users\Asafer\AppData\Roaming\wklnhst.dat -> [2011/08/31 09:22:06 | 000,000,000 | ---- | M] ()

< %APPDATA%\Update\*.* >

Invalid Environment Variable: CommonAppData

< %LOCALAPPDATA%\*.* >

 GDIPFONTCACHEV1.DAT -> C:\Users\Asafer\AppData\Local\GDIPFONTCACHEV1.DAT -> [2011/09/02 16:36:43 | 000,151,440 | ---- | M] ()

 IconCache.db -> C:\Users\Asafer\AppData\Local\IconCache.db -> [2011/10/14 18:45:16 | 002,255,208 | -H-- | M] ()

< %PROGRAMFILES(X86)%\Internet Explorer\*.* >

 ExtExport.exe -> C:\Program Files (x86)\Internet Explorer\ExtExport.exe -> [2011/09/12 09:08:56 | 000,022,016 | ---- | M] (Microsoft Corporation)

 ie9props.propdesc -> C:\Program Files (x86)\Internet Explorer\ie9props.propdesc -> [2011/09/12 09:08:56 | 000,002,535 | ---- | M] ()

 iecleanup.exe -> C:\Program Files (x86)\Internet Explorer\iecleanup.exe -> [2011/09/12 09:08:56 | 000,107,008 | ---- | M] (Microsoft Corporation)

 iediagcmd.exe -> C:\Program Files (x86)\Internet Explorer\iediagcmd.exe -> [2011/09/12 09:08:56 | 000,307,200 | ---- | M] ()

 iedvtool.dll -> C:\Program Files (x86)\Internet Explorer\iedvtool.dll -> [2011/09/01 00:30:00 | 000,678,912 | ---- | M] (Microsoft Corporation)

 ieinstal.exe -> C:\Program Files (x86)\Internet Explorer\ieinstal.exe -> [2011/09/12 09:08:55 | 000,466,432 | ---- | M] (Microsoft Corporation)

 ielowutil.exe -> C:\Program Files (x86)\Internet Explorer\ielowutil.exe -> [2011/09/12 09:08:55 | 000,222,720 | ---- | M] (Microsoft Corporation)

 ieproxy.dll -> C:\Program Files (x86)\Internet Explorer\ieproxy.dll -> [2011/09/12 09:08:55 | 000,193,536 | ---- | M] (Microsoft Corporation)

 IEShims.dll -> C:\Program Files (x86)\Internet Explorer\IEShims.dll -> [2011/09/01 00:26:36 | 000,194,048 | ---- | M] (Microsoft Corporation)

 iexplore.exe -> C:\Program Files (x86)\Internet Explorer\iexplore.exe -> [2011/09/12 09:08:56 | 000,748,336 | ---- | M] (Microsoft Corporation)

 jsdbgui.dll -> C:\Program Files (x86)\Internet Explorer\jsdbgui.dll -> [2011/09/12 09:08:56 | 000,386,560 | ---- | M] (Microsoft Corporation)

 jsdebuggeride.dll -> C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll -> [2011/09/12 09:08:55 | 000,104,448 | ---- | M] (Microsoft Corporation)

 JSProfilerCore.dll -> C:\Program Files (x86)\Internet Explorer\JSProfilerCore.dll -> [2011/09/12 09:08:55 | 000,049,664 | ---- | M] (Microsoft Corporation)

 jsprofilerui.dll -> C:\Program Files (x86)\Internet Explorer\jsprofilerui.dll -> [2011/09/12 09:08:56 | 000,149,504 | ---- | M] (Microsoft Corporation)

 msdbg2.dll -> C:\Program Files (x86)\Internet Explorer\msdbg2.dll -> [2009/06/10 19:14:14 | 000,265,720 | ---- | M] (Microsoft Corporation)

 networkinspection.dll -> C:\Program Files (x86)\Internet Explorer\networkinspection.dll -> [2011/09/12 09:08:55 | 000,301,056 | ---- | M] (Microsoft Corporation)

 pdm.dll -> C:\Program Files (x86)\Internet Explorer\pdm.dll -> [2009/06/10 19:14:15 | 000,355,832 | ---- | M] (Microsoft Corporation)

 sqmapi.dll -> C:\Program Files (x86)\Internet Explorer\sqmapi.dll -> [2011/09/01 00:41:10 | 000,141,088 | ---- | M] (Microsoft Corporation)

< %SYSTEMDRIVE%\* >

 BLOBS.TXT -> C:\BLOBS.TXT -> [2010/06/09 17:18:27 | 003,527,651 | ---- | M] ()

 bootmgr -> C:\bootmgr -> [2009/07/13 23:38:58 | 000,383,562 | RHS- | M] ()

 BOOTSECT.BAK -> C:\BOOTSECT.BAK -> [2009/07/24 17:22:29 | 000,008,192 | RHS- | M] ()

 hiberfil.sys -> C:\hiberfil.sys -> [2011/10/17 07:46:31 | 2962,550,784 | -HS- | M] ()

 OS -> C:\OS -> [2010/06/09 19:07:56 | 000,000,000 | RHS- | M] ()

 pagefile.sys -> C:\pagefile.sys -> [2011/10/17 07:46:32 | 3950,067,712 | -HS- | M] ()

< %SYSTEMDRIVE%\*.* >

 BLOBS.TXT -> C:\BLOBS.TXT -> [2010/06/09 17:18:27 | 003,527,651 | ---- | M] ()

 bootmgr -> C:\bootmgr -> [2009/07/13 23:38:58 | 000,383,562 | RHS- | M] ()

 BOOTSECT.BAK -> C:\BOOTSECT.BAK -> [2009/07/24 17:22:29 | 000,008,192 | RHS- | M] ()

 hiberfil.sys -> C:\hiberfil.sys -> [2011/10/17 07:46:31 | 2962,550,784 | -HS- | M] ()

 OS -> C:\OS -> [2010/06/09 19:07:56 | 000,000,000 | RHS- | M] ()

 pagefile.sys -> C:\pagefile.sys -> [2011/10/17 07:46:32 | 3950,067,712 | -HS- | M] ()

< %USERPROFILE%\*.* >

 aapj.properties -> C:\Users\Asafer\aapj.properties -> [2011/09/14 16:44:21 | 000,000,434 | ---- | M] ()

 NTUSER.DAT -> C:\Users\Asafer\NTUSER.DAT -> [2011/10/17 16:43:57 | 001,835,008 | -HS- | M] ()

 ntuser.dat.LOG1 -> C:\Users\Asafer\ntuser.dat.LOG1 -> [2011/10/17 16:43:57 | 000,262,144 | -HS- | M] ()

 ntuser.dat.LOG2 -> C:\Users\Asafer\ntuser.dat.LOG2 -> [2011/08/30 18:17:18 | 000,000,000 | -HS- | M] ()

 NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf -> C:\Users\Asafer\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf -> [2011/08/30 18:49:19 | 000,065,536 | -HS- | M] ()

 NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Asafer\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms -> [2011/08/30 18:49:19 | 000,524,288 | -HS- | M] ()

 NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Asafer\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms -> [2011/08/30 18:49:19 | 000,524,288 | -HS- | M] ()

 ntuser.ini -> C:\Users\Asafer\ntuser.ini -> [2011/08/30 18:17:18 | 000,000,020 | -HS- | M] ()

 

CREATERESTOREPOINT

Restore point Set: OTS Restore Point

 

[Alternate Data Streams]

@Alternate Data Stream - 404 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst

< End of report >


  • 0

#8 wings

wings
  • Masters
  • 3.592 posts

Postado 17 outubro 2011 - 17:48

1.
*Execute o OTS
*Selecione, copie e cole o código no espaço abaixo de Paste Fix Here:

[Unregister Dlls]
[Registry - Safe List]
< HOSTS File > ([2011/10/17 08:34:21 | 000,000,698 | ---- | M] - 20 lines) -> C:\Windows\SysNative\Drivers\etc\hosts
YN -> Reset Hosts ->
[Files/Folders - Created Within 30 Days]
NY -> LinhaDefensiva -> C:\LinhaDefensiva
[Alternate Data Streams]
NY -> @Alternate Data Stream - 404 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst
[Empty Temp Folders]
[Reboot]

