siriguejo

Membro
  • Content count

    64
  • Joined

  • Last visited

Community Reputation

0 Neutral

About siriguejo

  • Rank
    Membro

Contact Methods

  • ICQ
    0
  1. Não, apenas gostaria de saber se o log está limpo e agradecer a força...
  2. Bem, acho que você se refere a este arquivo: 19/05/2013 12:32 Escaneamento de todos os discos locais Arquivo C:\Users\Plinio\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\4309232a-2f8a6757|>oEoeuU.class está infectado por Java:Agent-DBU [Trj], Excluído Arquivo C:\Users\Plinio\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\4309232a-2f8a6757|>VqLFCE.class está infectado por Java:CVE-2012-1723-AVO [Expl], Excluído Arquivo C:\Users\Plinio\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\79d312fd-480fbef2|>oLUh.class está infectado por Java:Agent-DBT [Trj], Excluído Arquivo C:\Users\Plinio\Desktop\PC_2013\C\Users\PLINIO\Downloads\filme (1).exe está infectado por MSIL:Downloader-IO [PUP], Excluído Arquivo C:\Users\Plinio\Desktop\PC_2013\C\Users\PLINIO\Downloads\Gonzaga de Pai para Filho (Nacional) TS RMVB.zip.exe está infectado por MSIL:Downloader-IO [PUP], Excluído Arquivo C:\Users\Plinio\Desktop\PC_2013\C\Users\PLINIO\Downloads\Não confirmado 463884.crdownload|>8398289rar.exe Erro 42126 {O arquivo RAR está corrompido.} Arquivo C:\Users\Plinio\Desktop\PC_2013\C\Users\PLINIO\Downloads\setup_11.0.0.1245.x01_2013_03_23_04_35 (1).exe|>8398289rar.exe Erro 42126 {O arquivo RAR está corrompido.} Arquivo C:\Users\Plinio\Desktop\PC_2013\C\Users\PLINIO\Downloads\setup_11.0.0.1245.x01_2013_03_23_04_35.exe|>8398289rar.exe Erro 42126 {O arquivo RAR está corrompido.} Arquivo C:\Users\Plinio\Documents\My Dell Downloads\R279331_A07_DWC2.00.35.zip|>IWCentral\Bin.cab|>TargetDir\Scriptlets\Scenes\castlelightning_files\castlelightning0021.png Erro 42127 {O arquivo CAB está corrompido.} Arquivo C:\Users\Plinio\Documents\My Dell Downloads\R279331_A07_DWC2.00.35.zip|>IWCentral\Bin.cab Erro 42125 {O arquivo ZIP está corrompido.} Arquivo C:\Users\Plinio\Downloads\1995 - I Should Coco.rar|>1995 - I Should Coco\09 - She's So Loose.mp3 Erro 42126 {O arquivo RAR está corrompido.} Arquivo C:\Windows\SoftwareDistribution\Download\06f2c208bf23ff374a872f5b4cf38884\BIT6952.tmp|>amd64_microsoft-windows-d..vices-sam.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7075301659287d94\samsrv.dll.mui Erro 42127 {O arquivo CAB está corrompido.} Arquivo C:\Windows\SoftwareDistribution\Download\52f1e9584ce6c15cb5a69bc1d48afa81\BIT22C5.tmp|>amd64_microsoft-windows-h..iagnostic.resources_31bf3856ad364e35_6.1.7600.16385_sr-..-cs_c7ba3ede71c94b13\diagpackage.dll.mui Erro 42127 {O arquivo CAB está corrompido.} Arquivo C:\Windows\SoftwareDistribution\Download\934ac80ea23426e7536fc3419268fd36\BIT8202.tmp|>microsoft-windows-branding-homebasice-client-package~31bf3856ad364e35~amd64~he-il~6.1.7600.16385.cat Erro 42127 {O arquivo CAB está corrompido.} Arquivo C:\Windows\SoftwareDistribution\Download\a5dafe02491e7a59a4612d1f4b85c5da\BITC300.tmp|>amd64_microsoft-windows-p..l-message.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9c61248adcc9a315.manifest Erro 42127 {O arquivo CAB está corrompido.} Arquivo C:\Windows\SoftwareDistribution\Download\b2afba73e12421a1b8b0e73393eba557\BIT95C4.tmp|>amd64_microsoft-windows-h..rtuimedia.resources_31bf3856ad364e35_6.1.7600.16385_fi-fi_7b46a8a732fbc9c0\artuimedia.h1s Erro 42127 {O arquivo CAB está corrompido.} Arquivo C:\Windows\SoftwareDistribution\Download\ed1f5fdf6ce18a3b09ab9cccd3b964d6\BIT64DE.tmp|>amd64_microsoft-windows-help-artui.resources_31bf3856ad364e35_6.1.7600.16385_it-it_33730c10106d3714\artui.h1s Erro 42127 {O arquivo CAB está corrompido.} Arquivo C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\IE9-win7[1].msu|>Windows6.1-KB982861-x64.cab|>amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16443_none_d92d0b9d80d13684\ieui.dll Erro 42127 {O arquivo CAB está corrompido.} Arquivo C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\IE9-win7[1].msu|>Windows6.1-KB982861-x64.cab Erro 42127 {O arquivo CAB está corrompido.} Número de pastas processadas: 46693 Número de arquivos verificados: 5022012 Número de arquivos infectados: 5
  3. Modelo Technicolor TD5130
  4. Utilizo a rede da minha casa com modem wi-fi velox... Bem, gostaria de passar uma informação relevante. De forma concomitante a abertura do tópico no fórum, realizei um escaneamento com o avast no notebook e parece que no boot feito pelo anti-virus ao reiniciar a máquina foram identificados arquivos infectados e excluídos, O fato é que os redirecionamentos não estão ocorrendo mais. Peço desculpas por haver omitido a informação e ter quebrado a regra de somente executar procedimentos após solicitação...
  5. Seguem os logs... hijackthis.log mbam-log-2013-05-22 (21-48-14).txt
  6. Em anexo os logs solicitados... MbrScan.log hijackthis.log FSS.txt
  7. Prezados, Quando acesso a internet do meu notebook, por qualquer browser, sou redirecionado para o site citado no título e não consigo acessar os conteúdos que desejo. Acho que pode ser vírus. O que faço? Obrigado.
  8. Se eu conseguir o DVD do Windows 7 Ultimate, você pode me dar alguma orientação sobre o que é necessário fazer? Li alguns artigos no google sobre como resolver o problema, mas acho que não conseguiria sozinho... Há alguma possibilidade de transferir este tópico para o fórum de hardware deste site? Obrigado.
  9. Infelizmente não. A última vez que precisei formatar, paguei um técnico do meu trabalho e a máquina já veio "pronta". Dá pra resolver de outra forma? Vou perder os dados?
  10. Prezado, somente hoje procedi às orientações da última resposta o computador estava perfeito, até que de repente a pouco a máquina travou e a reiniciei... Enfim, o desktop não abriu e apareceu a seguinte mensagem "FALTA NTLDR - PRESS CTRL+ALT+DEL PARA REINICIAR"... Não soube como proceder pois nunca aconteceu isso com este pc... reiniciei algumas vezes, até que aparece uma mensagem complementar. Vou transcrevê-la, pois é a mensagem que esta na tela da maquina... INTEL UNDI, PXE-2.1 (BUILD 082) COPYRIGHT © 1997-2000 INTEL CORPORATION THIS PRODUCT IS COVERED BY ONE OR MORE OF THE FOLOWING PATENTS; US35, 307, 459, 872, US5, 732, 094, US6, 570, 884, US6, II5, 776 AND US6, 327, 625 FOR REALTEK RTL8111B/8111B/8111D GIGA ETHERNET CONTROLLER V2.19 (080815) CLIENT MAC ADDR: E0 69 95 FE 84 79 GUID: FEFEFEFE-FEFE-FEFE-FEFEFEFEFEFE PXE-E53: NO BOOT FILENAME RECEIVED PXE-E53: NO BOOT FILENAME RECEIVED PXE-MOF: EXITING PXE ROM. REEBOOT AND SELECT PROPER BOOT DEVICE FOR INSERT BOOT MEDIA IN A SELECTED BOOT DEVICE AND PRESS A KEY O que faço? O desktop não abre e não consigo fazer nada...
  11. O funcionamento parece normal, obrigado.. All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully. C:\Users\PLINIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_72781805.lnk moved successfully. C:\Users\PLINIO\AppData\Local\Temp\_uninst_72781805.bat moved successfully. File move failed. F:\autorun.exe scheduled to be moved on reboot. File move failed. F:\autorun.inf scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0231e566-af6a-11e1-9606-e06995fe8479}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0231e566-af6a-11e1-9606-e06995fe8479}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0231e566-af6a-11e1-9606-e06995fe8479}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0231e566-af6a-11e1-9606-e06995fe8479}\ not found. File G:\autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0231e566-af6a-11e1-9606-e06995fe8479}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0231e566-af6a-11e1-9606-e06995fe8479}\ not found. File G:\autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f789cb6-b7c4-11e1-b6e1-e06995fe8479}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f789cb6-b7c4-11e1-b6e1-e06995fe8479}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f789cb6-b7c4-11e1-b6e1-e06995fe8479}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f789cb6-b7c4-11e1-b6e1-e06995fe8479}\ not found. File move failed. F:\autorun.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f789cb6-b7c4-11e1-b6e1-e06995fe8479}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f789cb6-b7c4-11e1-b6e1-e06995fe8479}\ not found. File move failed. F:\autorun.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36f2a711-af75-11e1-b376-e06995fe8479}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36f2a711-af75-11e1-b376-e06995fe8479}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36f2a711-af75-11e1-b376-e06995fe8479}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36f2a711-af75-11e1-b376-e06995fe8479}\ not found. File move failed. F:\autorun.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36f2a711-af75-11e1-b376-e06995fe8479}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36f2a711-af75-11e1-b376-e06995fe8479}\ not found. File move failed. F:\autorun.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36f2a732-af75-11e1-b376-e06995fe8479}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36f2a732-af75-11e1-b376-e06995fe8479}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36f2a732-af75-11e1-b376-e06995fe8479}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36f2a732-af75-11e1-b376-e06995fe8479}\ not found. File move failed. F:\autorun.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36f2a732-af75-11e1-b376-e06995fe8479}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36f2a732-af75-11e1-b376-e06995fe8479}\ not found. File move failed. F:\autorun.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5931da0b-f7ab-11e1-a3ab-e06995fe8479}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5931da0b-f7ab-11e1-a3ab-e06995fe8479}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5931da0b-f7ab-11e1-a3ab-e06995fe8479}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5931da0b-f7ab-11e1-a3ab-e06995fe8479}\ not found. File move failed. F:\autorun.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5931da0b-f7ab-11e1-a3ab-e06995fe8479}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5931da0b-f7ab-11e1-a3ab-e06995fe8479}\ not found. File move failed. F:\autorun.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b77b787a-9093-11e1-a9ff-e06995fe8479}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b77b787a-9093-11e1-a9ff-e06995fe8479}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b77b787a-9093-11e1-a9ff-e06995fe8479}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b77b787a-9093-11e1-a9ff-e06995fe8479}\ not found. File H:\SETUP.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b77b787a-9093-11e1-a9ff-e06995fe8479}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b77b787a-9093-11e1-a9ff-e06995fe8479}\ not found. File H:\SETUP.