Archived

This topic is now archived and is closed to further replies.

Rodrigo.rj

Continue Vuupc installation oq fazer?

9 posts in this topic

Amigos encontrei o site de vocês quando fui buscar informações sobre esse vuupc, mas confesso que nao entendi muito.

Para que serve esse programa? O que ele faz?

Fiz os procedimentos que vocês passaram sobre baixar os programas e colar aqui o bloco de notas.

segue em anexo os arquivos e aguardo a ajuda de vocês.

Me desculpem caso eu tenha desrespeitado alguma rega ou alguma coisa que voces ja tenham dito...

desde já agradeço a atenção e a ajuda de vocês.

FSS.txt

hijackthis.log

MbrScan.log

Share this post


Link to post
Share on other sites

Bem-vindo(a) à Linha Defensiva

Meu nome é José Humberto e "nickname" JoseMelo

Para que possamos ter sucesso ao final dos procedimentos, sugiro que siga estritamente o que lhe for proposto e não use qualquer ferramenta ou programa, que não seja os aqui recomendados;

Não desinstale nenhuma ferramenta que esteja sendo usada, até a finalização dos procedimentos;

Caso tenha um tópico em andamento em outro fórum, recomendo que o abandone para que os procedimentos não sejam conflitantes;

Se preferir receber por e-mail um aviso toda vez que houver resposta no seu tópico, clique em lsbb8.png no alto da página.

Se tiver mais de um programa, com proteção residente instalado (antivírus, antispyware, firewall), mantenha somente um para evitar conflitos e lentidão ao sistema.

Faça o download do AdwCleaner e salve no desktop.

http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner

Clique no ícone 1IXHd.png para baixar o arquivo.

Execute o adwcleaner0

OBS: Usuários do Windows Vista ou Windows 7 clique com o botão direito do mouse sobre o arquivo AdwCleaner.exe, depois clique em AgZ3P.png

Clique em Remover.

Será aberto o bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.

- Faça o download do Malwarebytes Anti-Malware

http://www.malwarebytes.org/mbam-download.php

  • Desative o antivírus;
  • Faça a instalação dando um duplo clique em "mbam-setup.exe";
  • Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir;
  • Marque "Verificação Completa" e depois clique em Verificar;
  • Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;
  • Se algo for detectado, veja se tudo está marcado e clique em "Remover";
  • O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;
  • Copie e cole o conteúdo desse log na sua próxima resposta.

- Poste novo log do HijackThis.

Share this post


Link to post
Share on other sites

amigo obrigado pela resposta;

fiz o que me informou... (segue abaixo o log do addwcleaner)

# AdwCleaner v2.200 - Relatório criado em 07/04/2013 às 15:46:51

# Atualizado em 02/04/2013 por Xplode

# Sistema Operacional : Windows 7 Professional Service Pack 1 (32 bits)

# Usuário : Rose - ROSE-PC

# Modo de Boot : Normal

# Executado de : C:\Users\Rose\Music\Contacts\Downloads\adwcleaner.exe

# Opção [Remover]

***** [serviços] *****

***** [Arquivos/Pastas] *****

Arquivo Removido : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

Arquivo Removido : C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k6trr1sm.default-1351746535445\extensions\HelperFramework@ZoneMedia.com.xpi

Pasta Removido : C:\Program Files\Claro

Pasta Removido : C:\Program Files\Complitly

Pasta Removido : C:\Program Files\DealPly

Pasta Removido : C:\Program Files\PriceGong

Pasta Removido : C:\Program Files\SweetIM

Pasta Removido : C:\ProgramData\Babylon

Pasta Removido : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Claro

Pasta Removido : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly

Pasta Removido : C:\ProgramData\SweetIM

Pasta Removido : C:\Users\Rose\AppData\Local\Babylon

Pasta Removido : C:\Users\Rose\AppData\LocalLow\BabylonToolbar

Pasta Removido : C:\Users\Rose\AppData\LocalLow\PriceGong

Pasta Removido : C:\Users\Rose\AppData\LocalLow\SweetIM

Pasta Removido : C:\Users\Rose\AppData\Roaming\Babylon

Pasta Removido : C:\Users\Rose\AppData\Roaming\Complitly

Pasta Removido : C:\Users\Rose\AppData\Roaming\DealPly

Pasta Removido : C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k6trr1sm.default-1351746535445\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

Pasta Removido : C:\Users\Rose\AppData\Roaming\SearchYa

***** [Registro] *****

Chave Removida : HKCU\Software\5e28fd1b66eef49

Chave Removida : HKCU\Software\APN PIP

Chave Removida : HKCU\Software\AppDataLow\Software\PriceGong

Chave Removida : HKCU\Software\DataMngr

Chave Removida : HKCU\Software\DataMngr_Toolbar

Chave Removida : HKCU\Software\DealPly

Chave Removida : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Chave Removida : HKCU\Software\Iminent

Chave Removida : HKCU\Software\InstallCore

Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly

Chave Removida : HKCU\Software\searchya.com

Chave Removida : HKCU\Software\Softonic

Chave Removida : HKLM\SOFTWARE\5e28fd1b66eef49

Chave Removida : HKLM\Software\Babylon

Chave Removida : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Chave Removida : HKLM\SOFTWARE\Classes\Prod.cap

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}

Chave Removida : HKLM\Software\DataMngr

Chave Removida : HKLM\Software\DealPly

Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph

Chave Removida : HKLM\Software\Iminent

Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}

Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}

Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32

Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS

Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32

Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS

Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\claro

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

Valor Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

***** [Navegadores] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Registro está limpo.

-\\ Mozilla Firefox v19.0.2 (pt-BR)

Arquivo : C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k6trr1sm.default-1351746535445\prefs.js

C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k6trr1sm.default-1351746535445\user.js ... Removido !

Removida : user_pref("extensions.SearchYa!.aflt", "SearchooD");

Removida : user_pref("extensions.SearchYa!.autoRvrt", false);

Removida : user_pref("extensions.SearchYa!.dfltLng", "");

Removida : user_pref("extensions.SearchYa!.dfltSrch", true);

Removida : user_pref("extensions.SearchYa!.dnsErr", true);

Removida : user_pref("extensions.SearchYa!.envrmnt", "production");

Removida : user_pref("extensions.SearchYa!.excTlbr", false);

Removida : user_pref("extensions.SearchYa!.hmpg", true);

Removida : user_pref("extensions.SearchYa!.hmpgUrl", "hxxp://www.searchya.com/?f=1&a=SearchooD&cd=2XzuyEtN2Y1L1[...]

Removida : user_pref("extensions.SearchYa!.id", "E0B9A531AABF2B38");

Removida : user_pref("extensions.SearchYa!.instlDay", "15708");

Removida : user_pref("extensions.SearchYa!.instlRef", "");

Removida : user_pref("extensions.SearchYa!.isdcmntcmplt", true);

Removida : user_pref("extensions.SearchYa!.mntrvrsn", "1.3.0");

Removida : user_pref("extensions.SearchYa!.newTabUrl", "hxxp://www.searchya.com/?f=2&a=SearchooD&cd=2XzuyEtN2Y1[...]

Removida : user_pref("extensions.SearchYa!.prdct", "SearchYa!");

Removida : user_pref("extensions.SearchYa!.prtnrId", "searchya");

Removida : user_pref("extensions.SearchYa!.srchPrvdr", "SearchYa!");

Removida : user_pref("extensions.SearchYa!.tlbrId", "base");

Removida : user_pref("extensions.SearchYa!.tlbrSrchUrl", "hxxp://www.searchya.com/?f=3&a=SearchooD&cd=2XzuyEtN2[...]

Removida : user_pref("extensions.SearchYa!.vrsn", "1.5.25.0");

Removida : user_pref("extensions.SearchYa!.vrsni", "1.5.25.0");

Removida : user_pref("extensions.SearchYa!_i.newTab", true);

Removida : user_pref("extensions.SearchYa!_i.smplGrp", "none");

Removida : user_pref("extensions.SearchYa!_i.vrsnTs", "1.5.25.012:8:36");

Removida : user_pref("extensions.searchya.cntry", "BR");

Removida : user_pref("extensions.searchya.dfltSrch", false);

Removida : user_pref("extensions.searchya.hdrMd5", "");

Removida : user_pref("extensions.searchya.hmpg", false);

Removida : user_pref("extensions.searchya.lastVrsnTs", "");

Removida : user_pref("extensions.searchya.newTab", false);

Removida : user_pref("extensions.searchya.pnu_base", "{\"newVrsn\":\"34\",\"lastVrsn\":\"34\",\"vrsnLoad\":\"\"[...]

Removida : user_pref("extensions.searchya.sg", "free");

Removida : user_pref("extensions.searchya.smplGrp", "free");

-\\ Google Chrome v26.0.1410.43

Arquivo : C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Arquivo está limpo.

*************************

AdwCleaner[s1].txt - [11917 octets] - [07/04/2013 15:46:51]

########## EOF - C:\AdwCleaner[s1].txt - [11978 octets] ##########

em seguida fiz a verificação completa mas quando estava fazendo... quase no fim o pc reiniciou sozinho interrompendo a verificação(segue abaixo o log)

" 2013/04/07 16:21:45 -0300 ROSE-PC Rose MESSAGE Starting protection

2013/04/07 16:21:45 -0300 ROSE-PC Rose MESSAGE Protection started successfully

2013/04/07 16:21:46 -0300 ROSE-PC Rose MESSAGE Starting IP protection

2013/04/07 16:21:48 -0300 ROSE-PC Rose MESSAGE IP Protection started successfully

2013/04/07 16:22:33 -0300 ROSE-PC Rose MESSAGE Executing scheduled update: Daily

2013/04/07 16:45:41 -0300 ROSE-PC Rose MESSAGE Starting database refresh

2013/04/07 16:45:41 -0300 ROSE-PC Rose MESSAGE Stopping IP protection

2013/04/07 16:45:42 -0300 ROSE-PC Rose MESSAGE IP Protection stopped successfully

2013/04/07 16:45:46 -0300 ROSE-PC Rose MESSAGE Database refreshed successfully

2013/04/07 16:45:47 -0300 ROSE-PC Rose MESSAGE Starting IP protection

2013/04/07 16:46:09 -0300 ROSE-PC Rose ERROR Scheduled update failed: Host not found failed with error code 0

2013/04/07 16:46:11 -0300 ROSE-PC Rose MESSAGE IP Protection started successfully

2013/04/07 17:57:08 -0300 ROSE-PC Rose MESSAGE Starting protection

2013/04/07 17:57:08 -0300 ROSE-PC Rose MESSAGE Protection started successfully

2013/04/07 17:57:08 -0300 ROSE-PC Rose MESSAGE Starting IP protection

2013/04/07 17:57:41 -0300 ROSE-PC Rose MESSAGE IP Protection started successfully "

Então fiz novamente a verificação completa e dessa vez deu tudo certo... onde foram detectados 4 arquivos(segue abaixo o log)

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Versão da Base de Dados: v2013.04.07.07

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 10.0.9200.16521

Rose :: ROSE-PC [administrador]

Proteção: Permitir

07/04/2013 18:01:49

MBAM-log-2013-04-07 (19-29-15).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|)

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 293271

Tempo decorrido: 1 hora(s), 26 minuto(s), 45 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 1

HKCR\AppID\IEAddon.DLL (Rogue.UnVirex) -> Nenhuma ação foi feita.

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 3

C:\Users\Rose\Music\Contacts\Downloads\atube-catcher-291347-baixaki-32-bits.exe (PUP.AdBundle) -> Nenhuma ação foi feita.

C:\Users\Rose\Music\Contacts\Downloads\photo-brush-530-baixaki-32-bits.exe (PUP.AdBundle) -> Nenhuma ação foi feita.

C:\Users\Public\Desktop\MP3 Downloader.lnk (Rogue.Link) -> Nenhuma ação foi feita.

(fim)

só que esqueci de remover esses arquivos... entao tenho que fazer novamente a verificação né? e depois remove-los né?

então amigo em relaçao a tudo que fiz como me pediu... oq faremos agora?

aguardo muito obrigado.

Share this post


Link to post
Share on other sites
só que esqueci de remover esses arquivos... entao tenho que fazer novamente a verificação né?

Ou apagá-los manualmente.

- Faça o download do OTL de OldTimer e salve-o no desktop:

http://oldtimer.geekstogo.com/OTL.exe

  • Feche todas as janelas e execute a ferramenta.
  • Marque as opções Verificar Lop e Verificar Purity

- Selecione estas linhas abaixo, clique com o direito sobre a seleção, e escolha a opção copiar:

netsvcs
%SYSTEMDRIVE%\*.*
%userprofile%\*.*
%systemroot%\system32\drivers\*.* /90
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
CREATERESTOREPOINT
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
%PROGRAMFILES%\Internet Explorer\*.*

- Volte ao programa, clique com o botão direito do mouse em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar;

- Clique no botão Verificar;

- Poste o log do OTL.

Share this post


Link to post
Share on other sites

Obrigado amigo... mas se eu apagar esses arquivos os programas deles funcionarão normalmente?

esses arquivos são de programas de download de mp3...

#outra pergunta: esse vuup é o que? é virus? é programa espiao?

#mais uma pergunta: como saber se tem programa espiao instalado no meu pc?

segue abaixo o log do OTL.

OTL logfile created on: 08/04/2013 16:09:14 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rose\Music\Contacts\Downloads

Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16521)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1,87 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 44,60% Memory free

3,73 Gb Paging File | 2,26 Gb Available in Paging File | 60,65% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 51,40 Gb Total Space | 23,88 Gb Free Space | 46,45% Space Free | Partition Type: NTFS

Drive D: | 236,59 Gb Total Space | 178,83 Gb Free Space | 75,59% Space Free | Partition Type: NTFS

Drive F: | 27,66 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ROSE-PC | User Name: Rose | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/08 16:04:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rose\Music\Contacts\Downloads\OTL.exe

PRC - [2013/03/06 20:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2013/03/06 20:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2012/12/18 11:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/11/22 23:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2012/07/04 23:04:58 | 001,775,368 | ---- | M] (PSafe S/A) -- C:\Program Files\PSafe\PSafesvc.exe

PRC - [2012/07/04 23:04:56 | 004,948,232 | ---- | M] (PSafe) -- C:\Program Files\PSafe\PSafeSysTray.exe

PRC - [2012/07/04 23:04:54 | 001,768,712 | ---- | M] (PSafe) -- C:\Program Files\PSafe\PSafeCategoryFinder.exe

PRC - [2012/07/04 23:04:54 | 000,250,632 | ---- | M] (PSafe) -- C:\Program Files\PSafe\PSafeWD.exe

PRC - [2012/07/04 22:46:40 | 000,071,680 | ---- | M] (PSafe) -- C:\Program Files\PSafe\PSafeWDS.exe

PRC - [2012/01/19 08:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

PRC - [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2011/01/30 18:09:00 | 010,778,968 | ---- | M] () -- C:\Program Files\Claro 3G\UIMain.exe

PRC - [2010/12/10 11:42:14 | 000,677,712 | ---- | M] () -- C:\Program Files\Claro 3G\CMUpdater.exe

========== Modules (No Company Name) ==========

MOD - [2013/03/21 19:50:33 | 000,390,096 | ---- | M] () -- C:\Users\Rose\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll

MOD - [2013/03/21 19:50:32 | 012,662,224 | ---- | M] () -- C:\Users\Rose\AppData\Local\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll

MOD - [2013/03/21 19:50:31 | 004,050,896 | ---- | M] () -- C:\Users\Rose\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll

MOD - [2013/03/21 19:49:41 | 000,598,480 | ---- | M] () -- C:\Users\Rose\AppData\Local\Google\Chrome\Application\26.0.1410.43\libglesv2.dll

MOD - [2013/03/21 19:49:40 | 000,124,368 | ---- | M] () -- C:\Users\Rose\AppData\Local\Google\Chrome\Application\26.0.1410.43\libegl.dll

MOD - [2013/03/21 19:49:38 | 001,606,096 | ---- | M] () -- C:\Users\Rose\AppData\Local\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll

MOD - [2012/07/04 23:00:10 | 000,055,808 | ---- | M] () -- C:\Program Files\PSafe\CrashLib.dll

MOD - [2012/01/10 21:12:12 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll

MOD - [2011/01/30 18:09:06 | 001,176,928 | ---- | M] () -- C:\Program Files\Claro 3G\WaitingForm.dll

MOD - [2011/01/30 18:09:00 | 010,778,968 | ---- | M] () -- C:\Program Files\Claro 3G\UIMain.exe

MOD - [2011/01/30 18:08:54 | 001,071,464 | ---- | M] () -- C:\Program Files\Claro 3G\DLL_Netcard_R.dll

MOD - [2010/12/10 11:42:14 | 000,677,712 | ---- | M] () -- C:\Program Files\Claro 3G\CMUpdater.exe

MOD - [2010/12/10 11:42:14 | 000,617,808 | ---- | M] () -- C:\Program Files\Claro 3G\UpdateAgent.dll

MOD - [2010/12/10 11:42:14 | 000,349,520 | ---- | M] () -- C:\Program Files\Claro 3G\UISkin.dll

MOD - [2010/12/10 11:42:14 | 000,238,928 | ---- | M] () -- C:\Program Files\Claro 3G\UICommonDlg.dll

MOD - [2010/12/10 11:42:14 | 000,165,712 | ---- | M] () -- C:\Program Files\Claro 3G\BIXml.dll

MOD - [2009/07/13 22:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll

========== Services (SafeList) ==========

SRV - [2013/03/16 00:12:28 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/03/09 02:05:38 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/03/06 20:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012/12/18 11:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/10/12 22:28:28 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2012/07/04 23:04:58 | 001,775,368 | ---- | M] (PSafe S/A) [Auto | Running] -- C:\Program Files\PSafe\PSafesvc.exe -- (PSafeSVC)

SRV - [2012/07/04 23:04:54 | 001,768,712 | ---- | M] (PSafe) [Auto | Running] -- C:\Program Files\PSafe\PSafeCategoryFinder.exe -- (PSafeLockBoxSvc)

SRV - [2012/07/04 23:04:54 | 000,250,632 | ---- | M] (PSafe) [Auto | Running] -- C:\Program Files\PSafe\PSafeWD.exe -- (PSafeWD)

SRV - [2012/01/19 08:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2009/07/13 22:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)

SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 22:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2013/04/07 19:42:54 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2013/03/06 20:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2013/03/06 20:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2013/03/06 20:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)

DRV - [2013/03/06 20:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2013/03/06 20:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)

DRV - [2013/03/06 20:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2013/03/06 20:33:23 | 000,060,656 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)

DRV - [2013/03/06 20:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/05/31 21:21:04 | 000,146,304 | R--- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\System32\drivers\360FileOem.sys -- (360FileOem)

DRV - [2012/05/31 21:21:04 | 000,054,912 | R--- | M] (360安全中心) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\360HookOem.sys -- (360HookOem)

DRV - [2012/05/31 21:21:04 | 000,023,168 | R--- | M] (360安全中心) [Kernel | System | Running] -- C:\Windows\System32\drivers\360RegOem.sys -- (360RegOem)

DRV - [2010/11/20 09:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2010/11/20 09:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010/11/20 09:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2010/11/20 07:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 06:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010/11/20 06:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2010/10/18 13:44:04 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)

DRV - [2010/10/18 13:44:04 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)

DRV - [2010/10/18 13:44:04 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)

DRV - [2010/01/26 23:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)

DRV - [2009/09/17 12:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)

DRV - [2009/08/13 08:23:02 | 000,022,528 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)

DRV - [2009/07/13 20:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009/06/22 18:38:24 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A DD 8F F3 0E 31 CD 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKCU\..\SearchScopes\{1C0C9F2A-B749-6FC5-E227-723BCB0FD8C6}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112792&tt=4412_3&babsrc=SP_ss&mntrId=54a82b38000000000000000000000000

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com.br/"

FF - prefs.js..extensions.enabledAddons: %7B87F8774F-B485-47E2-A755-A40A8A5E886C%7D:2.12.3.1.190

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Skype.com/Skype Web Plugin: C:\Program Files\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Rose\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rose\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rose\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Rose\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/03/15 16:06:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/09 02:05:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/13 11:34:38 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/09 02:05:39 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/13 11:34:38 | 000,000,000 | ---D | M]

[2012/05/13 11:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rose\AppData\Roaming\mozilla\Extensions

[2013/04/07 15:51:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rose\AppData\Roaming\mozilla\Firefox\Profiles\k6trr1sm.default-1351746535445\extensions

[2013/04/07 10:42:53 | 000,000,000 | ---D | M] (Modulo de Seguranca - Banco do Brasil) -- C:\Users\Rose\AppData\Roaming\mozilla\Firefox\Profiles\k6trr1sm.default-1351746535445\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}

[2013/03/12 22:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rose\AppData\Roaming\mozilla\Firefox\Profiles\k6trr1sm.default-1351746535445\extensions\data

[2013/03/09 02:05:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2013/03/09 02:05:24 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2013/03/09 02:05:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}

[2013/03/09 02:05:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2013/01/22 11:17:22 | 000,001,240 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\buscape.xml

[2013/01/22 11:17:22 | 000,001,425 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml

[2013/03/01 12:11:30 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

[2013/01/22 11:17:22 | 000,001,381 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-br.xml

[2013/01/22 11:17:22 | 000,001,165 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-br.xml

========== Chrome ==========

CHR - default_search_provider: Googlehfnfbdbvbdbvbdbv (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rose\AppData\Local\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Rose\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Rose\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll

CHR - plugin: Skype Web Plugin (Enabled) = C:\Program Files\SkypeWebPlugin\npSkypeWebPlugin.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\Rose\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Rose\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll

CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\system32\npDeployJava1.dll

CHR - Extension: Google Docs = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Pesquisa do Google = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Browser Helper Object = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkkeikdkpjenmoiicggnnodbkebafgpc\1.2_0\

CHR - Extension: Gmail = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

CHR - Extension: Google Docs = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Pesquisa do Google = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Browser Helper Object = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkkeikdkpjenmoiicggnnodbkebafgpc\1.2_0\

CHR - Extension: Gmail = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 18:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (IEAddonBHO Class) - {47B614AF-B4CC-485B-B331-BE26F02ED4CC} - C:\Program Files\Internet Explorer\IEAddon.dll (APC)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [PSafeSysTray] C:\Program Files\PSafe\PSafeSysTray.exe (PSafe)

O4 - HKLM..\Run: [VDownloader] C:\Program Files\VDownloader\VDownloader.exe (Vitzo)

O4 - HKCU..\Run: [Facebook Update] C:\Users\Rose\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 10.17.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B90176B4-36C2-4468-BCA2-B53093C4A806}: NameServer = 200.169.117.221 200.169.117.222

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - AppInit_DLLs: (c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2009/10/16 14:49:38 | 000,000,034 | R--- | M] () - F:\Autorun -- [ CDFS ]

O32 - AutoRun File - [2011/01/31 12:04:49 | 000,000,062 | R--- | M] () - F:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{611a9bd2-f1f6-11e1-8061-74f06dd52b60}\Shell - "" = AutoRun

O33 - MountPoints2\{611a9bd2-f1f6-11e1-8061-74f06dd52b60}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{611a9bd5-f1f6-11e1-8061-74f06dd52b60}\Shell - "" = AutoRun

O33 - MountPoints2\{611a9bd5-f1f6-11e1-8061-74f06dd52b60}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{611a9c07-f1f6-11e1-8061-74f06dd52b60}\Shell - "" = AutoRun

O33 - MountPoints2\{611a9c07-f1f6-11e1-8061-74f06dd52b60}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{686964d0-9f5f-11e1-b7cb-74f06dd52b60}\Shell - "" = AutoRun

O33 - MountPoints2\{686964d0-9f5f-11e1-b7cb-74f06dd52b60}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{7fa9aafe-2e05-11e2-95d2-74f06dd52b60}\Shell - "" = AutoRun

O33 - MountPoints2\{7fa9aafe-2e05-11e2-95d2-74f06dd52b60}\Shell\AutoRun\command - "" = F:\Windows/AutoRun.exe -- [2010/12/27 13:44:38 | 000,302,928 | R--- | M] ()

