Ir para conteúdo

Foto

Continue Vuupc installation oq fazer?


Este tópico foi arquivado. Isto significa que você não pode mais responder ao tópico.
8 respostas neste tópico

#1
Rodrigo.rj

Rodrigo.rj

    Novato

  • Novato
  • Pip
  • 4 posts
Amigos encontrei o site de vocês quando fui buscar informações sobre esse vuupc, mas confesso que nao entendi muito.
Para que serve esse programa? O que ele faz?
Fiz os procedimentos que vocês passaram sobre baixar os programas e colar aqui o bloco de notas.
segue em anexo os arquivos e aguardo a ajuda de vocês.
Me desculpem caso eu tenha desrespeitado alguma rega ou alguma coisa que voces ja tenham dito...
desde já agradeço a atenção e a ajuda de vocês.

Arquivo(s) anexado(s)


Editado por JoseMelo, 07 abril 2013 - 07:43.
Texto em negrito.


#2
JoseMelo

JoseMelo

    Assistente Profissional

  • Assistente Profissional
  • 128.827 posts
Bem-vindo(a) à Linha Defensiva

Meu nome é José Humberto e "nickname" JoseMelo

Para que possamos ter sucesso ao final dos procedimentos, sugiro que siga estritamente o que lhe for proposto e não use qualquer ferramenta ou programa, que não seja os aqui recomendados;
Não desinstale nenhuma ferramenta que esteja sendo usada, até a finalização dos procedimentos;
Caso tenha um tópico em andamento em outro fórum, recomendo que o abandone para que os procedimentos não sejam conflitantes;
Se preferir receber por e-mail um aviso toda vez que houver resposta no seu tópico, clique em Imagem Postada no alto da página.
Se tiver mais de um programa, com proteção residente instalado (antivírus, antispyware, firewall), mantenha somente um para evitar conflitos e lentidão ao sistema.


Faça o download do AdwCleaner e salve no desktop.
http://general-chang...de/2-adwcleaner

Clique no ícone Imagem Postada para baixar o arquivo.

Execute o adwcleaner0

OBS: Usuários do Windows Vista ou Windows 7 clique com o botão direito do mouse sobre o arquivo AdwCleaner.exe, depois clique em Imagem Postada

Clique em Remover.

Será aberto o bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.


- Faça o download do Malwarebytes Anti-Malware
http://www.malwareby...am-download.php
  • Desative o antivírus;
  • Faça a instalação dando um duplo clique em "mbam-setup.exe";
  • Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir;
  • Marque "Verificação Completa" e depois clique em Verificar;
  • Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;
  • Se algo for detectado, veja se tudo está marcado e clique em "Remover";
  • O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;
  • Copie e cole o conteúdo desse log na sua próxima resposta.
- Poste novo log do HijackThis.

#3
Rodrigo.rj

Rodrigo.rj

    Novato

  • Novato
  • Pip
  • 4 posts
amigo obrigado pela resposta;
fiz o que me informou... (segue abaixo o log do addwcleaner)

# AdwCleaner v2.200 - Relatório criado em 07/04/2013 às 15:46:51
# Atualizado em 02/04/2013 por Xplode
# Sistema Operacional : Windows 7 Professional Service Pack 1 (32 bits)
# Usuário : Rose - ROSE-PC
# Modo de Boot : Normal
# Executado de : C:\Users\Rose\Music\Contacts\Downloads\adwcleaner.exe
# Opção [Remover]


***** [Serviços] *****


***** [Arquivos/Pastas] *****

Arquivo Removido : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Arquivo Removido : C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k6trr1sm.default-1351746535445\extensions\HelperFramework@ZoneMedia.com.xpi
Pasta Removido : C:\Program Files\Claro
Pasta Removido : C:\Program Files\Complitly
Pasta Removido : C:\Program Files\DealPly
Pasta Removido : C:\Program Files\PriceGong
Pasta Removido : C:\Program Files\SweetIM
Pasta Removido : C:\ProgramData\Babylon
Pasta Removido : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Claro
Pasta Removido : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Pasta Removido : C:\ProgramData\SweetIM
Pasta Removido : C:\Users\Rose\AppData\Local\Babylon
Pasta Removido : C:\Users\Rose\AppData\LocalLow\BabylonToolbar
Pasta Removido : C:\Users\Rose\AppData\LocalLow\PriceGong
Pasta Removido : C:\Users\Rose\AppData\LocalLow\SweetIM
Pasta Removido : C:\Users\Rose\AppData\Roaming\Babylon
Pasta Removido : C:\Users\Rose\AppData\Roaming\Complitly
Pasta Removido : C:\Users\Rose\AppData\Roaming\DealPly
Pasta Removido : C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k6trr1sm.default-1351746535445\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Pasta Removido : C:\Users\Rose\AppData\Roaming\SearchYa

***** [Registro] *****

Chave Removida : HKCU\Software\5e28fd1b66eef49
Chave Removida : HKCU\Software\APN PIP
Chave Removida : HKCU\Software\AppDataLow\Software\PriceGong
Chave Removida : HKCU\Software\DataMngr
Chave Removida : HKCU\Software\DataMngr_Toolbar
Chave Removida : HKCU\Software\DealPly
Chave Removida : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Chave Removida : HKCU\Software\Iminent
Chave Removida : HKCU\Software\InstallCore
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Removida : HKCU\Software\searchya.com
Chave Removida : HKCU\Software\Softonic
Chave Removida : HKLM\SOFTWARE\5e28fd1b66eef49
Chave Removida : HKLM\Software\Babylon
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Removida : HKLM\SOFTWARE\Classes\Prod.cap
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Chave Removida : HKLM\Software\DataMngr
Chave Removida : HKLM\Software\DealPly
Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Chave Removida : HKLM\Software\Iminent
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\claro
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Valor Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

***** [Navegadores] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Registro está limpo.

-\\ Mozilla Firefox v19.0.2 (pt-BR)

Arquivo : C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k6trr1sm.default-1351746535445\prefs.js

C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k6trr1sm.default-1351746535445\user.js ... Removido !

Removida : user_pref("extensions.SearchYa!.aflt", "SearchooD");
Removida : user_pref("extensions.SearchYa!.autoRvrt", false);
Removida : user_pref("extensions.SearchYa!.dfltLng", "");
Removida : user_pref("extensions.SearchYa!.dfltSrch", true);
Removida : user_pref("extensions.SearchYa!.dnsErr", true);
Removida : user_pref("extensions.SearchYa!.envrmnt", "production");
Removida : user_pref("extensions.SearchYa!.excTlbr", false);
Removida : user_pref("extensions.SearchYa!.hmpg", true);
Removida : user_pref("extensions.SearchYa!.hmpgUrl", "hxxp://www.searchya.com/?f=1&a=SearchooD&cd=2XzuyEtN2Y1L1[...]
Removida : user_pref("extensions.SearchYa!.id", "E0B9A531AABF2B38");
Removida : user_pref("extensions.SearchYa!.instlDay", "15708");
Removida : user_pref("extensions.SearchYa!.instlRef", "");
Removida : user_pref("extensions.SearchYa!.isdcmntcmplt", true);
Removida : user_pref("extensions.SearchYa!.mntrvrsn", "1.3.0");
Removida : user_pref("extensions.SearchYa!.newTabUrl", "hxxp://www.searchya.com/?f=2&a=SearchooD&cd=2XzuyEtN2Y1[...]
Removida : user_pref("extensions.SearchYa!.prdct", "SearchYa!");
Removida : user_pref("extensions.SearchYa!.prtnrId", "searchya");
Removida : user_pref("extensions.SearchYa!.srchPrvdr", "SearchYa!");
Removida : user_pref("extensions.SearchYa!.tlbrId", "base");
Removida : user_pref("extensions.SearchYa!.tlbrSrchUrl", "hxxp://www.searchya.com/?f=3&a=SearchooD&cd=2XzuyEtN2[...]
Removida : user_pref("extensions.SearchYa!.vrsn", "1.5.25.0");
Removida : user_pref("extensions.SearchYa!.vrsni", "1.5.25.0");
Removida : user_pref("extensions.SearchYa!_i.newTab", true);
Removida : user_pref("extensions.SearchYa!_i.smplGrp", "none");
Removida : user_pref("extensions.SearchYa!_i.vrsnTs", "1.5.25.012:8:36");
Removida : user_pref("extensions.searchya.cntry", "BR");
Removida : user_pref("extensions.searchya.dfltSrch", false);
Removida : user_pref("extensions.searchya.hdrMd5", "");
Removida : user_pref("extensions.searchya.hmpg", false);
Removida : user_pref("extensions.searchya.lastVrsnTs", "");
Removida : user_pref("extensions.searchya.newTab", false);
Removida : user_pref("extensions.searchya.pnu_base", "{\"newVrsn\":\"34\",\"lastVrsn\":\"34\",\"vrsnLoad\":\"\"[...]
Removida : user_pref("extensions.searchya.sg", "free");
Removida : user_pref("extensions.searchya.smplGrp", "free");

