Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

ieca

[Resolvido] &nbspsenha bb bloqueada

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

ieca    0

ieca
Postado

Bom dia, nao consigo usar minha senha do bb na internet. Ja fui ao banco e fiz o desbloqueio. A moça falou q se eu n to conseguindo usar é por causa de virus.

Alguém pode me ajudar?

 

Segue meu log.

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 08:11:06, on 21/09/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

 

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\VIVO ZAP\VIVO ZAP.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\HijackThis\HiJackThis.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&mntrId=760238ee000000000000000000000000&tlver=1.4.19.19&ss=1&affID=17394

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=760238ee000000000000000000000000&tlver=1.4.19.19&ss=1&affID=17394

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {12fc3d37-2a42-4fe3-8489-81296878cba5} - (no file)

R3 - URLSearchHook: (no name) - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O17 - HKLM\System\CCS\Services\Tcpip\..\{47E39A1D-6C3C-43F9-9E66-7FD11123F2A3}: NameServer = 200.220.227.57 200.142.132.32

O17 - HKLM\System\CCS\Services\Tcpip\..\{DE52D955-BE2D-40E6-AC7D-7EE244C13FAB}: NameServer = 200.220.227.56 200.142.130.202

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe

 

--

End of file - 6864 bytes

 

 

Grata

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

Olá ieca

 

 

1.

*Baixe o Bankerfix e salve-o no desktop

*Clique com o botão direito do mouse no bankerfix e selecione "Executar como administrador", clique [OK] > [sIM] (se pedir alguma atualização) > [OK] > [ENTER]

*Ao finalizar, tecle [ENTER]

*Cole o relatório C:\LinhaDefensiva\relatorio.txt

 

2.

*Baixe o MalwareBytes,instale o programa e aguarde a atualização

*O programa será aberto automaticamente

*Na aba [Verificação], selecione [Verificação completa]

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

 

Caso já tenhas o Malwarebytes instalado....

 

*Abra o Malwarebytes, clique [Atualização] > [baixar Atualizações]

*Na aba [Verificação], selecione [x] Verificação completa

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

Compartilhar este post

Link para o post
Compartilhar em outros sites

ieca    0

ieca
Postado

Epa, aqui está.

 

BankerFix

 

 

BankerFix 3.1 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2011-09-21 - 08:30

-------------------------------------------------------

Lista de Definição: 2011-08-28-1 | CORE: 2010-12-28-6

=======================================================

 

 

 

----- Fim -------------------------

Malware

 

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

 

Versão da Base de Dados: 7624

 

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

 

21/09/2011 13:53:25

mbam-log-2011-09-21 (13-53-24).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 248054

Tempo decorrido: 47 minuto(s), 2 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 0

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

(Não foram detectados ítens maliciosos)

 

 

Grata

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

*Baixe o OTS e salve-o no desktop

*Execute-o e selecione as opções:

Scan All Users

Use Company Name WhiteList

Skip Microsoft Files

 

*Em Additional Scans selecione:

File - Lop Check

File - Purity Scan

 

*Selecione, copie, e cole o código no espaço abaixo de Custom Scans:

%ALLUSERSPROFILE%\*.*

%ALLUSERSPROFILE%\Dados de aplicativos\*

%ALLUSERSPROFILE%\Dados de aplicativos\*.*

%ALLUSERSPROFILE%\Menu Iniciar\Programas\Inicializar\*.*

%APPDATA%\*

%APPDATA%\*.*

%LOCALAPPDATA%\*.*

%SYSTEMDRIVE%\*

%SYSTEMDRIVE%\*.*

%USERPROFILE%\*.*

CREATERESTOREPOINT

 

*Clique [Run Scan]

*Cole o relatório apresentado

 

 

Caso o relatório fique demasiadamente grande...

 

*Acesse este link

*Clique [Enviar arquivo]

*Localize o arquivo OTS.txt no desktop

*Clique [Abrir] > [Créer le lien Cjoint]

*Cole o endereço criado

Compartilhar este post

Link para o post
Compartilhar em outros sites

ieca    0

ieca
Postado

La vai...

 

OTS logfile created on: 21/09/2011 19:57:58 - Run 3
OTS by OldTimer - Version 3.1.44.6     Folder = C:\Users\Zita\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,99 Gb Total Space | 66,93 Gb Free Space | 47,81% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 12,36 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ZITA-PC
Current User Name: Zita
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Users\Zita\Desktop\OTS.exe -> [2011/09/21 19:52:48 | 000,646,656 | ---- | M] (OldTimer Tools)
gbpsv.exe -> C:\Program Files\GbPlugin\GbpSv.exe -> [2011/08/08 11:23:18 | 000,208,672 | ---- | M] ( )
vivo zap.exe -> C:\Program Files\VIVO ZAP\VIVO ZAP.exe -> [2011/03/13 08:31:46 | 000,110,592 | ---- | M] ()
explorer.exe -> C:\Windows\explorer.exe -> [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
msseces.exe -> C:\Program Files\Microsoft Security Client\msseces.exe -> [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation)
taskhost.exe -> C:\Windows\System32\taskhost.exe -> [2010/11/20 09:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation)
nissrv.exe -> c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -> [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation)
msmpeng.exe -> c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -> [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation)
tosbtsrv.exe -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -> [2007/02/25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION)

[Modules - No Company Name]
ppgooglenaclpluginchrome.dll -> C:\Users\Zita\AppData\Local\Google\Chrome\Application\14.0.835.186\ppgooglenaclpluginchrome.dll -> [2011/09/20 00:07:39 | 000,412,728 | ---- | M] ()
pdf.dll -> C:\Users\Zita\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll -> [2011/09/20 00:07:37 | 003,696,184 | ---- | M] ()
avutil-51.dll -> C:\Users\Zita\AppData\Local\Google\Chrome\Application\14.0.835.186\avutil-51.dll -> [2011/09/20 00:06:11 | 000,142,568 | ---- | M] ()
avformat-53.dll -> C:\Users\Zita\AppData\Local\Google\Chrome\Application\14.0.835.186\avformat-53.dll -> [2011/09/20 00:06:10 | 000,253,320 | ---- | M] ()
avcodec-53.dll -> C:\Users\Zita\AppData\Local\Google\Chrome\Application\14.0.835.186\avcodec-53.dll -> [2011/09/20 00:06:09 | 002,403,240 | ---- | M] ()
gcswf32.dll -> C:\Users\Zita\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll -> [2011/09/19 21:32:41 | 006,338,720 | ---- | M] ()
office.odf -> C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF -> [2011/03/15 07:13:46 | 004,254,560 | ---- | M] ()
vivo zap.exe -> C:\Program Files\VIVO ZAP\VIVO ZAP.exe -> [2011/03/13 08:31:46 | 000,110,592 | ---- | M] ()
viewerps.dll -> C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll -> [2010/09/22 21:12:20 | 000,016,832 | ---- | M] ()
rarext.dll -> C:\Program Files\WinRAR\RarExt.dll -> [2010/03/15 11:28:24 | 000,141,824 | ---- | M] ()
localemgrplugin.dll -> C:\Program Files\VIVO ZAP\LocaleMgrPlugin.dll -> [2008/09/11 18:33:04 | 000,135,168 | ---- | M] ()
smsplugin.dll -> C:\Program Files\VIVO ZAP\SMSPlugin.dll -> [2008/09/11 18:32:28 | 000,151,552 | ---- | M] ()
notifyserviceplugin.dll -> C:\Program Files\VIVO ZAP\NotifyServicePlugin.dll -> [2008/09/11 18:31:42 | 000,032,768 | ---- | M] ()
configfileplugin.dll -> C:\Program Files\VIVO ZAP\ConfigFilePlugin.dll -> [2008/09/11 18:29:54 | 000,057,344 | ---- | M] ()
devicemgrplugin.dll -> C:\Program Files\VIVO ZAP\DeviceMgrPlugin.dll -> [2008/09/11 18:28:52 | 000,102,400 | ---- | M] ()
netinfoplugin.dll -> C:\Program Files\VIVO ZAP\NetInfoPlugin.dll -> [2008/09/11 18:27:04 | 000,098,304 | ---- | M] ()
dialupplugin.dll -> C:\Program Files\VIVO ZAP\DialUpPlugin.dll -> [2008/09/11 18:25:14 | 000,086,016 | ---- | M] ()
devicemgruiplugin.dll -> C:\Program Files\VIVO ZAP\DeviceMgrUIPlugin.dll -> [2008/09/11 18:24:14 | 000,155,648 | ---- | M] ()
ndisapi.dll -> C:\Program Files\VIVO ZAP\NDISAPI.dll -> [2008/09/11 18:19:24 | 000,651,264 | ---- | M] ()
detectdev.dll -> C:\Program Files\VIVO ZAP\DetectDev.dll -> [2008/01/25 12:41:36 | 000,139,264 | ---- | M] ()
atcomm.dll -> C:\Program Files\VIVO ZAP\atcomm.dll -> [2008/01/25 12:41:28 | 000,491,520 | ---- | M] ()
deviceoperate.dll -> C:\Program Files\VIVO ZAP\DeviceOperate.dll -> [2008/01/17 12:57:46 | 000,045,056 | ---- | M] ()
xcodec.dll -> C:\Program Files\VIVO ZAP\XCodec.dll -> [2008/01/17 12:57:24 | 000,041,472 | ---- | M] ()
isaputrace.dll -> C:\Program Files\VIVO ZAP\isaputrace.dll -> [2007/08/23 17:39:30 | 000,014,848 | ---- | M] ()
filemanager.dll -> C:\Program Files\VIVO ZAP\FileManager.dll -> [2007/07/31 16:50:04 | 000,090,112 | ---- | M] ()
atiacmxx.dll -> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll -> [2007/03/02 10:44:34 | 000,073,728 | ---- | M] ()