O33 - MountPoints2\{83010952-e7b7-11e1-95eb-74f06dd52b60}\Shell - "" = AutoRun

O33 - MountPoints2\{83010952-e7b7-11e1-95eb-74f06dd52b60}\Shell\AutoRun\command - "" = F:\Windows/AutoRun.exe -- [2010/12/27 13:44:38 | 000,302,928 | R--- | M] ()

O33 - MountPoints2\{8408db5b-b242-11e1-b9e5-74f06dd52b60}\Shell - "" = AutoRun

O33 - MountPoints2\{8408db5b-b242-11e1-b9e5-74f06dd52b60}\Shell\AutoRun\command - "" = G:\Windows/AutoRun.exe

O33 - MountPoints2\{ae8e309a-8dd6-11e2-99de-74f06dd52b60}\Shell - "" = AutoRun

O33 - MountPoints2\{ae8e309a-8dd6-11e2-99de-74f06dd52b60}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{d1c9643c-9ded-11e1-a23c-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{d1c9643c-9ded-11e1-a23c-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{d1c96478-9ded-11e1-a23c-74f06dd52b60}\Shell - "" = AutoRun

O33 - MountPoints2\{d1c96478-9ded-11e1-a23c-74f06dd52b60}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{d47a6ba6-3cb5-11e2-97a3-00e0914a0b47}\Shell - "" = AutoRun

O33 - MountPoints2\{d47a6ba6-3cb5-11e2-97a3-00e0914a0b47}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{d47a6baf-3cb5-11e2-97a3-74f06dd52b60}\Shell - "" = AutoRun

O33 - MountPoints2\{d47a6baf-3cb5-11e2-97a3-74f06dd52b60}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{e2e06365-e64d-11e1-a98d-74f06dd52b60}\Shell - "" = AutoRun

O33 - MountPoints2\{e2e06365-e64d-11e1-a98d-74f06dd52b60}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{e2e0636b-e64d-11e1-a98d-74f06dd52b60}\Shell - "" = AutoRun

O33 - MountPoints2\{e2e0636b-e64d-11e1-a98d-74f06dd52b60}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{e2e063a8-e64d-11e1-a98d-74f06dd52b60}\Shell - "" = AutoRun

O33 - MountPoints2\{e2e063a8-e64d-11e1-a98d-74f06dd52b60}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{e2e063ab-e64d-11e1-a98d-74f06dd52b60}\Shell - "" = AutoRun

O33 - MountPoints2\{e2e063ab-e64d-11e1-a98d-74f06dd52b60}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{e2e063d9-e64d-11e1-a98d-74f06dd52b60}\Shell - "" = AutoRun

O33 - MountPoints2\{e2e063d9-e64d-11e1-a98d-74f06dd52b60}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{f42658c5-cdd4-11e1-a095-74f06dd52b60}\Shell - "" = AutoRun

O33 - MountPoints2\{f42658c5-cdd4-11e1-a095-74f06dd52b60}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{f42658c9-cdd4-11e1-a095-74f06dd52b60}\Shell - "" = AutoRun

O33 - MountPoints2\{f42658c9-cdd4-11e1-a095-74f06dd52b60}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Windows/AutoRun.exe -- [2010/12/27 13:44:38 | 000,302,928 | R--- | M] ()

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\H\Shell - "" = AutoRun

O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/04/08 12:36:08 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{AA8E2863-4BBB-4E6C-A69F-29903B36F84F}

[2013/04/07 19:42:54 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2013/04/07 16:21:26 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\Malwarebytes

[2013/04/07 16:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/04/07 16:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/04/07 16:21:11 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2013/04/07 16:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013/04/07 15:33:42 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{621CE8E7-7AAC-4CC1-BC53-10EBA6FCE065}

[2013/04/07 01:34:10 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{A2AC7F56-C991-4578-B071-B9118BF711A4}

[2013/04/06 13:33:33 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{6096947F-D94A-4795-B2D3-30131CED4612}

[2013/04/06 01:32:53 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{F24CFEDE-2B4E-41B2-89E8-8AD16A194A9D}

[2013/04/05 13:18:43 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{94AC928D-C660-4EBB-97C9-47391E3F24C7}

[2013/04/05 01:33:42 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2013/04/05 01:33:42 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2013/04/05 01:33:42 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2013/04/05 01:33:42 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2013/04/05 01:33:42 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe

[2013/04/05 01:33:42 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll

[2013/04/05 01:33:42 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2013/04/05 01:33:42 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2013/04/05 01:33:42 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2013/04/05 01:33:42 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2013/04/05 01:33:42 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2013/04/05 01:33:42 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2013/04/05 01:33:42 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2013/04/05 01:33:42 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2013/04/05 01:33:42 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll

[2013/04/05 01:33:42 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2013/04/05 01:33:42 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2013/04/05 01:33:42 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2013/04/05 01:33:42 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2013/04/05 01:33:42 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2013/04/05 01:33:42 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2013/04/05 01:33:42 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll

[2013/04/05 01:33:42 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2013/04/05 01:33:42 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2013/04/05 01:33:42 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2013/04/05 01:33:42 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2013/04/05 01:33:42 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2013/04/05 01:33:42 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2013/04/05 01:33:42 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2013/04/05 01:33:42 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2013/04/05 01:33:42 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2013/04/05 01:33:42 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2013/04/05 01:33:42 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2013/04/05 01:33:42 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2013/04/05 01:33:42 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2013/04/05 01:33:42 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2013/04/05 01:32:24 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2013/04/05 01:32:24 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll

[2013/04/05 01:32:24 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll

[2013/04/05 01:32:24 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll

[2013/04/05 01:32:24 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2013/04/05 01:32:24 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

[2013/04/05 01:32:24 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll

[2013/04/05 01:32:24 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll

[2013/04/05 01:32:24 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll

[2013/04/05 01:32:24 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll

[2013/04/05 01:32:24 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll

[2013/04/05 01:32:24 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll

[2013/04/05 01:32:24 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll

[2013/04/05 01:32:24 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll

[2013/04/05 01:32:24 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll

[2013/04/05 01:32:24 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2013/04/05 01:32:24 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

[2013/04/05 01:32:24 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

[2013/04/05 01:32:24 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

[2013/04/05 01:32:24 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

[2013/04/05 01:32:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

[2013/04/05 01:32:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

[2013/04/05 01:32:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

[2013/04/05 01:32:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

[2013/04/05 01:32:24 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

[2013/04/05 00:38:15 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{6036A00C-D6F0-490C-B9C1-56B270593FD6}

[2013/04/04 12:36:00 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{C3DC88B9-E839-439E-A57B-E234068B7435}

[2013/04/03 20:33:14 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{6BA93DD4-8BEE-4C27-B253-B85040B0D75C}

[2013/04/03 00:09:35 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{2B1D6F01-EC09-49F8-ABC2-1572E6E0419B}

[2013/04/02 12:07:42 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{4D11C70A-2539-4BB5-BB95-51A8F70FF7B3}

[2013/04/01 13:21:41 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{C0DC7023-B201-40AF-A50C-D360461BCC50}

[2013/03/31 13:20:58 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{6D21B4E2-4221-4225-9B9A-71A18B4E954E}

[2013/03/30 23:51:50 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{6A461215-7CE1-4C37-9718-280319FB8066}

[2013/03/30 11:48:09 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{381438CD-D8BB-4BF1-8567-F3FE21F07C79}

[2013/03/29 23:34:22 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{15F6EC6C-66B7-46DA-825B-409F6CD81FB5}

[2013/03/29 01:08:24 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{309C705B-7518-449E-A915-63D157A615B7}

[2013/03/28 13:06:10 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{187DB066-02BE-48EF-9BA7-1D8C1D3D4ED7}

[2013/03/27 23:55:53 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{281F707E-123E-4340-A0F5-20DD8A0735A7}

[2013/03/27 11:54:59 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{150F004A-5DC1-4321-84E7-6BB0727C2798}

[2013/03/26 23:54:22 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{1A061718-7CCD-48F7-AC8E-005CFFA434C5}

[2013/03/26 11:53:40 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{5761E4E0-32D4-4D09-80B6-337EF94EB1FF}

[2013/03/25 23:49:29 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{B1B902DC-3C83-434F-A1FB-8C7D0952B820}

[2013/03/25 23:45:16 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{3B87B171-7535-4524-9CBC-E88C7F87EEF0}

[2013/03/25 20:35:08 | 000,000,000 | ---D | C] -- C:\Users\Rose\Desktop\Flanela de Ouro

[2013/03/25 11:35:13 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{B4E6E08A-AB6A-4A56-BE4F-F9F3B7E37955}

[2013/03/24 21:26:18 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{7F789C6E-322E-44B6-AEC3-F4BC2A7DF79D}

[2013/03/24 11:05:46 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{E1040073-76F1-42CB-84AD-923142919F5A}

[2013/03/24 10:57:31 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{01755FDB-D969-4880-8F8A-CF9E75379BF5}

[2013/03/23 21:03:48 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{A0FEF174-FFB8-4AD2-A54E-51505AC5813B}

[2013/03/22 15:38:49 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{CA437377-E55E-428F-94FA-65E64C4AEAA4}

[2013/03/22 12:50:44 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{9A74ADC3-EE6E-4558-A7A2-378DCC1D43B1}

[2013/03/21 23:07:43 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{5AC28D03-86F9-42F6-BEC9-F24BC05EA575}

[2013/03/21 11:06:09 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{7ACA66CB-9FA4-457C-9FCB-A9449EDDBC57}

[2013/03/20 12:17:46 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{C020E033-9E7C-468B-8A30-3B7C43F95FF6}

[2013/03/20 00:17:06 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{E94552E6-1B49-415D-B6DA-A0B8EC99B90D}

[2013/03/19 12:15:37 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{4FDD9895-FDD5-4A3F-B84E-FBFC045DCF68}

[2013/03/18 18:02:57 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{49210F73-D322-4BF4-88E3-56C4E90A0B6C}

[2013/03/17 22:31:17 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{EDE7634B-41FE-438C-ABAC-856EB1013299}

[2013/03/17 15:56:43 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{47CA8B8F-5C44-4D85-BE58-969485433A32}

[2013/03/16 12:29:37 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{AD0047C6-1844-4329-A59E-D0C565B275FB}

[2013/03/15 22:14:32 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{CD489A11-FD2E-4C38-BD69-ADF5227CA3A5}

[2013/03/15 10:54:10 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys

[2013/03/15 10:48:39 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{DDDF0478-07A2-4D72-8BE5-A96F95CD3D83}

[2013/03/14 15:51:31 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{454518AE-73DD-4F6C-A241-12AD4133F68D}

[2013/03/14 14:24:38 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{505BF3F8-C874-43F9-9874-E2EDB1AC338F}

[2013/03/14 14:17:15 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{70608F7E-879A-4591-B05C-8D5A24399941}

[2013/03/14 13:22:02 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{E66EBF6B-DE93-4907-BE4F-DEAC62840080}

[2013/03/13 15:06:01 | 000,000,000 | ---D | C] -- C:\ProgramData\gas

[2013/03/13 14:55:08 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

[2013/03/13 14:54:50 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2013/03/13 14:54:50 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2013/03/13 14:54:50 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll

[2013/03/13 12:44:23 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{566B2E9E-EEC3-448C-9438-6C0E8A9F9C42}

[2013/03/13 00:14:36 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{E0180195-F0C1-4EB4-8612-ABC914B4F2F1}

[2013/03/12 19:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark

[2013/03/12 12:00:11 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{74F494EA-60B2-498A-9E6D-9730A663D2BC}

[2013/03/12 00:37:02 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{A6BF44EC-F9AA-447F-9039-440502F251D8}

[2013/03/11 12:35:29 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{D321CAA1-50B6-4F9F-999F-56144562D96D}

[2013/03/10 16:30:01 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{E55C3004-AFFA-406E-9466-BA39D7932D45}

[2013/03/09 23:22:07 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{10E36D21-3A3A-453D-BD68-ECB03D3F77E7}

========== Files - Modified Within 30 Days ==========

[2013/04/08 16:13:02 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/04/08 16:13:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/04/08 16:09:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/04/08 15:58:01 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2035401440-1416264992-946447494-1000UA.job

[2013/04/08 15:13:02 | 000,025,968 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/04/08 15:13:02 | 000,025,968 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/04/08 15:05:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/04/08 15:05:11 | 1501,970,432 | -HS- | M] () -- C:\hiberfil.sys

[2013/04/08 02:08:05 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2035401440-1416264992-946447494-1000UA.job

[2013/04/07 20:08:01 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2035401440-1416264992-946447494-1000Core.job

[2013/04/07 19:42:54 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2013/04/07 19:40:54 | 000,668,086 | ---- | M] () -- C:\Windows\System32\prfh0416.dat

[2013/04/07 19:40:54 | 000,620,290 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013/04/07 19:40:54 | 000,132,184 | ---- | M] () -- C:\Windows\System32\prfc0416.dat

[2013/04/07 19:40:54 | 000,110,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013/04/07 18:58:08 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2035401440-1416264992-946447494-1000Core.job

[2013/04/07 17:56:37 | 283,195,635 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2013/04/05 01:33:42 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2013/04/05 01:33:42 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2013/04/05 01:33:42 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2013/04/05 01:33:42 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2013/04/05 01:33:42 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe

[2013/04/05 01:33:42 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll

[2013/04/05 01:33:42 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2013/04/05 01:33:42 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2013/04/05 01:33:42 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2013/04/05 01:33:42 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2013/04/05 01:33:42 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2013/04/05 01:33:42 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2013/04/05 01:33:42 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2013/04/05 01:33:42 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2013/04/05 01:33:42 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll

[2013/04/05 01:33:42 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2013/04/05 01:33:42 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2013/04/05 01:33:42 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2013/04/05 01:33:42 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2013/04/05 01:33:42 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2013/04/05 01:33:42 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2013/04/05 01:33:42 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll

[2013/04/05 01:33:42 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2013/04/05 01:33:42 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2013/04/05 01:33:42 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2013/04/05 01:33:42 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2013/04/05 01:33:42 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2013/04/05 01:33:42 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2013/04/05 01:33:42 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2013/04/05 01:33:42 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2013/04/05 01:33:42 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2013/04/05 01:33:42 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2013/04/05 01:33:42 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2013/04/05 01:33:42 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2013/04/05 01:33:42 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

[2013/04/05 01:33:42 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2013/04/05 01:33:42 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2013/04/05 01:32:24 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2013/04/05 01:32:24 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll

[2013/04/05 01:32:24 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll

[2013/04/05 01:32:24 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll

[2013/04/05 01:32:24 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2013/04/05 01:32:24 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

[2013/04/05 01:32:24 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll

[2013/04/05 01:32:24 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll

[2013/04/05 01:32:24 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll

[2013/04/05 01:32:24 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll

[2013/04/05 01:32:24 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll

[2013/04/05 01:32:24 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll

[2013/04/05 01:32:24 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll

[2013/04/05 01:32:24 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll

[2013/04/05 01:32:24 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll

[2013/04/05 01:32:24 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2013/04/05 01:32:24 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

[2013/04/05 01:32:24 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

[2013/04/05 01:32:24 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

[2013/04/05 01:32:24 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

[2013/04/05 01:32:24 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

[2013/04/05 01:32:24 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

[2013/04/05 01:32:24 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

[2013/04/05 01:32:24 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

[2013/04/05 01:32:24 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

[2013/03/28 00:58:31 | 000,012,125 | ---- | M] () -- C:\Users\Rose\Desktop\001.jpg

[2013/03/27 23:30:24 | 000,030,812 | ---- | M] () -- C:\Users\Rose\Desktop\484864_237842456362497_1190054428_n.jpg

[2013/03/18 02:42:48 | 000,040,891 | ---- | M] () -- C:\Users\Rose\Desktop\oracao-sao-jorge.jpg

[2013/03/16 00:12:26 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2013/03/16 00:12:26 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2013/03/15 16:06:55 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2013/03/13 14:54:43 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll

[2013/03/13 14:54:38 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

[2013/03/13 14:54:38 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2013/03/13 14:54:38 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2013/03/13 14:54:36 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll

[2013/03/13 14:54:36 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll

[2013/03/12 01:10:56 | 000,237,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2013/03/10 20:13:34 | 000,025,837 | ---- | M] () -- C:\Users\Rose\Desktop\311309_444678108933800_207332311_n.jpg