*Clique [Run Fix] e o PC será reiniciado
*Cole o relatório apresentado

2.
*Faça um scan online com o NOD32

Imagem postada

*Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log

Informe se resolveu.
  • 0

#9 leandro aislan

leandro aislan
  • Membros
  • 137 posts

Postado 18 outubro 2011 - 08:46

Bom dia

Segue os log´s

Obrigado


All Processes Killed
[Registry - Safe List]
HOSTS file reset successfully!
[Files/Folders - Created Within 30 Days]
C:\LinhaDefensiva\rotinas\remocao folder moved successfully.
C:\LinhaDefensiva\rotinas folder moved successfully.
C:\LinhaDefensiva\relatorios folder moved successfully.
C:\LinhaDefensiva\reflist folder moved successfully.
C:\LinhaDefensiva\QUA\Pastas folder moved successfully.
C:\LinhaDefensiva\QUA\Arquivos folder moved successfully.
C:\LinhaDefensiva\QUA folder moved successfully.
C:\LinhaDefensiva\lang\vb folder moved successfully.
C:\LinhaDefensiva\lang\init folder moved successfully.
C:\LinhaDefensiva\lang\bat folder moved successfully.
C:\LinhaDefensiva\lang folder moved successfully.
C:\LinhaDefensiva\func folder moved successfully.
C:\LinhaDefensiva\exec folder moved successfully.
C:\LinhaDefensiva\credits folder moved successfully.
C:\LinhaDefensiva folder moved successfully.
[Alternate Data Streams]
ADS C:\Windows\SysWow64\drivers:GbpKmAp.lst deleted successfully.
[Empty Temp Folders]


User: All Users

User: Asafer
->Temp folder emptied: 5678125 bytes
->Temporary Internet Files folder emptied: 203435494 bytes
->Java cache emptied: 262659 bytes
->FireFox cache emptied: 38139761 bytes
->Flash cache emptied: 1556 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Todos os Usuários

User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3996232 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50521 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 240,00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.46.0 fix logfile created on 10182011_074941

Files\Folders moved on Reboot...
C:\Users\Asafer\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YB24YMRK\forum-super[1].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YB24YMRK\mail[2].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YB24YMRK\mail[3].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X86XFPQZ\ads[11].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X86XFPQZ\like[1].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X86XFPQZ\like[2].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X86XFPQZ\like[3].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X86XFPQZ\like[4].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X86XFPQZ\like[5].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X86XFPQZ\like[6].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X86XFPQZ\like[7].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X86XFPQZ\like[8].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X86XFPQZ\like[9].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WY67WL1C\bind[1].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WY67WL1C\fastbutton[1].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WY67WL1C\fastbutton[2].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WY67WL1C\fastbutton[3].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WY67WL1C\fastbutton[4].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WY67WL1C\fastbutton[5].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WY67WL1C\imasters_com_br[1].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WY67WL1C\login_status[5].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WY67WL1C\si[2].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RLNDG92R\forum-botao[1].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RLNDG92R\tweet_button[1].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWM83C5A\adsCAI1Y1K3.htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWM83C5A\fastbutton[1].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWM83C5A\fastbutton[2].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWM83C5A\fastbutton[3].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWM83C5A\forum-botao[1].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWM83C5A\like[1].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I604MIAH\mail[1].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I604MIAH\SmartAd[1].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ABSFVO33\446972-analise-de-log[1].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ABSFVO33\viewtopic[1].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ABIJJPN\ads[11].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ABIJJPN\forum-super[1].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ABIJJPN\infolab[1].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ABIJJPN\mail[1].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ABIJJPN\portal[1].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ABIJJPN\SmartAd[1].htm moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...


------------------------------------------------------------------------------------------------------------------------------
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=12
  • 0

#10 wings

wings
  • Masters
  • 3.592 posts

Postado 18 outubro 2011 - 13:31

Informe como está o PC.

*Execute o arquivo c:\Arquivos de programas\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
  • 0

#11 leandro aislan

leandro aislan
  • Membros
  • 137 posts

Postado 18 outubro 2011 - 20:56

Boa noite,

Hoje entrei em contato com a gerente do meu banco e pedi uma nova senha.
Até agora entrou normalmente, sem problema aparente.
Neste logs apresentou algum problema???
Uma dúvida, estou para comprar um anti virus, você me aconselha algum???
Amanha cedo vou entrar novamente e quero ver se não vai mais bloquear minha senha.
Obrigad até o momento....
  • 0

#12 wings

wings
  • Masters
  • 3.592 posts

Postado 18 outubro 2011 - 21:04

1.
*Execute o OTS, clique [CleanUp] > [Yes]
*O PC será reiniciado

Nada de grande importância.


Se for pagar um antivírus, recomendo o GData ou o Kaspersky.

Se desejas free, recomendo Avira ou Avast.


Um abraço.
  • 0

#13 wings

wings
  • Masters
  • 3.592 posts

Postado 18 outubro 2011 - 23:14

PROBLEMA RESOLVIDO

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
  • 0




Publicidade

/ins>