-\\ Google Chrome v26.0.1410.43

Arquivo : C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Arquivo está limpo.

*************************

AdwCleaner[S1].txt - [11917 octets] - [07/04/2013 15:46:51]

########## EOF - C:\AdwCleaner[S1].txt - [11978 octets] ##########

em seguida fiz a verificação completa mas quando estava fazendo... quase no fim o pc reiniciou sozinho interrompendo a verificação(segue abaixo o log)
" 2013/04/07 16:21:45 -0300 ROSE-PC Rose MESSAGE Starting protection
2013/04/07 16:21:45 -0300 ROSE-PC Rose MESSAGE Protection started successfully
2013/04/07 16:21:46 -0300 ROSE-PC Rose MESSAGE Starting IP protection
2013/04/07 16:21:48 -0300 ROSE-PC Rose MESSAGE IP Protection started successfully
2013/04/07 16:22:33 -0300 ROSE-PC Rose MESSAGE Executing scheduled update: Daily
2013/04/07 16:45:41 -0300 ROSE-PC Rose MESSAGE Starting database refresh
2013/04/07 16:45:41 -0300 ROSE-PC Rose MESSAGE Stopping IP protection
2013/04/07 16:45:42 -0300 ROSE-PC Rose MESSAGE IP Protection stopped successfully
2013/04/07 16:45:46 -0300 ROSE-PC Rose MESSAGE Database refreshed successfully
2013/04/07 16:45:47 -0300 ROSE-PC Rose MESSAGE Starting IP protection
2013/04/07 16:46:09 -0300 ROSE-PC Rose ERROR Scheduled update failed: Host not found failed with error code 0
2013/04/07 16:46:11 -0300 ROSE-PC Rose MESSAGE IP Protection started successfully
2013/04/07 17:57:08 -0300 ROSE-PC Rose MESSAGE Starting protection
2013/04/07 17:57:08 -0300 ROSE-PC Rose MESSAGE Protection started successfully
2013/04/07 17:57:08 -0300 ROSE-PC Rose MESSAGE Starting IP protection
2013/04/07 17:57:41 -0300 ROSE-PC Rose MESSAGE IP Protection started successfully "

Então fiz novamente a verificação completa e dessa vez deu tudo certo... onde foram detectados 4 arquivos(segue abaixo o log)
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Versão da Base de Dados: v2013.04.07.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16521
Rose :: ROSE-PC [administrador]

Proteção: Permitir

07/04/2013 18:01:49
MBAM-log-2013-04-07 (19-29-15).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 293271
Tempo decorrido: 1 hora(s), 26 minuto(s), 45 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 1
HKCR\AppID\IEAddon.DLL (Rogue.UnVirex) -> Nenhuma ação foi feita.

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 3
C:\Users\Rose\Music\Contacts\Downloads\atube-catcher-291347-baixaki-32-bits.exe (PUP.AdBundle) -> Nenhuma ação foi feita.
C:\Users\Rose\Music\Contacts\Downloads\photo-brush-530-baixaki-32-bits.exe (PUP.AdBundle) -> Nenhuma ação foi feita.
C:\Users\Public\Desktop\MP3 Downloader.lnk (Rogue.Link) -> Nenhuma ação foi feita.

(fim)

só que esqueci de remover esses arquivos... entao tenho que fazer novamente a verificação né? e depois remove-los né?

então amigo em relaçao a tudo que fiz como me pediu... oq faremos agora?
aguardo muito obrigado.

#4
JoseMelo

JoseMelo

    Assistente Profissional

  • Assistente Profissional
  • 128.827 posts

só que esqueci de remover esses arquivos... entao tenho que fazer novamente a verificação né?

Ou apagá-los manualmente.


- Faça o download do OTL de OldTimer e salve-o no desktop:
http://oldtimer.geekstogo.com/OTL.exe
  • Feche todas as janelas e execute a ferramenta.
  • Marque as opções Verificar Lop e Verificar Purity
- Selecione estas linhas abaixo, clique com o direito sobre a seleção, e escolha a opção copiar:
netsvcs
%SYSTEMDRIVE%\*.*
%userprofile%\*.*
%systemroot%\system32\drivers\*.* /90
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
CREATERESTOREPOINT
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
%PROGRAMFILES%\Internet Explorer\*.*
- Volte ao programa, clique com o botão direito do mouse em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar;
- Clique no botão Verificar;
- Poste o log do OTL.

#5
Rodrigo.rj

Rodrigo.rj

    Novato

  • Novato
  • Pip
  • 4 posts
Obrigado amigo... mas se eu apagar esses arquivos os programas deles funcionarão normalmente?
esses arquivos são de programas de download de mp3...

#outra pergunta: esse vuup é o que? é virus? é programa espiao?
#mais uma pergunta: como saber se tem programa espiao instalado no meu pc?

segue abaixo o log do OTL.


