Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

leandro aislan

[Resolvido] &nbspAnálise de log

Recommended Posts

Bom dia, estou tendo problemas em acesar a pagina do banco, por isso gostaria que analizassem meu log.

No aguardo

Obrigado

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:14:16, on 17/10/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

c:\program files (x86)\common files\installshield\updateservice\isuspm.exe

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Asafer\AppData\Local\Temp\Temporary Internet Files\Content.IE5\XVJ4WSDC\HijackThis.exe

C:\Users\Asafer\AppData\Local\Temp\Temporary Internet Files\Content.IE5\W4LQJXNU\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/3

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/3

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehCef.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~2\GbPlugin\gbiehuni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [iSUSPM Startup] "c:\Program Files (x86)\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.itau.com.br/itau/gbplugin/gbplugin2/cab/GbPluginUni.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~2\GbPlugin\gbiehUni.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 12948 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá leandro aislan

 

Explique melhor...

 

Qual a dificuldade?

Qual o banco?

Qual o seu navegador?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa beleza, então

Não sei não consigo entrar, quando liguei no suporte tecnico falaram que poderia ser virus apenas....

Banco do brasil,

 

Quando entro com minha senha e login dá que os dados não conferem.

Internet Explorer 9

Por isso gostaria de uma a~´alise em meu log.

Obrigado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

1.

*Baixe o Bankerfix e salve-o no desktop

*Execute-o, clique [OK] > [sIM] (se pedir alguma atualização) > [OK] > [ENTER]

*Ao finalizar, tecle [ENTER]

*Cole o relatório C:\LinhaDefensiva\relatorio.txt

 

2.

*Abra o Malwarebytes, clique [Atualização] > [baixar Atualizações]

*Na aba [Verificação], selecione Verificação completa

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Conforme solicitado segue....

 

 

BankerFix 3.1 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2011-10-17 - 15:12

-------------------------------------------------------

Lista de Definição: 2011-08-28-1 | CORE: 2010-12-28-6

=======================================================

 

 

----- Fim -------------------------

 

 

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

 

Versão da Base de Dados: 7944

 

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

 

17/10/2011 16:03:58

mbam-log-2011-10-17 (16-03-58).txt

 

Tipo de Verificação: Verificação Completa (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)

Objetos escaneados: 364789

Tempo decorrido: 48 minuto(s), 33 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 0

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

(Não foram detectados ítens maliciosos)

Compartilhar este post


Link para o post
Compartilhar em outros sites

1.

*Delete o Bankerfix e a pasta C:\LinhaDefensiva

 

2.

*Baixe o OTS e salve-o no desktop

*Execute-o e selecione as opções:

Scan All Users

Company Name

Skip Microsoft

 

*Em Additional Scans selecione:

Reg - NetSvcs

File - Lop Check

File - Purity Scan

 

*Selecione, copie, e cole o código no espaço abaixo de Custom Scans:

%ALLUSERSPROFILE%\Menu Iniciar\Programas\Inicializar\*.*

%APPDATA%\*

%APPDATA%\*.*

%APPDATA%\Update\*.*

%CommonAppData%\*.*

%LOCALAPPDATA%\*.*

%PROGRAMFILES(X86)%\Internet Explorer\*.*

%SYSTEMDRIVE%\*

%SYSTEMDRIVE%\*.*

%USERPROFILE%\*.*

CREATERESTOREPOINT

*Clique [Run Scan]

*Cole o relatório apresentado

 

Caso o relatório fique demasiadamente grande...

 

*Acesse este link

*Selecione 4 jours

*Clique [Enviar arquivo]

*Localize o arquivo OTS.txt no desktop

*Clique [Abrir] > [Créer le lien Cjoint]

*Cole o endereço criado

Compartilhar este post


Link para o post
Compartilhar em outros sites
OTS logfile created on: 17/10/2011 16:39:54 - Run 1
OTS by OldTimer - Version 3.1.46.0     Folder = C:\Users\Asafer\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 28,00% Memory free
7,00 Gb Paging File | 4,00 Gb Available in Paging File | 57,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921,62 Gb Total Space | 873,19 Gb Free Space | 94,75% Space Free | Partition Type: NTFS
Drive D: | 9,80 Gb Total Space | 1,19 Gb Free Space | 12,14% Space Free | Partition Type: NTFS
Drive E: | 625,07 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ASAFER-HP
Current User Name: Asafer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days

[Processes - Safe List]
hasplms.exe ->  -> File not found
ots.exe -> C:\Users\Asafer\Downloads\OTS.exe -> [2011/10/17 16:36:29 | 000,646,144 | ---- | M] (OldTimer Tools)
flashutil10x_activex.exe -> C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_ActiveX.exe -> [2011/10/03 08:53:18 | 000,243,360 | ---- | M] (Adobe Systems, Inc.)
mbamgui.exe -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe -> [2011/08/31 18:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation)
mbamservice.exe -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -> [2011/08/31 18:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation)
teamviewer_service.exe -> C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -> [2011/08/30 14:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH)
plusservice.exe -> C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe -> [2011/08/14 11:27:01 | 000,800,768 | ---- | M] (Yuna Software)
gbpsv.exe -> C:\PROGRA~2\GbPlugin\GbpSv.exe -> [2011/08/08 12:23:18 | 000,208,672 | ---- | M] ( )
ccsvchst.exe -> C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe -> [2011/08/04 02:18:43 | 000,126,400 | R--- | M] (Symantec Corporation)
hpdrvmntsvc.exe -> C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -> [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company)
smartmenu.exe -> C:\Arquivos de Programas\Hewlett-Packard\HP MediaSmart\SmartMenu.exe -> [2010/01/18 11:21:08 | 000,568,888 | ---- | M] ()
iastordatamgrsvc.exe -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -> [2010/01/15 13:41:30 | 000,013,336 | ---- | M] (Intel Corporation)
iastoricon.exe -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe -> [2010/01/15 13:41:28 | 000,284,696 | ---- | M] (Intel Corporation)
hpsysdrv.exe -> C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe -> [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard)
agent.exe -> C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe -> [2005/08/11 17:30:30 | 000,618,496 | ---- | M] (Macrovision Corporation)

[Modules - No Company Name]
system.runtime.remoting.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll -> [2011/10/14 08:56:51 | 000,771,584 | ---- | M] ()
system.windows.forms.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll -> [2011/10/14 08:56:32 | 012,433,408 | ---- | M] ()
system.drawing.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll -> [2011/10/14 08:56:27 | 001,587,200 | ---- | M] ()
windowsbase.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll -> [2011/10/14 08:56:18 | 003,347,968 | ---- | M] ()
system.xml.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll -> [2011/10/14 08:56:14 | 005,453,312 | ---- | M] ()
system.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll -> [2011/10/14 08:56:11 | 007,963,648 | ---- | M] ()
system.configuration.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll -> [2011/10/14 08:56:11 | 000,971,264 | ---- | M] ()
mscorlib.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll -> [2011/10/14 08:56:07 | 011,490,304 | ---- | M] ()
detour32.dll -> C:\Program Files (x86)\Yuna Software\Messenger Plus!\Detour32.dll -> [2011/08/09 11:57:46 | 000,004,096 | ---- | M] ()
office.odf -> C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf -> [2011/03/17 01:11:16 | 004,297,568 | ---- | M] ()
lame_enc.dll -> C:\Program Files (x86)\Yuna Software\Messenger Plus!\lame_enc.dll -> [2011/03/02 12:11:33 | 000,390,656 | ---- | M] ()
libsndfile.dll -> C:\Program Files (x86)\Yuna Software\Messenger Plus!\libsndfile.dll -> [2011/03/02 12:11:22 | 000,370,688 | ---- | M] ()
mscorlib.resources.dll -> C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll -> [2010/11/12 22:33:11 | 000,303,104 | ---- | M] ()
smartmenu.exe -> C:\Arquivos de Programas\Hewlett-Packard\HP MediaSmart\SmartMenu.exe -> [2010/01/18 11:21:08 | 000,568,888 | ---- | M] ()

[Win32 Services - Safe List]
64bit-(FLEXnet Licensing Service 64)  [On_Demand | Running] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -> [2011/09/01 09:35:56 | 001,436,424 | ---- | M] (Acresso Software Inc.)
64bit-(hasplms)  [Auto | Running] -> C:\Windows\SysNative\hasplms.exe -> [2010/09/27 17:42:04 | 004,180,576 | ---- | M] (SafeNet Inc.)
(MBAMService) MBAMService [Auto | Running] -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -> [2011/08/31 18:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation)
(KMService) KMService [Auto | Stopped] -> C:\Windows\SysWOW64\srvany.exe -> [2011/08/31 10:57:53 | 000,008,192 | ---- | M] ()
(TeamViewer6) TeamViewer 6 [Auto | Running] -> C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -> [2011/08/30 14:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH)
(GbpSv) Gbp Service [unknown | Running] -> C:\PROGRA~2\GbPlugin\GbpSv.exe -> [2011/08/08 12:23:18 | 000,208,672 | ---- | M] ( )
(NIS) Norton Internet Security [unknown | Running] -> C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe -> [2011/08/04 02:18:43 | 000,126,400 | R--- | M] (Symantec Corporation)
(HP Support Assistant Service) HP Support Assistant Service [Auto | Running] -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -> [2011/06/21 16:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company)
(HPDrvMntSvc.exe) HP Quick Synchronization Service [Auto | Running] -> C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -> [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company)
(HPSLPSVC) HP Network Devices Support [Auto | Running] -> C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -> [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.)
(clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)
(IAStorDataMgrSvc) Intel(R) Rapid Storage Technology [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -> [2010/01/15 13:41:30 | 000,013,336 | ---- | M] (Intel Corporation)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 19:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
64bit-(MBAMProtector) MBAMProtector [File_System | On_Demand | Running] -> C:\Windows\SysNative\drivers\mbam.sys -> [2011/08/31 18:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation)
64bit-(SymEvent) SymEvent [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -> [2011/08/31 11:10:47 | 000,173,104 | ---- | M] (Symantec Corporation)
64bit-(SYMTDIv) Symantec Vista Network Dispatch Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NISx64\1109000.00C\symtdiv.sys -> [2011/08/22 00:53:36 | 000,451,704 | ---- | M] (Symantec Corporation)
64bit-(SymEFA) Symantec Extended File Attributes [File_System | Boot | Running] -> C:\Windows\SysNative\drivers\NISx64\1109000.00C\symefa64.sys -> [2011/08/22 00:53:35 | 000,221,304 | ---- | M] (Symantec Corporation)
64bit-(ccHP) Symantec Hash Provider [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NISx64\1109000.00C\cchpx64.sys -> [2011/08/04 02:19:26 | 000,593,544 | ---- | M] (Symantec Corporation)
64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2011/03/11 04:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices)
64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2011/03/11 04:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices)
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2010/11/20 11:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company)
64bit-(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbFlt.sys -> [2010/11/20 09:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation)
64bit-(akshasp) SafeNet Inc. HASP Key [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\akshasp.sys -> [2010/09/27 17:42:04 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.)
64bit-(aksusb) SafeNet Inc. USB Key [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\aksusb.sys -> [2010/09/27 17:42:00 | 000,025,344 | ---- | M] (Aladdin Knowledge Systems Ltd.)
64bit-(akshhl) SafeNet Inc. Sentinel HASP Key [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\akshhl.sys -> [2010/09/27 17:41:58 | 000,056,960 | ---- | M] (Aladdin Knowledge Systems Ltd.)
64bit-(SymIM) Symantec Network Security Intermediate Filter Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\SymIMV.sys -> [2010/05/06 02:01:44 | 000,053,808 | R--- | M] (Symantec Corporation)
64bit-(SymIRON) Symantec Iron Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NISx64\1109000.00C\ironx64.sys -> [2010/04/29 03:03:51 | 000,150,064 | ---- | M] (Symantec Corporation)
64bit-(SRTSP) Symantec Real Time Storage Protection x64 [File_System | On_Demand | Running] -> C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtsp64.sys -> [2010/04/22 00:29:51 | 000,505,392 | ---- | M] (Symantec Corporation)
64bit-(SRTSPX) Symantec Real Time Storage Protection (PEL) x64 [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtspx64.sys -> [2010/04/22 00:29:51 | 000,032,304 | ---- | M] (Symantec Corporation)
64bit-(RTL8167) Realtek 8167 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Rt64win7.sys -> [2010/03/04 12:43:00 | 000,346,144 | ---- | M] (Realtek                                            )
64bit-(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iaStor.sys -> [2010/01/15 18:22:08 | 000,538,136 | ---- | M] (Intel Corporation)
64bit-(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\igdkmd64.sys -> [2010/01/08 02:32:22 | 007,841,568 | ---- | M] (Intel Corporation)
64bit-(Impcd) Impcd [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\Impcd.sys -> [2009/10/26 02:39:42 | 000,151,936 | ---- | M] (Intel Corporation)
64bit-(HECIx64) Intel(R) Management Engine Interface [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\HECIx64.sys -> [2009/09/17 18:54:54 | 000,056,344 | ---- | M] (Intel Corporation)
64bit-(SymDS) Symantec Data Store [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\NISx64\1109000.00C\symds64.sys -> [2009/08/29 22:17:18 | 000,433,200 | R--- | M] (Symantec Corporation)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 23:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 23:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 23:45:55 | 000,024,656 | ---- | M] (Promise Technology)
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 18:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 18:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 18:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 18:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
64bit-(hardlock) hardlock [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\hardlock.sys -> [2007/08/06 15:32:42 | 000,314,880 | ---- | M] (Aladdin Knowledge Systems Ltd.)
64bit-(aksdf) aksdf [Kernel | Auto | Stopped] -> C:\Windows\SysNative\drivers\aksdf.sys -> [2007/08/06 15:32:42 | 000,066,432 | ---- | M] (Aladdin Knowledge Systems Ltd.)
64bit-(aksfridge) Sentinel HASP Fridge [Kernel | Auto | Stopped] -> C:\Windows\SysNative\drivers\aksfridge.sys -> [2007/05/28 10:05:04 | 000,121,088 | ---- | M] (Aladdin Knowledge Systems Ltd.)
(BHDrvx64) BHDrvx64 [Kernel | System | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110929.001\BHDrvx64.sys -> [2011/09/29 19:35:09 | 001,152,632 | ---- | M] (Symantec Corporation)
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20111017.003\EX64.SYS -> [2011/08/31 11:19:27 | 002,048,632 | ---- | M] (Symantec Corporation)
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -> [2011/08/31 11:19:27 | 000,481,912 | ---- | M] (Symantec Corporation)
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2011/08/31 11:19:27 | 000,136,824 | ---- | M] (Symantec Corporation)
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20111017.003\ENG64.SYS -> [2011/08/31 11:19:27 | 000,117,880 | ---- | M] (Symantec Corporation)
(IDSVia64) IDSVia64 [Kernel | System | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20111014.031\IDSviA64.sys -> [2011/08/30 14:19:26 | 000,488,568 | ---- | M] (Symantec Corporation)
(GbpKm) Gbp KernelMode [Kernel | Boot | Stopped] -> C:\Windows\system32\drivers\gbpkm.sys -> [2011/08/08 12:23:42 | 000,044,064 | ---- | M] (GAS Tecnologia)
(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\wimmount.sys -> [2009/07/13 23:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation)

[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://g.msn.com/HPCON/3 -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://g.msn.com/HPCON/3 -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://g.msn.com/HPCON/3 -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://g.msn.com/HPCON/3 -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\] > -> -> 
HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\: Main\\"Default_Page_URL" -> http://g.msn.com/HPCON/3 -> 
HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\: Main\\"Start Page" -> http://g.msn.com/HPCON/3 -> 
HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Users\Asafer\AppData\Roaming\Mozilla\FireFox\Profiles\5r2g6265.default\prefs.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB} -> C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN\ [C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN\] -> [2011/09/02 08:44:11 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com -> C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3 [C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3] -> [2011/08/31 12:14:19 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6 [C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN_2010_9_0_6] -> [2011/10/17 07:46:59 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 6.0.2\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2011/09/30 14:52:00 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS -> 
< FireFox Extensions [user Folders] > -> 
 -> C:\Users\Asafer\AppData\Roaming\mozilla\Extensions -> [2011/08/31 11:07:43 | 000,000,000 | ---D | M]
 -> C:\Users\Asafer\AppData\Roaming\mozilla\Firefox\Profiles\5r2g6265.default\extensions -> [2011/09/05 10:20:23 | 000,000,000 | ---D | M]
 -> C:\Users\Asafer\AppData\Roaming\mozilla\Firefox\Profiles\5r2g6265.default\extensions\ffxtlbr@babylon.com -> [2011/09/05 10:20:24 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [user Folders] > -> 
< FireFox Extensions [Program Folders] > -> 
 -> C:\Program Files (x86)\mozilla firefox\extensions -> [2011/09/02 09:52:21 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} -> [2011/09/02 09:52:22 | 000,000,000 | ---D | M]
Norton IPS -> C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN -> [2011/09/02 08:44:11 | 000,000,000 | ---D | M]
Babylon -> C:\USERS\ASAFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5R2G6265.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM -> [2011/09/05 10:20:24 | 000,000,000 | ---D | M]
< FireFox Components [Program Folders] > -> 
FFHst.dll -> C:\USERS\ASAFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5R2G6265.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM\components\FFHst.dll -> [2011/08/02 13:05:52 | 000,474,112 | ---- | M] (Babylon Ltd.)
< HOSTS File > ([2011/10/17 08:34:21 | 000,000,698 | ---- | M] - 20 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 
Reset Hosts
127.0.0.1 localhost
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL [Groove GFS Browser Helper] -> [2011/06/12 12:43:26 | 006,721,936 | ---- | M] (Microsoft Corporation)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live ID Sign-in Helper] -> [2011/03/28 22:14:36 | 000,529,280 | ---- | M] (Microsoft Corp.)
{B4F3A835-0E21-4959-BA22-42B3008E02FF} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL [Office Document Cache Handler] -> [2010/12/21 04:49:28 | 000,689,040 | ---- | M] (Microsoft Corporation)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll [symantec NCO BHO] -> [2011/07/13 17:05:28 | 000,419,768 | R--- | M] (Symantec Corporation)
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKLM] -> C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL [symantec Intrusion Prevention] -> [2010/05/13 23:41:20 | 000,079,224 | R--- | M] (Symantec Corporation)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [Groove GFS Browser Helper] -> [2011/06/12 12:15:00 | 004,221,328 | ---- | M] (Microsoft Corporation)
{B4F3A835-0E21-4959-BA22-42B3008E02FF} [HKLM] -> C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [Office Document Cache Handler] -> [2010/12/21 02:05:22 | 000,561,552 | ---- | M] (Microsoft Corporation)
{C41A1C0E-EA6C-11D4-B1B8-444553540000} [HKLM] -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [GbIehObj Class] -> [2011/09/15 10:25:56 | 001,719,584 | ---- | M] (Banco do Brasil)
{C41A1C0E-EA6C-11D4-B1B8-444553540003} [HKLM] -> C:\Program Files (x86)\GbPlugin\gbiehCef.dll [GbIehObj Class] -> [2011/04/18 16:12:24 | 000,496,072 | ---- | M] (Caixa Economica Federal)
{C41A1C0E-EA6C-11D4-B1B8-444553540008} [HKLM] -> C:\PROGRA~2\GbPlugin\gbiehuni.dll [GbIehObj Class] -> [2011/04/26 11:38:10 | 000,505,336 | ---- | M] (Banco Unibanco)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll [Norton Toolbar] -> [2011/07/13 17:05:28 | 000,419,768 | R--- | M] (Symantec Corporation)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\] > -> HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll [Norton Toolbar] -> [2011/07/13 17:05:28 | 000,419,768 | R--- | M] (Symantec Corporation)
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"HotKeysCmds" -> C:\Windows\SysNative\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> [2010/02/01 04:06:58 | 000,390,680 | ---- | M] (Intel Corporation)
"hpsysdrv" -> c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe] -> [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard)
"IgfxTray" -> C:\Windows\SysNative\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> [2010/01/08 02:42:52 | 000,166,424 | ---- | M] (Intel Corporation)
"Persistence" -> C:\Windows\SysNative\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> [2010/02/01 04:07:18 | 000,410,136 | ---- | M] (Intel Corporation)
"SmartMenu" -> C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background] -> [2010/01/18 11:21:08 | 000,568,888 | ---- | M] ()
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"IAStorIcon" -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe] -> [2010/01/15 13:41:28 | 000,284,696 | ---- | M] (Intel Corporation)
"Malwarebytes' Anti-Malware" -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe ["C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray] -> [2011/08/31 18:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation)
"PlusService" -> C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe [C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe] -> [2011/08/14 11:27:01 | 000,800,768 | ---- | M] (Yuna Software)
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2010/11/20 10:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation)
< RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"mctadmin" ->  [C:\Windows\System32\mctadmin.exe] -> File not found
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2010/11/20 10:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation)
< RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"mctadmin" ->  [C:\Windows\System32\mctadmin.exe] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" ->  [1] -> File not found
\\"NoActiveDesktopChanges" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [5] -> File not found
\\"ConsentPromptBehaviorUser" ->  [3] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000] > -> HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< 64bit-Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\] > -> HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&Enviar para o OneNote -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll [res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105] -> [2010/12/21 07:00:08 | 000,804,752 | ---- | M] (Microsoft Corporation)
E&xportar para o Microsoft Excel -> C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE [res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000] -> [2011/07/20 16:42:26 | 028,252,000 | ---- | M] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\] > -> HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&Enviar para o OneNote -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll [res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105] -> [2010/12/21 07:00:08 | 000,804,752 | ---- | M] (Microsoft Corporation)
E&xportar para o Microsoft Excel -> C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE [res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000] -> [2011/07/20 16:42:26 | 028,252,000 | ---- | M] (Microsoft Corporation)
< 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll [button: Enviar para o OneNote] -> [2010/12/21 07:00:08 | 000,804,752 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll [Menu: &Enviar para o OneNote] -> [2010/12/21 07:00:08 | 000,804,752 | ---- | M] (Microsoft Corporation)
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [button: &Anotações Vinculadas do OneNote] -> [2010/12/21 07:00:08 | 000,595,344 | ---- | M] (Microsoft Corporation)
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [Menu: &Anotações Vinculadas do OneNote] -> [2010/12/21 07:00:08 | 000,595,344 | ---- | M] (Microsoft Corporation)
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\] > -> HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> 
www_bb.com.br [*] -> Sites confiáveis -> 
caixa.gov.br .[https] -> Sites confiáveis -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\] > -> HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< 64bit-Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab [Java Plug-in 1.6.0_27] -> 
{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab [Java Plug-in 1.6.0_27] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab [Reg Error: Key error.] -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab [Java Plug-in 1.6.0_26] -> 
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab [Java Plug-in 1.6.0_26] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab [Java Plug-in 1.6.0_26] -> 
{E37CB5F0-51F5-4395-A808-5FA49E399008} [HKLM] -> https://clickbanking.itau.com.br/itau/gbplugin/gbplugin2/cab/GbPluginUni.cab [GbPluginObj Class] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{776A8908-6E25-4400-A29E-2D924479921A}\\DhcpNameServer -> 192.168.1.1   (Realtek PCIe GBE Family Controller) -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\explorer.exe -> [2011/02/25 04:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> C:\Windows\SysNative\userinit.exe -> [2010/11/20 11:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 23:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2011/02/25 03:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
userinit.exe -> C:\Windows\SysWow64\userinit.exe -> [2010/11/20 10:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000] > -> HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2011/02/25 03:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> C:\Windows\SysNative\igfxdev.dll -> [2010/01/08 01:40:48 | 000,268,800 | ---- | M] (Intel Corporation)
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
GbPluginBb -> C:\Program Files (x86)\GbPlugin\gbieh.dll -> [2011/09/15 10:25:56 | 001,719,584 | ---- | M] (Banco do Brasil)
GbPluginCef -> C:\Program Files (x86)\GbPlugin\gbiehCef.dll -> [2011/04/18 16:12:24 | 000,496,072 | ---- | M] (Caixa Economica Federal)
GbPluginUni -> C:\PROGRA~2\GbPlugin\gbiehUni.dll -> [2011/04/26 11:38:10 | 000,505,336 | ---- | M] (Banco Unibanco)
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< 64bit-ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL [Groove GFS Stub Execution Hook] -> [2011/06/12 12:43:26 | 006,721,936 | ---- | M] (Microsoft Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [Groove GFS Stub Execution Hook] -> [2011/06/12 12:15:00 | 004,221,328 | ---- | M] (Microsoft Corporation)
"{E37CB5F0-51F5-4395-A808-5FA49E399003}" [HKLM] -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [GbPlugin ShlObj] -> [2011/04/18 16:12:24 | 000,496,072 | ---- | M] (Caixa Economica Federal)
"{E37CB5F0-51F5-4395-A808-5FA49E399008}" [HKLM] -> C:\PROGRA~2\GbPlugin\gbiehuni.dll [GbPlugin ShlObj] -> [2011/04/26 11:38:10 | 000,505,336 | ---- | M] (Banco Unibanco)
"{E37CB5F0-51F5-4395-A808-5FA49E399F83}" [HKLM] -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [GbPlugin ShlObj] -> [2011/09/15 10:25:56 | 001,719,584 | ---- | M] (Banco do Brasil)
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{082C5AE0-F68F-4313-B688-5D1C86CF3100} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system | 
{19FBE748-01B1-4149-A64B-127A8AF44A0A} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28511 | app=system | 
{22A3F79C-222E-48E1-998F-C97E68742468} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28519 | app=system | 
{26908B7E-9CE1-4D7C-A448-FC3488A71A33} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{2EA4D0B8-1279-4B18-9194-3D8D841D8BFC} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv | 
{38B15D58-86AB-47DA-BC2D-A8926BFCF751} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28523 | app=system | 
{3DC091EF-E34F-4766-A77B-F13AD15BA358} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28539 | svc=rpcss | 
{469BFD29-78B7-45E4-9260-86F2C6FE92CC} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live communications platform (ssdp) | 
{4ADA5B1C-39E3-4FF5-8FEB-EC6C554F0128} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{4E5E3B2B-E887-4194-9F2A-AD79BA82C477} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31289 | app=system | 
{50AF90D7-027C-4F90-8866-A80406F68D87} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{76CA40E6-93BE-4725-9E26-3670424FF7DE} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{8BE7DE48-9231-42BD-9D12-8262D0F81D68} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28531 | app=system | 
{8F63362F-8043-4141-B5F4-CC1935A82DA3} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31277 | app=system | 
{97FDB00A-747A-4EFA-8E73-8066B7E12E50} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28507 | app=system | 
{A5CFA393-F6CA-4A55-8E15-7C575413B856} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{ADDFD491-BE76-4CD3-B5A6-2D094178D57D} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live communications platform (upnp) | 
{BB60EDD0-F1F8-4D27-B63C-ACBE983A2FC5} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28515 | app=system | 
{BDFE101C-876E-479F-B180-897685201D1B} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28527 | app=system | 
{C0ED538E-9640-4274-A105-1CA784EAE396} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{D3AD57F8-92D2-4330-AB64-00F55428F5C6} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | 
{D570B8F3-67E5-43EE-B21E-72F5AA3B6A17} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31285 | app=system | 
{E243D7CD-0470-40B6-99CC-A7A850AA0C08} -> lport=6004 | profile=private | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files\microsoft office\office14\outlook.exe | 
{E8F946BC-D39B-403D-8299-9C82C4B2E49A} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{EBE8DC26-A963-42D1-835E-D8764E7E2D3F} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28503 | app=system | 
{F66FDB9D-0543-4ECD-8C96-590B5E954D17} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{FA6D6D8C-E2F9-467F-AF9E-AE54FA9EDFEA} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{FF038BF5-027C-489A-8E90-F7C41172547B} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{01A0F993-45A4-4DD3-A40C-6DDD754383DA} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31297 | app=%programfiles%\windows media player\wmplayer.exe | 
{02F28A51-D936-457B-B465-02DE17F76996} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31309 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{0386D796-DDD0-44DE-AA73-E3763EA0076D} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{03ECFCE7-FAD8-408C-830F-04AFF5709753} -> dir=in | action=allow | name=hp mediasmart dvd | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | 
{0AB3EC94-3BF9-4BCC-BE1D-B69B53383858} -> dir=in | action=allow | name=hpwucli.exe | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
{10145F78-2840-4835-A633-69F70C50B124} -> dir=in | action=allow | name=hpfccopy.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
{1942A3F1-C8AA-478D-B4F0-4918C203CFD3} -> dir=in | action=allow | name=smartwebprintexe.exe | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
{1EE21006-A87F-4966-91E9-9B5B86780893} -> dir=in | action=allow | name=hpqkygrp.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
{253A0411-6E77-479A-9613-23940AA0DD8C} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31293 | app=%programfiles%\windows media player\wmplayer.exe | 
{34BC452F-A2A2-466D-A2C8-7109F0832870} -> dir=in | action=allow | name=hposfx08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
{3C464747-D756-4FC4-A146-1CEE36236A5E} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft onenote | app=c:\program files\microsoft office\office14\onenote.exe | 
{3F5D4BCE-6174-4B45-A365-F7F878FDADC2} -> profile=private | protocol=58 | dir=out | action=allow | name=@firewallapi.dll,-28546 | 
{447B8F8C-DCDC-48E1-8801-9C6DBB1B95B7} -> profile=private | protocol=6 | dir=in | action=allow | name=teamviewer remote control application | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
{45253CA5-CC13-47AD-9D4E-50F7C30D859B} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31003 | app=%programfiles%\windows media player\wmplayer.exe | 
{48FFA551-7889-441B-A953-4FCCD1F3027F} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{49CA76F3-2BB1-4145-8D3E-F0E673E6373A} -> dir=in | action=allow | name=hpiscnapp.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
{552BFBE6-5801-4A01-9AB8-A67126D60C5A} -> dir=in | action=allow | name=hpqgpc01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
{5F27214C-8071-423E-81CC-26146E6A6727} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31011 | app=%programfiles%\windows media player\wmplayer.exe | 
{5F795B23-BF85-429B-BDC8-9F7B579BBEAB} -> dir=in | action=allow | name=hpqtra08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
{62D9D371-5F14-4BD5-B6A8-C227432A1EA3} -> profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31313 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{63F50964-4EA5-4A55-95F9-20515EBB2919} -> dir=in | action=allow | name=hpqfxt08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
{68D7E8CD-DDED-423F-95DE-3F4DCD8790DE} -> dir=in | action=allow | name=hposid01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
{68F697DC-2B9D-48B6-867C-30204E74A6EE} -> dir=in | action=allow | name=hpofxs08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
{69ABBE0A-C979-4D15-AA66-E3F705AB8D66} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
{73A62146-8A39-4BDE-89E0-8C7153246429} -> profile=private | protocol=58 | dir=in | action=allow | name=@firewallapi.dll,-28545 | 
{75E9138F-7571-4EC2-AE12-F98B69385AC4} -> dir=in | action=allow | name=hpqste08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
{795CCB61-93C9-4950-863C-F2FE2FA4A259} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost | 
{857D112F-D818-46F6-93D8-29689C95F1E7} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft onenote | app=c:\program files\microsoft office\office14\onenote.exe | 
{88D582D4-1D92-4308-8F18-AB382741911B} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{8EA11726-31BD-4BC5-81E3-ED8DF31DE772} -> dir=in | action=allow | name=hpzwiz01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
{94F863F1-4836-4596-83EC-024D5CD5AC9F} -> dir=in | action=allow | name=hpqusgh.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
{9797B766-0AD2-4B5A-96C1-5A485BDF3AC9} -> dir=in | action=allow | name=windows live sync | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
{A21A6A14-1738-49AB-9015-F084F33FCB8B} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31281 | app=system | 
{A41F9503-4E46-4F05-8E69-6CDAC0150621} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31007 | app=%programfiles%\windows media player\wmplayer.exe | 
{A7D504E3-B9B7-43D3-B34B-BAB41DAADE1E} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31317 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{A9E170EB-6E3E-4476-BBFD-5666295CC518} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | 
{AC28D269-2C3D-489C-9EE5-015565EFFBEB} -> profile=private | protocol=1 | dir=in | action=allow | name=@firewallapi.dll,-28543 | 
{B1F3768F-C37D-4AB6-9C15-8A4E12A07A04} -> dir=in | action=allow | name=windows live communications platform | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
{B29935FE-8BC7-4156-AB3F-F452680C4B9F} -> profile=private | protocol=17 | dir=in | action=allow | name=teamviewer remote control service | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
{B3A1BCDD-6414-4BF9-BC86-0341F507A181} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31301 | app=%programfiles%\windows media player\wmplayer.exe | 
{B5141E6C-3DF6-4E5F-885D-C5608180352C} -> profile=private | protocol=17 | dir=in | action=allow | name=teamviewer remote control application | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
{BE4F893D-458B-4125-AAF8-8F2B73261EF9} -> dir=in | action=allow | name=hpqusgm.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
{C175CC87-22D0-44FB-BC2D-0A13141A89C4} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31305 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{C212BCDF-5972-4C60-99A5-E031C79BB530} -> dir=in | action=allow | name=hpofxm08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
{E46B62C9-3978-4450-A80F-30DE152F6AA0} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft sharepoint workspace | app=c:\program files\microsoft office\office14\groove.exe | 
{E4B3CEE8-1C58-46EA-8EB6-0E163627FE00} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft sharepoint workspace | app=c:\program files\microsoft office\office14\groove.exe | 
{E8EF2847-ADB0-4EAB-A29F-CBFB44D77A7E} -> profile=private | protocol=6 | dir=in | action=allow | name=teamviewer remote control service | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
{ECA5D405-869C-4E1D-87AF-4113A3F02D65} -> dir=in | action=allow | name=hpoews01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
{F105B450-CE0B-4BB5-87DF-313C7403CB6A} -> profile=private | protocol=1 | dir=out | action=allow | name=@firewallapi.dll,-28544 | 
{F3718402-7542-44E4-B9E6-74101903A419} -> dir=in | action=allow | name=hpqgplgtupl.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
{F82C6CD2-D2BB-4CDD-B7F8-00BB55DEE279} -> dir=in | action=allow | name=hp touchsmart music | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe | 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> Driver de CD-ROM -> 
"ImagePath" ->  [\SystemRoot\system32\drivers\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
E:\autorun.inf [[autorun] | open=setup.exe | icon=setup.exe | ] -> E:\autorun.inf [ CDFS ] -> [2008/09/03 09:57:20 | 000,000,043 | R--- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{efcfc746-d343-11e0-b7ce-806e6f6e6963}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efcfc746-d343-11e0-b7ce-806e6f6e6963}\shell
\{efcfc746-d343-11e0-b7ce-806e6f6e6963}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efcfc746-d343-11e0-b7ce-806e6f6e6963}\shell\AutoRun\command
\{efcfc746-d343-11e0-b7ce-806e6f6e6963}\shell\AutoRun\command\\"" -> E:\setup.exe [E:\setup.exe] -> [2004/10/21 20:38:02 | 000,126,976 | R--- | M] (Macrovision Corporation)
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-comfile [open] -> "%1" %*
64bit-exefile [open] -> "%1" %*
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 

[Registry - Additional Scans - Safe List]

[Files/Folders - Created Within 30 Days]
LinhaDefensiva -> C:\LinhaDefensiva -> [2011/10/17 08:33:41 | 000,000,000 | ---D | C]
{3978F0C4-252D-41AF-AF3C-D43D71120394} -> C:\Users\Asafer\AppData\Local\{3978F0C4-252D-41AF-AF3C-D43D71120394} -> [2011/10/17 07:49:38 | 000,000,000 | ---D | C]
{BCC61691-9BD7-43E5-BFBD-8E5FC0FF5D00} -> C:\Users\Asafer\AppData\Local\{BCC61691-9BD7-43E5-BFBD-8E5FC0FF5D00} -> [2011/10/17 07:49:18 | 000,000,000 | ---D | C]
{470637DC-C2B1-4020-AA3E-D2B02EA03A74} -> C:\Users\Asafer\AppData\Local\{470637DC-C2B1-4020-AA3E-D2B02EA03A74} -> [2011/10/14 08:58:15 | 000,000,000 | ---D | C]
{CDCF1FF1-198E-47AE-B742-D8F5D285FC7F} -> C:\Users\Asafer\AppData\Local\{CDCF1FF1-198E-47AE-B742-D8F5D285FC7F} -> [2011/10/14 08:58:01 | 000,000,000 | ---D | C]
{1F0431B7-74C9-4D1A-920B-9B425D4F3406} -> C:\Users\Asafer\AppData\Local\{1F0431B7-74C9-4D1A-920B-9B425D4F3406} -> [2011/10/13 08:43:16 | 000,000,000 | ---D | C]
{E118C3A5-3BC6-4355-A095-F9379872855F} -> C:\Users\Asafer\AppData\Local\{E118C3A5-3BC6-4355-A095-F9379872855F} -> [2011/10/13 08:43:06 | 000,000,000 | ---D | C]
{A794AE43-FB11-4BF4-A534-3BC7112B5222} -> C:\Users\Asafer\AppData\Local\{A794AE43-FB11-4BF4-A534-3BC7112B5222} -> [2011/10/11 08:58:38 | 000,000,000 | ---D | C]
{AA13F719-9694-47E7-8E5E-B33B538B0050} -> C:\Users\Asafer\AppData\Local\{AA13F719-9694-47E7-8E5E-B33B538B0050} -> [2011/10/11 08:58:28 | 000,000,000 | ---D | C]
{C2FB6AE7-73E9-4C83-86B3-F828EC41E293} -> C:\Users\Asafer\AppData\Local\{C2FB6AE7-73E9-4C83-86B3-F828EC41E293} -> [2011/10/10 09:02:06 | 000,000,000 | ---D | C]
{9A8A6B28-37FC-4BA0-8D6B-76B1C984A9CC} -> C:\Users\Asafer\AppData\Local\{9A8A6B28-37FC-4BA0-8D6B-76B1C984A9CC} -> [2011/10/10 09:01:56 | 000,000,000 | ---D | C]
SymIMV.sys -> C:\Windows\SysNative\drivers\SymIMV.sys -> [2011/10/07 15:39:44 | 000,053,808 | R--- | C] (Symantec Corporation)
{CBCF4C5C-18E1-49CB-A487-013FD29D0BE0} -> C:\Users\Asafer\AppData\Local\{CBCF4C5C-18E1-49CB-A487-013FD29D0BE0} -> [2011/10/07 08:46:06 | 000,000,000 | ---D | C]
{86DD5E7C-2E1D-4D37-B416-8121E74A541D} -> C:\Users\Asafer\AppData\Local\{86DD5E7C-2E1D-4D37-B416-8121E74A541D} -> [2011/10/07 08:45:55 | 000,000,000 | ---D | C]
Google Earth -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth -> [2011/10/06 18:35:43 | 000,000,000 | ---D | C]
{FDDC129C-1B27-4419-82EA-F48C057A553F} -> C:\Users\Asafer\AppData\Local\{FDDC129C-1B27-4419-82EA-F48C057A553F} -> [2011/10/06 08:50:50 | 000,000,000 | ---D | C]
{3A12D778-555E-4CE2-BC3A-6E475D7A6D3B} -> C:\Users\Asafer\AppData\Local\{3A12D778-555E-4CE2-BC3A-6E475D7A6D3B} -> [2011/10/06 08:50:40 | 000,000,000 | ---D | C]
CyberLink -> C:\Users\Asafer\AppData\Roaming\CyberLink -> [2011/10/05 12:23:52 | 000,000,000 | ---D | C]
{6D89930D-C8B4-45CF-8E2D-91CB07ED7D99} -> C:\Users\Asafer\AppData\Local\{6D89930D-C8B4-45CF-8E2D-91CB07ED7D99} -> [2011/10/05 08:42:40 | 000,000,000 | ---D | C]
{FC72EA9B-DFEC-41EB-B8F3-FBE20F57FB78} -> C:\Users\Asafer\AppData\Local\{FC72EA9B-DFEC-41EB-B8F3-FBE20F57FB78} -> [2011/10/05 08:42:27 | 000,000,000 | ---D | C]
{E7EE81FD-E9B8-42F1-BB6B-B933C411E46A} -> C:\Users\Asafer\AppData\Local\{E7EE81FD-E9B8-42F1-BB6B-B933C411E46A} -> [2011/10/04 08:38:20 | 000,000,000 | ---D | C]
{C2C9DFD1-854D-4752-AF75-0098AFFBCC51} -> C:\Users\Asafer\AppData\Local\{C2C9DFD1-854D-4752-AF75-0098AFFBCC51} -> [2011/10/04 08:38:09 | 000,000,000 | ---D | C]
{9EB0184A-2293-4AD9-AB4A-440A7C224EB2} -> C:\Users\Asafer\AppData\Local\{9EB0184A-2293-4AD9-AB4A-440A7C224EB2} -> [2011/10/03 08:53:23 | 000,000,000 | ---D | C]
{DAEE7FB1-372D-4E51-9932-D1EDCA1633C4} -> C:\Users\Asafer\AppData\Local\{DAEE7FB1-372D-4E51-9932-D1EDCA1633C4} -> [2011/10/03 08:53:13 | 000,000,000 | ---D | C]
Google -> C:\Program Files (x86)\Google -> [2011/09/30 14:24:04 | 000,000,000 | ---D | C]
Google -> C:\Users\Asafer\AppData\Local\Google -> [2011/09/30 14:23:57 | 000,000,000 | ---D | C]
{B5937021-1307-4991-BFDB-1AD7FBD6AFC9} -> C:\Users\Asafer\AppData\Local\{B5937021-1307-4991-BFDB-1AD7FBD6AFC9} -> [2011/09/30 08:50:00 | 000,000,000 | ---D | C]
{D6FD73FE-9F3E-4EC1-9137-BC3F1D1479A2} -> C:\Users\Asafer\AppData\Local\{D6FD73FE-9F3E-4EC1-9137-BC3F1D1479A2} -> [2011/09/30 08:49:49 | 000,000,000 | ---D | C]
{6E8099EB-3C2D-4C82-8ACE-14B27857FF5D} -> C:\Users\Asafer\AppData\Local\{6E8099EB-3C2D-4C82-8ACE-14B27857FF5D} -> [2011/09/29 08:40:54 | 000,000,000 | ---D | C]
{427F2C0D-4F59-4511-B673-6A90B9542655} -> C:\Users\Asafer\AppData\Local\{427F2C0D-4F59-4511-B673-6A90B9542655} -> [2011/09/29 08:40:44 | 000,000,000 | ---D | C]
{A40A6761-F046-4C7B-B4EA-D718E46ADF5F} -> C:\Users\Asafer\AppData\Local\{A40A6761-F046-4C7B-B4EA-D718E46ADF5F} -> [2011/09/28 20:40:31 | 000,000,000 | ---D | C]
{1E76E2D8-065D-4037-A386-7DE4333F1C7E} -> C:\Users\Asafer\AppData\Local\{1E76E2D8-065D-4037-A386-7DE4333F1C7E} -> [2011/09/28 20:40:21 | 000,000,000 | ---D | C]
{895FC1D7-EA58-49F5-9C26-F02E3E5E6F4C} -> C:\Users\Asafer\AppData\Local\{895FC1D7-EA58-49F5-9C26-F02E3E5E6F4C} -> [2011/09/28 08:40:08 | 000,000,000 | ---D | C]
{A7E33AD1-1CDD-493D-9A53-6EAB2A8C7378} -> C:\Users\Asafer\AppData\Local\{A7E33AD1-1CDD-493D-9A53-6EAB2A8C7378} -> [2011/09/28 08:39:57 | 000,000,000 | ---D | C]
{B04AAD00-70C7-4E97-A929-B25F70D85B02} -> C:\Users\Asafer\AppData\Local\{B04AAD00-70C7-4E97-A929-B25F70D85B02} -> [2011/09/27 10:23:25 | 000,000,000 | ---D | C]
{86BD3007-4B76-4BD8-8030-01647BBD65AF} -> C:\Users\Asafer\AppData\Local\{86BD3007-4B76-4BD8-8030-01647BBD65AF} -> [2011/09/27 10:23:14 | 000,000,000 | ---D | C]
{18E64EF8-5620-4B0E-8946-B0070D55284A} -> C:\Users\Asafer\AppData\Local\{18E64EF8-5620-4B0E-8946-B0070D55284A} -> [2011/09/26 08:47:00 | 000,000,000 | ---D | C]
{02BBE3F7-5AD0-47A9-86E2-5394FA5796CB} -> C:\Users\Asafer\AppData\Local\{02BBE3F7-5AD0-47A9-86E2-5394FA5796CB} -> [2011/09/26 08:46:35 | 000,000,000 | ---D | C]
Fatalyzer -> C:\Program Files (x86)\Fatalyzer -> [2011/09/23 16:21:42 | 000,000,000 | ---D | C]
{DEC779A0-02D0-4838-9696-42A1E4955367} -> C:\Users\Asafer\AppData\Local\{DEC779A0-02D0-4838-9696-42A1E4955367} -> [2011/09/23 10:48:15 | 000,000,000 | ---D | C]
{93B5E325-9DAA-4176-94B1-8E88457BD27C} -> C:\Users\Asafer\AppData\Local\{93B5E325-9DAA-4176-94B1-8E88457BD27C} -> [2011/09/23 10:48:04 | 000,000,000 | ---D | C]
{21E2D4B0-E751-41FB-88E7-A1A60F60A595} -> C:\Users\Asafer\AppData\Local\{21E2D4B0-E751-41FB-88E7-A1A60F60A595} -> [2011/09/23 10:10:35 | 000,000,000 | ---D | C]
{6C18F5BF-24C2-413D-9A07-68DC34E927BD} -> C:\Users\Asafer\AppData\Local\{6C18F5BF-24C2-413D-9A07-68DC34E927BD} -> [2011/09/23 09:00:42 | 000,000,000 | ---D | C]
{50C68694-B776-431F-8D27-9B065F7C3007} -> C:\Users\Asafer\AppData\Local\{50C68694-B776-431F-8D27-9B065F7C3007} -> [2011/09/23 08:43:22 | 000,000,000 | ---D | C]
Microsoft Games -> C:\Users\Asafer\AppData\Local\Microsoft Games -> [2011/09/22 15:24:55 | 000,000,000 | ---D | C]
Arquivos -> C:\Users\Asafer\Desktop\Arquivos -> [2011/09/22 10:53:36 | 000,000,000 | R--D | C]
{26091D14-F7C6-49A5-A6A1-747D79F6C342} -> C:\Users\Asafer\AppData\Local\{26091D14-F7C6-49A5-A6A1-747D79F6C342} -> [2011/09/22 08:33:25 | 000,000,000 | ---D | C]
{36CAD7A4-CCD0-47EF-97D1-3A0B4D8E2DB2} -> C:\Users\Asafer\AppData\Local\{36CAD7A4-CCD0-47EF-97D1-3A0B4D8E2DB2} -> [2011/09/22 08:33:14 | 000,000,000 | ---D | C]
{F3EDDD4D-A629-40F6-BE23-520E5F58E5E3} -> C:\Users\Asafer\AppData\Local\{F3EDDD4D-A629-40F6-BE23-520E5F58E5E3} -> [2011/09/21 08:43:20 | 000,000,000 | ---D | C]
{D371C016-AF30-4609-BE61-BB0CB0B45E96} -> C:\Users\Asafer\AppData\Local\{D371C016-AF30-4609-BE61-BB0CB0B45E96} -> [2011/09/21 08:43:08 | 000,000,000 | ---D | C]
Malwarebytes -> C:\Users\Asafer\AppData\Roaming\Malwarebytes -> [2011/09/20 08:56:59 | 000,000,000 | ---D | C]
Malwarebytes' Anti-Malware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2011/09/20 08:55:35 | 000,000,000 | ---D | C]
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2011/09/20 08:55:34 | 000,000,000 | ---D | C]
mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2011/09/20 08:55:31 | 000,025,416 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2011/09/20 08:55:31 | 000,000,000 | ---D | C]
{ACDCC761-5320-4A07-93CB-DA248F20540A} -> C:\Users\Asafer\AppData\Local\{ACDCC761-5320-4A07-93CB-DA248F20540A} -> [2011/09/20 08:35:46 | 000,000,000 | ---D | C]
{C9BCAE34-1815-46BA-B6B6-BBFCA92D9409} -> C:\Users\Asafer\AppData\Local\{C9BCAE34-1815-46BA-B6B6-BBFCA92D9409} -> [2011/09/20 08:35:33 | 000,000,000 | ---D | C]
Meus arquivos recebidos -> C:\Users\Asafer\Documents\Meus arquivos recebidos -> [2011/09/19 09:37:12 | 000,000,000 | ---D | C]
{EA0B8A84-C688-4F8F-A2F5-487A1729D970} -> C:\Users\Asafer\AppData\Local\{EA0B8A84-C688-4F8F-A2F5-487A1729D970} -> [2011/09/19 08:42:44 | 000,000,000 | ---D | C]
{A4506285-64D1-4235-B673-8CF14117291C} -> C:\Users\Asafer\AppData\Local\{A4506285-64D1-4235-B673-8CF14117291C} -> [2011/09/19 08:42:33 | 000,000,000 | ---D | C]
Implode.dll -> C:\Windows\SysWow64\Implode.dll -> [2011/09/16 10:00:18 | 000,018,944 | ---- | C] ( )
Zipdll.dll -> C:\Windows\SysWow64\Zipdll.dll -> [2011/09/05 11:41:23 | 000,099,840 | ---- | C] ( )
Unzdll.dll -> C:\Windows\SysWow64\Unzdll.dll -> [2011/09/05 11:41:23 | 000,094,208 | ---- | C] ( )

[Files/Folders - Modified Within 30 Days]
GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2011/10/17 16:34:01 | 000,001,068 | ---- | M] ()
206476_203575283009293_100000704682409_642699_1260483_n.jpg -> C:\Users\Asafer\Desktop\206476_203575283009293_100000704682409_642699_1260483_n.jpg -> [2011/10/17 14:03:14 | 000,101,289 | ---- | M] ()
218183_203573959676092_100000704682409_642694_7225002_n.jpg -> C:\Users\Asafer\Desktop\218183_203573959676092_100000704682409_642694_7225002_n.jpg -> [2011/10/17 14:03:14 | 000,088,321 | ---- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2011/10/17 13:34:00 | 000,001,064 | ---- | M] ()
Drawing1.dwl2 -> C:\Users\Asafer\Documents\Drawing1.dwl2 -> [2011/10/17 11:51:24 | 000,000,214 | -H-- | M] ()
Drawing1.dwl -> C:\Users\Asafer\Documents\Drawing1.dwl -> [2011/10/17 11:51:24 | 000,000,064 | -H-- | M] ()
Default.rdp -> C:\Users\Asafer\Documents\Default.rdp -> [2011/10/17 11:40:00 | 000,002,016 | -H-- | M] ()
Cat.DB -> C:\Windows\SysNative\drivers\NISx64\1109000.00C\Cat.DB -> [2011/10/17 09:26:16 | 001,689,848 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/10/17 07:58:30 | 000,015,792 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/10/17 07:58:30 | 000,015,792 | -H-- | M] ()
PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2011/10/17 07:53:03 | 001,654,760 | ---- | M] ()
prfh0416.dat -> C:\Windows\SysNative\prfh0416.dat -> [2011/10/17 07:53:03 | 000,715,524 | ---- | M] ()
perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2011/10/17 07:53:03 | 000,662,518 | ---- | M] ()
prfc0416.dat -> C:\Windows\SysNative\prfc0416.dat -> [2011/10/17 07:53:03 | 000,146,702 | ---- | M] ()
perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2011/10/17 07:53:03 | 000,123,772 | ---- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2011/10/17 07:46:38 | 000,067,584 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2011/10/17 07:46:31 | 2962,550,784 | -HS- | M] ()
FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2011/10/14 08:52:06 | 000,516,448 | ---- | M] ()
Norton Internet Security.lnk -> C:\Users\Public\Desktop\Norton Internet Security.lnk -> [2011/10/14 08:46:03 | 000,002,491 | ---- | M] ()
HPCeeScheduleForAsafer.job -> C:\Windows\tasks\HPCeeScheduleForAsafer.job -> [2011/10/14 08:45:57 | 000,000,336 | ---- | M] ()
I.R.I.S. Resource Center.lnk -> C:\Users\Asafer\Desktop\I.R.I.S. Resource Center.lnk -> [2011/10/13 16:24:02 | 000,001,256 | ---- | M] ()
IMG_4841.JPG -> C:\Users\Asafer\Desktop\IMG_4841.JPG -> [2011/10/11 09:19:22 | 004,906,973 | ---- | M] ()
ACRILICO - BRAHMA COUNTRY.dwg -> C:\Users\Asafer\Desktop\ACRILICO - BRAHMA COUNTRY.dwg -> [2011/10/10 10:56:12 | 000,017,033 | ---- | M] ()
Boleto_14362680000010489-0.pdf -> C:\Users\Asafer\Desktop\Boleto_14362680000010489-0.pdf -> [2011/10/07 18:29:31 | 000,049,656 | ---- | M] ()
111003_DISCO+DISPERSOR+MAIOR.dxf -> C:\Users\Asafer\Desktop\111003_DISCO+DISPERSOR+MAIOR.dxf -> [2011/10/04 10:40:41 | 000,161,491 | ---- | M] ()
111003_DISCO+DISPERSOR+MAIOR.dwg -> C:\Users\Asafer\Desktop\111003_DISCO+DISPERSOR+MAIOR.dwg -> [2011/10/04 10:38:04 | 000,056,783 | ---- | M] ()
CCleaner.lnk -> C:\Users\Public\Desktop\CCleaner.lnk -> [2011/10/04 09:35:59 | 000,000,824 | ---- | M] ()
PCDRScheduledMaintenance.job -> C:\Windows\tasks\PCDRScheduledMaintenance.job -> [2011/09/30 11:17:09 | 000,000,544 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/09/20 08:55:36 | 000,001,115 | ---- | M] ()
isolate.ini -> C:\Windows\SysNative\drivers\NISx64\1109000.00C\isolate.ini -> [2011/09/19 20:59:44 | 000,000,172 | ---- | M] ()
cc_20110919_090828.reg -> C:\Users\Asafer\Documents\cc_20110919_090828.reg -> [2011/09/19 10:08:32 | 000,022,372 | ---- | M] ()

[Files - No Company Name]
206476_203575283009293_100000704682409_642699_1260483_n.jpg -> C:\Users\Asafer\Desktop\206476_203575283009293_100000704682409_642699_1260483_n.jpg -> [2011/10/17 14:03:33 | 000,101,289 | ---- | C] ()
218183_203573959676092_100000704682409_642694_7225002_n.jpg -> C:\Users\Asafer\Desktop\218183_203573959676092_100000704682409_642694_7225002_n.jpg -> [2011/10/17 14:03:25 | 000,088,321 | ---- | C] ()
Drawing1.dwl2 -> C:\Users\Asafer\Documents\Drawing1.dwl2 -> [2011/10/17 11:51:24 | 000,000,214 | -H-- | C] ()
Drawing1.dwl -> C:\Users\Asafer\Documents\Drawing1.dwl -> [2011/10/17 11:51:24 | 000,000,064 | -H-- | C] ()
Norton Internet Security.lnk -> C:\Users\Public\Desktop\Norton Internet Security.lnk -> [2011/10/14 08:46:03 | 000,002,491 | ---- | C] ()
I.R.I.S. Resource Center.lnk -> C:\Users\Asafer\Desktop\I.R.I.S. Resource Center.lnk -> [2011/10/13 16:24:02 | 000,001,256 | ---- | C] ()
IMG_4841.JPG -> C:\Users\Asafer\Desktop\IMG_4841.JPG -> [2011/10/11 08:59:22 | 004,906,973 | ---- | C] ()
ACRILICO - BRAHMA COUNTRY.dwg -> C:\Users\Asafer\Desktop\ACRILICO - BRAHMA COUNTRY.dwg -> [2011/10/10 10:56:10 | 000,017,033 | ---- | C] ()
Boleto_14362680000010489-0.pdf -> C:\Users\Asafer\Desktop\Boleto_14362680000010489-0.pdf -> [2011/10/07 18:29:31 | 000,049,656 | ---- | C] ()
111003_DISCO+DISPERSOR+MAIOR.dxf -> C:\Users\Asafer\Desktop\111003_DISCO+DISPERSOR+MAIOR.dxf -> [2011/10/04 10:40:41 | 000,161,491 | ---- | C] ()
111003_DISCO+DISPERSOR+MAIOR.dwg -> C:\Users\Asafer\Desktop\111003_DISCO+DISPERSOR+MAIOR.dwg -> [2011/10/04 10:38:04 | 000,056,783 | ---- | C] ()
GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2011/09/30 14:24:08 | 000,001,068 | ---- | C] ()
GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2011/09/30 14:24:07 | 000,001,064 | ---- | C] ()
Fatalyzer.LNK -> C:\Users\Asafer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fatalyzer.LNK -> [2011/09/23 16:21:42 | 000,001,075 | ---- | C] ()
HPCeeScheduleForAsafer.job -> C:\Windows\tasks\HPCeeScheduleForAsafer.job -> [2011/09/22 18:25:34 | 000,000,336 | ---- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/09/20 08:55:36 | 000,001,115 | ---- | C] ()
cc_20110919_090828.reg -> C:\Users\Asafer\Documents\cc_20110919_090828.reg -> [2011/09/19 10:08:31 | 000,022,372 | ---- | C] ()
Co2c40en.dll -> C:\Windows\SysWow64\Co2c40en.dll -> [2011/09/16 10:00:17 | 000,748,160 | ---- | C] ()
hpwins26.dat.temp -> C:\Windows\hpwins26.dat.temp -> [2011/08/31 12:13:30 | 000,223,041 | ---- | C] ()
hpwmdl26.dat.temp -> C:\Windows\hpwmdl26.dat.temp -> [2011/08/31 12:13:30 | 000,000,370 | ---- | C] ()
hpwins26.dat -> C:\Windows\hpwins26.dat -> [2011/08/31 11:46:32 | 000,223,200 | ---- | C] ()
srvany.exe -> C:\Windows\SysWow64\srvany.exe -> [2011/08/31 10:58:32 | 000,008,192 | ---- | C] ()
wklnhst.dat -> C:\Users\Asafer\AppData\Roaming\wklnhst.dat -> [2011/08/31 09:22:06 | 000,000,000 | ---- | C] ()
PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2011/08/31 08:54:35 | 001,515,172 | ---- | C] ()
igkrng575.bin -> C:\Windows\SysWow64\igkrng575.bin -> [2010/06/09 18:12:22 | 000,870,544 | ---- | C] ()
iglhsip32.dll -> C:\Windows\SysWow64\iglhsip32.dll -> [2010/06/09 18:12:22 | 000,208,896 | ---- | C] ()
iglhcp32.dll -> C:\Windows\SysWow64\iglhcp32.dll -> [2010/06/09 18:12:22 | 000,143,360 | ---- | C] ()
igcompkrng575.bin -> C:\Windows\SysWow64\igcompkrng575.bin -> [2010/06/09 18:12:21 | 000,127,896 | ---- | C] ()
igfcg575m.bin -> C:\Windows\SysWow64\igfcg575m.bin -> [2010/06/09 18:12:21 | 000,051,068 | ---- | C] ()
LPRES.DLL -> C:\Windows\LPRES.DLL -> [2010/02/09 19:58:12 | 000,012,800 | ---- | C] ()
hpwmdl26.dat -> C:\Windows\hpwmdl26.dat -> [2009/08/18 04:31:57 | 000,000,370 | ---- | C] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2009/07/14 03:38:36 | 000,067,584 | --S- | C] ()
NOISE.DAT -> C:\Windows\SysWow64\NOISE.DAT -> [2009/07/14 00:35:51 | 000,000,741 | ---- | C] ()
dssec.dat -> C:\Windows\SysWow64\dssec.dat -> [2009/07/14 00:34:42 | 000,215,943 | ---- | C] ()
mib.bin -> C:\Windows\mib.bin -> [2009/07/13 22:10:29 | 000,043,131 | ---- | C] ()
BWContextHandler.dll -> C:\Windows\SysWow64\BWContextHandler.dll -> [2009/07/13 21:42:10 | 000,064,000 | ---- | C] ()
msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/07/13 19:03:59 | 000,364,544 | ---- | C] ()
mlang.dat -> C:\Windows\SysWow64\mlang.dat -> [2009/06/10 19:26:10 | 000,673,088 | ---- | C] ()

[File - Lop Check]
Autodesk -> C:\Users\Asafer\AppData\Roaming\Autodesk -> [2011/09/02 10:44:32 | 000,000,000 | ---D | M]
Babylon -> C:\Users\Asafer\AppData\Roaming\Babylon -> [2011/09/05 10:20:16 | 000,000,000 | ---D | M]
EurekaLog -> C:\Users\Asafer\AppData\Roaming\EurekaLog -> [2011/10/10 14:26:18 | 000,000,000 | ---D | M]
SigmaTEK -> C:\Users\Asafer\AppData\Roaming\SigmaTEK -> [2011/08/31 09:17:03 | 000,000,000 | ---D | M]
TeamViewer -> C:\Users\Asafer\AppData\Roaming\TeamViewer -> [2011/10/07 12:13:24 | 000,000,000 | ---D | M]
Template -> C:\Users\Asafer\AppData\Roaming\Template -> [2011/08/31 09:22:07 | 000,000,000 | ---D | M]
Tific -> C:\Users\Asafer\AppData\Roaming\Tific -> [2011/08/31 11:26:32 | 000,000,000 | ---D | M]
WinBatch -> C:\Users\Asafer\AppData\Roaming\WinBatch -> [2011/09/14 08:59:47 | 000,000,000 | ---D | M]
PCDRScheduledMaintenance.job -> C:\Windows\Tasks\PCDRScheduledMaintenance.job -> [2011/09/30 11:17:09 | 000,000,544 | ---- | M] ()
SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2009/07/14 03:08:49 | 000,017,326 | ---- | M] ()

[File - Purity Scan]

[Custom Scans]
< %ALLUSERSPROFILE%\Menu Iniciar\Programas\Inicializar\*.* >
< %APPDATA%\* >
wklnhst.dat -> C:\Users\Asafer\AppData\Roaming\wklnhst.dat -> [2011/08/31 09:22:06 | 000,000,000 | ---- | M] ()
< %APPDATA%\*.* >
wklnhst.dat -> C:\Users\Asafer\AppData\Roaming\wklnhst.dat -> [2011/08/31 09:22:06 | 000,000,000 | ---- | M] ()
< %APPDATA%\Update\*.* >
Invalid Environment Variable: CommonAppData
< %LOCALAPPDATA%\*.* >
GDIPFONTCACHEV1.DAT -> C:\Users\Asafer\AppData\Local\GDIPFONTCACHEV1.DAT -> [2011/09/02 16:36:43 | 000,151,440 | ---- | M] ()
IconCache.db -> C:\Users\Asafer\AppData\Local\IconCache.db -> [2011/10/14 18:45:16 | 002,255,208 | -H-- | M] ()
< %PROGRAMFILES(X86)%\Internet Explorer\*.* >
ExtExport.exe -> C:\Program Files (x86)\Internet Explorer\ExtExport.exe -> [2011/09/12 09:08:56 | 000,022,016 | ---- | M] (Microsoft Corporation)
ie9props.propdesc -> C:\Program Files (x86)\Internet Explorer\ie9props.propdesc -> [2011/09/12 09:08:56 | 000,002,535 | ---- | M] ()
iecleanup.exe -> C:\Program Files (x86)\Internet Explorer\iecleanup.exe -> [2011/09/12 09:08:56 | 000,107,008 | ---- | M] (Microsoft Corporation)
iediagcmd.exe -> C:\Program Files (x86)\Internet Explorer\iediagcmd.exe -> [2011/09/12 09:08:56 | 000,307,200 | ---- | M] ()
iedvtool.dll -> C:\Program Files (x86)\Internet Explorer\iedvtool.dll -> [2011/09/01 00:30:00 | 000,678,912 | ---- | M] (Microsoft Corporation)
ieinstal.exe -> C:\Program Files (x86)\Internet Explorer\ieinstal.exe -> [2011/09/12 09:08:55 | 000,466,432 | ---- | M] (Microsoft Corporation)
ielowutil.exe -> C:\Program Files (x86)\Internet Explorer\ielowutil.exe -> [2011/09/12 09:08:55 | 000,222,720 | ---- | M] (Microsoft Corporation)
ieproxy.dll -> C:\Program Files (x86)\Internet Explorer\ieproxy.dll -> [2011/09/12 09:08:55 | 000,193,536 | ---- | M] (Microsoft Corporation)
IEShims.dll -> C:\Program Files (x86)\Internet Explorer\IEShims.dll -> [2011/09/01 00:26:36 | 000,194,048 | ---- | M] (Microsoft Corporation)
iexplore.exe -> C:\Program Files (x86)\Internet Explorer\iexplore.exe -> [2011/09/12 09:08:56 | 000,748,336 | ---- | M] (Microsoft Corporation)
jsdbgui.dll -> C:\Program Files (x86)\Internet Explorer\jsdbgui.dll -> [2011/09/12 09:08:56 | 000,386,560 | ---- | M] (Microsoft Corporation)
jsdebuggeride.dll -> C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll -> [2011/09/12 09:08:55 | 000,104,448 | ---- | M] (Microsoft Corporation)
JSProfilerCore.dll -> C:\Program Files (x86)\Internet Explorer\JSProfilerCore.dll -> [2011/09/12 09:08:55 | 000,049,664 | ---- | M] (Microsoft Corporation)
jsprofilerui.dll -> C:\Program Files (x86)\Internet Explorer\jsprofilerui.dll -> [2011/09/12 09:08:56 | 000,149,504 | ---- | M] (Microsoft Corporation)
msdbg2.dll -> C:\Program Files (x86)\Internet Explorer\msdbg2.dll -> [2009/06/10 19:14:14 | 000,265,720 | ---- | M] (Microsoft Corporation)
networkinspection.dll -> C:\Program Files (x86)\Internet Explorer\networkinspection.dll -> [2011/09/12 09:08:55 | 000,301,056 | ---- | M] (Microsoft Corporation)
pdm.dll -> C:\Program Files (x86)\Internet Explorer\pdm.dll -> [2009/06/10 19:14:15 | 000,355,832 | ---- | M] (Microsoft Corporation)
sqmapi.dll -> C:\Program Files (x86)\Internet Explorer\sqmapi.dll -> [2011/09/01 00:41:10 | 000,141,088 | ---- | M] (Microsoft Corporation)
< %SYSTEMDRIVE%\* >
BLOBS.TXT -> C:\BLOBS.TXT -> [2010/06/09 17:18:27 | 003,527,651 | ---- | M] ()
bootmgr -> C:\bootmgr -> [2009/07/13 23:38:58 | 000,383,562 | RHS- | M] ()
BOOTSECT.BAK -> C:\BOOTSECT.BAK -> [2009/07/24 17:22:29 | 000,008,192 | RHS- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2011/10/17 07:46:31 | 2962,550,784 | -HS- | M] ()
OS -> C:\OS -> [2010/06/09 19:07:56 | 000,000,000 | RHS- | M] ()
pagefile.sys -> C:\pagefile.sys -> [2011/10/17 07:46:32 | 3950,067,712 | -HS- | M] ()
< %SYSTEMDRIVE%\*.* >
BLOBS.TXT -> C:\BLOBS.TXT -> [2010/06/09 17:18:27 | 003,527,651 | ---- | M] ()
bootmgr -> C:\bootmgr -> [2009/07/13 23:38:58 | 000,383,562 | RHS- | M] ()
BOOTSECT.BAK -> C:\BOOTSECT.BAK -> [2009/07/24 17:22:29 | 000,008,192 | RHS- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2011/10/17 07:46:31 | 2962,550,784 | -HS- | M] ()
OS -> C:\OS -> [2010/06/09 19:07:56 | 000,000,000 | RHS- | M] ()
pagefile.sys -> C:\pagefile.sys -> [2011/10/17 07:46:32 | 3950,067,712 | -HS- | M] ()
< %USERPROFILE%\*.* >
aapj.properties -> C:\Users\Asafer\aapj.properties -> [2011/09/14 16:44:21 | 000,000,434 | ---- | M] ()
NTUSER.DAT -> C:\Users\Asafer\NTUSER.DAT -> [2011/10/17 16:43:57 | 001,835,008 | -HS- | M] ()
ntuser.dat.LOG1 -> C:\Users\Asafer\ntuser.dat.LOG1 -> [2011/10/17 16:43:57 | 000,262,144 | -HS- | M] ()
ntuser.dat.LOG2 -> C:\Users\Asafer\ntuser.dat.LOG2 -> [2011/08/30 18:17:18 | 000,000,000 | -HS- | M] ()
NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf -> C:\Users\Asafer\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf -> [2011/08/30 18:49:19 | 000,065,536 | -HS- | M] ()
NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Asafer\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms -> [2011/08/30 18:49:19 | 000,524,288 | -HS- | M] ()
NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Asafer\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms -> [2011/08/30 18:49:19 | 000,524,288 | -HS- | M] ()
ntuser.ini -> C:\Users\Asafer\ntuser.ini -> [2011/08/30 18:17:18 | 000,000,020 | -HS- | M] ()

CREATERESTOREPOINT
Restore point Set: OTS Restore Point

[Alternate Data Streams]
@Alternate Data Stream - 404 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst
< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

1.

*Execute o OTS

*Selecione, copie e cole o código no espaço abaixo de Paste Fix Here:

[unregister Dlls]

[Registry - Safe List]

< HOSTS File > ([2011/10/17 08:34:21 | 000,000,698 | ---- | M] - 20 lines) -> C:\Windows\SysNative\Drivers\etc\hosts

YN -> Reset Hosts ->

[Files/Folders - Created Within 30 Days]

NY -> LinhaDefensiva -> C:\LinhaDefensiva

[Alternate Data Streams]

NY -> @Alternate Data Stream - 404 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst

[Empty Temp Folders]

[Reboot]

*Clique [Run Fix] e o PC será reiniciado

*Cole o relatório apresentado

 

2.

*Faça um scan online com o NOD32

 

4682a6d30e.gif

 

*Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log

 

Informe se resolveu.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia

 

Segue os log´s

 

Obrigado

 

 

All Processes Killed

[Registry - Safe List]

HOSTS file reset successfully!

[Files/Folders - Created Within 30 Days]

C:\LinhaDefensiva\rotinas\remocao folder moved successfully.

C:\LinhaDefensiva\rotinas folder moved successfully.

C:\LinhaDefensiva\relatorios folder moved successfully.

C:\LinhaDefensiva\reflist folder moved successfully.

C:\LinhaDefensiva\QUA\Pastas folder moved successfully.

C:\LinhaDefensiva\QUA\Arquivos folder moved successfully.

C:\LinhaDefensiva\QUA folder moved successfully.

C:\LinhaDefensiva\lang\vb folder moved successfully.

C:\LinhaDefensiva\lang\init folder moved successfully.

C:\LinhaDefensiva\lang\bat folder moved successfully.

C:\LinhaDefensiva\lang folder moved successfully.

C:\LinhaDefensiva\func folder moved successfully.

C:\LinhaDefensiva\exec folder moved successfully.

C:\LinhaDefensiva\credits folder moved successfully.

C:\LinhaDefensiva folder moved successfully.

[Alternate Data Streams]

ADS C:\Windows\SysWow64\drivers:GbpKmAp.lst deleted successfully.

[Empty Temp Folders]

 

 

User: All Users

 

User: Asafer

->Temp folder emptied: 5678125 bytes

->Temporary Internet Files folder emptied: 203435494 bytes

->Java cache emptied: 262659 bytes

->FireFox cache emptied: 38139761 bytes

->Flash cache emptied: 1556 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

User: Todos os Usuários

 

User: Usuário Padrão

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 3996232 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50521 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 240,00 mb

 

< End of fix log >

OTS by OldTimer - Version 3.1.46.0 fix logfile created on 10182011_074941

 

Files\Folders moved on Reboot...

C:\Users\Asafer\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YB24YMRK\forum-super[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YB24YMRK\mail[2].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YB24YMRK\mail[3].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X86XFPQZ\ads[11].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X86XFPQZ\like[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X86XFPQZ\like[2].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X86XFPQZ\like[3].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X86XFPQZ\like[4].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X86XFPQZ\like[5].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X86XFPQZ\like[6].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X86XFPQZ\like[7].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X86XFPQZ\like[8].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X86XFPQZ\like[9].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WY67WL1C\bind[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WY67WL1C\fastbutton[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WY67WL1C\fastbutton[2].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WY67WL1C\fastbutton[3].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WY67WL1C\fastbutton[4].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WY67WL1C\fastbutton[5].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WY67WL1C\imasters_com_br[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WY67WL1C\login_status[5].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WY67WL1C\si[2].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RLNDG92R\forum-botao[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RLNDG92R\tweet_button[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWM83C5A\adsCAI1Y1K3.htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWM83C5A\fastbutton[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWM83C5A\fastbutton[2].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWM83C5A\fastbutton[3].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWM83C5A\forum-botao[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWM83C5A\like[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I604MIAH\mail[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I604MIAH\SmartAd[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ABSFVO33\446972-analise-de-log[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ABSFVO33\viewtopic[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ABIJJPN\ads[11].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ABIJJPN\forum-super[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ABIJJPN\infolab[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ABIJJPN\mail[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ABIJJPN\portal[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ABIJJPN\SmartAd[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

 

Registry entries deleted on Reboot...

 

 

------------------------------------------------------------------------------------------------------------------------------

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=12

Compartilhar este post


Link para o post
Compartilhar em outros sites

Informe como está o PC.

 

*Execute o arquivo c:\Arquivos de programas\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite,

 

Hoje entrei em contato com a gerente do meu banco e pedi uma nova senha.

Até agora entrou normalmente, sem problema aparente.

Neste logs apresentou algum problema???

Uma dúvida, estou para comprar um anti virus, você me aconselha algum???

Amanha cedo vou entrar novamente e quero ver se não vai mais bloquear minha senha.

Obrigad até o momento....

Compartilhar este post


Link para o post
Compartilhar em outros sites

1.

*Execute o OTS, clique [CleanUp] > [Yes]

*O PC será reiniciado

 

Nada de grande importância.

 

 

Se for pagar um antivírus, recomendo o GData ou o Kaspersky.

 

Se desejas free, recomendo Avira ou Avast.

 

 

Um abraço.

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.