Ir para conteúdo

Foto

Remoção de vírus


Este tópico foi arquivado. Isto significa que você não pode mais responder ao tópico.
27 respostas neste tópico

#1
afranionatanael

afranionatanael

    Novato

  • Novato
  • Pip
  • 16 posts

Olá boa noite,

Estou muito irritado com meu pc nao consigo fazer uma pesquisa sem que meu navegador redirecione para paginas de propaganas.

Ora funciona, mais na maioria das vezes nao consigo acessar minhas pesquisas, por que me redireciona para varias muitas milhoes de propagandas.

 

Aguardo retorno

 

 

ATT, afranionatanael

Arquivo(s) anexado(s)


Editado por mikhailovitch, 30 maio 2013 - 22:25.
Texto escrito em maiúsculas. Regra 3.7.


#2
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.020 posts

afranionatanael,

 

Por favor, observe o seguinte:

  • NÃO tente realizar sozinho nenhum procedimento de limpeza. Em especial, não execute por conta própria ferramentas utilizadas no fórum Remoção de Malware. O uso indevido de algumas ferramentas poderá danificar o seu computador ou, no mínimo, remover parcialmente os sinais de uma infecção que serviriam de informação ao analista. A equipe não será responsabilizada por consequências resultantes de uso indevido e/ou não-informado das ferramentas. - Regra nº8 da Remoção de Malwares
  • Não inicie novo tópico sobre esse problema. Poste suas respostas sempre neste tópico.
  • Clique em button_seguir.png (se localiza no canto superior direito do post principal) para que receba notificação por e-mail quando o mesmo for respondido. Você também pode verificar os tópicos assinados usando a opção Conteúdo que sigo acessível através do Painel de Controle do fórum.
  • As análises podem levar algum tempo, portanto seja paciente.
  • As instruções são específicas para o seu computador, e devem ser aplicadas somente nele.
  • Se algo der errado, não importa. Sempre acompanhe seu tópico, informando-me dos resultados, até que seu computador esteja limpo.
  • Aviso: Evite utilizar as tags <QUOTE> ou <CODE> nos logs, isso prejudica a leitura na hora da analise.
  • Não abandone seu tópico. Para nós é importante saber se a remoção foi bem sucedida.
  • Se você não receber uma resposta minha em até 5 dias. Me envie uma MP

Execute os procedimentos abaixo.

1)

Baixe o AdwCleaner e salve no desktop.
http://general-chang...de/2-adwcleaner

Execute o arquivo adwcleaner.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo adwcleaner.exe, depois clique em execadmin.png.

Clique em Remover.

Abrirá um bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.

2)

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe 1268r49.png e salve no desktop. Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

* No Windows Vista e Windows 7:

Clique com o direito sobre o JRT.exe e selecione run_as_adm1.png

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

3)

Baixe o Malwarebytes' Anti-Malware (MBAM)
http://download.cnet...4-10804572.html

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  • Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  • Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  • Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Em caso de dúvidas, leia o tutorial do programa:
http://linhadefensiv...showtopic=75554



#3
afranionatanael

afranionatanael

    Novato

  • Novato
  • Pip
  • 16 posts

# AdwCleaner v2.300 - Relatório criado em 12/05/2013 às 15:51:07
# Atualizado em 28/04/2013 por Xplode
# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (32 bits)
# Usuário : cpu - CPU-PC
# Modo de Boot : Normal
# Executado de : C:\Users\cpu\Desktop\linha Defensiva\adwcleaner.exe
# Opção [Remover]


***** [Serviços] *****


***** [Arquivos/Pastas] *****

Arquivo Removido : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Arquivo Removido : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Arquivo Removido : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
Arquivo Removido : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml
Arquivo Removido : C:\user.js
Arquivo Removido : C:\Users\cpu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
Arquivo Removido : C:\Users\cpu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
Arquivo Removido : C:\Users\cpu\AppData\Local\Temp\searchqutoolbar-manifest.xml
Arquivo Removido : C:\Users\cpu\AppData\Roaming\Mozilla\Firefox\Profiles\dwpi2gkc.default\bProtector_extensions.rdf
Arquivo Removido : C:\Users\cpu\AppData\Roaming\Mozilla\Firefox\Profiles\dwpi2gkc.default\bprotector_extensions.sqlite
Arquivo Removido : C:\Users\cpu\AppData\Roaming\Mozilla\Firefox\Profiles\h1o4yws4.default-1355618386447\searchplugins\Babylon.xml
Arquivo Removido : C:\Users\cpu\AppData\Roaming\Mozilla\Firefox\Profiles\h1o4yws4.default-1355618386447\searchplugins\BrowserProtect.xml
Pasta Removido : C:\Program Files\Common Files\AVG Secure Search
Pasta Removido : C:\Program Files\Conduit
Pasta Removido : C:\Program Files\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Pasta Removido : C:\Program Files\SiteRanker
Pasta Removido : C:\Program Files\SweetIM
Pasta Removido : C:\ProgramData\Ask
Pasta Removido : C:\ProgramData\Babylon
Pasta Removido : C:\ProgramData\boost_interprocess
Pasta Removido : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiteRanker
Pasta Removido : C:\ProgramData\SweetIM
Pasta Removido : C:\ProgramData\Tarma Installer
Pasta Removido : C:\Users\cpu\AppData\Local\Conduit
Pasta Removido : C:\Users\cpu\AppData\Local\EoRezo
Pasta Removido : C:\Users\cpu\AppData\LocalLow\AVG Security Toolbar
Pasta Removido : C:\Users\cpu\AppData\LocalLow\Conduit
Pasta Removido : C:\Users\cpu\AppData\LocalLow\PriceGong
Pasta Removido : C:\Users\cpu\AppData\LocalLow\searchquband
Pasta Removido : C:\Users\cpu\AppData\LocalLow\ShopperReports3
Pasta Removido : C:\Users\cpu\AppData\LocalLow\SiteRanker
Pasta Removido : C:\Users\cpu\AppData\LocalLow\Toolbar4
Pasta Removido : C:\Users\cpu\AppData\Roaming\Babylon
Pasta Removido : C:\Users\cpu\AppData\Roaming\DealPly
Pasta Removido : C:\Users\cpu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Pasta Removido : C:\Users\cpu\AppData\Roaming\Mozilla\Firefox\Profiles\08shnp3b.default\extensions\staged
Pasta Removido : C:\Users\cpu\AppData\Roaming\Mozilla\Firefox\Profiles\dwpi2gkc.default\extensions\staged
Pasta Removido : C:\Users\cpu\AppData\Roaming\Mozilla\Firefox\Profiles\h1o4yws4.default-1355618386447\CT2851643
Pasta Removido : C:\Users\cpu\AppData\Roaming\Mozilla\Firefox\Profiles\h1o4yws4.default-1355618386447\extensions\{e0301295-ab3e-4af3-979f-3d453c5f9f48}
Pasta Removido : C:\Users\cpu\AppData\Roaming\Mozilla\Firefox\Profiles\h1o4yws4.default-1355618386447\Smartbar
Pasta Removido : C:\Users\cpu\AppData\Roaming\OpenCandy
Pasta Removido : C:\windows\Installer\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Pasta Removido : C:\windows\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}

***** [Registro] *****

Chave Removida : HKCU\Software\1ClickDownload
Chave Removida : HKCU\Software\5a08dd0b23cec47
Chave Removida : HKCU\Software\AppDataLow\Software\Conduit
Chave Removida : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Chave Removida : HKCU\Software\AppDataLow\Software\Crossrider
Chave Removida : HKCU\Software\AppDataLow\Software\PriceGong
Chave Removida : HKCU\Software\AppDataLow\Software\searchqutoolbar
Chave Removida : HKCU\Software\AppDataLow\Software\ShopperReports3
Chave Removida : HKCU\Software\AppDataLow\Software\SmartBar
Chave Removida : HKCU\Software\AppDataLow\Software\Toolbar
Chave Removida : HKCU\Software\Conduit
Chave Removida : HKCU\Software\DataMngr
Chave Removida : HKCU\Software\Delta
Chave Removida : HKCU\Software\Iminent
Chave Removida : HKCU\Software\InstallCore
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Removida : HKCU\Software\Softonic
Chave Removida : HKCU\Software\Tutorials
Chave Removida : HKCU\Software\TutoTag
Chave Removida : HKLM\SOFTWARE\5a08dd0b23cec47
Chave Removida : HKLM\Software\Babylon
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Chave Removida : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Chave Removida : HKLM\SOFTWARE\Classes\delta.deltaappCore
Chave Removida : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Chave Removida : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Chave Removida : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Chave Removida : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Chave Removida : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Chave Removida : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Chave Removida : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Chave Removida : HKLM\Software\Classes\Installer\Features\254796BF4AC84B64891B61C529A2E23F
Chave Removida : HKLM\Software\Classes\Installer\Features\758F5690DAAD39F40845E0E23C8C5C0B
Chave Removida : HKLM\Software\Classes\Installer\Products\254796BF4AC84B64891B61C529A2E23F
Chave Removida : HKLM\Software\Classes\Installer\Products\758F5690DAAD39F40845E0E23C8C5C0B
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Chave Removida : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Chave Removida : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Chave Removida : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Chave Removida : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Chave Removida : HKLM\SOFTWARE\Classes\Prod.cap
Chave Removida : HKLM\SOFTWARE\Classes\sim-packages
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Chave Removida : HKLM\Software\Conduit
Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Chave Removida : HKLM\Software\Iminent
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Chave Removida : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DATAMNGR
Chave Removida : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM
Chave Removida : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetPacks Communicator
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\254796BF4AC84B64891B61C529A2E23F
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\758F5690DAAD39F40845E0E23C8C5C0B
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Chave Removida : HKLM\Software\Tarma Installer
Valor Removida : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Navegadores] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registro está limpo.

-\\ Mozilla Firefox v18.0.2 (pt-BR)

Arquivo : C:\Users\cpu\AppData\Roaming\Mozilla\Firefox\Profiles\08shnp3b.default\prefs.js

C:\Users\cpu\AppData\Roaming\Mozilla\Firefox\Profiles\08shnp3b.default\user.js ... Removido !

Removida : user_pref("browser.search.selectedEngine", "Delta Search");
Removida : user_pref("keyword.URL", "hxxp://www.delta-search.com/?affID=114350&tt=261112_yh_4812_3&babsrc=KW_ss[...]

Arquivo : C:\Users\cpu\AppData\Roaming\Mozilla\Firefox\Profiles\dwpi2gkc.default\prefs.js

C:\Users\cpu\AppData\Roaming\Mozilla\Firefox\Profiles\dwpi2gkc.default\user.js ... Removido !