OTL logfile created on: 08/04/2013 16:09:14 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rose\Music\Contacts\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1,87 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 44,60% Memory free
3,73 Gb Paging File | 2,26 Gb Available in Paging File | 60,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 51,40 Gb Total Space | 23,88 Gb Free Space | 46,45% Space Free | Partition Type: NTFS
Drive D: | 236,59 Gb Total Space | 178,83 Gb Free Space | 75,59% Space Free | Partition Type: NTFS
Drive F: | 27,66 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ROSE-PC | User Name: Rose | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/08 16:04:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rose\Music\Contacts\Downloads\OTL.exe
PRC - [2013/03/06 20:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/06 20:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/12/18 11:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/22 23:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/07/04 23:04:58 | 001,775,368 | ---- | M] (PSafe S/A) -- C:\Program Files\PSafe\PSafesvc.exe
PRC - [2012/07/04 23:04:56 | 004,948,232 | ---- | M] (PSafe) -- C:\Program Files\PSafe\PSafeSysTray.exe
PRC - [2012/07/04 23:04:54 | 001,768,712 | ---- | M] (PSafe) -- C:\Program Files\PSafe\PSafeCategoryFinder.exe
PRC - [2012/07/04 23:04:54 | 000,250,632 | ---- | M] (PSafe) -- C:\Program Files\PSafe\PSafeWD.exe
PRC - [2012/07/04 22:46:40 | 000,071,680 | ---- | M] (PSafe) -- C:\Program Files\PSafe\PSafeWDS.exe
PRC - [2012/01/19 08:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/30 18:09:00 | 010,778,968 | ---- | M] () -- C:\Program Files\Claro 3G\UIMain.exe
PRC - [2010/12/10 11:42:14 | 000,677,712 | ---- | M] () -- C:\Program Files\Claro 3G\CMUpdater.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/21 19:50:33 | 000,390,096 | ---- | M] () -- C:\Users\Rose\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
MOD - [2013/03/21 19:50:32 | 012,662,224 | ---- | M] () -- C:\Users\Rose\AppData\Local\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
MOD - [2013/03/21 19:50:31 | 004,050,896 | ---- | M] () -- C:\Users\Rose\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll
MOD - [2013/03/21 19:49:41 | 000,598,480 | ---- | M] () -- C:\Users\Rose\AppData\Local\Google\Chrome\Application\26.0.1410.43\libglesv2.dll
MOD - [2013/03/21 19:49:40 | 000,124,368 | ---- | M] () -- C:\Users\Rose\AppData\Local\Google\Chrome\Application\26.0.1410.43\libegl.dll
MOD - [2013/03/21 19:49:38 | 001,606,096 | ---- | M] () -- C:\Users\Rose\AppData\Local\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll
MOD - [2012/07/04 23:00:10 | 000,055,808 | ---- | M] () -- C:\Program Files\PSafe\CrashLib.dll
MOD - [2012/01/10 21:12:12 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2011/01/30 18:09:06 | 001,176,928 | ---- | M] () -- C:\Program Files\Claro 3G\WaitingForm.dll
MOD - [2011/01/30 18:09:00 | 010,778,968 | ---- | M] () -- C:\Program Files\Claro 3G\UIMain.exe
MOD - [2011/01/30 18:08:54 | 001,071,464 | ---- | M] () -- C:\Program Files\Claro 3G\DLL_Netcard_R.dll
MOD - [2010/12/10 11:42:14 | 000,677,712 | ---- | M] () -- C:\Program Files\Claro 3G\CMUpdater.exe
MOD - [2010/12/10 11:42:14 | 000,617,808 | ---- | M] () -- C:\Program Files\Claro 3G\UpdateAgent.dll
MOD - [2010/12/10 11:42:14 | 000,349,520 | ---- | M] () -- C:\Program Files\Claro 3G\UISkin.dll
MOD - [2010/12/10 11:42:14 | 000,238,928 | ---- | M] () -- C:\Program Files\Claro 3G\UICommonDlg.dll
MOD - [2010/12/10 11:42:14 | 000,165,712 | ---- | M] () -- C:\Program Files\Claro 3G\BIXml.dll
MOD - [2009/07/13 22:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll


========== Services (SafeList) ==========

SRV - [2013/03/16 00:12:28 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/09 02:05:38 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/06 20:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/12/18 11:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/10/12 22:28:28 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/07/04 23:04:58 | 001,775,368 | ---- | M] (PSafe S/A) [Auto | Running] -- C:\Program Files\PSafe\PSafesvc.exe -- (PSafeSVC)
SRV - [2012/07/04 23:04:54 | 001,768,712 | ---- | M] (PSafe) [Auto | Running] -- C:\Program Files\PSafe\PSafeCategoryFinder.exe -- (PSafeLockBoxSvc)
SRV - [2012/07/04 23:04:54 | 000,250,632 | ---- | M] (PSafe) [Auto | Running] -- C:\Program Files\PSafe\PSafeWD.exe -- (PSafeWD)
SRV - [2012/01/19 08:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2009/07/13 22:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 22:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2013/04/07 19:42:54 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/03/06 20:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/03/06 20:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/03/06 20:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/03/06 20:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/03/06 20:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/03/06 20:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/03/06 20:33:23 | 000,060,656 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/03/06 20:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/05/31 21:21:04 | 000,146,304 | R--- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\System32\drivers\360FileOem.sys -- (360FileOem)
DRV - [2012/05/31 21:21:04 | 000,054,912 | R--- | M] (360安全中心) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\360HookOem.sys -- (360HookOem)
DRV - [2012/05/31 21:21:04 | 000,023,168 | R--- | M] (360安全中心) [Kernel | System | Running] -- C:\Windows\System32\drivers\360RegOem.sys -- (360RegOem)
DRV - [2010/11/20 09:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 09:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 09:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 07:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 06:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/18 13:44:04 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/10/18 13:44:04 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/10/18 13:44:04 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/26 23:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2009/09/17 12:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/08/13 08:23:02 | 000,022,528 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2009/07/13 20:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/06/22 18:38:24 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A DD 8F F3 0E 31 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{1C0C9F2A-B749-6FC5-E227-723BCB0FD8C6}: "URL" = http://search.babylo...000000000000000
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com.br/"
FF - prefs.js..extensions.enabledAddons: %7B87F8774F-B485-47E2-A755-A40A8A5E886C%7D:2.12.3.1.190
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Skype.com/Skype Web Plugin: C:\Program Files\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Rose\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rose\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rose\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Rose\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/03/15 16:06:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/09 02:05:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/13 11:34:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/09 02:05:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/13 11:34:38 | 000,000,000 | ---D | M]

[2012/05/13 11:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rose\AppData\Roaming\mozilla\Extensions
[2013/04/07 15:51:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rose\AppData\Roaming\mozilla\Firefox\Profiles\k6trr1sm.default-1351746535445\extensions
[2013/04/07 10:42:53 | 000,000,000 | ---D | M] (Modulo de Seguranca - Banco do Brasil) -- C:\Users\Rose\AppData\Roaming\mozilla\Firefox\Profiles\k6trr1sm.default-1351746535445\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}
[2013/03/12 22:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rose\AppData\Roaming\mozilla\Firefox\Profiles\k6trr1sm.default-1351746535445\extensions\data
[2013/03/09 02:05:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/09 02:05:24 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013/03/09 02:05:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2013/03/09 02:05:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/01/22 11:17:22 | 000,001,240 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\buscape.xml
[2013/01/22 11:17:22 | 000,001,425 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml
[2013/03/01 12:11:30 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2013/01/22 11:17:22 | 000,001,381 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-br.xml
[2013/01/22 11:17:22 | 000,001,165 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-br.xml