[Win32 Services - Safe List]
(GbpSv) Gbp Service [unknown | Running] -> C:\Program Files\GbPlugin\GbpSv.exe -> [2011/08/08 11:23:18 | 000,208,672 | ---- | M] ( )
(WatAdminSvc) WatAdminSvc [unknown | Stopped] -> C:\Windows\System32\Wat\WatAdminSvc.exe -> [2011/01/19 22:06:37 | 001,343,400 | ---- | M] ()
(NisSrv) Microsoft Network Inspection [On_Demand | Running] -> c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -> [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation)
(MsMpSvc) Microsoft Antimalware Service [Auto | Running] -> c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -> [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation)
(Microsoft SharePoint Workspace Audit Service) Microsoft SharePoint Workspace Audit Service [On_Demand | Stopped] -> C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -> [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation)
(SensrSvc) Adaptive Brightness [On_Demand | Stopped] -> C:\Windows\System32\sensrsvc.dll -> [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation)
(PeerDistSvc) BranchCache [On_Demand | Stopped] -> C:\Windows\System32\PeerDistSvc.dll -> [2009/07/13 22:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation)
(WinDefend) Windows Defender [On_Demand | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation)
(TOSHIBA Bluetooth Service) TOSHIBA Bluetooth Service [Auto | Running] -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -> [2007/02/25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION)

[Driver Services - Safe List]
(MpKsl74e4f04a) MpKsl74e4f04a [Kernel | System | Running] -> c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F5A97ACF-2377-41A9-945A-146C63664E9D}\MpKsl74e4f04a.sys -> [2011/09/21 10:24:22 | 000,028,752 | ---- | M] (Microsoft Corporation)
(GbpKm) Gbp KernelMode [Kernel | Boot | Running] -> C:\Windows\system32\drivers\gbpkm.sys -> [2011/08/08 11:23:42 | 000,044,064 | ---- | M] (GAS Tecnologia)
(vmbus) Virtual Machine Bus [Kernel | Boot | Running] -> C:\Windows\system32\drivers\vmbus.sys -> [2010/11/20 09:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation)
(storflt) Disk Virtual Machine Bus Acceleration Filter Driver [Kernel | Boot | Running] -> C:\Windows\system32\drivers\vmstorfl.sys -> [2010/11/20 09:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation)
(storvsc) storvsc [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\storvsc.sys -> [2010/11/20 09:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation)
(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\TsUsbFlt.sys -> [2010/11/20 07:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation)
(RdpVideoMiniport) Remote Desktop Video Miniport Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\rdpvideominiport.sys -> [2010/11/20 07:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation)
(WinUsb) WinUsb [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\winusb.sys -> [2010/11/20 06:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation)
(VMBusHID) VMBusHID [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\VMBusHID.sys -> [2010/11/20 06:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation)
(s3cap) s3cap [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\vms3cap.sys -> [2010/11/20 06:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation)
(NisDrv) Microsoft Network Inspection System [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\NisDrvWFP.sys -> [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation)
(MpNWMon) Microsoft Malware Protection Network Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\MpNWMon.sys -> [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation)
(Btcsrusb) Bluetooth USB For Bluetooth Service [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\btcusb.sys -> [2010/01/04 09:31:48 | 000,035,848 | ---- | M] (IVT Corporation.)
(NMgamingmsFltr) USB Optical Mouse [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\NMgamingms.sys -> [2009/07/24 08:56:16 | 000,009,472 | ---- | M] (Primax Ltd)
(netw5v32) Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\netw5v32.sys -> [2009/07/13 19:02:51 | 004,231,168 | ---- | M] (Intel Corporation)
(hwdatacard) Huawei DataCard USB Modem and USB Serial [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\ewusbmdm.sys -> [2008/03/17 12:05:30 | 000,101,632 | R--- | M] (Huawei Technologies Co., Ltd.)
(atikmdag) atikmdag [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\atikmdag.sys -> [2007/11/28 13:35:36 | 002,591,232 | ---- | M] (ATI Technologies Inc.)
(ti21sony) ti21sony [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\ti21sony.sys -> [2007/11/28 13:35:12 | 000,812,544 | ---- | M] (Texas Instruments)
(R5U870FLx86) R5U870 UVC Lower Filter   [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\R5U870FLx86.sys -> [2007/11/27 16:18:04 | 000,073,472 | ---- | M] (Ricoh)
(R5U870FUx86) R5U870 UVC Upper Filter   [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\R5U870FUx86.sys -> [2007/11/27 16:18:04 | 000,043,904 | ---- | M] (Ricoh)
(SFEP) Sony Firmware Extension Parser [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\SFEP.sys -> [2007/08/03 04:36:10 | 000,009,344 | ---- | M] (Sony Corporation)
(Tosrfusb) Bluetooth USB Controller [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\tosrfusb.sys -> [2007/04/24 19:36:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION)
(tosrfbd) Bluetooth RFBUS [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\tosrfbd.sys -> [2007/04/24 13:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION)
(Tosrfhid) Bluetooth RFHID [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\Tosrfhid.sys -> [2007/03/01 16:53:12 | 000,073,728 | ---- | M] (TOSHIBA Corporation.)
(TosRfSnd) Bluetooth Audio [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\TosRfSnd.sys -> [2007/01/22 10:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation)
(tosrfbnp) Bluetooth RFBNEP [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\tosrfbnp.sys -> [2006/11/20 17:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation)
(tosporte) Bluetooth COM Port [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\tosporte.sys -> [2006/10/10 19:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation)
(Tosrfcom) Bluetooth RFCOMM [Kernel | System | Running] -> C:\Windows\System32\drivers\tosrfcom.sys -> [2005/08/01 16:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation)
(tosrfnds) Bluetooth Personal Area Network [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\tosrfnds.sys -> [2005/01/06 13:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=760238ee000000000000000000000000&tlver=1.4.19.19&ss=1&affID=17394 -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-703093345-3958698311-1046026413-1000\] > -> -> 
HKEY_USERS\S-1-5-21-703093345-3958698311-1046026413-1000\: Main\\"Start Page" -> http://search.babylon.com/?babsrc=HP_ss&mntrId=760238ee000000000000000000000000&tlver=1.4.19.19&ss=1&affID=17394 -> 
HKEY_USERS\S-1-5-21-703093345-3958698311-1046026413-1000\: Main\\"Start Page Redirect Cache" -> http://br.msn.com/?ocid=iehp -> 
HKEY_USERS\S-1-5-21-703093345-3958698311-1046026413-1000\: Main\\"Start Page Redirect Cache AcceptLangs" -> pt-br -> 
HKEY_USERS\S-1-5-21-703093345-3958698311-1046026413-1000\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> 59 7A C4 8C A8 32 CC 01  [binary data] -> 
HKEY_USERS\S-1-5-21-703093345-3958698311-1046026413-1000\: URLSearchHooks\\"{12fc3d37-2a42-4fe3-8489-81296878cba5}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_USERS\S-1-5-21-703093345-3958698311-1046026413-1000\: URLSearchHooks\\"{e0301295-ab3e-4af3-979f-3d453c5f9f48}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_USERS\S-1-5-21-703093345-3958698311-1046026413-1000\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Users\Zita\AppData\Roaming\Mozilla\FireFox\Profiles\joav621b.default\prefs.js -> 
browser.search.selectedEngine -> "Search the web (Babylon)" ->
browser.startup.homepage -> "http://br.msn.com/" ->
extensions.enabledItems -> engine@conduit.com:3.2.5.2 ->
extensions.enabledItems -> {12fc3d37-2a42-4fe3-8489-81296878cba5}:3.2.5.2 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 ->
extensions.enabledItems -> {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6 ->
extensions.enabledItems -> {87F8774F-B485-47E2-A755-A40A8A5E886C}:1.0.18.2 ->
keyword.URL -> "http://search.babylon.com/?babsrc=toolbar2&q=" ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
< FireFox Extensions [user Folders] > -> 
 -> C:\Users\Zita\AppData\Roaming\Mozilla\Extensions -> [2011/03/01 21:14:50 | 000,000,000 | ---D | M]
 -> C:\Users\Zita\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org -> [2011/03/01 21:14:50 | 000,000,000 | ---D | M]
 -> C:\Users\Zita\AppData\Roaming\Mozilla\Firefox\Profiles\joav621b.default\extensions -> [2011/08/17 03:11:03 | 000,000,000 | ---D | M]
Softonic_Brasil Community Toolbar   -> C:\Users\Zita\AppData\Roaming\Mozilla\Firefox\Profiles\joav621b.default\extensions\{12fc3d37-2a42-4fe3-8489-81296878cba5} -> [2011/08/17 03:10:24 | 000,000,000 | ---D | M]
Image Zoom   -> C:\Users\Zita\AppData\Roaming\Mozilla\Firefox\Profiles\joav621b.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} -> [2011/03/21 06:22:09 | 000,000,000 | ---D | M]
Modulo de Seguranca - Banco do Brasil SA   -> C:\Users\Zita\AppData\Roaming\Mozilla\Firefox\Profiles\joav621b.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} -> [2011/08/17 03:11:03 | 000,000,000 | ---D | M]
 -> C:\Users\Zita\AppData\Roaming\Mozilla\Firefox\Profiles\joav621b.default\extensions\engine@conduit.com -> [2011/05/24 23:11:13 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [user Folders] > -> 
< HOSTS File > ([2011/09/21 08:31:27 | 000,000,698 | ---- | M] - 19 lines) -> C:\Windows\System32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [Groove GFS Browser Helper] -> [2010/03/25 10:25:22 | 004,222,864 | ---- | M] (Microsoft Corporation)
{B4F3A835-0E21-4959-BA22-42B3008E02FF} [HKLM] -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [Office Document Cache Handler] -> [2010/02/28 02:20:14 | 000,561,552 | ---- | M] (Microsoft Corporation)
{C41A1C0E-EA6C-11D4-B1B8-444553540000} [HKLM] -> C:\Program Files\GbPlugin\gbieh.dll [GbIehObj Class] -> [2011/09/15 09:25:56 | 001,719,584 | ---- | M] (Banco do Brasil)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-703093345-3958698311-1046026413-1000\] > -> HKEY_USERS\S-1-5-21-703093345-3958698311-1046026413-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{12FC3D37-2A42-4FE3-8489-81296878CBA5}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{E0301295-AB3E-4AF3-979F-3D453C5F9F48}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"mctadmin" -> C:\Windows\System32\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> [2009/07/13 22:14:23 | 000,093,696 | ---- | M] (Microsoft Corporation)
< RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"mctadmin" -> C:\Windows\System32\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> [2009/07/13 22:14:23 | 000,093,696 | ---- | M] (Microsoft Corporation)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [5] -> File not found
\\"ConsentPromptBehaviorUser" ->  [3] -> File not found
\\"EnableLUA" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-703093345-3958698311-1046026413-1000] > -> HKEY_USERS\S-1-5-21-703093345-3958698311-1046026413-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-703093345-3958698311-1046026413-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-703093345-3958698311-1046026413-1000\] > -> HKEY_USERS\S-1-5-21-703093345-3958698311-1046026413-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&Enviar para o OneNote -> C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105] -> [2010/02/28 04:41:04 | 000,643,472 | ---- | M] (Microsoft Corporation)
E&xportar para o Microsoft Excel -> C:\Program Files\Microsoft Office\Office14\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000] -> [2011/03/16 23:26:08 | 020,759,392 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [button: Enviar para o OneNote] -> [2010/02/28 04:41:04 | 000,643,472 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [Menu: &Enviar para o OneNote] -> [2010/02/28 04:41:04 | 000,643,472 | ---- | M] (Microsoft Corporation)
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [button: &Anotações Vinculadas do OneNote] -> [2010/02/28 04:41:04 | 000,496,528 | ---- | M] (Microsoft Corporation)
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [Menu: &Anotações Vinculadas do OneNote] -> [2010/02/28 04:41:04 | 000,496,528 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-703093345-3958698311-1046026413-1000\] > -> HKEY_USERS\S-1-5-21-703093345-3958698311-1046026413-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-703093345-3958698311-1046026413-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> 
www_bancobrasil.com.br [*] -> Trusted sites -> 
www14_bancobrasil.com.br [*] -> Trusted sites -> 
www2_bancobrasil.com.br [*] -> Trusted sites -> 
www_bb.com.br [*] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-703093345-3958698311-1046026413-1000\] > -> HKEY_USERS\S-1-5-21-703093345-3958698311-1046026413-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-703093345-3958698311-1046026413-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab [Java Plug-in 1.6.0_27] -> 
{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab [Java Plug-in 1.6.0_27] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab [Java Plug-in 1.6.0_27] -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\explorer.exe -> [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> C:\Windows\System32\userinit.exe -> [2010/11/20 09:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
SystemPropertiesPerformance.exe -> C:\Windows\System32\SystemPropertiesPerformance.exe -> [2009/07/13 22:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_USERS\S-1-5-21-703093345-3958698311-1046026413-1000] > -> HKEY_USERS\S-1-5-21-703093345-3958698311-1046026413-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_USERS\S-1-5-21-703093345-3958698311-1046026413-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\explorer.exe -> [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
GbPluginBb -> C:\Program Files\GbPlugin\gbieh.dll -> [2011/09/15 09:25:56 | 001,719,584 | ---- | M] (Banco do Brasil)
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [Groove GFS Stub Execution Hook] -> [2010/03/25 10:25:22 | 004,222,864 | ---- | M] (Microsoft Corporation)
"{E37CB5F0-51F5-4395-A808-5FA49E399F83}" [HKLM] -> C:\Program Files\GbPlugin\gbieh.dll [GbPlugin ShlObj] -> [2011/09/15 09:25:56 | 001,719,584 | ---- | M] (Banco do Brasil)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2009/06/10 18:42:20 | 000,000,024 | ---- | M] ()
E:\AutoRun.exe [MZ | ] -> E:\AutoRun.exe [ CDFS ] -> [2008/04/23 18:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
E:\AUTORUN.INF [[AutoRun] | open=AutoRun.exe | icon=VIVO ZAP.ico | ] -> E:\AUTORUN.INF [ CDFS ] -> [2008/09/18 06:59:58 | 000,000,046 | R--- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\E
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\shell
\E\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\shell\AutoRun\command
\E\shell\AutoRun\command\\"" -> E:\AutoRun.exe [E:\AutoRun.exe] -> [2008/04/23 18:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
\{121c9bec-a365-11e0-9bb6-001a80421186}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{121c9bec-a365-11e0-9bb6-001a80421186}\shell
\{121c9bec-a365-11e0-9bb6-001a80421186}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{121c9bec-a365-11e0-9bb6-001a80421186}\shell\AutoRun\command
\{121c9bec-a365-11e0-9bb6-001a80421186}\shell\AutoRun\command\\"" -> E:\AutoRun.exe [E:\AutoRun.exe] -> [2008/04/23 18:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
\{1ce195cc-2318-11e0-b7fc-001bfbcdc073}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ce195cc-2318-11e0-b7fc-001bfbcdc073}\shell
\{1ce195cc-2318-11e0-b7fc-001bfbcdc073}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ce195cc-2318-11e0-b7fc-001bfbcdc073}\shell\AutoRun\command
\{1ce195cc-2318-11e0-b7fc-001bfbcdc073}\shell\AutoRun\command\\"" -> E:\AutoRun.exe [E:\AutoRun.exe] -> [2008/04/23 18:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
\{1ce1983d-2318-11e0-b7fc-001bfbcdc073}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ce1983d-2318-11e0-b7fc-001bfbcdc073}\shell
\{1ce1983d-2318-11e0-b7fc-001bfbcdc073}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ce1983d-2318-11e0-b7fc-001bfbcdc073}\shell\AutoRun\command
\{1ce1983d-2318-11e0-b7fc-001bfbcdc073}\shell\AutoRun\command\\"" -> E:\AutoRun.exe [E:\AutoRun.exe] -> [2008/04/23 18:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
\{20187fa7-8bc7-11e0-b57f-001a80421186}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20187fa7-8bc7-11e0-b57f-001a80421186}\shell
\{20187fa7-8bc7-11e0-b57f-001a80421186}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20187fa7-8bc7-11e0-b57f-001a80421186}\shell\AutoRun\command
\{20187fa7-8bc7-11e0-b57f-001a80421186}\shell\AutoRun\command\\"" -> E:\AutoRun.exe [E:\AutoRun.exe] -> [2008/04/23 18:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
\{5f00458c-8885-11e0-b5dd-001bfbcdc073}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f00458c-8885-11e0-b5dd-001bfbcdc073}\shell
\{5f00458c-8885-11e0-b5dd-001bfbcdc073}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f00458c-8885-11e0-b5dd-001bfbcdc073}\shell\AutoRun\command
\{5f00458c-8885-11e0-b5dd-001bfbcdc073}\shell\AutoRun\command\\"" -> E:\AutoRun.exe [E:\AutoRun.exe] -> [2008/04/23 18:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
\{5f00459d-8885-11e0-b5dd-001bfbcdc073}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f00459d-8885-11e0-b5dd-001bfbcdc073}\shell
\{5f00459d-8885-11e0-b5dd-001bfbcdc073}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f00459d-8885-11e0-b5dd-001bfbcdc073}\shell\AutoRun\command
\{5f00459d-8885-11e0-b5dd-001bfbcdc073}\shell\AutoRun\command\\"" -> E:\AutoRun.exe [E:\AutoRun.exe] -> [2008/04/23 18:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
\{a0b6ae6d-2a28-11e0-8d2e-001bfbcdc073}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0b6ae6d-2a28-11e0-8d2e-001bfbcdc073}\shell
\{a0b6ae6d-2a28-11e0-8d2e-001bfbcdc073}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0b6ae6d-2a28-11e0-8d2e-001bfbcdc073}\shell\AutoRun\command
\{a0b6ae6d-2a28-11e0-8d2e-001bfbcdc073}\shell\AutoRun\command\\"" -> E:\AutoRun.exe [E:\AutoRun.exe] -> [2008/04/23 18:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
\{c8fbb998-c8ca-11e0-85b1-001a80421186}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8fbb998-c8ca-11e0-85b1-001a80421186}\shell
\{c8fbb998-c8ca-11e0-85b1-001a80421186}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8fbb998-c8ca-11e0-85b1-001a80421186}\shell\AutoRun\command
\{c8fbb998-c8ca-11e0-85b1-001a80421186}\shell\AutoRun\command\\"" -> E:\AutoRun.exe [E:\AutoRun.exe] -> [2008/04/23 18:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
\{c8fbb9a9-c8ca-11e0-85b1-001a80421186}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8fbb9a9-c8ca-11e0-85b1-001a80421186}\shell
\{c8fbb9a9-c8ca-11e0-85b1-001a80421186}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8fbb9a9-c8ca-11e0-85b1-001a80421186}\shell\AutoRun\command
\{c8fbb9a9-c8ca-11e0-85b1-001a80421186}\shell\AutoRun\command\\"" -> E:\AutoRun.exe [E:\AutoRun.exe] -> [2008/04/23 18:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
\{c8fbb9ad-c8ca-11e0-85b1-001a80421186}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8fbb9ad-c8ca-11e0-85b1-001a80421186}\shell
\{c8fbb9ad-c8ca-11e0-85b1-001a80421186}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8fbb9ad-c8ca-11e0-85b1-001a80421186}\shell\AutoRun\command
\{c8fbb9ad-c8ca-11e0-85b1-001a80421186}\shell\AutoRun\command\\"" -> E:\AutoRun.exe [E:\AutoRun.exe] -> [2008/04/23 18:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
\{c924753c-537a-11e0-9773-001bfbcdc073}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c924753c-537a-11e0-9773-001bfbcdc073}\shell
\{c924753c-537a-11e0-9773-001bfbcdc073}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c924753c-537a-11e0-9773-001bfbcdc073}\shell\AutoRun\command
\{c924753c-537a-11e0-9773-001bfbcdc073}\shell\AutoRun\command\\"" -> E:\AutoRun.exe [E:\AutoRun.exe] -> [2008/04/23 18:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
\{eb44e477-4d36-11e0-a485-001bfbcdc073}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb44e477-4d36-11e0-a485-001bfbcdc073}\shell
\{eb44e477-4d36-11e0-a485-001bfbcdc073}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb44e477-4d36-11e0-a485-001bfbcdc073}\shell\AutoRun\command
\{eb44e477-4d36-11e0-a485-001bfbcdc073}\shell\AutoRun\command\\"" -> E:\AutoRun.exe [E:\AutoRun.exe] -> [2008/04/23 18:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
\{eb44e47d-4d36-11e0-a485-001bfbcdc073}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb44e47d-4d36-11e0-a485-001bfbcdc073}\shell
\{eb44e47d-4d36-11e0-a485-001bfbcdc073}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb44e47d-4d36-11e0-a485-001bfbcdc073}\shell\AutoRun\command
\{eb44e47d-4d36-11e0-a485-001bfbcdc073}\shell\AutoRun\command\\"" ->  [F:\AutoRun.exe] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 


