Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
Andreiany

pc reinicia sozinho e lento, ie abre várias janelas.

Recommended Posts

Olá o meu pc está com vários problemas: de vez em quando dá uma mensagem de erro do windows e reinicia sozinho. Fica lento e trava as vezes.

E agora quando eu abro o ie começa a abrir várias janelas.

Fiz o scan do hijack this, não sei se precisa de algo mais.

Obrigada

Ah, apareceu uma janela com a informação:

For some reason your system denied write acces to the hosts file.

If any hijacked domains are in this file, hijack this may not be able to fix this.

If that happens, you need to edit the file yourself. To do this, click start run and type:

notepad C:||windows|system32|drivers|etc|hosts

and press enter. Find the lines hijack this reports and delete them. Save the files as hosts'.(with quotes) and reboot.

For vista: simply exit hijack this, right click on the hijack this icon, choose run as administrator.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:01:28, on 28/04/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\wuauclt.exe

C:\Users\Lab1\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lab1\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lab1\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lab1\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lab1\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lab1\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lab1\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lab1\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lab1\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lab1\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe

C:\Windows\system32\rundll32.exe

C:\Users\Lab1\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lab1\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe

C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe

C:\Program Files\Java\jre6\bin\java.exe

C:\Windows\system32\conhost.exe

C:\Users\Lab1\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Users\Lab1\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lab1\Downloads\HijackThis (1).exe

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehCef.dll

O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~1\GbPlugin\gbiehuni.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Users\Lab1\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SISTEMA')

O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')

O8 - Extra context menu item: Adicionar ao Antibanner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: SmarThru4 Capturar seleção - C:\Program Files\SmarThru 4\WebCapture.dll2.htm

O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm

O8 - Extra context menu item: SmarThru4 Salvar como HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm

O8 - Extra context menu item: SmarThru4 Salvar texto selecionado - C:\Program Files\SmarThru 4\WebCapture.dll.htm

O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm

O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm

O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra button: &Teclado Virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL

O9 - Extra button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra button: SmarThru4 Capturar seleção - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra 'Tools' menuitem: SmarThru4 Capturar seleção - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra button: SmarThru4 Salvar como HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra 'Tools' menuitem: SmarThru4 Salvar como HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra button: SmarThru4 Salvar texto selecionado - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra 'Tools' menuitem: SmarThru4 Salvar texto selecionado - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: http://www.itau.com.br

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.itau.com.br/itau/gbplugin/gbplugin2/cab/GbPluginUni.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~1\GbPlugin\gbiehUni.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Serviço do Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: VCDSecS - Unknown owner - C:\Program Files\Virtual CD v4\System\vcdsecs.exe (file missing)

--

End of file - 11931 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Leia o tópico "Leia Antes de Postar" e poste os logs solicitados.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • As coisas mudaram, né! Desculpe. Segue o solicitado:

    .

    DDS (Ver_2011-08-26.01) - NTFSx86

    Internet Explorer: 9.0.8112.16421

    Run by Lab1 at 13:48:09 on 2012-05-04

    Microsoft Windows 7 Starter 6.1.7600.0.1252.55.1046.18.2038.883 [GMT -3:00]

    .

    AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

    SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

    .

    ============== Running Processes ===============

    .

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\PROGRA~1\GbPlugin\GbpSv.exe

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

    C:\Windows\System32\igfxtray.exe

    C:\Windows\System32\hkcmd.exe

    C:\Windows\System32\igfxpers.exe

    C:\Windows\system32\igfxsrvc.exe

    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\Windows\system32\taskhost.exe

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

    C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    C:\Windows\System32\svchost.exe -k secsvcs

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Users\Lab1\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Lab1\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Lab1\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Lab1\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Lab1\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Lab1\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Lab1\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Lab1\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe

    C:\Windows\system32\rundll32.exe

    C:\Users\Lab1\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Windows\system32\wuauclt.exe

    C:\Users\Lab1\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Lab1\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Windows\system32\conhost.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://www.google.com.br/

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll

    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

    BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

    BHO: DealPly: {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - c:\program files\dealply\DealPlyIE.dll

    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

    BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - c:\program files\gbplugin\gbieh.dll

    BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540003} - c:\program files\gbplugin\gbiehCef.dll

    BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540008} - c:\progra~1\gbplugin\gbiehuni.dll

    BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll

    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

    uRun: [Google Update] "c:\users\lab1\appdata\local\google\update\GoogleUpdate.exe" /c

    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

    mRun: [igfxTray] c:\windows\system32\igfxtray.exe

    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

    mRun: [Persistence] c:\windows\system32\igfxpers.exe

    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

    mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"

    mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

    dRunOnce: [<NO NAME>]

    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    IE: Adicionar ao Antibanner - c:\program files\kaspersky lab\kaspersky internet security 2012\ie_banner_deny.htm

    IE: E&xportar para o Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000

    IE: SmarThru4 Capturar seleção - c:\program files\smarthru 4\WebCapture.dll2.htm

    IE: SmarThru4 Capture Selection - c:\program files\smarthru 4\WebCapture.dll2.htm

    IE: SmarThru4 Salvar como HTML - c:\program files\smarthru 4\WebCapture.dll1.htm

    IE: SmarThru4 Salvar texto selecionado - c:\program files\smarthru 4\WebCapture.dll.htm

    IE: SmarThru4 Save as HTML - c:\program files\smarthru 4\WebCapture.dll1.htm

    IE: SmarThru4 Save Selected Text - c:\program files\smarthru 4\WebCapture.dll.htm