========== Files Created - No Company Name ==========

[2013/04/07 17:56:37 | 283,195,635 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2013/04/05 01:33:42 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2013/03/28 00:58:31 | 000,012,125 | ---- | C] () -- C:\Users\Rose\Desktop\001.jpg

[2013/03/27 23:30:22 | 000,030,812 | ---- | C] () -- C:\Users\Rose\Desktop\484864_237842456362497_1190054428_n.jpg

[2013/03/20 20:34:58 | 000,017,920 | ---- | C] () -- C:\Users\Rose\Documents\01021976.xlt

[2013/03/20 20:34:45 | 000,017,920 | ---- | C] () -- C:\Users\Rose\01021976.xlt

[2013/03/18 02:42:45 | 000,040,891 | ---- | C] () -- C:\Users\Rose\Desktop\oracao-sao-jorge.jpg

[2013/03/15 16:06:57 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys

[2013/03/15 16:06:56 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys

[2013/03/10 20:13:33 | 000,025,837 | ---- | C] () -- C:\Users\Rose\Desktop\311309_444678108933800_207332311_n.jpg

[2012/10/30 09:28:45 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe

[2012/10/16 00:29:04 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2012/05/15 22:52:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2012/05/15 18:30:11 | 000,853,821 | ---- | C] () -- C:\Users\Rose\AppData\Roaming\UserTile.png

[2012/05/13 15:25:33 | 000,668,086 | ---- | C] () -- C:\Windows\System32\prfh0416.dat

[2012/05/13 15:25:33 | 000,323,154 | ---- | C] () -- C:\Windows\System32\prfi0416.dat

[2012/05/13 15:25:33 | 000,132,184 | ---- | C] () -- C:\Windows\System32\prfc0416.dat

[2012/05/13 15:25:33 | 000,038,536 | ---- | C] () -- C:\Windows\System32\prfd0416.dat

[2012/05/13 10:49:13 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2012/01/10 22:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin

[2012/01/10 22:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin

[2012/01/10 22:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin

[2012/01/10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll

[2012/01/10 21:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

[2012/01/10 21:12:34 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

[2012/01/10 21:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll

[2012/01/03 09:11:06 | 000,002,045 | -H-- | C] () -- C:\ProgramData\whlb32g.dll

========== ZeroAccess Check ==========

[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2012/05/13 11:04:14 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Ashampoo

[2012/05/17 13:55:07 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Auslogics

[2012/11/08 01:01:55 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\GetRightToGo

[2013/02/26 13:42:03 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\OfficeRecovery

[2012/06/08 18:53:19 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Unity

[2012/09/26 21:11:42 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\VDownloader

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2013/04/07 19:55:34 | 000,001,059 | ---- | M] () -- C:\AdwCleaner[R1].txt

[2013/04/07 15:51:57 | 000,012,048 | ---- | M] () -- C:\AdwCleaner[s1].txt

[2009/06/10 18:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2009/06/10 18:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys

[2013/04/08 15:05:11 | 1501,970,432 | -HS- | M] () -- C:\hiberfil.sys

[2012/12/25 15:44:12 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2012/12/25 15:44:12 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2013/04/08 15:05:15 | 2002,628,608 | -HS- | M] () -- C:\pagefile.sys

< %userprofile%\*.* >

[2006/01/04 02:42:50 | 000,017,920 | ---- | M] () -- C:\Users\Rose\01021976.xlt

[2013/04/08 16:17:03 | 003,670,016 | -HS- | M] () -- C:\Users\Rose\ntuser.dat

[2013/04/08 16:17:03 | 000,262,144 | -HS- | M] () -- C:\Users\Rose\ntuser.dat.LOG1

[2012/05/13 10:33:20 | 000,000,000 | -HS- | M] () -- C:\Users\Rose\ntuser.dat.LOG2

[2013/01/22 18:53:07 | 000,065,536 | -HS- | M] () -- C:\Users\Rose\ntuser.dat{5039ad10-64dc-11e2-90e9-74f06dd52b60}.TM.blf

[2013/01/22 18:53:07 | 000,524,288 | -HS- | M] () -- C:\Users\Rose\ntuser.dat{5039ad10-64dc-11e2-90e9-74f06dd52b60}.TMContainer00000000000000000001.regtrans-ms

[2013/01/22 18:53:07 | 000,524,288 | -HS- | M] () -- C:\Users\Rose\ntuser.dat{5039ad10-64dc-11e2-90e9-74f06dd52b60}.TMContainer00000000000000000002.regtrans-ms

[2012/05/13 10:36:49 | 000,065,536 | -HS- | M] () -- C:\Users\Rose\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf

[2012/05/13 10:36:49 | 000,524,288 | -HS- | M] () -- C:\Users\Rose\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms

[2012/05/13 10:36:49 | 000,524,288 | -HS- | M] () -- C:\Users\Rose\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms

[2012/10/31 16:12:48 | 000,065,536 | -HS- | M] () -- C:\Users\Rose\ntuser.dat{7fc77db0-2378-11e2-a3ce-74f06dd52b60}.TM.blf

[2012/10/31 16:12:48 | 000,524,288 | -HS- | M] () -- C:\Users\Rose\ntuser.dat{7fc77db0-2378-11e2-a3ce-74f06dd52b60}.TMContainer00000000000000000001.regtrans-ms

[2012/10/31 16:12:48 | 000,524,288 | -HS- | M] () -- C:\Users\Rose\ntuser.dat{7fc77db0-2378-11e2-a3ce-74f06dd52b60}.TMContainer00000000000000000002.regtrans-ms

[2012/12/30 09:32:08 | 000,065,536 | -HS- | M] () -- C:\Users\Rose\ntuser.dat{b550a62e-527c-11e2-9321-74f06dd52b60}.TM.blf

[2012/12/30 09:32:08 | 000,524,288 | -HS- | M] () -- C:\Users\Rose\ntuser.dat{b550a62e-527c-11e2-9321-74f06dd52b60}.TMContainer00000000000000000001.regtrans-ms

[2012/12/30 09:32:08 | 000,524,288 | -HS- | M] () -- C:\Users\Rose\ntuser.dat{b550a62e-527c-11e2-9321-74f06dd52b60}.TMContainer00000000000000000002.regtrans-ms

[2012/10/12 22:22:08 | 000,065,536 | -HS- | M] () -- C:\Users\Rose\ntuser.dat{d132678d-14ac-11e2-934a-74f06dd52b60}.TM.blf

[2012/10/12 22:22:08 | 000,524,288 | -HS- | M] () -- C:\Users\Rose\ntuser.dat{d132678d-14ac-11e2-934a-74f06dd52b60}.TMContainer00000000000000000001.regtrans-ms

[2012/10/12 22:22:08 | 000,524,288 | -HS- | M] () -- C:\Users\Rose\ntuser.dat{d132678d-14ac-11e2-934a-74f06dd52b60}.TMContainer00000000000000000002.regtrans-ms

[2012/05/31 13:59:41 | 000,065,536 | -HS- | M] () -- C:\Users\Rose\ntuser.dat{f809992b-ab41-11e1-b171-74f06dd52b60}.TM.blf

[2012/05/31 13:59:41 | 000,524,288 | -HS- | M] () -- C:\Users\Rose\ntuser.dat{f809992b-ab41-11e1-b171-74f06dd52b60}.TMContainer00000000000000000001.regtrans-ms

[2012/05/31 13:59:41 | 000,524,288 | -HS- | M] () -- C:\Users\Rose\ntuser.dat{f809992b-ab41-11e1-b171-74f06dd52b60}.TMContainer00000000000000000002.regtrans-ms

[2012/05/13 10:33:20 | 000,000,020 | -HS- | M] () -- C:\Users\Rose\ntuser.ini

[2012/11/02 14:59:03 | 000,011,171 | ---- | M] () -- C:\Users\Rose\Prezada Irmã.docx

< %systemroot%\system32\drivers\*.* /90 >

[2013/03/06 20:33:22 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswFsBlk.sys

[2013/03/06 20:33:23 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswMonFlt.sys

[2013/03/06 20:33:23 | 000,060,656 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswRdr2.sys

[2013/03/06 20:33:24 | 000,049,248 | ---- | M] () -- C:\Windows\system32\drivers\aswRvrt.sys

[2013/03/06 20:33:24 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswSnx.sys

[2013/03/06 20:33:24 | 000,368,176 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswSP.sys

[2013/03/06 20:33:24 | 000,062,376 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswTdi.sys

[2013/03/06 20:33:24 | 000,164,736 | ---- | M] () -- C:\Windows\system32\drivers\aswVmm.sys

[2013/04/07 19:42:54 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbamswissarmy.sys

[2013/02/12 00:32:45 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usb8023.sys

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\*.* >

[2012/05/15 22:52:14 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat

[2012/01/03 09:11:06 | 000,002,045 | -H-- | M] () -- C:\ProgramData\whlb32g.dll

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

[2009/07/14 01:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >

"DefaultConnectionSettings" = 46 00 00 00 2F 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 DD D1 98 B6 54 1B CE 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]

"SavedLegacySettings" = 46 00 00 00 8E 15 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]

"claro dados" = 46 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]

"Banda Larga" = 46 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]

< %PROGRAMFILES%\Internet Explorer\*.* >

[2013/01/16 20:24:27 | 000,031,698 | ---- | M] () -- C:\Program Files\Internet Explorer\cr_addon.crx

[2013/04/05 01:33:42 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ExtExport.exe

[2013/04/05 01:33:42 | 000,002,843 | ---- | M] () -- C:\Program Files\Internet Explorer\ie9props.propdesc

[2012/10/18 16:58:26 | 000,515,072 | ---- | M] (APC) -- C:\Program Files\Internet Explorer\IEAddon.dll

[2013/04/05 01:33:42 | 000,327,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iediagcmd.exe

[2013/04/05 01:33:42 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iedvtool.dll

[2013/04/05 01:33:42 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieinstal.exe

[2013/04/05 01:33:42 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ielowutil.exe

[2013/04/05 01:33:42 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieproxy.dll

[2013/04/05 01:33:42 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEShims.dll

[2010/11/04 23:20:53 | 000,005,436 | ---- | M] () -- C:\Program Files\Internet Explorer\iessetup.ceb

[2009/07/13 22:15:28 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iessetup.dll

[2013/04/05 01:33:42 | 000,770,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe

[2013/04/05 01:33:42 | 000,440,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsdbgui.dll

[2013/04/05 01:33:42 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsdebuggeride.dll

[2013/04/05 01:33:42 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\JSProfilerCore.dll

[2013/04/05 01:33:42 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsprofilerui.dll

[2013/04/05 01:33:42 | 000,285,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\msdbg2.dll

[2013/04/05 01:33:42 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\networkinspection.dll

[2013/04/05 01:33:42 | 000,392,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\pdm.dll

[2013/04/05 01:33:42 | 000,070,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\pdmproxy100.dll

[2013/04/05 01:33:42 | 000,235,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\sqmapi.dll

[2012/10/18 16:58:06 | 000,117,760 | ---- | M] () -- C:\Program Files\Internet Explorer\Updater.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 2084 bytes -> C:\Windows\System32\drivers\dbpeckok.sys:changelist

< End of report >

Share this post


Link to post
Share on other sites

- Execute o OTL (clique com o botão direito do mouse sobre o executável > Executar como admnistrador), copie o texto abaixo, dentro do "code" e cole no campo nH1CH.png

:OTL
O33 - MountPoints2\{611a9bd2-f1f6-11e1-8061-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{611a9bd2-f1f6-11e1-8061-74f06dd52b60}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{611a9bd5-f1f6-11e1-8061-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{611a9bd5-f1f6-11e1-8061-74f06dd52b60}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{611a9c07-f1f6-11e1-8061-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{611a9c07-f1f6-11e1-8061-74f06dd52b60}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{686964d0-9f5f-11e1-b7cb-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{686964d0-9f5f-11e1-b7cb-74f06dd52b60}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7fa9aafe-2e05-11e2-95d2-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{7fa9aafe-2e05-11e2-95d2-74f06dd52b60}\Shell\AutoRun\command - "" = F:\Windows/AutoRun.exe -- [2010/12/27 13:44:38 | 000,302,928 | R--- | M] ()
O33 - MountPoints2\{83010952-e7b7-11e1-95eb-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{83010952-e7b7-11e1-95eb-74f06dd52b60}\Shell\AutoRun\command - "" = F:\Windows/AutoRun.exe -- [2010/12/27 13:44:38 | 000,302,928 | R--- | M] ()
O33 - MountPoints2\{8408db5b-b242-11e1-b9e5-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{8408db5b-b242-11e1-b9e5-74f06dd52b60}\Shell\AutoRun\command - "" = G:\Windows/AutoRun.exe
O33 - MountPoints2\{ae8e309a-8dd6-11e2-99de-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{ae8e309a-8dd6-11e2-99de-74f06dd52b60}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d1c9643c-9ded-11e1-a23c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d1c9643c-9ded-11e1-a23c-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{d1c96478-9ded-11e1-a23c-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{d1c96478-9ded-11e1-a23c-74f06dd52b60}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d47a6ba6-3cb5-11e2-97a3-00e0914a0b47}\Shell - "" = AutoRun
O33 - MountPoints2\{d47a6ba6-3cb5-11e2-97a3-00e0914a0b47}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d47a6baf-3cb5-11e2-97a3-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{d47a6baf-3cb5-11e2-97a3-74f06dd52b60}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e2e06365-e64d-11e1-a98d-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{e2e06365-e64d-11e1-a98d-74f06dd52b60}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e2e0636b-e64d-11e1-a98d-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{e2e0636b-e64d-11e1-a98d-74f06dd52b60}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e2e063a8-e64d-11e1-a98d-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{e2e063a8-e64d-11e1-a98d-74f06dd52b60}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e2e063ab-e64d-11e1-a98d-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{e2e063ab-e64d-11e1-a98d-74f06dd52b60}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e2e063d9-e64d-11e1-a98d-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{e2e063d9-e64d-11e1-a98d-74f06dd52b60}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{f42658c5-cdd4-11e1-a095-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{f42658c5-cdd4-11e1-a095-74f06dd52b60}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f42658c9-cdd4-11e1-a095-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{f42658c9-cdd4-11e1-a095-74f06dd52b60}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Windows/AutoRun.exe -- [2010/12/27 13:44:38 | 000,302,928 | R--- | M] ()
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe

:Services

:Reg

:Files

:Commands
[emptyjava]
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]

- Clique no botão Consertar

- Quando terminado, clique em Ok para reiniciar o computador.

- Na janela que aparecer, clique em "Executar", copie o conteúdo do log que for aberto e cole na sua próxima resposta, juntamente com um novo log do HijackThis.

Share this post


Link to post
Share on other sites

log do OTL

All processes killed

========== OTL ==========

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{611a9bd2-f1f6-11e1-8061-74f06dd52b60}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{611a9bd2-f1f6-11e1-8061-74f06dd52b60}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{611a9bd2-f1f6-11e1-8061-74f06dd52b60}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{611a9bd2-f1f6-11e1-8061-74f06dd52b60}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{611a9bd5-f1f6-11e1-8061-74f06dd52b60}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{611a9bd5-f1f6-11e1-8061-74f06dd52b60}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{611a9bd5-f1f6-11e1-8061-74f06dd52b60}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{611a9bd5-f1f6-11e1-8061-74f06dd52b60}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{611a9c07-f1f6-11e1-8061-74f06dd52b60}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{611a9c07-f1f6-11e1-8061-74f06dd52b60}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{611a9c07-f1f6-11e1-8061-74f06dd52b60}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{611a9c07-f1f6-11e1-8061-74f06dd52b60}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{686964d0-9f5f-11e1-b7cb-74f06dd52b60}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{686964d0-9f5f-11e1-b7cb-74f06dd52b60}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{686964d0-9f5f-11e1-b7cb-74f06dd52b60}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{686964d0-9f5f-11e1-b7cb-74f06dd52b60}\ not found.

File G:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7fa9aafe-2e05-11e2-95d2-74f06dd52b60}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7fa9aafe-2e05-11e2-95d2-74f06dd52b60}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7fa9aafe-2e05-11e2-95d2-74f06dd52b60}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7fa9aafe-2e05-11e2-95d2-74f06dd52b60}\ not found.

File move failed. F:\Windows/AutoRun.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83010952-e7b7-11e1-95eb-74f06dd52b60}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83010952-e7b7-11e1-95eb-74f06dd52b60}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83010952-e7b7-11e1-95eb-74f06dd52b60}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83010952-e7b7-11e1-95eb-74f06dd52b60}\ not found.

File move failed. F:\Windows/AutoRun.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8408db5b-b242-11e1-b9e5-74f06dd52b60}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8408db5b-b242-11e1-b9e5-74f06dd52b60}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8408db5b-b242-11e1-b9e5-74f06dd52b60}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8408db5b-b242-11e1-b9e5-74f06dd52b60}\ not found.

File G:\Windows/AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae8e309a-8dd6-11e2-99de-74f06dd52b60}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae8e309a-8dd6-11e2-99de-74f06dd52b60}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae8e309a-8dd6-11e2-99de-74f06dd52b60}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae8e309a-8dd6-11e2-99de-74f06dd52b60}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1c9643c-9ded-11e1-a23c-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1c9643c-9ded-11e1-a23c-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1c9643c-9ded-11e1-a23c-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1c9643c-9ded-11e1-a23c-806e6f6e6963}\ not found.

File H:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1c96478-9ded-11e1-a23c-74f06dd52b60}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1c96478-9ded-11e1-a23c-74f06dd52b60}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1c96478-9ded-11e1-a23c-74f06dd52b60}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1c96478-9ded-11e1-a23c-74f06dd52b60}\ not found.

File G:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d47a6ba6-3cb5-11e2-97a3-00e0914a0b47}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d47a6ba6-3cb5-11e2-97a3-00e0914a0b47}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d47a6ba6-3cb5-11e2-97a3-00e0914a0b47}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d47a6ba6-3cb5-11e2-97a3-00e0914a0b47}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d47a6baf-3cb5-11e2-97a3-74f06dd52b60}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d47a6baf-3cb5-11e2-97a3-74f06dd52b60}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d47a6baf-3cb5-11e2-97a3-74f06dd52b60}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d47a6baf-3cb5-11e2-97a3-74f06dd52b60}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2e06365-e64d-11e1-a98d-74f06dd52b60}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2e06365-e64d-11e1-a98d-74f06dd52b60}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2e06365-e64d-11e1-a98d-74f06dd52b60}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2e06365-e64d-11e1-a98d-74f06dd52b60}\ not found.

File G:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2e0636b-e64d-11e1-a98d-74f06dd52b60}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2e0636b-e64d-11e1-a98d-74f06dd52b60}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2e0636b-e64d-11e1-a98d-74f06dd52b60}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2e0636b-e64d-11e1-a98d-74f06dd52b60}\ not found.

File G:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2e063a8-e64d-11e1-a98d-74f06dd52b60}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2e063a8-e64d-11e1-a98d-74f06dd52b60}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2e063a8-e64d-11e1-a98d-74f06dd52b60}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2e063a8-e64d-11e1-a98d-74f06dd52b60}\ not found.

File G:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2e063ab-e64d-11e1-a98d-74f06dd52b60}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2e063ab-e64d-11e1-a98d-74f06dd52b60}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2e063ab-e64d-11e1-a98d-74f06dd52b60}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2e063ab-e64d-11e1-a98d-74f06dd52b60}\ not found.

File G:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2e063d9-e64d-11e1-a98d-74f06dd52b60}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2e063d9-e64d-11e1-a98d-74f06dd52b60}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2e063d9-e64d-11e1-a98d-74f06dd52b60}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2e063d9-e64d-11e1-a98d-74f06dd52b60}\ not found.

File H:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f42658c5-cdd4-11e1-a095-74f06dd52b60}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f42658c5-cdd4-11e1-a095-74f06dd52b60}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f42658c5-cdd4-11e1-a095-74f06dd52b60}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f42658c5-cdd4-11e1-a095-74f06dd52b60}\ not found.

File G:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f42658c9-cdd4-11e1-a095-74f06dd52b60}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f42658c9-cdd4-11e1-a095-74f06dd52b60}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f42658c9-cdd4-11e1-a095-74f06dd52b60}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f42658c9-cdd4-11e1-a095-74f06dd52b60}\ not found.

File G:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.

File move failed. F:\Windows/AutoRun.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.

File G:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.

File H:\AutoRun.exe not found.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Rose

->Java cache emptied: 1321081 bytes

User: Todos os Usuários

User: Usuário Padrão

Total Java Files Cleaned = 1,00 mb

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 57616 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

User: Rose

->Temp folder emptied: 10086078 bytes

->Temporary Internet Files folder emptied: 35259800 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 69757481 bytes

->Google Chrome cache emptied: 91196402 bytes

->Flash cache emptied: 58153 bytes

User: Todos os Usuários

User: Usuário Padrão

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 3324295 bytes

RecycleBin emptied: 27215383 bytes

Total Files Cleaned = 226,00 mb

[EMPTYFLASH]

User: All Users

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Public

User: Rose

->Flash cache emptied: 0 bytes

User: Todos os Usuários

User: Usuário Padrão

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 04092013_202632

Files\Folders moved on Reboot...

File move failed. F:\Windows/AutoRun.exe scheduled to be moved on reboot.

File move failed. C:\Users\Rose\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Log do HijackThis

Logfile of HijackThis v1.99.1

Scan saved at 20:45:08, on 09/04/2013

Platform: Unknown Windows (WinNT 6.01.3505 SP1)

MSIE: Internet Explorer v10.0 (10.00.9200.16521)

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\PSafe\PSafeSysTray.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\PSafe\PSafeWDS.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Claro 3G\UIMain.exe

C:\Program Files\Claro 3G\CMUpdater.exe

C:\Users\Rose\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rose\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rose\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rose\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rose\Music\Contacts\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: BHO - {47B614AF-B4CC-485B-B331-BE26F02ED4CC} - C:\Program Files\Internet Explorer\IEAddon.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [PSafeSysTray] "C:\Program Files\PSafe\PSafeSysTray.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [VDownloader] "C:\Program Files\VDownloader\VDownloader.exe" /silent

O4 - HKCU\..\Run: [Google Update] "C:\Users\Rose\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Rose\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O11 - Options group: [iNTERNATIONAL] International

O13 - Gopher Prefix:

O17 - HKLM\System\CCS\Services\Tcpip\..\{B90176B4-36C2-4468-BCA2-B53093C4A806}: NameServer = 200.169.117.221 200.169.117.222

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll

O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: PSafeLockBoxSvc - PSafe - C:\Program Files\PSafe\PSafeCategoryFinder.exe

O23 - Service: PSafeSVC - PSafe S/A - C:\Program Files\PSafe\PSafesvc.exe

O23 - Service: PSafeWD - PSafe - C:\Program Files\PSafe\PSafeWD.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Ficaram 2 icones desktop.ini na minha area de trabalho.

Share this post


Link to post
Share on other sites
Ficaram 2 icones desktop.ini na minha area de trabalho.

Estão visíveis porque a visualização dos arquivos de sistema está habilitada em Opções de Pasta.

Faça o download do Kaspersky Virus Removal Tool de um desses 2 links:

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/

Salve-o em sua área de trabalho.

- Duplo clique no arquivo "setup" e aguarde a instalação;

- Na próxima tela marque I accept the licence agreement e clique em Start

- Clique no botão f4uZX.png e marque:

  • Meu computador
  • Disco local (C:) (a letra do disco local pode variar)

- Clique em Actions e desmarque os dois quadros:

Zqewdl.jpg

- Clique na aba Automatic Scan e aguarde o término da verificação.

- Clique no botão zNEXl.jpg, em Detected threats e no botão "Save".

- Copie o conteúdo do arquivo salvo (se houver algo detectado) e poste na sua próxima resposta.

Share this post


Link to post
Share on other sites

Tópico Arquivado

Como o autor não respondeu ao tópico por mais de 10 dias, o mesmo foi arquivado.

Caso você seja o autor do tópico e quer que o mesmo seja reaberto, envie uma mensagem privada para um moderador ou assistente com um link para este tópico e justifique porque você precisa dele reaberto.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.