========== Chrome ==========

CHR - default_search_provider: Googlehfnfbdbvbdbvbdbv (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rose\AppData\Local\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Rose\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Rose\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Skype Web Plugin (Enabled) = C:\Program Files\SkypeWebPlugin\npSkypeWebPlugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Rose\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Rose\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Pesquisa do Google = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Browser Helper Object = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkkeikdkpjenmoiicggnnodbkebafgpc\1.2_0\
CHR - Extension: Gmail = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Docs = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Pesquisa do Google = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Browser Helper Object = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkkeikdkpjenmoiicggnnodbkebafgpc\1.2_0\
CHR - Extension: Gmail = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 18:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IEAddonBHO Class) - {47B614AF-B4CC-485B-B331-BE26F02ED4CC} - C:\Program Files\Internet Explorer\IEAddon.dll (APC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [PSafeSysTray] C:\Program Files\PSafe\PSafeSysTray.exe (PSafe)
O4 - HKLM..\Run: [VDownloader] C:\Program Files\VDownloader\VDownloader.exe (Vitzo)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Rose\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B90176B4-36C2-4468-BCA2-B53093C4A806}: NameServer = 200.169.117.221 200.169.117.222
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/10/16 14:49:38 | 000,000,034 | R--- | M] () - F:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2011/01/31 12:04:49 | 000,000,062 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{611a9bd2-f1f6-11e1-8061-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{611a9bd2-f1f6-11e1-8061-74f06dd52b60}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{611a9bd5-f1f6-11e1-8061-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{611a9bd5-f1f6-11e1-8061-74f06dd52b60}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{611a9c07-f1f6-11e1-8061-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{611a9c07-f1f6-11e1-8061-74f06dd52b60}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{686964d0-9f5f-11e1-b7cb-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{686964d0-9f5f-11e1-b7cb-74f06dd52b60}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7fa9aafe-2e05-11e2-95d2-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{7fa9aafe-2e05-11e2-95d2-74f06dd52b60}\Shell\AutoRun\command - "" = F:\Windows/AutoRun.exe -- [2010/12/27 13:44:38 | 000,302,928 | R--- | M] ()
O33 - MountPoints2\{83010952-e7b7-11e1-95eb-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{83010952-e7b7-11e1-95eb-74f06dd52b60}\Shell\AutoRun\command - "" = F:\Windows/AutoRun.exe -- [2010/12/27 13:44:38 | 000,302,928 | R--- | M] ()
O33 - MountPoints2\{8408db5b-b242-11e1-b9e5-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{8408db5b-b242-11e1-b9e5-74f06dd52b60}\Shell\AutoRun\command - "" = G:\Windows/AutoRun.exe
O33 - MountPoints2\{ae8e309a-8dd6-11e2-99de-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{ae8e309a-8dd6-11e2-99de-74f06dd52b60}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d1c9643c-9ded-11e1-a23c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d1c9643c-9ded-11e1-a23c-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{d1c96478-9ded-11e1-a23c-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{d1c96478-9ded-11e1-a23c-74f06dd52b60}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d47a6ba6-3cb5-11e2-97a3-00e0914a0b47}\Shell - "" = AutoRun
O33 - MountPoints2\{d47a6ba6-3cb5-11e2-97a3-00e0914a0b47}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d47a6baf-3cb5-11e2-97a3-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{d47a6baf-3cb5-11e2-97a3-74f06dd52b60}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e2e06365-e64d-11e1-a98d-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{e2e06365-e64d-11e1-a98d-74f06dd52b60}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e2e0636b-e64d-11e1-a98d-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{e2e0636b-e64d-11e1-a98d-74f06dd52b60}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e2e063a8-e64d-11e1-a98d-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{e2e063a8-e64d-11e1-a98d-74f06dd52b60}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e2e063ab-e64d-11e1-a98d-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{e2e063ab-e64d-11e1-a98d-74f06dd52b60}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e2e063d9-e64d-11e1-a98d-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{e2e063d9-e64d-11e1-a98d-74f06dd52b60}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{f42658c5-cdd4-11e1-a095-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{f42658c5-cdd4-11e1-a095-74f06dd52b60}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f42658c9-cdd4-11e1-a095-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{f42658c9-cdd4-11e1-a095-74f06dd52b60}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Windows/AutoRun.exe -- [2010/12/27 13:44:38 | 000,302,928 | R--- | M] ()
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/04/08 12:36:08 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{AA8E2863-4BBB-4E6C-A69F-29903B36F84F}
[2013/04/07 19:42:54 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/04/07 16:21:26 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\Malwarebytes
[2013/04/07 16:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/07 16:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/07 16:21:11 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/07 16:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/04/07 15:33:42 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{621CE8E7-7AAC-4CC1-BC53-10EBA6FCE065}
[2013/04/07 01:34:10 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{A2AC7F56-C991-4578-B071-B9118BF711A4}
[2013/04/06 13:33:33 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{6096947F-D94A-4795-B2D3-30131CED4612}
[2013/04/06 01:32:53 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{F24CFEDE-2B4E-41B2-89E8-8AD16A194A9D}
[2013/04/05 13:18:43 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{94AC928D-C660-4EBB-97C9-47391E3F24C7}
[2013/04/05 01:33:42 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/04/05 01:33:42 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/04/05 01:33:42 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/04/05 01:33:42 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/04/05 01:33:42 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013/04/05 01:33:42 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013/04/05 01:33:42 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/04/05 01:33:42 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/04/05 01:33:42 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/04/05 01:33:42 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/04/05 01:33:42 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013/04/05 01:33:42 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/04/05 01:33:42 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/04/05 01:33:42 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013/04/05 01:33:42 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013/04/05 01:33:42 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013/04/05 01:33:42 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013/04/05 01:33:42 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013/04/05 01:33:42 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013/04/05 01:33:42 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/04/05 01:33:42 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/04/05 01:33:42 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013/04/05 01:33:42 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/04/05 01:33:42 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013/04/05 01:33:42 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013/04/05 01:33:42 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/04/05 01:33:42 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/04/05 01:33:42 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013/04/05 01:33:42 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013/04/05 01:33:42 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/04/05 01:33:42 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/04/05 01:33:42 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/04/05 01:33:42 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013/04/05 01:33:42 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/04/05 01:33:42 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/04/05 01:33:42 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/04/05 01:32:24 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/04/05 01:32:24 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013/04/05 01:32:24 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/04/05 01:32:24 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013/04/05 01:32:24 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/04/05 01:32:24 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013/04/05 01:32:24 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/04/05 01:32:24 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/04/05 01:32:24 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013/04/05 01:32:24 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013/04/05 01:32:24 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013/04/05 01:32:24 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/04/05 01:32:24 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/04/05 01:32:24 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013/04/05 01:32:24 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013/04/05 01:32:24 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/04/05 01:32:24 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/04/05 01:32:24 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/04/05 01:32:24 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/04/05 01:32:24 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/04/05 01:32:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/04/05 01:32:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/04/05 01:32:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013/04/05 01:32:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/04/05 01:32:24 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/04/05 00:38:15 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{6036A00C-D6F0-490C-B9C1-56B270593FD6}
[2013/04/04 12:36:00 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{C3DC88B9-E839-439E-A57B-E234068B7435}
[2013/04/03 20:33:14 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{6BA93DD4-8BEE-4C27-B253-B85040B0D75C}
[2013/04/03 00:09:35 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{2B1D6F01-EC09-49F8-ABC2-1572E6E0419B}
[2013/04/02 12:07:42 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{4D11C70A-2539-4BB5-BB95-51A8F70FF7B3}
[2013/04/01 13:21:41 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{C0DC7023-B201-40AF-A50C-D360461BCC50}
[2013/03/31 13:20:58 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{6D21B4E2-4221-4225-9B9A-71A18B4E954E}
[2013/03/30 23:51:50 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{6A461215-7CE1-4C37-9718-280319FB8066}
[2013/03/30 11:48:09 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{381438CD-D8BB-4BF1-8567-F3FE21F07C79}
[2013/03/29 23:34:22 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{15F6EC6C-66B7-46DA-825B-409F6CD81FB5}
[2013/03/29 01:08:24 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{309C705B-7518-449E-A915-63D157A615B7}
[2013/03/28 13:06:10 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{187DB066-02BE-48EF-9BA7-1D8C1D3D4ED7}
[2013/03/27 23:55:53 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{281F707E-123E-4340-A0F5-20DD8A0735A7}
[2013/03/27 11:54:59 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{150F004A-5DC1-4321-84E7-6BB0727C2798}
[2013/03/26 23:54:22 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{1A061718-7CCD-48F7-AC8E-005CFFA434C5}
[2013/03/26 11:53:40 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{5761E4E0-32D4-4D09-80B6-337EF94EB1FF}
[2013/03/25 23:49:29 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{B1B902DC-3C83-434F-A1FB-8C7D0952B820}
[2013/03/25 23:45:16 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{3B87B171-7535-4524-9CBC-E88C7F87EEF0}
[2013/03/25 20:35:08 | 000,000,000 | ---D | C] -- C:\Users\Rose\Desktop\Flanela de Ouro
[2013/03/25 11:35:13 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{B4E6E08A-AB6A-4A56-BE4F-F9F3B7E37955}
[2013/03/24 21:26:18 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{7F789C6E-322E-44B6-AEC3-F4BC2A7DF79D}
[2013/03/24 11:05:46 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{E1040073-76F1-42CB-84AD-923142919F5A}
[2013/03/24 10:57:31 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{01755FDB-D969-4880-8F8A-CF9E75379BF5}
[2013/03/23 21:03:48 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{A0FEF174-FFB8-4AD2-A54E-51505AC5813B}
[2013/03/22 15:38:49 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{CA437377-E55E-428F-94FA-65E64C4AEAA4}
[2013/03/22 12:50:44 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{9A74ADC3-EE6E-4558-A7A2-378DCC1D43B1}
[2013/03/21 23:07:43 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{5AC28D03-86F9-42F6-BEC9-F24BC05EA575}
[2013/03/21 11:06:09 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{7ACA66CB-9FA4-457C-9FCB-A9449EDDBC57}
[2013/03/20 12:17:46 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{C020E033-9E7C-468B-8A30-3B7C43F95FF6}
[2013/03/20 00:17:06 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{E94552E6-1B49-415D-B6DA-A0B8EC99B90D}
[2013/03/19 12:15:37 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{4FDD9895-FDD5-4A3F-B84E-FBFC045DCF68}
[2013/03/18 18:02:57 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{49210F73-D322-4BF4-88E3-56C4E90A0B6C}
[2013/03/17 22:31:17 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{EDE7634B-41FE-438C-ABAC-856EB1013299}
[2013/03/17 15:56:43 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{47CA8B8F-5C44-4D85-BE58-969485433A32}
[2013/03/16 12:29:37 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{AD0047C6-1844-4329-A59E-D0C565B275FB}
[2013/03/15 22:14:32 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{CD489A11-FD2E-4C38-BD69-ADF5227CA3A5}
[2013/03/15 10:54:10 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013/03/15 10:48:39 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{DDDF0478-07A2-4D72-8BE5-A96F95CD3D83}
[2013/03/14 15:51:31 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{454518AE-73DD-4F6C-A241-12AD4133F68D}
[2013/03/14 14:24:38 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{505BF3F8-C874-43F9-9874-E2EDB1AC338F}
[2013/03/14 14:17:15 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{70608F7E-879A-4591-B05C-8D5A24399941}
[2013/03/14 13:22:02 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{E66EBF6B-DE93-4907-BE4F-DEAC62840080}
[2013/03/13 15:06:01 | 000,000,000 | ---D | C] -- C:\ProgramData\gas
[2013/03/13 14:55:08 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/03/13 14:54:50 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/03/13 14:54:50 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/03/13 14:54:50 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/03/13 12:44:23 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{566B2E9E-EEC3-448C-9438-6C0E8A9F9C42}
[2013/03/13 00:14:36 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{E0180195-F0C1-4EB4-8612-ABC914B4F2F1}
[2013/03/12 19:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark
[2013/03/12 12:00:11 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{74F494EA-60B2-498A-9E6D-9730A663D2BC}
[2013/03/12 00:37:02 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{A6BF44EC-F9AA-447F-9039-440502F251D8}
[2013/03/11 12:35:29 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{D321CAA1-50B6-4F9F-999F-56144562D96D}
[2013/03/10 16:30:01 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{E55C3004-AFFA-406E-9466-BA39D7932D45}
[2013/03/09 23:22:07 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{10E36D21-3A3A-453D-BD68-ECB03D3F77E7}

========== Files - Modified Within 30 Days ==========

[2013/04/08 16:13:02 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/08 16:13:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/08 16:09:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/08 15:58:01 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2035401440-1416264992-946447494-1000UA.job
[2013/04/08 15:13:02 | 000,025,968 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/08 15:13:02 | 000,025,968 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/08 15:05:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/08 15:05:11 | 1501,970,432 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/08 02:08:05 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2035401440-1416264992-946447494-1000UA.job
[2013/04/07 20:08:01 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2035401440-1416264992-946447494-1000Core.job
[2013/04/07 19:42:54 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/04/07 19:40:54 | 000,668,086 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2013/04/07 19:40:54 | 000,620,290 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/07 19:40:54 | 000,132,184 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2013/04/07 19:40:54 | 000,110,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/07 18:58:08 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2035401440-1416264992-946447494-1000Core.job
[2013/04/07 17:56:37 | 283,195,635 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/04/05 01:33:42 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/04/05 01:33:42 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/04/05 01:33:42 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/04/05 01:33:42 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/04/05 01:33:42 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013/04/05 01:33:42 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013/04/05 01:33:42 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/04/05 01:33:42 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/04/05 01:33:42 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/04/05 01:33:42 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/04/05 01:33:42 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013/04/05 01:33:42 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/04/05 01:33:42 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/04/05 01:33:42 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013/04/05 01:33:42 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013/04/05 01:33:42 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013/04/05 01:33:42 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013/04/05 01:33:42 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013/04/05 01:33:42 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013/04/05 01:33:42 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/04/05 01:33:42 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/04/05 01:33:42 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013/04/05 01:33:42 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/04/05 01:33:42 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013/04/05 01:33:42 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013/04/05 01:33:42 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/04/05 01:33:42 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/04/05 01:33:42 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013/04/05 01:33:42 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013/04/05 01:33:42 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/04/05 01:33:42 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/04/05 01:33:42 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/04/05 01:33:42 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013/04/05 01:33:42 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/04/05 01:33:42 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/04/05 01:33:42 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/04/05 01:33:42 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/04/05 01:32:24 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/04/05 01:32:24 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013/04/05 01:32:24 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/04/05 01:32:24 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013/04/05 01:32:24 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/04/05 01:32:24 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013/04/05 01:32:24 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/04/05 01:32:24 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/04/05 01:32:24 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013/04/05 01:32:24 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013/04/05 01:32:24 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013/04/05 01:32:24 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/04/05 01:32:24 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/04/05 01:32:24 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013/04/05 01:32:24 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013/04/05 01:32:24 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/04/05 01:32:24 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/04/05 01:32:24 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/04/05 01:32:24 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/04/05 01:32:24 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/04/05 01:32:24 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/04/05 01:32:24 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/04/05 01:32:24 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013/04/05 01:32:24 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/04/05 01:32:24 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/03/28 00:58:31 | 000,012,125 | ---- | M] () -- C:\Users\Rose\Desktop\001.jpg
[2013/03/27 23:30:24 | 000,030,812 | ---- | M] () -- C:\Users\Rose\Desktop\484864_237842456362497_1190054428_n.jpg
[2013/03/18 02:42:48 | 000,040,891 | ---- | M] () -- C:\Users\Rose\Desktop\oracao-sao-jorge.jpg
[2013/03/16 00:12:26 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/03/16 00:12:26 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/03/15 16:06:55 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/03/13 14:54:43 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/03/13 14:54:38 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/03/13 14:54:38 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/03/13 14:54:38 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/03/13 14:54:36 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013/03/13 14:54:36 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/03/12 01:10:56 | 000,237,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/03/10 20:13:34 | 000,025,837 | ---- | M] () -- C:\Users\Rose\Desktop\311309_444678108933800_207332311_n.jpg

========== Files Created - No Company Name ==========

[2013/04/07 17:56:37 | 283,195,635 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/04/05 01:33:42 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/03/28 00:58:31 | 000,012,125 | ---- | C] () -- C:\Users\Rose\Desktop\001.jpg
[2013/03/27 23:30:22 | 000,030,812 | ---- | C] () -- C:\Users\Rose\Desktop\484864_237842456362497_1190054428_n.jpg
[2013/03/20 20:34:58 | 000,017,920 | ---- | C] () -- C:\Users\Rose\Documents\01021976.xlt
[2013/03/20 20:34:45 | 000,017,920 | ---- | C] () -- C:\Users\Rose\01021976.xlt
[2013/03/18 02:42:45 | 000,040,891 | ---- | C] () -- C:\Users\Rose\Desktop\oracao-sao-jorge.jpg
[2013/03/15 16:06:57 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/15 16:06:56 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/03/10 20:13:33 | 000,025,837 | ---- | C] () -- C:\Users\Rose\Desktop\311309_444678108933800_207332311_n.jpg
[2012/10/30 09:28:45 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2012/10/16 00:29:04 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/05/15 22:52:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012/05/15 18:30:11 | 000,853,821 | ---- | C] () -- C:\Users\Rose\AppData\Roaming\UserTile.png
[2012/05/13 15:25:33 | 000,668,086 | ---- | C] () -- C:\Windows\System32\prfh0416.dat
[2012/05/13 15:25:33 | 000,323,154 | ---- | C] () -- C:\Windows\System32\prfi0416.dat
[2012/05/13 15:25:33 | 000,132,184 | ---- | C] () -- C:\Windows\System32\prfc0416.dat
[2012/05/13 15:25:33 | 000,038,536 | ---- | C] () -- C:\Windows\System32\prfd0416.dat
[2012/05/13 10:49:13 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012/01/10 22:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2012/01/10 22:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2012/01/10 22:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2012/01/10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012/01/10 21:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/01/10 21:12:34 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012/01/10 21:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2012/01/03 09:11:06 | 000,002,045 | -H-- | C] () -- C:\ProgramData\whlb32g.dll

========== ZeroAccess Check ==========

[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/05/13 11:04:14 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Ashampoo
[2012/05/17 13:55:07 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Auslogics
[2012/11/08 01:01:55 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\GetRightToGo
[2013/02/26 13:42:03 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\OfficeRecovery
[2012/06/08 18:53:19 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Unity
[2012/09/26 21:11:42 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\VDownloader

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2013/04/07 19:55:34 | 000,001,059 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2013/04/07 15:51:57 | 000,012,048 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2009/06/10 18:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/06/10 18:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2013/04/08 15:05:11 | 1501,970,432 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/25 15:44:12 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/12/25 15:44:12 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/04/08 15:05:15 | 2002,628,608 | -HS- | M] () -- C:\pagefile.sys

< %userprofile%\*.* >
[2006/01/04 02:42:50 | 000,017,920 | ---- | M] () -- C:\Users\Rose\01021976.xlt
[2013/04/08 16:17:03 | 003,670,016 | -HS- | M] () -- C:\Users\Rose\ntuser.dat
[2013/04/08 16:17:03 | 000,262,144 | -HS- | M] () -- C:\Users\Rose\ntuser.dat.LOG1
[2012/05/13 10:33:20 | 000,000,000 | -HS- | M] () -- C:\Users\Rose\ntuser.dat.LOG2
[2013/01/22 18:53:07 | 000,065,536 | -HS- | M] () -- C:\Users\Rose\ntuser.dat{5039ad10-64dc-11e2-90e9-74f06dd52b60}.TM.blf
[2013/01/22 18:53:07 | 000,524,288 | -HS- | M] () -- C:\Users\Rose\ntuser.dat{5039ad10-64dc-11e2-90e9-74f06dd52b60}.TMContainer00000000000000000001.regtrans-ms
[2013/01/22 18:53:07 | 000,524,288 | -HS- | M] () -- C:\Users\Rose\ntuser.dat{5039ad10-64dc-11e2-90e9-74f06dd52b60}.TMContainer00000000000000000002.regtrans-ms
[2012/05/13 10:36:49 | 000,065,536 | -HS- | M] () -- C:\Users\Rose\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2012/05/13 10:36:49 | 000,524,288 | -HS- | M] () -- C:\Users\Rose\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2012/05/13 10:36:49 | 000,524,288 | -HS- | M] () -- C:\Users\Rose\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2012/10/31 16:12:48 | 000,065,536 | -HS- | M] () -- C:\Users\Rose\ntuser.dat{7fc77db0-2378-11e2-a3ce-74f06dd52b60}.TM.blf
[2012/10/31 16:12:48 | 000,524,288 | -HS- | M] () -- C:\Users\Rose\ntuser.dat{7fc77db0-2378-11e2-a3ce-74f06dd52b60}.TMContainer00000000000000000001.regtrans-ms
[2012/10/31 16:12:48 | 000,524,288 | -HS- | M] () -- C:\Users\Rose\ntuser.dat{7fc77db0-2378-11e2-a3ce-74f06dd52b60}.TMContainer00000000000000000002.regtrans-ms
[2012/12/30 09:32:08 | 000,065,536 | -HS- | M] () -- C:\Users\Rose\ntuser.dat{b550a62e-527c-11e2-9321-74f06dd52b60}.TM.blf
[2012/12/30 09:32:08 | 000,524,288 | -HS- | M] () -- C:\Users\Rose\ntuser.dat{b550a62e-527c-11e2-9321-74f06dd52b60}.TMContainer00000000000000000001.regtrans-ms
[2012/12/30 09:32:08 | 000,524,288 | -HS- | M] () -- C:\Users\Rose\ntuser.dat{b550a62e-527c-11e2-9321-74f06dd52b60}.TMContainer00000000000000000002.regtrans-ms
[2012/10/12 22:22:08 | 000,065,536 | -HS- | M] () -- C:\Users\Rose\ntuser.dat{d132678d-14ac-11e2-934a-74f06dd52b60}.TM.blf
[2012/10/12 22:22:08 | 000,524,288 | -HS- | M] () -- C:\Users\Rose\ntuser.dat{d132678d-14ac-11e2-934a-74f06dd52b60}.TMContainer00000000000000000001.regtrans-ms
[2012/10/12 22:22:08 | 000,524,288 | -HS- | M] () -- C:\Users\Rose\ntuser.dat{d132678d-14ac-11e2-934a-74f06dd52b60}.TMContainer00000000000000000002.regtrans-ms
[2012/05/31 13:59:41 | 000,065,536 | -HS- | M] () -- C:\Users\Rose\ntuser.dat{f809992b-ab41-11e1-b171-74f06dd52b60}.TM.blf
[2012/05/31 13:59:41 | 000,524,288 | -HS- | M] () -- C:\Users\Rose\ntuser.dat{f809992b-ab41-11e1-b171-74f06dd52b60}.TMContainer00000000000000000001.regtrans-ms
[2012/05/31 13:59:41 | 000,524,288 | -HS- | M] () -- C:\Users\Rose\ntuser.dat{f809992b-ab41-11e1-b171-74f06dd52b60}.TMContainer00000000000000000002.regtrans-ms
[2012/05/13 10:33:20 | 000,000,020 | -HS- | M] () -- C:\Users\Rose\ntuser.ini
[2012/11/02 14:59:03 | 000,011,171 | ---- | M] () -- C:\Users\Rose\Prezada Irmã.docx

< %systemroot%\system32\drivers\*.* /90 >
[2013/03/06 20:33:22 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswFsBlk.sys
[2013/03/06 20:33:23 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswMonFlt.sys
[2013/03/06 20:33:23 | 000,060,656 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswRdr2.sys
[2013/03/06 20:33:24 | 000,049,248 | ---- | M] () -- C:\Windows\system32\drivers\aswRvrt.sys
[2013/03/06 20:33:24 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswSnx.sys
[2013/03/06 20:33:24 | 000,368,176 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswSP.sys
[2013/03/06 20:33:24 | 000,062,376 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswTdi.sys
[2013/03/06 20:33:24 | 000,164,736 | ---- | M] () -- C:\Windows\system32\drivers\aswVmm.sys
[2013/04/07 19:42:54 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbamswissarmy.sys
[2013/02/12 00:32:45 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usb8023.sys

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\*.* >
[2012/05/15 22:52:14 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2012/01/03 09:11:06 | 000,002,045 | -H-- | M] () -- C:\ProgramData\whlb32g.dll

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 01:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >
"DefaultConnectionSettings" = 46 00 00 00 2F 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 DD D1 98 B6 54 1B CE 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"SavedLegacySettings" = 46 00 00 00 8E 15 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"claro dados" = 46 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"Banda Larga" = 46 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]

< %PROGRAMFILES%\Internet Explorer\*.* >
[2013/01/16 20:24:27 | 000,031,698 | ---- | M] () -- C:\Program Files\Internet Explorer\cr_addon.crx
[2013/04/05 01:33:42 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ExtExport.exe
[2013/04/05 01:33:42 | 000,002,843 | ---- | M] () -- C:\Program Files\Internet Explorer\ie9props.propdesc
[2012/10/18 16:58:26 | 000,515,072 | ---- | M] (APC) -- C:\Program Files\Internet Explorer\IEAddon.dll
[2013/04/05 01:33:42 | 000,327,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iediagcmd.exe
[2013/04/05 01:33:42 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iedvtool.dll
[2013/04/05 01:33:42 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieinstal.exe
[2013/04/05 01:33:42 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ielowutil.exe
[2013/04/05 01:33:42 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieproxy.dll
[2013/04/05 01:33:42 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEShims.dll
[2010/11/04 23:20:53 | 000,005,436 | ---- | M] () -- C:\Program Files\Internet Explorer\iessetup.ceb
[2009/07/13 22:15:28 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iessetup.dll
[2013/04/05 01:33:42 | 000,770,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/04/05 01:33:42 | 000,440,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsdbgui.dll
[2013/04/05 01:33:42 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsdebuggeride.dll
[2013/04/05 01:33:42 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\JSProfilerCore.dll
[2013/04/05 01:33:42 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsprofilerui.dll
[2013/04/05 01:33:42 | 000,285,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\msdbg2.dll
[2013/04/05 01:33:42 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\networkinspection.dll
[2013/04/05 01:33:42 | 000,392,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\pdm.dll
[2013/04/05 01:33:42 | 000,070,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\pdmproxy100.dll
[2013/04/05 01:33:42 | 000,235,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\sqmapi.dll
[2012/10/18 16:58:06 | 000,117,760 | ---- | M] () -- C:\Program Files\Internet Explorer\Updater.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 2084 bytes -> C:\Windows\System32\drivers\dbpeckok.sys:changelist

< End of report >

#6
JoseMelo

JoseMelo

    Assistente Profissional

  • Assistente Profissional
  • 128.827 posts
- Execute o OTL (clique com o botão direito do mouse sobre o executável > Executar como admnistrador), copie o texto abaixo, dentro do "code" e cole no campo Imagem Postada

:OTL
O33 - MountPoints2\{611a9bd2-f1f6-11e1-8061-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{611a9bd2-f1f6-11e1-8061-74f06dd52b60}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{611a9bd5-f1f6-11e1-8061-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{611a9bd5-f1f6-11e1-8061-74f06dd52b60}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{611a9c07-f1f6-11e1-8061-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{611a9c07-f1f6-11e1-8061-74f06dd52b60}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{686964d0-9f5f-11e1-b7cb-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{686964d0-9f5f-11e1-b7cb-74f06dd52b60}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7fa9aafe-2e05-11e2-95d2-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{7fa9aafe-2e05-11e2-95d2-74f06dd52b60}\Shell\AutoRun\command - "" = F:\Windows/AutoRun.exe -- [2010/12/27 13:44:38 | 000,302,928 | R--- | M] ()
O33 - MountPoints2\{83010952-e7b7-11e1-95eb-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{83010952-e7b7-11e1-95eb-74f06dd52b60}\Shell\AutoRun\command - "" = F:\Windows/AutoRun.exe -- [2010/12/27 13:44:38 | 000,302,928 | R--- | M] ()
O33 - MountPoints2\{8408db5b-b242-11e1-b9e5-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{8408db5b-b242-11e1-b9e5-74f06dd52b60}\Shell\AutoRun\command - "" = G:\Windows/AutoRun.exe
O33 - MountPoints2\{ae8e309a-8dd6-11e2-99de-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{ae8e309a-8dd6-11e2-99de-74f06dd52b60}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d1c9643c-9ded-11e1-a23c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d1c9643c-9ded-11e1-a23c-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{d1c96478-9ded-11e1-a23c-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{d1c96478-9ded-11e1-a23c-74f06dd52b60}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d47a6ba6-3cb5-11e2-97a3-00e0914a0b47}\Shell - "" = AutoRun
O33 - MountPoints2\{d47a6ba6-3cb5-11e2-97a3-00e0914a0b47}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d47a6baf-3cb5-11e2-97a3-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{d47a6baf-3cb5-11e2-97a3-74f06dd52b60}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e2e06365-e64d-11e1-a98d-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{e2e06365-e64d-11e1-a98d-74f06dd52b60}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e2e0636b-e64d-11e1-a98d-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{e2e0636b-e64d-11e1-a98d-74f06dd52b60}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e2e063a8-e64d-11e1-a98d-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{e2e063a8-e64d-11e1-a98d-74f06dd52b60}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e2e063ab-e64d-11e1-a98d-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{e2e063ab-e64d-11e1-a98d-74f06dd52b60}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e2e063d9-e64d-11e1-a98d-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{e2e063d9-e64d-11e1-a98d-74f06dd52b60}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{f42658c5-cdd4-11e1-a095-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{f42658c5-cdd4-11e1-a095-74f06dd52b60}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f42658c9-cdd4-11e1-a095-74f06dd52b60}\Shell - "" = AutoRun
O33 - MountPoints2\{f42658c9-cdd4-11e1-a095-74f06dd52b60}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Windows/AutoRun.exe -- [2010/12/27 13:44:38 | 000,302,928 | R--- | M] ()
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe

:Services

:Reg

:Files

:Commands
[emptyjava]
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]

- Clique no botão Consertar
- Quando terminado, clique em Ok para reiniciar o computador.
- Na janela que aparecer, clique em "Executar", copie o conteúdo do log que for aberto e cole na sua próxima resposta, juntamente com um novo log do HijackThis.

#7
Rodrigo.rj

Rodrigo.rj

    Novato

  • Novato
  • Pip
  • 4 posts
log do OTL


All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{611a9bd2-f1f6-11e1-8061-74f06dd52b60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{611a9bd2-f1f6-11e1-8061-74f06dd52b60}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{611a9bd2-f1f6-11e1-8061-74f06dd52b60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{611a9bd2-f1f6-11e1-8061-74f06dd52b60}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{611a9bd5-f1f6-11e1-8061-74f06dd52b60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{611a9bd5-f1f6-11e1-8061-74f06dd52b60}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{611a9bd5-f1f6-11e1-8061-74f06dd52b60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{611a9bd5-f1f6-11e1-8061-74f06dd52b60}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{611a9c07-f1f6-11e1-8061-74f06dd52b60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{611a9c07-f1f6-11e1-8061-74f06dd52b60}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{611a9c07-f1f6-11e1-8061-74f06dd52b60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{611a9c07-f1f6-11e1-8061-74f06dd52b60}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{686964d0-9f5f-11e1-b7cb-74f06dd52b60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{686964d0-9f5f-11e1-b7cb-74f06dd52b60}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{686964d0-9f5f-11e1-b7cb-74f06dd52b60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{686964d0-9f5f-11e1-b7cb-74f06dd52b60}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7fa9aafe-2e05-11e2-95d2-74f06dd52b60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7fa9aafe-2e05-11e2-95d2-74f06dd52b60}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7fa9aafe-2e05-11e2-95d2-74f06dd52b60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7fa9aafe-2e05-11e2-95d2-74f06dd52b60}\ not found.
File move failed. F:\Windows/AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83010952-e7b7-11e1-95eb-74f06dd52b60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83010952-e7b7-11e1-95eb-74f06dd52b60}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83010952-e7b7-11e1-95eb-74f06dd52b60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83010952-e7b7-11e1-95eb-74f06dd52b60}\ not found.
File move failed. F:\Windows/AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8408db5b-b242-11e1-b9e5-74f06dd52b60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8408db5b-b242-11e1-b9e5-74f06dd52b60}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8408db5b-b242-11e1-b9e5-74f06dd52b60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8408db5b-b242-11e1-b9e5-74f06dd52b60}\ not found.
File G:\Windows/AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae8e309a-8dd6-11e2-99de-74f06dd52b60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae8e309a-8dd6-11e2-99de-74f06dd52b60}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae8e309a-8dd6-11e2-99de-74f06dd52b60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae8e309a-8dd6-11e2-99de-74f06dd52b60}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1c9643c-9ded-11e1-a23c-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1c9643c-9ded-11e1-a23c-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1c9643c-9ded-11e1-a23c-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1c9643c-9ded-11e1-a23c-806e6f6e6963}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1c96478-9ded-11e1-a23c-74f06dd52b60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1c96478-9ded-11e1-a23c-74f06dd52b60}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1c96478-9ded-11e1-a23c-74f06dd52b60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1c96478-9ded-11e1-a23c-74f06dd52b60}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d47a6ba6-3cb5-11e2-97a3-00e0914a0b47}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d47a6ba6-3cb5-11e2-97a3-00e0914a0b47}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d47a6ba6-3cb5-11e2-97a3-00e0914a0b47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d47a6ba6-3cb5-11e2-97a3-00e0914a0b47}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d47a6baf-3cb5-11e2-97a3-74f06dd52b60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d47a6baf-3cb5-11e2-97a3-74f06dd52b60}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d47a6baf-3cb5-11e2-97a3-74f06dd52b60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d47a6baf-3cb5-11e2-97a3-74f06dd52b60}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2e06365-e64d-11e1-a98d-74f06dd52b60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2e06365-e64d-11e1-a98d-74f06dd52b60}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2e06365-e64d-11e1-a98d-74f06dd52b60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2e06365-e64d-11e1-a98d-74f06dd52b60}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2e0636b-e64d-11e1-a98d-74f06dd52b60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2e0636b-e64d-11e1-a98d-74f06dd52b60}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2e0636b-e64d-11e1-a98d-74f06dd52b60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2e0636b-e64d-11e1-a98d-74f06dd52b60}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2e063a8-e64d-11e1-a98d-74f06dd52b60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2e063a8-e64d-11e1-a98d-74f06dd52b60}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2e063a8-e64d-11e1-a98d-74f06dd52b60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2e063a8-e64d-11e1-a98d-74f06dd52b60}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2e063ab-e64d-11e1-a98d-74f06dd52b60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2e063ab-e64d-11e1-a98d-74f06dd52b60}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2e063ab-e64d-11e1-a98d-74f06dd52b60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2e063ab-e64d-11e1-a98d-74f06dd52b60}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2e063d9-e64d-11e1-a98d-74f06dd52b60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2e063d9-e64d-11e1-a98d-74f06dd52b60}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2e063d9-e64d-11e1-a98d-74f06dd52b60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2e063d9-e64d-11e1-a98d-74f06dd52b60}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f42658c5-cdd4-11e1-a095-74f06dd52b60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f42658c5-cdd4-11e1-a095-74f06dd52b60}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f42658c5-cdd4-11e1-a095-74f06dd52b60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f42658c5-cdd4-11e1-a095-74f06dd52b60}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f42658c9-cdd4-11e1-a095-74f06dd52b60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f42658c9-cdd4-11e1-a095-74f06dd52b60}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f42658c9-cdd4-11e1-a095-74f06dd52b60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f42658c9-cdd4-11e1-a095-74f06dd52b60}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File move failed. F:\Windows/AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\AutoRun.exe not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Rose
->Java cache emptied: 1321081 bytes

User: Todos os Usuários

User: Usuário Padrão

Total Java Files Cleaned = 1,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57616 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Rose
->Temp folder emptied: 10086078 bytes
->Temporary Internet Files folder emptied: 35259800 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 69757481 bytes
->Google Chrome cache emptied: 91196402 bytes
->Flash cache emptied: 58153 bytes

User: Todos os Usuários

User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3324295 bytes
RecycleBin emptied: 27215383 bytes

Total Files Cleaned = 226,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Rose
->Flash cache emptied: 0 bytes

User: Todos os Usuários

User: Usuário Padrão
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04092013_202632

Files\Folders moved on Reboot...
File move failed. F:\Windows/AutoRun.exe scheduled to be moved on reboot.
File move failed. C:\Users\Rose\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Log do HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 20:45:08, on 09/04/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v10.0 (10.00.9200.16521)

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\PSafe\PSafeSysTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\PSafe\PSafeWDS.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Claro 3G\UIMain.exe
C:\Program Files\Claro 3G\CMUpdater.exe
C:\Users\Rose\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rose\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rose\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rose\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rose\Music\Contacts\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BHO - {47B614AF-B4CC-485B-B331-BE26F02ED4CC} - C:\Program Files\Internet Explorer\IEAddon.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PSafeSysTray] "C:\Program Files\PSafe\PSafeSysTray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [VDownloader] "C:\Program Files\VDownloader\VDownloader.exe" /silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Rose\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Rose\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{B90176B4-36C2-4468-BCA2-B53093C4A806}: NameServer = 200.169.117.221 200.169.117.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PSafeLockBoxSvc - PSafe - C:\Program Files\PSafe\PSafeCategoryFinder.exe
O23 - Service: PSafeSVC - PSafe S/A - C:\Program Files\PSafe\PSafesvc.exe
O23 - Service: PSafeWD - PSafe - C:\Program Files\PSafe\PSafeWD.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Ficaram 2 icones desktop.ini na minha area de trabalho.

#8
JoseMelo

JoseMelo

    Assistente Profissional

  • Assistente Profissional
  • 128.827 posts

Ficaram 2 icones desktop.ini na minha area de trabalho.

Estão visíveis porque a visualização dos arquivos de sistema está habilitada em Opções de Pasta.


Faça o download do Kaspersky Virus Removal Tool de um desses 2 links:
http://devbuilds.kas...builds/AVPTool/
http://dnl-us6.kaspe...builds/AVPTool/

Salve-o em sua área de trabalho.

- Duplo clique no arquivo "setup" e aguarde a instalação;
- Na próxima tela marque I accept the licence agreement e clique em Start
- Clique no botão Imagem Postada e marque:
  • Meu computador
  • Disco local (C:) (a letra do disco local pode variar)
- Clique em Actions e desmarque os dois quadros:
Imagem Postada
- Clique na aba Automatic Scan e aguarde o término da verificação.

- Clique no botão Imagem Postada, em Detected threats e no botão "Save".
- Copie o conteúdo do arquivo salvo (se houver algo detectado) e poste na sua próxima resposta.

#9
LUA

LUA

    Administradora

  • Administrador
  • 4.363 posts
Tópico Arquivado

Como o autor não respondeu ao tópico por mais de 10 dias, o mesmo foi arquivado.

Caso você seja o autor do tópico e quer que o mesmo seja reaberto, envie uma mensagem privada para um moderador ou assistente com um link para este tópico e justifique porque você precisa dele reaberto.
Luciana Leme

Imagem Postada
__________________________________________________
Respeite quem o ajuda, não abandone o seu tópico.
Leia as Regras do Fórum - Veja como se tornar um Aprendiz
Linha Defensiva no Twitter! - Linha Defensiva no Facebook!