Ir ao conteúdo
  • Cadastre-se
Biga

Site do Banco do Brasil abre pagina da Adobe

Recommended Posts

Toda vez que saio do site do BB ele abre tambem uma página da Adobe. Agora minha senha está invalida, e o suporte do BB dis que estou com virus. Tenho o Kaspersky e ele não acha nada, abaixo o log do Hijackthis. Obrigado!

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:01:50, on 29/07/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)
Boot mode: Normal
 
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
C:\Program Files\Broadcom\BPowMon\BPowMon.exe
C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe
C:\BANCOB~1\Firebird\bin\fbguard.exe
C:\BANCOB~1\Firebird\bin\fbserver.exe
C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
C:\Windows\system32\HPSIsvc.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Windows\System32\aetcrss1.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\Watchdata\Watchdata Brazil CSP v1.0\BBCertM32.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Users\Fernando\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\ControlCenter4\BrCcUxSys.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TeamViewer\Version9\TeamViewer.exe
C:\Program Files\TeamViewer\Version9\tv_w32.exe
C:\Windows\System32\svchost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Fernando\Desktop\HijackThis.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/5
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files\GbPlugin\gbiehabn.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files\GbPlugin\gbiehUni.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [HPUsageTrackingLEDM] "C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files\HP\HP UT LEDM\"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe"
O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\Nuance\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [PPort12reminder] "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [brStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [wdbraz_certm] C:\Windows\System32\WatchData\Watchdata Brazil CSP v1.0\BBCertM32.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Users\Fernando\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: http://www.bancoreal.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: bankline.itau.com.br
O15 - Trusted Zone: clickbanking.itau.com.br
O15 - Trusted Zone: guardiao.itau.com.br
O15 - Trusted Zone: www.itau.com.br
O15 - Trusted Zone: http://www.itau.com.br
O15 - Trusted Zone: *.itau.com.br
O15 - Trusted Zone: www.santander.com.br
O15 - Trusted Zone: http://www.santander.com.br
O15 - Trusted Zone: www.santanderempresarial.com.br
O15 - Trusted Zone: www.santandernet.com.br
O15 - Trusted Zone: wwws.santandernet.com.br
O15 - Trusted Zone: wwws2.santandernet.com.br
O15 - Trusted Zone: www.santandernetibe.com.br
O17 - HKLM\System\CCS\Services\Tcpip\..\{95D9317B-43FD-476C-876D-560639DC8622}: NameServer = 187.100.246.254 187.100.246.251
O17 - HKLM\System\CS1\Services\Tcpip\..\{95D9317B-43FD-476C-876D-560639DC8622}: NameServer = 187.100.246.254 187.100.246.251
O17 - HKLM\System\CS2\Services\Tcpip\..\{95D9317B-43FD-476C-876D-560639DC8622}: NameServer = 187.100.246.254 187.100.246.251
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify:  GbPluginAbn - C:\Program Files\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify:  GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify:  GbPluginUni - C:\Program Files\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
O23 - Service: Serviço do Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
O23 - Service: Broadcom Power monitoring service (BPowMon) - Broadcom Corp. - C:\Program Files\Broadcom\BPowMon\BPowMon.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\BANCOB~1\Firebird\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\BANCOB~1\Firebird\bin\fbserver.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\Windows\system32\HPSIsvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
 
--
End of file - 17166 bytes
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Biga,

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.
 
Por favor, atente para o seguinte:
  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!
 
Peço que você continue com este tópico e faça uma resposta colocando o log do DDS e GMER de acordo com as instruções presentes na página  Leia Antes de Postar - Criando um novo Tópico
 
ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!
ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!
ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia, arquivo DDS :

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.17207  BrowserJavaVersion: 10.60.2
Run by Fernando at 8:54:07 on 2014-08-01
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.55.1046.18.3037.1806 [GMT -3:00]
.
AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
C:\Program Files\Broadcom\BPowMon\BPowMon.exe
C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe
C:\BANCOB~1\Firebird\bin\fbguard.exe
C:\BANCOB~1\Firebird\bin\fbserver.exe
C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
C:\Windows\system32\HPSIsvc.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Windows\System32\aetcrss1.exe
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\Watchdata\Watchdata Brazil CSP v1.0\BBCertM32.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Users\Fernando\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\ControlCenter4\BrCcUxSys.exe
C:\Program Files\TeamViewer\Version9\TeamViewer.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TeamViewer\Version9\tv_w32.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.br/
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky anti-virus 2013\ieext\contentblocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky anti-virus 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky anti-virus 2013\ieext\onlinebanking\online_banking_bho.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office 15\root\office15\URLREDIR.DLL
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - c:\program files\gbplugin\gbieh.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540007} - c:\program files\gbplugin\gbiehabn.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540008} - c:\program files\gbplugin\gbiehuni.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky anti-virus 2013\ieext\urladvisor\klwtbbho.dll
uRun: [iSUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\program files\roxio\oem\roxio burn\RoxioBurnLauncher.exe"
mRun: [HPUsageTrackingLEDM] "c:\program files\hp\hp ut ledm\bin\hppusg.exe" "c:\program files\hp\hp ut ledm\"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2013\avp.exe"
mRun: [indexSearch] "c:\program files\nuance\paperport\IndexSearch.exe"
mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe"
mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\12\config\ereg\Ereg.ini"
mRun: [PDFHook] c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf viewer plus\RegistryController.exe
mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun
mRun: [brStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [CertificateRegistration] aetcrss1.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [wdbraz_certm] c:\windows\system32\watchdata\watchdata brazil csp v1.0\BBCertM32.exe
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [sPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\users\fernando\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\fernando\appdata\roaming\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\program files\microsoft office 15\root\office15\EXCEL.EXE/3000
IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\microsoft office 15\root\office15\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky anti-virus 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2013\ieext\urladvisor\klwtbbho.dll
Trusted Zone: itau.com.br
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
TCP: NameServer = 192.168.0.1 200.204.0.10 200.204.0.138
TCP: Interfaces\{95D9317B-43FD-476C-876D-560639DC8622} : NameServer = 187.100.246.254 187.100.246.251
TCP: Interfaces\{95D9317B-43FD-476C-876D-560639DC8622} : DHCPNameServer = 187.100.246.254 187.100.246.251
TCP: Interfaces\{D99AC962-B344-474F-8CBB-F939E545E070} : DHCPNameServer = 192.168.0.1 200.204.0.10 200.204.0.138
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files\microsoft office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify:  GbPluginAbn - c:\program files\gbplugin\gbiehAbn.dll
Notify:  GbPluginBb - c:\program files\gbplugin\gbieh.dll
Notify:  GbPluginUni - c:\program files\gbplugin\gbiehUni.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - c:\program files\gbplugin\gbieh.dll
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - c:\program files\gbplugin\gbiehuni.dll
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399007} - c:\program files\gbplugin\gbiehabn.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.125\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 Bhbase;Baidu Hook Base;c:\windows\system32\drivers\Bhbase.sys [2014-1-16 47456]
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2013-9-12 47192]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2014-5-3 123512]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2012-8-2 25696]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2012-6-8 44000]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 145040]
R1 Ndisrd;GAS Tecnologia Filter Driver;c:\windows\system32\drivers\gbpndisrdn.sys [2014-3-13 29400]
R1 RapportCerberus_68261;RapportCerberus_68261;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_68261.sys [2014-5-15 358008]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2014-5-3 170968]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2014-5-3 249400]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2011-3-30 81920]
R2 AVP;Serviço do Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2013\avp.exe [2012-8-17 356128]
R2 BPowMon;Broadcom Power monitoring service;c:\program files\broadcom\bpowmon\BPowMon.exe [2009-8-17 79168]
R2 ClickToRunSvc;Serviço Clique para Executar do Microsoft Office;c:\program files\microsoft office 15\clientx86\officeclicktorun.exe [2014-3-18 1565880]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\bancob~1\firebird\bin\fbguard.exe -s defaultinstance --> c:\bancob~1\firebird\bin\fbguard.exe -s DefaultInstance [?]
R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\bancob~1\firebird\bin\fbserver.exe -s defaultinstance --> c:\bancob~1\firebird\bin\fbserver.exe -s DefaultInstance [?]
R2 GbpSv;Gbp Service;c:\progra~1\gbplugin\GbpSv.exe [2014-7-24 555048]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2009-6-24 136704]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2013-9-12 99896]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-5-27 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-5-27 860472]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2014-5-3 1882392]
R2 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2014-7-8 5037888]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2013-10-10 266240]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2014-6-6 76544]
R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2011-3-30 273960]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2012-5-25 25696]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2012-7-25 25696]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-1-30 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-5-27 110296]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-5-27 51928]
R3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2013-9-12 17408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 A38CCID;CCID USB Smart Card Reader;c:\windows\system32\drivers\a38ccid.sys [2013-10-3 39936]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2014-6-6 11136]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2014-6-6 96000]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [2014-6-6 27520]
S3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\drivers\ew_juwwanecm.sys [2014-6-6 205312]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-7-9 108032]
S3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\gbpndisrd.sys [2014-3-13 31088]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-7-30 21744]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-1-17 14848]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-3-19 49152]
S3 WSDScan;Suporte de Digitalização WSD via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]
S4 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDeviceService.exe [2011-3-14 271712]
S4 VIVO INTERNET. RunOuc;VIVO INTERNET. OUC;c:\program files\vivo internet\updatedog\ouc.exe [2014-6-6 657504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2014-08-01 06:44:27 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{aac5df10-d189-4eb0-963a-8bdb49c92525}\offreg.dll
2014-08-01 06:39:28 8217224 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{aac5df10-d189-4eb0-963a-8bdb49c92525}\mpengine.dll
2014-08-01 06:39:13 -------- d-----w- C:\f74470c136df6f96f2b555c396a367be
2014-07-30 13:22:22 110296 ----a-w- c:\windows\system32\drivers\7A534BDA.sys
2014-07-28 13:13:25 110296 ----a-w- c:\windows\system32\drivers\476F44D2.sys
2014-07-25 16:41:05 110296 ----a-w- c:\windows\system32\drivers\2A2C7C1D.sys
2014-07-21 21:21:17 110296 ----a-w- c:\windows\system32\drivers\22BC7E0C.sys
2014-07-21 16:50:54 -------- d-----w- c:\programdata\Protexis
2014-07-21 16:37:34 -------- d-----w- c:\program files\common files\Corel
2014-07-21 16:36:29 -------- d-----w- c:\program files\common files\Protexis
2014-07-21 16:36:28 -------- d-----w- c:\programdata\Corel
2014-07-21 16:32:39 -------- d-----w- c:\program files\Corel
2014-07-21 16:30:12 -------- d-----w- c:\programdata\CorelDRAW Graphics Suite X5
2014-07-11 13:05:33 815314 ----a-w- c:\users\fernando\appdata\roaming\unins000.exe
2014-07-09 12:21:48 404480 ----a-w- c:\windows\system32\aepdu.dll
2014-07-03 19:35:20 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M  ====================
.
2014-08-01 03:15:24 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-09 16:11:08 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 16:11:08 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-30 01:36:00 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-06-18 23:56:37 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-06-18 23:56:03 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-06-18 23:38:40 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-06-18 23:37:23 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-06-18 23:23:27 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-06-18 23:23:24 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-06-18 23:22:40 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-06-18 23:16:33 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-06-18 23:06:10 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 22:52:18 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-06-18 22:46:23 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-06-18 22:45:59 1964544 ----a-w- c:\windows\system32\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- c:\windows\system32\wininet.dll
2014-06-18 01:51:32 646144 ----a-w- c:\windows\system32\osk.exe
2014-06-18 00:52:00 2350080 ----a-w- c:\windows\system32\win32k.sys
2014-06-10 13:46:02 47192 ----a-w- c:\windows\system32\drivers\gbpkm.sys
2014-06-06 09:44:17 509440 ----a-w- c:\windows\system32\qedit.dll
2014-06-05 14:26:50 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-05-30 07:52:51 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 06:36:07 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-05-20 07:15:38 74848 ----a-w- c:\windows\system32\drivers\klflt.sys
2014-05-12 10:26:08 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-12 10:25:58 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 10:25:54 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-08 09:06:54 2742784 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-08 09:06:54 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-05-04 01:55:46 123512 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
============= FINISH:  8:55:09,27 ===============

Arquivo Attach :

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Basic 
Boot Device: \Device\HarddiskVolume2
Install Date: 12/09/2013 14:20:18
System Uptime: 31/07/2014 16:11:39 (16 hours ago)
.
Motherboard: Dell Inc. |  | 07N90W
Processor: Intel® Core2 Quad CPU    Q8400  @ 2.66GHz | CPU 1 | 2660/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 373,278 GiB free.
D: is CDROM ()
H: is NetworkDisk (NTFS) - 135 GiB total, 103,972 GiB free.
I: is NetworkDisk (NTFS) - 135 GiB total, 103,972 GiB free.
J: is NetworkDisk (NTFS) - 135 GiB total, 103,972 GiB free.
K: is NetworkDisk (NTFS) - 135 GiB total, 103,972 GiB free.
N: is NetworkDisk (NTFS) - 98 GiB total, 65,339 GiB free.
T: is NetworkDisk (NTFS) - 135 GiB total, 103,972 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP199: 15/07/2014 07:57:52 - Windows Update
RP201: 21/07/2014 12:07:41 - Removido Samsung Auto Backup
RP202: 21/07/2014 16:05:12 - OTL Restore Point - 21/07/2014 16:05:09
RP203: 22/07/2014 03:00:12 - Windows Update
RP204: 24/07/2014 03:00:13 - Windows Update
RP205: 29/07/2014 03:26:29 - Windows Update
RP206: 01/08/2014 03:38:42 - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 14 ActiveX
Adobe Reader X (10.1.10) - Português
Apple Mobile Device Support
Apple Software Update
Atualização do produto Microsoft Office Excel 2007 Help (KB963678)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)
Atualização do produto Microsoft Office Word 2007 Help (KB963665)
BB Cobranca
BB Token Admin Tool
Bonjour
Broadcom Gigabit NetLink Controller
Broadcom Management Programs
Brother MFL-Pro Suite DCP-7065DN
CCleaner
Central de Mouse e Teclado da Microsoft
Controle ActiveX do Windows Live Mesh para Conexões Remotas
Corel Graphics - Windows Shell Extension
CorelDRAW Graphics Suite X5
CorelDRAW Graphics Suite X5 - BR
CorelDRAW Graphics Suite X5 - Capture
CorelDRAW Graphics Suite X5 - Common
CorelDRAW Graphics Suite X5 - Connect
CorelDRAW Graphics Suite X5 - Custom Data
CorelDRAW Graphics Suite X5 - Draw
CorelDRAW Graphics Suite X5 - Filters
CorelDRAW Graphics Suite X5 - FontNav
CorelDRAW Graphics Suite X5 - IPM
CorelDRAW Graphics Suite X5 - PHOTO-PAINT
CorelDRAW Graphics Suite X5 - Photozoom Plugin
CorelDRAW Graphics Suite X5 - Redist
CorelDRAW Graphics Suite X5 - Setup Files
CorelDRAW Graphics Suite X5 - VBA
CorelDRAW Graphics Suite X5 - VideoBrowser
CorelDRAW Graphics Suite X5 - VSTA
CorelDRAW Graphics Suite X5 - WT
CorelDRAW® Graphics Suite X5
CyberLink PowerDVD 9.5
D3DX10
Dell Backup and Recovery Manager
Dell Edoc Viewer
Dell Support Center
Depósitos de Cheques
DirectX 9 Runtime
doPDF 7.2 printer
Dropbox
Easy Phone Sync
EFD Contribuições 2.0.5
EFD ICMS IPI
Google Chrome
Google Update Helper
Guardião Banco Itaú
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
HP LaserJet Professional P1100-P1560-P1600 Series
hppLaserJetService
hppP1100P1560P1600SeriesLaserJetService
hppusgP1100P1560P1600Series
HPSSupply
Intel® Graphics Media Accelerator Driver
iTunes
Java 7 Update 60
Java Auto Updater
Junk Mail filter update
Kaspersky Anti-Virus 2013
Módulo de Proteção Banco Santander 3.4.3.1
Módulo de Segurança - Banco do Brasil
Malwarebytes Anti-Malware versão 2.0.2.1012
MarketResearch
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4.5.1
Microsoft .NET Framework 4.5.1 (Português do Brasil)
Microsoft .NET Framework 4.5.1 (PTB)
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 365 - pt-br
Microsoft Office Access MUI (Portuguese (Brazil)) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Portuguese (Brazil)) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
Microsoft Office Word MUI (Portuguese (Brazil)) 2007
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
Nuance PaperPort 12
Nuance PDF Viewer Plus
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Pacote de Driver do Windows - Perto S.A. Perifericos para Automacao (PERTO38U) SmartCardReader  (04/10/2007 1.1.5.6)
PaperPort Image Printer
PhotoShowExpress
Proteção de Terminal Trusteer
Rapport
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
SafeSign
Scansoft PDF Professional
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition 
Skype™ 6.16
Sonic CinePlayer Decoder Pack
Suporte para Aplicativos Apple
TeamViewer 9
UniDANFE
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition
Visual Basic for Applications ® Core
Visual Basic for Applications ® Core - English
Visual Basic for Applications ® Core - Portuguese (Brazil)
Vivo 3G
VIVO INTERNET
Windows Live Communications Platform
Windows Live Essentials
Windows Live Galeria de Fotos
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.00 (32-bit)
.
==== End Of File ===========================

arquivo Gmer :

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-08-01 09:27:12
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKS-75V0A0 rev.05.01D05 465,76GB
Running: pyuq273u.exe; Driver: C:\Users\Fernando\AppData\Local\Temp\uxldakog.sys
 
 
---- System - GMER 2.1 ----
 
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwAdjustPrivilegesToken [0x91897730]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwAlpcConnectPort [0x9184ACA2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwAlpcCreatePort [0x9184AFEA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwAlpcSendWaitReceivePort [0x9184B430]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                  ZwAssignProcessToJobObject [0x9249A000]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwClose [0x918332AE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwConnectPort [0x9184A97C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwCreateEvent [0x91833826]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                  ZwCreateFile [0x924982F0]
SSDT            \SystemRoot\System32\drivers\Bhbase.sys                                                                  ZwCreateKey [0x8BBE9DC0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwCreateMutant [0x9183370C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwCreatePort [0x9184AE4E]
SSDT            \SystemRoot\System32\drivers\Bhbase.sys                                                                  ZwCreateProcess [0x8BBEB770]
SSDT            \SystemRoot\System32\drivers\Bhbase.sys                                                                  ZwCreateProcessEx [0x8BBEB670]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwCreateSection [0x9189A690]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwCreateSemaphore [0x91833946]
SSDT            \SystemRoot\System32\drivers\Bhbase.sys                                                                  ZwCreateSymbolicLinkObject [0x8BBEB420]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwCreateThread [0x91899B18]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwCreateThreadEx [0x91899D64]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwCreateUserProcess [0x9189975E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwCreateWaitablePort [0x9184AF1C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwDebugActiveProcess [0x91899604]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                  ZwDeleteFile [0x92498D90]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                  ZwDeleteKey [0x9249BAB0]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                  ZwDeleteValueKey [0x9249BB50]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwDeviceIoControlFile [0x918332F2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwDuplicateObject [0x91897872]
SSDT            \SystemRoot\System32\drivers\Bhbase.sys                                                                  ZwEnumerateValueKey [0x8BBEA820]
SSDT            \SystemRoot\System32\drivers\Bhbase.sys                                                                  ZwGetNextProcess [0x8BBEBC10]
SSDT            \SystemRoot\System32\drivers\Bhbase.sys                                                                  ZwGetNextThread [0x8BBEB930]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwLoadDriver [0x918974DA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwMapViewOfSection [0x9189A488]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwNotifyChangeKey [0x918490DA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwOpenEvent [0x918338BC]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                  ZwOpenFile [0x92498BA0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwOpenMutant [0x9183379C]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                  ZwOpenProcess [0x9249A310]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwOpenSection [0x9189A93C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwOpenSemaphore [0x918339DC]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                  ZwOpenThread [0x9249A660]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                  ZwProtectVirtualMemory [0x9249A890]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwQueryDirectoryObject [0x91833A66]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwQueryObject [0x918492E8]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                  ZwQueryValueKey [0x9249BDD0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwQueueApcThread [0x9189A33C]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                  ZwRenameKey [0x9249BC10]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                  ZwReplaceKey [0x9249BCB0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwReplyPort [0x9184B214]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwReplyWaitReceivePort [0x9184B0A2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwReplyWaitReceivePortEx [0x9184B158]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwRequestWaitReplyPort [0x9184B284]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                  ZwRestoreKey [0x9249BD40]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwResumeThread [0x9189A066]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwSecureConnectPort [0x9184AB0A]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                  ZwSetContextThread [0x92499F10]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                  ZwSetInformationFile [0x92498F30]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwSetInformationToken [0x91833B08]
SSDT            \SystemRoot\System32\drivers\Bhbase.sys                                                                  ZwSetSecurityObject [0x8BBEC130]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwSetSystemInformation [0x918975E4]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                  ZwSetValueKey [0x9249B970]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwSuspendProcess [0x9189934C]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                  ZwSuspendThread [0x92499DF0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwSystemDebugControl [0x91833B1A]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                  ZwTerminateProcess [0x92499BC0]
SSDT            \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys                                                  ZwTerminateThread [0x92499C90]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwUnmapViewOfSection [0x9189AAA4]
SSDT            \SystemRoot\System32\drivers\Bhbase.sys                                                                  ZwWriteFile [0x8BBEA050]
SSDT            \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_68261.sys      ZwWriteVirtualMemory [0x91909DA0]
 
---- Kernel code sections - GMER 2.1 ----
 
.text           ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                                 82C59A15 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                   82C93212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10D7                                                                      82C9A46C 4 Bytes  [30, 77, 89, 91] {XOR [EDI-0x77], DH; XCHG ECX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10FF                                                                      82C9A494 8 Bytes  [A2, AC, 84, 91, EA, AF, 84, ...]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1143                                                                      82C9A4D8 4 Bytes  [30, B4, 84, 91]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                                      82C9A4E8 4 Bytes  [00, A0, 49, 92]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 116F                                                                      82C9A504 4 Bytes  [AE, 32, 83, 91]
.text           ...                                                                                                      
?               C:\Users\Fernando\AppData\Local\Temp\mbr.sys                                                             O sistema não pode encontrar o arquivo especificado. !
 
---- User code sections - GMER 2.1 ----
 
.text           C:\Windows\system32\services.exe[684] ntdll.dll!LdrUnloadDll                                             7741C8DE 6 Bytes  JMP 71A5000A 
.text           C:\Windows\system32\services.exe[684] kernel32.dll!FreeLibraryAndExitThread                              760C0478 5 Bytes  JMP 745AC9EF C:\Program Files\GbPlugin\gbiehabn.dll
.text           C:\Windows\system32\services.exe[684] kernel32.dll!FreeLibrary                                           760CF017 6 Bytes  JMP 71A1000A 
.text           C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1128] ntdll.dll!KiUserApcDispatcher         77406F98 5 Bytes  JMP 00FE3C00 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
.text           C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1128] WS2_32.dll!getaddrinfo                77524296 5 Bytes  JMP 71A50022 
.text           C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1128] WS2_32.dll!GetAddrInfoW               77524889 5 Bytes  JMP 71A10022 
.text           C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1128] WS2_32.dll!GetAddrInfoExW             7752D1EA 5 Bytes  JMP 719D0022 
.text           C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1128] WS2_32.dll!gethostbyname              77537673 5 Bytes  JMP 71AE0022 
?               C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1936] C:\Windows\SYSTEM32\ntdll.dll     time/date stamp mismatch; 
.text           C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1936] ntdll.dll!NtProtectVirtualMemory  77405F58 5 Bytes  JMP 6F92209E C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ushata.dll
?               C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1936] C:\Windows\system32\kernel32.dll  time/date stamp mismatch; unknown module: KERNELBASE.dll
?               C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1936] C:\Windows\system32\ole32.dll     time/date stamp mismatch; unknown module: CRYPTSP.dllunknown module: MPR.dllunknown module: msiltcfg.dllunknown module: CLBCatQ.DLLunknown module: OLEAUT32.dllunknown module: imagehlp.dllunknown module: KERNELBASE.dll
.text           C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1936] USER32.dll!NotifyWinEvent + 6AE   7617D66C 4 Bytes  [bB, 30, 92, 6F]
.text           C:\Windows\Explorer.EXE[3288] RPCRT4.dll!IUnknown_QueryInterface_Proxy                                   75D44EC2 6 Bytes  JMP 71A8000A 
.text           C:\Windows\Explorer.EXE[3288] GDI32.dll!BitBlt                                                           75CC72C0 6 Bytes  JMP 71A5000A 
.text           C:\Windows\Explorer.EXE[3288] GDI32.dll!StretchBlt                                                       75CCF467 6 Bytes  JMP 71A2000A 
.text           C:\Windows\Explorer.EXE[3288] ole32.dll!CoUnmarshalInterface                                             75DFF150 6 Bytes  JMP 71AB000A 
?               C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[4508] C:\Windows\SYSTEM32\ntdll.dll     time/date stamp mismatch; 
.text           C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[4508] ntdll.dll!NtProtectVirtualMemory  77405F58 5 Bytes  JMP 6F92209E C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ushata.dll
?               C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[4508] C:\Windows\system32\kernel32.dll  time/date stamp mismatch; unknown module: KERNELBASE.dll
?               C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[4508] C:\Windows\system32\ole32.dll     time/date stamp mismatch; unknown module: CRYPTSP.dllunknown module: MPR.dllunknown module: msiltcfg.dllunknown module: CLBCatQ.DLLunknown module: OLEAUT32.dllunknown module: imagehlp.dllunknown module: KERNELBASE.dll
.text           C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[4508] USER32.dll!NotifyWinEvent + 6AE   7617D66C 4 Bytes  [bB, 30, 92, 6F]
 
---- User IAT/EAT - GMER 2.1 ----
 
IAT             C:\Windows\Explorer.EXE[3288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                          [7282249F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                     [72805652] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                    [72805710] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                           [7282251A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                 [7281857E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                   [72814D32] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                  [728150D9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                 [728151AE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]        [728166DB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                  [728182D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]             [72818824] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]           [72819085] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                 [7281E228] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3288] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                     [72814C64] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
 
---- Devices - GMER 2.1 ----
 
Device          \Driver\GbFtIn \Device\                                                                                  gbftin32.sys
 
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                  kltdi.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                                                  kltdi.sys
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                kltdi.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                                 fltmgr.sys
 
---- Files - GMER 2.1 ----
 
File            C:\ProgramData\Trusteer\Rapport\store\user\fsm_service_var_0.js.data                                     0 bytes
 
---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok,

 

1)

 

Baixe o AdwCleaner e salve no desktop.
https://toolslib.net/downloads/finish/1/

Execute o arquivo adwcleaner.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo adwcleaner.exe, depois clique em execadmin.png.

Clique no botão Examinar e aguarde o exame finalizar.

Clique no botão Limpar.

Abrirá um bloco de notas com o resultado. Anexe o log na sua próxima resposta.

NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

2)

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe 1268r49.png e salve no desktop. Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

* No Windows Vista e Windows 7:

Clique com o direito sobre o JRT.exe e selecione run_as_adm1.png

A ferramenta começara o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Anexe o log na sua próxima resposta.

3)

 

Baixe o Malwarebytes' Anti-Malware (MBAM)
http://malwarebytes....am-download.php

Dê um duplo-clique no mbam-setup.exe, para a instalação.

  • Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO.
  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware (se houver) e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, caso o programa tenha sido instalado em Inglês, com o programa aberto, clique em Settings e no campo Language mude para Portuguese (Brasil).
  • Ainda na tela de Configurações, clique em Detecção e proteção, marque Verificar por Rootkits. Em Detecções PUP (programas potencialmente indesejados):, selecione Tratar detecções como malware.
  • Clique em Verificar em seguida Verificar ameaça por fim clique em Verificar agora.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, se houver ítens encontrados, clique no botão Mover todos para a Quarentena..
  • Clique em Aplicar ações.
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Histórico -> Logs de aplicativos na janela principal do programa. Utilize o formato .txt para exportar o log.
  • Anexe o log na sua próxima resposta..

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log do ADW:

 

# AdwCleaner v3.302 - Relatório criado 01/08/2014 às 15:14:34
# Atualizado 30/07/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (32 bits)
# Usuário : Fernando - FERNANDO-PC
# Executando de : C:\Users\Fernando\Desktop\adwcleaner_3.302.exe
# Opção : Limpar
 
***** [ Serviços ] *****
 
 
***** [ Arquivos / Pastas ] *****
 
Pasta Deletada : C:\Program Files\Mobogenie
Pasta Deletada : C:\Users\Fernando\AppData\Local\genienext
Pasta Deletada : C:\Users\Fernando\AppData\Local\Mobogenie
Arquivo Deletada : C:\Users\Fernando\daemonprocess.txt
 
***** [ Tarefas ] *****
 
 
***** [ Atalhos ] *****
 
 
***** [ Registro ] *****
 
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 
***** [ Navegadores ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Google Chrome v36.0.1985.125
 
[ Arquivo : C:\Users\Fernando\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deletedo [search Provider] : hxxp://br.ask.com/web?q={searchTerms}
Deletedo [Extension] : lpoimibckejjdjcfbdnajaicnklhfplh
 
*************************
 
AdwCleaner[R0].txt - [6928 octets] - [30/01/2014 17:01:44]
AdwCleaner[R1].txt - [6988 octets] - [30/01/2014 17:03:49]
AdwCleaner[R2].txt - [1685 octets] - [01/08/2014 15:12:01]
AdwCleaner[s0].txt - [7006 octets] - [30/01/2014 17:04:36]
AdwCleaner[s1].txt - [1585 octets] - [01/08/2014 15:14:34]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1645 octets] ##########

log do MBAM:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Data de Verificação: 01/08/2014
Hora da Verificação: 15:26:44
Logfile: MBAM.txt
Administrador: Sim
 
Versão: 2.00.2.1012
Malware Database: v2014.08.01.04
Rootkit Database: v2014.07.17.01
Licença: Trial
Proteção de Malware: Enabled
Proteção de Site Malicioso: Enabled
Self-protection: Desabilitado
 
OS: Windows 7 Service Pack 1
CPU: x86
Sistema de Arquivo: NTFS
Usuário: Fernando
 
Tipo da Verificação: Verificar Ameaça
Resultado: Completado
Arquivos Verificados: 293402
Tempo Decorrido: 12 min, 37 seg
 
Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processos: 0
(No malicious items detected)
 
Módulos: 0
(No malicious items detected)
 
Chaves de Registro: 0
(No malicious items detected)
 
Valores de Registro: 0
(No malicious items detected)
 
Dados do Registro: 0
(No malicious items detected)
 
Pastas: 0
(No malicious items detected)
 
Arquivos: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

O Programa JRT, não acontece nada, nem executando como administrador....não aparece nada....

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Farbar Recovery Scan Tool e salve na sua área de trabalho.
32 bit (x86) ou 64 bit (x64)

Dê um duplo-clique para executar a ferramenta. Aceite o contrato e depois clique no botão Scan.

Aguarde e ao final, os logs FRST.txt e Addition.txt serão salvos no seu desktop.

Anexe os logs na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Calos bom dia,

 

Nem o JRT e nem o FRST rodam no meu computador! No caso do FRST, aparece brevemente a janela do programa, mas logo ela se fecha impedindo qualquer ação. Fiz o teste em modo de segurança e acontece a mesma coisa...

 

GRato,

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixei sim, meu sistema é 32bits. Carlos, acabei tambem passando o Combofix, para ver se nos dá uma dica, abaixo segue o log :

 

ComboFix 14-08-02.02 - Fernando 04/08/2014  11:18:36.1.4 - x86 NETWORK
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.55.1046.18.3037.2112 [GMT -3:00]
Executando de: c:\users\Fernando\Downloads\ComboFix.exe
AV: Kaspersky Anti-Virus *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Criado um novo ponto de restauração
.
ADS - system32: deleted 6 bytes in 3 streams.
ADS - drivers: deleted 475 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Fernando\AppData\Roaming\unins000.exe
c:\users\Fernando\Documents\E4B7524.tmp
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2014-07-04 to 2014-08-04  ))))))))))))))))))))))))))))
.
.
2014-08-04 14:24 . 2014-08-04 14:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-04 14:14 . 2014-08-04 14:14 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AAC5DF10-D189-4EB0-963A-8BDB49C92525}\offreg.dll
2014-08-04 14:13 . 2014-08-04 14:23 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2014-08-01 18:12 . 2010-08-30 11:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-08-01 06:39 . 2014-07-02 03:11 8217224 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AAC5DF10-D189-4EB0-963A-8BDB49C92525}\mpengine.dll
2014-07-30 13:22 . 2014-07-30 13:22 110296 ----a-w- c:\windows\system32\drivers\7A534BDA.sys
2014-07-28 13:13 . 2014-07-28 13:13 110296 ----a-w- c:\windows\system32\drivers\476F44D2.sys
2014-07-25 16:41 . 2014-07-25 16:41 110296 ----a-w- c:\windows\system32\drivers\2A2C7C1D.sys
2014-07-21 21:21 . 2014-07-21 21:21 110296 ----a-w- c:\windows\system32\drivers\22BC7E0C.sys
2014-07-21 16:50 . 2014-07-21 16:51 -------- d-----w- c:\programdata\Protexis
2014-07-21 16:50 . 2014-07-21 16:51 -------- d-----w- c:\users\Fernando\AppData\Roaming\Corel
2014-07-21 16:40 . 2014-07-21 16:40 -------- d-----w- c:\program files\Microsoft SDKs
2014-07-21 16:40 . 2014-07-21 16:40 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2014-07-21 16:37 . 2014-07-21 16:37 -------- d-----w- c:\program files\Common Files\Corel
2014-07-21 16:36 . 2014-07-21 16:36 -------- d-----w- c:\program files\Common Files\Protexis
2014-07-21 16:36 . 2014-07-21 16:36 -------- d-----w- c:\programdata\Corel
2014-07-21 16:32 . 2014-07-21 16:32 -------- d-----w- c:\program files\Corel
2014-07-09 12:21 . 2014-06-30 01:40 404480 ----a-w- c:\windows\system32\aepdu.dll
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-04 12:10 . 2014-05-27 20:28 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-09 16:11 . 2013-10-01 10:16 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 16:11 . 2013-10-01 10:16 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-03 19:35 . 2014-07-03 19:35 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-06-20 07:01 . 2013-12-27 11:09 588496 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-06-10 13:46 . 2013-09-12 17:51 47192 ----a-w- c:\windows\system32\drivers\gbpkm.sys
2014-05-20 07:15 . 2013-10-03 19:04 74848 ----a-w- c:\windows\system32\drivers\klflt.sys
2014-05-12 10:26 . 2014-05-27 20:28 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-12 10:25 . 2014-05-27 20:28 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 10:25 . 2014-01-30 20:22 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-08 09:06 . 2014-06-11 05:41 2742784 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-08 09:06 . 2014-06-11 05:41 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-12-27 11:14 220632 ----a-w- c:\users\Fernando\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-12-27 11:14 220632 ----a-w- c:\users\Fernando\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-12-27 11:14 220632 ----a-w- c:\users\Fernando\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Fernando\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Fernando\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Fernando\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Fernando\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Fernando\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Fernando\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Fernando\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Fernando\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-12 7739936]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"HPUsageTrackingLEDM"="c:\program files\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2012-09-07 143360]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096]
"CertificateRegistration"="aetcrss1.exe" [2011-04-21 151552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-10-23 152392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"wdbraz_certm"="c:\windows\System32\WatchData\Watchdata Brazil CSP v1.0\BBCertM32.exe" [2013-01-28 59440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-09-17 280576]
.
c:\users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Fernando\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-21 35464216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\program files\GbPlugin\gbiehUni.dll" [2014-05-05 1586744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]
2014-05-06 18:04 1697848 ------w- c:\program files\GbPlugin\gbiehabn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2014-06-26 20:21 1746984 ----a-w- c:\program files\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
2014-05-05 12:39 1586744 ------w- c:\program files\GbPlugin\gbiehuni.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 Bhbase;Baidu Hook Base;c:\windows\System32\drivers\Bhbase.sys [2013-12-18 47456]
R0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2014-05-04 123512]
R1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2013-10-03 145040]
R1 RapportCerberus_68261;RapportCerberus_68261;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_68261.sys [2014-05-15 358008]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2014-05-04 170968]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2014-05-04 249400]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-03-31 81920]
R2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BPowMon\BPowMon.exe [2009-08-17 79168]
R2 ClickToRunSvc;Serviço Clique para Executar do Microsoft Office;c:\program files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [2014-05-21 1565880]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\bancob~1\Firebird\bin\fbguard.exe [2008-06-13 81920]
R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\bancob~1\Firebird\bin\fbserver.exe [2008-06-13 2723840]
R2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2014-06-26 555048]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [2009-06-24 136704]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-04-07 99896]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-05-12 860472]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-09 144672]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2014-05-04 1882392]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-07-02 5037888]
R3 A38CCID;CCID USB Smart Card Reader;c:\windows\system32\DRIVERS\a38ccid.sys [2013-10-03 39936]
R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2012-06-05 266240]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2013-02-17 11136]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2013-02-17 96000]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2013-02-17 27520]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2013-02-26 205312]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-06-18 108032]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2013-10-10 25696]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2013-10-10 25696]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-05-12 23256]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-05-12 51928]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2010-03-06 17408]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\DRIVERS\gbpndisrd.sys [2014-04-22 31088]
R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-07-30 21744]
R3 PCFApiUtil;PCFApiUtil;c:\program files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WSDScan;Suporte de Digitalização WSD via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
R4 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2011-03-14 271712]
R4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-05-12 1809720]
R4 VIVO INTERNET. RunOuc;VIVO INTERNET. OUC;c:\program files\VIVO INTERNET\UpdateDog\ouc.exe [2013-02-17 657504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2014-06-10 47192]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2013-12-11 25696]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-10-03 44000]
S1 Ndisrd;GAS Tecnologia Filter Driver;c:\windows\system32\DRIVERS\gbpndisrdn.sys [2014-03-13 29400]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2013-05-13 65200]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2013-02-17 76544]
S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-08-21 273960]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-19 03:45 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2014-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-01 16:11]
.
2014-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-05-09 21:25]
.
2014-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-05-09 21:25]
.
2014-07-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-08-05 23:47]
.
2014-08-04 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-08-05 23:47]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bancoreal.com.br\www
Trusted Zone: bancosantander.com.br\www
Trusted Zone: bb.com.br\seg
Trusted Zone: bb.com.br\www
Trusted Zone: itau.com.br
Trusted Zone: itau.com.br\bankline
Trusted Zone: itau.com.br\clickbanking
Trusted Zone: itau.com.br\guardiao
Trusted Zone: itau.com.br\www
Trusted Zone: realsecureweb.com.br\www
Trusted Zone: realsecureweb.com.br\www2
Trusted Zone: realsecureweb.com.br\wwws
Trusted Zone: santander.com.br\www
Trusted Zone: santanderempresarial.com.br\www
Trusted Zone: santandernet.com.br\www
Trusted Zone: santandernet.com.br\wwws
Trusted Zone: santandernet.com.br\wwws2
Trusted Zone: santandernetibe.com.br\www
Trusted Zone: secureweb.com.br\www
TCP: DhcpNameServer = 200.204.0.10 192.168.0.2
TCP: Interfaces\{95D9317B-43FD-476C-876D-560639DC8622}: NameServer = 187.100.246.254 187.100.246.251
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-Locked - (no file)
AddRemove-{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1 - c:\users\Fernando\AppData\Roaming\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(512)
c:\program files\GBPLUGIN\gbftbbt.dll
.
Tempo para conclusão: 2014-08-04  11:25:30
ComboFix-quarantined-files.txt  2014-08-04 14:25
.
Pré-execução: 400.550.924.288 bytes disponíveis
Pós execução: 401.061.691.392 bytes disponíveis
.
- - End Of File - - 035549F53A08D56BA78A5BE67FA9DAE6
A36C5E4F47E84449FF07ED3517B43A31
 
abs,

Compartilhar este post


Link para o post
Compartilhar em outros sites

 

Baixei sim, meu sistema é 32bits. Carlos, acabei tambem passando o Combofix, para ver se nos dá uma dica, abaixo segue o log :

 

Nenhum momento foi solicitado o uso na ferramenta! :(

 

É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

 

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

 

Se continuar usando ferramentas por conta própria, Paramos por aqui.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Carlos não interprete mal, a intenção foi ajudar, ok?  ;)

 

Abs,

Compartilhar este post


Link para o post
Compartilhar em outros sites

Carlos não interprete mal, a intenção foi ajudar, ok?  ;)

 

Abs,

 

 

Se fosse para tentar resolver o problema por só. Não há necessidade do meu acompanhamento. (_(

 

Qual é a marca/modelo do seu modem/roteador? Veja se consegue acessar as configurações e verifique o DNS que está configurado e me informe.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia Biga,

 

D-Link, porém perdi o login e a senha... :(

 

Abs,

 

Possivelmente o problema esteja no aparelho. E terá que resetar e configurar novamente.

http://www.linhadefensiva.org/2012/03/criminosos-alteram-dns-de-modems-usando-falha-para-realizar-fraudes/

 

Faça o seguinte teste. Altere o DNS do seu pc para o do Google, e veja se o problema continua.

http://ajuda.caminhoweb.com.br/?p=294

Compartilhar este post


Link para o post
Compartilhar em outros sites

CArlos boa tarde,

 

Fiz o que você pediu e continua a mesma coisa, porém ao acessar o site do BB com o token alterei a minha senha de acesso e ele aceitou, parece mentira mas acho que era senha expirada e o pessoal de suporte no BB não soube me dizer...Mas ele ainda abre a página da ADOBE sempre que eu saio do site do banco...acho incomum isso.

 

Abs,

Compartilhar este post


Link para o post
Compartilhar em outros sites

Biga,

 

Chegou a resetar os aparelhos da rede?

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.
 
Baixe 51a612a8b27e2-Zoek.pngzoek.exe (por Smeenk) e salve na sua área de trabalho.

Execute o arquivo Zoek.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo Zoek.exe, depois clique em execadmin.png.

Selecione estas linhas dentro do CODE, clique com o direito sobre a seleção e escolha a opção copiar.

shortcutfix;autoclean;msconfigcheck;ipconfig /flushdns >>"%temp%\log.txt";b

Clique com o direito em qualquer parte branca do Zoek e escolha a opção colar

Nota: Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.


Clique [Run Script]

Aguarde o scan. Ao final abrirá o bloco de notas com o relatório.

Uma cópia também será salva no seu disco local com o nome zoek-results.txt

Anexe o zoek-results.txt na sua próxima resposta.

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde,

 

Segue log solicitado :

 

 
Zoek.exe v5.0.0.0 Updated 07-August-2014
Tool run by Fernando on 08/08/2014 at 11:50:16,84.
Microsoft Windows 7 Home Basic  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Fernando\Downloads\zoek.exe [scan all users] [script inserted] 
 
==== System Restore Info ======================
 
08/08/2014 11:51:57 Zoek.exe System Restore Point Created Succesfully.
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Batch Command(s) Run By Tool======================
 
 
Configura‡Æo de IP do Windows
 
Libera‡Æo do Cache do DNS Resolver bem-sucedida.
 
==== Deleting Files \ Folders ======================
 
C:\Users\Fernando\.android deleted
C:\Users\Fernando\AppData\Local\cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Banco do Brasil deleted
C:\Users\Fernando\Searches deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Users\Fernando\AppData\Roaming\unins001.exe deleted
C:\Users\Fernando\AppData\Roaming\unins002.exe deleted
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"content_blocker@kaspersky.com"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com" [20/05/2014 04:15]
 
==== Chrome Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx[18/08/2012 15:06]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\content_blocker_chrome.crx[18/08/2012 15:06]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx[03/10/2013 16:26]
 
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
abmojiekfpcmkkfamgfcpgfgipocface - C:\Users\Fernando\AppData\Local\GAS Tecnologia\GBBD\abn\sf.crx[08/01/2014 08:38]
caimihdmbpgddfpkbochehpehdglpcim - C:\Users\Fernando\AppData\Local\GAS Tecnologia\GBBD\uni\sf.crx[17/10/2013 19:21]
 
GBBD Banco Santander (Brasil) S.A. - Fernando\AppData\Local\Google\Chrome\User Data\Default\Extensions\abmojiekfpcmkkfamgfcpgfgipocface
GBBD Banco Itaú - Fernando\AppData\Local\Google\Chrome\User Data\Default\Extensions\caimihdmbpgddfpkbochehpehdglpcim
GBBD Banco Santander (Brasil) S.A. - Fernando\AppData\Local\Google\Chrome\User Data\Default\Extensions\embboanagkhdghdnaekpbpgfckeejmlo
GBBD Guardião - Itaú 30 horas - Fernando\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg
 
==== Chromium Startpages ======================
 
C:\Users\Fernando\AppData\Local\Google\Chrome\User Data\Default\Preferences
"startup_urls": [ "http://www.google.com/" ],
 
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{BA96B563-B1D9-459B-93D2-01AF789334B6}"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{BA96B563-B1D9-459B-93D2-01AF789334B6} Unknown  Url="Not_Found"
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-857717189-24876604-2415838642-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BA96B563-B1D9-459B-93D2-01AF789334B6} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{22C7F6C6-8D67-4534-92B5-529A0EC09405} deleted successfully
 
==== shortcuts on Users Desktops ======================
 
C:\Users\Fernando\Desktop\Depósitos de Cheques (BB Cheque) - para Windows.lnk -  
C:\Users\Fernando\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe 
C:\Users\Fernando\Desktop\NORTH_GSCOM - Atalho.lnk - N:\NORTH_GSCOM.exe 
C:\Users\Fernando\Desktop\NORTH_GSFIN.exe - Atalho.lnk - N:\NORTH_GSFIN.exe 
C:\Users\Fernando\Desktop\Outlook 2013.lnk - C:\Program Files\Microsoft Office 15\root\office15\outlook.exe 
C:\Users\Fernando\Desktop\Replast Antigo.lnk - \\Servidor\oldsystem\Replast.exe 
C:\Users\Fernando\Desktop\Replast.exe - Atalho.lnk - H:\Replast.exe 
 
==== shortcuts on All Users Desktop ======================
 
C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe 
C:\Users\Public\Desktop\BB Cobrança.lnk -  
C:\Users\Public\Desktop\BB Token Admin Tool.lnk - C:\Program Files\Brazil\Brazil USB token Tool\BBAdmintool.exe 
C:\Users\Public\Desktop\Bitstream Font Navigator.lnk - C:\Program Files\Corel\CorelDRAW Graphics Suite X5\FontNav\FontNav.exe 
C:\Users\Public\Desktop\Brother Creative Center.lnk - C:\Program Files\Brother\CreativeCenter\Brother Creative Center.url 
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe 
C:\Users\Public\Desktop\CorelDRAW X5.lnk - c:\Windows\Installer\{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}\NewShortcut1.exe 
C:\Users\Public\Desktop\Dell Backup and Recovery Manager.lnk - C:\Windows\Installer\{4688EB75-28E2-4731-9BCB-55E624F7CD45}\_9507887DA4DF90EAEF3077.exe 
C:\Users\Public\Desktop\Easy Phone Sync.lnk - C:\Program Files\Media Mushroom Limited\Easy Phone Sync\Easy Phone Sync.exe 
C:\Users\Public\Desktop\EFD ICMS IPI.lnk - C:\Program Files\Programas_SPED\Fiscal2\spedfiscal.exe 
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe 
C:\Users\Public\Desktop\Kantoo English.lnk -  
C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\starter_avp.exe 
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe 
C:\Users\Public\Desktop\Nuvem de Livros.lnk -  
C:\Users\Public\Desktop\Segurança Online.lnk -  
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe 
C:\Users\Public\Desktop\TeamViewer 9.lnk - C:\Program Files\TeamViewer\Version9\TeamViewer.exe 
C:\Users\Public\Desktop\UniDANFE.lnk - C:\Unimake\UniNFe\unidanfe.exe 
C:\Users\Public\Desktop\Video Tutorials.lnk - c:\Windows\Installer\{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}\NewShortcut6_CB374E334DC6464A9290A10D941E6568.exe 
C:\Users\Public\Desktop\VIVO INTERNET.lnk - C:\Program Files\VIVO INTERNET\VIVO INTERNET.exe 
 
==== shortcuts in Users Start Menu ======================
 
C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Fernando\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Fernando\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe 
C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Fernando\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
 
==== shortcuts in All Users Start Menu ======================
 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk - C:\Program Files\TeamViewer\Version9\TeamViewer.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X5\Bitstream Font Navigator.lnk - C:\Program Files\Corel\CorelDRAW Graphics Suite X5\FontNav\FontNav.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X5\CorelDRAW X5.lnk - c:\Windows\Installer\{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}\NewShortcut1.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X5\Duplexing Wizard.lnk - c:\Windows\Installer\{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}\NewShortcut4.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X5\Video Tutorials.lnk - c:\Windows\Installer\{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}\NewShortcut6_CB374E334DC6464A9290A10D941E6568.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X5\Documentation\Corel PHOTO-PAINT X5 Object Model Diagram PDF .lnk - C:\Program Files\Corel\CorelDRAW Graphics Suite X5\Data\Corel PHOTO-PAINT Object Model Diagram.pdf 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X5\Documentation\CorelDRAW Graphics Suite X5 Guidebook (PDF).lnk - C:\Program Files\Corel\CorelDRAW Graphics Suite X5\Setup\DocLauncher.exe Help\GB.pdf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X5\Documentation\CorelDRAW X5 Object Model Diagram PDF.lnk - C:\Program Files\Corel\CorelDRAW Graphics Suite X5\Data\CorelDRAW Object Model Diagram.pdf 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X5\Documentation\CorelDRAW X5 User Guide PDF.lnk - C:\Program Files\Corel\CorelDRAW Graphics Suite X5\Setup\DocLauncher.exe "Help\CorelDRAW User Guide.pdf"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X5\Documentation\Macro Programming Guide PDF.lnk - C:\Program Files\Corel\CorelDRAW Graphics Suite X5\Data\Macro Programming Guide.pdf 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5\Ajuda do PowerDVD 9.5.lnk - C:\Program Files\CyberLink\PowerDVD9\Language\Ptb\PowerDVD9.CHM 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5\CyberLink PowerDVD 9.5.lnk - C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe 
 
==== shortcuts in Quick Launch ======================
 
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Fernando\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe 
C:\Users\Fernando\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe 
C:\Users\Fernando\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE  /recycle
C:\Users\Fernando\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE /recycle
C:\Users\Fernando\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Fernando\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Fernando\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe 
C:\Users\Fernando\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe 
C:\Users\Fernando\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Outlook 2013.lnk - C:\Program Files\Microsoft Office 15\root\office15\outlook.exe 
C:\Users\Fernando\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Remote Desktop Connection.lnk - C:\Windows\system32\mstsc.exe 
C:\Users\Fernando\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe 
C:\Users\Fernando\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
 
==== Deleting Registry Keys ======================
 
HKEY_CURRENT_USER\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
 
==== Empty IE Cache ======================
 
C:\Users\Fernando\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Fernando\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Fernando\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=140 folders=23 3844980 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Fernando\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\USURIO~1\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Fernando\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on 08/08/2014 at 12:20:03,31 ======================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporiariamente seu AntiVirus

  • Segure o botão Ctrl e clique neste link para abrir o ESET Online Scanner em uma nova janela.
  • Clique neste botão: j9Byf.png?1
  • Para navegadores alternativos: (Caso use o Internet Explorer, pule esta etapa)esetsmartinstaller_enu.png
    • Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Intaller. Salve-o em seu desktop.
    • Duplo clique no ícone em seu desktop.
  • Marque "YES, I accept the Terms of Use."
  • Clique em Start.
  • Aceite qualquer aviso de segurança de seu browser.
  • Em scan settings, marque "Scan Archives" e "Remove found threats"
  • Clique em Advanced settings e marque o seguinte:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Clique Change e marque também a caixa Computador.
  • Clique em Start.
  • Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas.
  • Quando o scan terminar, clique em List of found threats
  • Clique em Export to text file e salve o log na sua área de trabalho.
  • Clique em Back.
  • Clique em Finish.
  • Anexe o log.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Carlos bom dia,

 

Fiz o que você pediu, o anti virus, achou um malware, eliminou mas não gerou nenhum log...

 

Abs

Compartilhar este post


Link para o post
Compartilhar em outros sites

Carlos bom dia,

 

Fiz o que você pediu, o anti virus, achou um malware, eliminou mas não gerou nenhum log...

 

Abs

 

Veja se encontra o log em c:\program files\Eset\Eset Oninne Scanner\log.txt

 

Informe se o problema inicial continua.

Compartilhar este post


Link para o post
Compartilhar em outros sites
# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=8daf3c2e1947db49bb45c3a27c378795

# engine=19605

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2014-08-11 11:19:33

# local_time=2014-08-11 08:19:33 (-0300, Hora oficial do Brasil)

# country="Brazil"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='Kaspersky Anti-Virus'

# compatibility_mode=1290 16777213 100 100 0 62468295 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776573 100 94 0 159347564 0 0

# scanned=176012

# found=1

# cleaned=1

# scan_time=4920

sh=DD6E088E22874B283348A15DB5159C7B20CC6D22 ft=1 fh=fe9dda6ca79832a6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Fernando\Downloads\412-ccsetup407.exe"

 

A página da Adobe continua abrindo após sair do site do BB....

Compartilhar este post


Link para o post
Compartilhar em outros sites

 

A página da Adobe continua abrindo após sair do site do BB....
 
Qual o modelo e marca do seu modem? Verifique qual DNS está configurado e me informe.
 
Não há sinais de malware no pc.

Compartilhar este post


Link para o post
Compartilhar em outros sites

CArlos quando cliquei no link do e-mail do Clube do Hardware para acessar esta página, apareceu uma página da Adobe e tambem o Kaspersky apareceu a mensagem Trojan.win32.generic e depois excluído. Quanto ao modem lembra que falei que perdi o login e a senha?

 

Abs,

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×