[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Users\Zita\Desktop\OTS.exe -> [2011/09/21 19:52:05 | 000,646,656 | ---- | C] (OldTimer Tools)
Marina -> C:\Users\Zita\Desktop\Marina -> [2011/09/21 18:18:40 | 000,000,000 | ---D | C]
{1436E14D-DE28-4362-9387-9F750CA81A62} -> C:\Users\Zita\AppData\Local\{1436E14D-DE28-4362-9387-9F750CA81A62} -> [2011/09/21 14:32:43 | 000,000,000 | ---D | C]
{F7B5D9B7-3F61-4E6A-AEBA-FB02E82280B4} -> C:\Users\Zita\AppData\Local\{F7B5D9B7-3F61-4E6A-AEBA-FB02E82280B4} -> [2011/09/21 13:49:34 | 000,000,000 | ---D | C]
LinhaDefensiva -> C:\LinhaDefensiva -> [2011/09/21 08:29:53 | 000,000,000 | ---D | C]
HostsXpert -> C:\Users\Zita\Desktop\HostsXpert -> [2011/09/21 08:27:53 | 000,000,000 | ---D | C]
bankerfix.exe -> C:\Users\Zita\Desktop\bankerfix.exe -> [2011/09/21 08:26:17 | 000,178,597 | ---- | C] (Igor Pavlov)
HijackThis -> C:\HijackThis -> [2011/09/21 08:09:20 | 000,000,000 | ---D | C]
Java' -> C:\Program Files\Java' -> [2011/09/13 23:22:09 | 000,000,000 | ---D | C]
Java -> C:\Program Files\Common Files\Java -> [2011/09/13 23:07:34 | 000,000,000 | ---D | C]
GbpKm.sys -> C:\Windows\System32\drivers\GbpKm.sys -> [2011/09/13 22:50:01 | 000,044,064 | ---- | C] (GAS Tecnologia)
GbPlugin -> C:\Program Files\GbPlugin -> [2011/09/13 22:49:28 | 000,000,000 | ---D | C]
{B358CE1C-DF00-461E-B448-E0F3F8E1E334} -> C:\Users\Zita\AppData\Local\{B358CE1C-DF00-461E-B448-E0F3F8E1E334} -> [2011/09/01 06:05:36 | 000,000,000 | ---D | C]
Catalyst Control Center -> C:\Users\Zita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center -> [2011/09/01 03:24:46 | 000,000,000 | ---D | C]
pss -> C:\Windows\pss -> [2011/09/01 03:17:45 | 000,000,000 | ---D | C]
{7F3EF2EB-1B69-4CD8-A081-5FC28FCDA2A9} -> C:\Users\Zita\AppData\Local\{7F3EF2EB-1B69-4CD8-A081-5FC28FCDA2A9} -> [2011/09/01 01:07:59 | 000,000,000 | ---D | C]
Tracing -> C:\Users\Zita\Tracing -> [2011/09/01 01:07:43 | 000,000,000 | ---D | C]
Google Chrome -> C:\Users\Zita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome -> [2011/09/01 00:51:37 | 000,000,000 | ---D | C]
Google -> C:\Users\Zita\AppData\Local\Google -> [2011/09/01 00:45:13 | 000,000,000 | ---D | C]

[Files/Folders - Modified Within 30 Days]
ntuser.dat -> C:\Users\Zita\ntuser.dat -> [2011/09/21 19:59:20 | 002,359,296 | -HS- | M] ()
OTS.exe -> C:\Users\Zita\Desktop\OTS.exe -> [2011/09/21 19:52:48 | 000,646,656 | ---- | M] (OldTimer Tools)
GoogleUpdateTaskUserS-1-5-21-703093345-3958698311-1046026413-1000UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-703093345-3958698311-1046026413-1000UA.job -> [2011/09/21 19:50:16 | 000,001,074 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/09/21 19:12:01 | 000,014,544 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/09/21 19:12:01 | 000,014,544 | -H-- | M] ()
PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2011/09/21 18:17:48 | 001,159,906 | ---- | M] ()
perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2011/09/21 18:17:48 | 000,621,012 | ---- | M] ()
perfh00D.dat -> C:\Windows\System32\perfh00D.dat -> [2011/09/21 18:17:48 | 000,358,526 | ---- | M] ()
perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2011/09/21 18:17:48 | 000,108,232 | ---- | M] ()
perfc00D.dat -> C:\Windows\System32\perfc00D.dat -> [2011/09/21 18:17:48 | 000,070,938 | ---- | M] ()
Ikeext.etl -> C:\Windows\System32\Ikeext.etl -> [2011/09/21 10:24:16 | 000,065,536 | ---- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2011/09/21 10:24:16 | 000,000,006 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2011/09/21 10:24:00 | 000,067,584 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2011/09/21 10:23:36 | 1609,375,744 | -HS- | M] ()
IconCache.db -> C:\Users\Zita\AppData\Local\IconCache.db -> [2011/09/21 09:49:49 | 002,239,687 | -H-- | M] ()
hosts -> C:\Windows\System32\drivers\etc\hosts -> [2011/09/21 08:31:27 | 000,000,698 | ---- | M] ()
bankerfix.exe -> C:\Users\Zita\Desktop\bankerfix.exe -> [2011/09/21 08:27:19 | 000,178,597 | ---- | M] (Igor Pavlov)
GoogleUpdateTaskUserS-1-5-21-703093345-3958698311-1046026413-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-703093345-3958698311-1046026413-1000Core.job -> [2011/09/21 00:50:00 | 000,001,022 | ---- | M] ()
VIVO ZAP.lnk -> C:\Users\Public\Desktop\VIVO ZAP.lnk -> [2011/09/20 21:05:59 | 000,000,965 | ---- | M] ()
Adobe Reader 9.lnk -> C:\Users\Public\Desktop\Adobe Reader 9.lnk -> [2011/09/14 14:08:06 | 000,001,944 | ---- | M] ()
CCleaner.lnk -> C:\Users\Public\Desktop\CCleaner.lnk -> [2011/09/01 00:44:09 | 000,000,925 | ---- | M] ()
FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2011/09/01 00:11:56 | 000,418,408 | ---- | M] ()
12 C:\Users\Zita\AppData\Local\Temp\*.tmp files -> C:\Users\Zita\AppData\Local\Temp\*.tmp -> 

[Files - No Company Name]
GoogleUpdateTaskUserS-1-5-21-703093345-3958698311-1046026413-1000UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-703093345-3958698311-1046026413-1000UA.job -> [2011/09/01 00:45:16 | 000,001,074 | ---- | C] ()
GoogleUpdateTaskUserS-1-5-21-703093345-3958698311-1046026413-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-703093345-3958698311-1046026413-1000Core.job -> [2011/09/01 00:45:15 | 000,001,022 | ---- | C] ()
perfh00D.dat -> C:\Windows\System32\perfh00D.dat -> [2011/05/27 15:49:58 | 000,358,526 | ---- | C] ()
perfi00D.dat -> C:\Windows\System32\perfi00D.dat -> [2011/05/27 15:49:58 | 000,229,316 | ---- | C] ()
perfc00D.dat -> C:\Windows\System32\perfc00D.dat -> [2011/05/27 15:49:58 | 000,070,938 | ---- | C] ()
perfd00D.dat -> C:\Windows\System32\perfd00D.dat -> [2011/05/27 15:49:58 | 000,032,166 | ---- | C] ()
resmon.resmoncfg -> C:\Users\Zita\AppData\Local\resmon.resmoncfg -> [2011/04/15 05:03:42 | 000,007,597 | ---- | C] ()
ativpsrm.bin -> C:\Windows\ativpsrm.bin -> [2011/04/15 04:44:30 | 000,000,000 | ---- | C] ()
burnaware.ini -> C:\Users\Zita\AppData\Roaming\burnaware.ini -> [2011/04/14 19:00:21 | 000,000,040 | ---- | C] ()
IconCache.db -> C:\Users\Zita\AppData\Local\IconCache.db -> [2011/04/06 09:56:01 | 002,239,687 | -H-- | C] ()
tosOBEX.INI -> C:\Windows\tosOBEX.INI -> [2011/04/02 07:43:28 | 000,000,000 | ---- | C] ()
RDVGHelper.exe -> C:\Windows\System32\RDVGHelper.exe -> [2011/04/02 01:47:22 | 000,080,896 | ---- | C] ()
PrintBrmUi.exe -> C:\Windows\System32\PrintBrmUi.exe -> [2011/04/02 01:45:24 | 000,066,048 | ---- | C] ()
dosx.exe -> C:\Windows\System32\dosx.exe -> [2011/04/02 01:45:21 | 000,053,600 | ---- | C] ()
mlfcache.dat -> C:\Windows\System32\mlfcache.dat -> [2011/03/23 07:19:18 | 000,143,836 | -H-- | C] ()
RtNicProp32.dll -> C:\Windows\System32\RtNicProp32.dll -> [2011/03/21 13:22:06 | 000,080,416 | ---- | C] ()
OGACheckControl.dll -> C:\Windows\System32\OGACheckControl.dll -> [2011/03/19 14:26:59 | 000,667,136 | ---- | C] ()
WgaTray.exe -> C:\Windows\System32\WgaTray.exe -> [2011/03/19 14:26:59 | 000,323,072 | ---- | C] ()
WgaLogon.dll -> C:\Windows\System32\WgaLogon.dll -> [2011/03/19 14:26:59 | 000,190,976 | ---- | C] ()
MusiccityDownload.exe -> C:\Windows\MusiccityDownload.exe -> [2011/01/29 17:00:24 | 000,030,568 | ---- | C] ()
cis-2.4.dll -> C:\Windows\System32\cis-2.4.dll -> [2011/01/29 17:00:22 | 000,974,848 | ---- | C] ()
issacapi_bs-2.3.dll -> C:\Windows\System32\issacapi_bs-2.3.dll -> [2011/01/29 17:00:22 | 000,081,920 | ---- | C] ()
issacapi_pe-2.3.dll -> C:\Windows\System32\issacapi_pe-2.3.dll -> [2011/01/29 17:00:22 | 000,065,536 | ---- | C] ()
issacapi_se-2.3.dll -> C:\Windows\System32\issacapi_se-2.3.dll -> [2011/01/29 17:00:22 | 000,057,344 | ---- | C] ()
atiumdva.dat -> C:\Windows\System32\atiumdva.dat -> [2011/01/19 02:29:10 | 003,107,788 | ---- | C] ()
atitmmxx.dll -> C:\Windows\System32\atitmmxx.dll -> [2011/01/19 02:29:10 | 000,159,744 | ---- | C] ()
atiicdxx.dat -> C:\Windows\System32\atiicdxx.dat -> [2011/01/19 02:29:10 | 000,145,050 | ---- | C] ()
WdfCoInstaller01000.dll -> C:\Windows\System32\WdfCoInstaller01000.dll -> [2011/01/19 01:52:40 | 001,060,424 | ---- | C] ()
GDIPFONTCACHEV1.DAT -> C:\Users\Zita\AppData\Local\GDIPFONTCACHEV1.DAT -> [2011/01/18 12:48:56 | 000,111,360 | ---- | C] ()
unrar.dll -> C:\Windows\System32\unrar.dll -> [2011/01/18 12:48:35 | 000,178,176 | ---- | C] ()
avisplitter.ini -> C:\Windows\avisplitter.ini -> [2011/01/18 12:48:35 | 000,000,038 | ---- | C] ()
xvidcore.dll -> C:\Windows\System32\xvidcore.dll -> [2011/01/18 12:48:33 | 000,881,664 | ---- | C] ()
xvidvfw.dll -> C:\Windows\System32\xvidvfw.dll -> [2011/01/18 12:48:33 | 000,205,824 | ---- | C] ()
qt-dx331.dll -> C:\Windows\System32\qt-dx331.dll -> [2011/01/18 12:48:32 | 003,596,288 | ---- | C] ()
ff_vfw.dll -> C:\Windows\System32\ff_vfw.dll -> [2011/01/18 12:48:30 | 000,085,504 | ---- | C] ()
ff_vfw.dll.manifest -> C:\Windows\System32\ff_vfw.dll.manifest -> [2011/01/18 12:48:30 | 000,000,547 | ---- | C] ()
PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2011/01/18 12:38:29 | 001,159,906 | ---- | C] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2009/07/14 01:57:37 | 000,067,584 | --S- | C] ()
GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2009/07/14 01:52:31 | 000,043,318 | ---- | C] ()
GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2009/07/14 01:52:31 | 000,029,779 | ---- | C] ()
GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2009/07/14 01:52:31 | 000,026,489 | ---- | C] ()
GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2009/07/14 01:52:31 | 000,026,040 | ---- | C] ()
FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2009/07/14 01:33:53 | 000,418,408 | ---- | C] ()
perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2009/07/13 23:05:48 | 000,621,012 | ---- | C] ()
perfi009.dat -> C:\Windows\System32\perfi009.dat -> [2009/07/13 23:05:48 | 000,291,294 | ---- | C] ()
perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2009/07/13 23:05:48 | 000,108,232 | ---- | C] ()
perfd009.dat -> C:\Windows\System32\perfd009.dat -> [2009/07/13 23:05:48 | 000,031,548 | ---- | C] ()
NOISE.DAT -> C:\Windows\System32\NOISE.DAT -> [2009/07/13 23:05:05 | 000,000,741 | ---- | C] ()
msdfmap.ini -> C:\Windows\msdfmap.ini -> [2009/07/13 23:04:57 | 000,001,405 | ---- | C] ()
win.ini -> C:\Windows\win.ini -> [2009/07/13 23:04:23 | 000,000,478 | ---- | C] ()
system.ini -> C:\Windows\system.ini -> [2009/07/13 23:04:23 | 000,000,219 | ---- | C] ()
dssec.dat -> C:\Windows\System32\dssec.dat -> [2009/07/13 23:04:11 | 000,215,943 | ---- | C] ()
mib.bin -> C:\Windows\mib.bin -> [2009/07/13 20:55:01 | 000,043,131 | ---- | C] ()
BthpanContextHandler.dll -> C:\Windows\System32\BthpanContextHandler.dll -> [2009/07/13 20:51:43 | 000,073,728 | ---- | C] ()
BWContextHandler.dll -> C:\Windows\System32\BWContextHandler.dll -> [2009/07/13 20:42:10 | 000,064,000 | ---- | C] ()
winver.exe -> C:\Windows\System32\winver.exe -> [2009/07/13 20:41:47 | 000,001,536 | ---- | C] ()
mscdexnt.exe -> C:\Windows\System32\mscdexnt.exe -> [2009/07/13 18:41:05 | 000,000,718 | ---- | C] ()
redir.exe -> C:\Windows\System32\redir.exe -> [2009/07/13 18:41:04 | 000,002,842 | ---- | C] ()
share.exe -> C:\Windows\System32\share.exe -> [2009/07/13 18:41:02 | 000,000,882 | ---- | C] ()
fastopen.exe -> C:\Windows\System32\fastopen.exe -> [2009/07/13 18:41:02 | 000,000,882 | ---- | C] ()
GRAPHICS.COM -> C:\Windows\System32\GRAPHICS.COM -> [2009/07/13 18:41:01 | 000,019,694 | ---- | C] ()
KB16.COM -> C:\Windows\System32\KB16.COM -> [2009/07/13 18:40:59 | 000,014,710 | ---- | C] ()
nlsfunc.exe -> C:\Windows\System32\nlsfunc.exe -> [2009/07/13 18:40:57 | 000,007,052 | ---- | C] ()
LOADFIX.COM -> C:\Windows\System32\LOADFIX.COM -> [2009/07/13 18:40:57 | 000,001,131 | ---- | C] ()
mem.exe -> C:\Windows\System32\mem.exe -> [2009/07/13 18:40:56 | 000,039,274 | ---- | C] ()
setver.exe -> C:\Windows\System32\setver.exe -> [2009/07/13 18:40:54 | 000,011,753 | ---- | C] ()
debug.exe -> C:\Windows\System32\debug.exe -> [2009/07/13 18:40:52 | 000,020,634 | ---- | C] ()
exe2bin.exe -> C:\Windows\System32\exe2bin.exe -> [2009/07/13 18:40:51 | 000,008,424 | ---- | C] ()
edlin.exe -> C:\Windows\System32\edlin.exe -> [2009/07/13 18:40:50 | 000,012,642 | ---- | C] ()
append.exe -> C:\Windows\System32\append.exe -> [2009/07/13 18:40:49 | 000,012,498 | ---- | C] ()
COMMAND.COM -> C:\Windows\System32\COMMAND.COM -> [2009/07/13 18:40:48 | 000,050,648 | ---- | C] ()
country.sys -> C:\Windows\System32\country.sys -> [2009/07/13 18:40:44 | 000,027,097 | ---- | C] ()
KEY01.SYS -> C:\Windows\System32\KEY01.SYS -> [2009/07/13 18:40:43 | 000,042,809 | ---- | C] ()
KEYBOARD.SYS -> C:\Windows\System32\KEYBOARD.SYS -> [2009/07/13 18:40:43 | 000,042,537 | ---- | C] ()
ANSI.SYS -> C:\Windows\System32\ANSI.SYS -> [2009/07/13 18:40:41 | 000,009,029 | ---- | C] ()
HIMEM.SYS -> C:\Windows\System32\HIMEM.SYS -> [2009/07/13 18:40:40 | 000,004,768 | ---- | C] ()
NTDOS412.SYS -> C:\Windows\System32\NTDOS412.SYS -> [2009/07/13 18:40:39 | 000,029,274 | ---- | C] ()
NTDOS411.SYS -> C:\Windows\System32\NTDOS411.SYS -> [2009/07/13 18:40:35 | 000,029,370 | ---- | C] ()
NTDOS404.SYS -> C:\Windows\System32\NTDOS404.SYS -> [2009/07/13 18:40:31 | 000,029,146 | ---- | C] ()
NTDOS804.SYS -> C:\Windows\System32\NTDOS804.SYS -> [2009/07/13 18:40:27 | 000,029,146 | ---- | C] ()
NTDOS.SYS -> C:\Windows\System32\NTDOS.SYS -> [2009/07/13 18:40:23 | 000,027,866 | ---- | C] ()
NTIO412.SYS -> C:\Windows\System32\NTIO412.SYS -> [2009/07/13 18:40:19 | 000,035,536 | ---- | C] ()
NTIO411.SYS -> C:\Windows\System32\NTIO411.SYS -> [2009/07/13 18:40:17 | 000,035,776 | ---- | C] ()
NTIO404.SYS -> C:\Windows\System32\NTIO404.SYS -> [2009/07/13 18:40:15 | 000,034,672 | ---- | C] ()
NTIO804.SYS -> C:\Windows\System32\NTIO804.SYS -> [2009/07/13 18:40:13 | 000,034,672 | ---- | C] ()
NTIO.SYS -> C:\Windows\System32\NTIO.SYS -> [2009/07/13 18:40:11 | 000,033,952 | ---- | C] ()
msjetoledb40.dll -> C:\Windows\System32\msjetoledb40.dll -> [2009/07/13 18:03:59 | 000,364,544 | ---- | C] ()
win87em.dll -> C:\Windows\System32\win87em.dll -> [2009/07/13 17:29:46 | 000,013,312 | ---- | C] ()
edit.com -> C:\Windows\System32\edit.com -> [2009/06/10 18:42:32 | 000,069,886 | ---- | C] ()
tcpmon.ini -> C:\Windows\System32\tcpmon.ini -> [2009/06/10 18:39:59 | 000,060,124 | ---- | C] ()
mlang.dat -> C:\Windows\System32\mlang.dat -> [2009/06/10 18:26:10 | 000,673,088 | ---- | C] ()
TosBtAcc.dll -> C:\Windows\System32\TosBtAcc.dll -> [2006/12/05 13:05:06 | 000,114,688 | ---- | C] ()
TosCommAPI.dll -> C:\Windows\System32\TosCommAPI.dll -> [2005/07/22 21:30:20 | 000,065,536 | ---- | C] ()

[File - Lop Check]
AVG10 -> C:\Users\Zita\AppData\Roaming\AVG10 -> [2011/01/26 10:43:09 | 000,000,000 | ---D | M]
Desktopicon -> C:\Users\Zita\AppData\Roaming\Desktopicon -> [2011/03/13 02:33:04 | 000,000,000 | ---D | M]
EurekaLog -> C:\Users\Zita\AppData\Roaming\EurekaLog -> [2011/08/17 03:09:22 | 000,000,000 | ---D | M]
iPodder -> C:\Users\Zita\AppData\Roaming\iPodder -> [2011/02/27 15:35:26 | 000,000,000 | ---D | M]
Kazaa Lite -> C:\Users\Zita\AppData\Roaming\Kazaa Lite -> [2011/01/26 15:38:19 | 000,000,000 | ---D | M]
MediaMonkey -> C:\Users\Zita\AppData\Roaming\MediaMonkey -> [2011/08/17 03:10:23 | 000,000,000 | ---D | M]
RadarSync -> C:\Users\Zita\AppData\Roaming\RadarSync -> [2011/04/06 01:03:05 | 000,000,000 | ---D | M]
Samsung -> C:\Users\Zita\AppData\Roaming\Samsung -> [2011/04/06 03:57:26 | 000,000,000 | ---D | M]
Shareaza -> C:\Users\Zita\AppData\Roaming\Shareaza -> [2011/03/13 10:57:25 | 000,000,000 | ---D | M]
Uniblue -> C:\Users\Zita\AppData\Roaming\Uniblue -> [2011/01/26 11:35:54 | 000,000,000 | ---D | M]
VIVO INTERNET -> C:\Users\Zita\AppData\Roaming\VIVO INTERNET -> [2011/05/27 14:52:54 | 000,000,000 | ---D | M]
SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2011/06/25 22:23:22 | 000,032,610 | ---- | M] ()

[File - Purity Scan]

[Custom Scans]
< %ALLUSERSPROFILE%\*.* >
< %ALLUSERSPROFILE%\Dados de aplicativos\* >
< %ALLUSERSPROFILE%\Dados de aplicativos\*.* >
< %ALLUSERSPROFILE%\Menu Iniciar\Programas\Inicializar\*.* >
< %APPDATA%\* >
burnaware.ini -> C:\Users\Zita\AppData\Roaming\burnaware.ini -> [2011/04/14 19:00:21 | 000,000,040 | ---- | M] ()
< %APPDATA%\*.* >
burnaware.ini -> C:\Users\Zita\AppData\Roaming\burnaware.ini -> [2011/04/14 19:00:21 | 000,000,040 | ---- | M] ()
< %LOCALAPPDATA%\*.* >
GDIPFONTCACHEV1.DAT -> C:\Users\Zita\AppData\Local\GDIPFONTCACHEV1.DAT -> [2011/08/17 02:58:46 | 000,111,360 | ---- | M] ()
IconCache.db -> C:\Users\Zita\AppData\Local\IconCache.db -> [2011/09/21 09:49:49 | 002,239,687 | -H-- | M] ()
PrimoBurnerMM.log -> C:\Users\Zita\AppData\Local\PrimoBurnerMM.log -> [2011/08/17 03:08:33 | 000,013,975 | ---- | M] ()
resmon.resmoncfg -> C:\Users\Zita\AppData\Local\resmon.resmoncfg -> [2011/04/15 05:04:36 | 000,007,597 | ---- | M] ()
< %SYSTEMDRIVE%\* >
autoexec.bat -> C:\autoexec.bat -> [2009/06/10 18:42:20 | 000,000,024 | ---- | M] ()
bootmgr -> C:\bootmgr -> [2011/08/17 00:59:23 | 000,383,786 | RHS- | M] ()
BOOTSECT.BAK -> C:\BOOTSECT.BAK -> [2011/01/18 18:26:23 | 000,008,192 | RHS- | M] ()
config.sys -> C:\config.sys -> [2009/06/10 18:42:20 | 000,000,010 | ---- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2011/09/21 10:23:36 | 1609,375,744 | -HS- | M] ()
IO.SYS -> C:\IO.SYS -> [2011/07/10 21:20:27 | 000,000,000 | RHS- | M] ()
MMiPodExcept.log -> C:\MMiPodExcept.log -> [2011/08/17 03:08:37 | 000,000,000 | ---- | M] ()
MMWMDMExcept.log -> C:\MMWMDMExcept.log -> [2011/08/17 03:08:38 | 000,000,000 | ---- | M] ()
MSDOS.SYS -> C:\MSDOS.SYS -> [2011/07/10 21:20:27 | 000,000,000 | RHS- | M] ()
pagefile.sys -> C:\pagefile.sys -> [2011/09/21 10:23:40 | 2145,837,056 | -HS- | M] ()
VZOSF -> C:\VZOSF -> [2011/02/25 22:10:54 | 000,385,741 | RHS- | M] ()
w7lxe.exe -> C:\w7lxe.exe -> [2010/05/22 07:58:47 | 028,135,936 | ---- | M] ()
win7.ld -> C:\win7.ld -> [2011/02/25 22:10:54 | 000,000,020 | RHS- | M] ()
< %SYSTEMDRIVE%\*.* >
autoexec.bat -> C:\autoexec.bat -> [2009/06/10 18:42:20 | 000,000,024 | ---- | M] ()
bootmgr -> C:\bootmgr -> [2011/08/17 00:59:23 | 000,383,786 | RHS- | M] ()
BOOTSECT.BAK -> C:\BOOTSECT.BAK -> [2011/01/18 18:26:23 | 000,008,192 | RHS- | M] ()
config.sys -> C:\config.sys -> [2009/06/10 18:42:20 | 000,000,010 | ---- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2011/09/21 10:23:36 | 1609,375,744 | -HS- | M] ()
IO.SYS -> C:\IO.SYS -> [2011/07/10 21:20:27 | 000,000,000 | RHS- | M] ()
MMiPodExcept.log -> C:\MMiPodExcept.log -> [2011/08/17 03:08:37 | 000,000,000 | ---- | M] ()
MMWMDMExcept.log -> C:\MMWMDMExcept.log -> [2011/08/17 03:08:38 | 000,000,000 | ---- | M] ()
MSDOS.SYS -> C:\MSDOS.SYS -> [2011/07/10 21:20:27 | 000,000,000 | RHS- | M] ()
pagefile.sys -> C:\pagefile.sys -> [2011/09/21 10:23:40 | 2145,837,056 | -HS- | M] ()
VZOSF -> C:\VZOSF -> [2011/02/25 22:10:54 | 000,385,741 | RHS- | M] ()
w7lxe.exe -> C:\w7lxe.exe -> [2010/05/22 07:58:47 | 028,135,936 | ---- | M] ()
win7.ld -> C:\win7.ld -> [2011/02/25 22:10:54 | 000,000,020 | RHS- | M] ()
< %USERPROFILE%\*.* >
ntuser.dat -> C:\Users\Zita\ntuser.dat -> [2011/09/21 19:59:20 | 002,359,296 | -HS- | M] ()
ntuser.dat.LOG1 -> C:\Users\Zita\ntuser.dat.LOG1 -> [2011/09/21 19:59:20 | 000,262,144 | -HS- | M] ()
ntuser.dat.LOG2 -> C:\Users\Zita\ntuser.dat.LOG2 -> [2011/01/18 12:34:18 | 000,000,000 | -HS- | M] ()
ntuser.dat{401b946d-2926-11e0-a483-001bfbcdc073}.TM.blf -> C:\Users\Zita\ntuser.dat{401b946d-2926-11e0-a483-001bfbcdc073}.TM.blf -> [2011/01/26 10:29:42 | 000,065,536 | -HS- | M] ()
ntuser.dat{401b946d-2926-11e0-a483-001bfbcdc073}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Zita\ntuser.dat{401b946d-2926-11e0-a483-001bfbcdc073}.TMContainer00000000000000000001.regtrans-ms -> [2011/01/26 10:29:41 | 000,524,288 | -HS- | M] ()
ntuser.dat{401b946d-2926-11e0-a483-001bfbcdc073}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Zita\ntuser.dat{401b946d-2926-11e0-a483-001bfbcdc073}.TMContainer00000000000000000002.regtrans-ms -> [2011/01/26 10:29:42 | 000,524,288 | -HS- | M] ()
NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf -> C:\Users\Zita\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf -> [2011/01/18 13:17:19 | 000,065,536 | -HS- | M] ()
NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Zita\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms -> [2011/01/18 13:17:19 | 000,524,288 | -HS- | M] ()
NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Zita\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms -> [2011/01/18 13:17:19 | 000,524,288 | -HS- | M] ()
ntuser.dat{7a41749c-294f-11e0-878d-001bfbcdc073}.TM.blf -> C:\Users\Zita\ntuser.dat{7a41749c-294f-11e0-878d-001bfbcdc073}.TM.blf -> [2011/01/26 20:55:08 | 000,065,536 | -HS- | M] ()
ntuser.dat{7a41749c-294f-11e0-878d-001bfbcdc073}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Zita\ntuser.dat{7a41749c-294f-11e0-878d-001bfbcdc073}.TMContainer00000000000000000001.regtrans-ms -> [2011/01/26 20:55:07 | 000,524,288 | -HS- | M] ()
ntuser.dat{7a41749c-294f-11e0-878d-001bfbcdc073}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Zita\ntuser.dat{7a41749c-294f-11e0-878d-001bfbcdc073}.TMContainer00000000000000000002.regtrans-ms -> [2011/01/26 20:55:08 | 000,524,288 | -HS- | M] ()
ntuser.dat{930630ec-c875-11e0-ad00-001a80421186}.TM.blf -> C:\Users\Zita\ntuser.dat{930630ec-c875-11e0-ad00-001a80421186}.TM.blf -> [2011/08/17 00:45:54 | 000,065,536 | -HS- | M] ()
ntuser.dat{930630ec-c875-11e0-ad00-001a80421186}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Zita\ntuser.dat{930630ec-c875-11e0-ad00-001a80421186}.TMContainer00000000000000000001.regtrans-ms -> [2011/08/17 00:45:54 | 000,524,288 | -HS- | M] ()
ntuser.dat{930630ec-c875-11e0-ad00-001a80421186}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Zita\ntuser.dat{930630ec-c875-11e0-ad00-001a80421186}.TMContainer00000000000000000002.regtrans-ms -> [2011/08/17 00:45:54 | 000,524,288 | -HS- | M] ()
ntuser.dat{bfa49c69-6013-11e0-b0ba-001bfbcdc073}.TM.blf -> C:\Users\Zita\ntuser.dat{bfa49c69-6013-11e0-b0ba-001bfbcdc073}.TM.blf -> [2011/04/06 04:27:53 | 000,065,536 | -HS- | M] ()
ntuser.dat{bfa49c69-6013-11e0-b0ba-001bfbcdc073}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Zita\ntuser.dat{bfa49c69-6013-11e0-b0ba-001bfbcdc073}.TMContainer00000000000000000001.regtrans-ms -> [2011/04/06 04:27:53 | 000,524,288 | -HS- | M] ()
ntuser.dat{bfa49c69-6013-11e0-b0ba-001bfbcdc073}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Zita\ntuser.dat{bfa49c69-6013-11e0-b0ba-001bfbcdc073}.TMContainer00000000000000000002.regtrans-ms -> [2011/04/06 04:27:53 | 000,524,288 | -HS- | M] ()
ntuser.dat{c927a6c8-6006-11e0-a3cd-001a80421186}.TM.blf -> C:\Users\Zita\ntuser.dat{c927a6c8-6006-11e0-a3cd-001a80421186}.TM.blf -> [2011/04/06 03:03:59 | 000,065,536 | -HS- | M] ()
ntuser.dat{c927a6c8-6006-11e0-a3cd-001a80421186}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Zita\ntuser.dat{c927a6c8-6006-11e0-a3cd-001a80421186}.TMContainer00000000000000000001.regtrans-ms -> [2011/04/06 03:03:59 | 000,524,288 | -HS- | M] ()
ntuser.dat{c927a6c8-6006-11e0-a3cd-001a80421186}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Zita\ntuser.dat{c927a6c8-6006-11e0-a3cd-001a80421186}.TMContainer00000000000000000002.regtrans-ms -> [2011/04/06 03:03:59 | 000,524,288 | -HS- | M] ()
ntuser.dat{f13355be-be96-11e0-af18-001a80421186}.TM.blf -> C:\Users\Zita\ntuser.dat{f13355be-be96-11e0-af18-001a80421186}.TM.blf -> [2011/08/05 01:24:03 | 000,065,536 | -HS- | M] ()
ntuser.dat{f13355be-be96-11e0-af18-001a80421186}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Zita\ntuser.dat{f13355be-be96-11e0-af18-001a80421186}.TMContainer00000000000000000001.regtrans-ms -> [2011/08/05 01:24:03 | 000,524,288 | -HS- | M] ()
ntuser.dat{f13355be-be96-11e0-af18-001a80421186}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Zita\ntuser.dat{f13355be-be96-11e0-af18-001a80421186}.TMContainer00000000000000000002.regtrans-ms -> [2011/08/05 01:24:03 | 000,524,288 | -HS- | M] ()
ntuser.dat{fa8f7948-5fe9-11e0-9118-001a80421186}.TM.blf -> C:\Users\Zita\ntuser.dat{fa8f7948-5fe9-11e0-9118-001a80421186}.TM.blf -> [2011/04/06 01:17:25 | 000,065,536 | -HS- | M] ()
ntuser.dat{fa8f7948-5fe9-11e0-9118-001a80421186}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Zita\ntuser.dat{fa8f7948-5fe9-11e0-9118-001a80421186}.TMContainer00000000000000000001.regtrans-ms -> [2011/04/06 01:17:25 | 000,524,288 | -HS- | M] ()
ntuser.dat{fa8f7948-5fe9-11e0-9118-001a80421186}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Zita\ntuser.dat{fa8f7948-5fe9-11e0-9118-001a80421186}.TMContainer00000000000000000002.regtrans-ms -> [2011/04/06 01:17:25 | 000,524,288 | -HS- | M] ()
ntuser.ini -> C:\Users\Zita\ntuser.ini -> [2011/01/18 12:34:19 | 000,000,020 | -HS- | M] ()

[Alternate Data Streams]
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:DBC416F8
@Alternate Data Stream - 16 bytes -> C:\Users\Zita\Downloads:Shareaza.GUID
@Alternate Data Stream - 2 bytes -> C:\Windows\System32:17E7EF84_Bb.gbp
@Alternate Data Stream - 204 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst
< End of report >

 

Valeu

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

Você usou o HostsXpert antes de postar?

 

Seu log está limpo.

 

O problema foi resolvido?

 

1.

*Delete o Bankerfix e a pasta C:\LinhaDefensiva

 

2.

*Execute o OTS, clique [CleanUp] > [Yes]

*O PC será reiniciado

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito