Logo Hardware.com.br
ana.rodrigues
ana.rodrigue... Novo Membro Registrado
18 Mensagens 0 Curtidas

analise meu log, please

#1 Por ana.rodrigue... 11/11/2012 - 15:13
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:02:59, on 11/11/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\GoogleUpdt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\Arquivos de programas\Spyware Terminator\st_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe
C:\Arquivos de programas\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\monitor.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Ares\Ares.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\uTorrent\uTorrent.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Puxa Rápido\PuxaRapido.exe
C:\Documents and Settings\Ana Karina\Meus documentos\Programas\Malware\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 88.80.12.18 www2.bancobrasil.com.br
O1 - Hosts: 88.80.12.21 aapj.bb.com.br
O1 - Hosts: 88.80.12.22 bankline.itau.com.br
O1 - Hosts: 88.80.12.23 www.santandernet.com.br
O1 - Hosts: 186.202.166.75 www2.infoseg.gov.br
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Arquivos de programas\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\ARQUIV~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [monitor] C:\WINDOWS\system32\monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminatorShield] C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe
O4 - HKLM\..\Run: [SpywareTerminatorUpdater] C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe -update activex
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O15 - Trusted Zone: http://www.bancoreal.com.br
O15 - Trusted Zone: http://www.bancosantander.com.br
O15 - Trusted Zone: http://www.itau.com.br
O15 - Trusted Zone: http://www.santander.com.br
O15 - Trusted Zone: http://www.santanderempresarial.com.br
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://acessoremotovpn.itau.com.br/CACHE/stc/2/binaries/vpnweb.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginUni - C:\Arquivos de programas\GbPlugin\gbiehUni.dll
O23 - Service: Avira Programador (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Arquivos de programas\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: OracleSvc - Unknown owner - C:\WINDOWS\system32\GoogleUpdt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Arquivos de programas\Sygate\SPF\smc.exe
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\st_rsser.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Arquivos de programas\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
--
End of file - 12665 bytes
Responder
Wings
Wings Cyber Highlander Registrado
20.3K Mensagens 1.2K Curtidas
#2 Por Wings
11/11/2012 - 17:07
Boa tarde ana.rodrigues


veja.png Baixe o Bankerfix (...da Linha Defensiva) e salve-o no Desktop (Área de Trabalho)

*Execute-o.

*Clique [Sim] para instalar

Imagem

*Clique [OK] para baixar

Imagem

*Clique [OK] para executar

Imagem

*Tecle [ENTER]

Imagem

*Ao finalizar, tecle [ENTER]

Imagem

*Cole o relatório ano_mês_dia.txt localizado na pasta C:\LinhaDefensiva\relatorios


veja.png Instale o MalwareBytes

*Aguarde a atualização e o programa será aberto automaticamente

*Selecione [Verificação Rápida]

Imagem

*Clique [Verificar]

*Ao término, clique [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado
ana.rodrigues
ana.rodrigue... Novo Membro Registrado
18 Mensagens 0 Curtidas
#4 Por ana.rodrigue...
11/11/2012 - 19:01
-------------------------------------------------------
BankerFix 3.5 VALKYRIE - Removedor de Bankers
Linha Defensiva | http://www.linhadefensiva.org
http://www.linhadefensiva.org/bankerfix/
-------------------------------------------------------
Data: 2012-11-11 - 18:24
-------------------------------------------------------
Lista de Definição: 2012-08-22-1 | CORE: 2012-08-22-6
=======================================================

----- Fim -------------------------

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org
Versão da Base de Dados: v2012.11.11.07
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Ana Karina :: ANA-KARINA [administrador]
Proteção: Permitir
11/11/2012 18:38:36
mbam-log-2012-11-11 (18-38-36).txt
Tipo de Verificação: Verificação Rápida
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 197926
Tempo decorrido: 19 minuto(s), 48 segundo(s)
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
Arquivos Detectados: 0
(Não foram detectados ítens maliciosos)
(fim)
Wings
Wings Cyber Highlander Registrado
20.3K Mensagens 1.2K Curtidas
#5 Por Wings
11/11/2012 - 19:25
veja.png Delete o BankerFix e a pasta C:\LinhaDefensiva


veja.png Baixe o OTL (...de Old_Timer) e salve-o no Desktop (Área de Trabalho)

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

*Selecione:

Verificar All Users
Ignorar Arquivos Microsoft
Verificar Lop
Verificar Purity


Imagem

*Clique [Verificar]

Imagem

*Ao término, os relatórios OTL.txt e Extras.txt serão criados no Desktop (Área de Trabalho)


veja.png Acesse este link

*Clique [Selecionar arquivo]

*Localize o arquivo OTL.txt no Desktop (Área de Trabalho) e clique [Abrir]

*Clique [Envoyer le fichier]

*Cole o link criado abaixo de Fichier envoyé avec succés! Copiez votre lien :

*Repita o procedimento para o relatório Extras.txt e cole o link
joram
joram Highlander Registrado
5.4K Mensagens 2.5K Curtidas
#7 Por joram
16/11/2012 - 16:40
Boa Tarde! ana.rodrigues

|- O Wings encontra-se impossibilitado e tão logo retorne,dará prosseguimento ao seu caso.
|- Pelo log,vi que suas dificuldades são de acesso ao Banco,já que sois direcionada à páginas fake. ( falsas )

-/-

|- Execute o OTL.exe.
|- Copie estas informações que estão em vermelho,para o campo clipboard da ferramenta. ( "Exames Personalizados/Correções" )

[code=rich]:OTL
PRC - [2012/08/14 21:24:51 | 000,008,192 | ---- | M] () -- C:\WINDOWS\system32\monitor.exe
PRC - [2012/08/14 21:24:50 | 000,739,328 | ---- | M] () -- C:\WINDOWS\system32\GoogleUpdt.exe
MOD - [2012/08/14 21:24:51 | 000,008,192 | ---- | M] () -- C:\WINDOWS\system32\monitor.exe
MOD - [2012/08/14 21:24:50 | 000,739,328 | ---- | M] () -- C:\WINDOWS\system32\GoogleUpdt.exe
MOD - [2012/08/14 21:24:42 | 000,719,872 | ---- | M] () -- C:\WINDOWS\system32\GoS-Util.dll
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Arquivos de programas\Softwin\BitDefender10\bdrsdrv.sys -- (BDRsDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Arquivos de programas\Softwin\BitDefender10\bdfsdrv.sys -- (BDFsDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Arquivos de programas\Softwin\BitDefender10\bdfdll.sys -- (bdfdll)
DRV - [2012/08/14 21:24:42 | 000,003,968 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\MouseUSB.sys -- (MouseUSB)
IE - HKU\S-1-5-21-746137067-884357618-839522115-1003\..\SearchScopes,DefaultScope = {5A74DE8B-3B10-421B-B5AD-02BFC3249221}
IE - HKU\S-1-5-21-746137067-884357618-839522115-1003\..\SearchScopes\{DDF30B77-6DD8-4F4A-8550-BB8853568C33}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ATU3&o=15380&src=crm&q={searchTerms}&locale=pt_BR&apn_ptnrs=UJ&apn_dtid=YYYYYYYYBR&apn_uid=ebadcfe2-269a-4d0a-81bb-2550b4fcfa05&apn_sauid=A0E1D7CA-C166-436B-9972-0ACB1A8765E8
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
[2011/04/29 12:56:04 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Ana Karina\Dados de aplicativos\Mozilla\Firefox\Profiles\kdaqtc22.default\searchplugins\askcom.xml
O1 - Hosts: 88.80.12.18 www2.bancobrasil.com.br
O1 - Hosts: 88.80.12.21 aapj.bb.com.br
O1 - Hosts: 88.80.12.22 bankline.itau.com.br
O1 - Hosts: 88.80.12.23 www.santandernet.com.br
O1 - Hosts: 186.202.166.75 www2.infoseg.gov.br
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll File not found
O3 - HKU\S-1-5-21-746137067-884357618-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [monitor] C:\WINDOWS\system32\monitor.exe ()
O20 - Winlogon\Notify\ GbPluginUni: DllName - (C:\Arquivos de programas\GbPlugin\gbiehUni.dll) - File not found
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Arquivos de programas\GbPlugin\gbiehUni.dll File not found
O33 - MountPoints2\{3a6d0c2a-6186-11e1-946f-001fc603a7ed}\Shell\AutoRun\command - "" = E:\urDrive.exe
O33 - MountPoints2\{6bf9be65-064e-11e2-a281-001fc603a7ed}\Shell - "" = AutoRun
O33 - MountPoints2\{6bf9be65-064e-11e2-a281-001fc603a7ed}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL run.exe
O33 - MountPoints2\{6dcecbb0-8bdf-11e1-94ad-001fc603a7ed}\Shell\AutoRun\command - "" = E:\urDrive.exe
O33 - MountPoints2\{6dcecbb1-8bdf-11e1-94ad-001fc603a7ed}\Shell\AutoRun\command - "" = G:\urDrive.exe
O33 - MountPoints2\{fa3cb142-0c30-11e2-a28c-001fc603a7ed}\Shell\AutoRun\command - "" = E:\RunClubSanDisk.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2012/11/04 19:05:57 | 000,249,344 | ---- | M] () -- C:\Documents and Settings\Ana Karina\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/14 21:24:58 | 000,739,328 | ---- | C] () -- C:\WINDOWS\System32\GoogleUpdt.exe
[2012/08/14 21:24:58 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\monitor.exe
[2012/08/14 21:24:58 | 000,003,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\MouseUSB.sys
[2012/08/14 21:24:57 | 000,719,872 | ---- | C] () -- C:\WINDOWS\System32\GoS-Util.dll
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:CB0AACC9

:Files
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2" /f /c
Type C:\Documents and Settings\All Users\Dados de aplicativos\{429CAD59-35B1-4DBC-BB6D-1DB246563521} /C
ipconfig /flushdns /c
C:\user.js

:Services
OracleSvc

:commands
[purity]
[resethosts]
[emptytemp]
[reboot]
[/code]|- Clique no botão Consertar -> Aguarde a conclusão!
|- O computador vai reiniciar! -> Clique em "Executar".

Imagem

|- Para versões em Inglês,clique em Run Fix que significa "Consertar".
|- Poste o relatório: C:\_OTL\MovedFiles\*.log

Abs!
ana.rodrigues
ana.rodrigue... Novo Membro Registrado
18 Mensagens 0 Curtidas
#8 Por ana.rodrigue...
17/11/2012 - 13:47
Obrigada pela a ajuda.

Segue o novo log.

All processes killed
========== OTL ==========
No active process named monitor.exe was found!
No active process named GoogleUpdt.exe was found!
Service BDRsDrv stopped successfully!
Service BDRsDrv deleted successfully!
File C:\Arquivos de programas\Softwin\BitDefender10\bdrsdrv.sys not found.
Service BDFsDrv stopped successfully!
Service BDFsDrv deleted successfully!
File C:\Arquivos de programas\Softwin\BitDefender10\bdfsdrv.sys not found.
Service bdfdll stopped successfully!
Service bdfdll deleted successfully!
File C:\Arquivos de programas\Softwin\BitDefender10\bdfdll.sys not found.
Service MouseUSB stopped successfully!
Service MouseUSB deleted successfully!
C:\WINDOWS\system32\drivers\MouseUSB.sys moved successfully.
HKEY_USERS\S-1-5-21-746137067-884357618-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-746137067-884357618-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{DDF30B77-6DD8-4F4A-8550-BB8853568C33}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDF30B77-6DD8-4F4A-8550-BB8853568C33}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
C:\Documents and Settings\Ana Karina\Dados de aplicativos\Mozilla\Firefox\Profiles\kdaqtc22.default\searchplugins\askcom.xml moved successfully.
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540008}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-746137067-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\monitor deleted successfully.
C:\WINDOWS\system32\monitor.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginUni\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{E37CB5F0-51F5-4395-A808-5FA49E399008} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E37CB5F0-51F5-4395-A808-5FA49E399008}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a6d0c2a-6186-11e1-946f-001fc603a7ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a6d0c2a-6186-11e1-946f-001fc603a7ed}\ not found.
File E:\urDrive.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6bf9be65-064e-11e2-a281-001fc603a7ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6bf9be65-064e-11e2-a281-001fc603a7ed}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6bf9be65-064e-11e2-a281-001fc603a7ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6bf9be65-064e-11e2-a281-001fc603a7ed}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL run.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6dcecbb0-8bdf-11e1-94ad-001fc603a7ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6dcecbb0-8bdf-11e1-94ad-001fc603a7ed}\ not found.
File E:\urDrive.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6dcecbb1-8bdf-11e1-94ad-001fc603a7ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6dcecbb1-8bdf-11e1-94ad-001fc603a7ed}\ not found.
File G:\urDrive.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa3cb142-0c30-11e2-a28c-001fc603a7ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fa3cb142-0c30-11e2-a28c-001fc603a7ed}\ not found.
File E:\RunClubSanDisk.exe not found.
C:\WINDOWS\002878_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\Ana Karina\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\WINDOWS\system32\GoogleUpdt.exe moved successfully.
File C:\WINDOWS\System32\monitor.exe not found.
File C:\WINDOWS\System32\drivers\MouseUSB.sys not found.
C:\WINDOWS\system32\GoS-Util.dll moved successfully.
ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:CB0AACC9 deleted successfully.
========== FILES ==========
< reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2" /f /c >
A operação foi concluída com êxito.
C:\Documents and Settings\Ana Karina\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Ana Karina\Desktop\cmd.txt deleted successfully.
< Type C:\Documents and Settings\All Users\Dados de aplicativos\{429CAD59-35B1-4DBC-BB6D-1DB246563521} /C >
C:\Documents and Settings\Ana Karina\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Ana Karina\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Configuração de IP do Windows
Liberação do cache do DNS Resolver bem-sucedida.
C:\Documents and Settings\Ana Karina\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Ana Karina\Desktop\cmd.txt deleted successfully.
File\Folder C:\user.js not found.
========== SERVICES/DRIVERS ==========
Service OracleSvc stopped successfully!
Service OracleSvc deleted successfully!
========== COMMANDS ==========
File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!

[EMPTYTEMP]

User: All Users

User: Ana Karina
->Temp folder emptied: 355950801 bytes
->Temporary Internet Files folder emptied: 118804425 bytes
->Java cache emptied: 35627057 bytes
->FireFox cache emptied: 31103926 bytes
->Google Chrome cache emptied: 102407265 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3137 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 76144 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 532768 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32768 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 615,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11172012_130355
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot.
C:\Documents and Settings\Ana Karina\Configurações locais\Temporary Internet Files\Content.IE5\B3756Z9X\1269434[2].htm moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
joram
joram Highlander Registrado
5.4K Mensagens 2.5K Curtidas
#9 Por joram
17/11/2012 - 23:10
Boa Noite! ana.rodrigues

|- Conseguiu acessar o Banco?

-/-

|- Baixe: < MyHosts > ( ... par Jeanmimigab )
|- Salve-o no desktop!

Imagem

|- Execute o arquivo MyHosts.exe,que está na área de trabalho.
|- Para Windows Vista ou 7,execute-o como administrador.
|- Poste o relatório: C:\MyHosts.txt

|- Baixe: < Imagem > ( ... par Nicolas Coolman )

|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Caso utilize o Avast,estabeleça esta configuração à SandBox.
|- Para Windows Vista ou 7,clique direito e execute o arquivo como administrador.
|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!

Imagem

|- Além do relatório,teremos no desktop: ZHP_uninstall, MBRCheck, ZHPDiag, ZHPFix

Imagem

|- Poste e/ou cole aqui,o link que será gerado,logo após o relatório.

Abs!
Wings
Wings Cyber Highlander Registrado
20.3K Mensagens 1.2K Curtidas
#11 Por Wings
26/11/2012 - 21:04
veja.png Execute o OTL.

*Selecione:

Verificar All Users
Ignorar Arquivos Microsoft
Verificar Lop
Verificar Purity


*Cole as linhas, em marrom, no espaço abaixo de Exames Personalizados/Correções

netsvcs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes


*Clique [Verificar]

Imagem

*Cole o relatório apresentado
ana.rodrigues
ana.rodrigue... Novo Membro Registrado
18 Mensagens 0 Curtidas
#12 Por ana.rodrigue...
01/12/2012 - 15:37
OTL logfile created on: 1/12/2012 15:20:54 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Ana Karina\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

1015,17 Mb Total Physical Memory | 204,07 Mb Available Physical Memory | 20,10% Memory free
2,39 Gb Paging File | 1,54 Gb Available in Paging File | 64,76% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 149,04 Gb Total Space | 10,32 Gb Free Space | 6,92% Space Free | Partition Type: NTFS

Computer Name: ANA-KARINA | User Name: Ana Karina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/25 18:27:31 | 000,612,640 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Arquivos de programas\Avira\AntiVir Desktop\update.exe
PRC - [2012/11/15 13:45:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ana Karina\Desktop\OTL.exe
PRC - [2012/08/19 18:47:15 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
PRC - [2012/08/19 18:47:14 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/08/19 18:47:14 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/08/19 18:47:14 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/08/19 18:47:14 | 000,047,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Arquivos de programas\Avira\AntiVir Desktop\updrgui.exe
PRC - [2012/02/25 20:10:17 | 000,740,216 | ---- | M] (BitTorrent, Inc.) -- C:\Arquivos de programas\uTorrent\uTorrent.exe
PRC - [2011/10/24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/10/27 07:00:02 | 001,015,808 | ---- | M] (Ares Development Group) -- C:\Arquivos de programas\Ares\Ares.exe
PRC - [2010/05/14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
PRC - [2009/12/17 20:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Arquivos de programas\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/05/01 15:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Arquivos de programas\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/05/01 15:35:10 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Arquivos de programas\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2008/04/13 20:21:00 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/15 16:55:46 | 001,628,208 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2007/05/15 16:55:46 | 001,550,896 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007/05/15 16:55:26 | 001,057,328 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
PRC - [2004/10/15 20:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Arquivos de programas\Sygate\SPF\Smc.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/19 18:47:15 | 000,398,288 | ---- | M] () -- C:\Arquivos de programas\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012/02/03 16:28:56 | 000,133,584 | ---- | M] () -- C:\Arquivos de programas\Avira\AntiVir Desktop\scewxmlw.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/20 13:29:32 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2011/03/20 13:29:32 | 000,006,144 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc.resources\3.0.0.0_pt_a53cf5803f4c3827\hpqcprsc.resources.dll
MOD - [2011/03/20 13:29:25 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\hpqietpz.resources\3.0.0.0_pt_a53cf5803f4c3827\hpqietpz.resources.dll
MOD - [2011/03/20 13:29:24 | 000,614,400 | ---- | M] () -- c:\windows\assembly\gac\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll
MOD - [2011/03/20 13:29:05 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2011/03/20 13:29:05 | 000,015,360 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb.resources\4.0.0.0_pt_a53cf5803f4c3827\hpqisrtb.resources.dll
MOD - [2011/03/20 13:28:43 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.66__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2011/03/20 13:28:43 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.66__9cf889f53ea9b907\lead.drawing.dll
MOD - [2011/03/20 13:28:43 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.66__9cf889f53ea9b907\lead.dll
MOD - [2011/03/20 13:28:43 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.66__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2011/03/20 13:28:42 | 000,241,664 | ---- | M] () -- c:\windows\assembly\gac\hpqtray.resources\3.0.0.0_pt_a53cf5803f4c3827\hpqtray.resources.dll
MOD - [2011/03/20 13:28:42 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2011/03/20 13:28:42 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2011/03/20 13:28:41 | 000,368,640 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2011/03/20 13:28:41 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2011/03/20 13:28:41 | 000,028,672 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2011/03/20 13:28:41 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2011/03/20 13:28:41 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc.resources\3.0.0.0_pt_a53cf5803f4c3827\hpqfmrsc.resources.dll
MOD - [2011/03/20 13:28:40 | 000,151,552 | ---- | M] () -- c:\windows\assembly\gac\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll
MOD - [2011/03/20 13:28:40 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2011/03/20 13:27:10 | 000,151,552 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2011/03/20 13:27:10 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll
MOD - [2011/03/20 13:27:10 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2011/03/20 13:27:10 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll
MOD - [2011/03/20 13:27:09 | 000,557,056 | ---- | M] () -- c:\windows\assembly\gac\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll
MOD - [2011/03/20 13:27:09 | 000,192,512 | ---- | M] () -- c:\windows\assembly\gac\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll
MOD - [2011/03/20 13:25:26 | 002,076,672 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_d8a6fdc0\system.xml.dll
MOD - [2011/03/20 13:25:23 | 002,994,176 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_41816b1f\system.windows.forms.dll
MOD - [2011/03/20 13:25:19 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_afc0caca\system.drawing.dll
MOD - [2011/03/20 13:25:18 | 001,929,216 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_43f06383\system.dll
MOD - [2011/03/20 13:25:12 | 003,289,088 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_ddb6bbb2\mscorlib.dll
MOD - [2011/03/20 13:24:45 | 002,039,808 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2011/03/20 13:24:45 | 001,335,296 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2011/03/20 13:24:45 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2011/03/20 13:24:44 | 001,216,512 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2011/03/20 13:24:44 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2008/04/13 20:20:34 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006/07/19 00:46:22 | 000,095,744 | ---- | M] () -- C:\Arquivos de programas\Puxa Rápido\IEBHO.dll
MOD - [2004/10/15 19:32:20 | 001,385,712 | ---- | M] () -- C:\Arquivos de programas\Sygate\SPF\tse.dll
MOD - [2004/10/15 19:32:18 | 000,832,744 | ---- | M] () -- C:\Arquivos de programas\Sygate\SPF\SyLink.dll
MOD - [2004/10/15 19:32:12 | 000,890,088 | ---- | M] () -- C:\Arquivos de programas\Sygate\SPF\SpNet.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/08/19 18:47:15 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/08/19 18:47:14 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/04/05 12:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Arquivos de programas\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/12/17 20:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Arquivos de programas\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/05/01 15:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Arquivos de programas\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2007/05/15 16:55:46 | 001,550,896 | ---- | M] (Nero AG) [Auto | Running] -- C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007/05/08 20:47:22 | 000,271,920 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2004/10/15 20:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) [Auto | Running] -- C:\Arquivos de programas\Sygate\SPF\Smc.exe -- (SmcService)
SRV - [2004/03/18 17:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/07/28 21:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/10/15 15:52:36 | 000,046,016 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GbpKm.sys -- (GbpKm)
DRV - [2012/08/19 18:47:15 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/08/19 18:47:15 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/02/03 16:29:12 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/12/17 20:18:50 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/06/30 11:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2007/11/01 04:38:56 | 004,620,288 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/10/17 10:12:00 | 000,030,720 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l251x86.sys -- (AtcL002)
DRV - [2007/05/15 16:55:36 | 000,118,576 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/05/15 16:55:36 | 000,038,576 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/05/15 16:55:36 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/05/15 16:55:36 | 000,016,304 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2004/10/15 19:32:44 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wg6n.sys -- (wg6n)
DRV - [2004/10/15 19:32:42 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wg5n.sys -- (wg5n)
DRV - [2004/10/15 19:32:40 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wg4n.sys -- (wg4n)
DRV - [2004/10/15 19:32:38 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wg3n.sys -- (wg3n)
DRV - [2004/10/15 19:18:46 | 000,021,075 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt)
DRV - [2004/10/15 19:17:02 | 000,060,496 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Teefer.sys -- (Teefer)
DRV - [2004/08/13 00:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-746137067-884357618-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.msn.com/
IE - HKU\S-1-5-21-746137067-884357618-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKU\S-1-5-21-746137067-884357618-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-746137067-884357618-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/
IE - HKU\S-1-5-21-746137067-884357618-839522115-1003\..\SearchScopes,DefaultScope = {5A74DE8B-3B10-421B-B5AD-02BFC3249221}
IE - HKU\S-1-5-21-746137067-884357618-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-746137067-884357618-839522115-1003\..\SearchScopes\{5A74DE8B-3B10-421B-B5AD-02BFC3249221}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSNIE8&pc=MSNIE8&src=IE-SearchBox
IE - HKU\S-1-5-21-746137067-884357618-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-746137067-884357618-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.globo.com/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Arquivos de programas\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Arquivos de programas\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Arquivos de programas\Microsoft Silverlight\2.0.40115.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Arquivos de programas\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)


[2011/03/20 11:14:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ana Karina\Dados de aplicativos\Mozilla\Extensions
[2012/03/20 20:54:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ana Karina\Dados de aplicativos\Mozilla\Firefox\Profiles\kdaqtc22.default\extensions
[2011/03/20 11:33:55 | 000,001,043 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\Puxaki.gif
[2011/03/20 11:33:55 | 000,001,006 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\Puxaki.src

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.globo.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Ana Karina\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\10.0.648.151\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Arquivos de programas\Windows Media Player\npdsplay.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Ana Karina\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\10.0.648.151\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Ana Karina\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\10.0.648.151\gears.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll
CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Arquivos de programas\Panda Security\ActiveScan 2.0\npwrapper.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Ana Karina\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/11/17 12:32:25 | 000,000,321 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 88.80.12.18 www2.bancobrasil.com.br
O1 - Hosts: 127.0.0.1 www14.bancobrasil.com.br
O1 - Hosts: 88.80.12.21 aapj.bb.com.br
O1 - Hosts: 88.80.12.22 bankline.itau.com.br
O1 - Hosts: 127.0.0.1 clickbanking.itau.com.br
O1 - Hosts: 88.80.12.23 www.santandernet.com.br
O1 - Hosts: 127.0.0.1 wwws2.santandernet.com.br
O1 - Hosts: 186.202.166.75 www2.infoseg.gov.br
O1 - Hosts: 127.0.0.1 www5.infoseg.gov.br
O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Reg Error: Value error.) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.dll ()
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (Banco Real)
O4 - HKLM..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [InCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [LanguageShortcut] C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [MaxMenuMgr] C:\Arquivos de programas\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SecurDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [SmcService] C:\Arquivos de programas\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-746137067-884357618-839522115-1003..\Run: [ares] C:\Arquivos de programas\Ares\Ares.exe (Ares Development Group)
O4 - HKU\S-1-5-21-746137067-884357618-839522115-1003..\Run: [uTorrent] C:\Arquivos de programas\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Arquivos de programas\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-746137067-884357618-839522115-1003\..Trusted Domains: bancoreal.com.br ([www] http in Sites confiáveis)
O15 - HKU\S-1-5-21-746137067-884357618-839522115-1003\..Trusted Domains: bancosantander.com.br ([www] http in Sites confiáveis)
O15 - HKU\S-1-5-21-746137067-884357618-839522115-1003\..Trusted Domains: bancosantander.com.br ([www] https in Sites confiáveis)
O15 - HKU\S-1-5-21-746137067-884357618-839522115-1003\..Trusted Domains: itau.com.br ([bankline] https in Sites confiáveis)
O15 - HKU\S-1-5-21-746137067-884357618-839522115-1003\..Trusted Domains: itau.com.br ([guardiao] https in Sites confiáveis)
O15 - HKU\S-1-5-21-746137067-884357618-839522115-1003\..Trusted Domains: itau.com.br ([www] http in Sites confiáveis)
O15 - HKU\S-1-5-21-746137067-884357618-839522115-1003\..Trusted Domains: realsecureweb.com.br ([www] https in Sites confiáveis)
O15 - HKU\S-1-5-21-746137067-884357618-839522115-1003\..Trusted Domains: realsecureweb.com.br ([www2] https in Sites confiáveis)
O15 - HKU\S-1-5-21-746137067-884357618-839522115-1003\..Trusted Domains: realsecureweb.com.br ([wwws] https in Sites confiáveis)
O15 - HKU\S-1-5-21-746137067-884357618-839522115-1003\..Trusted Domains: santander.com.br ([www] http in Sites confiáveis)
O15 - HKU\S-1-5-21-746137067-884357618-839522115-1003\..Trusted Domains: santanderempresarial.com.br ([www] http in Sites confiáveis)
O15 - HKU\S-1-5-21-746137067-884357618-839522115-1003\..Trusted Domains: santandernet.com.br ([www] https in Sites confiáveis)
O15 - HKU\S-1-5-21-746137067-884357618-839522115-1003\..Trusted Domains: santandernet.com.br ([wwws] https in Sites confiáveis)
O15 - HKU\S-1-5-21-746137067-884357618-839522115-1003\..Trusted Domains: santandernet.com.br ([wwws2] https in Sites confiáveis)
O15 - HKU\S-1-5-21-746137067-884357618-839522115-1003\..Trusted Domains: santandernetibe.com.br ([www] https in Sites confiáveis)
O15 - HKU\S-1-5-21-746137067-884357618-839522115-1003\..Trusted Domains: secureweb.com.br ([www] https in Sites confiáveis)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://acessoremotovpn.itau.com.br/CACHE/stc/2/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} http://loja.revelacaodigital.uol.com.br/softwares/iu7037/ImageUploader7.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab (GbPluginObj Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 187.0.152.26 187.0.152.18
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4DF4F07-846B-4C63-9ED3-726F766FF58A}: DhcpNameServer = 187.0.152.26 187.0.152.18
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Arquivos de programas\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-746137067-884357618-839522115-1003 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginAbn: DllName - (C:\ARQUIV~1\GbPlugin\gbiehAbn.dll) - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (Banco Real)
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Alegria.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Alegria.bmp
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (Banco Real)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/19 14:30:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/11/27 19:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ana Karina\Meus documentos\D-Book
[2012/11/27 19:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ana Karina\Dados de aplicativos\D-Book
[2012/11/27 19:34:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ana Karina\Menu Iniciar\Programas\D-Book
[2012/11/27 19:33:21 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Digipix D-Book
[2012/11/18 18:59:23 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Java
[2012/11/18 18:59:00 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/11/18 18:59:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/11/18 18:59:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/11/18 18:59:00 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/11/17 13:03:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/15 13:45:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ana Karina\Desktop\OTL.exe
[2012/11/11 18:29:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ana Karina\Dados de aplicativos\Malwarebytes
[2012/11/11 18:28:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes
[2012/11/11 15:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP
[2012/11/04 19:24:07 | 000,000,000 | ---D | C] -- C:\AMUniformeria
[2012/11/03 16:36:28 | 000,017,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\RkPavproc1.sys
[2012/11/03 16:32:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ana Karina\Recent
[2011/12/01 20:53:56 | 039,035,640 | ---- | C] (Microsoft Corporation) -- C:\Arquivos de programas\FileFormatConverters.exe

========== Files - Modified Within 30 Days ==========

[2012/12/01 15:12:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/01 15:12:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2012/12/01 15:12:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/27 20:35:49 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\Ana Karina\NTUSER.DAT
[2012/11/27 20:35:49 | 000,000,330 | -HS- | M] () -- C:\Documents and Settings\Ana Karina\ntuser.ini
[2012/11/27 19:34:34 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\Ana Karina\Desktop\D-Book.lnk
[2012/11/27 19:21:34 | 100,755,424 | ---- | M] () -- C:\Arquivos de programas\d-book-full-instalar.exe
[2012/11/20 11:25:02 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/11/18 19:04:37 | 000,001,934 | ---- | M] () -- C:\Documents and Settings\Ana Karina\Desktop\Emissor de Nota Fiscal Eletrônica (NF-e) 2.0.lnk
[2012/11/18 18:58:36 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/11/18 18:58:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/11/18 18:58:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/11/18 18:58:36 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/11/18 18:58:35 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/11/15 13:45:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ana Karina\Desktop\OTL.exe
[2012/11/14 20:14:51 | 000,479,790 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
[2012/11/14 20:14:51 | 000,083,728 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
[2012/11/14 20:14:50 | 000,444,336 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/14 20:14:50 | 000,072,020 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/14 20:14:44 | 001,094,974 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2012/11/04 19:05:59 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

========== Files Created - No Company Name ==========

[2012/11/27 19:34:33 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\Ana Karina\Desktop\D-Book.lnk
[2012/11/27 19:07:19 | 100,755,424 | ---- | C] () -- C:\Arquivos de programas\d-book-full-instalar.exe
[2012/11/10 11:49:18 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2012/11/04 18:03:41 | 000,001,934 | ---- | C] () -- C:\Documents and Settings\Ana Karina\Desktop\Emissor de Nota Fiscal Eletrônica (NF-e) 2.0.lnk
[2012/09/25 22:13:23 | 000,000,436 | ---- | C] () -- C:\Documents and Settings\Ana Karina\Dados de aplicativos\pw3270.conf
[2012/08/05 21:31:25 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Ana Karina\Dados de aplicativos\FixVTS.ini
[2012/04/14 16:53:24 | 000,000,176 | ---- | C] () -- C:\WINDOWS\REC-NET.INI
[2012/02/18 21:54:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/30 13:05:25 | 000,043,972 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/05/29 17:44:38 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/04/25 10:58:34 | 000,401,448 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat
[2011/04/25 10:52:48 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\MSJCE.dll
[2011/03/20 19:50:40 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\Ana Karina\Configurações locais\Dados de aplicativos\fusioncache.dat
[2011/03/20 12:46:01 | 000,104,285 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2011/03/20 12:46:01 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2011/03/20 11:14:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/19 16:18:14 | 004,815,540 | -H-- | C] () -- C:\Documents and Settings\Ana Karina\Configurações locais\Dados de aplicativos\IconCache.db
[2011/03/19 15:37:33 | 000,056,168 | ---- | C] () -- C:\Documents and Settings\Ana Karina\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT
[2011/03/19 15:12:14 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2011/03/19 14:54:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2011/03/19 14:50:14 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/03/19 14:45:25 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/03/19 14:43:19 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll
[2011/03/19 14:40:32 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2011/03/19 14:40:30 | 000,011,617 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2011/03/19 14:40:18 | 000,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011/03/19 14:35:36 | 000,000,330 | -HS- | C] () -- C:\Documents and Settings\Ana Karina\ntuser.ini
[2011/03/19 14:35:34 | 007,340,032 | -H-- | C] () -- C:\Documents and Settings\Ana Karina\NTUSER.DAT
[2011/03/19 14:32:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/19 14:30:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2011/03/19 14:29:20 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2011/03/19 14:29:15 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2011/03/19 14:27:35 | 000,021,844 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/19 14:27:28 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2011/03/19 14:27:28 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2011/03/19 14:26:55 | 000,026,931 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2011/03/19 14:26:54 | 000,003,828 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2011/03/19 11:20:05 | 001,094,974 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011/03/19 11:20:04 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/19 11:17:18 | 000,235,168 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2011/03/20 13:24:54 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:20:42 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008/04/13 20:20:28 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:20:42 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/06/24 13:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\AVAST Software
[2011/09/16 21:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Cisco
[2011/07/03 17:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\F-Secure
[2012/11/11 11:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin
[2011/05/30 14:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Seagate
[2012/11/11 16:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP
[2011/05/15 19:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/12/06 21:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ana Karina\Dados de aplicativos\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/11/27 19:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ana Karina\Dados de aplicativos\D-Book
[2011/07/03 17:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ana Karina\Dados de aplicativos\f-secure
[2011/05/30 14:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ana Karina\Dados de aplicativos\Leadertech
[2011/05/15 20:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ana Karina\Dados de aplicativos\LimeWire
[2012/10/28 20:15:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ana Karina\Dados de aplicativos\RipIt4Me
[2012/12/01 15:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ana Karina\Dados de aplicativos\uTorrent

========== Purity Check ==========



========== Custom Scans ==========

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes >
"DefaultScope" = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]

< HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes >
"Version" = 1
"DefaultScope" = {5A74DE8B-3B10-421B-B5AD-02BFC3249221}
"DownloadRetries" = 0

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5A74DE8B-3B10-421B-B5AD-02BFC3249221}]

========== Alternate Data Streams ==========

@Alternate Data Stream - 314 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst
@Alternate Data Stream - 2 bytes -> C:\WINDOWS\system32:AAAB71E9_Uni.gbp
@Alternate Data Stream - 2 bytes -> C:\WINDOWS\system32:AAAB71E9_Abn.gbp
< End of report >
joram
joram Highlander Registrado
5.4K Mensagens 2.5K Curtidas
#13 Por joram
02/12/2012 - 08:41
Bom Dia! ana.rodrigues

|- Siga na ordem estabelecida,estes procedimentos!

-/-

|- Baixe: < ProxyFix >
|- Salve-o no desktop!
|- Execute o ProxyFix.exe.

Imagem

|- Tecle D -> ENTER.
|- Poste o relatório!

|- Baixe: < Imagem > ( hosts-perm.bat )
|- Salve-o no desktop!
|- Execute hosts-perm.bat,como administrador.
|- Ao concluir,teremos a mensagem "The Permissions on the HOSTS file have been reset".
|- Para sair,aperte Enter ou qualquer tecla.

-/-

|- Execute o OTL.exe.
|- Copie estas informações que estão em vermelho,para o campo clipboard da ferramenta. ( "Exames Personalizados Correções" )

[code=rich]:OTL
O1 - Hosts: 88.80.12.18 www2.bancobrasil.com.br
O1 - Hosts: 88.80.12.21 aapj.bb.com.br
O1 - Hosts: 88.80.12.22 bankline.itau.com.br
O1 - Hosts: 88.80.12.23 www.santandernet.com.br
O1 - Hosts: 186.202.166.7 www2.infoseg.gov.br
O4 - HKLM..\Run: [monitor] C:\WINDOWS\system32\monitor.exe ()
[2012/08/14 21:24:58 | 000,003,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\MouseUSB.sys
[2012/08/14 21:24:57 | 000,719,872 | ---- | C] () -- C:\WINDOWS\System32\GoS-Util.dll
[2012/08/14 21:24:58 | 000,739,328 | ---- | C] () -- C:\WINDOWS\System32\GoogleUpdt.exe

:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"DefaultConnectionSettings"=hex:3c,00,00,00,15,00,00,00,01,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,\
01,00,00,00,c0,a8,83,41,00,00,00,00,00,00,00,00
"SavedLegacySettings"=hex:3c,00,00,00,e6,01,00,00,01,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,01,00,\
00,00,c0,a8,83,41,00,00,00,00,00,00,00,00

:Files
C:\WINDOWS\System32\drivers\MouseUSB.sys
C:\WINDOWS\System32\drivers\OracleSvc.sys
C:\WINDOWS\System32\GoogleUpdt.exe
C:\WINDOWS\system32\monitor.exe
C:\WINDOWS\System32\GoS-Util.dll
C:\WINDOWS\System32\*.tmp
ipconfig /flushdns /c
C:\WINDOWS\*.tmp

:services
MouseUSB
OracleSvc

:commands
[CLEARALLRESTOREPOINTS]
[resethosts]
[emptytemp]
[purity]
[reboot]
[/code]|- Clique no botão Consertar -> Aguarde a conclusão!
|- O computador vai reiniciar! -> Clique em "Executar".

Imagem

|- Para versões em Inglês,clique em Run Fix que é o mesmo que Consertar.
|- Poste o relatório: C:\_OTL\MovedFiles\*.log

A+
ana.rodrigues
ana.rodrigue... Novo Membro Registrado
18 Mensagens 0 Curtidas
#15 Por ana.rodrigue...
02/12/2012 - 20:46
All processes killed
========== OTL ==========
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\monitor not found.
File C:\WINDOWS\system32\monitor.exe not found.
File C:\WINDOWS\System32\drivers\MouseUSB.sys not found.
File C:\WINDOWS\System32\GoS-Util.dll not found.
File C:\WINDOWS\System32\GoogleUpdt.exe not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\ deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\"DefaultConnectionSettings"|hex:3c,00,00,00,15,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,01,00,00,00,c0,a8,83,41,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\"SavedLegacySettings"|hex:3c,00,00,00,e6,01,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,01,00,00,00,c0,a8,83,41,00,00,00,00,00,00,00,00 /E : value set successfully!
========== FILES ==========
File\Folder C:\WINDOWS\System32\drivers\MouseUSB.sys not found.
File\Folder C:\WINDOWS\System32\drivers\OracleSvc.sys not found.
File\Folder C:\WINDOWS\System32\GoogleUpdt.exe not found.
File\Folder C:\WINDOWS\system32\monitor.exe not found.
File\Folder C:\WINDOWS\System32\GoS-Util.dll not found.
File\Folder C:\WINDOWS\System32\*.tmp not found.
< ipconfig /flushdns /c >
Configuração de IP do Windows
Liberação do cache do DNS Resolver bem-sucedida.
C:\Documents and Settings\Ana Karina\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Ana Karina\Desktop\cmd.txt deleted successfully.
File\Folder C:\WINDOWS\*.tmp not found.
========== SERVICES/DRIVERS ==========
Error: No service named MouseUSB was found to stop!
Service\Driver key MouseUSB not found.
Error: No service named OracleSvc was found to stop!
Service\Driver key OracleSvc not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!

[EMPTYTEMP]

User: All Users

User: Ana Karina
->Temp folder emptied: 4241700 bytes
->Temporary Internet Files folder emptied: 299584071 bytes
->Java cache emptied: 33540663 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2450 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 2416224054 bytes

Total Files Cleaned = 2.626,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12022012_202657
Files\Folders moved on Reboot...
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
C:\Documents and Settings\Ana Karina\Configurações locais\Temporary Internet Files\Content.IE5\7M30BH5P\banner_java[1].htm moved successfully.
C:\Documents and Settings\Ana Karina\Configurações locais\Temporary Internet Files\Content.IE5\7M30BH5P\glee[1].htm moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Responder Tópico
© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal