[Resolvido] &nbspAnálise de log

Olá leandro aislan

Explique melhor...

Qual a dificuldade?

Qual o banco?

Qual o seu navegador?

Opa beleza, então

Não sei não consigo entrar, quando liguei no suporte tecnico falaram que poderia ser virus apenas....

Banco do brasil,

Quando entro com minha senha e login dá que os dados não conferem.

Internet Explorer 9

Por isso gostaria de uma a~´alise em meu log.

Obrigado.

1.

*Baixe o Bankerfix e salve-o no desktop

*Execute-o, clique [OK] > [sIM] (se pedir alguma atualização) > [OK] > [ENTER]

*Ao finalizar, tecle [ENTER]

*Cole o relatório C:\LinhaDefensiva\relatorio.txt

2.

*Abra o Malwarebytes, clique [Atualização] > [baixar Atualizações]

*Na aba [Verificação], selecione Verificação completa

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

Conforme solicitado segue....

BankerFix 3.1 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2011-10-17 - 15:12

-------------------------------------------------------

Lista de Definição: 2011-08-28-1 | CORE: 2010-12-28-6

=======================================================

----- Fim -------------------------

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Versão da Base de Dados: 7944

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

17/10/2011 16:03:58

mbam-log-2011-10-17 (16-03-58).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)

Objetos escaneados: 364789

Tempo decorrido: 48 minuto(s), 33 segundo(s)

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 0

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

Arquivos Infectados:

(Não foram detectados ítens maliciosos)

1.

*Delete o Bankerfix e a pasta C:\LinhaDefensiva

2.

*Baixe o OTS e salve-o no desktop

*Execute-o e selecione as opções:

Scan All Users

Company Name

Skip Microsoft

*Em Additional Scans selecione:

Reg - NetSvcs

File - Lop Check

File - Purity Scan

*Selecione, copie, e cole o código no espaço abaixo de Custom Scans:

**%ALLUSERSPROFILE%\Menu Iniciar\Programas\Inicializar\*.***

%APPDATA%\*

**%APPDATA%\*.***

**%APPDATA%\Update\*.***

**%CommonAppData%\*.***

**%LOCALAPPDATA%\*.***

**%PROGRAMFILES(X86)%\Internet Explorer\*.***

%SYSTEMDRIVE%\*

**%SYSTEMDRIVE%\*.***

**%USERPROFILE%\*.***

CREATERESTOREPOINT

*Clique [Run Scan]

*Cole o relatório apresentado

Caso o relatório fique demasiadamente grande...

*Acesse este link

*Selecione 4 jours

*Clique [Enviar arquivo]

*Localize o arquivo OTS.txt no desktop

*Clique [Abrir] > [Créer le lien Cjoint]

*Cole o endereço criado

OTS logfile created on: 17/10/2011 16:39:54 - Run 1
OTS by OldTimer - Version 3.1.46.0 Folder = C:\Users\Asafer\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 28,00% Memory free
7,00 Gb Paging File | 4,00 Gb Available in Paging File | 57,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921,62 Gb Total Space | 873,19 Gb Free Space | 94,75% Space Free | Partition Type: NTFS
Drive D: | 9,80 Gb Total Space | 1,19 Gb Free Space | 12,14% Space Free | Partition Type: NTFS
Drive E: | 625,07 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ASAFER-HP
Current User Name: Asafer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days

[Processes - Safe List]
hasplms.exe -> -> File not found
ots.exe -> C:\Users\Asafer\Downloads\OTS.exe -> [2011/10/17 16:36:29 | 000,646,144 | ---- | M] (OldTimer Tools)
flashutil10x_activex.exe -> C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_ActiveX.exe -> [2011/10/03 08:53:18 | 000,243,360 | ---- | M] (Adobe Systems, Inc.)
mbamgui.exe -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe -> [2011/08/31 18:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation)
mbamservice.exe -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -> [2011/08/31 18:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation)
teamviewer_service.exe -> C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -> [2011/08/30 14:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH)
plusservice.exe -> C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe -> [2011/08/14 11:27:01 | 000,800,768 | ---- | M] (Yuna Software)
gbpsv.exe -> C:\PROGRA~2\GbPlugin\GbpSv.exe -> [2011/08/08 12:23:18 | 000,208,672 | ---- | M] ( )
ccsvchst.exe -> C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe -> [2011/08/04 02:18:43 | 000,126,400 | R--- | M] (Symantec Corporation)
hpdrvmntsvc.exe -> C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -> [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company)
smartmenu.exe -> C:\Arquivos de Programas\Hewlett-Packard\HP MediaSmart\SmartMenu.exe -> [2010/01/18 11:21:08 | 000,568,888 | ---- | M] ()
iastordatamgrsvc.exe -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -> [2010/01/15 13:41:30 | 000,013,336 | ---- | M] (Intel Corporation)
iastoricon.exe -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe -> [2010/01/15 13:41:28 | 000,284,696 | ---- | M] (Intel Corporation)
hpsysdrv.exe -> C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe -> [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard)
agent.exe -> C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe -> [2005/08/11 17:30:30 | 000,618,496 | ---- | M] (Macrovision Corporation)

[Modules - No Company Name]
system.runtime.remoting.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll -> [2011/10/14 08:56:51 | 000,771,584 | ---- | M] ()
system.windows.forms.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll -> [2011/10/14 08:56:32 | 012,433,408 | ---- | M] ()
system.drawing.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll -> [2011/10/14 08:56:27 | 001,587,200 | ---- | M] ()
windowsbase.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll -> [2011/10/14 08:56:18 | 003,347,968 | ---- | M] ()
system.xml.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll -> [2011/10/14 08:56:14 | 005,453,312 | ---- | M] ()
system.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll -> [2011/10/14 08:56:11 | 007,963,648 | ---- | M] ()
system.configuration.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll -> [2011/10/14 08:56:11 | 000,971,264 | ---- | M] ()
mscorlib.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll -> [2011/10/14 08:56:07 | 011,490,304 | ---- | M] ()
detour32.dll -> C:\Program Files (x86)\Yuna Software\Messenger Plus!\Detour32.dll -> [2011/08/09 11:57:46 | 000,004,096 | ---- | M] ()
office.odf -> C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf -> [2011/03/17 01:11:16 | 004,297,568 | ---- | M] ()
lame_enc.dll -> C:\Program Files (x86)\Yuna Software\Messenger Plus!\lame_enc.dll -> [2011/03/02 12:11:33 | 000,390,656 | ---- | M] ()
libsndfile.dll -> C:\Program Files (x86)\Yuna Software\Messenger Plus!\libsndfile.dll -> [2011/03/02 12:11:22 | 000,370,688 | ---- | M] ()
mscorlib.resources.dll -> C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll -> [2010/11/12 22:33:11 | 000,303,104 | ---- | M] ()
smartmenu.exe -> C:\Arquivos de Programas\Hewlett-Packard\HP MediaSmart\SmartMenu.exe -> [2010/01/18 11:21:08 | 000,568,888 | ---- | M] ()

