MalwareCrypt
October 26, 2014, 03:26:14 AM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News:
 
   Home   Help Search Login Register  
Pages: 1 ... 4 5 [6] 7 8 9
  Print  
Author Topic: Brasil Internet Banking password blocked  (Read 29964 times)
EdioIlha
Full Member
***
Posts: 108


« Reply #75 on: June 03, 2011, 10:40:57 PM »

Sorry, Im going to sleep now, Its winter here in Brasil, Im on very south of Brasil its too cold Cry, and Im a little bit sick like a flu.
Thx a lot for while.
I will be here later!
Logged
Jintan
Administrator
Hero Member
*****
Posts: 4012



WWW
« Reply #76 on: June 04, 2011, 06:49:21 PM »

I hope you feel better. It is Summer here, and warm. Smiley

Temp disable security softwares, then open OTL again.

Under the Custom Scans/Fixes box at the bottom, paste in the following (inside the Code box):
Code:
:Services
GbpSv
GbpKm
:OTL
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540011} - C:\Arquivos de programas\GbPlugin\gbiehscd.dll (Sicredi)

O20 - Winlogon\Notify\ GbPluginBb: DllName - C:\Arquivos de programas\GbPlugin\gbieh.dll - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\ GbPluginCef: DllName - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehCef.dll - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O20 - Winlogon\Notify\ GbPluginScd: DllName - C:\ARQUIV~1\GbPlugin\gbiehScd.dll - C:\Arquivos de programas\GbPlugin\gbiehscd.dll (Sicredi)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399011} - C:\Arquivos de programas\GbPlugin\gbiehscd.dll (Sicredi)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)
Then click "Run Fix".

Once the scan completes a text box will open - copy/paste those contents back here please (this will also be saved to the desktop as OTL.txt).
Logged
EdioIlha
Full Member
***
Posts: 108


« Reply #77 on: June 04, 2011, 07:58:16 PM »

Hi there, ye Im better now.

Here is the log, OTL reboot the computer, and after that shows a notepad window with this

========== SERVICES/DRIVERS ==========
Error: No service named GbpSv was found to stop!
Unable to delete service\driver key GbpSv.
Error: Unable to stop service GbpKm!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GbpKm deleted successfully.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540000}\ deleted successfully.
File move failed. C:\Arquivos de programas\GbPlugin\gbieh.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540003}\ deleted successfully.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540003}\ .
File move failed. C:\Arquivos de programas\GbPlugin\gbiehcef.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540011}\ deleted successfully.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540011}\ .
File move failed. C:\Arquivos de programas\GbPlugin\gbiehscd.dll scheduled to be moved on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb\ scheduled to be deleted on reboot.
File move failed. C:\Arquivos de programas\GbPlugin\gbieh.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef\ deleted successfully.
File move failed. C:\Arquivos de programas\GbPlugin\gbiehcef.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginScd\ deleted successfully.
File move failed. C:\Arquivos de programas\GbPlugin\gbiehscd.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{E37CB5F0-51F5-4395-A808-5FA49E399003} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E37CB5F0-51F5-4395-A808-5FA49E399003}\ deleted successfully.
File move failed. C:\Arquivos de programas\GbPlugin\gbiehcef.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{E37CB5F0-51F5-4395-A808-5FA49E399011} deleted successfully.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E37CB5F0-51F5-4395-A808-5FA49E399011}\ .
File move failed. C:\Arquivos de programas\GbPlugin\gbiehscd.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{E37CB5F0-51F5-4395-A808-5FA49E399F83} deleted successfully.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E37CB5F0-51F5-4395-A808-5FA49E399F83}\ .
File move failed. C:\Arquivos de programas\GbPlugin\gbieh.dll scheduled to be moved on reboot.
 
OTL by OldTimer - Version 3.2.22.3 log created on 06042011_224621

Files\Folders moved on Reboot...
File move failed. C:\Arquivos de programas\GbPlugin\gbieh.dll scheduled to be moved on reboot.
File move failed. C:\Arquivos de programas\GbPlugin\gbiehcef.dll scheduled to be moved on reboot.
File move failed. C:\Arquivos de programas\GbPlugin\gbiehscd.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb\ scheduled to be deleted on reboot.


How does it look?
Logged
Jintan
Administrator
Hero Member
*****
Posts: 4012



WWW
« Reply #78 on: June 04, 2011, 08:45:04 PM »

Well, on and off. Let's look, then correct what remains. Run and post a new OTL log please.
Logged
EdioIlha
Full Member
***
Posts: 108


« Reply #79 on: June 04, 2011, 09:03:34 PM »

Okay,

Im doing that.

Logged
EdioIlha
Full Member
***
Posts: 108


« Reply #80 on: June 04, 2011, 09:05:00 PM »

OTL logfile created on: 4/6/2011 23:57:33 - Run 3
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Documents and Settings\Pires\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy
 
512,00 Mb Total Physical Memory | 76,00 Mb Available Physical Memory | 15,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 126,96 Gb Total Space | 98,53 Gb Free Space | 77,61% Space Free | Partition Type: NTFS
Drive D: | 22,09 Gb Total Space | 12,52 Gb Free Space | 56,69% Space Free | Partition Type: NTFS
 
Computer Name: ROSIMERI | User Name: Pires | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/05/31 12:19:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
PRC - [2011/05/17 23:16:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pires\Desktop\OTL.exe
PRC - [2011/05/16 16:00:48 | 000,169,760 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe
PRC - [2010/12/08 12:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Arquivos de programas\LogMeIn\x86\ramaint.exe
PRC - [2010/12/08 12:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/11/08 11:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/08/11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/04/13 18:21:26 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logon.scr
PRC - [2008/04/13 18:21:18 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2008/04/13 18:21:00 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/13 15:57:06 | 000,280,712 | ---- | M] (Open Communications Security S/A) -- C:\WINDOWS\system32\SnMgrSvc.exe
PRC - [2006/08/03 02:12:36 | 000,577,536 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/05/17 23:16:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pires\Desktop\OTL.exe
MOD - [2011/04/18 15:12:24 | 000,496,072 | ---- | M] (Caixa Economica Federal) -- C:\Arquivos de programas\GbPlugin\gbiehcef.dll
MOD - [2010/08/23 13:11:58 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 18:20:44 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008/04/13 18:20:30 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (uvnc_service)
SRV - File not found [Auto | Stopped] --  -- (avp)
SRV - [2011/05/16 16:00:48 | 000,169,760 | ---- | M] ( ) [Unknown | Running] -- C:\Arquivos de programas\GbPlugin\gbpsv.exe -- (GbpSv)
SRV - [2010/12/08 12:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/12/08 12:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/08 11:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/04/13 15:57:06 | 000,280,712 | ---- | M] (Open Communications Security S/A) [Auto | Running] -- C:\WINDOWS\System32\SnMgrSvc.exe -- (SNMgrSvc)
SRV - [2006/10/26 12:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/05/16 16:00:20 | 000,047,008 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gbpkm.sys -- (GbpKm)
DRV - [2010/12/08 12:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Arquivos de programas\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/04/13 11:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/04/16 20:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/04/13 15:58:10 | 000,034,440 | ---- | M] (Open Communications Security S/A) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SNSMS.SYS -- (SNSMS)
DRV - [2007/04/13 15:48:32 | 000,022,272 | ---- | M] (Open Communications Security) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SNSID.SYS -- (SNSID)
DRV - [2007/04/13 15:46:56 | 000,015,048 | ---- | M] (Open Communications Security SA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\psseckbd.sys -- (Ps2KSecureKeyboard)
DRV - [2007/04/13 15:46:56 | 000,012,464 | ---- | M] (Open Communications Security SA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vhsecmou.sys -- (vhidmini)
DRV - [2006/09/20 12:01:12 | 004,019,072 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006/08/22 14:39:36 | 000,016,640 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2006/08/22 14:18:34 | 000,259,584 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2006/02/27 02:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/12/21 11:30:11 | 000,026,496 | ---- | M] (Perto S.A. Perifericos para Automacao) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pertouxp.sys -- (PERTOUSB)
DRV - [2004/08/03 19:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/07/18 06:58:20 | 000,036,992 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/03/25 14:50:46 | 000,004,096 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\siside.sys -- (SiSide)
DRV - [2002/10/17 12:14:46 | 000,049,024 | R--- | M] (Windows (R) 2000 DDK provider) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2002/08/20 14:19:08 | 000,009,472 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-21-329068152-73586283-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-329068152-73586283-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKU\S-1-5-21-329068152-73586283-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EA 3C 82 01 09 17 CC 01  [binary data]
IE - HKU\S-1-5-21-329068152-73586283-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.google.com.br/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886C}:1.0.18.2
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2011/05/31 12:20:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2011/06/01 22:44:29 | 000,000,000 | ---D | M]
 
[2011/05/16 16:03:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pires\Dados de aplicativos\Mozilla\Extensions
[2011/06/04 00:22:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pires\Dados de aplicativos\Mozilla\Firefox\Profiles\tqslc7bu.default\extensions
[2011/05/16 17:38:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Pires\Dados de aplicativos\Mozilla\Firefox\Profiles\tqslc7bu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/31 12:06:17 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de programas\Mozilla Firefox\extensions
[2011/05/31 12:06:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/31 12:05:46 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\ARQUIVOS DE PROGRAMAS\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/31 12:19:33 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\Mozilla Firefox\components\browsercomps.dll
[2011/05/31 12:05:46 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/31 12:19:39 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\buscape.xml
[2011/05/31 12:19:39 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\mercadolivre.xml
[2011/05/18 15:11:57 | 000,001,043 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\Puxaki.gif
[2011/05/18 15:11:57 | 000,001,006 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\Puxaki.src
[2011/05/31 12:19:39 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\wikipedia-br.xml
[2011/05/31 12:19:39 | 000,000,952 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\yahoo-br.xml
 
O1 HOSTS File: ([2011/05/20 14:39:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.dll ()
O2 - BHO: (Auxiliar de Conexão do Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540011} - C:\Arquivos de programas\GbPlugin\gbiehscd.dll (Sicredi)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\RunOnce: [ GbPluginBb] C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)
O4 - HKLM..\RunOnce: [ GbPluginCef] C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O4 - HKLM..\RunOnce: [ GbPluginScd] C:\Arquivos de programas\GbPlugin\gbiehscd.dll (Sicredi)
O4 - HKLM..\RunOnce: [OTL] C:\Documents and Settings\Pires\Desktop\OTL.exe (OldTimer Tools)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-73586283-839522115-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-329068152-73586283-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-329068152-73586283-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-329068152-73586283-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: &Teclado Virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - Reg Error: Key error. File not found
O9 - Extra Button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} https://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab (CAtmCap Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229607329437 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254840391265 (MUWebControl Class)
O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} https://certificacao.unibanco.com.br/VSApps/vspta3.cab (VSPTA Class)
O16 - DPF: {76295885-F8F4-48B7-A180-C50496FE6DF6} https://ww7.banrisul.com.br/bsd/link/BSDSI6XW_IIDBrowserPluginCOM.CAB (InternetIDX5 Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0011-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.1.0/jinstall-1_1_0-windows-i586.cab (Java Plug-in 1.1.0)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} https://www14.bancobrasil.com.br/plugin/GbpDist.cab (GbpDistObj Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399011} https://si-plg.sicredi.com.br/Cab/GbPluginScd.cab (GbPluginObj Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginBb: DllName - C:\Arquivos de programas\GbPlugin\gbieh.dll - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\ GbPluginCef: DllName - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehCef.dll - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O20 - Winlogon\Notify\ GbPluginScd: DllName - C:\ARQUIV~1\GBPLUGIN\gbiehScd.dll - C:\Arquivos de programas\GbPlugin\gbiehscd.dll (Sicredi)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O22 - SharedTaskScheduler: {A3717295-941D-416F-9384-ED1736729F1C} - scpLIB - Reg Error: Key error. File not found
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Alegria.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Alegria.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Arquivos de programas\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399011} - C:\Arquivos de programas\GbPlugin\gbiehscd.dll (Sicredi)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/18 10:21:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/05/13 13:33:17 | 000,000,000 | ---D | M] - C:\Autopecas -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
Logged
EdioIlha
Full Member
***
Posts: 108


« Reply #81 on: June 04, 2011, 09:05:30 PM »

========== Files/Folders - Created Within 30 Days ==========
 
[2011/06/04 22:46:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/04 00:23:44 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pires\Desktop\OTL.exe
[2011/06/04 00:03:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Desktop\backups
[2011/06/01 22:49:02 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Pires\Desktop\HijackThis.exe
[2011/05/31 12:06:09 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/05/31 12:06:06 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/05/31 12:06:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/05/31 12:06:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/05/31 11:47:49 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2011/05/20 14:12:01 | 001,895,960 | ---- | C] (Smallfrogs Studio) -- C:\Documents and Settings\Pires\Desktop\SREngLdr.EXE
[2011/05/20 14:03:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Powertoys for Windows XP
[2011/05/20 13:50:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Desktop\kztechssuite
[2011/05/19 22:49:35 | 000,027,165 | ---- | C] (VIA Technologies, Inc.              ) -- C:\WINDOWS\System32\dllcache\fetnd5.sys
[2011/05/19 22:49:30 | 000,020,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbuhci.sys
[2011/05/19 22:48:57 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gameenum.sys
[2011/05/19 22:48:57 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2011/05/18 22:49:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/18 22:44:02 | 000,000,000 | ---D | C] -- C:\456out.com314134
[2011/05/18 21:01:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/18 20:58:46 | 000,000,000 | ---D | C] -- C:\456out.com
[2011/05/18 20:53:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/18 20:53:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/18 20:53:06 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/18 20:53:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/18 19:37:06 | 000,000,000 | ---D | C] -- C:\HiJackThis
[2011/05/18 18:57:54 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware
[2011/05/18 14:37:45 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Pires\Meus documentos\My Stationery
[2011/05/17 22:24:03 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\ESET
[2011/05/17 21:57:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/05/17 21:47:26 | 016,958,832 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Pires\Desktop\IE8-WindowsXP-x86-PTB.exe
[2011/05/17 09:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Spybot - Search & Destroy
[2011/05/17 08:55:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/05/16 18:05:23 | 000,000,000 | ---D | C] -- C:\LinhaDefensiva
[2011/05/16 17:50:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Desktop\RegSeeker
[2011/05/16 17:45:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Sun
[2011/05/16 17:45:57 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Java
[2011/05/16 17:45:43 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/05/16 17:43:57 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\swreg.exe
[2011/05/16 17:02:47 | 000,033,808 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klbg.sys
[2011/05/16 17:01:09 | 000,019,472 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klmouflt.sys
[2011/05/16 17:01:06 | 000,011,352 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kl2.sys
[2011/05/16 17:01:03 | 000,132,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kl1.sys
[2011/05/16 17:00:59 | 000,031,760 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klim5.sys
[2011/05/16 16:59:38 | 000,296,976 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011/05/16 16:46:43 | 000,157,232 | ---- | C] (Alwil Software) -- C:\Documents and Settings\Pires\Desktop\aswClear.exe
[2011/05/16 16:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Meus documentos\Downloads
[2011/05/16 16:09:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2011/05/16 16:04:57 | 000,000,000 | ---D | C] -- C:\kav
[2011/05/16 16:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Configurações locais\Dados de aplicativos\Mozilla
[2011/05/16 16:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Dados de aplicativos\Mozilla
[2011/05/16 16:02:24 | 355,397,088 | ---- | C] (Kaspersky Lab                                               ) -- C:\Documents and Settings\Pires\Desktop\kasp8.0.2090_adminkitpt_br.exe
[2011/05/16 15:43:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Configurações locais\Dados de aplicativos\Adobe
[2011/05/16 15:38:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Pires\Recent
[2011/05/16 15:23:14 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Hewlett-Packard
[2011/05/16 14:59:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Dados de aplicativos\Sun
[2011/05/16 11:52:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Dados de aplicativos\TeamViewer
[2011/05/16 11:52:06 | 002,686,872 | ---- | C] (TeamViewer GmbH) -- C:\Documents and Settings\All Users\Desktop\TeamViewerQS_pt.exe
[2011/05/16 10:23:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Common Files
[2011/05/16 10:11:08 | 005,559,024 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Pires\Desktop\avg_isct_stb_all_2011_1375.exe
[2011/05/16 09:54:10 | 001,163,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Pires\Desktop\avg_remover_stf_x86_2011_1322.exe
[2011/05/16 09:29:27 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Pires\Desktop\TDSSKiller.exe
[2011/05/16 09:20:15 | 006,389,088 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\Pires\Desktop\AppRemover.exe
[2011/05/16 09:02:56 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Pires\Desktop\esetsmartinstaller_enu.exe
[2011/05/16 08:51:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Dados de aplicativos\Malwarebytes
[2011/05/16 08:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes
[2011/05/16 08:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Dados de aplicativos\SurfSecret Privacy Suite
[2011/05/16 08:24:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/16 08:19:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Pires\IECompatCache
[2011/05/16 08:16:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Dados de aplicativos\Macromedia
[2011/05/16 08:16:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Dados de aplicativos\Adobe
[2011/05/16 08:16:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Pires\PrivacIE
[2011/05/16 08:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Dados de aplicativos\Google
[2011/05/16 08:16:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Dados de aplicativos\Windows Search
[2011/05/16 08:15:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Dados de aplicativos\Panda Security
[2011/05/16 08:12:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Configurações locais\Dados de aplicativos\LogMeIn
[2011/05/16 08:11:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Dados de aplicativos\Identities
[2011/05/16 08:11:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Pires\Meus documentos\Minhas músicas
[2011/05/16 08:11:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Pires\Meus documentos\Minhas imagens
[2011/05/13 10:53:52 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\InstallAffixationInfo
[2011/05/11 12:55:17 | 000,017,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\RkPavproc1.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/06/05 00:01:10 | 000,000,454 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E3A4FC1E-FF65-488C-97E9-5BE1BED16AFD}.job
[2011/06/04 23:59:00 | 000,000,472 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4655A0FF-EF73-447C-A2DF-7FCCC68AA00C}.job
[2011/06/04 23:29:01 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/04 22:52:50 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/04 22:52:50 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/04 22:50:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/04 22:50:44 | 536,449,024 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/04 00:14:23 | 000,000,233 | ---- | M] () -- C:\Documents and Settings\Pires\Desktop\fixer.reg
[2011/06/04 00:05:13 | 000,000,000 | ---- | M] () -- C:\Run
[2011/06/01 22:49:10 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Pires\Desktop\HijackThis.exe
[2011/05/31 12:05:44 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/05/31 12:05:44 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/05/31 12:05:44 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/05/31 12:05:44 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/05/31 12:05:44 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/05/20 14:39:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/20 14:08:46 | 000,676,536 | ---- | M] () -- C:\Documents and Settings\Pires\Desktop\sreng2.zip
[2011/05/20 13:53:09 | 004,113,096 | ---- | M] () -- C:\Documents and Settings\Pires\Meus documentos\Domains.reg
[2011/05/20 13:49:47 | 000,001,432 | ---- | M] () -- C:\Documents and Settings\Pires\Desktop\DelDomains.inf
[2011/05/20 13:16:29 | 001,920,512 | ---- | M] () -- C:\Documents and Settings\Pires\Desktop\kztechssuite.zip
[2011/05/19 19:46:24 | 000,075,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2011/05/19 19:46:24 | 000,075,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\storprop.dll
[2011/05/19 19:46:13 | 002,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2011/05/19 19:46:07 | 002,193,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2011/05/19 19:46:02 | 000,131,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\HAL.DLL
[2011/05/19 19:45:59 | 000,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys
[2011/05/19 19:45:59 | 000,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pciidex.sys
[2011/05/18 22:51:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_SREBACK_20110520143922
[2011/05/18 21:01:37 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/18 20:28:43 | 004,351,251 | R--- | M] () -- C:\Documents and Settings\Pires\Desktop\456out.com.exe
[2011/05/18 15:41:01 | 000,480,248 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
[2011/05/18 15:41:01 | 000,444,486 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/18 15:41:01 | 000,084,186 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
[2011/05/18 15:41:01 | 000,072,362 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/18 14:36:29 | 001,140,736 | ---- | M] () -- C:\Documents and Settings\Pires\Meus documentos\Meu Money.mny
[2011/05/18 13:13:30 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Pires\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/18 00:14:59 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Pires\Desktop\MBR.dat
[2011/05/17 23:16:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pires\Desktop\OTL.exe
[2011/05/17 21:59:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/17 21:31:41 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/17 09:14:59 | 000,000,989 | ---- | M] () -- C:\Documents and Settings\Pires\Desktop\Spybot - Search & Destroy.lnk
[2011/05/16 17:15:54 | 000,002,970 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/16 17:01:23 | 000,114,243 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/05/16 17:01:23 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/05/16 16:46:48 | 000,157,232 | ---- | M] (Alwil Software) -- C:\Documents and Settings\Pires\Desktop\aswClear.exe
[2011/05/16 16:04:50 | 355,397,088 | ---- | M] (Kaspersky Lab                                               ) -- C:\Documents and Settings\Pires\Desktop\kasp8.0.2090_adminkitpt_br.exe
[2011/05/16 16:01:20 | 000,001,674 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/16 16:00:20 | 000,047,008 | ---- | M] (GAS Tecnologia) -- C:\WINDOWS\System32\drivers\GbpKm.sys
[2011/05/16 15:39:34 | 000,001,924 | ---- | M] () -- C:\Documents and Settings\Pires\Desktop\KAVWKSFS25.key
[2011/05/16 14:30:49 | 000,000,092 | -HS- | M] () -- C:\WINDOWS\klif.spi
[2011/05/16 11:35:05 | 000,296,976 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011/05/16 11:17:45 | 000,000,774 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110517-094351.backup
[2011/05/16 10:11:23 | 005,559,024 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Pires\Desktop\avg_isct_stb_all_2011_1375.exe
[2011/05/16 09:54:14 | 001,163,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Pires\Desktop\avg_remover_stf_x86_2011_1322.exe
[2011/05/16 09:20:16 | 006,389,088 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Pires\Desktop\AppRemover.exe
[2011/05/16 09:03:05 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Pires\Desktop\esetsmartinstaller_enu.exe
[2011/05/16 08:14:21 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/05/13 13:33:17 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2011/05/13 13:21:28 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Pires\Desktop\TDSSKiller.exe
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/06/04 00:14:23 | 000,000,233 | ---- | C] () -- C:\Documents and Settings\Pires\Desktop\fixer.reg
[2011/06/04 00:05:13 | 000,000,000 | ---- | C] () -- C:\Run
[2011/05/31 12:20:05 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Mozilla Firefox.lnk
[2011/05/20 14:08:33 | 000,676,536 | ---- | C] () -- C:\Documents and Settings\Pires\Desktop\sreng2.zip
[2011/05/20 13:53:09 | 004,113,096 | ---- | C] () -- C:\Documents and Settings\Pires\Meus documentos\Domains.reg
[2011/05/20 13:49:46 | 000,001,432 | ---- | C] () -- C:\Documents and Settings\Pires\Desktop\DelDomains.inf
[2011/05/20 13:16:29 | 001,920,512 | ---- | C] () -- C:\Documents and Settings\Pires\Desktop\kztechssuite.zip
[2011/05/19 22:54:37 | 536,449,024 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/18 21:01:37 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/18 21:01:34 | 000,261,856 | RHS- | C] () -- C:\cmldr
[2011/05/18 20:53:06 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/18 20:53:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/18 20:53:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/18 20:41:55 | 000,693,528 | ---- | C] () -- C:\Documents and Settings\Pires\Desktop\avgremover-old.exe
[2011/05/18 20:27:01 | 004,351,251 | R--- | C] () -- C:\Documents and Settings\Pires\Desktop\456out.com.exe
[2011/05/18 15:06:59 | 000,000,472 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4655A0FF-EF73-447C-A2DF-7FCCC68AA00C}.job
[2011/05/18 14:36:08 | 001,140,736 | ---- | C] () -- C:\Documents and Settings\Pires\Meus documentos\Meu Money.mny
[2011/05/18 13:13:30 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Pires\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/18 00:14:59 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Pires\Desktop\MBR.dat
[2011/05/17 16:39:36 | 000,000,843 | ---- | C] () -- C:\Documents and Settings\Pires\Menu Iniciar\Programas\Internet Explorer.lnk
[2011/05/17 16:39:19 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/05/17 09:14:59 | 000,000,989 | ---- | C] () -- C:\Documents and Settings\Pires\Desktop\Spybot - Search & Destroy.lnk
[2011/05/16 17:43:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/16 17:43:57 | 000,089,088 | ---- | C] () -- C:\WINDOWS\mbr.exe
[2011/05/16 16:01:20 | 000,001,674 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/16 15:39:34 | 000,001,924 | ---- | C] () -- C:\Documents and Settings\Pires\Desktop\KAVWKSFS25.key
[2011/05/16 15:14:16 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Pires\Desktop\gmer.exe
[2011/05/16 14:30:49 | 000,000,092 | -HS- | C] () -- C:\WINDOWS\klif.spi
[2011/05/16 11:37:11 | 000,114,243 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/05/16 11:37:11 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/05/16 08:19:33 | 000,000,454 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E3A4FC1E-FF65-488C-97E9-5BE1BED16AFD}.job
[2011/05/16 08:11:25 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\Pires\Menu Iniciar\Programas\Outlook Express.lnk
[2010/09/13 17:55:44 | 000,295,447 | ---- | C] () -- C:\WINDOWS\hpoins37.dat.temp
[2010/09/13 17:55:44 | 000,000,558 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat.temp
[2010/09/13 17:43:00 | 000,469,408 | ---- | C] () -- C:\WINDOWS\hpoins37.dat
[2010/09/13 17:43:00 | 000,000,632 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat
[2010/05/10 14:27:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/16 14:15:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009/09/09 18:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/30 16:22:02 | 000,000,089 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/23 17:33:07 | 000,739,464 | ---- | C] () -- C:\WINDOWS\System32\DAS.exe
[2008/12/23 17:33:07 | 000,007,304 | ---- | C] () -- C:\WINDOWS\System32\SnLiveUp.exe
[2008/12/23 17:33:07 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\SNLINK.DLL
[2008/12/22 09:52:59 | 000,000,246 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/19 17:38:08 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2008/12/19 11:04:12 | 000,090,463 | R--- | C] () -- C:\WINDOWS\VGAsetup.ini
[2008/12/19 11:04:12 | 000,042,532 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2008/12/19 11:04:11 | 000,208,896 | R--- | C] () -- C:\WINDOWS\Progress.exe
[2008/12/19 11:04:10 | 000,049,152 | R--- | C] () -- C:\WINDOWS\InstFunc.exe
[2008/12/19 11:04:05 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\sis760.bin
[2008/12/19 11:04:05 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\sis741.bin
[2008/12/19 11:04:05 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\sis660.bin
[2008/12/19 11:03:12 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/12/19 11:02:26 | 000,139,264 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2008/12/18 10:23:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/12/18 10:19:13 | 000,021,844 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/12/18 08:13:53 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/18 08:12:57 | 000,268,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 22:02:50 | 000,016,478 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 22:02:48 | 000,022,300 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 22:02:46 | 000,015,796 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2005/12/21 11:30:11 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\usbr30.dll
[2004/08/04 00:57:52 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/10/28 15:07:18 | 000,480,248 | ---- | C] () -- C:\WINDOWS\System32\perfh016.dat
[2001/10/28 15:07:18 | 000,444,486 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/10/28 15:07:18 | 000,301,776 | ---- | C] () -- C:\WINDOWS\System32\perfi016.dat
[2001/10/28 15:07:18 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/10/28 15:07:18 | 000,084,186 | ---- | C] () -- C:\WINDOWS\System32\perfc016.dat
[2001/10/28 15:07:18 | 000,072,362 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/10/28 15:07:18 | 000,035,178 | ---- | C] () -- C:\WINDOWS\System32\perfd016.dat
[2001/10/28 15:07:18 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/10/28 15:07:08 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/10/28 15:06:58 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/10/28 15:06:58 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/10/28 15:06:32 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 404 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst

< End of report >
Logged
EdioIlha
Full Member
***
Posts: 108


« Reply #82 on: June 04, 2011, 10:12:44 PM »

Hey Jintan, I don know if it helps, but take a look at these images:
Sick computer:








A good computer with normal access to the bank

Logged
EdioIlha
Full Member
***
Posts: 108


« Reply #83 on: June 04, 2011, 10:23:24 PM »

I didnt post the images for the good computer with access to the bank, but there are not red sign problem, there are not expired cert.
Only good cert. without any error.
Logged
Jintan
Administrator
Hero Member
*****
Posts: 4012



WWW
« Reply #84 on: June 04, 2011, 10:39:39 PM »

Let's use something more aggressive for these.


Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Open notepad (go to Start, Run, type notepad and press Enter) and copy/paste the text in the codebox below into it:

Code:
KillAll::
Driver::
GbpSv
GbpKm
File::
C:\Arquivos de programas\GbPlugin\gbiehcef.dll
C:\Arquivos de programas\GbPlugin\gbiehscd.dll
C:\Arquivos de programas\GbPlugin\gbieh.dll
C:\WINDOWS\system32\drivers\gbpkm.sys
C:\Arquivos de programas\GbPlugin\gbpsv.exe
Registry::
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399003}"=-
"{E37CB5F0-51F5-4395-A808-5FA49E399011}"=-
"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"GbPluginBb"=-
"GbPluginCef"=-
"GbPluginScd"=-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{A3717295-941D-416F-9384-ED1736729F1C}"=-

Save this to your desktop as CFScript.txt


You should now have both ComboFix and that CFScript.txt on the desktop. Just left click/hold on the CFScript.txt file, and drag it into ComboFix to start the scan.

ComboFix will now run as it did before. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.


Logged
EdioIlha
Full Member
***
Posts: 108


« Reply #85 on: June 04, 2011, 11:15:24 PM »

ComboFix 11-06-04.02 - Pires 05/06/2011   1:53.3.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.55.1046.18.512.270 [GMT -3:00]
Executando de: c:\documents and settings\Pires\Desktop\456out.com.exe
Comandos utilizados :: c:\documents and settings\Pires\Desktop\CFScript.txt
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
FILE ::
"c:\arquivos de programas\GbPlugin\gbieh.dll"
"c:\arquivos de programas\GbPlugin\gbiehcef.dll"
"c:\arquivos de programas\GbPlugin\gbiehscd.dll"
"c:\arquivos de programas\GbPlugin\gbpsv.exe"
"c:\windows\system32\drivers\gbpkm.sys"
.
ADS - drivers: deleted 304 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\arquiv~1\GBPLUGIN\gbiehScd.dll
c:\arquivos de programas\GbPlugin\gbieh.dll
c:\arquivos de programas\GbPlugin\gbiehcef.dll
c:\arquivos de programas\GbPlugin\gbpsv.exe
c:\windows\system32\drivers\GbpKm.sys
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Serviços   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GBPKM
-------\Legacy_GBPSV
-------\Service_GbpKm
-------\Service_GbpSv
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2011-05-05 to 2011-06-05  ))))))))))))))))))))))))))))
.
.
2011-06-05 01:46 . 2011-06-05 01:46   --------   d-----w-   C:\_OTL
2011-05-31 15:19 . 2011-05-31 15:19   16856   ----a-w-   c:\arquivos de programas\Mozilla Firefox\plugin-container.exe
2011-05-31 15:19 . 2011-05-31 15:19   781272   ----a-w-   c:\arquivos de programas\Mozilla Firefox\mozsqlite3.dll
2011-05-31 15:19 . 2011-05-31 15:19   1874904   ----a-w-   c:\arquivos de programas\Mozilla Firefox\mozjs.dll
2011-05-31 15:19 . 2011-05-31 15:19   89048   ----a-w-   c:\arquivos de programas\Mozilla Firefox\libEGL.dll
2011-05-31 15:19 . 2011-05-31 15:19   719832   ----a-w-   c:\arquivos de programas\Mozilla Firefox\mozcpp19.dll
2011-05-31 15:19 . 2011-05-31 15:19   465880   ----a-w-   c:\arquivos de programas\Mozilla Firefox\libGLESv2.dll
2011-05-31 15:19 . 2011-05-31 15:19   15832   ----a-w-   c:\arquivos de programas\Mozilla Firefox\mozalloc.dll
2011-05-31 15:19 . 2011-05-31 15:19   1892184   ----a-w-   c:\arquivos de programas\Mozilla Firefox\d3dx9_42.dll
2011-05-31 15:19 . 2011-05-31 15:19   1974616   ----a-w-   c:\arquivos de programas\Mozilla Firefox\D3DCompiler_42.dll
2011-05-31 15:19 . 2011-05-31 15:19   142296   ----a-w-   c:\arquivos de programas\Mozilla Firefox\components\browsercomps.dll
2011-05-31 15:06 . 2011-05-31 15:05   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-05-31 15:04 . 2011-05-31 15:04   0   ----a-w-   c:\windows\system32\REN4F.tmp
2011-05-31 15:04 . 2011-05-31 15:04   0   ----a-w-   c:\windows\system32\REN4E.tmp
2011-05-31 14:47 . 2008-04-13 22:20   21504   -c--a-w-   c:\windows\system32\dllcache\hidserv.dll
2011-05-31 14:47 . 2008-04-13 22:20   21504   ----a-w-   c:\windows\system32\hidserv.dll
2011-05-20 01:49 . 2001-08-17 23:13   27165   -c--a-w-   c:\windows\system32\dllcache\fetnd5.sys
2011-05-20 01:49 . 2001-08-17 23:13   27165   ----a-w-   c:\windows\system32\drivers\fetnd5.sys
2011-05-20 01:49 . 2008-04-13 14:45   20608   -c--a-w-   c:\windows\system32\dllcache\usbuhci.sys
2011-05-20 01:49 . 2008-04-13 14:45   20608   ----a-w-   c:\windows\system32\drivers\usbuhci.sys
2011-05-20 01:48 . 2008-04-13 14:45   10624   -c--a-w-   c:\windows\system32\dllcache\gameenum.sys
2011-05-20 01:48 . 2008-04-13 14:45   10624   ----a-w-   c:\windows\system32\drivers\gameenum.sys
2011-05-19 22:45 . 2011-05-19 22:45   5376   ------w-   c:\windows\system32\drivers\viaide.sys
2011-05-18 23:58 . 2011-05-19 00:15   --------   d-----w-   C:\456out.com
2011-05-18 22:37 . 2011-05-20 17:35   --------   d-----w-   C:\HiJackThis
2011-05-18 21:57 . 2011-05-18 23:38   --------   d-----w-   c:\arquivos de programas\Malwarebytes' Anti-Malware
2011-05-18 19:26 . 2011-05-18 19:26   --------   d-----w-   c:\documents and settings\Rosimeri Pires\Dados de aplicativos\QuickScan
2011-05-18 01:24 . 2011-05-18 01:24   --------   d-----w-   c:\arquivos de programas\ESET
2011-05-18 00:57 . 2011-05-18 00:58   --------   dc-h--w-   c:\windows\ie8
2011-05-17 11:55 . 2011-05-17 12:43   --------   d-----w-   c:\windows\system32\NtmsData
2011-05-16 21:05 . 2011-05-16 21:05   --------   d-----w-   C:\LinhaDefensiva
2011-05-16 20:45 . 2011-05-16 20:45   --------   d-----w-   c:\arquivos de programas\Arquivos comuns\Java
2011-05-16 20:45 . 2011-05-31 15:05   472808   ----a-w-   c:\arquivos de programas\Mozilla Firefox\plugins\npdeployJava1.dll
2011-05-16 20:45 . 2011-05-31 15:05   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-05-16 20:02 . 2008-12-15 23:41   33808   ----a-w-   c:\windows\system32\drivers\klbg.sys
2011-05-16 20:01 . 2009-05-16 23:59   19472   ----a-w-   c:\windows\system32\drivers\klmouflt.sys
2011-05-16 20:01 . 2010-06-09 19:43   11352   ----a-w-   c:\windows\system32\drivers\kl2.sys
2011-05-16 20:01 . 2010-06-09 19:43   132184   ----a-w-   c:\windows\system32\drivers\kl1.sys
2011-05-16 20:00 . 2009-05-13 20:46   31760   ----a-w-   c:\windows\system32\drivers\klim5.sys
2011-05-16 19:09 . 2011-05-20 17:03   --------   d-----w-   c:\windows\Downloaded Installations
2011-05-16 19:04 . 2011-05-16 19:04   --------   d-----w-   C:\kav
2011-05-16 19:02 . 2011-05-16 19:02   --------   d-----w-   c:\documents and settings\Pires\Configurações locais\Dados de aplicativos\Mozilla
2011-05-16 18:43 . 2011-05-16 19:00   --------   d-----w-   c:\documents and settings\Pires\Configurações locais\Dados de aplicativos\Adobe
2011-05-16 18:23 . 2011-05-16 18:23   --------   d-----w-   c:\arquivos de programas\Hewlett-Packard
2011-05-16 14:52 . 2011-05-16 14:52   --------   d-----w-   c:\documents and settings\Pires\Dados de aplicativos\TeamViewer
2011-05-16 14:50 . 2011-05-16 14:50   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IETldCache
2011-05-16 14:37 . 2011-05-16 20:01   97859   ----a-w-   c:\windows\system32\drivers\klick.dat
2011-05-16 14:37 . 2011-05-16 20:01   114243   ----a-w-   c:\windows\system32\drivers\klin.dat
2011-05-16 13:23 . 2011-05-16 13:23   --------   d--h--w-   c:\documents and settings\All Users\Dados de aplicativos\Common Files
2011-05-16 11:51 . 2011-05-16 11:51   --------   d-----w-   c:\documents and settings\Pires\Dados de aplicativos\Malwarebytes
2011-05-16 11:51 . 2011-05-16 11:51   --------   d-----w-   c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2011-05-16 11:33 . 2011-05-16 11:33   --------   d-----w-   c:\documents and settings\Pires\Dados de aplicativos\SurfSecret Privacy Suite
2011-05-16 11:19 . 2011-05-16 11:19   --------   d-sh--w-   c:\documents and settings\Pires\IECompatCache
2011-05-16 11:16 . 2011-05-16 11:16   --------   d-sh--w-   c:\documents and settings\Pires\PrivacIE
2011-05-16 11:16 . 2011-05-16 11:16   --------   d-----w-   c:\documents and settings\Pires\Dados de aplicativos\Windows Search
2011-05-16 11:15 . 2011-05-16 11:15   --------   d-----w-   c:\documents and settings\Pires\Dados de aplicativos\Panda Security
2011-05-16 11:12 . 2011-05-16 11:12   --------   d-----w-   c:\documents and settings\Pires\Configurações locais\Dados de aplicativos\LogMeIn
2011-05-13 13:53 . 2011-05-13 18:18   --------   d-----w-   c:\arquivos de programas\InstallAffixationInfo
2011-05-11 15:55 . 2009-10-07 17:28   17544   ------w-   c:\windows\system32\drivers\RkPavproc1.sys
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-19 22:46 . 2008-12-18 11:13   75776   ----a-w-   c:\windows\system32\storprop.dll
2011-05-19 22:46 . 2004-08-04 01:59   96512   ----a-w-   c:\windows\system32\drivers\atapi.sys
2011-05-19 22:46 . 2004-08-04 03:35   68992   ----a-w-   c:\windows\system32\drivers\pci.sys
2011-05-19 22:46 . 2004-08-04 00:40   2070144   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2011-05-19 22:46 . 2004-08-04 03:40   2193280   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-05-19 22:45 . 2004-08-04 01:59   24960   ----a-w-   c:\windows\system32\drivers\pciidex.sys
2011-05-13 17:00 . 2009-03-30 19:30   564632   ------w-   c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\wlidui.dll
2011-05-13 17:00 . 2009-03-30 19:20   18328   ------w-   c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-07 05:33 . 2008-12-18 13:19   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-05-31 15:19 . 2011-05-31 15:19   142296   ----a-w-   c:\arquivos de programas\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-21 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]
"SiSPower"="SiSPower.dll" [2006-08-22 49152]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Puxa Rápido\\PuxaRapido.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 SNSID;SNSID;c:\windows\system32\drivers\SNSID.SYS [23/12/2008 17:33 22272]
R1 SNSMS;SNSMS;c:\windows\system32\drivers\SNSMS.SYS [23/12/2008 17:33 34440]
R2 Ps2KSecureKeyboard;SecureKbd;c:\windows\system32\drivers\psseckbd.sys [23/12/2008 17:33 15048]
R2 SNMgrSvc;SNMgrSvc;c:\windows\system32\SnMgrSvc.exe [23/12/2008 17:33 280712]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [21/6/2010 15:09 136176]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe [5/10/2010 08:17 374152]
S2 uvnc_service;uvnc_service;
S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?]
S3 gupdatem;Serviço do Google Update (gupdatem);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [21/6/2010 15:09 136176]
S3 PERTOUSB;PertoSmart - Leitor USB de Cartoes Inteligentes;c:\windows\system32\drivers\pertouxp.sys [21/12/2005 11:30 26496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2011-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-06-21 18:09]
.
2011-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-06-21 18:09]
.
2011-06-05 c:\windows\Tasks\User_Feed_Synchronization-{4655A0FF-EF73-447C-A2DF-7FCCC68AA00C}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 07:31]
.
2011-06-05 c:\windows\Tasks\User_Feed_Synchronization-{E3A4FC1E-FF65-488C-97E9-5BE1BED16AFD}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 07:31]
.
.
------- Scan Suplementar -------
.
TCP: DhcpNameServer = 192.168.1.254
DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} - hxxps://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab
DPF: {76295885-F8F4-48B7-A180-C50496FE6DF6} - hxxps://ww7.banrisul.com.br/bsd/link/BSDSI6XW_IIDBrowserPluginCOM.CAB
DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab
DPF: {E37CB5F0-51F5-4395-A808-5FA49E399011} - hxxps://si-plg.sicredi.com.br/Cab/GbPluginScd.cab
FF - ProfilePath - c:\documents and settings\Pires\Dados de aplicativos\Mozilla\Firefox\Profiles\tqslc7bu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-Locked - (no file)
ShellExecuteHooks-{E37CB5F0-51F5-4395-A808-5FA49E399003} - c:\arquivos de programas\GBPLUGIN\gbiehCef.dll
ShellExecuteHooks-{E37CB5F0-51F5-4395-A808-5FA49E399011} - c:\arquiv~1\GBPLUGIN\gbiehScd.dll
Notify- GbPluginBb - c:\arquivos de programas\GbPlugin\gbieh.dll
Notify- GbPluginCef - c:\arquivos de programas\GBPLUGIN\gbiehCef.dll
Notify- GbPluginScd - c:\arquiv~1\GBPLUGIN\gbiehScd.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-05 02:05
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): O arquivo já está sendo usado por outro processo.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(632)
c:\arquivos de programas\GbPlugin\gbieh.dll
c:\arquivos de programas\GBPLUGIN\gbiehCef.dll
c:\arquiv~1\GBPLUGIN\gbiehScd.dll
.
- - - - - - - > 'winlogon.exe'(2060)
c:\arquivos de programas\GbPlugin\gbieh.dll
c:\arquivos de programas\GBPLUGIN\gbiehCef.dll
c:\arquiv~1\GBPLUGIN\gbiehScd.dll
.
- - - - - - - > 'explorer.exe'(2980)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\rdpclip.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Tempo para conclusão: 2011-06-05  02:10:13 - Máquina reiniciou
ComboFix-quarantined-files.txt  2011-06-05 05:10
ComboFix2.txt  2011-05-19 00:15
.
Pré-execução: 20 pasta(s) 105.724.129.280 bytes disponíveis
Pós execução: 22 pasta(s) 105.726.406.656 bytes disponíveis
.
- - End Of File - - 113DA804E3140EEE2BA60AFC440E175E

Some file was not found when windows restart after conbofix reboot(I think related to registry startup triyng to find the files that was removed).
When combofix was almost done it asked to click ok to send some malisious files, and it did ###############100%

Logged
EdioIlha
Full Member
***
Posts: 108


« Reply #86 on: June 04, 2011, 11:21:55 PM »

HuuuHuuu
The prage was deleted

Logged
EdioIlha
Full Member
***
Posts: 108


« Reply #87 on: June 04, 2011, 11:28:26 PM »

OTL logfile created on: 5/6/2011 02:22:44 - Run 4
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Documents and Settings\Pires\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy
 
512,00 Mb Total Physical Memory | 152,00 Mb Available Physical Memory | 30,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 126,96 Gb Total Space | 98,50 Gb Free Space | 77,58% Space Free | Partition Type: NTFS
Drive D: | 22,09 Gb Total Space | 12,52 Gb Free Space | 56,69% Space Free | Partition Type: NTFS
 
Computer Name: ROSIMERI | User Name: Pires | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/05/31 12:19:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
PRC - [2011/05/17 23:16:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pires\Desktop\OTL.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/04/13 18:21:18 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2008/04/13 18:21:00 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/13 15:57:06 | 000,280,712 | ---- | M] (Open Communications Security S/A) -- C:\WINDOWS\system32\SnMgrSvc.exe
PRC - [2006/08/03 02:12:36 | 000,577,536 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/05/17 23:16:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pires\Desktop\OTL.exe
MOD - [2010/08/23 13:11:58 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 18:20:44 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (uvnc_service)
SRV - File not found [Auto | Stopped] --  -- (avp)
SRV - [2010/12/08 12:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/04/13 15:57:06 | 000,280,712 | ---- | M] (Open Communications Security S/A) [Auto | Running] -- C:\WINDOWS\System32\SnMgrSvc.exe -- (SNMgrSvc)
SRV - [2006/10/26 12:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Running] --  -- (catchme)
DRV - [2008/04/13 11:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/04/16 20:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/04/13 15:58:10 | 000,034,440 | ---- | M] (Open Communications Security S/A) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SNSMS.SYS -- (SNSMS)
DRV - [2007/04/13 15:48:32 | 000,022,272 | ---- | M] (Open Communications Security) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SNSID.SYS -- (SNSID)
DRV - [2007/04/13 15:46:56 | 000,015,048 | ---- | M] (Open Communications Security SA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\psseckbd.sys -- (Ps2KSecureKeyboard)
DRV - [2007/04/13 15:46:56 | 000,012,464 | ---- | M] (Open Communications Security SA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vhsecmou.sys -- (vhidmini)
DRV - [2006/09/20 12:01:12 | 004,019,072 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006/08/22 14:39:36 | 000,016,640 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2006/08/22 14:18:34 | 000,259,584 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2006/02/27 02:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/12/21 11:30:11 | 000,026,496 | ---- | M] (Perto S.A. Perifericos para Automacao) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pertouxp.sys -- (PERTOUSB)
DRV - [2004/08/03 19:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/07/18 06:58:20 | 000,036,992 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/03/25 14:50:46 | 000,004,096 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\siside.sys -- (SiSide)
DRV - [2002/10/17 12:14:46 | 000,049,024 | R--- | M] (Windows (R) 2000 DDK provider) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2002/08/20 14:19:08 | 000,009,472 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-21-329068152-73586283-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKU\S-1-5-21-329068152-73586283-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E BA 32 4E 31 23 CC 01  [binary data]
IE - HKU\S-1-5-21-329068152-73586283-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.google.com.br/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886C}:1.0.18.2
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2011/05/31 12:20:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2011/06/01 22:44:29 | 000,000,000 | ---D | M]
 
[2011/05/16 16:03:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pires\Dados de aplicativos\Mozilla\Extensions
[2011/06/04 00:22:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pires\Dados de aplicativos\Mozilla\Firefox\Profiles\tqslc7bu.default\extensions
[2011/05/16 17:38:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Pires\Dados de aplicativos\Mozilla\Firefox\Profiles\tqslc7bu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/31 12:06:17 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de programas\Mozilla Firefox\extensions
[2011/05/31 12:06:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/31 12:05:46 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\ARQUIVOS DE PROGRAMAS\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/31 12:19:33 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\Mozilla Firefox\components\browsercomps.dll
[2011/05/31 12:05:46 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/31 12:19:39 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\buscape.xml
[2011/05/31 12:19:39 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\mercadolivre.xml
[2011/05/18 15:11:57 | 000,001,043 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\Puxaki.gif
[2011/05/18 15:11:57 | 000,001,006 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\Puxaki.src
[2011/05/31 12:19:39 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\wikipedia-br.xml
[2011/05/31 12:19:39 | 000,000,952 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\yahoo-br.xml
 
O1 HOSTS File: ([2011/06/05 02:05:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.dll ()
O2 - BHO: (Auxiliar de Conexão do Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} -  File not found
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} -  File not found
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540011} -  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-73586283-839522115-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-329068152-73586283-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-329068152-73586283-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-329068152-73586283-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: &Teclado Virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - Reg Error: Key error. File not found
O9 - Extra Button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} https://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab (CAtmCap Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229607329437 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254840391265 (MUWebControl Class)
O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} https://certificacao.unibanco.com.br/VSApps/vspta3.cab (VSPTA Class)
O16 - DPF: {76295885-F8F4-48B7-A180-C50496FE6DF6} https://ww7.banrisul.com.br/bsd/link/BSDSI6XW_IIDBrowserPluginCOM.CAB (InternetIDX5 Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0011-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.1.0/jinstall-1_1_0-windows-i586.cab (Java Plug-in 1.1.0)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} https://www14.bancobrasil.com.br/plugin/GbpDist.cab (GbpDistObj Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginBb: DllName - C:\Arquivos de programas\GbPlugin\gbieh.dll -  File not found
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O22 - SharedTaskScheduler: {A3717295-941D-416F-9384-ED1736729F1C} - scpLIB - Reg Error: Key error. File not found
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Alegria.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Alegria.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Arquivos de programas\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/18 10:21:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/05/13 13:33:17 | 000,000,000 | ---D | M] - C:\Autopecas -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
Logged
EdioIlha
Full Member
***
Posts: 108


« Reply #88 on: June 04, 2011, 11:28:48 PM »

========== Files/Folders - Created Within 30 Days ==========
 
[2011/06/05 02:01:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/06/05 01:49:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Pires\Meus documentos\Meus vídeos
[2011/06/05 01:49:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Pires\Menu Iniciar\Programas\Ferramentas administrativas
[2011/06/05 01:48:20 | 004,112,369 | R--- | C] (Swearware) -- C:\Documents and Settings\Pires\Desktop\456out.com.exe
[2011/06/05 00:09:21 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/06/04 22:46:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/04 00:23:44 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pires\Desktop\OTL.exe
[2011/06/04 00:03:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Desktop\backups
[2011/06/01 22:49:02 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Pires\Desktop\HijackThis.exe
[2011/05/31 12:06:09 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/05/31 12:06:06 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/05/31 12:06:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/05/31 12:06:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/05/31 11:47:49 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2011/05/20 14:12:01 | 001,895,960 | ---- | C] (Smallfrogs Studio) -- C:\Documents and Settings\Pires\Desktop\SREngLdr.EXE
[2011/05/20 14:03:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Powertoys for Windows XP
[2011/05/20 13:50:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Desktop\kztechssuite
[2011/05/19 22:49:35 | 000,027,165 | ---- | C] (VIA Technologies, Inc.              ) -- C:\WINDOWS\System32\dllcache\fetnd5.sys
[2011/05/19 22:49:30 | 000,020,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbuhci.sys
[2011/05/19 22:48:57 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gameenum.sys
[2011/05/19 22:48:57 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2011/05/18 22:44:02 | 000,000,000 | ---D | C] -- C:\456out.com314134
[2011/05/18 21:01:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/18 20:58:46 | 000,000,000 | ---D | C] -- C:\456out.com
[2011/05/18 20:53:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/18 20:53:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/18 20:53:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/18 20:53:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/18 19:37:06 | 000,000,000 | ---D | C] -- C:\HiJackThis
[2011/05/18 18:57:54 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware
[2011/05/18 14:37:45 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Pires\Meus documentos\My Stationery
[2011/05/17 22:24:03 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\ESET
[2011/05/17 21:57:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/05/17 21:47:26 | 016,958,832 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Pires\Desktop\IE8-WindowsXP-x86-PTB.exe
[2011/05/17 09:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Spybot - Search & Destroy
[2011/05/17 08:55:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/05/16 18:05:23 | 000,000,000 | ---D | C] -- C:\LinhaDefensiva
[2011/05/16 17:50:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Desktop\RegSeeker
[2011/05/16 17:45:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Sun
[2011/05/16 17:45:57 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Java
[2011/05/16 17:45:43 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/05/16 17:43:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\swreg.exe
[2011/05/16 17:02:47 | 000,033,808 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klbg.sys
[2011/05/16 17:01:09 | 000,019,472 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klmouflt.sys
[2011/05/16 17:01:06 | 000,011,352 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kl2.sys
[2011/05/16 17:01:03 | 000,132,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kl1.sys
[2011/05/16 17:00:59 | 000,031,760 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klim5.sys
[2011/05/16 16:59:38 | 000,296,976 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011/05/16 16:46:43 | 000,157,232 | ---- | C] (Alwil Software) -- C:\Documents and Settings\Pires\Desktop\aswClear.exe
[2011/05/16 16:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Meus documentos\Downloads
[2011/05/16 16:09:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2011/05/16 16:04:57 | 000,000,000 | ---D | C] -- C:\kav
[2011/05/16 16:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Configurações locais\Dados de aplicativos\Mozilla
[2011/05/16 16:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Dados de aplicativos\Mozilla
[2011/05/16 16:02:24 | 355,397,088 | ---- | C] (Kaspersky Lab                                               ) -- C:\Documents and Settings\Pires\Desktop\kasp8.0.2090_adminkitpt_br.exe
[2011/05/16 15:43:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Configurações locais\Dados de aplicativos\Adobe
[2011/05/16 15:38:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Pires\Recent
[2011/05/16 15:23:14 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Hewlett-Packard
[2011/05/16 14:59:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Dados de aplicativos\Sun
[2011/05/16 11:52:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Dados de aplicativos\TeamViewer
[2011/05/16 11:52:06 | 002,686,872 | ---- | C] (TeamViewer GmbH) -- C:\Documents and Settings\All Users\Desktop\TeamViewerQS_pt.exe
[2011/05/16 10:23:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Common Files
[2011/05/16 10:11:08 | 005,559,024 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Pires\Desktop\avg_isct_stb_all_2011_1375.exe
[2011/05/16 09:54:10 | 001,163,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Pires\Desktop\avg_remover_stf_x86_2011_1322.exe
[2011/05/16 09:29:27 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Pires\Desktop\TDSSKiller.exe
[2011/05/16 09:20:15 | 006,389,088 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\Pires\Desktop\AppRemover.exe
[2011/05/16 09:02:56 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Pires\Desktop\esetsmartinstaller_enu.exe
[2011/05/16 08:51:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Dados de aplicativos\Malwarebytes
[2011/05/16 08:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes
[2011/05/16 08:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Dados de aplicativos\SurfSecret Privacy Suite
[2011/05/16 08:24:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/16 08:19:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Pires\IECompatCache
[2011/05/16 08:16:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Dados de aplicativos\Macromedia
[2011/05/16 08:16:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Dados de aplicativos\Adobe
[2011/05/16 08:16:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Pires\PrivacIE
[2011/05/16 08:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Dados de aplicativos\Google
[2011/05/16 08:16:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Dados de aplicativos\Windows Search
[2011/05/16 08:15:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Dados de aplicativos\Panda Security
[2011/05/16 08:12:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Configurações locais\Dados de aplicativos\LogMeIn
[2011/05/16 08:11:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pires\Dados de aplicativos\Identities
[2011/05/16 08:11:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Pires\Meus documentos\Minhas músicas
[2011/05/16 08:11:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Pires\Meus documentos\Minhas imagens
[2011/05/13 10:53:52 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\InstallAffixationInfo
[2011/05/11 12:55:17 | 000,017,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\RkPavproc1.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/06/05 02:24:00 | 000,000,472 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4655A0FF-EF73-447C-A2DF-7FCCC68AA00C}.job
[2011/06/05 02:05:18 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/05 02:05:00 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/05 02:04:53 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/05 02:03:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/05 02:03:39 | 536,449,024 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/05 01:48:44 | 004,112,369 | R--- | M] (Swearware) -- C:\Documents and Settings\Pires\Desktop\456out.com.exe
[2011/06/05 01:29:01 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/05 00:16:39 | 000,000,454 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E3A4FC1E-FF65-488C-97E9-5BE1BED16AFD}.job
[2011/06/04 00:14:23 | 000,000,233 | ---- | M] () -- C:\Documents and Settings\Pires\Desktop\fixer.reg
[2011/06/04 00:05:13 | 000,000,000 | ---- | M] () -- C:\Run
[2011/06/01 22:49:10 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Pires\Desktop\HijackThis.exe
[2011/05/31 12:05:44 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/05/31 12:05:44 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/05/31 12:05:44 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/05/31 12:05:44 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/05/31 12:05:44 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/05/20 14:08:46 | 000,676,536 | ---- | M] () -- C:\Documents and Settings\Pires\Desktop\sreng2.zip
[2011/05/20 13:53:09 | 004,113,096 | ---- | M] () -- C:\Documents and Settings\Pires\Meus documentos\Domains.reg
[2011/05/20 13:49:47 | 000,001,432 | ---- | M] () -- C:\Documents and Settings\Pires\Desktop\DelDomains.inf
[2011/05/20 13:16:29 | 001,920,512 | ---- | M] () -- C:\Documents and Settings\Pires\Desktop\kztechssuite.zip
[2011/05/19 19:46:24 | 000,075,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2011/05/19 19:46:24 | 000,075,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\storprop.dll
[2011/05/19 19:46:13 | 002,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2011/05/19 19:46:07 | 002,193,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2011/05/19 19:46:02 | 000,131,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\HAL.DLL
[2011/05/19 19:45:59 | 000,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys
[2011/05/19 19:45:59 | 000,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pciidex.sys
[2011/05/18 22:51:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_SREBACK_20110520143922
[2011/05/18 21:01:37 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/18 15:41:01 | 000,480,248 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
[2011/05/18 15:41:01 | 000,444,486 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/18 15:41:01 | 000,084,186 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
[2011/05/18 15:41:01 | 000,072,362 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/18 14:36:29 | 001,140,736 | ---- | M] () -- C:\Documents and Settings\Pires\Meus documentos\Meu Money.mny
[2011/05/18 13:13:30 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Pires\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/18 00:14:59 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Pires\Desktop\MBR.dat
[2011/05/17 23:16:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pires\Desktop\OTL.exe
[2011/05/17 21:59:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/17 21:31:41 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/17 09:14:59 | 000,000,989 | ---- | M] () -- C:\Documents and Settings\Pires\Desktop\Spybot - Search & Destroy.lnk
[2011/05/16 17:15:54 | 000,002,970 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/16 17:01:23 | 000,114,243 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/05/16 17:01:23 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/05/16 16:46:48 | 000,157,232 | ---- | M] (Alwil Software) -- C:\Documents and Settings\Pires\Desktop\aswClear.exe
[2011/05/16 16:04:50 | 355,397,088 | ---- | M] (Kaspersky Lab                                               ) -- C:\Documents and Settings\Pires\Desktop\kasp8.0.2090_adminkitpt_br.exe
[2011/05/16 16:01:20 | 000,001,674 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/16 15:39:34 | 000,001,924 | ---- | M] () -- C:\Documents and Settings\Pires\Desktop\KAVWKSFS25.key
[2011/05/16 14:30:49 | 000,000,092 | -HS- | M] () -- C:\WINDOWS\klif.spi
[2011/05/16 11:35:05 | 000,296,976 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011/05/16 11:17:45 | 000,000,774 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110517-094351.backup
[2011/05/16 10:11:23 | 005,559,024 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Pires\Desktop\avg_isct_stb_all_2011_1375.exe
[2011/05/16 09:54:14 | 001,163,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Pires\Desktop\avg_remover_stf_x86_2011_1322.exe
[2011/05/16 09:20:16 | 006,389,088 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Pires\Desktop\AppRemover.exe
[2011/05/16 09:03:05 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Pires\Desktop\esetsmartinstaller_enu.exe
[2011/05/16 08:14:21 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/05/13 13:33:17 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2011/05/13 13:21:28 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Pires\Desktop\TDSSKiller.exe
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/06/04 00:14:23 | 000,000,233 | ---- | C] () -- C:\Documents and Settings\Pires\Desktop\fixer.reg
[2011/06/04 00:05:13 | 000,000,000 | ---- | C] () -- C:\Run
[2011/05/31 12:20:05 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Mozilla Firefox.lnk
[2011/05/20 14:08:33 | 000,676,536 | ---- | C] () -- C:\Documents and Settings\Pires\Desktop\sreng2.zip
[2011/05/20 13:53:09 | 004,113,096 | ---- | C] () -- C:\Documents and Settings\Pires\Meus documentos\Domains.reg
[2011/05/20 13:49:46 | 000,001,432 | ---- | C] () -- C:\Documents and Settings\Pires\Desktop\DelDomains.inf
[2011/05/20 13:16:29 | 001,920,512 | ---- | C] () -- C:\Documents and Settings\Pires\Desktop\kztechssuite.zip
[2011/05/19 22:54:37 | 536,449,024 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/18 21:01:37 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/18 21:01:34 | 000,261,856 | RHS- | C] () -- C:\cmldr
[2011/05/18 20:53:06 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/18 20:53:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/18 20:53:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/18 20:41:55 | 000,693,528 | ---- | C] () -- C:\Documents and Settings\Pires\Desktop\avgremover-old.exe
[2011/05/18 15:06:59 | 000,000,472 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4655A0FF-EF73-447C-A2DF-7FCCC68AA00C}.job
[2011/05/18 14:36:08 | 001,140,736 | ---- | C] () -- C:\Documents and Settings\Pires\Meus documentos\Meu Money.mny
[2011/05/18 13:13:30 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Pires\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/18 00:14:59 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Pires\Desktop\MBR.dat
[2011/05/17 16:39:36 | 000,000,843 | ---- | C] () -- C:\Documents and Settings\Pires\Menu Iniciar\Programas\Internet Explorer.lnk
[2011/05/17 16:39:19 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/05/17 09:14:59 | 000,000,989 | ---- | C] () -- C:\Documents and Settings\Pires\Desktop\Spybot - Search & Destroy.lnk
[2011/05/16 17:43:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\mbr.exe
[2011/05/16 17:43:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/16 16:01:20 | 000,001,674 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/16 15:39:34 | 000,001,924 | ---- | C] () -- C:\Documents and Settings\Pires\Desktop\KAVWKSFS25.key
[2011/05/16 15:14:16 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Pires\Desktop\gmer.exe
[2011/05/16 14:30:49 | 000,000,092 | -HS- | C] () -- C:\WINDOWS\klif.spi
[2011/05/16 11:37:11 | 000,114,243 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/05/16 11:37:11 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/05/16 08:19:33 | 000,000,454 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E3A4FC1E-FF65-488C-97E9-5BE1BED16AFD}.job
[2011/05/16 08:11:25 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\Pires\Menu Iniciar\Programas\Outlook Express.lnk
[2010/09/13 17:55:44 | 000,295,447 | ---- | C] () -- C:\WINDOWS\hpoins37.dat.temp
[2010/09/13 17:55:44 | 000,000,558 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat.temp
[2010/09/13 17:43:00 | 000,469,408 | ---- | C] () -- C:\WINDOWS\hpoins37.dat
[2010/09/13 17:43:00 | 000,000,632 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat
[2010/05/10 14:27:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/16 14:15:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009/09/09 18:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/30 16:22:02 | 000,000,089 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/23 17:33:07 | 000,739,464 | ---- | C] () -- C:\WINDOWS\System32\DAS.exe
[2008/12/23 17:33:07 | 000,007,304 | ---- | C] () -- C:\WINDOWS\System32\SnLiveUp.exe
[2008/12/23 17:33:07 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\SNLINK.DLL
[2008/12/22 09:52:59 | 000,000,246 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/19 17:38:08 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2008/12/19 11:04:12 | 000,090,463 | R--- | C] () -- C:\WINDOWS\VGAsetup.ini
[2008/12/19 11:04:12 | 000,042,532 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2008/12/19 11:04:11 | 000,208,896 | R--- | C] () -- C:\WINDOWS\Progress.exe
[2008/12/19 11:04:10 | 000,049,152 | R--- | C] () -- C:\WINDOWS\InstFunc.exe
[2008/12/19 11:04:05 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\sis760.bin
[2008/12/19 11:04:05 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\sis741.bin
[2008/12/19 11:04:05 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\sis660.bin
[2008/12/19 11:03:12 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/12/19 11:02:26 | 000,139,264 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2008/12/18 10:23:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/12/18 10:19:13 | 000,021,844 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/12/18 08:13:53 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/18 08:12:57 | 000,268,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 22:02:50 | 000,016,478 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 22:02:48 | 000,022,300 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 22:02:46 | 000,015,796 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2005/12/21 11:30:11 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\usbr30.dll
[2004/08/04 00:57:52 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/10/28 15:07:18 | 000,480,248 | ---- | C] () -- C:\WINDOWS\System32\perfh016.dat
[2001/10/28 15:07:18 | 000,444,486 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/10/28 15:07:18 | 000,301,776 | ---- | C] () -- C:\WINDOWS\System32\perfi016.dat
[2001/10/28 15:07:18 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/10/28 15:07:18 | 000,084,186 | ---- | C] () -- C:\WINDOWS\System32\perfc016.dat
[2001/10/28 15:07:18 | 000,072,362 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/10/28 15:07:18 | 000,035,178 | ---- | C] () -- C:\WINDOWS\System32\perfd016.dat
[2001/10/28 15:07:18 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/10/28 15:07:08 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/10/28 15:06:58 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/10/28 15:06:58 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/10/28 15:06:32 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

< End of report >
Logged
EdioIlha
Full Member
***
Posts: 108


« Reply #89 on: June 05, 2011, 12:10:07 AM »

Sorry Im Going to sleep 3am now
Logged
Pages: 1 ... 4 5 [6] 7 8 9
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC
SMFAds for Free Forums
Valid XHTML 1.0! Valid CSS!