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b77b787a-9093-11e1-a9ff-e06995fe8479}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b77b787a-9093-11e1-a9ff-e06995fe8479}\ not found. File H:\SETUP.EXE not found. ========== FILES ========== < ipconfig /flushdns /c > Configura‡Æo de IP do Windows Libera‡Æo do Cache do DNS Resolver bem-sucedida. C:\Users\PLINIO\Desktop\cmd.bat deleted successfully. C:\Users\PLINIO\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== Restore point Set: OTL Restore Point [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: francisco ->Temp folder emptied: 13507160 bytes ->Temporary Internet Files folder emptied: 13472307 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 934 bytes User: PLINIO ->Temp folder emptied: 339008334 bytes ->Temporary Internet Files folder emptied: 35994922 bytes ->Java cache emptied: 2249404 bytes ->FireFox cache emptied: 121375106 bytes ->Google Chrome cache emptied: 390820228 bytes ->Flash cache emptied: 2301 bytes User: Public User: Todos os Usuários User: Usuário Padrão ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 52156717 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 101176 bytes RecycleBin emptied: 4275305027 bytes Total Files Cleaned = 5.001,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 03252013_201436 Files\Folders moved on Reboot... File move failed. F:\autorun.exe scheduled to be moved on reboot. File move failed. F:\autorun.inf scheduled to be moved on reboot. C:\Users\PLINIO\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  12. OTL logfile created on: 24/03/2013 21:10:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\PLINIO\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 3,97 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 62,69% Memory free 7,93 Gb Paging File | 6,51 Gb Available in Paging File | 82,03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 156,15 Gb Total Space | 77,52 Gb Free Space | 49,64% Space Free | Partition Type: NTFS Drive D: | 141,84 Gb Total Space | 141,56 Gb Free Space | 99,81% Space Free | Partition Type: NTFS Drive F: | 37,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive H: | 465,76 Gb Total Space | 199,43 Gb Free Space | 42,82% Space Free | Partition Type: NTFS Computer Name: PLINIO-PC | User Name: PLINIO | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 90 Days ========== Processes (SafeList) ========== PRC - [2013/03/24 21:07:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PLINIO\Downloads\OTL.exe PRC - [2013/03/24 04:36:38 | 000,717,080 | ---- | M] () -- C:\Users\PLINIO\AppData\Local\Temp\RarSFX1\0651201.exe PRC - [2013/03/23 22:38:15 | 161,090,344 | ---- | M] () -- C:\Users\PLINIO\Desktop\setup_11.0.0.1245.x01_2013_03_24_04_35.exe PRC - [2013/03/07 18:25:26 | 000,168,536 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe PRC - [2013/03/06 20:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\Alwil Software\Avast5\AvastSvc.exe PRC - [2013/01/22 11:40:54 | 000,526,888 | ---- | M] (GAS Tecnologia) -- C:\PROGRA~2\GbPlugin\GbpSv.exe PRC - [2012/12/18 16:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/10/05 09:08:16 | 000,032,672 | ---- | M] (Orolix Desenvolvimento de Software LTDA.) -- C:\Program Files (x86)\TIM Communicator\module\devicemon.exe PRC - [2010/07/26 15:17:10 | 000,341,920 | ---- | M] () -- C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe ========== Modules (No Company Name) ========== MOD - [2013/03/24 04:36:38 | 000,717,080 | ---- | M] () -- C:\Users\PLINIO\AppData\Local\Temp\RarSFX1\0651201.exe MOD - [2013/03/23 22:38:15 | 161,090,344 | ---- | M] () -- C:\Users\PLINIO\Desktop\setup_11.0.0.1245.x01_2013_03_24_04_35.exe MOD - [2011/05/19 11:49:50 | 000,032,160 | ---- | M] () -- C:\Program Files (x86)\TIM Communicator\module\modqoscommunicator.dll MOD - [2010/07/26 15:17:10 | 000,341,920 | ---- | M] () -- C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe MOD - [2010/06/29 18:15:40 | 000,337,312 | ---- | M] () -- C:\Program Files (x86)\TIM Communicator\module\plugins\sqldrivers\qsqlite4.dll MOD - [2010/06/29 18:15:40 | 000,222,624 | ---- | M] () -- C:\Program Files (x86)\TIM Communicator\module\plugins\phonon_backend\phonon_ds94.dll MOD - [2010/06/29 18:15:40 | 000,189,856 | ---- | M] () -- C:\Program Files (x86)\TIM Communicator\module\plugins\imageformats\qjpeg4.dll MOD - [2010/06/29 18:15:40 | 000,075,168 | ---- | M] () -- C:\Program Files (x86)\TIM Communicator\module\plugins\imageformats\qico4.dll MOD - [2010/06/29 18:15:40 | 000,075,168 | ---- | M] () -- C:\Program Files (x86)\TIM Communicator\module\plugins\imageformats\qgif4.dll MOD - [2010/06/29 10:15:56 | 007,796,128 | ---- | M] () -- C:\Program Files (x86)\TIM Communicator\module\QtWebKit4.dll MOD - [2010/06/29 10:15:56 | 006,350,240 | ---- | M] () -- C:\Program Files (x86)\TIM Communicator\module\QtGui4.dll MOD - [2010/06/29 10:15:56 | 001,770,912 | ---- | M] () -- C:\Program Files (x86)\TIM Communicator\module\QtCore4.dll MOD - [2010/06/29 10:15:56 | 001,451,424 | ---- | M] () -- C:\Program Files (x86)\TIM Communicator\module\QtNetwork4.dll MOD - [2010/06/29 10:15:56 | 000,263,584 | ---- | M] () -- C:\Program Files (x86)\TIM Communicator\module\QtXml4.dll MOD - [2010/06/29 10:15:56 | 000,206,240 | ---- | M] () -- C:\Program Files (x86)\TIM Communicator\module\phonon4.dll MOD - [2010/06/29 10:15:56 | 000,152,992 | ---- | M] () -- C:\Program Files (x86)\TIM Communicator\module\QtSql4.dll ========== Services (SafeList) ========== SRV:64bit: - [2009/07/13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013/03/09 22:44:43 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/03/07 18:25:26 | 000,168,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate) SRV - [2013/03/06 20:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Arquivos de Programas\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2013/01/22 11:40:54 | 000,526,888 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv) SRV - [2013/01/08 15:19:46 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/12/18 16:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/10/05 09:08:16 | 000,032,672 | ---- | M] (Orolix Desenvolvimento de Software LTDA.) [Auto | Running] -- C:\Program Files (x86)\TIM Communicator\module\devicemon.exe -- (OrolixDeviceMonitor) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/03/24 04:35:17 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\72781805.sys -- (72781805) DRV:64bit: - [2013/03/06 20:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2013/03/06 20:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2013/03/06 20:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:64bit: - [2013/03/06 20:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2013/03/06 20:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2013/03/06 20:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:64bit: - [2013/03/06 20:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2013/03/06 20:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012/08/23 11:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 11:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/04/27 14:59:33 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/12/09 06:47:54 | 000,218,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys -- (huawei_wwanecm) DRV:64bit: - [2011/12/09 06:47:54 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2011/12/09 06:47:54 | 000,098,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm) DRV:64bit: - [2011/12/09 06:47:54 | 000,087,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:64bit: - [2011/12/09 06:47:54 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl) DRV:64bit: - [2011/12/09 06:47:54 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter) DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010/11/20 10:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010/04/26 23:25:16 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm) DRV:64bit: - [2010/04/26 23:25:16 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) DRV:64bit: - [2010/04/26 23:25:16 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV - [2012/10/09 12:29:58 | 000,046,440 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\gbpkm.sys -- (GbpKm) DRV - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.msn.com/?ocid=OIE9HP IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=BDT1&ocid=bdtdhp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC D5 C9 67 A3 24 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz= IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\PLINIO\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/28 12:35:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/09 22:44:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/28 12:35:39 | 000,000,000 | ---D | M] [2012/09/08 12:46:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PLINIO\AppData\Roaming\mozilla\Extensions [2012/11/29 22:25:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PLINIO\AppData\Roaming\mozilla\Firefox\Profiles\7otz0amz.default\extensions [2013/03/09 22:44:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013/03/09 22:44:44 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013/03/09 22:44:41 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013/03/09 22:44:41 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: br.hao123.com/?tn=ocd_hp_hao123_br CHR - plugin: Shockwave Flash (Enabled) = C:\Users\PLINIO\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Orbit Downloader (Enabled) = C:\Users\PLINIO\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Java Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: YouTube = C:\Users\PLINIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Pesquisa do Google = C:\Users\PLINIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Gmail = C:\Users\PLINIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2012/07/24 23:36:07 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll (Banco do Brasil) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [bingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKCU..\Run: [Facebook Update] C:\Users\PLINIO\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\SysWow64\grpconv.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_Plugin.exe (Adobe Systems Incorporated) O4 - Startup: C:\Users\PLINIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_72781805.lnk = C:\Users\PLINIO\AppData\Local\Temp\_uninst_72781805.bat () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites) O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites) O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites) O15 - HKCU\..Trusted Domains: bb.com.br ([www] * in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BAHIATURSA.BA.GOV.BR O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{888F922C-34B4-4F6B-B103-0DAA2E32A03D}: NameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files (x86)\GbPlugin\gbieh.dll) - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil) O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll (Banco do Brasil) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/08/16 18:00:20 | 000,336,384 | R--- | M] (Orolix Desenvolvimento de Software LTDA.) - F:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2012/01/31 12:22:04 | 000,000,172 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{0231e566-af6a-11e1-9606-e06995fe8479}\Shell - "" = AutoRun O33 - MountPoints2\{0231e566-af6a-11e1-9606-e06995fe8479}\Shell\AutoRun\command - "" = G:\autorun.exe O33 - MountPoints2\{0231e566-af6a-11e1-9606-e06995fe8479}\Shell\Option1\Command - "" = G:\autorun.exe O33 - MountPoints2\{2f789cb6-b7c4-11e1-b6e1-e06995fe8479}\Shell - "" = AutoRun O33 - MountPoints2\{2f789cb6-b7c4-11e1-b6e1-e06995fe8479}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2010/08/16 18:00:20 | 000,336,384 | R--- | M] (Orolix Desenvolvimento de Software LTDA.) O33 - MountPoints2\{2f789cb6-b7c4-11e1-b6e1-e06995fe8479}\Shell\Option1\Command - "" = F:\autorun.exe -- [2010/08/16 18:00:20 | 000,336,384 | R--- | M] (Orolix Desenvolvimento de Software LTDA.) O33 - MountPoints2\{36f2a711-af75-11e1-b376-e06995fe8479}\Shell - "" = AutoRun O33 - MountPoints2\{36f2a711-af75-11e1-b376-e06995fe8479}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2010/08/16 18:00:20 | 000,336,384 | R--- | M] (Orolix Desenvolvimento de Software LTDA.) O33 - MountPoints2\{36f2a711-af75-11e1-b376-e06995fe8479}\Shell\Option1\Command - "" = F:\autorun.exe -- [2010/08/16 18:00:20 | 000,336,384 | R--- | M] (Orolix Desenvolvimento de Software LTDA.) O33 - MountPoints2\{36f2a732-af75-11e1-b376-e06995fe8479}\Shell - "" = AutoRun O33 - MountPoints2\{36f2a732-af75-11e1-b376-e06995fe8479}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2010/08/16 18:00:20 | 000,336,384 | R--- | M] (Orolix Desenvolvimento de Software LTDA.) O33 - MountPoints2\{36f2a732-af75-11e1-b376-e06995fe8479}\Shell\Option1\Command - "" = F:\autorun.exe -- [2010/08/16 18:00:20 | 000,336,384 | R--- | M] (Orolix Desenvolvimento de Software LTDA.) O33 - MountPoints2\{5931da0b-f7ab-11e1-a3ab-e06995fe8479}\Shell - "" = AutoRun O33 - MountPoints2\{5931da0b-f7ab-11e1-a3ab-e06995fe8479}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2010/08/16 18:00:20 | 000,336,384 | R--- | M] (Orolix Desenvolvimento de Software LTDA.) O33 - MountPoints2\{5931da0b-f7ab-11e1-a3ab-e06995fe8479}\Shell\Option1\Command - "" = F:\autorun.exe -- [2010/08/16 18:00:20 | 000,336,384 | R--- | M] (Orolix Desenvolvimento de Software LTDA.) O33 - MountPoints2\{b77b787a-9093-11e1-a9ff-e06995fe8479}\Shell - "" = AutoRun O33 - MountPoints2\{b77b787a-9093-11e1-a9ff-e06995fe8479}\Shell\AutoRun\command - "" = H:\SETUP.EXE O33 - MountPoints2\{b77b787a-9093-11e1-a9ff-e06995fe8479}\Shell\configure\command - "" = H:\SETUP.EXE O33 - MountPoints2\{b77b787a-9093-11e1-a9ff-e06995fe8479}\Shell\install\command - "" = H:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) CREATERESTOREPOINT Restore point Set: OTL Restore Point NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) ========== Files/Folders - Created Within 90 Days ========== [2013/03/23 22:39:56 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\72781805.sys [2013/03/22 22:17:24 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/03/22 22:17:15 | 000,000,000 | ---D | C] -- C:\JRT [2013/03/22 22:16:48 | 000,549,920 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\PLINIO\Desktop\JRT.exe [2013/03/20 20:17:50 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\PLINIO\Desktop\mbam-setup-1.70.0.1100.exe [2013/03/20 20:16:15 | 000,147,456 | ---- | C] (Eric_71) -- C:\Users\PLINIO\Desktop\MbrScan.exe [2013/03/18 21:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013/03/10 10:40:43 | 000,000,000 | ---D | C] -- C:\Users\PLINIO\Desktop\Magnolia[1999]DvDrip[Eng]-TB [2013/03/10 09:38:30 | 000,000,000 | ---D | C] -- C:\Users\PLINIO\Documents\NeroVision [2013/03/09 22:44:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/03/09 11:39:53 | 000,000,000 | ---D | C] -- C:\Users\PLINIO\Desktop\Apocalypse.Now.Redux.1979.DVDRip.DivX [2013/03/03 21:16:09 | 000,000,000 | ---D | C] -- C:\Users\PLINIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain [2013/03/03 21:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain [2013/03/03 21:15:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MP3Gain [2013/03/03 21:02:22 | 000,000,000 | ---D | C] -- C:\Users\PLINIO\Desktop\The Blues Brothers KLAXXON [2013/03/03 20:26:44 | 000,000,000 | ---D | C] -- C:\Users\PLINIO\Desktop\The Unforgiven [2013/03/03 18:05:52 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013/03/03 18:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013/03/03 18:05:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013/03/02 00:09:55 | 000,000,000 | ---D | C] -- C:\Users\PLINIO\Desktop\IR_2013 [2013/03/02 00:01:50 | 000,000,000 | ---D | C] -- C:\Users\PLINIO\.receitanet [2013/03/01 22:40:06 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallJammer Registry [2013/03/01 22:40:03 | 000,000,000 | ---D | C] -- C:\Users\PLINIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013 [2013/03/01 22:40:01 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas RFB [2013/03/01 22:40:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB [2013/03/01 22:39:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Programas RFB [2013/02/24 21:26:13 | 000,000,000 | ---D | C] -- C:\Users\PLINIO\Desktop\The.Godfather.1.1972.HD.x264~PlutO~ [2013/02/24 19:26:58 | 000,000,000 | ---D | C] -- C:\Users\PLINIO\Desktop\Antichrist.2009.DVDRIP.XviD-ZEKTORM [2013/02/24 19:26:04 | 000,000,000 | ---D | C] -- C:\Users\PLINIO\AppData\Roaming\Nico Mak Computing [2013/02/24 19:26:01 | 000,019,840 | ---- | C] (WinZip Computing, S.L.(WinZip Computing)) -- C:\Windows\SysNative\roboot64.exe [2013/02/24 19:22:29 | 000,000,000 | ---D | C] -- C:\Users\PLINIO\AppData\Roaming\BitTorrent [2013/02/15 21:44:59 | 000,000,000 | ---D | C] -- C:\Users\PLINIO\AppData\Local\Facebook [2013/01/30 20:48:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak [2013/01/20 12:47:25 | 000,000,000 | ---D | C] -- C:\Users\PLINIO\AppData\Roaming\Houaiss3 [2013/01/20 12:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dicionário Houaiss 3 [2013/01/20 12:47:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Houaiss3 [2013/01/03 19:17:17 | 000,000,000 | ---D | C] -- C:\Users\PLINIO\AppData\Local\ElevatedDiagnostics [2013/01/03 19:17:07 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012/12/29 16:08:00 | 000,000,000 | ---D | C] -- C:\Users\PLINIO\AppData\Local\Programs [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\PLINIO\Desktop\*.tmp files -> C:\Users\PLINIO\Desktop\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2013/03/24 21:14:21 | 003,932,160 | -HS- | M] () -- C:\Users\PLINIO\NTUSER.DAT [2013/03/24 20:53:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/03/24 19:28:05 | 000,693,898 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2013/03/24 19:28:05 | 000,666,510 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat [2013/03/24 19:28:05 | 000,642,044 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2013/03/24 19:28:05 | 000,620,274 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat [2013/03/24 19:28:05 | 000,133,586 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2013/03/24 19:28:05 | 000,128,740 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat [2013/03/24 19:28:05 | 000,124,386 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat [2013/03/24 19:28:04 | 004,903,532 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/03/24 19:28:04 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/03/24 19:28:04 | 000,464,878 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat [2013/03/24 19:28:04 | 000,437,192 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat [2013/03/24 19:28:04 | 000,111,438 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2013/03/24 19:28:04 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/03/24 19:28:04 | 000,080,450 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat [2013/03/24 19:28:04 | 000,079,630 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat [2013/03/24 18:50:09 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3669198775-1412715661-67915708-1000UA.job [2013/03/24 16:16:03 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/24 16:16:03 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/24 09:46:14 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/03/24 09:44:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2013/03/24 09:44:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/24 09:44:47 | 3193,888,768 | -HS- | M] () -- C:\hiberfil.sys [2013/03/24 04:35:17 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\72781805.sys [2013/03/24 02:22:21 | 012,365,573 | -H-- | M] () -- C:\Users\PLINIO\AppData\Local\IconCache.db [2013/03/23 22:41:11 | 000,000,969 | ---- | M] () -- C:\Users\PLINIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_72781805.lnk [2013/03/23 22:38:15 | 161,090,344 | ---- | M] () -- C:\Users\PLINIO\Desktop\setup_11.0.0.1245.x01_2013_03_24_04_35.exe [2013/03/23 21:50:03 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3669198775-1412715661-67915708-1000Core.job [2013/03/23 11:26:26 | 000,948,929 | ---- | M] () -- C:\Users\PLINIO\Desktop\TS-129i UM_PB231TS129iUMA01A Rev B.pdf [2013/03/22 22:02:53 | 000,549,920 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\PLINIO\Desktop\JRT.exe [2013/03/20 20:57:52 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/03/20 20:17:31 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\PLINIO\Desktop\mbam-setup-1.70.0.1100.exe [2013/03/20 20:15:30 | 000,147,456 | ---- | M] (Eric_71) -- C:\Users\PLINIO\Desktop\MbrScan.exe [2013/03/20 20:14:46 | 000,609,993 | ---- | M] () -- C:\Users\PLINIO\Desktop\adwcleaner.exe [2013/03/18 21:54:30 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/03/11 23:24:49 | 000,880,624 | ---- | M] () -- C:\Users\PLINIO\BACEN-ALTINO-SOUZA-OPERACOES-BANCARIAS-E-CONTABILIDADE-DE-INSTITUICOES-FINANCEIRAS.pdf [2013/03/11 23:18:18 | 000,233,183 | ---- | M] () -- C:\Users\PLINIO\Desktop\bacen0109_edital_analista.pdf [2013/03/09 09:44:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013/03/06 20:33:21 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013/03/06 20:33:21 | 000,377,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013/03/06 20:33:21 | 000,178,624 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2013/03/06 20:33:21 | 000,070,992 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2013/03/06 20:33:21 | 000,068,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2013/03/06 20:33:21 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2013/03/06 20:33:20 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2013/03/06 20:33:20 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2013/03/06 20:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2013/03/06 20:32:22 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2013/03/03 21:16:48 | 000,001,026 | ---- | M] () -- C:\Users\PLINIO\Desktop\MP3Gain.lnk [2013/03/03 18:05:52 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013/03/01 22:40:00 | 000,000,176 | ---- | M] () -- C:\Windows\REC-NET.INI [2013/02/24 19:24:16 | 000,000,854 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk [2013/02/21 07:44:15 | 000,424,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/02/13 11:07:58 | 000,019,840 | ---- | M] (WinZip Computing, S.L.(WinZip Computing)) -- C:\Windows\SysNative\roboot64.exe [2013/02/03 13:43:45 | 000,067,228 | ---- | M] () -- C:\Users\PLINIO\21176_o-setimo-selo.jpg [2013/02/02 12:34:34 | 000,114,504 | ---- | M] () -- C:\Users\PLINIO\AppData\Local\GDIPFONTCACHEV1.DAT [2013/01/24 21:26:44 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/01/20 12:47:25 | 000,000,943 | ---- | M] () -- C:\Users\PLINIO\Desktop\Dicionário eletrônico Houaiss 3.lnk [2013/01/03 19:32:46 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/01/03 19:16:57 | 000,001,099 | ---- | M] () -- C:\Users\PLINIO\Windows Update Troubleshooting Info.lnk [2012/12/25 11:55:03 | 000,263,301 | ---- | M] () -- C:\Users\PLINIO\Foto0650.jpg [2012/12/25 11:54:48 | 000,212,702 | ---- | M] () -- C:\Users\PLINIO\Foto0651.jpg [2012/12/25 11:54:37 | 000,268,124 | ---- | M] () -- C:\Users\PLINIO\Foto0652.jpg [2012/12/25 11:54:10 | 000,379,054 | ---- | M] () -- C:\Users\PLINIO\Foto0653.jpg [2012/12/25 11:51:59 | 000,161,790 | ---- | M] () -- C:\Users\PLINIO\Foto0654.jpg [2012/12/25 11:49:32 | 000,165,095 | ---- | M] () -- C:\Users\PLINIO\Foto0656.jpg [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\PLINIO\Desktop\*.tmp files -> C:\Users\PLINIO\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/03/23 22:41:11 | 000,000,969 | ---- | C] () -- C:\Users\PLINIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_72781805.lnk [2013/03/23 22:39:26 | 161,090,344 | ---- | C] () -- C:\Users\PLINIO\Desktop\setup_11.0.0.1245.x01_2013_03_24_04_35.exe [2013/03/23 11:26:25 | 000,948,929 | ---- | C] () -- C:\Users\PLINIO\Desktop\TS-129i UM_PB231TS129iUMA01A Rev B.pdf [2013/03/20 20:16:45 | 000,609,993 | ---- | C] () -- C:\Users\PLINIO\Desktop\adwcleaner.exe [2013/03/18 21:54:30 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/03/18 21:48:48 | 000,001,068 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/03/18 21:48:47 | 000,001,064 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/03/11 23:24:49 | 000,880,624 | ---- | C] () -- C:\Users\PLINIO\BACEN-ALTINO-SOUZA-OPERACOES-BANCARIAS-E-CONTABILIDADE-DE-INSTITUICOES-FINANCEIRAS.pdf [2013/03/11 23:18:17 | 000,233,183 | ---- | C] () -- C:\Users\PLINIO\Desktop\bacen0109_edital_analista.pdf [2013/03/09 09:44:40 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2013/03/09 09:44:40 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2013/03/03 21:16:48 | 000,001,026 | ---- | C] () -- C:\Users\PLINIO\Desktop\MP3Gain.lnk [2013/03/01 22:40:00 | 000,000,176 | ---- | C] () -- C:\Windows\REC-NET.INI [2013/02/24 19:24:16 | 000,000,854 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk [2013/02/15 21:45:04 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3669198775-1412715661-67915708-1000UA.job [2013/02/15 21:45:03 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3669198775-1412715661-67915708-1000Core.job [2013/02/03 13:43:44 | 000,067,228 | ---- | C] () -- C:\Users\PLINIO\21176_o-setimo-selo.jpg [2013/01/20 12:47:25 | 000,000,943 | ---- | C] () -- C:\Users\PLINIO\Desktop\Dicionário eletrônico Houaiss 3.lnk [2013/01/10 22:02:33 | 000,420,064 | ---- | C] () -- C:\Windows\SysWow64\locale.nls [2013/01/10 22:02:33 | 000,420,064 | ---- | C] () -- C:\Windows\SysNative\locale.nls [2013/01/03 19:16:57 | 000,001,099 | ---- | C] () -- C:\Users\PLINIO\Windows Update Troubleshooting Info.lnk [2012/12/30 13:57:43 | 003,751,173 | ---- | C] () -- C:\Users\PLINIO\jumpin.mp3 [2012/12/25 11:55:14 | 000,263,301 | ---- | C] () -- C:\Users\PLINIO\Foto0650.jpg [2012/12/25 11:54:54 | 000,212,702 | ---- | C] () -- C:\Users\PLINIO\Foto0651.jpg [2012/12/25 11:54:43 | 000,268,124 | ---- | C] () -- C:\Users\PLINIO\Foto0652.jpg [2012/12/25 11:54:20 | 000,379,054 | ---- | C] () -- C:\Users\PLINIO\Foto0653.jpg [2012/12/25 11:52:07 | 000,161,790 | ---- | C] () -- C:\Users\PLINIO\Foto0654.jpg [2012/12/25 11:50:03 | 000,165,095 | ---- | C] () -- C:\Users\PLINIO\Foto0656.jpg [2012/12/03 22:05:08 | 000,146,753 | ---- | C] () -- C:\Users\PLINIO\559202_298925506884018_1150785004_n.jpg [2012/11/25 12:15:52 | 001,185,807 | ---- | C] () -- C:\Users\PLINIO\IMG218.jpg [2012/11/25 12:15:52 | 001,069,675 | ---- | C] () -- C:\Users\PLINIO\IMG224.jpg [2012/11/25 10:19:03 | 000,157,783 | ---- | C] () -- C:\Users\PLINIO\178899_298257783617457_774712114_n.jpg [2012/11/14 22:09:03 | 003,454,425 | ---- | C] () -- C:\Users\PLINIO\Nininha.jpg [2012/11/11 00:01:35 | 000,000,014 | ---- | C] () -- C:\Users\PLINIO\AppData\Roaming\mbam.context.scan [2012/09/25 22:49:18 | 004,677,654 | ---- | C] () -- C:\Users\PLINIO\Fundamentos de Matemática Vol.3.pdf [2012/06/27 20:45:33 | 000,075,776 | ---- | C] () -- C:\Windows\cadkasdeinst01e.exe [2012/04/28 12:32:59 | 000,171,632 | ---- | C] () -- C:\Windows\hpoins29.dat [2012/04/28 12:32:59 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl29.dat [2012/04/27 15:36:58 | 000,667,136 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.dll [2012/04/27 15:36:58 | 000,414,208 | ---- | C] () -- C:\Windows\SysWow64\WgaTray.exe [2012/04/27 15:36:58 | 000,190,976 | ---- | C] () -- C:\Windows\SysWow64\WgaLogon.dll [2012/04/27 15:32:59 | 000,003,666 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012/04/27 15:24:42 | 000,114,504 | ---- | C] () -- C:\Users\PLINIO\AppData\Local\GDIPFONTCACHEV1.DAT [2012/04/27 15:05:57 | 012,365,573 | -H-- | C] () -- C:\Users\PLINIO\AppData\Local\IconCache.db [2012/04/27 13:00:06 | 003,932,160 | -HS- | C] () -- C:\Users\PLINIO\NTUSER.DAT [2012/04/27 13:00:06 | 000,524,288 | -HS- | C] () -- C:\Users\PLINIO\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012/04/27 13:00:06 | 000,524,288 | -HS- | C] () -- C:\Users\PLINIO\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012/04/27 13:00:06 | 000,065,536 | -HS- | C] () -- C:\Users\PLINIO\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012/04/27 13:00:06 | 000,000,020 | -HS- | C] () -- C:\Users\PLINIO\ntuser.ini ========== ZeroAccess Check ========== [2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 02:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/03/10 21:10:35 | 000,000,000 | ---D | M] -- C:\Users\PLINIO\AppData\Roaming\BitTorrent [2012/05/05 14:35:21 | 000,000,000 | ---D | M] -- C:\Users\PLINIO\AppData\Roaming\DAEMON Tools Lite [2012/04/28 21:50:23 | 000,000,000 | ---D | M] -- C:\Users\PLINIO\AppData\Roaming\GrabPro [2013/01/20 12:48:14 | 000,000,000 | ---D | M] -- C:\Users\PLINIO\AppData\Roaming\Houaiss3 [2012/08/19 18:54:52 | 000,000,000 | ---D | M] -- C:\Users\PLINIO\AppData\Roaming\ML [2013/02/24 19:29:25 | 000,000,000 | ---D | M] -- C:\Users\PLINIO\AppData\Roaming\Nico Mak Computing [2012/07/30 21:10:30 | 000,000,000 | ---D | M] -- C:\Users\PLINIO\AppData\Roaming\Octoshape [2013/03/19 22:57:32 | 000,000,000 | ---D | M] -- C:\Users\PLINIO\AppData\Roaming\Orbit [2012/04/28 21:50:27 | 000,000,000 | ---D | M] -- C:\Users\PLINIO\AppData\Roaming\ProgSense [2012/04/28 12:29:57 | 000,000,000 | ---D | M] -- C:\Users\PLINIO\AppData\Roaming\Samsung ========== Purity Check ========== ========== Custom Scans ========== < > [2009/07/14 02:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009/07/14 02:08:49 | 000,032,608 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2013/02/15 21:45:03 | 000,000,910 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3669198775-1412715661-67915708-1000Core.job [2013/02/15 21:45:04 | 000,000,932 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3669198775-1412715661-67915708-1000UA.job [2013/03/18 21:48:47 | 000,001,064 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2013/03/18 21:48:48 | 000,001,068 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job < %SYSTEMDRIVE%\*.* > [2013/03/20 20:54:22 | 000,001,093 | ---- | M] () -- C:\AdwCleaner[R1].txt [2013/03/20 20:23:31 | 000,000,337 | ---- | M] () -- C:\AdwCleaner[s1].txt [2013/03/20 20:43:54 | 000,001,712 | ---- | M] () -- C:\AdwCleaner[s2].txt [2013/03/24 09:44:47 | 3193,888,768 | -HS- | M] () -- C:\hiberfil.sys [2012/05/05 14:10:52 | 000,953,238 | ---- | M] () -- C:\HpuInstall.log [2013/03/24 09:44:49 | 4258,521,088 | -HS- | M] () -- C:\pagefile.sys < %systemdrive%\drivers\*.exe > < %systemroot%\system32\drivers\*.* /180 > [2012/10/09 12:29:58 | 000,046,440 | ---- | M] (GAS Tecnologia) -- C:\Windows\system32\drivers\gbpkm.sys < %PROGRAMFILES%(x86)\*.* > < %LOCALAPPDATA%\*.exe > < %LOCALAPPDATA%\*.txt > < %LOCALAPPDATA%\*.ini > < %LOCALAPPDATA%\*.dll > < %LOCALAPPDATA%\*.dat > [2013/02/02 12:34:34 | 000,114,504 | ---- | M] () -- C:\Users\PLINIO\AppData\Local\GDIPFONTCACHEV1.DAT < %USERPROFILE%\*.exe > < %USERPROFILE%\*.txt > < %USERPROFILE%\*.ini > [2012/04/27 13:00:06 | 000,000,020 | -HS- | M] () -- C:\Users\PLINIO\ntuser.ini < %USERPROFILE%\*.dll > < %USERPROFILE%\*.dat /30 > [2013/03/24 21:14:21 | 003,932,160 | -HS- | M] () -- C:\Users\PLINIO\NTUSER.DAT < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2009/06/10 17:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\Fonts\*.com > [2009/07/14 02:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2009/07/14 02:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2009/07/14 02:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2009/07/14 02:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\*.scr > [2013/03/06 20:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] < %appdata%\*.* > [2012/11/11 00:01:35 | 000,000,014 | ---- | M] () -- C:\Users\PLINIO\AppData\Roaming\mbam.context.scan < %programdata%\*.* > [2012/04/28 12:37:58 | 000,000,826 | ---- | M] () -- C:\ProgramData\hpzinstall.log [2012/04/27 15:33:00 | 000,003,666 | RHS- | M] () -- C:\ProgramData\ntuser.pol < %programdata%\*.exe /s > [2012/01/03 04:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.0.0\21132\AcrobatUpdater.exe [2012/01/03 04:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.0.0\21132\AdobeARM.exe [2012/01/03 04:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.0.0\21132\AdobeARMHelper.exe [2012/01/03 04:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.0.0\21132\ReaderUpdater.exe [2012/01/03 04:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.0.0\22164\AcrobatUpdater.exe [2012/01/03 04:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.0.0\22164\AdobeARM.exe [2012/01/03 04:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.0.0\22164\AdobeARMHelper.exe [2012/01/03 04:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.0.0\22164\ReaderUpdater.exe [2012/01/03 04:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.0.0\4626\AcrobatUpdater.exe [2012/01/03 04:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.0.0\4626\AdobeARM.exe [2012/01/03 04:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.0.0\4626\AdobeARMHelper.exe [2012/01/03 04:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.0.0\4626\ReaderUpdater.exe [2012/09/24 00:48:33 | 000,364,224 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1046-7B44-AB0000000001}\setup.exe [2012/12/29 16:07:53 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe [2013/01/25 10:34:04 | 000,092,184 | ---- | M] (Microsoft Corp.) -- C:\ProgramData\Microsoft\BingDesktop\Updater\BingDesktopRestarter.exe [2011/07/06 13:42:44 | 000,039,840 | ---- | M] (Orolix Desenvolvimento de Software LTDA.) -- C:\ProgramData\OrolixCommunicator\update\dialerupdate.exe < %programdata%\*.dll /s > [2009/05/14 06:25:16 | 000,002,560 | ---- | M] (Hewlett-Packard Development Co. L.P.) -- C:\ProgramData\HP\Digital Imaging\Data\hpqd_cul_s.dll [2009/05/14 06:25:16 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\ProgramData\HP\Digital Imaging\Data\Destination\aiopfl.dll [2009/05/21 20:21:18 | 000,003,584 | ---- | M] (Hewlett-Packard Co.) -- C:\ProgramData\HP\HelpViewer\HVdummy.dll [2009/05/21 18:57:02 | 000,007,680 | ---- | M] () -- C:\ProgramData\HP\LGT 2.0\data\hplgtv_links.dll [2009/05/21 18:57:02 | 000,007,680 | ---- | M] () -- C:\ProgramData\HP\LGT 2.0\data\hplgtv_plugin.dll [2009/05/21 18:57:02 | 000,007,680 | ---- | M] () -- C:\ProgramData\HP\LGT 2.0\data\hplgtv_ROW.dll [2009/05/21 18:57:02 | 000,007,680 | ---- | M] () -- C:\ProgramData\HP\LGT 2.0\data\hplgtv_uicfg.dll [2009/05/21 18:57:02 | 000,007,680 | ---- | M] () -- C:\ProgramData\HP\LGT 2.0\data\Languages\pt_ww\hplgtv_uiptb.dll [2009/05/21 18:57:02 | 000,007,680 | ---- | M] () -- C:\ProgramData\HP\LGT 2.0\data\templates\hplgtv_template.dll [2009/05/21 18:57:02 | 000,007,680 | ---- | M] () -- C:\ProgramData\HP\LGT 2.0\data\templates\Images\hplgtv_timages.dll [2009/05/21 18:57:00 | 000,024,576 | ---- | M] (Hewlett-Packard Co.) -- C:\ProgramData\HP\LGT\Data\hplgtv_ptcfg.dll [2009/05/21 18:57:00 | 000,024,576 | ---- | M] (Hewlett-Packard Co.) -- C:\ProgramData\HP\LGT\Data\hplgtv_root.dll [2009/05/21 18:57:00 | 000,024,576 | ---- | M] (Hewlett-Packard Co.) -- C:\ProgramData\HP\LGT\Data\hplgtv_ROW.dll [2009/05/21 18:57:00 | 000,065,536 | ---- | M] (Hewlett-Packard) -- C:\ProgramData\HP\LGT\Data\EvidenceCollectors\EvidenceCollector.dll [2009/05/21 18:57:00 | 000,622,592 | ---- | M] () -- C:\ProgramData\HP\LGT\Data\EvidenceCollectors\EvidenceCollectorDebug.dll [2009/05/21 18:57:00 | 000,073,728 | ---- | M] (Hewlett-Packard) -- C:\ProgramData\HP\LGT\Data\EvidenceCollectors\GeneralEvidenceCollector.dll [2009/05/21 18:57:02 | 000,249,856 | ---- | M] (Hewlett-Packard Co.) -- C:\ProgramData\HP\LGT\Data\EvidenceCollectors\ProductEventEvidenceCollector.dll [2009/05/21 18:57:00 | 000,024,576 | ---- | M] (Hewlett-Packard Co.) -- C:\ProgramData\HP\LGT\Data\Languages\pt_ww\hplgtv_ptxml.dll [2009/05/21 18:57:00 | 000,007,168 | ---- | M] (Hewlett Packard) -- C:\ProgramData\HP\LGT\Data\Models\hpqlgt01.dll [2009/05/21 18:57:00 | 000,007,168 | ---- | M] (Hewlett Packard) -- C:\ProgramData\HP\LGT\Data\Models\hpqlgt02.dll [2009/05/21 18:57:00 | 000,007,168 | ---- | M] (Hewlett Packard) -- C:\ProgramData\HP\LGT\Data\Models\hpqlgtmsm.dll [2009/05/21 18:57:00 | 000,007,168 | ---- | M] (Hewlett Packard) -- C:\ProgramData\HP\LGT\Data\Models\Images\hpqlgtmsm.dll [2009/05/21 18:57:00 | 000,007,168 | ---- | M] (Hewlett Packard) -- C:\ProgramData\HP\LGT\Data\Models\Images\B8500\hpqlgtmsm.dll [2009/05/21 18:57:00 | 000,007,168 | ---- | M] (Hewlett Packard) -- C:\ProgramData\HP\LGT\Data\Models\Images\B8800\hpqlgtmsm.dll [2009/05/21 18:57:00 | 000,007,168 | ---- | M] (Hewlett Packard) -- C:\ProgramData\HP\LGT\Data\Models\Images\C4340\hpqlgtmsm.dll [2009/05/21 18:57:00 | 000,007,168 | ---- | M] (Hewlett Packard) -- C:\ProgramData\HP\LGT\Data\Models\Images\C4400\hpqlgtmsm.dll [2009/05/21 18:57:00 | 000,007,168 | ---- | M] (Hewlett Packard) -- C:\ProgramData\HP\LGT\Data\Models\Images\C4500\hpqlgtmsm.dll [2009/05/21 18:57:00 | 000,007,168 | ---- | M] (Hewlett Packard) -- C:\ProgramData\HP\LGT\Data\Models\Images\C5300\hpqlgtmsm.dll [2009/05/21 18:57:00 | 000,007,168 | ---- | M] (Hewlett Packard) -- C:\ProgramData\HP\LGT\Data\Models\Images\C5500\hpqlgtmsm.dll [2009/05/21 18:57:00 | 000,007,168 | ---- | M] (Hewlett Packard) -- C:\ProgramData\HP\LGT\Data\Models\Images\C6300\hpqlgtmsm.dll [2009/05/21 18:57:00 | 000,007,168 | ---- | M] (Hewlett Packard) -- C:\ProgramData\HP\LGT\Data\Models\Images\D1500\hpqlgtmsm.dll [2009/05/21 18:57:00 | 000,007,168 | ---- | M] (Hewlett Packard) -- C:\ProgramData\HP\LGT\Data\Models\Images\D2500\hpqlgtmsm.dll [2009/05/21 18:57:00 | 000,007,168 | ---- | M] (Hewlett Packard) -- C:\ProgramData\HP\LGT\Data\Models\Images\D4300\hpqlgtmsm.dll [2009/05/21 18:57:00 | 000,007,168 | ---- | M] (Hewlett Packard) -- C:\ProgramData\HP\LGT\Data\Models\Images\D5400\hpqlgtmsm.dll [2009/05/21 18:57:00 | 000,007,168 | ---- | M] (Hewlett Packard) -- C:\ProgramData\HP\LGT\Data\Models\Images\D730\hpqlgtmsm.dll [2009/05/21 18:57:00 | 000,007,168 | ---- | M] (Hewlett Packard) -- C:\ProgramData\HP\LGT\Data\Models\Images\D7500\hpqlgtmsm.dll [2009/05/21 18:57:00 | 000,007,168 | ---- | M] (Hewlett Packard) -- C:\ProgramData\HP\LGT\Data\Models\Images\F2200\hpqlgtmsm.dll [2009/05/21 18:57:00 | 000,007,168 | ---- | M] (Hewlett Packard) -- C:\ProgramData\HP\LGT\Data\Models\Images\F4200\hpqlgtmsm.dll [2009/05/21 18:57:00 | 000,007,168 | ---- | M] (Hewlett Packard) -- C:\ProgramData\HP\LGT\Data\Models\Images\F735\hpqlgtmsm.dll [2009/05/21 18:57:00 | 000,007,168 | ---- | M] (Hewlett Packard) -- C:\ProgramData\HP\LGT\Data\Models\Images\generic\hpqlgtmsm.dll [2009/05/21 18:57:00 | 000,007,168 | ---- | M] (Hewlett Packard) -- C:\ProgramData\HP\LGT\Data\Models\Images\J4500\hpqlgtmsm.dll [2009/05/21 18:57:00 | 000,007,168 | ---- | M] (Hewlett Packard) -- C:\ProgramData\HP\LGT\Data\Models\Images\J4660\hpqlgtmsm.dll [2009/05/21 18:57:00 | 000,007,168 | ---- | M] (Hewlett Packard) -- C:\ProgramData\HP\LGT\Data\Models\Images\J4680\hpqlgtmsm.dll [2009/05/21 18:57:00 | 000,007,168 | ---- | M] (Hewlett Packard) -- C:\ProgramData\HP\LGT\Data\Models\Images\J6400\hpqlgtmsm.dll [2009/05/21 18:57:00 | 000,007,168 | ---- | M] (Hewlett Packard) -- C:\ProgramData\HP\LGT\Data\Models\Movies\hpqlgtmsm.dll [2009/05/21 18:57:00 | 000,024,576 | ---- | M] (Hewlett-Packard Co.) -- C:\ProgramData\HP\LGT\Data\Templates\hplgtv_template.dll [2009/05/21 18:57:00 | 000,024,576 | ---- | M] (Hewlett-Packard Co.) -- C:\ProgramData\HP\LGT\Data\Templates\Images\hplgtv_timages.dll [2009/05/21 18:57:00 | 000,024,576 | ---- | M] (Hewlett-Packard Co.) -- C:\ProgramData\HP\LGT\Data\Templates\Images\bullets\hplgtv_bullets.dll [2009/05/21 18:57:00 | 000,002,560 | ---- | M] (Hewlett-Packard Co.) -- C:\ProgramData\HP\RB\GPdummy.dll [2009/05/21 20:21:18 | 000,002,560 | ---- | M] (Hewlett-Packard Co.) -- C:\ProgramData\HP\SolCtr\scdatafiles.dll [2009/06/10 17:31:21 | 000,015,616 | ---- | M] (Microsoft Corp.) -- C:\ProgramData\Microsoft\IdentityCRL\ppcrlconfig.dll [2009/06/10 17:31:21 | 000,254,216 | ---- | M] (Microsoft Corp.) -- C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll [2013/02/07 21:28:29 | 009,162,192 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7D4F85AB-E5E9-4F31-8FFC-09978E48512C}\mpengine.dll [2013/03/23 03:16:13 | 000,076,232 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7D4F85AB-E5E9-4F31-8FFC-09978E48512C}\offreg.dll [2013/01/08 02:32:08 | 009,161,176 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll [2006/02/07 11:52:12 | 001,347,584 | ---- | M] (Doctor Web, Ltd.) -- C:\ProgramData\Nero\DrWeb\Drweb32.dll < %PROGRAMFILES%\Internet Explorer\*.* > [2012/05/15 21:38:56 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ExtExport.exe [2012/05/15 21:38:56 | 000,002,535 | ---- | M] () -- C:\Program Files (x86)\Internet Explorer\ie9props.propdesc [2012/05/15 21:38:56 | 000,107,008 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iecleanup.exe [2012/05/15 21:38:56 | 000,307,200 | ---- | M] () -- C:\Program Files (x86)\Internet Explorer\iediagcmd.exe [2013/01/08 19:05:31 | 000,678,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iedvtool.dll [2012/05/15 21:38:56 | 000,466,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieinstal.exe [2012/05/15 21:38:56 | 000,222,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ielowutil.exe [2013/01/08 19:00:46 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll [2013/01/08 19:00:12 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\IEShims.dll [2013/01/08 19:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe [2013/01/08 19:04:45 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll [2012/05/15 21:38:56 | 000,104,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll [2012/05/15 21:38:56 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\JSProfilerCore.dll [2012/05/15 21:38:56 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsprofilerui.dll [2009/06/10 18:14:14 | 000,265,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\msdbg2.dll [2012/05/15 21:38:56 | 000,301,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\networkinspection.dll [2009/06/10 18:14:15 | 000,355,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\pdm.dll [2013/01/08 19:42:06 | 000,149,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\sqmapi.dll < C:\windows\system32\Tasks\*.* /64 > [2013/03/09 09:44:44 | 000,003,926 | ---- | M] () -- C:\Windows\SysNative\Tasks\avast! Emergency Update [2012/11/28 20:13:51 | 000,002,774 | ---- | M] () -- C:\Windows\SysNative\Tasks\CCleanerSkipUAC [2013/02/15 21:45:04 | 000,003,542 | ---- | M] () -- C:\Windows\SysNative\Tasks\FacebookUpdateTaskUserS-1-5-21-3669198775-1412715661-67915708-1000Core [2013/02/15 21:45:04 | 000,003,910 | ---- | M] () -- C:\Windows\SysNative\Tasks\FacebookUpdateTaskUserS-1-5-21-3669198775-1412715661-67915708-1000UA [2013/03/18 21:48:47 | 000,003,812 | ---- | M] () -- C:\Windows\SysNative\Tasks\GoogleUpdateTaskMachineCore [2013/03/18 21:48:48 | 000,004,064 | ---- | M] () -- C:\Windows\SysNative\Tasks\GoogleUpdateTaskMachineUA [2012/04/27 14:59:35 | 000,003,160 | ---- | M] () -- C:\Windows\SysNative\Tasks\SidebarExecute [2012/04/27 15:50:41 | 000,002,868 | ---- | M] () -- C:\Windows\SysNative\Tasks\{C42D4D62-FF9B-4C48-8408-94E54C1E0EBE} [2013/03/02 00:06:57 | 000,003,188 | ---- | M] () -- C:\Windows\SysNative\Tasks\{DDD582EF-5BF5-4D16-81CE-F45EDF8F135C} [2013/03/03 21:16:01 | 000,003,150 | ---- | M] () -- C:\Windows\SysNative\Tasks\{EF9D8F98-6250-4228-B8CF-534FD9116B4A} < %windir%\tasks\*.* > [2013/03/23 21:50:03 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3669198775-1412715661-67915708-1000Core.job [2013/03/24 18:50:09 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3669198775-1412715661-67915708-1000UA.job [2013/03/24 09:46:14 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/03/24 20:53:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/03/24 09:44:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2013/03/13 09:00:37 | 000,032,608 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections > "DefaultConnectionSettings" = 46 00 00 00 0C 00 00 00 01 00 00 00 00 00 00 00 07 00 00 00 3C 6C 6F 63 61 6C 3E 00 00 00 00 01 00 00 00 00 00 00 00 10 65 EC 66 A3 24 CD 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 17 00 00 00 00 00 00 00 FE 80 00 00 00 00 00 00 E0 CF D2 D2 AD AB 6D 79 0B 00 00 00 F4 40 54 00 F4 40 54 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 18 41 54 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF 03 00 00 00 00 00 00 00 02 00 00 00 01 00 00 00 02 00 00 00 0A 49 00 CD 00 00 00 00 00 00 00 00 DA DA DA DA 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 DA 69 02 00 00 00 00 00 00 00 00 00 00 00 00 00 90 41 54 00 90 41 54 00 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B4 41 54 00 B4 41 54 00 00 00 00 00 C0 41 54 00 C0 41 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data over 200 bytes] "SavedLegacySettings" = 46 00 00 00 BD 0B 00 00 01 00 00 00 00 00 00 00 07 00 00 00 3C 6C 6F 63 61 6C 3E 00 00 00 00 01 00 00 00 00 00 00 00 10 65 EC 66 A3 24 CD 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 17 00 00 00 00 00 00 00 FE 80 00 00 00 00 00 00 E0 CF D2 D2 AD AB 6D 79 0B 00 00 00 F4 40 54 00 F4 40 54 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 18 41 54 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF 03 00 00 00 00 00 00 00 02 00 00 00 01 00 00 00 02 00 00 00 0A 49 00 CD 00 00 00 00 00 00 00 00 DA DA DA DA 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 DA 69 02 00 00 00 00 00 00 00 00 00 00 00 00 00 90 41 54 00 90 41 54 00 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B4 41 54 00 B4 41 54 00 00 00 00 00 C0 41 54 00 C0 41 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data over 200 bytes] < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations > < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments > < HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s > < HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP > < HKCU\Software\Microsoft\Internet Explorer\Downloads > < %systemdrive%\$Recycle.Bin|@;true;true;true /fp > < MD5 for: SERVICES > [2009/06/10 18:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services < MD5 for: SERVICES.ASFX > [2012/09/23 19:43:52 | 000,002,588 | ---- | M] () MD5=0D18AE3100D7B9D49DCB1CE1EABA21F7 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\pt_BR\Services\Services.asfx < MD5 for: SERVICES.CFG > [2012/12/18 16:08:30 | 000,559,043 | ---- | M] () MD5=BA25E8F1460C7453B7488FE4B42F6919 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg < MD5 for: SERVICES.DAT > [2013/02/12 18:45:04 | 000,001,529 | ---- | M] () MD5=E8685F466FABD90B42D32D7898417207 -- C:\JRT\services.dat < MD5 for: SERVICES.EXE > [2009/07/13 22:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe [2009/07/13 22:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe < MD5 for: SERVICES.EXE.MUI > [2009/07/13 19:00:08 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=45DB0782754B0C2AAFE0722AD2BD5B93 -- C:\Windows\SysNative\ro-RO\services.exe.mui [2009/07/13 19:00:08 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=45DB0782754B0C2AAFE0722AD2BD5B93 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_ro-ro_0cab04e692306d3f\services.exe.mui [2009/07/13 18:51:58 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=4CF36013D04041D604E21CC6F80B73F7 -- C:\Windows\SysNative\sk-SK\services.exe.mui [2009/07/13 18:51:58 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=4CF36013D04041D604E21CC6F80B73F7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_ae2e551f85c52239\services.exe.mui [2009/07/13 18:53:44 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=504F8B0A67D4AE3E981C09C1F25CEF75 -- C:\Windows\SysNative\lt-LT\services.exe.mui [2009/07/13 18:53:44 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=504F8B0A67D4AE3E981C09C1F25CEF75 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_lt-lt_3bf789aae184c67b\services.exe.mui [2009/07/14 14:55:09 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=50535783545434F9F2AB62A53C706EFA -- C:\Windows\SysNative\pt-BR\services.exe.mui [2009/07/14 14:55:09 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=50535783545434F9F2AB62A53C706EFA -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c78e6f42ac5a3207\services.exe.mui [2009/07/13 19:03:04 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=62DAC757CFBD330E4F2A2CF387F672EF -- C:\Windows\SysNative\da-DK\services.exe.mui [2009/07/13 19:03:04 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=62DAC757CFBD330E4F2A2CF387F672EF -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_1fd5cd894ef1d409\services.exe.mui [2009/07/13 18:47:52 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=8C88453F39470BA09029BDFC7A9A6D95 -- C:\Windows\SysNative\bg-BG\services.exe.mui [2009/07/13 18:47:52 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=8C88453F39470BA09029BDFC7A9A6D95 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_bg-bg_d79276c76b23fbdf\services.exe.mui [2009/07/13 18:59:12 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=A4880BDF654678A0C2D3BB1243BC4D45 -- C:\Windows\SysNative\sv-SE\services.exe.mui [2009/07/13 18:59:12 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=A4880BDF654678A0C2D3BB1243BC4D45 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_sv-se_ab0e3ae787d43a6a\services.exe.mui [2009/07/13 18:53:54 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=AA7C40AA8928D17BEB293741C5ABC200 -- C:\Windows\SysNative\lv-LV\services.exe.mui [2009/07/13 18:53:54 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=AA7C40AA8928D17BEB293741C5ABC200 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_lv-lv_3cc4f82ee103076b\services.exe.mui [2009/07/13 18:57:50 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=B84CF40C8CF1DA44A95CC37E360EB977 -- C:\Windows\SysNative\nl-NL\services.exe.mui [2009/07/13 18:57:50 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=B84CF40C8CF1DA44A95CC37E360EB977 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_nl-nl_7efe2a1cc8ae306f\services.exe.mui [2009/07/13 18:53:38 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=D6C519FD0BF69F3265646DAFC3547BA9 -- C:\Windows\SysNative\sr-Latn-CS\services.exe.mui [2009/07/13 18:53:38 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=D6C519FD0BF69F3265646DAFC3547BA9 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_sr-..-cs_4cc9f369ffb79864\services.exe.mui [2009/07/13 18:55:22 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=E0D92FB3A7311468FFAA5EED4F3196E6 -- C:\Windows\SysNative\et-EE\services.exe.mui [2009/07/13 18:55:22 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=E0D92FB3A7311468FFAA5EED4F3196E6 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_et-ee_bf7d613243d3029c\services.exe.mui [2009/07/13 19:04:24 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E9D0900772B52AB3F1B0EA2BB08C4E6C -- C:\Windows\SysNative\ar-SA\services.exe.mui [2009/07/13 19:04:24 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E9D0900772B52AB3F1B0EA2BB08C4E6C -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_ar-sa_3152953e7aa3aa88\services.exe.mui < MD5 for: SERVICES.JS > [2013/03/07 17:23:26 | 000,001,083 | ---- | M] () MD5=18272708A717583EBB2AE9712FDA65CD -- C:\Program Files (x86)\Microsoft\BingDesktop\Apps\runtime\mocks\services.js < MD5 for: SERVICES.LNK > [2009/07/14 01:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk [2009/07/14 01:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk [2009/07/14 01:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk < MD5 for: SERVICES.MOF > [2009/06/10 17:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof [2009/06/10 17:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof < MD5 for: SERVICES.MSC > [2009/07/13 18:59:12 | 000,092,751 | ---- | M] () MD5=45061F4B05648B0549C709E431A9D33F -- C:\Windows\SysNative\da-DK\services.msc [2009/07/13 18:41:10 | 000,092,751 | ---- | M] () MD5=45061F4B05648B0549C709E431A9D33F -- C:\Windows\SysWOW64\da-DK\services.msc [2009/07/13 18:59:12 | 000,092,751 | ---- | M] () MD5=45061F4B05648B0549C709E431A9D33F -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_5a179d75255b6dfc\services.msc [2009/07/13 18:41:10 | 000,092,751 | ---- | M] () MD5=45061F4B05648B0549C709E431A9D33F -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_fdf901f16cfdfcc6\services.msc [2009/07/13 18:55:46 | 000,092,744 | ---- | M] () MD5=6DCF2D33F252AA7C694AFE0848D9F066 -- C:\Windows\SysNative\sv-SE\services.msc [2009/07/13 18:43:06 | 000,092,744 | ---- | M] () MD5=6DCF2D33F252AA7C694AFE0848D9F066 -- C:\Windows\SysWOW64\sv-SE\services.msc [2009/07/13 18:55:46 | 000,092,744 | ---- | M] () MD5=6DCF2D33F252AA7C694AFE0848D9F066 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_sv-se_e5500ad35e3dd45d\services.msc [2009/07/13 18:43:06 | 000,092,744 | ---- | M] () MD5=6DCF2D33F252AA7C694AFE0848D9F066 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_sv-se_89316f4fa5e06327\services.msc [2009/07/13 18:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc [2009/06/10 17:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc [2009/07/13 18:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc [2009/06/10 18:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc [2009/07/13 18:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc [2009/06/10 17:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc [2009/07/13 18:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc [2009/06/10 18:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc [2009/07/13 19:00:06 | 000,092,781 | ---- | M] () MD5=8AE3EDA71772B6C307111DCC9336F8C8 -- C:\Windows\SysNative\ar-SA\services.msc [2009/07/13 18:40:10 | 000,092,781 | ---- | M] () MD5=8AE3EDA71772B6C307111DCC9336F8C8 -- C:\Windows\SysWOW64\ar-SA\services.msc [2009/07/13 19:00:06 | 000,092,781 | ---- | M] () MD5=8AE3EDA71772B6C307111DCC9336F8C8 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_ar-sa_6b94652a510d447b\services.msc [2009/07/13 18:40:10 | 000,092,781 | ---- | M] () MD5=8AE3EDA71772B6C307111DCC9336F8C8 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_ar-sa_0f75c9a698afd345\services.msc [2009/07/14 14:55:08 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\SysNative\pt-BR\services.msc [2009/07/14 14:55:10 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\SysWOW64\pt-BR\services.msc [2009/07/14 14:55:08 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_01d03f2e82c3cbfa\services.msc [2009/07/14 14:55:10 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a5b1a3aaca665ac4\services.msc [2009/07/13 18:46:50 | 000,092,747 | ---- | M] () MD5=E4FE4D28A62170560B388B241E5F2D6B -- C:\Windows\SysNative\nl-NL\services.msc [2009/07/13 18:45:48 | 000,092,747 | ---- | M] () MD5=E4FE4D28A62170560B388B241E5F2D6B -- C:\Windows\SysWOW64\nl-NL\services.msc [2009/07/13 18:46:50 | 000,092,747 | ---- | M] () MD5=E4FE4D28A62170560B388B241E5F2D6B -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_nl-nl_b93ffa089f17ca62\services.msc [2009/07/13 18:45:48 | 000,092,747 | ---- | M] () MD5=E4FE4D28A62170560B388B241E5F2D6B -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_nl-nl_5d215e84e6ba592c\services.msc < MD5 for: SERVICES.PTXML > [2009/07/13 17:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml [2009/07/13 17:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml < MD5 for: SERVICES.XML > [2010/06/28 13:42:00 | 000,000,838 | ---- | M] () MD5=DA6D6BBAB9412B2589D9C869B1F4EAFC -- C:\ProgramData\OrolixCommunicator\etc\cache\services.xml [2010/06/28 13:42:00 | 000,000,838 | ---- | M] () MD5=DA6D6BBAB9412B2589D9C869B1F4EAFC -- C:\Users\All Users\OrolixCommunicator\etc\cache\services.xml [2010/06/28 13:42:00 | 000,000,838 | ---- | M] () MD5=DA6D6BBAB9412B2589D9C869B1F4EAFC -- C:\Users\Todos os Usuários\OrolixCommunicator\etc\cache\services.xml < End of report > Mando também o arquivo solicitado! Extras.Txt
  13. Seguem as informações solicitadas. Informo que durante o escaneamento com o Karpersky,, por diversas vezes durante o processo foi informado que determinados arquivos do tipo .exe não puderam ser escaneados por estarem protegidos por senha. Acredito que sejam arquivos constantes em pastas ocultas do Disco: C, pois procurei os arquivo e não encontrei. O Karpersky não detectou nada. Como procedo? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.7.2 (03.15.2013:1) OS: Windows 7 Ultimate x64 Ran by PLINIO on 22/03/2013 at 22:17:30,24 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Program Files (x86)\winzip registry optimizer" ~~~ FireFox Emptied folder: C:\Users\PLINIO\AppData\Roaming\mozilla\firefox\profiles\7otz0amz.default\minidumps [19 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 22/03/2013 at 22:32:48,71 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Versão da Base de Dados: v2013.03.20.12 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 PLINIO :: PLINIO-PC [administrador] 24/03/2013 16:52:26 mbam-log-2013-03-24 (16-52-26).txt Tipo de Verificação: Verificação Completa (A:\|C:\|D:\|E:\|G:\|) Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM Opções de verificação desativadas: P2P Objetos escaneados: 490485 Tempo decorrido: 1 hora(s), 25 minuto(s), 53 segundo(s) Processos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Módulos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Chaves de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Valores de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Itens de Dados no Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Pastas Detectadas: 0 (Não foram detectados ítens maliciosos) Arquivos Detectados: 0 (Não foram detectados ítens maliciosos) (fim)
  14. Segue o solicitado... AdwCleaner v2.115 - Relatório criado em 20/03/2013 às 20:43:38 # Atualizado em 17/03/2013 por Xplode # Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits) # Usuário : PLINIO - PLINIO-PC # Modo de Boot : Normal # Executado de : C:\Users\PLINIO\Desktop\adwcleaner.exe # Opção [Remover] ***** [serviços] ***** ***** [Arquivos/Pastas] ***** Pasta Removido : C:\ProgramData\Ask Pasta Removido : C:\Users\PLINIO\AppData\Local\APN Pasta Removido : C:\Users\PLINIO\AppData\Roaming\OpenCandy ***** [Registro] ***** Chave Removida : HKCU\Software\Softonic Chave Removida : HKLM\Software\Iminent Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Valor Removida : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}] Valor Removida : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}] ***** [Navegadores] ***** -\\ Internet Explorer v9.0.8112.16464 [OK] Registro está limpo. -\\ Mozilla Firefox v19.0.2 (en-US) Arquivo : C:\Users\PLINIO\AppData\Roaming\Mozilla\Firefox\Profiles\7otz0amz.default\prefs.js [OK] Arquivo está limpo. -\\ Google Chrome v25.0.1364.172 Arquivo : C:\Users\PLINIO\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Arquivo está limpo. ************************* AdwCleaner[s1].txt - [337 octets] - [20/03/2013 20:23:31] AdwCleaner[s2].txt - [1585 octets] - [20/03/2013 20:43:38] ########## EOF - C:\AdwCleaner[s2].txt - [1645 octets] ########## MBRScan v1.1.1 OS : Windows 7 Service Pack 1 (64 bit) PROCESSOR : Intel64 Family 6 Model 23 Stepping 10, GenuineIntel BOOT : Normal Boot DATE : 2013/03/20 (ISO 8601) at 20:55:50 ________________________________________________________________________________ DISK : Device\Harddisk0\DR0 __WDC WD3200AAJS-00L7A0 (01.03E01) BUS_TYPE : (0x03) P-ATA USE_PIO : NO MAX_TRANSFER : 128 Kb ALIGNMENT_MASK : word aligned ________________________________________________________________________________ Device\Harddisk0\DR0 298.1 Go [Fixed] ==> 7 MBR Code MBR_MD5 : 7C6ACB29B7C676A7E1988DEFA6929DB7 MBR_SHA1 : BEC47B548928B743CD1696BAF85BCC54BA932F35 Device\Harddisk0\Partition1 100.0 Mo 0x07 NTFS / HPFS __ BOOTABLE __ Device\Harddisk0\Partition2 156.2 Go 0x07 NTFS / HPFS Device\Harddisk0\Partition3 141.8 Go 0x07 NTFS / HPFS ________________________________________________________________________________ ############################### Additional scan ################################ DRIVER : C:\Windows\system32\hal.dll => Invisible on the disk ADDRESS : 0x031EA000 SIZE : 292.0 Ko DRIVER : C:\Windows\system32\kdcom.dll => Invisible on the disk ADDRESS : 0x00BCE000 SIZE : 40.0 Ko DRIVER : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk ADDRESS : 0x00CCD000 SIZE : 316.0 Ko DRIVER : C:\Windows\system32\CLFS.SYS => Invisible on the disk ADDRESS : 0x00D30000 SIZE : 376.0 Ko DRIVER : C:\Windows\system32\CI.dll => Invisible on the disk ADDRESS : 0x00C00000 SIZE : 768.0 Ko DRIVER : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk ADDRESS : 0x00E18000 SIZE : 776.0 Ko DRIVER : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk ADDRESS : 0x00EDA000 SIZE : 64.0 Ko DRIVER : C:\Windows\System32\Drivers\spqc.sys => Invisible on the disk ADDRESS : 0x0108B000 SIZE : 1.15 Mo DRIVER : C:\Windows\System32\Drivers\WMILIB.SYS => Invisible on the disk ADDRESS : 0x011B1000 SIZE : 36.0 Ko DRIVER : C:\Windows\System32\Drivers\SCSIPORT.SYS => Invisible on the disk ADDRESS : 0x011BA000 SIZE : 188.0 Ko DRIVER : C:\Windows\system32\drivers\ACPI.sys => Invisible on the disk ADDRESS : 0x01000000 SIZE : 348.0 Ko DRIVER : C:\Windows\system32\drivers\msisadrv.sys => Invisible on the disk ADDRESS : 0x01057000 SIZE : 40.0 Ko DRIVER : C:\Windows\system32\drivers\vdrvroot.sys => Invisible on the disk ADDRESS : 0x01061000 SIZE : 52.0 Ko DRIVER : C:\Windows\system32\drivers\pci.sys => Invisible on the disk ADDRESS : 0x00EEA000 SIZE : 204.0 Ko DRIVER : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk ADDRESS : 0x0106E000 SIZE : 84.0 Ko DRIVER : C:\Windows\system32\drivers\volmgr.sys => Invisible on the disk ADDRESS : 0x011E9000 SIZE : 84.0 Ko DRIVER : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk ADDRESS : 0x00F1D000 SIZE : 368.0 Ko DRIVER : C:\Windows\system32\drivers\intelide.sys => Invisible on the disk ADDRESS : 0x01083000 SIZE : 32.0 Ko DRIVER : C:\Windows\system32\drivers\PCIIDEX.SYS => Invisible on the disk ADDRESS : 0x00F79000 SIZE : 64.0 Ko DRIVER : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk ADDRESS : 0x00F89000 SIZE : 104.0 Ko DRIVER : C:\Windows\system32\drivers\vmbus.sys => Invisible on the disk ADDRESS : 0x00FA3000 SIZE : 240.0 Ko DRIVER : C:\Windows\system32\drivers\winhv.sys => Invisible on the disk ADDRESS : 0x00FDF000 SIZE : 80.0 Ko DRIVER : C:\Windows\system32\drivers\atapi.sys => Invisible on the disk ADDRESS : 0x00FF3000 SIZE : 36.0 Ko DRIVER : C:\Windows\system32\drivers\ataport.SYS => Invisible on the disk ADDRESS : 0x00D8E000 SIZE : 168.0 Ko DRIVER : C:\Windows\system32\drivers\amdxata.sys => Invisible on the disk ADDRESS : 0x00E00000 SIZE : 44.0 Ko DRIVER : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk ADDRESS : 0x012EC000 SIZE : 304.0 Ko DRIVER : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk ADDRESS : 0x01338000 SIZE : 80.0 Ko DRIVER : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk ADDRESS : 0x01419000 SIZE : 1.64 Mo DRIVER : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk ADDRESS : 0x0134C000 SIZE : 376.0 Ko DRIVER : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk ADDRESS : 0x015BC000 SIZE : 108.0 Ko DRIVER : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk ADDRESS : 0x01200000 SIZE : 456.0 Ko DRIVER : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk ADDRESS : 0x015D7000 SIZE : 68.0 Ko DRIVER : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk ADDRESS : 0x015E8000 SIZE : 40.0 Ko DRIVER : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk ADDRESS : 0x016DB000 SIZE : 968.0 Ko DRIVER : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk ADDRESS : 0x01600000 SIZE : 384.0 Ko DRIVER : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk ADDRESS : 0x01660000 SIZE : 172.0 Ko DRIVER : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk ADDRESS : 0x01800000 SIZE : 2.00 Mo DRIVER : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk ADDRESS : 0x0168B000 SIZE : 292.0 Ko DRIVER : C:\Windows\system32\drivers\vmstorfl.sys => Invisible on the disk ADDRESS : 0x017CD000 SIZE : 64.0 Ko DRIVER : C:\Windows\system32\drivers\volsnap.sys => Invisible on the disk ADDRESS : 0x01272000 SIZE : 304.0 Ko DRIVER : C:\Windows\System32\Drivers\spldr.sys => Invisible on the disk ADDRESS : 0x017DD000 SIZE : 32.0 Ko DRIVER : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk ADDRESS : 0x013AA000 SIZE : 232.0 Ko DRIVER : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk ADDRESS : 0x017E5000 SIZE : 72.0 Ko DRIVER : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk ADDRESS : 0x017F7000 SIZE : 36.0 Ko DRIVER : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk ADDRESS : 0x00DB8000 SIZE : 232.0 Ko DRIVER : C:\Windows\system32\DRIVERS\disk.sys => Invisible on the disk ADDRESS : 0x01400000 SIZE : 88.0 Ko DRIVER : C:\Windows\system32\DRIVERS\CLASSPNP.SYS => Invisible on the disk ADDRESS : 0x01A47000 SIZE : 192.0 Ko DRIVER : C:\Windows\System32\Drivers\aswRvrt.sys => Invisible on the disk ADDRESS : 0x01A77000 SIZE : 76.0 Ko DRIVER : C:\Windows\system32\DRIVERS\cdrom.sys => Invisible on the disk ADDRESS : 0x01AC0000 SIZE : 168.0 Ko DRIVER : C:\Windows\System32\Drivers\aswSnx.SYS => Invisible on the disk ADDRESS : 0x01AEA000 SIZE : 1020.0 Ko DRIVER : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk ADDRESS : 0x01BE9000 SIZE : 36.0 Ko DRIVER : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk ADDRESS : 0x01BF2000 SIZE : 28.0 Ko DRIVER : C:\Windows\System32\drivers\vga.sys => Invisible on the disk ADDRESS : 0x01A00000 SIZE : 56.0 Ko DRIVER : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk ADDRESS : 0x01A0E000 SIZE : 148.0 Ko DRIVER : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk ADDRESS : 0x01A33000 SIZE : 64.0 Ko DRIVER : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk ADDRESS : 0x015F2000 SIZE : 36.0 Ko DRIVER : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the disk ADDRESS : 0x013E4000 SIZE : 36.0 Ko DRIVER : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the disk ADDRESS : 0x013ED000 SIZE : 36.0 Ko DRIVER : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk ADDRESS : 0x012BE000 SIZE : 44.0 Ko DRIVER : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk ADDRESS : 0x012C9000 SIZE : 68.0 Ko DRIVER : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk ADDRESS : 0x03EF1000 SIZE : 136.0 Ko DRIVER : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk ADDRESS : 0x03F13000 SIZE : 52.0 Ko DRIVER : C:\Windows\System32\Drivers\aswTdi.SYS => Invisible on the disk ADDRESS : 0x03F20000 SIZE : 80.0 Ko DRIVER : C:\Windows\system32\drivers\afd.sys => Invisible on the disk ADDRESS : 0x03F34000 SIZE : 548.0 Ko DRIVER : C:\Windows\System32\Drivers\aswrdr2.sys => Invisible on the disk ADDRESS : 0x03FBD000 SIZE : 80.0 Ko DRIVER : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk ADDRESS : 0x03E00000 SIZE : 276.0 Ko DRIVER : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk ADDRESS : 0x03E45000 SIZE : 36.0 Ko DRIVER : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk ADDRESS : 0x03E4E000 SIZE : 152.0 Ko DRIVER : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk ADDRESS : 0x03E74000 SIZE : 60.0 Ko DRIVER : C:\Windows\system32\DRIVERS\serial.sys => Invisible on the disk ADDRESS : 0x03E83000 SIZE : 116.0 Ko DRIVER : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the disk ADDRESS : 0x03EA0000 SIZE : 108.0 Ko DRIVER : C:\Windows\system32\drivers\termdd.sys => Invisible on the disk ADDRESS : 0x03EBB000 SIZE : 80.0 Ko DRIVER : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk ADDRESS : 0x04018000 SIZE : 324.0 Ko DRIVER : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk ADDRESS : 0x04069000 SIZE : 48.0 Ko DRIVER : C:\Windows\system32\drivers\mssmbios.sys => Invisible on the disk ADDRESS : 0x04075000 SIZE : 44.0 Ko DRIVER : C:\Windows\System32\drivers\discache.sys => Invisible on the disk ADDRESS : 0x04080000 SIZE : 60.0 Ko DRIVER : C:\Windows\system32\drivers\csc.sys => Invisible on the disk ADDRESS : 0x0408F000 SIZE : 524.0 Ko DRIVER : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk ADDRESS : 0x04112000 SIZE : 120.0 Ko DRIVER : C:\Windows\system32\DRIVERS\blbdrive.sys => Invisible on the disk ADDRESS : 0x04130000 SIZE : 68.0 Ko DRIVER : C:\Windows\System32\Drivers\aswSP.SYS => Invisible on the disk ADDRESS : 0x04141000 SIZE : 392.0 Ko DRIVER : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk ADDRESS : 0x041A3000 SIZE : 152.0 Ko DRIVER : C:\Windows\system32\DRIVERS\intelppm.sys => Invisible on the disk ADDRESS : 0x041C9000 SIZE : 88.0 Ko DRIVER : C:\Windows\system32\DRIVERS\igdkmd64.sys => Invisible on the disk ADDRESS : 0x04AAB000 SIZE : 10.14 Mo DRIVER : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk ADDRESS : 0x054CE000 SIZE : 976.0 Ko DRIVER : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk ADDRESS : 0x04A00000 SIZE : 280.0 Ko DRIVER : C:\Windows\system32\drivers\HDAudBus.sys => Invisible on the disk ADDRESS : 0x04A46000 SIZE : 144.0 Ko DRIVER : C:\Windows\system32\DRIVERS\Rt64win7.sys => Invisible on the disk ADDRESS : 0x04A6A000 SIZE : 200.0 Ko DRIVER : C:\Windows\system32\DRIVERS\usbuhci.sys => Invisible on the disk ADDRESS : 0x04A9C000 SIZE : 52.0 Ko DRIVER : C:\Windows\system32\DRIVERS\USBPORT.SYS => Invisible on the disk ADDRESS : 0x03C31000 SIZE : 344.0 Ko DRIVER : C:\Windows\system32\DRIVERS\usbehci.sys => Invisible on the disk ADDRESS : 0x03C87000 SIZE : 68.0 Ko DRIVER : C:\Windows\system32\DRIVERS\serenum.sys => Invisible on the disk ADDRESS : 0x03C98000 SIZE : 48.0 Ko DRIVER : C:\Windows\system32\DRIVERS\fdc.sys => Invisible on the disk ADDRESS : 0x03CA4000 SIZE : 52.0 Ko DRIVER : C:\Windows\system32\DRIVERS\parport.sys => Invisible on the disk ADDRESS : 0x03CB1000 SIZE : 116.0 Ko DRIVER : C:\Windows\system32\drivers\CompositeBus.sys => Invisible on the disk ADDRESS : 0x03CCE000 SIZE : 64.0 Ko DRIVER : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk ADDRESS : 0x03CDE000 SIZE : 88.0 Ko DRIVER : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk ADDRESS : 0x03CF4000 SIZE : 144.0 Ko DRIVER : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk ADDRESS : 0x03D18000 SIZE : 48.0 Ko DRIVER : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk ADDRESS : 0x03D24000 SIZE : 188.0 Ko DRIVER : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk ADDRESS : 0x03D53000 SIZE : 108.0 Ko DRIVER : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the disk ADDRESS : 0x03D6E000 SIZE : 132.0 Ko DRIVER : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the disk ADDRESS : 0x03D8F000 SIZE : 104.0 Ko DRIVER : C:\Windows\system32\DRIVERS\rdpbus.sys => Invisible on the disk ADDRESS : 0x03DA9000 SIZE : 44.0 Ko DRIVER : C:\Windows\system32\DRIVERS\kbdclass.sys => Invisible on the disk ADDRESS : 0x03DB4000 SIZE : 60.0 Ko DRIVER : C:\Windows\system32\DRIVERS\mouclass.sys => Invisible on the disk ADDRESS : 0x03DC3000 SIZE : 60.0 Ko DRIVER : C:\Windows\system32\drivers\swenum.sys => Invisible on the disk ADDRESS : 0x03DD2000 SIZE : 8.0 Ko DRIVER : C:\Windows\system32\drivers\ks.sys => Invisible on the disk ADDRESS : 0x044CD000 SIZE : 268.0 Ko DRIVER : C:\Windows\system32\drivers\umbus.sys => Invisible on the disk ADDRESS : 0x04510000 SIZE : 72.0 Ko DRIVER : C:\Windows\system32\DRIVERS\ew_jubusenum.sys => Invisible on the disk ADDRESS : 0x04522000 SIZE : 108.0 Ko DRIVER : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the disk ADDRESS : 0x0453D000 SIZE : 360.0 Ko DRIVER : C:\Windows\system32\DRIVERS\flpydisk.sys => Invisible on the disk ADDRESS : 0x04597000 SIZE : 44.0 Ko DRIVER : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the disk ADDRESS : 0x045A2000 SIZE : 84.0 Ko DRIVER : C:\Windows\system32\drivers\HdAudio.sys => Invisible on the disk ADDRESS : 0x04400000 SIZE : 368.0 Ko DRIVER : C:\Windows\system32\drivers\portcls.sys => Invisible on the disk ADDRESS : 0x0445C000 SIZE : 244.0 Ko DRIVER : C:\Windows\system32\drivers\drmk.sys => Invisible on the disk ADDRESS : 0x04499000 SIZE : 136.0 Ko DRIVER : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk ADDRESS : 0x044BB000 SIZE : 24.0 Ko DRIVER : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk ADDRESS : 0x045B7000 SIZE : 56.0 Ko DRIVER : C:\Windows\System32\Drivers\dump_dumpata.sys => Invisible on the disk ADDRESS : 0x045C5000 SIZE : 48.0 Ko DRIVER : C:\Windows\System32\Drivers\dump_atapi.sys => Invisible on the disk ADDRESS : 0x045D1000 SIZE : 36.0 Ko DRIVER : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk ADDRESS : 0x045DA000 SIZE : 76.0 Ko DRIVER : C:\Windows\System32\win32k.sys => Invisible on the disk ADDRESS : 0x00070000 SIZE : 3.09 Mo DRIVER : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the disk ADDRESS : 0x045ED000 SIZE : 48.0 Ko DRIVER : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the disk ADDRESS : 0x03DD4000 SIZE : 56.0 Ko DRIVER : C:\Windows\System32\TSDDD.dll => Invisible on the disk ADDRESS : 0x00420000 SIZE : 40.0 Ko DRIVER : C:\Windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk ADDRESS : 0x03DE2000 SIZE : 116.0 Ko DRIVER : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the disk ADDRESS : 0x045F9000 SIZE : 8.0 Ko DRIVER : C:\Windows\System32\cdd.dll => Invisible on the disk ADDRESS : 0x00710000 SIZE : 156.0 Ko DRIVER : C:\Windows\system32\DRIVERS\usbscan.sys => Invisible on the disk ADDRESS : 0x03C00000 SIZE : 68.0 Ko DRIVER : C:\Windows\system32\DRIVERS\usbprint.sys => Invisible on the disk ADDRESS : 0x044C1000 SIZE : 48.0 Ko DRIVER : C:\Windows\system32\DRIVERS\dot4usb.sys => Invisible on the disk ADDRESS : 0x03C11000 SIZE : 64.0 Ko DRIVER : C:\Windows\system32\DRIVERS\Dot4.sys => Invisible on the disk ADDRESS : 0x055C2000 SIZE : 160.0 Ko DRIVER : C:\Windows\system32\drivers\USBSTOR.SYS => Invisible on the disk ADDRESS : 0x041DF000 SIZE : 108.0 Ko DRIVER : C:\Windows\system32\drivers\Dot4Prt.sys => Invisible on the disk ADDRESS : 0x03C21000 SIZE : 40.0 Ko DRIVER : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk ADDRESS : 0x03FD1000 SIZE : 140.0 Ko DRIVER : C:\Windows\system32\drivers\aswMonFlt.sys => Invisible on the disk ADDRESS : 0x01A8A000 SIZE : 160.0 Ko DRIVER : C:\Windows\System32\Drivers\aswFsBlk.SYS => Invisible on the disk ADDRESS : 0x055EA000 SIZE : 44.0 Ko DRIVER : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the disk ADDRESS : 0x03ECF000 SIZE : 100.0 Ko DRIVER : C:\Windows\system32\DRIVERS\hidusb.sys => Invisible on the disk ADDRESS : 0x04000000 SIZE : 56.0 Ko DRIVER : C:\Windows\system32\DRIVERS\HIDCLASS.SYS => Invisible on the disk ADDRESS : 0x026B9000 SIZE : 100.0 Ko DRIVER : C:\Windows\system32\DRIVERS\HIDPARSE.SYS => Invisible on the disk ADDRESS : 0x026D2000 SIZE : 36.0 Ko DRIVER : C:\Windows\system32\DRIVERS\kbdhid.sys => Invisible on the disk ADDRESS : 0x026DB000 SIZE : 56.0 Ko DRIVER : C:\Windows\system32\DRIVERS\mouhid.sys => Invisible on the disk ADDRESS : 0x026E9000 SIZE : 52.0 Ko DRIVER : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the disk ADDRESS : 0x02713000 SIZE : 84.0 Ko DRIVER : C:\Windows\system32\DRIVERS\ndisuio.sys => Invisible on the disk ADDRESS : 0x02728000 SIZE : 76.0 Ko DRIVER : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the disk ADDRESS : 0x0273B000 SIZE : 96.0 Ko DRIVER : C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys => Invisible on the disk ADDRESS : 0x02753000 SIZE : 16.0 Ko DRIVER : C:\Windows\system32\DRIVERS\ew_jucdcacm.sys => Invisible on the disk ADDRESS : 0x02757000 SIZE : 120.0 Ko DRIVER : C:\Windows\system32\drivers\modem.sys => Invisible on the disk ADDRESS : 0x02775000 SIZE : 60.0 Ko DRIVER : C:\Windows\system32\DRIVERS\ew_juwwanecm.sys => Invisible on the disk ADDRESS : 0x02784000 SIZE : 236.0 Ko DRIVER : C:\Windows\system32\DRIVERS\cdfs.sys => Invisible on the disk ADDRESS : 0x027BF000 SIZE : 116.0 Ko DRIVER : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk ADDRESS : 0x03645000 SIZE : 804.0 Ko DRIVER : C:\Windows\system32\DRIVERS\ew_juextctrl.sys => Invisible on the disk ADDRESS : 0x0370E000 SIZE : 56.0 Ko DRIVER : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk ADDRESS : 0x0371C000 SIZE : 120.0 Ko DRIVER : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk ADDRESS : 0x0373A000 SIZE : 96.0 Ko DRIVER : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk ADDRESS : 0x03752000 SIZE : 180.0 Ko DRIVER : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk ADDRESS : 0x0377F000 SIZE : 312.0 Ko DRIVER : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk ADDRESS : 0x037CD000 SIZE : 144.0 Ko DRIVER : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk ADDRESS : 0x02600000 SIZE : 664.0 Ko DRIVER : C:\Windows\System32\Drivers\secdrv.SYS => Invisible on the disk ADDRESS : 0x037F1000 SIZE : 44.0 Ko DRIVER : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk ADDRESS : 0x03600000 SIZE : 196.0 Ko DRIVER : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk ADDRESS : 0x03631000 SIZE : 72.0 Ko DRIVER : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk ADDRESS : 0x05ED7000 SIZE : 420.0 Ko DRIVER : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk ADDRESS : 0x05F40000 SIZE : 608.0 Ko DRIVER : C:\Windows\system32\DRIVERS\WUDFRd.sys => Invisible on the disk ADDRESS : 0x05E00000 SIZE : 216.0 Ko DRIVER : C:\Windows\system32\DRIVERS\asyncmac.sys => Invisible on the disk ADDRESS : 0x05E36000 SIZE : 44.0 Ko DRIVER : C:\Windows\System32\smss.exe => Invisible on the disk ADDRESS : 0x480C0000 SIZE : 128.0 Ko BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020) SystemStartOptions : NOEXECUTE=OPTIN ________________________________________________________________________________ _______MBR \Device\Harddisk0\DR0 0x00000000 33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00 3À.м.|.À.ؾ.|¿. 0x00000010 06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00 .¹..üó¤Ph..Ëû¹.. 0x00000020 BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10 ½¾..~..|......Å. 0x00000030 E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00 âñÍ..V.UÆF..ÆF.. 0x00000040 B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09 ´A»ªUÍ.]r..ûUªu. 0x00000050 F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74 ÷Á..t.þF.f`.~..t 0x00000060 26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00 &fh....f.v.h..h. 0x00000070 7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13 |h..h..´B.V..ôÍ. 0x00000080 9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00 ..Ä..ë.¸..».|.V. 0x00000090 8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE .v..N..n.Í.fas.þ 0x000000A0 4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84 N.u..~......².ë. 0x000000B0 55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55 U2ä.V.Í.]ë..>þ}U 0x000000C0 AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64 ªun.v.è..u.ú°Ñæd 0x000000D0 E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75 è..°ßæ`è|.°.ædèu 0x000000E0 00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54 .û¸.»Í.f#Àu;f.ûT 0x000000F0 43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00 CPAu2.ù..r,fh.». 0x00000100 00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66 .fh....fh....fSf 0x00000110 53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66 SfUfh....fh.|..f 0x00000120 61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD ah...Í.Z2öê.|..Í 0x00000130 18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4 ..·.ë..¶.ë..µ.2ä 0x00000140 05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD ....ð¬<.t.»..´.Í 0x00000150 10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8 .ëòôëý+Éädë.$.àø 0x00000160 24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69 $.ÃInvalid parti 0x00000170 74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 tion table.Error 0x00000180 20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 loading operati 0x00000190 6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E ng system.Missin 0x000001A0 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 g operating syst 0x000001B0 65 6D 00 00 00 63 7B 9A 04 4A 04 4A 00 00 80 20 em...c{..J.J... 0x000001C0 21 00 07 DF 13 0C 00 08 00 00 00 20 03 00 00 DF !..ß....... ...ß 0x000001D0 14 0C 07 FE FF FF 00 28 03 00 00 E0 84 13 00 FE ...þ...(...à...þ 0x000001E0 FF FF 07 FE FF FF 00 08 88 13 00 D8 BA 11 00 00 ...þ.......غ... 0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Versão da Base de Dados: v2013.03.20.12 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 PLINIO :: PLINIO-PC [administrador] 20/03/2013 20:59:29 mbam-log-2013-03-20 (20-59-29).txt Tipo de Verificação: Verificação Completa (A:\|C:\|D:\|E:\|G:\|) Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM Opções de verificação desativadas: P2P Objetos escaneados: 480696 Tempo decorrido: 1 hora(s), 11 minuto(s), 55 segundo(s) Processos de Memória Detectados: 0 (Não foram detectados ítens maliciosos)Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Versão da Base de Dados: v2013.03.20.12 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 PLINIO :: PLINIO-PC [administrador] 20/03/2013 20:59:29 mbam-log-2013-03-20 (20-59-29).txt Tipo de Verificação: Verificação Completa (A:\|C:\|D:\|E:\|G:\|) Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM Opções de verificação desativadas: P2P Objetos escaneados: 480696 Tempo decorrido: 1 hora(s), 11 minuto(s), 55 segundo(s) Processos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Módulos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Chaves de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Valores de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Itens de Dados no Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Pastas Detectadas: 0 (Não foram detectados ítens maliciosos) Arquivos Detectados: 0 (Não foram detectados ítens maliciosos) (fim) Módulos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Chaves de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Valores de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Itens de Dados no Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Pastas Detectadas: 0 (Não foram detectados ítens maliciosos) Arquivos Detectados: 0 (Não foram detectados ítens maliciosos) (fim)
  15. Prezados Desconfio que meu pc está com malware pois quando o ligo demora muito para abrir a area de trabalho, além de reiniciar sozinho quando executo tarefas simultâneas... gostaria de ajuda para resolver estes problemas... segue o log do hijackthis... obrigado! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 00:02:26, on 20/03/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16464) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Orbitdownloader\Grab.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\PLINIO\Downloads\HijackThis (2).exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.msn.com/?ocid=OIE9HP R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [bingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Facebook Update] "C:\Users\PLINIO\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: www.bb.com.br O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BAHIATURSA.BA.GOV.BR O17 - HKLM\System\CCS\Services\Tcpip\..\{888F922C-34B4-4F6B-B103-0DAA2E32A03D}: NameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{CFE8A909-DBEC-4B36-9117-82B90B36352A}: NameServer = 189.40.226.80 189.40.224.80 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BAHIATURSA.BA.GOV.BR O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = BAHIATURSA.BA.GOV.BR O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Orolix Device Monitor (OrolixDeviceMonitor) - Orolix Desenvolvimento de Software LTDA. - C:\Program Files (x86)\TIM Communicator\module\devicemon.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10266 bytes