[Win32 Services - Safe List]
64bit-(FLEXnet Licensing Service 64) [On_Demand | Running] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -> [2011/09/01 09:35:56 | 001,436,424 | ---- | M] (Acresso Software Inc.)
64bit-(hasplms) [Auto | Running] -> C:\Windows\SysNative\hasplms.exe -> [2010/09/27 17:42:04 | 004,180,576 | ---- | M] (SafeNet Inc.)
(MBAMService) MBAMService [Auto | Running] -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -> [2011/08/31 18:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation)
(KMService) KMService [Auto | Stopped] -> C:\Windows\SysWOW64\srvany.exe -> [2011/08/31 10:57:53 | 000,008,192 | ---- | M] ()
(TeamViewer6) TeamViewer 6 [Auto | Running] -> C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -> [2011/08/30 14:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH)
(GbpSv) Gbp Service [unknown | Running] -> C:\PROGRA~2\GbPlugin\GbpSv.exe -> [2011/08/08 12:23:18 | 000,208,672 | ---- | M] ( )
(NIS) Norton Internet Security [unknown | Running] -> C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe -> [2011/08/04 02:18:43 | 000,126,400 | R--- | M] (Symantec Corporation)
(HP Support Assistant Service) HP Support Assistant Service [Auto | Running] -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -> [2011/06/21 16:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company)
(HPDrvMntSvc.exe) HP Quick Synchronization Service [Auto | Running] -> C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -> [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company)
(HPSLPSVC) HP Network Devices Support [Auto | Running] -> C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -> [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.)
(clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)
(IAStorDataMgrSvc) Intel(R) Rapid Storage Technology [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -> [2010/01/15 13:41:30 | 000,013,336 | ---- | M] (Intel Corporation)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 19:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
64bit-(MBAMProtector) MBAMProtector [File_System | On_Demand | Running] -> C:\Windows\SysNative\drivers\mbam.sys -> [2011/08/31 18:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation)
64bit-(SymEvent) SymEvent [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -> [2011/08/31 11:10:47 | 000,173,104 | ---- | M] (Symantec Corporation)
64bit-(SYMTDIv) Symantec Vista Network Dispatch Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NISx64\1109000.00C\symtdiv.sys -> [2011/08/22 00:53:36 | 000,451,704 | ---- | M] (Symantec Corporation)
64bit-(SymEFA) Symantec Extended File Attributes [File_System | Boot | Running] -> C:\Windows\SysNative\drivers\NISx64\1109000.00C\symefa64.sys -> [2011/08/22 00:53:35 | 000,221,304 | ---- | M] (Symantec Corporation)
64bit-(ccHP) Symantec Hash Provider [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NISx64\1109000.00C\cchpx64.sys -> [2011/08/04 02:19:26 | 000,593,544 | ---- | M] (Symantec Corporation)
64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2011/03/11 04:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices)
64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2011/03/11 04:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices)
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2010/11/20 11:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company)
64bit-(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbFlt.sys -> [2010/11/20 09:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation)
64bit-(akshasp) SafeNet Inc. HASP Key [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\akshasp.sys -> [2010/09/27 17:42:04 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.)
64bit-(aksusb) SafeNet Inc. USB Key [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\aksusb.sys -> [2010/09/27 17:42:00 | 000,025,344 | ---- | M] (Aladdin Knowledge Systems Ltd.)
64bit-(akshhl) SafeNet Inc. Sentinel HASP Key [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\akshhl.sys -> [2010/09/27 17:41:58 | 000,056,960 | ---- | M] (Aladdin Knowledge Systems Ltd.)
64bit-(SymIM) Symantec Network Security Intermediate Filter Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\SymIMV.sys -> [2010/05/06 02:01:44 | 000,053,808 | R--- | M] (Symantec Corporation)
64bit-(SymIRON) Symantec Iron Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NISx64\1109000.00C\ironx64.sys -> [2010/04/29 03:03:51 | 000,150,064 | ---- | M] (Symantec Corporation)
64bit-(SRTSP) Symantec Real Time Storage Protection x64 [File_System | On_Demand | Running] -> C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtsp64.sys -> [2010/04/22 00:29:51 | 000,505,392 | ---- | M] (Symantec Corporation)
64bit-(SRTSPX) Symantec Real Time Storage Protection (PEL) x64 [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtspx64.sys -> [2010/04/22 00:29:51 | 000,032,304 | ---- | M] (Symantec Corporation)
64bit-(RTL8167) Realtek 8167 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Rt64win7.sys -> [2010/03/04 12:43:00 | 000,346,144 | ---- | M] (Realtek )
64bit-(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iaStor.sys -> [2010/01/15 18:22:08 | 000,538,136 | ---- | M] (Intel Corporation)
64bit-(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\igdkmd64.sys -> [2010/01/08 02:32:22 | 007,841,568 | ---- | M] (Intel Corporation)
64bit-(Impcd) Impcd [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\Impcd.sys -> [2009/10/26 02:39:42 | 000,151,936 | ---- | M] (Intel Corporation)
64bit-(HECIx64) Intel(R) Management Engine Interface [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\HECIx64.sys -> [2009/09/17 18:54:54 | 000,056,344 | ---- | M] (Intel Corporation)
64bit-(SymDS) Symantec Data Store [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\NISx64\1109000.00C\symds64.sys -> [2009/08/29 22:17:18 | 000,433,200 | R--- | M] (Symantec Corporation)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 23:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 23:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 23:45:55 | 000,024,656 | ---- | M] (Promise Technology)
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 18:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 18:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 18:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 18:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
64bit-(hardlock) hardlock [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\hardlock.sys -> [2007/08/06 15:32:42 | 000,314,880 | ---- | M] (Aladdin Knowledge Systems Ltd.)
64bit-(aksdf) aksdf [Kernel | Auto | Stopped] -> C:\Windows\SysNative\drivers\aksdf.sys -> [2007/08/06 15:32:42 | 000,066,432 | ---- | M] (Aladdin Knowledge Systems Ltd.)
64bit-(aksfridge) Sentinel HASP Fridge [Kernel | Auto | Stopped] -> C:\Windows\SysNative\drivers\aksfridge.sys -> [2007/05/28 10:05:04 | 000,121,088 | ---- | M] (Aladdin Knowledge Systems Ltd.)
(BHDrvx64) BHDrvx64 [Kernel | System | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110929.001\BHDrvx64.sys -> [2011/09/29 19:35:09 | 001,152,632 | ---- | M] (Symantec Corporation)
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20111017.003\EX64.SYS -> [2011/08/31 11:19:27 | 002,048,632 | ---- | M] (Symantec Corporation)
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -> [2011/08/31 11:19:27 | 000,481,912 | ---- | M] (Symantec Corporation)
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2011/08/31 11:19:27 | 000,136,824 | ---- | M] (Symantec Corporation)
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20111017.003\ENG64.SYS -> [2011/08/31 11:19:27 | 000,117,880 | ---- | M] (Symantec Corporation)
(IDSVia64) IDSVia64 [Kernel | System | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20111014.031\IDSviA64.sys -> [2011/08/30 14:19:26 | 000,488,568 | ---- | M] (Symantec Corporation)
(GbpKm) Gbp KernelMode [Kernel | Boot | Stopped] -> C:\Windows\system32\drivers\gbpkm.sys -> [2011/08/08 12:23:42 | 000,044,064 | ---- | M] (GAS Tecnologia)
(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\wimmount.sys -> [2009/07/13 23:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation)

[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://g.msn.com/HPCON/3 ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://g.msn.com/HPCON/3 ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://g.msn.com/HPCON/3 ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://g.msn.com/HPCON/3 ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\] > -> ->
HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\: Main\\"Default_Page_URL" -> http://g.msn.com/HPCON/3 ->
HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\: Main\\"Start Page" -> http://g.msn.com/HPCON/3 ->
HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\: "ProxyEnable" -> 0 ->
< FireFox Settings [Prefs.js] > -> C:\Users\Asafer\AppData\Roaming\Mozilla\FireFox\Profiles\5r2g6265.default\prefs.js ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB} -> C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN\ [C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN\] -> [2011/09/02 08:44:11 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com -> C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3 [C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3] -> [2011/08/31 12:14:19 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6 [C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN_2010_9_0_6] -> [2011/10/17 07:46:59 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 6.0.2\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2011/09/30 14:52:00 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS ->
< FireFox Extensions [user Folders] > ->
-> C:\Users\Asafer\AppData\Roaming\mozilla\Extensions -> [2011/08/31 11:07:43 | 000,000,000 | ---D | M]
-> C:\Users\Asafer\AppData\Roaming\mozilla\Firefox\Profiles\5r2g6265.default\extensions -> [2011/09/05 10:20:23 | 000,000,000 | ---D | M]
-> C:\Users\Asafer\AppData\Roaming\mozilla\Firefox\Profiles\5r2g6265.default\extensions\ffxtlbr@babylon.com -> [2011/09/05 10:20:24 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [user Folders] > ->
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files (x86)\mozilla firefox\extensions -> [2011/09/02 09:52:21 | 000,000,000 | ---D | M]
Java Console -> C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} -> [2011/09/02 09:52:22 | 000,000,000 | ---D | M]
Norton IPS -> C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN -> [2011/09/02 08:44:11 | 000,000,000 | ---D | M]
Babylon -> C:\USERS\ASAFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5R2G6265.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM -> [2011/09/05 10:20:24 | 000,000,000 | ---D | M]
< FireFox Components [Program Folders] > ->
FFHst.dll -> C:\USERS\ASAFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5R2G6265.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM\components\FFHst.dll -> [2011/08/02 13:05:52 | 000,474,112 | ---- | M] (Babylon Ltd.)
< HOSTS File > ([2011/10/17 08:34:21 | 000,000,698 | ---- | M] - 20 lines) -> C:\Windows\SysNative\Drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL [Groove GFS Browser Helper] -> [2011/06/12 12:43:26 | 006,721,936 | ---- | M] (Microsoft Corporation)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live ID Sign-in Helper] -> [2011/03/28 22:14:36 | 000,529,280 | ---- | M] (Microsoft Corp.)
{B4F3A835-0E21-4959-BA22-42B3008E02FF} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL [Office Document Cache Handler] -> [2010/12/21 04:49:28 | 000,689,040 | ---- | M] (Microsoft Corporation)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll [symantec NCO BHO] -> [2011/07/13 17:05:28 | 000,419,768 | R--- | M] (Symantec Corporation)
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKLM] -> C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL [symantec Intrusion Prevention] -> [2010/05/13 23:41:20 | 000,079,224 | R--- | M] (Symantec Corporation)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [Groove GFS Browser Helper] -> [2011/06/12 12:15:00 | 004,221,328 | ---- | M] (Microsoft Corporation)
{B4F3A835-0E21-4959-BA22-42B3008E02FF} [HKLM] -> C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [Office Document Cache Handler] -> [2010/12/21 02:05:22 | 000,561,552 | ---- | M] (Microsoft Corporation)
{C41A1C0E-EA6C-11D4-B1B8-444553540000} [HKLM] -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [GbIehObj Class] -> [2011/09/15 10:25:56 | 001,719,584 | ---- | M] (Banco do Brasil)
{C41A1C0E-EA6C-11D4-B1B8-444553540003} [HKLM] -> C:\Program Files (x86)\GbPlugin\gbiehCef.dll [GbIehObj Class] -> [2011/04/18 16:12:24 | 000,496,072 | ---- | M] (Caixa Economica Federal)
{C41A1C0E-EA6C-11D4-B1B8-444553540008} [HKLM] -> C:\PROGRA~2\GbPlugin\gbiehuni.dll [GbIehObj Class] -> [2011/04/26 11:38:10 | 000,505,336 | ---- | M] (Banco Unibanco)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll [Norton Toolbar] -> [2011/07/13 17:05:28 | 000,419,768 | R--- | M] (Symantec Corporation)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\] > -> HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll [Norton Toolbar] -> [2011/07/13 17:05:28 | 000,419,768 | R--- | M] (Symantec Corporation)
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"HotKeysCmds" -> C:\Windows\SysNative\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> [2010/02/01 04:06:58 | 000,390,680 | ---- | M] (Intel Corporation)
"hpsysdrv" -> c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe] -> [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard)
"IgfxTray" -> C:\Windows\SysNative\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> [2010/01/08 02:42:52 | 000,166,424 | ---- | M] (Intel Corporation)
"Persistence" -> C:\Windows\SysNative\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> [2010/02/01 04:07:18 | 000,410,136 | ---- | M] (Intel Corporation)
"SmartMenu" -> C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background] -> [2010/01/18 11:21:08 | 000,568,888 | ---- | M] ()
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"IAStorIcon" -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe] -> [2010/01/15 13:41:28 | 000,284,696 | ---- | M] (Intel Corporation)
"Malwarebytes' Anti-Malware" -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe ["C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray] -> [2011/08/31 18:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation)
"PlusService" -> C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe [C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe] -> [2011/08/14 11:27:01 | 000,800,768 | ---- | M] (Yuna Software)
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2010/11/20 10:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation)
< RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"mctadmin" -> [C:\Windows\System32\mctadmin.exe] -> File not found
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2010/11/20 10:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation)
< RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"mctadmin" -> [C:\Windows\System32\mctadmin.exe] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" -> [1] -> File not found
\\"NoActiveDesktopChanges" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" -> [5] -> File not found
\\"ConsentPromptBehaviorUser" -> [3] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000] > -> HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
< 64bit-Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\] > -> HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Enviar para o OneNote -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll [res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105] -> [2010/12/21 07:00:08 | 000,804,752 | ---- | M] (Microsoft Corporation)
E&xportar para o Microsoft Excel -> C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE [res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000] -> [2011/07/20 16:42:26 | 028,252,000 | ---- | M] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\] > -> HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Enviar para o OneNote -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll [res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105] -> [2010/12/21 07:00:08 | 000,804,752 | ---- | M] (Microsoft Corporation)
E&xportar para o Microsoft Excel -> C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE [res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000] -> [2011/07/20 16:42:26 | 028,252,000 | ---- | M] (Microsoft Corporation)
< 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll [button: Enviar para o OneNote] -> [2010/12/21 07:00:08 | 000,804,752 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll [Menu: &Enviar para o OneNote] -> [2010/12/21 07:00:08 | 000,804,752 | ---- | M] (Microsoft Corporation)
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [button: &Anotações Vinculadas do OneNote] -> [2010/12/21 07:00:08 | 000,595,344 | ---- | M] (Microsoft Corporation)
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [Menu: &Anotações Vinculadas do OneNote] -> [2010/12/21 07:00:08 | 000,595,344 | ---- | M] (Microsoft Corporation)
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\] > -> HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. ->
www_bb.com.br [*] -> Sites confiáveis ->
caixa.gov.br .[https] -> Sites confiáveis ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\] > -> HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< 64bit-Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->

{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab [Java Plug-in 1.6.0_27] ->
{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab [Java Plug-in 1.6.0_27] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab [Reg Error: Key error.] ->

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->

{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab [Java Plug-in 1.6.0_26] ->
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab [Java Plug-in 1.6.0_26] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab [Java Plug-in 1.6.0_26] ->

{E37CB5F0-51F5-4395-A808-5FA49E399008} [HKLM] -> https://clickbanking.itau.com.br/itau/gbplugin/gbplugin2/cab/GbPluginUni.cab [GbPluginObj Class] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.1.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{776A8908-6E25-4400-A29E-2D924479921A}\\DhcpNameServer -> 192.168.1.1 (Realtek PCIe GBE Family Controller) ->
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
64bit-Shell -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\explorer.exe -> [2011/02/25 04:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
MultiFile Done -> ->
64bit-UserInit -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\Windows\system32\userinit.exe -> C:\Windows\SysNative\userinit.exe -> [2010/11/20 11:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation)
MultiFile Done -> ->
64bit-VMApplet -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 23:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
/pagefile -> -> File not found
MultiFile Done -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
Shell -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2011/02/25 03:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
MultiFile Done -> ->
UserInit -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
userinit.exe -> C:\Windows\SysWow64\userinit.exe -> [2010/11/20 10:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation)
MultiFile Done -> ->
VMApplet -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
/pagefile -> -> File not found
MultiFile Done -> ->
< Winlogon settings [HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000] > -> HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
Shell -> HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2011/02/25 03:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
MultiFile Done -> ->
< 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> C:\Windows\SysNative\igfxdev.dll -> [2010/01/08 01:40:48 | 000,268,800 | ---- | M] (Intel Corporation)
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
GbPluginBb -> C:\Program Files (x86)\GbPlugin\gbieh.dll -> [2011/09/15 10:25:56 | 001,719,584 | ---- | M] (Banco do Brasil)
GbPluginCef -> C:\Program Files (x86)\GbPlugin\gbiehCef.dll -> [2011/04/18 16:12:24 | 000,496,072 | ---- | M] (Caixa Economica Federal)
GbPluginUni -> C:\PROGRA~2\GbPlugin\gbiehUni.dll -> [2011/04/26 11:38:10 | 000,505,336 | ---- | M] (Banco Unibanco)
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< 64bit-ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL [Groove GFS Stub Execution Hook] -> [2011/06/12 12:43:26 | 006,721,936 | ---- | M] (Microsoft Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [Groove GFS Stub Execution Hook] -> [2011/06/12 12:15:00 | 004,221,328 | ---- | M] (Microsoft Corporation)
"{E37CB5F0-51F5-4395-A808-5FA49E399003}" [HKLM] -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [GbPlugin ShlObj] -> [2011/04/18 16:12:24 | 000,496,072 | ---- | M] (Caixa Economica Federal)
"{E37CB5F0-51F5-4395-A808-5FA49E399008}" [HKLM] -> C:\PROGRA~2\GbPlugin\gbiehuni.dll [GbPlugin ShlObj] -> [2011/04/26 11:38:10 | 000,505,336 | ---- | M] (Banco Unibanco)
"{E37CB5F0-51F5-4395-A808-5FA49E399F83}" [HKLM] -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [GbPlugin ShlObj] -> [2011/09/15 10:25:56 | 001,719,584 | ---- | M] (Banco do Brasil)
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{082C5AE0-F68F-4313-B688-5D1C86CF3100} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{19FBE748-01B1-4149-A64B-127A8AF44A0A} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28511 | app=system |
{22A3F79C-222E-48E1-998F-C97E68742468} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28519 | app=system |
{26908B7E-9CE1-4D7C-A448-FC3488A71A33} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{2EA4D0B8-1279-4B18-9194-3D8D841D8BFC} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{38B15D58-86AB-47DA-BC2D-A8926BFCF751} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28523 | app=system |
{3DC091EF-E34F-4766-A77B-F13AD15BA358} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28539 | svc=rpcss |
{469BFD29-78B7-45E4-9260-86F2C6FE92CC} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live communications platform (ssdp) |
{4ADA5B1C-39E3-4FF5-8FEB-EC6C554F0128} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave |
{4E5E3B2B-E887-4194-9F2A-AD79BA82C477} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31289 | app=system |
{50AF90D7-027C-4F90-8866-A80406F68D87} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{76CA40E6-93BE-4725-9E26-3670424FF7DE} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{8BE7DE48-9231-42BD-9D12-8262D0F81D68} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28531 | app=system |
{8F63362F-8043-4141-B5F4-CC1935A82DA3} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31277 | app=system |
{97FDB00A-747A-4EFA-8E73-8066B7E12E50} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28507 | app=system |
{A5CFA393-F6CA-4A55-8E15-7C575413B856} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv |
{ADDFD491-BE76-4CD3-B5A6-2D094178D57D} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live communications platform (upnp) |
{BB60EDD0-F1F8-4D27-B63C-ACBE983A2FC5} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28515 | app=system |
{BDFE101C-876E-479F-B180-897685201D1B} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28527 | app=system |
{C0ED538E-9640-4274-A105-1CA784EAE396} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{D3AD57F8-92D2-4330-AB64-00F55428F5C6} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler |
{D570B8F3-67E5-43EE-B21E-72F5AA3B6A17} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31285 | app=system |
{E243D7CD-0470-40B6-99CC-A7A850AA0C08} -> lport=6004 | profile=private | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files\microsoft office\office14\outlook.exe |
{E8F946BC-D39B-403D-8299-9C82C4B2E49A} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv |
{EBE8DC26-A963-42D1-835E-D8764E7E2D3F} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28503 | app=system |
{F66FDB9D-0543-4ECD-8C96-590B5E954D17} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave |
{FA6D6D8C-E2F9-467F-AF9E-AE54FA9EDFEA} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave |
{FF038BF5-027C-489A-8E90-F7C41172547B} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave |
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{01A0F993-45A4-4DD3-A40C-6DDD754383DA} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31297 | app=%programfiles%\windows media player\wmplayer.exe |
{02F28A51-D936-457B-B465-02DE17F76996} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31309 | app=%programfiles%\windows media player\wmpnetwk.exe |
{0386D796-DDD0-44DE-AA73-E3763EA0076D} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{03ECFCE7-FAD8-408C-830F-04AFF5709753} -> dir=in | action=allow | name=hp mediasmart dvd | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
{0AB3EC94-3BF9-4BCC-BE1D-B69B53383858} -> dir=in | action=allow | name=hpwucli.exe | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
{10145F78-2840-4835-A633-69F70C50B124} -> dir=in | action=allow | name=hpfccopy.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
{1942A3F1-C8AA-478D-B4F0-4918C203CFD3} -> dir=in | action=allow | name=smartwebprintexe.exe | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
{1EE21006-A87F-4966-91E9-9B5B86780893} -> dir=in | action=allow | name=hpqkygrp.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
{253A0411-6E77-479A-9613-23940AA0DD8C} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31293 | app=%programfiles%\windows media player\wmplayer.exe |
{34BC452F-A2A2-466D-A2C8-7109F0832870} -> dir=in | action=allow | name=hposfx08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
{3C464747-D756-4FC4-A146-1CEE36236A5E} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft onenote | app=c:\program files\microsoft office\office14\onenote.exe |
{3F5D4BCE-6174-4B45-A365-F7F878FDADC2} -> profile=private | protocol=58 | dir=out | action=allow | name=@firewallapi.dll,-28546 |
{447B8F8C-DCDC-48E1-8801-9C6DBB1B95B7} -> profile=private | protocol=6 | dir=in | action=allow | name=teamviewer remote control application | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
{45253CA5-CC13-47AD-9D4E-50F7C30D859B} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31003 | app=%programfiles%\windows media player\wmplayer.exe |
{48FFA551-7889-441B-A953-4FCCD1F3027F} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{49CA76F3-2BB1-4145-8D3E-F0E673E6373A} -> dir=in | action=allow | name=hpiscnapp.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
{552BFBE6-5801-4A01-9AB8-A67126D60C5A} -> dir=in | action=allow | name=hpqgpc01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
{5F27214C-8071-423E-81CC-26146E6A6727} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31011 | app=%programfiles%\windows media player\wmplayer.exe |
{5F795B23-BF85-429B-BDC8-9F7B579BBEAB} -> dir=in | action=allow | name=hpqtra08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
{62D9D371-5F14-4BD5-B6A8-C227432A1EA3} -> profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31313 | app=%programfiles%\windows media player\wmpnetwk.exe |
{63F50964-4EA5-4A55-95F9-20515EBB2919} -> dir=in | action=allow | name=hpqfxt08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
{68D7E8CD-DDED-423F-95DE-3F4DCD8790DE} -> dir=in | action=allow | name=hposid01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
{68F697DC-2B9D-48B6-867C-30204E74A6EE} -> dir=in | action=allow | name=hpofxs08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
{69ABBE0A-C979-4D15-AA66-E3F705AB8D66} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{73A62146-8A39-4BDE-89E0-8C7153246429} -> profile=private | protocol=58 | dir=in | action=allow | name=@firewallapi.dll,-28545 |
{75E9138F-7571-4EC2-AE12-F98B69385AC4} -> dir=in | action=allow | name=hpqste08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
{795CCB61-93C9-4950-863C-F2FE2FA4A259} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost |
{857D112F-D818-46F6-93D8-29689C95F1E7} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft onenote | app=c:\program files\microsoft office\office14\onenote.exe |
{88D582D4-1D92-4308-8F18-AB382741911B} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{8EA11726-31BD-4BC5-81E3-ED8DF31DE772} -> dir=in | action=allow | name=hpzwiz01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
{94F863F1-4836-4596-83EC-024D5CD5AC9F} -> dir=in | action=allow | name=hpqusgh.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
{9797B766-0AD2-4B5A-96C1-5A485BDF3AC9} -> dir=in | action=allow | name=windows live sync | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
{A21A6A14-1738-49AB-9015-F084F33FCB8B} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31281 | app=system |
{A41F9503-4E46-4F05-8E69-6CDAC0150621} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31007 | app=%programfiles%\windows media player\wmplayer.exe |
{A7D504E3-B9B7-43D3-B34B-BAB41DAADE1E} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31317 | app=%programfiles%\windows media player\wmpnetwk.exe |
{A9E170EB-6E3E-4476-BBFD-5666295CC518} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe |
{AC28D269-2C3D-489C-9EE5-015565EFFBEB} -> profile=private | protocol=1 | dir=in | action=allow | name=@firewallapi.dll,-28543 |
{B1F3768F-C37D-4AB6-9C15-8A4E12A07A04} -> dir=in | action=allow | name=windows live communications platform | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
{B29935FE-8BC7-4156-AB3F-F452680C4B9F} -> profile=private | protocol=17 | dir=in | action=allow | name=teamviewer remote control service | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
{B3A1BCDD-6414-4BF9-BC86-0341F507A181} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31301 | app=%programfiles%\windows media player\wmplayer.exe |
{B5141E6C-3DF6-4E5F-885D-C5608180352C} -> profile=private | protocol=17 | dir=in | action=allow | name=teamviewer remote control application | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
{BE4F893D-458B-4125-AAF8-8F2B73261EF9} -> dir=in | action=allow | name=hpqusgm.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
{C175CC87-22D0-44FB-BC2D-0A13141A89C4} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31305 | app=%programfiles%\windows media player\wmpnetwk.exe |
{C212BCDF-5972-4C60-99A5-E031C79BB530} -> dir=in | action=allow | name=hpofxm08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
{E46B62C9-3978-4450-A80F-30DE152F6AA0} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft sharepoint workspace | app=c:\program files\microsoft office\office14\groove.exe |
{E4B3CEE8-1C58-46EA-8EB6-0E163627FE00} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft sharepoint workspace | app=c:\program files\microsoft office\office14\groove.exe |
{E8EF2847-ADB0-4EAB-A29F-CBFB44D77A7E} -> profile=private | protocol=6 | dir=in | action=allow | name=teamviewer remote control service | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
{ECA5D405-869C-4E1D-87AF-4113A3F02D65} -> dir=in | action=allow | name=hpoews01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
{F105B450-CE0B-4BB5-87DF-313C7403CB6A} -> profile=private | protocol=1 | dir=out | action=allow | name=@firewallapi.dll,-28544 |
{F3718402-7542-44E4-B9E6-74101903A419} -> dir=in | action=allow | name=hpqgplgtupl.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
{F82C6CD2-D2BB-4CDD-B7F8-00BB55DEE279} -> dir=in | action=allow | name=hp touchsmart music | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> Driver de CD-ROM ->
"ImagePath" -> [\SystemRoot\system32\drivers\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
E:\autorun.inf [[autorun] | open=setup.exe | icon=setup.exe | ] -> E:\autorun.inf [ CDFS ] -> [2008/09/03 09:57:20 | 000,000,043 | R--- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{efcfc746-d343-11e0-b7ce-806e6f6e6963}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efcfc746-d343-11e0-b7ce-806e6f6e6963}\shell
\{efcfc746-d343-11e0-b7ce-806e6f6e6963}\shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efcfc746-d343-11e0-b7ce-806e6f6e6963}\shell\AutoRun\command
\{efcfc746-d343-11e0-b7ce-806e6f6e6963}\shell\AutoRun\command\\"" -> E:\setup.exe [E:\setup.exe] -> [2004/10/21 20:38:02 | 000,126,976 | R--- | M] (Macrovision Corporation)
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
64bit-comfile [open] -> "%1" %*
64bit-exefile [open] -> "%1" %*
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->

[Registry - Additional Scans - Safe List]

[Files/Folders - Created Within 30 Days]
LinhaDefensiva -> C:\LinhaDefensiva -> [2011/10/17 08:33:41 | 000,000,000 | ---D | C]
{3978F0C4-252D-41AF-AF3C-D43D71120394} -> C:\Users\Asafer\AppData\Local\{3978F0C4-252D-41AF-AF3C-D43D71120394} -> [2011/10/17 07:49:38 | 000,000,000 | ---D | C]
{BCC61691-9BD7-43E5-BFBD-8E5FC0FF5D00} -> C:\Users\Asafer\AppData\Local\{BCC61691-9BD7-43E5-BFBD-8E5FC0FF5D00} -> [2011/10/17 07:49:18 | 000,000,000 | ---D | C]
{470637DC-C2B1-4020-AA3E-D2B02EA03A74} -> C:\Users\Asafer\AppData\Local\{470637DC-C2B1-4020-AA3E-D2B02EA03A74} -> [2011/10/14 08:58:15 | 000,000,000 | ---D | C]
{CDCF1FF1-198E-47AE-B742-D8F5D285FC7F} -> C:\Users\Asafer\AppData\Local\{CDCF1FF1-198E-47AE-B742-D8F5D285FC7F} -> [2011/10/14 08:58:01 | 000,000,000 | ---D | C]
{1F0431B7-74C9-4D1A-920B-9B425D4F3406} -> C:\Users\Asafer\AppData\Local\{1F0431B7-74C9-4D1A-920B-9B425D4F3406} -> [2011/10/13 08:43:16 | 000,000,000 | ---D | C]
{E118C3A5-3BC6-4355-A095-F9379872855F} -> C:\Users\Asafer\AppData\Local\{E118C3A5-3BC6-4355-A095-F9379872855F} -> [2011/10/13 08:43:06 | 000,000,000 | ---D | C]
{A794AE43-FB11-4BF4-A534-3BC7112B5222} -> C:\Users\Asafer\AppData\Local\{A794AE43-FB11-4BF4-A534-3BC7112B5222} -> [2011/10/11 08:58:38 | 000,000,000 | ---D | C]
{AA13F719-9694-47E7-8E5E-B33B538B0050} -> C:\Users\Asafer\AppData\Local\{AA13F719-9694-47E7-8E5E-B33B538B0050} -> [2011/10/11 08:58:28 | 000,000,000 | ---D | C]
{C2FB6AE7-73E9-4C83-86B3-F828EC41E293} -> C:\Users\Asafer\AppData\Local\{C2FB6AE7-73E9-4C83-86B3-F828EC41E293} -> [2011/10/10 09:02:06 | 000,000,000 | ---D | C]
{9A8A6B28-37FC-4BA0-8D6B-76B1C984A9CC} -> C:\Users\Asafer\AppData\Local\{9A8A6B28-37FC-4BA0-8D6B-76B1C984A9CC} -> [2011/10/10 09:01:56 | 000,000,000 | ---D | C]
SymIMV.sys -> C:\Windows\SysNative\drivers\SymIMV.sys -> [2011/10/07 15:39:44 | 000,053,808 | R--- | C] (Symantec Corporation)
{CBCF4C5C-18E1-49CB-A487-013FD29D0BE0} -> C:\Users\Asafer\AppData\Local\{CBCF4C5C-18E1-49CB-A487-013FD29D0BE0} -> [2011/10/07 08:46:06 | 000,000,000 | ---D | C]
{86DD5E7C-2E1D-4D37-B416-8121E74A541D} -> C:\Users\Asafer\AppData\Local\{86DD5E7C-2E1D-4D37-B416-8121E74A541D} -> [2011/10/07 08:45:55 | 000,000,000 | ---D | C]
Google Earth -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth -> [2011/10/06 18:35:43 | 000,000,000 | ---D | C]
{FDDC129C-1B27-4419-82EA-F48C057A553F} -> C:\Users\Asafer\AppData\Local\{FDDC129C-1B27-4419-82EA-F48C057A553F} -> [2011/10/06 08:50:50 | 000,000,000 | ---D | C]
{3A12D778-555E-4CE2-BC3A-6E475D7A6D3B} -> C:\Users\Asafer\AppData\Local\{3A12D778-555E-4CE2-BC3A-6E475D7A6D3B} -> [2011/10/06 08:50:40 | 000,000,000 | ---D | C]
CyberLink -> C:\Users\Asafer\AppData\Roaming\CyberLink -> [2011/10/05 12:23:52 | 000,000,000 | ---D | C]
{6D89930D-C8B4-45CF-8E2D-91CB07ED7D99} -> C:\Users\Asafer\AppData\Local\{6D89930D-C8B4-45CF-8E2D-91CB07ED7D99} -> [2011/10/05 08:42:40 | 000,000,000 | ---D | C]
{FC72EA9B-DFEC-41EB-B8F3-FBE20F57FB78} -> C:\Users\Asafer\AppData\Local\{FC72EA9B-DFEC-41EB-B8F3-FBE20F57FB78} -> [2011/10/05 08:42:27 | 000,000,000 | ---D | C]
{E7EE81FD-E9B8-42F1-BB6B-B933C411E46A} -> C:\Users\Asafer\AppData\Local\{E7EE81FD-E9B8-42F1-BB6B-B933C411E46A} -> [2011/10/04 08:38:20 | 000,000,000 | ---D | C]
{C2C9DFD1-854D-4752-AF75-0098AFFBCC51} -> C:\Users\Asafer\AppData\Local\{C2C9DFD1-854D-4752-AF75-0098AFFBCC51} -> [2011/10/04 08:38:09 | 000,000,000 | ---D | C]
{9EB0184A-2293-4AD9-AB4A-440A7C224EB2} -> C:\Users\Asafer\AppData\Local\{9EB0184A-2293-4AD9-AB4A-440A7C224EB2} -> [2011/10/03 08:53:23 | 000,000,000 | ---D | C]
{DAEE7FB1-372D-4E51-9932-D1EDCA1633C4} -> C:\Users\Asafer\AppData\Local\{DAEE7FB1-372D-4E51-9932-D1EDCA1633C4} -> [2011/10/03 08:53:13 | 000,000,000 | ---D | C]
Google -> C:\Program Files (x86)\Google -> [2011/09/30 14:24:04 | 000,000,000 | ---D | C]
Google -> C:\Users\Asafer\AppData\Local\Google -> [2011/09/30 14:23:57 | 000,000,000 | ---D | C]
{B5937021-1307-4991-BFDB-1AD7FBD6AFC9} -> C:\Users\Asafer\AppData\Local\{B5937021-1307-4991-BFDB-1AD7FBD6AFC9} -> [2011/09/30 08:50:00 | 000,000,000 | ---D | C]
{D6FD73FE-9F3E-4EC1-9137-BC3F1D1479A2} -> C:\Users\Asafer\AppData\Local\{D6FD73FE-9F3E-4EC1-9137-BC3F1D1479A2} -> [2011/09/30 08:49:49 | 000,000,000 | ---D | C]
{6E8099EB-3C2D-4C82-8ACE-14B27857FF5D} -> C:\Users\Asafer\AppData\Local\{6E8099EB-3C2D-4C82-8ACE-14B27857FF5D} -> [2011/09/29 08:40:54 | 000,000,000 | ---D | C]
{427F2C0D-4F59-4511-B673-6A90B9542655} -> C:\Users\Asafer\AppData\Local\{427F2C0D-4F59-4511-B673-6A90B9542655} -> [2011/09/29 08:40:44 | 000,000,000 | ---D | C]
{A40A6761-F046-4C7B-B4EA-D718E46ADF5F} -> C:\Users\Asafer\AppData\Local\{A40A6761-F046-4C7B-B4EA-D718E46ADF5F} -> [2011/09/28 20:40:31 | 000,000,000 | ---D | C]
{1E76E2D8-065D-4037-A386-7DE4333F1C7E} -> C:\Users\Asafer\AppData\Local\{1E76E2D8-065D-4037-A386-7DE4333F1C7E} -> [2011/09/28 20:40:21 | 000,000,000 | ---D | C]
{895FC1D7-EA58-49F5-9C26-F02E3E5E6F4C} -> C:\Users\Asafer\AppData\Local\{895FC1D7-EA58-49F5-9C26-F02E3E5E6F4C} -> [2011/09/28 08:40:08 | 000,000,000 | ---D | C]
{A7E33AD1-1CDD-493D-9A53-6EAB2A8C7378} -> C:\Users\Asafer\AppData\Local\{A7E33AD1-1CDD-493D-9A53-6EAB2A8C7378} -> [2011/09/28 08:39:57 | 000,000,000 | ---D | C]
{B04AAD00-70C7-4E97-A929-B25F70D85B02} -> C:\Users\Asafer\AppData\Local\{B04AAD00-70C7-4E97-A929-B25F70D85B02} -> [2011/09/27 10:23:25 | 000,000,000 | ---D | C]
{86BD3007-4B76-4BD8-8030-01647BBD65AF} -> C:\Users\Asafer\AppData\Local\{86BD3007-4B76-4BD8-8030-01647BBD65AF} -> [2011/09/27 10:23:14 | 000,000,000 | ---D | C]
{18E64EF8-5620-4B0E-8946-B0070D55284A} -> C:\Users\Asafer\AppData\Local\{18E64EF8-5620-4B0E-8946-B0070D55284A} -> [2011/09/26 08:47:00 | 000,000,000 | ---D | C]
{02BBE3F7-5AD0-47A9-86E2-5394FA5796CB} -> C:\Users\Asafer\AppData\Local\{02BBE3F7-5AD0-47A9-86E2-5394FA5796CB} -> [2011/09/26 08:46:35 | 000,000,000 | ---D | C]
Fatalyzer -> C:\Program Files (x86)\Fatalyzer -> [2011/09/23 16:21:42 | 000,000,000 | ---D | C]
{DEC779A0-02D0-4838-9696-42A1E4955367} -> C:\Users\Asafer\AppData\Local\{DEC779A0-02D0-4838-9696-42A1E4955367} -> [2011/09/23 10:48:15 | 000,000,000 | ---D | C]
{93B5E325-9DAA-4176-94B1-8E88457BD27C} -> C:\Users\Asafer\AppData\Local\{93B5E325-9DAA-4176-94B1-8E88457BD27C} -> [2011/09/23 10:48:04 | 000,000,000 | ---D | C]
{21E2D4B0-E751-41FB-88E7-A1A60F60A595} -> C:\Users\Asafer\AppData\Local\{21E2D4B0-E751-41FB-88E7-A1A60F60A595} -> [2011/09/23 10:10:35 | 000,000,000 | ---D | C]
{6C18F5BF-24C2-413D-9A07-68DC34E927BD} -> C:\Users\Asafer\AppData\Local\{6C18F5BF-24C2-413D-9A07-68DC34E927BD} -> [2011/09/23 09:00:42 | 000,000,000 | ---D | C]
{50C68694-B776-431F-8D27-9B065F7C3007} -> C:\Users\Asafer\AppData\Local\{50C68694-B776-431F-8D27-9B065F7C3007} -> [2011/09/23 08:43:22 | 000,000,000 | ---D | C]
Microsoft Games -> C:\Users\Asafer\AppData\Local\Microsoft Games -> [2011/09/22 15:24:55 | 000,000,000 | ---D | C]
Arquivos -> C:\Users\Asafer\Desktop\Arquivos -> [2011/09/22 10:53:36 | 000,000,000 | R--D | C]
{26091D14-F7C6-49A5-A6A1-747D79F6C342} -> C:\Users\Asafer\AppData\Local\{26091D14-F7C6-49A5-A6A1-747D79F6C342} -> [2011/09/22 08:33:25 | 000,000,000 | ---D | C]
{36CAD7A4-CCD0-47EF-97D1-3A0B4D8E2DB2} -> C:\Users\Asafer\AppData\Local\{36CAD7A4-CCD0-47EF-97D1-3A0B4D8E2DB2} -> [2011/09/22 08:33:14 | 000,000,000 | ---D | C]
{F3EDDD4D-A629-40F6-BE23-520E5F58E5E3} -> C:\Users\Asafer\AppData\Local\{F3EDDD4D-A629-40F6-BE23-520E5F58E5E3} -> [2011/09/21 08:43:20 | 000,000,000 | ---D | C]
{D371C016-AF30-4609-BE61-BB0CB0B45E96} -> C:\Users\Asafer\AppData\Local\{D371C016-AF30-4609-BE61-BB0CB0B45E96} -> [2011/09/21 08:43:08 | 000,000,000 | ---D | C]
Malwarebytes -> C:\Users\Asafer\AppData\Roaming\Malwarebytes -> [2011/09/20 08:56:59 | 000,000,000 | ---D | C]
Malwarebytes' Anti-Malware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2011/09/20 08:55:35 | 000,000,000 | ---D | C]
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2011/09/20 08:55:34 | 000,000,000 | ---D | C]
mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2011/09/20 08:55:31 | 000,025,416 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2011/09/20 08:55:31 | 000,000,000 | ---D | C]
{ACDCC761-5320-4A07-93CB-DA248F20540A} -> C:\Users\Asafer\AppData\Local\{ACDCC761-5320-4A07-93CB-DA248F20540A} -> [2011/09/20 08:35:46 | 000,000,000 | ---D | C]
{C9BCAE34-1815-46BA-B6B6-BBFCA92D9409} -> C:\Users\Asafer\AppData\Local\{C9BCAE34-1815-46BA-B6B6-BBFCA92D9409} -> [2011/09/20 08:35:33 | 000,000,000 | ---D | C]
Meus arquivos recebidos -> C:\Users\Asafer\Documents\Meus arquivos recebidos -> [2011/09/19 09:37:12 | 000,000,000 | ---D | C]
{EA0B8A84-C688-4F8F-A2F5-487A1729D970} -> C:\Users\Asafer\AppData\Local\{EA0B8A84-C688-4F8F-A2F5-487A1729D970} -> [2011/09/19 08:42:44 | 000,000,000 | ---D | C]
{A4506285-64D1-4235-B673-8CF14117291C} -> C:\Users\Asafer\AppData\Local\{A4506285-64D1-4235-B673-8CF14117291C} -> [2011/09/19 08:42:33 | 000,000,000 | ---D | C]
Implode.dll -> C:\Windows\SysWow64\Implode.dll -> [2011/09/16 10:00:18 | 000,018,944 | ---- | C] ( )
Zipdll.dll -> C:\Windows\SysWow64\Zipdll.dll -> [2011/09/05 11:41:23 | 000,099,840 | ---- | C] ( )
Unzdll.dll -> C:\Windows\SysWow64\Unzdll.dll -> [2011/09/05 11:41:23 | 000,094,208 | ---- | C] ( )

[Files/Folders - Modified Within 30 Days]
GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2011/10/17 16:34:01 | 000,001,068 | ---- | M] ()
206476_203575283009293_100000704682409_642699_1260483_n.jpg -> C:\Users\Asafer\Desktop\206476_203575283009293_100000704682409_642699_1260483_n.jpg -> [2011/10/17 14:03:14 | 000,101,289 | ---- | M] ()
218183_203573959676092_100000704682409_642694_7225002_n.jpg -> C:\Users\Asafer\Desktop\218183_203573959676092_100000704682409_642694_7225002_n.jpg -> [2011/10/17 14:03:14 | 000,088,321 | ---- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2011/10/17 13:34:00 | 000,001,064 | ---- | M] ()
Drawing1.dwl2 -> C:\Users\Asafer\Documents\Drawing1.dwl2 -> [2011/10/17 11:51:24 | 000,000,214 | -H-- | M] ()
Drawing1.dwl -> C:\Users\Asafer\Documents\Drawing1.dwl -> [2011/10/17 11:51:24 | 000,000,064 | -H-- | M] ()
Default.rdp -> C:\Users\Asafer\Documents\Default.rdp -> [2011/10/17 11:40:00 | 000,002,016 | -H-- | M] ()
Cat.DB -> C:\Windows\SysNative\drivers\NISx64\1109000.00C\Cat.DB -> [2011/10/17 09:26:16 | 001,689,848 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/10/17 07:58:30 | 000,015,792 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/10/17 07:58:30 | 000,015,792 | -H-- | M] ()
PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2011/10/17 07:53:03 | 001,654,760 | ---- | M] ()
prfh0416.dat -> C:\Windows\SysNative\prfh0416.dat -> [2011/10/17 07:53:03 | 000,715,524 | ---- | M] ()
perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2011/10/17 07:53:03 | 000,662,518 | ---- | M] ()
prfc0416.dat -> C:\Windows\SysNative\prfc0416.dat -> [2011/10/17 07:53:03 | 000,146,702 | ---- | M] ()
perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2011/10/17 07:53:03 | 000,123,772 | ---- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2011/10/17 07:46:38 | 000,067,584 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2011/10/17 07:46:31 | 2962,550,784 | -HS- | M] ()
FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2011/10/14 08:52:06 | 000,516,448 | ---- | M] ()
Norton Internet Security.lnk -> C:\Users\Public\Desktop\Norton Internet Security.lnk -> [2011/10/14 08:46:03 | 000,002,491 | ---- | M] ()
HPCeeScheduleForAsafer.job -> C:\Windows\tasks\HPCeeScheduleForAsafer.job -> [2011/10/14 08:45:57 | 000,000,336 | ---- | M] ()
I.R.I.S. Resource Center.lnk -> C:\Users\Asafer\Desktop\I.R.I.S. Resource Center.lnk -> [2011/10/13 16:24:02 | 000,001,256 | ---- | M] ()
IMG_4841.JPG -> C:\Users\Asafer\Desktop\IMG_4841.JPG -> [2011/10/11 09:19:22 | 004,906,973 | ---- | M] ()
ACRILICO - BRAHMA COUNTRY.dwg -> C:\Users\Asafer\Desktop\ACRILICO - BRAHMA COUNTRY.dwg -> [2011/10/10 10:56:12 | 000,017,033 | ---- | M] ()
Boleto_14362680000010489-0.pdf -> C:\Users\Asafer\Desktop\Boleto_14362680000010489-0.pdf -> [2011/10/07 18:29:31 | 000,049,656 | ---- | M] ()
111003_DISCO+DISPERSOR+MAIOR.dxf -> C:\Users\Asafer\Desktop\111003_DISCO+DISPERSOR+MAIOR.dxf -> [2011/10/04 10:40:41 | 000,161,491 | ---- | M] ()
111003_DISCO+DISPERSOR+MAIOR.dwg -> C:\Users\Asafer\Desktop\111003_DISCO+DISPERSOR+MAIOR.dwg -> [2011/10/04 10:38:04 | 000,056,783 | ---- | M] ()
CCleaner.lnk -> C:\Users\Public\Desktop\CCleaner.lnk -> [2011/10/04 09:35:59 | 000,000,824 | ---- | M] ()
PCDRScheduledMaintenance.job -> C:\Windows\tasks\PCDRScheduledMaintenance.job -> [2011/09/30 11:17:09 | 000,000,544 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/09/20 08:55:36 | 000,001,115 | ---- | M] ()
isolate.ini -> C:\Windows\SysNative\drivers\NISx64\1109000.00C\isolate.ini -> [2011/09/19 20:59:44 | 000,000,172 | ---- | M] ()
cc_20110919_090828.reg -> C:\Users\Asafer\Documents\cc_20110919_090828.reg -> [2011/09/19 10:08:32 | 000,022,372 | ---- | M] ()

[Files - No Company Name]
206476_203575283009293_100000704682409_642699_1260483_n.jpg -> C:\Users\Asafer\Desktop\206476_203575283009293_100000704682409_642699_1260483_n.jpg -> [2011/10/17 14:03:33 | 000,101,289 | ---- | C] ()
218183_203573959676092_100000704682409_642694_7225002_n.jpg -> C:\Users\Asafer\Desktop\218183_203573959676092_100000704682409_642694_7225002_n.jpg -> [2011/10/17 14:03:25 | 000,088,321 | ---- | C] ()
Drawing1.dwl2 -> C:\Users\Asafer\Documents\Drawing1.dwl2 -> [2011/10/17 11:51:24 | 000,000,214 | -H-- | C] ()
Drawing1.dwl -> C:\Users\Asafer\Documents\Drawing1.dwl -> [2011/10/17 11:51:24 | 000,000,064 | -H-- | C] ()
Norton Internet Security.lnk -> C:\Users\Public\Desktop\Norton Internet Security.lnk -> [2011/10/14 08:46:03 | 000,002,491 | ---- | C] ()
I.R.I.S. Resource Center.lnk -> C:\Users\Asafer\Desktop\I.R.I.S. Resource Center.lnk -> [2011/10/13 16:24:02 | 000,001,256 | ---- | C] ()
IMG_4841.JPG -> C:\Users\Asafer\Desktop\IMG_4841.JPG -> [2011/10/11 08:59:22 | 004,906,973 | ---- | C] ()
ACRILICO - BRAHMA COUNTRY.dwg -> C:\Users\Asafer\Desktop\ACRILICO - BRAHMA COUNTRY.dwg -> [2011/10/10 10:56:10 | 000,017,033 | ---- | C] ()
Boleto_14362680000010489-0.pdf -> C:\Users\Asafer\Desktop\Boleto_14362680000010489-0.pdf -> [2011/10/07 18:29:31 | 000,049,656 | ---- | C] ()
111003_DISCO+DISPERSOR+MAIOR.dxf -> C:\Users\Asafer\Desktop\111003_DISCO+DISPERSOR+MAIOR.dxf -> [2011/10/04 10:40:41 | 000,161,491 | ---- | C] ()
111003_DISCO+DISPERSOR+MAIOR.dwg -> C:\Users\Asafer\Desktop\111003_DISCO+DISPERSOR+MAIOR.dwg -> [2011/10/04 10:38:04 | 000,056,783 | ---- | C] ()
GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2011/09/30 14:24:08 | 000,001,068 | ---- | C] ()
GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2011/09/30 14:24:07 | 000,001,064 | ---- | C] ()
Fatalyzer.LNK -> C:\Users\Asafer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fatalyzer.LNK -> [2011/09/23 16:21:42 | 000,001,075 | ---- | C] ()
HPCeeScheduleForAsafer.job -> C:\Windows\tasks\HPCeeScheduleForAsafer.job -> [2011/09/22 18:25:34 | 000,000,336 | ---- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/09/20 08:55:36 | 000,001,115 | ---- | C] ()
cc_20110919_090828.reg -> C:\Users\Asafer\Documents\cc_20110919_090828.reg -> [2011/09/19 10:08:31 | 000,022,372 | ---- | C] ()
Co2c40en.dll -> C:\Windows\SysWow64\Co2c40en.dll -> [2011/09/16 10:00:17 | 000,748,160 | ---- | C] ()
hpwins26.dat.temp -> C:\Windows\hpwins26.dat.temp -> [2011/08/31 12:13:30 | 000,223,041 | ---- | C] ()
hpwmdl26.dat.temp -> C:\Windows\hpwmdl26.dat.temp -> [2011/08/31 12:13:30 | 000,000,370 | ---- | C] ()
hpwins26.dat -> C:\Windows\hpwins26.dat -> [2011/08/31 11:46:32 | 000,223,200 | ---- | C] ()
srvany.exe -> C:\Windows\SysWow64\srvany.exe -> [2011/08/31 10:58:32 | 000,008,192 | ---- | C] ()
wklnhst.dat -> C:\Users\Asafer\AppData\Roaming\wklnhst.dat -> [2011/08/31 09:22:06 | 000,000,000 | ---- | C] ()
PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2011/08/31 08:54:35 | 001,515,172 | ---- | C] ()
igkrng575.bin -> C:\Windows\SysWow64\igkrng575.bin -> [2010/06/09 18:12:22 | 000,870,544 | ---- | C] ()
iglhsip32.dll -> C:\Windows\SysWow64\iglhsip32.dll -> [2010/06/09 18:12:22 | 000,208,896 | ---- | C] ()
iglhcp32.dll -> C:\Windows\SysWow64\iglhcp32.dll -> [2010/06/09 18:12:22 | 000,143,360 | ---- | C] ()
igcompkrng575.bin -> C:\Windows\SysWow64\igcompkrng575.bin -> [2010/06/09 18:12:21 | 000,127,896 | ---- | C] ()
igfcg575m.bin -> C:\Windows\SysWow64\igfcg575m.bin -> [2010/06/09 18:12:21 | 000,051,068 | ---- | C] ()
LPRES.DLL -> C:\Windows\LPRES.DLL -> [2010/02/09 19:58:12 | 000,012,800 | ---- | C] ()
hpwmdl26.dat -> C:\Windows\hpwmdl26.dat -> [2009/08/18 04:31:57 | 000,000,370 | ---- | C] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2009/07/14 03:38:36 | 000,067,584 | --S- | C] ()
NOISE.DAT -> C:\Windows\SysWow64\NOISE.DAT -> [2009/07/14 00:35:51 | 000,000,741 | ---- | C] ()
dssec.dat -> C:\Windows\SysWow64\dssec.dat -> [2009/07/14 00:34:42 | 000,215,943 | ---- | C] ()
mib.bin -> C:\Windows\mib.bin -> [2009/07/13 22:10:29 | 000,043,131 | ---- | C] ()
BWContextHandler.dll -> C:\Windows\SysWow64\BWContextHandler.dll -> [2009/07/13 21:42:10 | 000,064,000 | ---- | C] ()
msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/07/13 19:03:59 | 000,364,544 | ---- | C] ()
mlang.dat -> C:\Windows\SysWow64\mlang.dat -> [2009/06/10 19:26:10 | 000,673,088 | ---- | C] ()

[File - Lop Check]
Autodesk -> C:\Users\Asafer\AppData\Roaming\Autodesk -> [2011/09/02 10:44:32 | 000,000,000 | ---D | M]
Babylon -> C:\Users\Asafer\AppData\Roaming\Babylon -> [2011/09/05 10:20:16 | 000,000,000 | ---D | M]
EurekaLog -> C:\Users\Asafer\AppData\Roaming\EurekaLog -> [2011/10/10 14:26:18 | 000,000,000 | ---D | M]
SigmaTEK -> C:\Users\Asafer\AppData\Roaming\SigmaTEK -> [2011/08/31 09:17:03 | 000,000,000 | ---D | M]
TeamViewer -> C:\Users\Asafer\AppData\Roaming\TeamViewer -> [2011/10/07 12:13:24 | 000,000,000 | ---D | M]
Template -> C:\Users\Asafer\AppData\Roaming\Template -> [2011/08/31 09:22:07 | 000,000,000 | ---D | M]
Tific -> C:\Users\Asafer\AppData\Roaming\Tific -> [2011/08/31 11:26:32 | 000,000,000 | ---D | M]
WinBatch -> C:\Users\Asafer\AppData\Roaming\WinBatch -> [2011/09/14 08:59:47 | 000,000,000 | ---D | M]
PCDRScheduledMaintenance.job -> C:\Windows\Tasks\PCDRScheduledMaintenance.job -> [2011/09/30 11:17:09 | 000,000,544 | ---- | M] ()
SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2009/07/14 03:08:49 | 000,017,326 | ---- | M] ()

[File - Purity Scan]

[Custom Scans]
< %ALLUSERSPROFILE%\Menu Iniciar\Programas\Inicializar\. >
< %APPDATA%\* >
wklnhst.dat -> C:\Users\Asafer\AppData\Roaming\wklnhst.dat -> [2011/08/31 09:22:06 | 000,000,000 | ---- | M] ()
< %APPDATA%\. >
wklnhst.dat -> C:\Users\Asafer\AppData\Roaming\wklnhst.dat -> [2011/08/31 09:22:06 | 000,000,000 | ---- | M] ()
< %APPDATA%\Update\. >
Invalid Environment Variable: CommonAppData
< %LOCALAPPDATA%\. >
GDIPFONTCACHEV1.DAT -> C:\Users\Asafer\AppData\Local\GDIPFONTCACHEV1.DAT -> [2011/09/02 16:36:43 | 000,151,440 | ---- | M] ()
IconCache.db -> C:\Users\Asafer\AppData\Local\IconCache.db -> [2011/10/14 18:45:16 | 002,255,208 | -H-- | M] ()
< %PROGRAMFILES(X86)%\Internet Explorer\. >
ExtExport.exe -> C:\Program Files (x86)\Internet Explorer\ExtExport.exe -> [2011/09/12 09:08:56 | 000,022,016 | ---- | M] (Microsoft Corporation)
ie9props.propdesc -> C:\Program Files (x86)\Internet Explorer\ie9props.propdesc -> [2011/09/12 09:08:56 | 000,002,535 | ---- | M] ()
iecleanup.exe -> C:\Program Files (x86)\Internet Explorer\iecleanup.exe -> [2011/09/12 09:08:56 | 000,107,008 | ---- | M] (Microsoft Corporation)
iediagcmd.exe -> C:\Program Files (x86)\Internet Explorer\iediagcmd.exe -> [2011/09/12 09:08:56 | 000,307,200 | ---- | M] ()
iedvtool.dll -> C:\Program Files (x86)\Internet Explorer\iedvtool.dll -> [2011/09/01 00:30:00 | 000,678,912 | ---- | M] (Microsoft Corporation)
ieinstal.exe -> C:\Program Files (x86)\Internet Explorer\ieinstal.exe -> [2011/09/12 09:08:55 | 000,466,432 | ---- | M] (Microsoft Corporation)
ielowutil.exe -> C:\Program Files (x86)\Internet Explorer\ielowutil.exe -> [2011/09/12 09:08:55 | 000,222,720 | ---- | M] (Microsoft Corporation)
ieproxy.dll -> C:\Program Files (x86)\Internet Explorer\ieproxy.dll -> [2011/09/12 09:08:55 | 000,193,536 | ---- | M] (Microsoft Corporation)
IEShims.dll -> C:\Program Files (x86)\Internet Explorer\IEShims.dll -> [2011/09/01 00:26:36 | 000,194,048 | ---- | M] (Microsoft Corporation)
iexplore.exe -> C:\Program Files (x86)\Internet Explorer\iexplore.exe -> [2011/09/12 09:08:56 | 000,748,336 | ---- | M] (Microsoft Corporation)
jsdbgui.dll -> C:\Program Files (x86)\Internet Explorer\jsdbgui.dll -> [2011/09/12 09:08:56 | 000,386,560 | ---- | M] (Microsoft Corporation)
jsdebuggeride.dll -> C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll -> [2011/09/12 09:08:55 | 000,104,448 | ---- | M] (Microsoft Corporation)
JSProfilerCore.dll -> C:\Program Files (x86)\Internet Explorer\JSProfilerCore.dll -> [2011/09/12 09:08:55 | 000,049,664 | ---- | M] (Microsoft Corporation)
jsprofilerui.dll -> C:\Program Files (x86)\Internet Explorer\jsprofilerui.dll -> [2011/09/12 09:08:56 | 000,149,504 | ---- | M] (Microsoft Corporation)
msdbg2.dll -> C:\Program Files (x86)\Internet Explorer\msdbg2.dll -> [2009/06/10 19:14:14 | 000,265,720 | ---- | M] (Microsoft Corporation)
networkinspection.dll -> C:\Program Files (x86)\Internet Explorer\networkinspection.dll -> [2011/09/12 09:08:55 | 000,301,056 | ---- | M] (Microsoft Corporation)
pdm.dll -> C:\Program Files (x86)\Internet Explorer\pdm.dll -> [2009/06/10 19:14:15 | 000,355,832 | ---- | M] (Microsoft Corporation)
sqmapi.dll -> C:\Program Files (x86)\Internet Explorer\sqmapi.dll -> [2011/09/01 00:41:10 | 000,141,088 | ---- | M] (Microsoft Corporation)
< %SYSTEMDRIVE%\* >
BLOBS.TXT -> C:\BLOBS.TXT -> [2010/06/09 17:18:27 | 003,527,651 | ---- | M] ()
bootmgr -> C:\bootmgr -> [2009/07/13 23:38:58 | 000,383,562 | RHS- | M] ()
BOOTSECT.BAK -> C:\BOOTSECT.BAK -> [2009/07/24 17:22:29 | 000,008,192 | RHS- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2011/10/17 07:46:31 | 2962,550,784 | -HS- | M] ()
OS -> C:\OS -> [2010/06/09 19:07:56 | 000,000,000 | RHS- | M] ()
pagefile.sys -> C:\pagefile.sys -> [2011/10/17 07:46:32 | 3950,067,712 | -HS- | M] ()
< %SYSTEMDRIVE%\. >
BLOBS.TXT -> C:\BLOBS.TXT -> [2010/06/09 17:18:27 | 003,527,651 | ---- | M] ()
bootmgr -> C:\bootmgr -> [2009/07/13 23:38:58 | 000,383,562 | RHS- | M] ()
BOOTSECT.BAK -> C:\BOOTSECT.BAK -> [2009/07/24 17:22:29 | 000,008,192 | RHS- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2011/10/17 07:46:31 | 2962,550,784 | -HS- | M] ()
OS -> C:\OS -> [2010/06/09 19:07:56 | 000,000,000 | RHS- | M] ()
pagefile.sys -> C:\pagefile.sys -> [2011/10/17 07:46:32 | 3950,067,712 | -HS- | M] ()
< %USERPROFILE%\. >
aapj.properties -> C:\Users\Asafer\aapj.properties -> [2011/09/14 16:44:21 | 000,000,434 | ---- | M] ()
NTUSER.DAT -> C:\Users\Asafer\NTUSER.DAT -> [2011/10/17 16:43:57 | 001,835,008 | -HS- | M] ()
ntuser.dat.LOG1 -> C:\Users\Asafer\ntuser.dat.LOG1 -> [2011/10/17 16:43:57 | 000,262,144 | -HS- | M] ()
ntuser.dat.LOG2 -> C:\Users\Asafer\ntuser.dat.LOG2 -> [2011/08/30 18:17:18 | 000,000,000 | -HS- | M] ()
NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf -> C:\Users\Asafer\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf -> [2011/08/30 18:49:19 | 000,065,536 | -HS- | M] ()
NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Asafer\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms -> [2011/08/30 18:49:19 | 000,524,288 | -HS- | M] ()
NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Asafer\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms -> [2011/08/30 18:49:19 | 000,524,288 | -HS- | M] ()
ntuser.ini -> C:\Users\Asafer\ntuser.ini -> [2011/08/30 18:17:18 | 000,000,020 | -HS- | M] ()

CREATERESTOREPOINT
Restore point Set: OTS Restore Point

[Alternate Data Streams]
@Alternate Data Stream - 404 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst
< End of report >

1.

*Execute o OTS

*Selecione, copie e cole o código no espaço abaixo de Paste Fix Here:

[unregister Dlls]

[Registry - Safe List]

< HOSTS File > ([2011/10/17 08:34:21 | 000,000,698 | ---- | M] - 20 lines) -> C:\Windows\SysNative\Drivers\etc\hosts

YN -> Reset Hosts ->

[Files/Folders - Created Within 30 Days]

NY -> LinhaDefensiva -> C:\LinhaDefensiva

[Alternate Data Streams]

NY -> @Alternate Data Stream - 404 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst

[Empty Temp Folders]

[Reboot]

*Clique [Run Fix] e o PC será reiniciado

*Cole o relatório apresentado

2.

*Faça um scan online com o NOD32

/applications/core/interface/imageproxy/imageproxy.php?img=http://www.brimg.com/uploads/8/4682a6d30e.gif&key=65e9422bd3d7ef3b3e75c1906098834ebf522d6bca937539bace0e219aa07bb1" alt="4682a6d30e.gif" />

*Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log

Informe se resolveu.

Bom dia

Segue os log´s

Obrigado

All Processes Killed

[Registry - Safe List]

HOSTS file reset successfully!

[Files/Folders - Created Within 30 Days]

C:\LinhaDefensiva\rotinas\remocao folder moved successfully.

C:\LinhaDefensiva\rotinas folder moved successfully.

C:\LinhaDefensiva\relatorios folder moved successfully.

C:\LinhaDefensiva\reflist folder moved successfully.

C:\LinhaDefensiva\QUA\Pastas folder moved successfully.

C:\LinhaDefensiva\QUA\Arquivos folder moved successfully.

C:\LinhaDefensiva\QUA folder moved successfully.

C:\LinhaDefensiva\lang\vb folder moved successfully.

C:\LinhaDefensiva\lang\init folder moved successfully.

C:\LinhaDefensiva\lang\bat folder moved successfully.

C:\LinhaDefensiva\lang folder moved successfully.

C:\LinhaDefensiva\func folder moved successfully.

C:\LinhaDefensiva\exec folder moved successfully.

C:\LinhaDefensiva\credits folder moved successfully.

C:\LinhaDefensiva folder moved successfully.

[Alternate Data Streams]

ADS C:\Windows\SysWow64\drivers:GbpKmAp.lst deleted successfully.

[Empty Temp Folders]

User: All Users

User: Asafer

->Temp folder emptied: 5678125 bytes

->Temporary Internet Files folder emptied: 203435494 bytes

->Java cache emptied: 262659 bytes

->FireFox cache emptied: 38139761 bytes

->Flash cache emptied: 1556 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Todos os Usuários

User: Usuário Padrão

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 3996232 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50521 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 240,00 mb

< End of fix log >

OTS by OldTimer - Version 3.1.46.0 fix logfile created on 10182011_074941

Files\Folders moved on Reboot...

C:\Users\Asafer\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YB24YMRK\forum-super[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YB24YMRK\mail[2].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YB24YMRK\mail[3].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X86XFPQZ\ads[11].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X86XFPQZ\like[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X86XFPQZ\like[2].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X86XFPQZ\like[3].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X86XFPQZ\like[4].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X86XFPQZ\like[5].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X86XFPQZ\like[6].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X86XFPQZ\like[7].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X86XFPQZ\like[8].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X86XFPQZ\like[9].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WY67WL1C\bind[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WY67WL1C\fastbutton[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WY67WL1C\fastbutton[2].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WY67WL1C\fastbutton[3].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WY67WL1C\fastbutton[4].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WY67WL1C\fastbutton[5].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WY67WL1C\imasters_com_br[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WY67WL1C\login_status[5].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WY67WL1C\si[2].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RLNDG92R\forum-botao[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RLNDG92R\tweet_button[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWM83C5A\adsCAI1Y1K3.htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWM83C5A\fastbutton[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWM83C5A\fastbutton[2].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWM83C5A\fastbutton[3].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWM83C5A\forum-botao[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWM83C5A\like[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I604MIAH\mail[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I604MIAH\SmartAd[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ABSFVO33\446972-analise-de-log[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ABSFVO33\viewtopic[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ABIJJPN\ads[11].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ABIJJPN\forum-super[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ABIJJPN\infolab[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ABIJJPN\mail[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ABIJJPN\portal[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ABIJJPN\SmartAd[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...

------------------------------------------------------------------------------------------------------------------------------

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=12

Informe como está o PC.

*Execute o arquivo c:\Arquivos de programas\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

Boa noite,

Hoje entrei em contato com a gerente do meu banco e pedi uma nova senha.

Até agora entrou normalmente, sem problema aparente.

Neste logs apresentou algum problema???

Uma dúvida, estou para comprar um anti virus, você me aconselha algum???

Amanha cedo vou entrar novamente e quero ver se não vai mais bloquear minha senha.

Obrigad até o momento....

1.

*Execute o OTS, clique [CleanUp] > [Yes]

*O PC será reiniciado

Nada de grande importância.

Se for pagar um antivírus, recomendo o GData ou o Kaspersky.

Se desejas free, recomendo Avira ou Avast.

Um abraço.

PROBLEMA RESOLVIDO

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.