    IE: SmarThru4 Web Capture - c:\program files\smarthru 4\WebCapture.dll

    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll

    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL

    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll

    Trusted Zone: itau.com.br\bankline

    Trusted Zone: itau.com.br\guardiao

    Trusted Zone: itau.com.br\www

    TCP: DhcpNameServer = 10.1.1.1

    TCP: Interfaces\{339FF2F9-66BB-4198-A910-9D540EA49323} : DhcpNameServer = 10.1.1.1

    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

    Notify: GbPluginBb - c:\program files\gbplugin\gbieh.dll

    Notify: GbPluginCef - c:\program files\gbplugin\gbiehCef.dll

    Notify: GbPluginUni - c:\progra~1\gbplugin\gbiehUni.dll

    Notify: igfxcui - igfxdev.dll

    Notify: klogon - c:\windows\system32\klogon.dll

    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399003} - c:\program files\gbplugin\gbiehcef.dll

    SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - c:\program files\gbplugin\gbieh.dll

    SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399008} - c:\progra~1\gbplugin\gbiehuni.dll

    .

    ============= SERVICES / DRIVERS ===============

    .

    R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2011-2-28 44280]

    R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]

    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2011-3-10 23856]

    R2 AVP;Serviço do Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe [2011-4-24 202296]

    R2 GbpSv;Gbp Service;c:\progra~1\gbplugin\GbpSv.exe [2012-2-29 203256]

    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-27 654408]

    R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l160x86.sys [2009-6-24 47104]

    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]

    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-5 22344]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-10 136176]

    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-10 253088]

    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

    S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6032.sys [2009-7-13 164864]

    S3 gupdatem;Serviço do Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-10 136176]

    .

    =============== Created Last 30 ================

    .

    2012-05-04 15:54:02 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{edbcbf44-b8c7-4b97-8a1a-49606f743a62}\mpengine.dll

    2012-04-28 16:11:46 -------- d-----w- C:\Hijack

    2012-04-28 14:56:58 -------- d-----w- C:\LinhaDefensiva

    2012-04-12 00:07:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb

    2012-04-12 00:01:22 5120 ----a-w- c:\windows\system32\wmi.dll

    2012-04-12 00:01:22 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys

    2012-04-12 00:01:22 172544 ----a-w- c:\windows\system32\wintrust.dll

    2012-04-12 00:01:20 158720 ----a-w- c:\windows\system32\imagehlp.dll

    2012-04-12 00:00:58 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe

    2012-04-12 00:00:57 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe

    2012-04-10 14:08:40 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

    .

    ==================== Find3M ====================

    .

    2012-04-13 20:43:22 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2012-04-04 18:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

    2012-03-12 15:00:13 2516 --sha-w- c:\programdata\KGyGaAvL.sys

    2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll

    2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

    2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll

    2012-02-23 13:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe

    2012-02-16 13:47:32 472808 ----a-w- c:\windows\system32\deployJava1.dll

    2012-02-15 05:44:57 826368 ----a-w- c:\windows\system32\rdpcore.dll

    2012-02-15 04:22:43 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys

    2012-02-15 04:22:18 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys

    2012-02-10 05:41:38 1074176 ----a-w- c:\windows\system32\DWrite.dll

    2012-02-10 05:41:20 218624 ----a-w- c:\windows\system32\d3d10_1core.dll

    2012-02-10 05:41:20 161792 ----a-w- c:\windows\system32\d3d10_1.dll

    2012-02-10 05:41:20 1170944 ----a-w- c:\windows\system32\d3d10warp.dll

    2012-02-10 05:41:19 739840 ----a-w- c:\windows\system32\d2d1.dll

    .

    ============= FINISH: 13:50:08,82 ===============

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2011-08-26.01)

    .

    Microsoft Windows 7 Starter

    Boot Device: \Device\HarddiskVolume1

    Install Date: 26/01/2011 15:23:15

    System Uptime: 04/05/2012 12:47:44 (1 hours ago)

    .

    Motherboard: Positivo Informatica SA | | POS-AG31AP

    Processor: Pentium® Dual-Core CPU E5500 @ 2.80GHz | Socket 775 | 2800/200mhz

    .

    ==== Disk Partitions =========================

    .

    C: is FIXED (NTFS) - 288 GiB total, 238,885 GiB free.

    D: is CDROM ()

    .

    ==== Disabled Device Manager Items =============

    .

    Class GUID:

    Description: H+H Virtual CD SCSI Controller

    Device ID: ROOT\VCDMPDRV\0000

    Manufacturer:

    Name: H+H Virtual CD SCSI Controller

    PNP Device ID: ROOT\VCDMPDRV\0000

    Service: vcdmpdrv

    .

    ==== System Restore Points ===================

    .

    RP140: 17/04/2012 12:18:17 - Windows Update

    RP141: 20/04/2012 10:37:05 - Windows Update

    RP142: 24/04/2012 13:00:32 - Windows Update

    RP143: 27/04/2012 11:25:43 - Windows Update

    RP144: 28/04/2012 13:28:59 - instalação hijack this

    RP145: 02/05/2012 12:31:12 - Windows Update

    RP146: 04/05/2012 12:52:49 - Windows Update

    .

    ==== Installed Programs ======================

    .

    Adobe Flash Player 11 ActiveX

    Adobe PageMaker 7.0

    Adobe Reader X - Português

    Any Video Converter 3.3.0

    Assistente de Conexão do Windows Live

    Assistente Pimaco +

    Atualização do produto Microsoft Office Excel 2007 Help (KB963678)

    Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)

    Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)

    Atualização do produto Microsoft Office Word 2007 Help (KB963665)

    CorelDRAW Graphics Suite X4

    CorelDRAW Graphics Suite X4 - Capture

    CorelDRAW Graphics Suite X4 - Content

    CorelDRAW Graphics Suite X4 - Draw

    CorelDRAW Graphics Suite X4 - Filters

    CorelDRAW Graphics Suite X4 - FontNav

    CorelDRAW Graphics SUite X4 - ICA

    CorelDRAW Graphics Suite X4 - IPM

    CorelDRAW Graphics Suite X4 - Lang BR

    CorelDRAW Graphics Suite X4 - Lang DE

    CorelDRAW Graphics Suite X4 - Lang EN

    CorelDRAW Graphics Suite X4 - Lang ES

    CorelDRAW Graphics Suite X4 - Lang FR

    CorelDRAW Graphics Suite X4 - Lang IT

    CorelDRAW Graphics Suite X4 - Lang NL

    CorelDRAW Graphics Suite X4 - PP

    CorelDRAW Graphics Suite X4 - VBA

    CorelDRAW® Graphics Suite X4

    CorelDRAW® Graphics Suite X4 - Windows Shell Extension

    DealPly

    DeepBurner v1.9.0.228

    Ferramenta de Carregamento do Windows Live

    Google Chrome

    Google Toolbar for Internet Explorer

    Google Update Helper

    Intel® Graphics Media Accelerator Driver

    Intel® TV Wizard

    Java Auto Updater

    Java 6 Update 31

    Junk Mail filter update

    Kaspersky Internet Security 2012

    Malwarebytes Anti-Malware versão 1.61.0.1400

    Microsoft .NET Framework 4 Client Profile

    Microsoft Application Error Reporting

    Microsoft Choice Guard

    Microsoft Office 2007 Service Pack 2 (SP2)

    Microsoft Office 2007 Service Pack 3 (SP3)

    Microsoft Office 2010

    Microsoft Office Access MUI (Portuguese (Brazil)) 2007

    Microsoft Office Enterprise 2007

    Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

    Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

    Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

    Microsoft Office Live Add-in 1.3

    Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

    Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

    Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

    Microsoft Office Proof (English) 2007

    Microsoft Office Proof (Portuguese (Brazil)) 2007

    Microsoft Office Proof (Spanish) 2007

    Microsoft Office Proofing (Portuguese (Brazil)) 2007

    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

    Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

    Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

    Microsoft Office Word MUI (Portuguese (Brazil)) 2007

    Microsoft SQL Server 2005 Compact Edition [ENU]

    Microsoft Sync Framework Runtime Native v1.0 (x86)

    Microsoft Sync Framework Services Native v1.0 (x86)

    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

    MSVCRT

    MSXML 4.0 SP2 (KB954430)

    MSXML 4.0 SP2 (KB973688)

    Nero OEM

    Pimaco

    Readiris Pro 10

    Realtek High Definition Audio Driver

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

    SmarThru 4

    SmarThru PC Fax

    TeLL me More

    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

    Update for Outlook 2007 Junk Email Filter (KB2492475)

    Update Manager

    Visual Basic for Applications ® Core

    Visual Basic for Applications ® Core - English

    Visual Basic for Applications ® Core - Portuguese (Brazil)

    Windows Live Call

    Windows Live Communications Platform

    Windows Live Essentials

    Windows Live Galeria de Fotos

    Windows Live Mail

    Windows Live Messenger

    Windows Live Movie Maker

    Windows Live Sync

    Windows Live Writer

    WinRAR 4.01 (32-bit)

    .

    ==== End Of File ===========================

    GMER 1.0.15.15641 - http://www.gmer.net

    Rootkit scan 2012-05-04 14:57:52

    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3320418AS rev.CC44

    Running: gmer.exe; Driver: C:\Users\Lab1\AppData\Local\Temp\pxldrpow.sys

    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x83F9928A]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x83FB3342]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x83FB3678]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x83FB39EE]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x83F99D04]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x83FB302A]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x83F9A276]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x83F9A164]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x83FB34E8]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x83F99046]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x83F9A38E]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x83F998BA]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x83F99A2A]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x83F9A4A6]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x83FB35B0]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x83F9A74E]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x83F99D46]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x83F9B750]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x83F9A840]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x83F9ADAC]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwNotifyChangeKey [0x83FB1840]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x83F9A308]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x83F9A1F0]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x83F994C4]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x83F9AB90]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x83F9A420]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x83F993B8]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x83F9A55C]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryObject [0x83FB1A38]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x83F9B0D2]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x83F9A9E0]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x83FB37DC]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x83FB372A]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x83FB3848]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x83F9B5F2]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x83FB31B2]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x83F99BA4]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x83F9A5FA]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x83F9B222]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x83F9B316]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x83F9B450]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x83F9A670]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x83F99664]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x83F995BA]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x83F9AF8A]

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x83F99750]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82C5A5C9 1 Byte [06]

    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C7F092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

    .text ntkrnlpa.exe!RtlSidHashLookup + 250 82C86890 4 Bytes [8A, 92, F9, 83]

    .text ntkrnlpa.exe!RtlSidHashLookup + 278 82C868B8 8 Bytes [42, 33, FB, 83, 78, 36, FB, ...]

    .text ntkrnlpa.exe!RtlSidHashLookup + 2BC 82C868FC 4 Bytes [EE, 39, FB, 83]

    .text ntkrnlpa.exe!RtlSidHashLookup + 2E8 82C86928 4 Bytes [04, 9D, F9, 83]

    .text ntkrnlpa.exe!RtlSidHashLookup + 30C 82C8694C 4 Bytes [2A, 30, FB, 83]

    .text ...

    ? C:\Users\Lab1\AppData\Local\Temp\mbr.sys O sistema não pode encontrar o arquivo especificado. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\services.exe[592] kernel32.dll!FreeLibraryAndExitThread 776F3490 5 Bytes JMP 3B68F223 C:\Program Files\GbPlugin\gbiehCef.dll (Gbieh Module/Caixa Economica Federal)

    .text C:\Windows\system32\services.exe[592] kernel32.dll!FreeLibrary 77701989 5 Bytes JMP 3B68F2AB C:\Program Files\GbPlugin\gbiehCef.dll (Gbieh Module/Caixa Economica Federal)

    ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;

    .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] ntdll.dll!NtProtectVirtualMemory 777D5000 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)

    ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: rpchttp.dllunknown module: KERNELBASE.dll

    .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] USER32.dll!NotifyWinEvent + 48B 7626F724 4 Bytes [E0, 13, 54, 67]

    ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;

    .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] ntdll.dll!NtProtectVirtualMemory 777D5000 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)

    ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: rpchttp.dllunknown module: KERNELBASE.dll

    .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] USER32.dll!NotifyWinEvent + 48B 7626F724 4 Bytes [E0, 13, 54, 67]

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF05F8

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF0664

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF06D0

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF073C

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 7DFF03DC

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 7DFF0448

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7DFE007C

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFE007C

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFE01C0

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 7DFF058C

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF0448

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 7DFF058C

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFE007C

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFE0154

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFE0010

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFE01C0

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 7DFF058C

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!HeapFree] 7DFF058C

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress] 7DFE0154

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!FreeLibrary] 7DFE0010

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!CreateThread] 7DFF0448

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1600] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleHandleA] 7DFE007C

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF05F8

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF0664

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF06D0

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF073C

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 7DFF03DC

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 7DFF0448

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7DFE007C

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFE007C

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFE01C0

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 7DFF058C

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF0448

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 7DFF058C

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFE007C

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFE0154

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFE0010

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFE01C0

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 7DFF058C

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!HeapFree] 7DFF058C

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 7DFE0154

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 7DFE0010

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateThread] 7DFF0448

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2096] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] 7DFE007C

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\ACPI_HAL \Device\00000043 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

    AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

    ---- EOF - GMER 1.0.15 ----

    Obrigada

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    As coisas mudaram, né!

    Só faz 4 anos :)

    Esse computador pertence a alguma empresa ou escola/faculdade?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Só faz 4 anos :)

    Esse computador pertence a alguma empresa ou escola/faculdade?

    Olá,

    Então, esse computador é meu, mas eu uso ele p/ trabalhar com a minha mãe, teria algum problema?

    Obrigada

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Leia as instruções contidas neste link:

    Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

    1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

    [*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

    • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
    • Clique em "OK" ao EULA.
    • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

    [*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

    NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

    NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

    • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
    • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
    • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Leia as instruções contidas neste link:

    Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

    1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

    [*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

    • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
    • Clique em "OK" ao EULA.
    • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

    [*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

    NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

    Olá, o computador não reiniciou automaticamente. Segue o log. Obrigada

    ComboFix 12-05-16.02 - Lab1 16/05/2012 15:34:30.1.2 - x86

    Microsoft Windows 7 Starter 6.1.7600.0.1252.55.1046.18.2038.1409 [GMT -3:00]

    Executando de: C:\Users\Lab1\Desktop\ComboFix.exe

    AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

    FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

    SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ADS - system32: deleted 6 bytes in 3 streams.

    ADS - drivers: deleted 361 bytes in 1 streams.

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    C:\ProgramData\EBCE2C2F2C.sys

    C:\Windows\system32\Thumbs.db

    (((((((((((((((( Arquivos/Ficheiros criados de 2012-04-16 to 2012-05-16 ))))))))))))))))))))))))))))

    2012-05-16 18:41:01 . 2012-05-16 18:41:01 -------- d-----w- C:\Users\Default\AppData\Local\temp

    2012-05-15 19:12:14 . 2012-05-16 18:32:37 56200 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{68BCE6B6-64E0-49B5-B8F5-FC51823D1D2F}\offreg.dll

    2012-05-15 13:55:27 . 2012-04-13 07:36:43 6734704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{68BCE6B6-64E0-49B5-B8F5-FC51823D1D2F}\mpengine.dll

    2012-05-12 12:54:47 . 2012-03-30 10:29:05 1287024 ----a-w- C:\Windows\system32\drivers\tcpip.sys

    2012-05-12 12:54:43 . 2012-04-02 04:40:25 936960 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

    2012-05-12 12:54:24 . 2012-04-02 04:46:44 3958128 ----a-w- C:\Windows\system32\ntkrnlpa.exe

    2012-05-12 12:54:24 . 2012-04-02 04:46:44 3902320 ----a-w- C:\Windows\system32\ntoskrnl.exe

    2012-05-12 12:54:23 . 2012-04-02 02:43:16 2342400 ----a-w- C:\Windows\system32\win32k.sys

    2012-05-12 12:54:20 . 2012-03-17 07:20:17 56688 ----a-w- C:\Windows\system32\drivers\partmgr.sys

    2012-05-12 12:54:18 . 2012-03-03 05:40:21 1074176 ----a-w- C:\Windows\system32\DWrite.dll

    2012-05-12 12:54:18 . 2012-03-03 05:40:10 1170944 ----a-w- C:\Windows\system32\d3d10warp.dll

    2012-05-12 12:54:18 . 2012-03-03 05:40:09 739840 ----a-w- C:\Windows\system32\d2d1.dll

    2012-05-12 12:54:18 . 2012-03-03 05:40:09 218624 ----a-w- C:\Windows\system32\d3d10_1core.dll

    2012-05-12 12:54:18 . 2012-03-03 05:40:09 161792 ----a-w- C:\Windows\system32\d3d10_1.dll

    2012-05-05 17:04:44 . 2012-05-05 17:04:44 4126880 ----a-w- C:\Windows\system32\FlashPlayerInstaller.exe

    2012-04-28 16:11:46 . 2012-04-28 16:11:46 -------- d-----w- C:\Hijack

    2012-04-28 14:56:58 . 2012-04-28 15:00:00 -------- d-----w- C:\LinhaDefensiva

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2012-05-05 17:04:52 . 2012-04-10 14:08:40 419488 ----a-w- C:\Windows\system32\FlashPlayerApp.exe

    2012-05-05 17:04:52 . 2011-05-17 17:44:01 70304 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl

    2012-04-04 18:56:40 . 2012-01-05 13:54:18 22344 ----a-w- C:\Windows\system32\drivers\mbam.sys

    2012-03-12 15:00:13 . 2011-02-16 13:50:50 2516 --sha-w- C:\ProgramData\KGyGaAvL.sys

    2012-03-01 05:53:27 . 2012-04-12 00:01:22 19312 ----a-w- C:\Windows\system32\drivers\fs_rec.sys

    2012-03-01 05:49:05 . 2012-04-12 00:01:22 172544 ----a-w- C:\Windows\system32\wintrust.dll

    2012-03-01 05:45:05 . 2012-04-12 00:01:20 158720 ----a-w- C:\Windows\system32\imagehlp.dll

    2012-03-01 05:40:44 . 2012-04-12 00:01:22 5120 ----a-w- C:\Windows\system32\wmi.dll

    2012-02-28 01:18:55 . 2012-04-12 00:06:58 1799168 ----a-w- C:\Windows\system32\jscript9.dll

    2012-02-28 01:11:21 . 2012-04-12 00:06:54 1427456 ----a-w- C:\Windows\system32\inetcpl.cpl

    2012-02-28 01:11:07 . 2012-04-12 00:06:57 1127424 ----a-w- C:\Windows\system32\wininet.dll

    2012-02-28 01:03:16 . 2012-04-12 00:07:00 2382848 ----a-w- C:\Windows\system32\mshtml.tlb

    2012-02-23 13:18:36 . 2012-01-04 17:07:48 237072 ------w- C:\Windows\system32\MpSigStub.exe

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    *Nota* entradas vazias e legítimas por padrão não são apresentadas.

    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-18 22:15:48 7711264]

    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2009-09-23 21:30:48 141848]

    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2009-09-23 21:30:48 173592]

    "Persistence"="C:\Windows\system32\igfxpers.exe" [2009-09-23 21:30:48 150552]

    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 14:44:34 31072]

    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-25 01:15:02 202296]

    "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 16:02:04 254696]

    "Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 18:56:38 462408]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    "{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "C:\PROGRA~1\GbPlugin\gbiehuni.dll" [2012-02-01 13:41:58 601592]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

    2011-03-30 12:19:20 505736 ----a-w- C:\Program Files\GbPlugin\gbieh.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

    2012-01-11 17:01:26 726360 ----a-w- C:\Program Files\GbPlugin\gbiehcef.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

    2012-02-01 13:41:58 601592 ----a-w- C:\PROGRA~1\GbPlugin\gbiehuni.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "aux"=wdmaud.drv

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Assistente para criação de disco de recuperação.lnk]

    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Assistente para criação de disco de recuperação.lnk

    backup=C:\Windows\pss\Assistente para criação de disco de recuperação.lnk.CommonStartup

    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Lab1^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

    path=C:\Users\Lab1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk

    backup=C:\Windows\pss\LimeWire On Startup.lnk.Startup

    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^Lab1^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Recorte de tela e Iniciador do OneNote 2007.lnk]

    path=C:\Users\Lab1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk

    backup=C:\Windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnk.Startup

    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

    2010-11-16 00:02:22 932288 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

    2010-11-16 00:02:24 35736 ----a-w- C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

    2011-02-04 15:39:04 136176 ----atw- C:\Users\Lab1\AppData\Local\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

    2005-08-11 18:30:30 249856 ----a-w- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

    2005-08-11 18:30:30 81920 ----a-w- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

    2012-04-04 18:56:38 462408 ----a-w- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

    2001-07-09 10:50:42 155648 ----a-r- C:\Windows\System32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

    2012-01-18 16:02:04 254696 ----a-w- C:\Program Files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

    "DisableMonitoring"=dword:00000001

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 16:16:28 130384]

    R2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-10 16:05:10 136176]

    R2 SSPORT;SSPORT;C:\Windows\system32\Drivers\SSPORT.sys [x]

    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 20:43:22 253088]

    R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k6032.sys [2009-07-13 22:02:52 164864]

    R3 gupdatem;Serviço do Google Update (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-10 16:05:10 136176]

    S0 GbpKm;Gbp KernelMode;C:\Windows\system32\drivers\gbpkm.sys [2012-02-01 13:44:44 44280]

    S1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys [2011-03-04 15:23:20 11352]

    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2011-03-10 20:36:18 23856]

    S2 GbpSv;Gbp Service;C:\PROGRA~1\GbPlugin\GbpSv.exe [2012-02-01 13:43:46 203256]

    S2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 18:56:40 654408]

    S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\l160x86.sys [2009-07-13 22:02:46 47104]

    S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22:27:16 19984]

    S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2012-04-04 18:56:40 22344]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

    Conteúdo da pasta 'Tarefas Agendadas'

    2012-05-16 C:\Windows\Tasks\Adobe Flash Player Updater.job

    - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 14:08:40 . 2012-04-13 20:43:22]

    2012-05-16 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

    - C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-10 16:05:17 . 2012-04-10 16:05:10]

    2012-05-16 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

    - C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-10 16:05:17 . 2012-04-10 16:05:10]

    2012-05-15 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4261195799-2376290366-931022467-1000Core.job

    - C:\Users\Lab1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-04 15:39:06 . 2011-02-04 15:39:04]

    2012-05-16 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4261195799-2376290366-931022467-1000UA.job

    - C:\Users\Lab1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-04 15:39:06 . 2011-02-04 15:39:04]

    ------- Scan Suplementar -------

    uStart Page = hxxp://google.com.br/

    mStart Page = hxxp://home.sweetim.com/?crg=3.1010000&st=10

    IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000

    IE: SmarThru4 Capturar seleção - C:\Program Files\SmarThru 4\WebCapture.dll2.htm

    IE: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm

    IE: SmarThru4 Salvar como HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm

    IE: SmarThru4 Salvar texto selecionado - C:\Program Files\SmarThru 4\WebCapture.dll.htm

    IE: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm

    IE: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm

    IE: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll

    Trusted Zone: itau.com.br\bankline

    Trusted Zone: itau.com.br\guardiao

    Trusted Zone: itau.com.br\www

    TCP: DhcpNameServer = 10.1.1.1

    - - - - ORFÃOS REMOVIDOS - - - -

    Toolbar-Locked - (no file)

    AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    Tempo para conclusão: 2012-05-16 15:48:53

    ComboFix-quarantined-files.txt 2012-05-16 18:48:52

    Pré-execução: 255.090.024.448 bytes disponíveis

    Pós execução: 255.676.551.168 bytes disponíveis

    - - End Of File - - E744A677BC5424D62D81777FDDEE3380

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

    Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

    DirLook::

    C:\Windows\system32\drivers\etc

    • Salve este arquivo como: CFScript.txt
      CFScriptB-4.gif
    • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe
    • Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

    Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

    DirLook::

    C:\Windows\system32\drivers\etc

    • Salve este arquivo como: CFScript.txt
      CFScriptB-4.gif
    • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe
    • Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

    ComboFix 12-05-16.02 - Lab1 21/05/2012 16:26:44.2.2 - x86

    Microsoft Windows 7 Starter 6.1.7600.0.1252.55.1046.18.2038.1361 [GMT -3:00]

    Executando de: c:\users\Lab1\Desktop\ComboFix.exe

    Comandos utilizados :: c:\users\Lab1\Desktop\CFScript.txt

    AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

    FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

    SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    * Criado um novo ponto de restauração

    .

    - MODO DE FUNCIONALIDADE REDUZIDA -

    .

    ADS - drivers: deleted 412 bytes in 1 streams.

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\users\Lab1\AppData\Local\Temp\{F0319165-D783-4EF4-8EA5-31335867033A}\fpb.tmp

    .

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2012-04-21 to 2012-05-21 ))))))))))))))))))))))))))))

    .

    .

    2012-05-21 19:28 . 2012-05-21 19:28 -------- d-----w- c:\users\Default\AppData\Local\temp

    2012-05-18 15:52 . 2012-05-18 15:52 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD4FCB0B-A36A-429B-BB27-1760537698D8}\offreg.dll

    2012-05-18 15:51 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD4FCB0B-A36A-429B-BB27-1760537698D8}\mpengine.dll

    2012-05-12 12:54 . 2012-03-30 10:29 1287024 ----a-w- c:\windows\system32\drivers\tcpip.sys

    2012-05-12 12:54 . 2012-04-02 04:40 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

    2012-05-12 12:54 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe

    2012-05-12 12:54 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe

    2012-05-12 12:54 . 2012-04-02 02:43 2342400 ----a-w- c:\windows\system32\win32k.sys

    2012-05-12 12:54 . 2012-03-17 07:20 56688 ----a-w- c:\windows\system32\drivers\partmgr.sys

    2012-05-12 12:54 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\system32\DWrite.dll

    2012-05-12 12:54 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\system32\d3d10warp.dll

    2012-05-12 12:54 . 2012-03-03 05:40 739840 ----a-w- c:\windows\system32\d2d1.dll

    2012-05-12 12:54 . 2012-03-03 05:40 218624 ----a-w- c:\windows\system32\d3d10_1core.dll

    2012-05-12 12:54 . 2012-03-03 05:40 161792 ----a-w- c:\windows\system32\d3d10_1.dll

    2012-05-05 17:04 . 2012-05-05 17:04 4126880 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

    2012-04-28 16:11 . 2012-04-28 16:11 -------- d-----w- C:\Hijack

    2012-04-28 14:56 . 2012-04-28 15:00 -------- d-----w- C:\LinhaDefensiva

    .

    .

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-05-05 17:04 . 2012-04-10 14:08 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

    2012-05-05 17:04 . 2011-05-17 17:44 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2012-04-04 18:56 . 2012-01-05 13:54 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

    2012-03-12 15:00 . 2011-02-16 13:50 2516 --sha-w- c:\programdata\KGyGaAvL.sys

    2012-03-01 05:53 . 2012-04-12 00:01 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys

    2012-03-01 05:49 . 2012-04-12 00:01 172544 ----a-w- c:\windows\system32\wintrust.dll

    2012-03-01 05:45 . 2012-04-12 00:01 158720 ----a-w- c:\windows\system32\imagehlp.dll

    2012-03-01 05:40 . 2012-04-12 00:01 5120 ----a-w- c:\windows\system32\wmi.dll

    2012-02-28 01:18 . 2012-04-12 00:06 1799168 ----a-w- c:\windows\system32\jscript9.dll

    2012-02-28 01:11 . 2012-04-12 00:06 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

    2012-02-28 01:11 . 2012-04-12 00:06 1127424 ----a-w- c:\windows\system32\wininet.dll

    2012-02-28 01:03 . 2012-04-12 00:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb

    2012-02-23 13:18 . 2012-01-04 17:07 237072 ------w- c:\windows\system32\MpSigStub.exe

    .

    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    ---- Directory of c:\windows\system32\drivers\etc ----

    .

    2009-07-14 02:05 . 2009-06-10 21:39 3683 ----a-w- c:\windows\system32\drivers\etc\lmhosts.sam

    2009-07-14 02:04 . 2009-06-10 21:39 1358 ----a-w- c:\windows\system32\drivers\etc\protocol

    2009-07-14 02:04 . 2009-06-10 21:39 17463 ----a-w- c:\windows\system32\drivers\etc\services

    2009-07-14 02:04 . 2012-05-21 19:29 27 ----a-w- c:\windows\system32\drivers\etc\hosts

    2009-07-14 02:04 . 2009-06-10 21:39 407 ----a-w- c:\windows\system32\drivers\etc\networks

    .

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por padrão não são apresentadas.

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-18 7711264]

    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]

    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]

    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]

    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

    "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-25 202296]

    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    "{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\progra~1\GbPlugin\gbiehuni.dll" [2012-02-01 601592]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

    2011-03-30 12:19 505736 ----a-w- c:\program files\GbPlugin\gbieh.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

    2012-01-11 17:01 726360 ----a-w- c:\program files\GbPlugin\gbiehcef.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

    2012-02-01 13:41 601592 ----a-w- c:\progra~1\GbPlugin\gbiehuni.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "aux"=wdmaud.drv

    .

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Assistente para criação de disco de recuperação.lnk]

    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Assistente para criação de disco de recuperação.lnk

    backup=c:\windows\pss\Assistente para criação de disco de recuperação.lnk.CommonStartup

    backupExtension=.CommonStartup

    .

    [HKLM\~\startupfolder\C:^Users^Lab1^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

    path=c:\users\Lab1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk

    backup=c:\windows\pss\LimeWire On Startup.lnk.Startup

    backupExtension=.Startup

    .

    [HKLM\~\startupfolder\C:^Users^Lab1^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Recorte de tela e Iniciador do OneNote 2007.lnk]

    path=c:\users\Lab1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk

    backup=c:\windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnk.Startup

    backupExtension=.Startup

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

    2010-11-16 00:02 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

    2010-11-16 00:02 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

    2011-02-04 15:39 136176 ----atw- c:\users\Lab1\AppData\Local\Google\Update\GoogleUpdate.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

    2005-08-11 18:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

    2005-08-11 18:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

    2012-04-04 18:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

    2001-07-09 10:50 155648 ----a-r- c:\windows\System32\NeroCheck.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

    2012-01-18 16:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

    "DisableMonitoring"=dword:00000001

    .

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-10 136176]

    R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]

    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]

    R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6032.sys [2009-07-13 164864]

    R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-10 136176]

    S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2012-02-01 44280]

    S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11352]

    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 23856]

    S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2012-02-01 203256]

    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

    S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2009-07-13 47104]

    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]

    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]

    .

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    .

    2012-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 20:43]

    .

    2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-10 16:05]

    .

    2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-10 16:05]

    .

    2012-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4261195799-2376290366-931022467-1000Core.job

    - c:\users\Lab1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-04 15:39]

    .

    2012-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4261195799-2376290366-931022467-1000UA.job

    - c:\users\Lab1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-04 15:39]

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = hxxp://google.com.br/

    mStart Page = hxxp://home.sweetim.com/?crg=3.1010000&st=10

    IE: Adicionar ao Antibanner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

    IE: E&xportar para o Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

    IE: SmarThru4 Capturar seleção - c:\program files\SmarThru 4\WebCapture.dll2.htm

    IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm

    IE: SmarThru4 Salvar como HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm

    IE: SmarThru4 Salvar texto selecionado - c:\program files\SmarThru 4\WebCapture.dll.htm

    IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm

    IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm

    IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll

    Trusted Zone: itau.com.br\bankline

    Trusted Zone: itau.com.br\guardiao

    Trusted Zone: itau.com.br\www

    TCP: DhcpNameServer = 10.1.1.1

    .

    .

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    ------------------------ Outros Processos em Execução ------------------------

    .

    c:\windows\system32\taskhost.exe

    c:\program files\Common Files\Protexis\License Service\PsiService_2.exe

    c:\windows\system32\conhost.exe

    c:\windows\system32\igfxsrvc.exe

    c:\windows\system32\sppsvc.exe

    c:\program files\Windows Media Player\wmpnetwk.exe

    .

    **************************************************************************

    .

    Tempo para conclusão: 2012-05-21 16:33:06 - Máquina reiniciou

    ComboFix-quarantined-files.txt 2012-05-21 19:33

    ComboFix2.txt 2012-05-16 18:48

    .

    Pré-execução: 257.415.528.448 bytes disponíveis

    Pós execução: 257.382.313.984 bytes disponíveis

    .

    - - End Of File - - A434145C06C58DD93F623BB1F3154C6B

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Baixe o Kaspersky AVP Tool de um desses 2 links:

    http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

    http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/

    Você será conduzido a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. Somente o campo "email" é obrigatório.

    Informe seu email depois clique no botão Submit Form.

    A página será recarregada. Clique no botão Download

    Salve-o em sua área de trabalho.

    Execute o arquivo e aguarde a instalação.

    ** Usuários do Windows Vista e Windows 7:

    Clique com o direito sobre o arquivo, depois clique em Executar como administrador

    Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start. Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

    KRT_settings.png

    Nesta tela, marque a caixa ao lado de:

    • Meu Computador
    • Disco local (C:)

    Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem. Depois clique na aba Automatic Scan

    KRT_install2_.png

    De volta à tela inicial do programa, clique no botão Start scanning

    Tenha paciência, é um pouco demorado.

    Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer.

    Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

    KRT_detection_.png

    Enquanto durar o exame, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor laranja, caso nada tenha sido detectado, e na cor vermelha, caso tenha encontrado algo.

    Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão No, thanks.

    De volta à tela principal, caso tenha sido detectado algo, então salve o log. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.

    Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings"). Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.

    Escolha um local de fácil acesso e salve como log.txt

    Copie todo o conteúdo desse bloco de notas e cole na sua próxima resposta.

    Se nada for detectado, então não precisa salvar o log. Apenas poste aqui avisando.

    Para sair do programa, basta clicar no X no canto superior direito.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Baixe o Kaspersky AVP Tool de um desses 2 links:

    http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

    http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/

    Você será conduzido a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. Somente o campo "email" é obrigatório.

    Informe seu email depois clique no botão Submit Form.

    A página será recarregada. Clique no botão Download

    Salve-o em sua área de trabalho.

    Execute o arquivo e aguarde a instalação.

    ** Usuários do Windows Vista e Windows 7:

    Clique com o direito sobre o arquivo, depois clique em Executar como administrador

    Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start. Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

    KRT_settings.png

    Nesta tela, marque a caixa ao lado de:

    • Meu Computador
    • Disco local (C:)

    Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem. Depois clique na aba Automatic Scan

    KRT_install2_.png

    De volta à tela inicial do programa, clique no botão Start scanning

    Tenha paciência, é um pouco demorado.

    Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer.

    Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

    KRT_detection_.png

    Enquanto durar o exame, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor laranja, caso nada tenha sido detectado, e na cor vermelha, caso tenha encontrado algo.

    Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão No, thanks.

    De volta à tela principal, caso tenha sido detectado algo, então salve o log. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.

    Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings"). Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.

    Escolha um local de fácil acesso e salve como log.txt

    Copie todo o conteúdo desse bloco de notas e cole na sua próxima resposta.

    Se nada for detectado, então não precisa salvar o log. Apenas poste aqui avisando.

    Para sair do programa, basta clicar no X no canto superior direito.

    Olá,

    Não foi detectado nada.

    Obrigada

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    O problema do IE abrir várias janelas, persiste?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • O problema do IE abrir várias janelas, persiste?

    Olá Renato,

    O problema do IE parou e parece que tá bem mais rápido. Acho que está resolvido!

    Muito obrigada pela ajuda! Vocês são ótimos! :)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Parabéns, seu log está limpo.

    De agora em diante fique ALERTA!

    Para finalizar faça o seguinte:

    Vá em Iniciar > Executar e digite combofix /uninstall. Isso desinstalará o ComboFix de sua máquina.

    Faça download do OTC by OldTimer

    • Salve no seu desktop (área/ambiente de trabalho).
      [
    • Duplo-clique no icone do OTCleanIt.
    • Clique no botão "Cleanup" 8gehxg0.gif
    • Permita que o seu computador seja reiniciado.

    Sugiro que rode o CCleaner para fazer uma limpeza em sua máquina. Faça o download dele aqui CCleaner

    • Abra o programa e clique em Executar Limpeza;
    • Após isto, clique em Erros >> Procurar erros >> Corrigir Erros

    Sugiro também que consulte este artigo: Proteja seu PC

    Mais algum problema com o computador?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Parabéns, seu log está limpo.

    De agora em diante fique ALERTA!

    Para finalizar faça o seguinte:

    Vá em Iniciar > Executar e digite combofix /uninstall. Isso desinstalará o ComboFix de sua máquina.

    Faça download do OTC by OldTimer

    • Salve no seu desktop (área/ambiente de trabalho).
      [
    • Duplo-clique no icone do OTCleanIt.
    • Clique no botão "Cleanup" 8gehxg0.gif
    • Permita que o seu computador seja reiniciado.

    Sugiro que rode o CCleaner para fazer uma limpeza em sua máquina. Faça o download dele aqui CCleaner

    • Abra o programa e clique em Executar Limpeza;
    • Após isto, clique em Erros >> Procurar erros >> Corrigir Erros

    Sugiro também que consulte este artigo: Proteja seu PC

    Mais algum problema com o computador?

    Está tudo ok por enquanto!!rs Muito obrigada pelas dicas também!

    "O que seria de nós os leigos sem vocês???"

    Valeu!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×