Removida : user_pref("browser.search.selectedEngine", "Delta Search");
Removida : user_pref("keyword.URL", "hxxp://www.delta-search.com/?affID=114350&tt=261112_yh_4812_3&babsrc=KW_ss[...]
Removida : user_pref("browser.search.selectedEngine", "Delta Search");
Removida : user_pref("keyword.URL", "hxxp://www.delta-search.com/?affID=114350&tt=261112_yh_4812_3&babsrc=KW_ss[...]
Removida : user_pref("browser.search.selectedEngine", "Delta Search");
Removida : user_pref("keyword.URL", "hxxp://www.delta-search.com/?affID=114350&tt=261112_yh_4812_3&babsrc=KW_ss[...]
Removida : user_pref("browser.search.selectedEngine", "Delta Search");
Removida : user_pref("keyword.URL", "hxxp://www.delta-search.com/?affID=114350&tt=261112_yh_4812_3&babsrc=KW_ss[...]

Arquivo : C:\Users\cpu\AppData\Roaming\Mozilla\Firefox\Profiles\h1o4yws4.default-1355618386447\prefs.js

C:\Users\cpu\AppData\Roaming\Mozilla\Firefox\Profiles\h1o4yws4.default-1355618386447\user.js ... Removido !

Removida : user_pref("CT2851643.1000234.TWC_TMP_city", "SAO PAULO");
Removida : user_pref("CT2851643.1000234.TWC_TMP_country", "BR");
Removida : user_pref("CT2851643.1000234.TWC_country", "BRAZIL");
Removida : user_pref("CT2851643.1000234.TWC_locId", "BRXX0232");
Removida : user_pref("CT2851643.1000234.TWC_location", "Sao Paulo, Brazil");
Removida : user_pref("CT2851643.1000234.TWC_region", "BR");
Removida : user_pref("CT2851643.1000234.TWC_temp_dis", "c");
Removida : user_pref("CT2851643.1000234.TWC_wind_dis", "kmh");
Removida : user_pref("CT2851643.1000234.weatherData", "{\"icon\":\"33.png\",\"temperature\":\"19°C\",\"temperat[...]
Removida : user_pref("CT2851643.CBOpenMAMSettings.enc", "MA==");
Removida : user_pref("CT2851643.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Removida : user_pref("CT2851643.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Removida : user_pref("CT2851643.FirstTime", "true");
Removida : user_pref("CT2851643.FirstTimeFF3", "true");
Removida : user_pref("CT2851643.LoginRevertSettingsEnabled", true);
Removida : user_pref("CT2851643.PG_ENABLE", "dHJ1ZQ==");
Removida : user_pref("CT2851643.PG_ENABLE.enc", "dHJ1ZQ==");
Removida : user_pref("CT2851643.RevertSettingsEnabled", true);
Removida : user_pref("CT2851643.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Removida : user_pref("CT2851643.SF_STATUS.enc", "RU5BQkxFRA==");
Removida : user_pref("CT2851643.SF_USER_ID.enc", "Y2lkXzE0NDIwMTMyMjI0NTk3NTEzMTk=");
Removida : user_pref("CT2851643.SearchAppState.enc", "Mw==");
Removida : user_pref("CT2851643.SearchAppTracking.enc", "c2VudA==");
Removida : user_pref("CT2851643.UserID", "UN88433982658385610");
Removida : user_pref("CT2851643.addressBarTakeOverEnabledInHidden", "true");
Removida : user_pref("CT2851643.autoDisableScopes", 0);
Removida : user_pref("CT2851643.cb_experience_000.enc", "NA==");
Removida : user_pref("CT2851643.cb_firstuse0100.enc", "MQ==");
Removida : user_pref("CT2851643.cbcountry_001.enc", "QlI=");
Removida : user_pref("CT2851643.cbfirsttime.enc", "TW9uIEphbiAyOCAyMDEzIDEzOjEwOjU5IEdNVC0wMjAw");
Removida : user_pref("CT2851643.defaultSearch", "false");
Removida : user_pref("CT2851643.embeddedsData", "[{\"appId\":\"129351530870900444\",\"apiPermissions\":{\"cross[...]
Removida : user_pref("CT2851643.enableAlerts", "always");
Removida : user_pref("CT2851643.enableFix404ByUser", "FALSE");
Removida : user_pref("CT2851643.enableSearchFromAddressBar", "false");
Removida : user_pref("CT2851643.firstTimeDialogOpened", "true");
Removida : user_pref("CT2851643.fixPageNotFoundError", "true");
Removida : user_pref("CT2851643.fixPageNotFoundErrorByUser", "true");
Removida : user_pref("CT2851643.fixPageNotFoundErrorInHidden", "true");
Removida : user_pref("CT2851643.fixUrls", true);
Removida : user_pref("CT2851643.hxxp___socialgrowthtechnologies_com_couponbuddy_v002.APP_WIN_FEATURES.enc", "b3[...]
Removida : user_pref("CT2851643.installType", "xpe");
Removida : user_pref("CT2851643.isCheckedStartAsHidden", true);
Removida : user_pref("CT2851643.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Removida : user_pref("CT2851643.isFirstTimeToolbarLoading", "false");
Removida : user_pref("CT2851643.isNewTabEnabled", false);
Removida : user_pref("CT2851643.isPerformedSmartBarTransition", "true");
Removida : user_pref("CT2851643.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Removida : user_pref("CT2851643.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Removida : user_pref("CT2851643.lastVersion", "10.15.0.562");
Removida : user_pref("CT2851643.mam_gk_appStateReportTime.enc", "MTM2NjA3NjAzMTcwMQ==");
Removida : user_pref("CT2851643.mam_gk_appState_CouponBuddy.enc", "b24=");
Removida : user_pref("CT2851643.mam_gk_appState_PriceGong.enc", "b24=");
Removida : user_pref("CT2851643.mam_gk_appState_WindowShopper.enc", "b24=");
Removida : user_pref("CT2851643.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Removida : user_pref("CT2851643.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Removida : user_pref("CT2851643.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IldpbmRvd1Nob3BwZXI[...]
Removida : user_pref("CT2851643.mam_gk_currentVersion.enc", "MS40LjQuNg==");
Removida : user_pref("CT2851643.mam_gk_first_time.enc", "MQ==");
Removida : user_pref("CT2851643.mam_gk_lastLoginTime.enc", "MTM2NjA3NjAyODQ2Nw==");
Removida : user_pref("CT2851643.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJQb2zDrXRp[...]
Removida : user_pref("CT2851643.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Removida : user_pref("CT2851643.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Removida : user_pref("CT2851643.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Removida : user_pref("CT2851643.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Removida : user_pref("CT2851643.mam_gk_userId.enc", "M2JhYjdlNTYtOTY3ZS00MThhLWFhNWYtMGU3YTc0YmYwMjlj");
Removida : user_pref("CT2851643.migrateAppsAndComponents", true);
Removida : user_pref("CT2851643.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
Removida : user_pref("CT2851643.openThankYouPage", "true");
Removida : user_pref("CT2851643.openUninstallPage", "false");
Removida : user_pref("CT2851643.price-gong.isManagedApp", "true");
Removida : user_pref("CT2851643.revertSettingsEnabled", "false");
Removida : user_pref("CT2851643.search.searchAppId", "129351530870900444");
Removida : user_pref("CT2851643.search.searchCount", "0");
Removida : user_pref("CT2851643.searchInNewTabEnabled", "false");
Removida : user_pref("CT2851643.searchInNewTabEnabledByUser", "false");
Removida : user_pref("CT2851643.searchInNewTabEnabledInHidden", "true");
Removida : user_pref("CT2851643.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Removida : user_pref("CT2851643.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Removida : user_pref("CT2851643.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Removida : user_pref("CT2851643.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Removida : user_pref("CT2851643.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Removida : user_pref("CT2851643.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Removida : user_pref("CT2851643.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Removida : user_pref("CT2851643.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1365849389810");
Removida : user_pref("CT2851643.serviceLayer_services_appsMetadata_lastUpdate", "1365991110624");
Removida : user_pref("CT2851643.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1365849389817");
Removida : user_pref("CT2851643.serviceLayer_services_location_lastUpdate", "1365989192622");
Removida : user_pref("CT2851643.serviceLayer_services_login_10.13.40.15_lastUpdate", "1359416249979");
Removida : user_pref("CT2851643.serviceLayer_services_login_10.14.40.128_lastUpdate", "1365849389681");
Removida : user_pref("CT2851643.serviceLayer_services_login_10.15.0.562_lastUpdate", "1365989192427");
Removida : user_pref("CT2851643.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1365849389761");
Removida : user_pref("CT2851643.serviceLayer_services_searchAPI_lastUpdate", "1365989193058");
Removida : user_pref("CT2851643.serviceLayer_services_serviceMap_lastUpdate", "1365989192115");
Removida : user_pref("CT2851643.serviceLayer_services_toolbarContextMenu_lastUpdate", "1365849392894");
Removida : user_pref("CT2851643.serviceLayer_services_toolbarSettings_lastUpdate", "1365991110341");
Removida : user_pref("CT2851643.serviceLayer_services_translation_lastUpdate", "1365989192551");
Removida : user_pref("CT2851643.settingsINI", true);
Removida : user_pref("CT2851643.shouldFirstTimeDialog", "false");
Removida : user_pref("CT2851643.showToolbarPermission", "false");
Removida : user_pref("CT2851643.smartbar.CTID", "CT2851643");
Removida : user_pref("CT2851643.smartbar.Uninstall", "0");
Removida : user_pref("CT2851643.smartbar.toolbarName", "uTorrentBar_PT ");
Removida : user_pref("CT2851643.startPage", "false");
Removida : user_pref("CT2851643.toolbarBornServerTime", "28-1-2013");
Removida : user_pref("CT2851643.toolbarCurrentServerTime", "15-4-2013");
Removida : user_pref("CT2851643.toolbarDisabled", "true");
Removida : user_pref("CT2851643.toolbarLoginClientTime", "Sun Apr 14 2013 22:24:31 GMT-0300 (Hora oficial do Br[...]
Removida : user_pref("CT2851643.url_history0001.enc", "aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo6OmNsaWNraGFuZGxlcjo6OjEz[...]
Removida : user_pref("CT2851643_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Removida : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=114350&tt=261112_yh_4812[...]
Removida : user_pref("avg.install.userSPSettings", "Delta Search");
Removida : user_pref("browser.search.defaultengine", "Ask.com");
Removida : user_pref("browser.search.selectedEngine", "Delta Search");
Removida : user_pref("extensions.BabylonToolbar.admin", false);
Removida : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Removida : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Removida : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Removida : user_pref("extensions.BabylonToolbar.bbDpng", "4");
Removida : user_pref("extensions.BabylonToolbar.cntry", "BR");
Removida : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Removida : user_pref("extensions.BabylonToolbar.dpkLst", "");
Removida : user_pref("extensions.BabylonToolbar.excTlbr", false);
Removida : user_pref("extensions.BabylonToolbar.ffxUnstlRst", true);
Removida : user_pref("extensions.BabylonToolbar.hdrMd5", "FF7CB65FDCDCD98B98B56AE4AA04FFE2");
Removida : user_pref("extensions.BabylonToolbar.id", "16c9600600000000000000e04c8d079c");
Removida : user_pref("extensions.BabylonToolbar.instlDay", "15822");
Removida : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Removida : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.11.1021:25:40");
Removida : user_pref("extensions.BabylonToolbar.newTab", false);
Removida : user_pref("extensions.BabylonToolbar.pnu_uninst", "{\"newVrsn\":\"14\",\"lastVrsn\":\"14\",\"vrsnLoa[...]
Removida : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Removida : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Removida : user_pref("extensions.BabylonToolbar.rvrt", "false");
Removida : user_pref("extensions.BabylonToolbar.sg", "tzb");
Removida : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Removida : user_pref("extensions.BabylonToolbar.tlbrId", "uninst");
Removida : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Removida : user_pref("extensions.BabylonToolbar.vrsn", "1.8.11.10");
Removida : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.11.1021:25:40");
Removida : user_pref("extensions.BabylonToolbar.vrsni", "1.8.11.10");
Removida : user_pref("extensions.BabylonToolbar_i.babExt", "");
Removida : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=119849");
Removida : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Removida : user_pref("keyword.URL", "hxxp://www.delta-search.com/?affID=114350&tt=261112_yh_4812_3&babsrc=KW_ss[...]
Removida : user_pref("smartbar.machineId", "MOZEJXMBXIK3FWQUIUNEO1ID11DCI88EQEXTZH48F5UHN3PHOCZ/LKMCGZYAJPDJLSN[...]

-\\ Google Chrome v26.0.1410.64

Arquivo : C:\Users\cpu\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Arquivo está limpo.

*************************

AdwCleaner[S1].txt - [36116 octets] - [12/05/2013 15:51:07]

########## EOF - C:\AdwCleaner[S1].txt - [36177 octets] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x86
Ran by cpu on 12/05/2013 at 16:11:38,75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch



~~~ Files

Successfully deleted: [File] "C:\windows\system32\roboot.exe"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\cpu\AppData\Roaming\b1toolbar"
Successfully deleted: [Folder] "C:\Users\cpu\AppData\Roaming\pccustubinstaller"
Successfully deleted: [Folder] "C:\Users\cpu\appdata\local\b1e"
Failed to delete: [Folder] "C:\Users\cpu\appdata\local\torch"
Successfully deleted: [Folder] "C:\Users\cpu\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\cpu\appdata\locallow\tuvaro"
Successfully deleted: [Folder] "C:\Program Files\winzip registry optimizer"
Successfully deleted: [Empty Folder] C:\Users\cpu\appdata\local\{16E4C7B1-BA14-440E-8CB6-3AC835490B3F}



~~~ FireFox

Successfully deleted: [File] C:\Users\cpu\AppData\Roaming\mozilla\firefox\profiles\h1o4yws4.default-1355618386447\invalidprefs.js
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\siteranker@siteranker.com
Successfully deleted the following from C:\Users\cpu\AppData\Roaming\mozilla\firefox\profiles\h1o4yws4.default-1355618386447\prefs.js

user_pref("extensions.tuvaro.admin", false);
user_pref("extensions.tuvaro.aflt", "orgnl");
user_pref("extensions.tuvaro.appId", "{2768469C-717B-401F-8532-C6D88BAE0339}");
user_pref("extensions.tuvaro.autoRvrt", "false");
user_pref("extensions.tuvaro.dfltLng", "");
user_pref("extensions.tuvaro.dfltSrch", true);
user_pref("extensions.tuvaro.dnsErr", true);
user_pref("extensions.tuvaro.excTlbr", false);
user_pref("extensions.tuvaro.ffxUnstlRst", false);
user_pref("extensions.tuvaro.hmpg", true);
user_pref("extensions.tuvaro.hmpgUrl", "hxxp://tuvaro.com/ws/?source=536c75e7&tbp=homepage&toolbarid=base&u=16c9600600000000000000e04c8d079c");
user_pref("extensions.tuvaro.hpOld0", "www.google.com.br");
user_pref("extensions.tuvaro.id", "16c9600600000000000000e04c8d079c");
user_pref("extensions.tuvaro.instlDay", "15751");
user_pref("extensions.tuvaro.instlRef", "536c75e7");
user_pref("extensions.tuvaro.kw_url", "hxxp://tuvaro.com/ws/?source=536c75e7&tbp=url&toolbarid=base&u=16c9600600000000000000e04c8d079c&q=");
user_pref("extensions.tuvaro.newTab", true);
user_pref("extensions.tuvaro.newTabUrl", "chrome://tuvaro/content/new browser tab.html?source=536c75e7&tbp=tab&u=16c9600600000000000000e04c8d079c");
user_pref("extensions.tuvaro.prdct", "tuvaro");
user_pref("extensions.tuvaro.prtnrId", "tuvaro");
user_pref("extensions.tuvaro.rvrt", "false");
user_pref("extensions.tuvaro.smplGrp", "none");
user_pref("extensions.tuvaro.srchPrvdr", "Tuvaro");
user_pref("extensions.tuvaro.tlbrId", "base");
user_pref("extensions.tuvaro.tlbrSrchUrl", "hxxp://tuvaro.com/ws/?source=536c75e7&tbp=main&toolbarid=base&u=16c9600600000000000000e04c8d079c&q=");
user_pref("extensions.tuvaro.vrsn", "1.8.12.0");
user_pref("extensions.tuvaro.vrsnTs", "1.8.12.020:47:42");
user_pref("extensions.tuvaro.vrsni", "1.8.12.0");
Emptied folder: C:\Users\cpu\AppData\Roaming\mozilla\firefox\profiles\h1o4yws4.default-1355618386447\minidumps [54 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/05/2013 at 16:12:58,24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Versão da Base de Dados:  v2013.05.12.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16540
cpu :: CPU-PC [administrador]

12/05/2013 16:20:34
mbam-log-2013-05-12 (16-20-34).txt

Tipo de Verificação:  Verificação Rápida
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM | P2P
Opções de verificação desativadas:
Objetos escaneados:  209087
Tempo decorrido: 8 minuto(s), 16 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0
(Não foram detectados ítens maliciosos)

(fim)
 



#4
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.020 posts

Baixe e execute o MiniToolBox (por Farbar)

Selecione as opções:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Feche todos os seus navegadores e clique no botão Go.

Aguarde a ferramenta terminar o scan (é bem rapido) e ao final será aberto um bloco de notas.

Copie e cole o conteúdo desse bloco de notas na sua proxima resposta.

NOTA: Quando a opção "Reset FF Proxy Settings", o Fixefox deve ser fechado.



#5
afranionatanael

afranionatanael

    Novato

  • Novato
  • Pip
  • 16 posts

MiniToolBox by Farbar  Version:21-04-2013
Ran by cpu (administrator) on 12-05-2013 at 20:14:40
Running from "C:\Users\cpu\Desktop\linha Defensiva"
Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Configura‡Æo de IP do Windows

Libera‡Æo do Cache do DNS Resolver bem-sucedida.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

#    ::1             localhost

========================= IP Configuration: ================================

Ralink RT61 Turbo Wireless LAN Card = Conexão de Rede sem Fio (Connected)
Realtek PCIe GBE Family Controller = Conexão local (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Conexão de Rede sem Fio 2 (Media disconnected)


# ----------------------------------
# Configura‡Æo de IPv4
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# Final da configura‡Æo IPv4



Configura‡Æo de IP do Windows

   Nome do host. . . . . . . . . . . . . . . . : cpu-PC
   Sufixo DNS prim rio . . . . . . . . . . . . :
   Tipo de n¢. . . . . . . . . . . . . . . . . : h¡brido
   Roteamento de IP ativado. . . . . . . . . . : nÆo
   Proxy WINS ativado. . . . . . . . . . . . . : nÆo

Adaptador de Rede sem Fio ConexÆo de Rede sem Fio 2:

   Estado da m¡dia. . . . . . . . . . . . . .  : m¡dia desconectada
   Sufixo DNS espec¡fico de conexÆo. . . . . . :
   Descri‡Æo . . . . . . . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
   Endere‡o F¡sico . . . . . . . . . . . . . . : 00-E0-4C-8D-07-9C
   DHCP Habilitado . . . . . . . . . . . . . . : Sim
   Configura‡Æo Autom tica Habilitada. . . . . : Sim

Adaptador de Rede sem Fio ConexÆo de Rede sem Fio:

   Sufixo DNS espec¡fico de conexÆo. . . . . . :
   Descri‡Æo . . . . . . . . . . . . . . . . . : Ralink RT61 Turbo Wireless LAN Card
   Endere‡o F¡sico . . . . . . . . . . . . . . : 00-E0-4C-8D-07-9D
   DHCP Habilitado . . . . . . . . . . . . . . : Sim
   Configura‡Æo Autom tica Habilitada. . . . . : Sim
   Endere‡o IPv6 de link local . . . . . . . . : fe80::1d4c:f15:55c3:298e%17(Preferencial)
   Endere‡o IPv4. . . . . . . .  . . . . . . . : 192.168.2.100(Preferencial)
   M scara de Sub-rede . . . . . . . . . . . . : 255.255.255.0
   ConcessÆo Obtida. . . . . . . . . . . . . . : domingo, 12 de maio de 2013 19:53:51
   ConcessÆo Expira. . . . . . . . . . . . . . : domingo, 12 de maio de 2013 21:53:50
   Gateway PadrÆo. . . . . . . . . . . . . . . : 192.168.2.1
   Servidor DHCP . . . . . . . . . . . . . . . : 192.168.2.1
   IAID de DHCPv6. . . . . . . . . . . . . . . : 587259980
   DUID de Cliente DHCPv6. . . . . . . . . . . : 00-01-00-01-15-2D-FC-CF-00-40-A7-1E-87-E3
   Servidores DNS. . . . . . . . . . . . . . . : 192.168.1.1
                                                 192.168.2.1
   NetBIOS em Tcpip. . . . . . . . . . . . . . : Habilitado

Adaptador Ethernet ConexÆo local:

   Estado da m¡dia. . . . . . . . . . . . . .  : m¡dia desconectada
   Sufixo DNS espec¡fico de conexÆo. . . . . . :
   Descri‡Æo . . . . . . . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Endere‡o F¡sico . . . . . . . . . . . . . . : 00-40-A7-1E-87-E3
   DHCP Habilitado . . . . . . . . . . . . . . : Sim
   Configura‡Æo Autom tica Habilitada. . . . . : Sim

Adaptador de t£nel isatap.{44D00C5D-4FCC-4A10-B26E-BE00F2E1D9D0}:

   Estado da m¡dia. . . . . . . . . . . . . .  : m¡dia desconectada
   Sufixo DNS espec¡fico de conexÆo. . . . . . :
   Descri‡Æo . . . . . . . . . . . . . . . . . : Adaptador do Microsoft ISATAP #5
   Endere‡o F¡sico . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Habilitado . . . . . . . . . . . . . . : NÆo
   Configura‡Æo Autom tica Habilitada. . . . . : Sim

Adaptador de t£nel ConexÆo Local* 22:

   Sufixo DNS espec¡fico de conexÆo. . . . . . :
   Descri‡Æo . . . . . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Endere‡o F¡sico . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Habilitado . . . . . . . . . . . . . . : NÆo
   Configura‡Æo Autom tica Habilitada. . . . . : Sim
   Endere‡o IPv6 . . . . . . . . . . . . . . . : 2001:0:9d38:953c:1086:36e6:3f57:fd9b(Preferencial)
   Endere‡o IPv6 de link local . . . . . . . . : fe80::1086:36e6:3f57:fd9b%29(Preferencial)
   Gateway PadrÆo. . . . . . . . . . . . . . . : ::
   NetBIOS em Tcpip. . . . . . . . . . . . . . : Desabilitado
Servidor:  UnKnown
Address:  192.168.1.1

Nome:    google.com
Addresses:  2800:3f0:4001:804::1006
      74.125.234.167
      74.125.234.166
      74.125.234.169
      74.125.234.165
      74.125.234.163
      74.125.234.162
      74.125.234.164
      74.125.234.174
      74.125.234.160
      74.125.234.168
      74.125.234.161


Disparando google.com [74.125.234.169] com 32 bytes de dados:
Resposta de 74.125.234.169: bytes=32 tempo=57ms TTL=55
Resposta de 74.125.234.169: bytes=32 tempo=79ms TTL=55

Estat¡sticas do Ping para 74.125.234.169:
    Pacotes: Enviados = 2, Recebidos = 2, Perdidos = 0 (0% de
             perda),
Aproximar um n£mero redondo de vezes em milissegundos:
    M¡nimo = 57ms, M ximo = 79ms, M‚dia = 68ms
Servidor:  UnKnown
Address:  192.168.1.1

Nome:    yahoo.com
Addresses:  98.139.183.24
      98.138.253.109
      206.190.36.45


Disparando yahoo.com [206.190.36.45] com 32 bytes de dados:
Resposta de 206.190.36.45: bytes=32 tempo=344ms TTL=49
Resposta de 206.190.36.45: bytes=32 tempo=271ms TTL=49

Estat¡sticas do Ping para 206.190.36.45:
    Pacotes: Enviados = 2, Recebidos = 2, Perdidos = 0 (0% de
             perda),
Aproximar um n£mero redondo de vezes em milissegundos:
    M¡nimo = 271ms, M ximo = 344ms, M‚dia = 307ms

Disparando 127.0.0.1 com 32 bytes de dados:
Resposta de 127.0.0.1: bytes=32 tempo<1ms TTL=128
Resposta de 127.0.0.1: bytes=32 tempo<1ms TTL=128

Estat¡sticas do Ping para 127.0.0.1:
    Pacotes: Enviados = 2, Recebidos = 2, Perdidos = 0 (0% de
             perda),
Aproximar um n£mero redondo de vezes em milissegundos:
    M¡nimo = 0ms, M ximo = 0ms, M‚dia = 0ms
===========================================================================
Lista de interfaces
 18...00 e0 4c 8d 07 9c ......Microsoft Virtual WiFi Miniport Adapter #2
 17...00 e0 4c 8d 07 9d ......Ralink RT61 Turbo Wireless LAN Card
 10...00 40 a7 1e 87 e3 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 30...00 00 00 00 00 00 00 e0 Adaptador do Microsoft ISATAP #5
 29...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

Tabela de rotas IPv4
===========================================================================
Rotas ativas:
Endere‡o de rede          M scara   Ender. gateway       Interface   Custo
          0.0.0.0          0.0.0.0      192.168.2.1    192.168.2.100     25
        127.0.0.0        255.0.0.0      No v¡nculo         127.0.0.1    306
        127.0.0.1  255.255.255.255      No v¡nculo         127.0.0.1    306
  127.255.255.255  255.255.255.255      No v¡nculo         127.0.0.1    306
      192.168.2.0    255.255.255.0      No v¡nculo     192.168.2.100    281
    192.168.2.100  255.255.255.255      No v¡nculo     192.168.2.100    281
    192.168.2.255  255.255.255.255      No v¡nculo     192.168.2.100    281
        224.0.0.0        240.0.0.0      No v¡nculo         127.0.0.1    306
        224.0.0.0        240.0.0.0      No v¡nculo     192.168.2.100    281
  255.255.255.255  255.255.255.255      No v¡nculo         127.0.0.1    306
  255.255.255.255  255.255.255.255      No v¡nculo     192.168.2.100    281
===========================================================================
Rotas persistentes:
  Nenhuma

Tabela de rotas IPv6
===========================================================================
Rotas ativas:
 Se destino de rede de m‚trica      Gateway
 29     58 ::/0                     No v¡nculo
  1    306 ::1/128                  No v¡nculo
 29     58 2001::/32                No v¡nculo
 29    306 2001:0:9d38:953c:1086:36e6:3f57:fd9b/128
                                    No v¡nculo
 17    281 fe80::/64                No v¡nculo
 29    306 fe80::/64                No v¡nculo
 29    306 fe80::1086:36e6:3f57:fd9b/128
                                    No v¡nculo
 17    281 fe80::1d4c:f15:55c3:298e/128
                                    No v¡nculo
  1    306 ff00::/8                 No v¡nculo
 29    306 ff00::/8                 No v¡nculo
 17    281 ff00::/8                 No v¡nculo
===========================================================================
Rotas persistentes:
  Nenhuma
========================= Winsock entries =====================================

Catalog5 01 C:\windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 09 C:\windows\system32\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 33 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 34 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 35 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 36 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 37 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (02/05/2012 09:16:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 28 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/15/2011 01:07:23 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 386 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (06/15/2011 00:32:28 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 901 seconds with 720 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-04-07 12:40:19.987
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~1\McAfee\SITEAD~1\sahook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-07 12:21:44.957
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~1\McAfee\SITEAD~1\sahook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-07 12:09:58.367
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~1\McAfee\SITEAD~1\sahook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-07 11:53:01.099
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~1\McAfee\SITEAD~1\sahook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-07 11:49:13.559
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~1\McAfee\SITEAD~1\sahook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-07 11:39:02.385
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~1\McAfee\SITEAD~1\sahook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-07 11:38:51.727
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~1\McAfee\SITEAD~1\sahook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-07 11:38:33.279
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~1\McAfee\SITEAD~1\sahook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-07 11:38:06.787
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~1\McAfee\SITEAD~1\sahook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-07 11:04:59.979
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~1\McAfee\SITEAD~1\sahook.dll because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

 Update for Microsoft Office 2007 (KB2508958)
µTorrent (Version: 3.3.0.29126)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Flash Player 11 Plugin (Version: 11.6.602.180)
Adobe Reader XI (11.0.02) - Português (Version: 11.0.02)
Age of Empires III Trial (Version: 1.00.0000)
Arquivo do WinRAR
Atualização do produto Microsoft Office Excel 2007 Help (KB963678)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)
Atualização do produto Microsoft Office Word 2007 Help (KB963665)
CCleaner (Version: 3.04)
CloneCD
Controle ActiveX do Windows Live Mesh para Conexões Remotas (Version: 15.4.5722.2)
ConvertHelper 2.2
CyberLink DVD Suite (Version: 6.0.2110)
CyberLink Power2Go (Version: 5.5.1.4316)
D3DX10 (Version: 15.4.2368.0902)
Desinstalar impressora EPSON T25 Series
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EA Download Manager  (Version: 7.3.7.4)
EasySetPackage (Version: 2.4)
Efficient WMA MP3 Converter version 0.99.9.2 (Version: 0.99.9.2)
Epson Easy Photo Print 2 (Version: 2.2.0.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup (Version: 1.00.0000)
ffdshow v1.2.4422 [2012-04-09] (Version: 1.2.4422.0)
FindLyrics
FLV Player 2.0 (build 25) (Version: 2.0 (build 25))
Glary Utilities 2.49.0.1600 (Version: 2.49.0.1600)
Google Chrome (Version: 26.0.1410.64)
Google Earth Plug-in (Version: 7.0.3.8542)
Google Update Helper (Version: 1.3.21.145)
Haali Media Splitter
Hard Disk Sentinel PRO
HijackThis 1.99.1 (Version: 1.99.1)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1986)
Intel® TV Wizard
IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (Version: 1.0)
IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (Version: 1.0)
IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (Version: 1.1)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Java™ 6 Update 24 (Version: 6.0.240)
Junk Mail filter update (Version: 15.4.3502.0922)
K-Lite Codec Pack 7.0.0 (Full) (Version: 7.0.0)
Licking Dog Screen Clean Screensaver
Los Sims Medieval (Version: 1.0.0)
Malwarebytes Anti-Malware versão 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Online Backup
McAfee Online Backup (Version: 1.16.6.1)
McAfee Security Scan Plus (Version: 3.0.318.3)
McAfee SecurityCenter (Version: 11.6.507)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile PTB Language Pack (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended PTB Language Pack (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mozilla Firefox 18.0.2 (x86 pt-BR) (Version: 18.0.2)
Mozilla Maintenance Service (Version: 18.0.2)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MyEpson Portal
MyEpson Portal (Version: 1.0.0.12)
MyFreeCodec
Nero 7 Essentials (Version: 7.03.0920)
neroxml (Version: 1.0.0)
Norton PC Checkup (Version: 2.0.17.20)
Norton PC Checkup (Version: 3.0.2.122.0)
Pacote de Driver do Windows - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (Version: 4.0.30320)
Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil) (Version: 4.0.30320)
PC Connectivity Solution (Version: 11.4.19.0)
PDF To Word Converter V3.0.3
Photo Recovery Wizard
Photo Recovery Wizard Packages
Picasa 3 (Version: 3.9)
PowerDVD (Version: 7.0.3409.a)
Ralink RT6x Wireless LAN Card (Version: 1.5.4.0)
Realtek Ethernet Controller  Driver (Version: 1.00.0008)
Realtek High Definition Audio Driver (Version: 6.0.1.6013)
Receitanet (Version: 1.03)
Recuva (Version: 1.46)
Samsung Kies (Version: 2.1.0.11112_41)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.16.0)
Shared C Run-time for x86 (Version: 10.0.0)
SiteRanker (Version: 1.0.0.21)
Skype™ 5.10 (Version: 5.10.116)
SpyHunter (Version: 4.10.5.4085)
Super Professor®
Sweet Home 3D version 3.3
The Sims™ 3 (Version: 1.0.631)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition
Virtual Plastic Surgery Software - VPSS v1.0 (Version: 1.0.0.1667)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live Galeria de Fotos (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinZip (Version:  8.1  (4331))
XP Codec Pack
Zero Assumption Digital Image Recovery Packages
Zona Criativa

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 26%
Total physical RAM: 3261.18 MB
Available physical RAM: 2392.92 MB
Total Pagefile: 6259.47 MB
Available Pagefile: 5085.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.36 MB

========================= Partitions: =====================================

1 Drive c: (InfoWay) (Fixed) (Total:465.66 GB) (Free:260.62 GB) NTFS

========================= Users: ========================================

Contas de usu rio para \\CPU-PC

Administrador            Convidado                cpu                      
Comando conclu¡do com ˆxito.

========================= Minidump Files ==================================

No minidump file found


**** End of log ****
 



#6
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.020 posts

Faça o download do OTL by OldTimer, e salve na sua área de trabalho:
http://oldtimer.geekstogo.com/OTL.exe

** Usuários do Windows Vista e Windows 7/8:
Clique com o direito sobre o arquivo OTL.exe, depois clique em execadmin.png
.

Onde diz Saída, marque Padrão
Marque também estas opções:

  • Data de Criação -> mude para 90 dias
  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

CREATERESTOREPOINT
netsvcs
%SYSTEMDRIVE%\*.*
%systemdrive%\drivers\*.* /s
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.com
%systemroot%\*.scr
%PROGRAMFILES%\*.*
%LOCALAPPDATA%\*.exe
%LOCALAPPDATA%\*.txt
%LOCALAPPDATA%\*.ini
%LOCALAPPDATA%\*.dll
%LOCALAPPDATA%\*.dat
%USERPROFILE%\*.exe
%USERPROFILE%\*.txt
%USERPROFILE%\*.ini
%USERPROFILE%\*.dll
%USERPROFILE%\*.dat /30
%appdata%\*.*
%windir%\tasks\*.* /s
%systemroot%\system32\tasks\*.*
%PROGRAMFILES%\Internet Explorer\*.*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP
HKCU\Software\Microsoft\Internet Explorer\Downloads
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
/md5start

services.*
/md5stop

 

Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão verif.png

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt
Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.
Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.



#7
afranionatanael

afranionatanael

    Novato

  • Novato
  • Pip
  • 16 posts

OTL logfile created on: 13/05/2013 20:25:50 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\cpu\Desktop\linha Defensiva
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
3,18 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 66,56% Memory free
6,11 Gb Paging File | 4,60 Gb Available in Paging File | 75,17% Paging File free
Paging file location(s): c:\pagefile.sys 3000 3000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 260,61 Gb Free Space | 55,97% Space Free | Partition Type: NTFS
 
Computer Name: CPU-PC | User Name: cpu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/05/13 20:21:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\cpu\Desktop\linha Defensiva\OTL.exe
PRC - [2013/03/20 14:18:14 | 000,132,504 | ---- | M] (Symantec Corporation) -- C:\Arquivos de Programas\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
PRC - [2013/03/13 18:42:08 | 000,881,032 | ---- | M] (McAfee, Inc.) -- C:\Arquivos de Programas\McAfee.com\Agent\mcupdate.exe
PRC - [2013/03/13 18:40:08 | 001,278,064 | ---- | M] (McAfee, Inc.) -- C:\Arquivos de Programas\McAfee.com\Agent\mcagent.exe
PRC - [2013/03/12 20:04:16 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2013/02/19 14:12:14 | 000,172,416 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2013/02/19 14:08:52 | 000,169,320 | ---- | M] (McAfee, Inc.) -- C:\Arquivos de Programas\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2013/02/19 14:06:50 | 000,203,840 | ---- | M] (McAfee, Inc.) -- C:\Arquivos de Programas\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2013/02/18 11:00:38 | 000,414,544 | ---- | M] (GAS Tecnologia) -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe
PRC - [2013/02/06 15:22:57 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de Programas\Mozilla Firefox\firefox.exe
PRC - [2013/02/05 12:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Arquivos de Programas\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012/11/22 23:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/13 14:30:04 | 002,366,592 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Arquivos de Programas\epson\MyEpson Portal\mep.exe
PRC - [2012/10/01 13:53:32 | 000,696,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Arquivos de Programas\epson\MyEpson Portal\mepService.exe
PRC - [2012/08/31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Arquivos de Programas\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2011/11/07 16:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Arquivos de Programas\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
PRC - [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 09:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe
PRC - [2010/09/21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010/09/21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010/07/26 05:49:20 | 000,207,160 | ---- | M] (McAfee, Inc.) -- C:\Arquivos de Programas\McAfee Online Backup\MOBK682backup.exe
PRC - [2009/09/14 02:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Arquivos de Programas\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
PRC - [2009/09/14 02:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Arquivos de Programas\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/03/12 20:04:15 | 014,717,144 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013/02/06 15:22:57 | 003,023,256 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\mozjs.dll
MOD - [2010/03/15 11:28:24 | 000,141,824 | ---- | M] () -- C:\Arquivos de Programas\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/03/20 14:18:14 | 000,132,504 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2013/03/12 20:04:16 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/19 14:12:14 | 000,172,416 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2013/02/19 14:08:52 | 000,169,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2013/02/19 14:06:50 | 000,203,840 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2013/02/18 11:00:38 | 000,414,544 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe -- (GbpSv)
SRV - [2013/02/06 15:22:57 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/05 12:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Arquivos de Programas\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/12/18 16:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/16 20:07:20 | 000,279,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Arquivos de Programas\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/10/01 13:53:32 | 000,696,320 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Arquivos de Programas\epson\MyEpson Portal\mepService.exe -- (MyEpson Portal Service)
SRV - [2012/08/31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2012/08/31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2012/08/31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2012/08/31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2012/08/31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Arquivos de Programas\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/07 16:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Arquivos de Programas\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/04/17 13:01:06 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/11/20 09:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010/09/23 00:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/09/22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Arquivos de Programas\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/09/21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/07/26 05:49:20 | 000,207,160 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Arquivos de Programas\McAfee Online Backup\MOBK682backup.exe -- (MOBK682backup)
SRV - [2009/09/14 02:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Arquivos de Programas\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE -- (EPSON_EB_RPCV4_04)
SRV - [2009/09/14 02:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Arquivos de Programas\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/02/26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (mfeavfk01)
DRV - [2013/02/19 14:15:04 | 000,060,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2013/02/19 14:12:24 | 000,210,608 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2013/02/19 14:10:52 | 000,092,632 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2013/02/19 14:09:52 | 000,565,888 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2013/02/19 14:09:02 | 000,363,080 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2013/02/19 14:08:40 | 000,065,928 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2013/02/19 14:08:20 | 000,235,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2013/02/19 14:07:50 | 000,133,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2013/02/18 10:14:38 | 000,047,696 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\GbpKm.sys -- (GbpKm)
DRV - [2011/10/26 22:25:40 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/10/26 22:25:40 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011/10/26 22:25:40 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011/10/26 22:25:40 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011/10/26 22:25:40 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011/05/06 16:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Arquivos de Programas\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2010/11/20 07:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/07/26 05:49:14 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\MOBK682.sys -- (MOBK682Filter)
DRV - [2010/04/07 12:16:16 | 000,376,160 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr61.sys -- (rt61x86)
DRV - [2009/12/22 12:30:46 | 000,019,456 | ---- | M] (LG Soft India) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\LGPII2CDriver.sys -- (LGII2CDevice)
DRV - [2009/12/22 12:30:36 | 000,016,384 | ---- | M] (LG Soft India) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\LGI2CDriver.sys -- (LGDDCDevice)
DRV - [2009/08/13 08:23:02 | 000,022,528 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2009/07/13 20:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 20:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/02/15 21:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Before = http://www.google.com.br/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 43 31 F2 D8 5D 2D CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Arquivos de Programas\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{A8825F06-A3EE-496B-8BE7-7553B9CE76C8}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: %7B87F8774F-B485-47E2-A755-A40A8A5E8873%7D:2.12.1.9.152
FF - prefs.js..extensions.enabledAddons: nasanightlaunch%40example.com:0.6.20121115
FF - prefs.js..browser.startup.homepage: "http://search.b1.org...or&chid=c167991"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013/01/31 09:25:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2013/05/13 19:49:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 15:22:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/23 09:59:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\findlyrics@findlyrics.co: C:\Program Files\FindLyrics\FF\ [2013/04/26 19:09:59 | 000,000,000 | ---D | M]
 
[2013/05/04 08:58:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cpu\AppData\Roaming\mozilla\Extensions
[2013/05/12 15:51:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cpu\AppData\Roaming\mozilla\Firefox\Profiles\08shnp3b.default\extensions
[2013/04/02 23:20:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cpu\AppData\Roaming\mozilla\Firefox\Profiles\08shnp3b.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}
[2012/12/15 21:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cpu\AppData\Roaming\mozilla\Firefox\Profiles\08shnp3b.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2013/05/12 15:51:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cpu\AppData\Roaming\mozilla\Firefox\Profiles\dwpi2gkc.default\extensions
[2013/04/02 23:20:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cpu\AppData\Roaming\mozilla\Firefox\Profiles\dwpi2gkc.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}
[2013/05/12 15:51:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cpu\AppData\Roaming\mozilla\Firefox\Profiles\h1o4yws4.default-1355618386447\Extensions
[2013/01/28 20:51:18 | 000,000,000 | ---D | M] (Guardiao Itau 30 horas) -- C:\Users\cpu\AppData\Roaming\mozilla\Firefox\Profiles\h1o4yws4.default-1355618386447\Extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}
[2013/04/06 09:01:58 | 000,000,000 | ---D | M] (Modulo de Protecao - Banco Santander (Brasil) S.A.) -- C:\Users\cpu\AppData\Roaming\mozilla\Firefox\Profiles\h1o4yws4.default-1355618386447\Extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}
[2013/02/26 22:00:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\cpu\AppData\Roaming\mozilla\Firefox\Profiles\h1o4yws4.default-1355618386447\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/02/13 21:17:54 | 000,000,000 | ---D | M] (4shared Desktop Plugin) -- C:\Users\cpu\AppData\Roaming\mozilla\Firefox\Profiles\h1o4yws4.default-1355618386447\Extensions\4sharedCopyLinks
[2013/05/10 13:37:42 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\cpu\AppData\Roaming\mozilla\firefox\profiles\h1o4yws4.default-1355618386447\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/12 15:51:18 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\extensions
[2013/02/06 15:22:57 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/01/28 20:50:20 | 000,001,240 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\buscape.xml
[2013/01/28 20:50:20 | 000,001,425 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml
[2012/11/29 07:12:55 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2013/01/28 20:50:20 | 000,001,381 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-br.xml
[2013/01/28 20:50:20 | 000,001,165 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-br.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com.br/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\cpu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\McChPlg.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\cpu\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdebcffgnijbblbinknkbefciofebcda\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\cpu\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdebcffgnijbblbinknkbefciofebcda\10.13.20.29_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\windows\system32\npDeployJava1.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\cpu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\cpu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\cpu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\cpu\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Pesquisa do Google = C:\Users\cpu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SiteAdvisor = C:\Users\cpu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\
CHR - Extension: Gmail = C:\Users\cpu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/05/04 09:08:27 | 000,000,822 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Arquivos de Programas\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (FindLyrics) - {44C9CC91-6A4A-4579-B4B5-899ECDC18DC6} - C:\Arquivos de Programas\FindLyrics\FindLyrics.dll (FindLyrics)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de Programas\Common Files\Mcafee\SystemCore\ScriptSn.20120726195150.dll (McAfee, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Arquivos de Programas\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Arquivos de Programas\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Arquivos de Programas\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de Programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de Programas\GbPlugin\gbiehAbn.dll (Banco Real)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de Programas\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Arquivos de Programas\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Arquivos de Programas\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Arquivos de Programas\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de Programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: bancoreal.com.br ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: bancosantander.com.br ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: bancosantander.com.br ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: itau.com.br ([bankline] https in Trusted sites)
O15 - HKCU\..Trusted Domains: itau.com.br ([guardiao] https in Trusted sites)
O15 - HKCU\..Trusted Domains: itau.com.br ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: realsecureweb.com.br ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: realsecureweb.com.br ([www2] https in Trusted sites)
O15 - HKCU\..Trusted Domains: realsecureweb.com.br ([wwws] * in Trusted sites)
O15 - HKCU\..Trusted Domains: realsecureweb.com.br ([wwws] https in Trusted sites)
O15 - HKCU\..Trusted Domains: santander.com.br ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: santander.com.br ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: santanderempresarial.com.br ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: santanderempresarial.com.br ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: santandernet.com.br ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: santandernet.com.br ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: santandernet.com.br ([wwws] * in Trusted sites)
O15 - HKCU\..Trusted Domains: santandernet.com.br ([wwws] https in Trusted sites)
O15 - HKCU\..Trusted Domains: santandernet.com.br ([wwws2] * in Trusted sites)
O15 - HKCU\..Trusted Domains: santandernet.com.br ([wwws2] https in Trusted sites)
O15 - HKCU\..Trusted Domains: santandernetibe.com.br ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: santandernetibe.com.br ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: secureweb.com.br ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: secureweb.com.br ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} https://wwws.santand...GbPluginABN.cab (GbPluginObj Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44D00C5D-4FCC-4A10-B26E-BE00F2E1D9D0}: DhcpNameServer = 192.168.1.1 192.168.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Arquivos de Programas\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Arquivos de Programas\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de Programas\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de Programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Arquivos de Programas\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Arquivos de Programas\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginAbn: DllName - (C:\PROGRA~1\GbPlugin\gbiehAbn.dll) - C:\Arquivos de Programas\GbPlugin\gbiehAbn.dll (Banco Real)
O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Program Files\GbPlugin\gbiehCef.dll) - C:\Arquivos de Programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O20 - Winlogon\Notify\ GbPluginUni: DllName - (C:\Program Files\GbPlugin\gbiehUni.dll) - C:\Arquivos de Programas\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Arquivos de Programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Arquivos de Programas\GbPlugin\gbiehAbn.dll (Banco Real)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Arquivos de Programas\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3e1de783-09f8-11e1-8403-001f81000250}\Shell - "" = AutoRun
O33 - MountPoints2\{3e1de783-09f8-11e1-8403-001f81000250}\Shell\AutoRun\command - "" = J:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
========== Files/Folders - Created Within 90 Days ==========
 
[2013/05/13 19:50:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/05/12 16:18:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/12 16:18:24 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013/05/12 16:18:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/05/12 16:11:36 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/05/12 16:11:27 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/08 21:14:07 | 000,000,000 | ---D | C] -- C:\Users\cpu\Documents\pagamentos
[2013/04/26 22:59:27 | 000,000,000 | ---D | C] -- C:\Users\cpu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013/04/26 22:59:26 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013/04/26 21:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2013/04/26 21:53:36 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2013/04/26 19:11:21 | 000,090,112 | ---- | C] (Viscom Software) -- C:\windows\System32\ImageThumbnailCP.ocx
[2013/04/26 19:11:19 | 000,954,368 | ---- | C] (Viscom Software ) -- C:\windows\System32\ImageViewer2.OCX
[2013/04/26 19:11:19 | 000,305,432 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\windows\System32\Threed20.ocx
[2013/04/26 19:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\Photo Recovery Wizard
[2013/04/26 19:10:57 | 000,000,000 | ---D | C] -- C:\Users\cpu\AppData\Roaming\0B1T1L2V1T1J1L
[2013/04/26 19:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\FindLyrics
[2013/04/25 13:16:53 | 000,000,000 | ---D | C] -- C:\Users\cpu\Desktop\Body com Calça - Carter's - Bebê Center_files
[2013/04/24 23:14:37 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/04/24 23:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013/04/23 23:18:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/04/15 22:26:03 | 000,000,000 | ---D | C] -- C:\Users\cpu\Desktop\linha Defensiva
[2013/04/15 20:18:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB
[2013/04/15 20:17:02 | 000,000,000 | ---D | C] -- C:\Users\cpu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
[2013/04/12 10:25:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2013/04/12 10:25:11 | 000,000,000 | ---D | C] -- C:\Users\cpu\AppData\Roaming\GlarySoft
[2013/04/12 10:25:10 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2013/04/12 10:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Disk Sentinel
[2013/04/12 10:23:48 | 000,000,000 | ---D | C] -- C:\Program Files\Hard Disk Sentinel
[2013/04/07 21:23:20 | 000,000,000 | ---D | C] -- C:\Users\cpu\Documents\condominio
[2013/03/23 09:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/03/18 13:08:29 | 000,000,000 | ---D | C] -- C:\Users\cpu\Documents\SelfMV
[2013/03/18 13:07:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013/03/14 18:23:56 | 000,000,000 | ---D | C] -- C:\ProgramData\GAS Tecnologia
[2013/02/15 19:47:20 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2013/02/15 19:28:17 | 000,000,000 | ---D | C] -- C:\Users\cpu\AppData\Roaming\Nico Mak Computing
[2013/02/13 21:39:15 | 000,000,000 | -H-D | C] -- C:\Users\cpu\Documents\.4sh
[2013/02/13 21:17:54 | 000,000,000 | ---D | C] -- C:\ProgramData\4shared Desktop
[2013/02/13 10:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/02/13 09:36:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2013/05/13 19:57:00 | 000,000,902 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/05/13 19:53:30 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/13 19:53:30 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/13 19:49:01 | 000,000,350 | ---- | M] () -- C:\windows\tasks\FindLyrics Update.job
[2013/05/13 19:46:11 | 000,001,046 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/13 19:46:11 | 000,000,306 | ---- | M] () -- C:\windows\tasks\GlaryInitialize.job
[2013/05/13 19:46:10 | 000,000,304 | ---- | M] () -- C:\windows\tasks\btddy.job
[2013/05/13 19:45:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/05/13 19:45:54 | 2564,694,016 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/13 13:36:00 | 000,001,050 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/12 16:18:30 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/12 08:48:25 | 000,706,312 | ---- | M] () -- C:\windows\System32\prfh0416.dat
[2013/05/12 08:48:25 | 000,654,880 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/05/12 08:48:25 | 000,147,038 | ---- | M] () -- C:\windows\System32\prfc0416.dat
[2013/05/12 08:48:25 | 000,121,752 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/05/04 09:08:27 | 000,000,822 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2013/04/26 22:59:27 | 000,002,241 | ---- | M] () -- C:\Users\cpu\Desktop\SpyHunter.lnk
[2013/04/26 22:36:31 | 000,000,047 | ---- | M] () -- C:\chid
[2013/04/26 21:53:37 | 000,001,798 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2013/04/26 19:11:21 | 000,000,974 | ---- | M] () -- C:\Users\cpu\Desktop\Photo Recovery Wizard.lnk
[2013/04/25 13:16:53 | 000,084,695 | ---- | M] () -- C:\Users\cpu\Desktop\Body com Calça - Carter's - Bebê Center.htm
[2013/04/25 13:16:24 | 000,005,973 | ---- | M] () -- C:\Users\cpu\Desktop\wideimage.png
[2013/04/15 20:18:03 | 000,000,176 | ---- | M] () -- C:\windows\REC-NET.INI
[2013/04/12 10:09:24 | 000,428,248 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013/04/03 12:52:55 | 000,134,466 | ---- | M] () -- C:\Users\cpu\Documents\TERMO ABERTURA MODELO.pdf
[2013/03/26 11:59:38 | 000,008,377 | ---- | M] () -- C:\Users\cpu\Documents\CONVOCAÇÃO ASSEMBLEIA.rtf
[2013/03/22 08:39:16 | 000,025,185 | ---- | M] () -- C:\windows\System32\ieuinit.inf
[2013/03/20 17:20:32 | 003,283,458 | ---- | M] () -- C:\Users\cpu\Desktop\SAM_1581.JPG
[2013/03/20 17:20:20 | 003,255,773 | ---- | M] () -- C:\Users\cpu\Desktop\SAM_1580.JPG
[2013/03/20 16:47:52 | 003,173,876 | ---- | M] () -- C:\Users\cpu\Desktop\SAM_1576.JPG
[2013/03/20 16:47:32 | 003,177,728 | ---- | M] () -- C:\Users\cpu\Desktop\SAM_1573.JPG
[2013/03/04 22:53:25 | 002,529,622 | ---- | M] () -- C:\Users\cpu\AppData\Local\[j0011]-[p04].bmp
[2013/03/04 22:49:29 | 002,529,622 | ---- | M] () -- C:\Users\cpu\AppData\Local\[j0010]-[p04].bmp
[2013/03/02 13:07:42 | 003,230,818 | ---- | M] () -- C:\Users\cpu\Desktop\SAM_1513.JPG
[2013/03/02 13:07:08 | 003,261,927 | ---- | M] () -- C:\Users\cpu\Desktop\SAM_1512.JPG
[2013/02/19 14:15:04 | 000,060,920 | ---- | M] (McAfee, Inc.) -- C:\windows\System32\drivers\cfwids.sys
[2013/02/19 14:12:24 | 000,210,608 | ---- | M] (McAfee, Inc.) -- C:\windows\System32\drivers\mfewfpk.sys
[2013/02/19 14:12:14 | 000,172,416 | ---- | M] (McAfee, Inc.) -- C:\windows\System32\mfevtps.exe
[2013/02/19 14:11:02 | 000,010,088 | ---- | M] (McAfee, Inc.) -- C:\windows\System32\drivers\mfeclnk.sys
[2013/02/19 14:10:52 | 000,092,632 | ---- | M] (McAfee, Inc.) -- C:\windows\System32\drivers\mferkdet.sys
[2013/02/19 14:09:52 | 000,565,888 | ---- | M] (McAfee, Inc.) -- C:\windows\System32\drivers\mfehidk.sys
[2013/02/19 14:09:02 | 000,363,080 | ---- | M] (McAfee, Inc.) -- C:\windows\System32\drivers\mfefirek.sys
[2013/02/19 14:08:40 | 000,065,928 | ---- | M] (McAfee, Inc.) -- C:\windows\System32\drivers\mfebopk.sys
[2013/02/19 14:08:20 | 000,235,264 | ---- | M] (McAfee, Inc.) -- C:\windows\System32\drivers\mfeavfk.sys
[2013/02/19 14:07:50 | 000,133,416 | ---- | M] (McAfee, Inc.) -- C:\windows\System32\drivers\mfeapfk.sys
[2013/02/18 10:14:38 | 000,047,696 | ---- | M] (GAS Tecnologia) -- C:\windows\System32\drivers\GbpKm.sys
[2013/02/17 12:12:24 | 000,107,927 | ---- | M] () -- C:\Users\cpu\Documents\mapa chacara.jpg
[2013/02/13 21:39:16 | 000,018,354 | ---- | M] () -- C:\Users\cpu\Documents\livro-Luiz Antonio Gasparetto-A Cura pelo Pensamento (doc).zip
[2013/02/13 09:36:37 | 000,002,009 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/12 16:18:30 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/26 22:59:27 | 000,002,241 | ---- | C] () -- C:\Users\cpu\Desktop\SpyHunter.lnk
[2013/04/26 22:36:31 | 000,000,047 | ---- | C] () -- C:\chid
[2013/04/26 21:53:37 | 000,001,798 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2013/04/26 19:11:21 | 000,001,949 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Recovery Wizard.lnk
[2013/04/26 19:11:21 | 000,000,974 | ---- | C] () -- C:\Users\cpu\Desktop\Photo Recovery Wizard.lnk
[2013/04/26 19:11:19 | 000,002,494 | ---- | C] () -- C:\windows\System32\Tabctl32.dep
[2013/04/26 19:10:06 | 000,000,350 | ---- | C] () -- C:\windows\tasks\FindLyrics Update.job
[2013/04/25 13:16:50 | 000,084,695 | ---- | C] () -- C:\Users\cpu\Desktop\Body com Calça - Carter's - Bebê Center.htm
[2013/04/25 13:16:24 | 000,005,973 | ---- | C] () -- C:\Users\cpu\Desktop\wideimage.png
[2013/04/15 20:18:03 | 000,000,176 | ---- | C] () -- C:\windows\REC-NET.INI
[2013/04/12 10:25:16 | 000,000,306 | ---- | C] () -- C:\windows\tasks\GlaryInitialize.job
[2013/04/03 12:52:55 | 000,134,466 | ---- | C] () -- C:\Users\cpu\Documents\TERMO ABERTURA MODELO.pdf
[2013/04/02 12:42:04 | 003,177,728 | ---- | C] () -- C:\Users\cpu\Desktop\SAM_1573.JPG
[2013/04/02 12:41:59 | 003,283,458 | ---- | C] () -- C:\Users\cpu\Desktop\SAM_1581.JPG
[2013/04/02 12:41:57 | 003,255,773 | ---- | C] () -- C:\Users\cpu\Desktop\SAM_1580.JPG
[2013/04/02 12:41:22 | 003,173,876 | ---- | C] () -- C:\Users\cpu\Desktop\SAM_1576.JPG
[2013/04/02 12:41:05 | 003,230,818 | ---- | C] () -- C:\Users\cpu\Desktop\SAM_1513.JPG
[2013/04/02 12:41:01 | 003,261,927 | ---- | C] () -- C:\Users\cpu\Desktop\SAM_1512.JPG
[2013/03/26 11:59:37 | 000,008,377 | ---- | C] () -- C:\Users\cpu\Documents\CONVOCAÇÃO ASSEMBLEIA.rtf
[2013/03/22 08:39:16 | 000,025,185 | ---- | C] () -- C:\windows\System32\ieuinit.inf
[2013/03/04 22:53:25 | 002,529,622 | ---- | C] () -- C:\Users\cpu\AppData\Local\[j0011]-[p04].bmp
[2013/03/04 22:49:29 | 002,529,622 | ---- | C] () -- C:\Users\cpu\AppData\Local\[j0010]-[p04].bmp
[2013/02/23 15:25:50 | 003,286,457 | ---- | C] () -- C:\Users\cpu\Desktop\Familia Lima - Inverno.mp3
[2013/02/23 15:25:46 | 000,978,371 | ---- | C] () -- C:\Users\cpu\Desktop\Toques de Celular - Familia Adams.mp3
[2013/02/23 15:25:43 | 003,628,766 | ---- | C] () -- C:\Users\cpu\Desktop\Papas da Língua - Eu sei.mp3
[2013/02/17 12:13:17 | 000,107,927 | ---- | C] () -- C:\Users\cpu\Documents\mapa chacara.jpg
[2013/02/13 21:39:16 | 000,018,354 | ---- | C] () -- C:\Users\cpu\Documents\livro-Luiz Antonio Gasparetto-A Cura pelo Pensamento (doc).zip
[2013/01/26 08:52:23 | 000,118,784 | RHS- | C] () -- C:\windows\System32\languagesv.dll
[2012/09/02 14:18:29 | 004,427,264 | ---- | C] () -- C:\windows\System32\ffmpeg.dll
[2012/09/02 14:18:29 | 001,525,248 | ---- | C] () -- C:\windows\System32\ff_samplerate.dll
[2012/09/02 14:18:29 | 000,328,704 | ---- | C] () -- C:\windows\System32\ff_libfaad2.dll
[2012/09/02 14:18:29 | 000,260,608 | ---- | C] () -- C:\windows\System32\TomsMoComp_ff.dll
[2012/09/02 14:18:29 | 000,250,880 | ---- | C] () -- C:\windows\System32\ff_kernelDeint.dll
[2012/09/02 14:18:29 | 000,212,480 | ---- | C] () -- C:\windows\System32\ff_libdts.dll
[2012/09/02 14:18:29 | 000,158,720 | ---- | C] () -- C:\windows\System32\ff_unrar.dll
[2012/09/02 14:18:29 | 000,146,944 | ---- | C] () -- C:\windows\System32\ff_libmad.dll
[2012/09/02 14:18:29 | 000,137,728 | ---- | C] () -- C:\windows\System32\libmpeg2_ff.dll
[2012/09/02 14:18:29 | 000,115,200 | ---- | C] () -- C:\windows\System32\ff_liba52.dll
[2012/09/02 14:18:28 | 001,178,713 | ---- | C] () -- C:\windows\System32\unins000.exe
[2012/09/02 14:18:28 | 000,045,827 | ---- | C] () -- C:\windows\System32\unins000.dat
[2011/11/29 15:38:18 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2011/11/29 15:38:12 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll
[2011/11/29 15:38:12 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll
[2011/11/29 15:38:12 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll
[2011/11/29 15:38:12 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll
[2011/09/11 18:09:42 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/06/04 19:35:10 | 000,012,800 | ---- | C] () -- C:\Users\cpu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/01 18:42:57 | 000,065,536 | ---- | C] () -- C:\windows\System32\LGErrorHandler.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/04/26 21:26:08 | 000,000,000 | ---D | M] -- C:\Users\cpu\AppData\Roaming\0B1T1L2V1T1J1L
[2011/09/20 11:51:46 | 000,000,000 | ---D | M] -- C:\Users\cpu\AppData\Roaming\abgx360
[2011/10/25 11:43:14 | 000,000,000 | ---D | M] -- C:\Users\cpu\AppData\Roaming\AVG2012
[2011/09/20 13:44:45 | 000,000,000 | ---D | M] -- C:\Users\cpu\AppData\Roaming\Canneverbe Limited
[2012/07/29 10:44:19 | 000,000,000 | ---D | M] -- C:\Users\cpu\AppData\Roaming\CrystalIdea Software
[2012/12/19 23:23:37 | 000,000,000 | ---D | M] -- C:\Users\cpu\AppData\Roaming\drivers
[2011/12/21 11:31:31 | 000,000,000 | ---D | M] -- C:\Users\cpu\AppData\Roaming\EPSON
[2011/09/20 23:20:31 | 000,000,000 | ---D | M] -- C:\Users\cpu\AppData\Roaming\FreeAudioPack
[2011/10/22 15:22:06 | 000,000,000 | ---D | M] -- C:\Users\cpu\AppData\Roaming\FreeCDRipper
[2013/04/12 10:28:32 | 000,000,000 | ---D | M] -- C:\Users\cpu\AppData\Roaming\GlarySoft
[2011/07/23 18:59:53 | 000,000,000 | ---D | M] -- C:\Users\cpu\AppData\Roaming\iSilo
[2011/06/06 23:12:00 | 000,000,000 | ---D | M] -- C:\Users\cpu\AppData\Roaming\NetSpeedMonitor
[2013/02/15 19:39:07 | 000,000,000 | ---D | M] -- C:\Users\cpu\AppData\Roaming\Nico Mak Computing
[2011/07/16 15:26:20 | 000,000,000 | ---D | M] -- C:\Users\cpu\AppData\Roaming\PC Suite
[2011/12/12 11:38:22 | 000,000,000 | ---D | M] -- C:\Users\cpu\AppData\Roaming\Samsung
[2012/02/05 20:38:03 | 000,000,000 | ---D | M] -- C:\Users\cpu\AppData\Roaming\Temp
[2013/02/18 21:38:08 | 000,000,000 | ---D | M] -- C:\Users\cpu\AppData\Roaming\uTorrent
[2012/04/09 13:36:58 | 000,000,000 | ---D | M] -- C:\Users\cpu\AppData\Roaming\YCanPDF
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2010/11/30 08:50:19 | 000,000,229 | ---- | M] () -- C:\490000001502.sw
[2013/05/12 15:52:01 | 000,036,247 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2009/06/10 18:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2013/04/26 22:36:31 | 000,000,047 | ---- | M] () -- C:\chid
[2009/06/10 18:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2013/05/13 19:45:54 | 2564,694,016 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/04 16:29:12 | 000,000,407 | ---- | M] () -- C:\INSTALL.LOG
[2011/06/11 15:53:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/04/22 12:14:34 | 000,006,144 | ---- | M] () -- C:\M.CDX
[2012/04/22 12:14:34 | 000,012,992 | ---- | M] () -- C:\M.FPT
[2012/04/22 12:14:49 | 000,002,242 | ---- | M] () -- C:\M.P
[2012/04/22 12:14:34 | 000,003,072 | ---- | M] () -- C:\MFON.CDX
[2012/04/22 12:14:34 | 000,000,338 | ---- | M] () -- C:\MFON.DBF
[2012/04/22 12:14:34 | 000,003,072 | ---- | M] () -- C:\MILU.CDX
[2012/04/22 12:14:34 | 000,001,981 | ---- | M] () -- C:\MILU.DBF
[2012/04/22 12:14:34 | 000,524,224 | ---- | M] () -- C:\MILU.FPT
[2012/04/22 12:24:21 | 000,006,144 | ---- | M] () -- C:\MP1.CDX
[2012/04/22 12:24:21 | 000,002,242 | ---- | M] () -- C:\MP1.DBQ
[2012/04/22 12:24:21 | 000,012,992 | ---- | M] () -- C:\MP1.FPT
[2012/04/22 12:24:21 | 000,003,072 | ---- | M] () -- C:\MP1FON.CDX
[2012/04/22 12:24:21 | 000,000,338 | ---- | M] () -- C:\MP1FON.DBF
[2012/04/22 12:24:21 | 000,003,072 | ---- | M] () -- C:\MP1ILU.CDX
[2012/04/22 12:24:21 | 000,001,981 | ---- | M] () -- C:\MP1ILU.DBF
[2012/04/22 12:24:21 | 000,524,224 | ---- | M] () -- C:\MP1ILU.FPT
[2012/04/22 12:24:21 | 000,003,072 | ---- | M] () -- C:\MP1TEX.CDX
[2012/04/22 12:24:21 | 000,000,222 | ---- | M] () -- C:\MP1TEX.DBF
[2012/04/22 12:24:21 | 000,000,512 | ---- | M] () -- C:\MP1TEX.FPT
[2011/06/11 15:53:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/04/22 12:14:34 | 000,003,072 | ---- | M] () -- C:\MTEX.CDX
[2012/04/22 12:14:34 | 000,000,222 | ---- | M] () -- C:\MTEX.DBF
[2012/04/22 12:14:34 | 000,000,512 | ---- | M] () -- C:\MTEX.FPT
[2013/05/13 19:45:57 | 3145,728,000 | -HS- | M] () -- C:\pagefile.sys
[2011/04/06 07:48:56 | 000,002,053 | ---- | M] () -- C:\RHDSetup.log
 
< %systemdrive%\drivers\*.* /s >
 
< %systemdrive%\drivers\*.exe >
 
< %systemroot%\system32\drivers\*.* /90 >
[2013/02/19 14:15:04 | 000,060,920 | ---- | M] (McAfee, Inc.) -- C:\windows\system32\drivers\cfwids.sys
[2013/02/18 10:14:38 | 000,047,696 | ---- | M] (GAS Tecnologia) -- C:\windows\system32\drivers\GbpKm.sys
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\windows\system32\drivers\mbam.sys
[2013/02/19 14:07:50 | 000,133,416 | ---- | M] (McAfee, Inc.) -- C:\windows\system32\drivers\mfeapfk.sys
[2013/02/19 14:08:20 | 000,235,264 | ---- | M] (McAfee, Inc.) -- C:\windows\system32\drivers\mfeavfk.sys
[2013/02/19 14:08:40 | 000,065,928 | ---- | M] (McAfee, Inc.) -- C:\windows\system32\drivers\mfebopk.sys
[2013/02/19 14:11:02 | 000,010,088 | ---- | M] (McAfee, Inc.) -- C:\windows\system32\drivers\mfeclnk.sys
[2013/02/19 14:09:02 | 000,363,080 | ---- | M] (McAfee, Inc.) -- C:\windows\system32\drivers\mfefirek.sys
[2013/02/19 14:09:52 | 000,565,888 | ---- | M] (McAfee, Inc.) -- C:\windows\system32\drivers\mfehidk.sys
[2013/02/19 14:10:52 | 000,092,632 | ---- | M] (McAfee, Inc.) -- C:\windows\system32\drivers\mferkdet.sys
[2013/02/19 14:12:24 | 000,210,608 | ---- | M] (McAfee, Inc.) -- C:\windows\system32\drivers\mfewfpk.sys
[2013/03/02 02:07:36 | 001,212,264 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\drivers\ntfs.sys.bak
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/10 18:31:19 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.com >
[2009/07/14 01:52:25 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:52:25 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:52:25 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:52:25 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\*.scr >
[2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\windows\WLXPGSS.SCR
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
< %PROGRAMFILES%\*.* >
[2009/07/14 01:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
 
< %LOCALAPPDATA%\*.exe >
 
< %LOCALAPPDATA%\*.txt >
 
< %LOCALAPPDATA%\*.ini >
[2012/07/08 21:29:08 | 000,012,800 | ---- | M] () -- C:\Users\cpu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
< %LOCALAPPDATA%\*.dll >
 
< %LOCALAPPDATA%\*.dat >
[2013/01/05 15:07:20 | 000,116,384 | ---- | M] () -- C:\Users\cpu\AppData\Local\GDIPFONTCACHEV1.DAT
 
< %USERPROFILE%\*.exe >
 
< %USERPROFILE%\*.txt >
 
< %USERPROFILE%\*.ini >
[2011/04/16 09:35:17 | 000,000,020 | -HS- | M] () -- C:\Users\cpu\ntuser.ini
 
< %USERPROFILE%\*.dll >
 
< %USERPROFILE%\*.dat /30 >
[2013/05/13 20:33:13 | 005,505,024 | -HS- | M] () -- C:\Users\cpu\ntuser.dat
 
< %appdata%\*.* >
 
< %windir%\tasks\*.* /s >
[2013/05/13 19:57:00 | 000,000,902 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/05/13 19:46:10 | 000,000,304 | ---- | M] () -- C:\windows\tasks\btddy.job
[2013/05/13 19:49:01 | 000,000,350 | ---- | M] () -- C:\windows\tasks\FindLyrics Update.job
[2013/05/13 19:46:11 | 000,000,306 | ---- | M] () -- C:\windows\tasks\GlaryInitialize.job
[2013/05/13 19:46:11 | 000,001,046 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/13 13:36:00 | 000,001,050 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/13 19:46:10 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2012/06/22 09:53:35 | 000,032,608 | ---- | M] () -- C:\windows\tasks\SCHEDLGU(12).TXT
[2013/05/07 19:18:06 | 000,032,608 | ---- | M] () -- C:\windows\tasks\SCHEDLGU.TXT
 
< %systemroot%\system32\tasks\*.* >
[2013/03/12 20:04:18 | 000,003,840 | ---- | M] () -- C:\windows\system32\tasks\Adobe Flash Player Updater
[2013/01/26 08:52:23 | 000,002,584 | ---- | M] () -- C:\windows\system32\tasks\btddy
[2013/02/13 16:39:46 | 000,003,490 | ---- | M] () -- C:\windows\system32\tasks\DealPly
[2013/04/26 19:10:06 | 000,002,994 | ---- | M] () -- C:\windows\system32\tasks\FindLyrics Update
[2013/04/12 10:25:17 | 000,002,580 | ---- | M] () -- C:\windows\system32\tasks\GlaryInitialize
[2013/05/11 19:31:32 | 000,003,794 | ---- | M] () -- C:\windows\system32\tasks\GoogleUpdateTaskMachineCore
[2013/05/11 19:31:33 | 000,004,046 | ---- | M] () -- C:\windows\system32\tasks\GoogleUpdateTaskMachineUA
[2013/05/11 13:14:11 | 000,004,396 | ---- | M] () -- C:\windows\system32\tasks\PC Checkup 3 Weekly Scan
[2011/07/09 00:23:10 | 000,003,238 | ---- | M] () -- C:\windows\system32\tasks\RunAsStdUser Task
[2011/10/14 18:36:28 | 000,003,230 | ---- | M] () -- C:\windows\system32\tasks\SidebarExecute
[2011/04/16 22:11:01 | 000,002,960 | ---- | M] () -- C:\windows\system32\tasks\{05F3C305-8748-4F2B-A433-43B097A137F8}
[2011/10/01 18:36:27 | 000,003,140 | ---- | M] () -- C:\windows\system32\tasks\{1C6FD0A8-D0A5-43D3-BF30-F9FFEC86CF37}
[2012/02/05 20:57:42 | 000,002,934 | ---- | M] () -- C:\windows\system32\tasks\{5567A8BE-C639-4354-9AEB-C41BE1BC1C1D}
[2012/02/05 20:57:44 | 000,002,934 | ---- | M] () -- C:\windows\system32\tasks\{7979EE6D-AA7C-4CE5-AC0B-DC116E1FA4D7}
[2011/04/16 22:13:58 | 000,002,960 | ---- | M] () -- C:\windows\system32\tasks\{B01BE421-BF6C-4B84-BB78-2DEB8D63E6CA}
[2011/04/16 22:13:40 | 000,002,960 | ---- | M] () -- C:\windows\system32\tasks\{DEEABA51-FE62-4BD9-8D92-BC3702FCC664}
[2012/02/05 20:56:24 | 000,002,934 | ---- | M] () -- C:\windows\system32\tasks\{F3BD2AC5-8319-4F7B-B262-5DE741915BF0}
[2012/02/05 20:56:18 | 000,002,934 | ---- | M] () -- C:\windows\system32\tasks\{FC6A30BB-59E6-4572-BAAF-024CD468572B}
 
< %PROGRAMFILES%\Internet Explorer\*.* >
[2013/03/22 08:39:16 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ExtExport.exe
[2013/03/22 08:39:16 | 000,002,843 | ---- | M] () -- C:\Program Files\Internet Explorer\ie9props.propdesc
[2013/03/22 08:39:16 | 000,327,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iediagcmd.exe
[2013/03/22 08:39:16 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iedvtool.dll
[2013/03/22 08:39:16 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieinstal.exe
[2013/03/22 08:39:16 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ielowutil.exe
[2012/05/17 19:31:56 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieproxy(13).dll
[2013/02/21 07:29:37 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieproxy.dll
[2011/03/07 02:31:14 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieproxy.dll_old0
[2013/02/21 07:29:37 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEShims.dll
[2010/11/04 23:20:53 | 000,005,436 | ---- | M] () -- C:\Program Files\Internet Explorer\iessetup.ceb
[2009/07/13 22:15:28 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iessetup.dll
[2013/02/21 08:28:11 | 000,770,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/03/22 08:39:16 | 000,440,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsdbgui.dll
[2013/03/22 08:39:16 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsdebuggeride.dll
[2013/03/22 08:39:16 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\JSProfilerCore.dll
[2013/03/22 08:39:16 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsprofilerui.dll
[2013/03/22 08:39:16 | 000,285,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\msdbg2.dll
[2013/03/22 08:39:16 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\networkinspection.dll
[2013/03/22 08:39:16 | 000,392,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\pdm.dll
[2013/03/22 08:39:16 | 000,070,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\pdmproxy100.dll
[2013/02/21 07:30:08 | 000,217,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\sqmapi.dll
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >
"DefaultConnectionSettings" = 46 00 00 00 31 07 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 94 A8 50 85 E9 26 CE 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 02 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 9D 38 95 3C 34 3E 16 95 3F 57 FD 9B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [Binary data over 200 bytes]
"SavedLegacySettings" = 46 00 00 00 0F 22 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 94 A8 50 85 E9 26 CE 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 02 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 9D 38 95 3C 34 3E 16 95 3F 57 FD 9B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [Binary data over 200 bytes]
"Conex�o de rede local" = 46 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [binary data]
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations >
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments >
 
< HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s >
 
< HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP >
 
< HKCU\Software\Microsoft\Internet Explorer\Downloads >
 
< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
 
< MD5 for: SERVICES  >
[2009/06/10 18:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 18:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services
 
< MD5 for: SERVICES.ASFX  >
[2012/09/23 19:43:52 | 000,002,588 | ---- | M] () MD5=0D18AE3100D7B9D49DCB1CE1EABA21F7 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\pt_BR\Services\Services.asfx
 
< MD5 for: SERVICES.CFG  >
[2012/12/18 16:08:30 | 000,559,043 | ---- | M] () MD5=BA25E8F1460C7453B7488FE4B42F6919 -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg
 
< MD5 for: SERVICES.DAT  >
[2013/04/22 00:04:55 | 000,001,720 | ---- | M] () MD5=43C1700D78D89F0B1F6FA88FD132BE1A -- C:\JRT\services.dat
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2009/07/14 05:30:36 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=DF8309CE62330C8D8AFBAA936531DA93 -- C:\Windows\System32\pt-BR\services.exe.mui
[2009/07/14 05:30:36 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=DF8309CE62330C8D8AFBAA936531DA93 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6b6fd3bef3fcc0d1\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009/07/14 01:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 01:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 01:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 18:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 18:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009/06/10 18:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/06/10 18:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2009/07/14 05:30:33 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\System32\pt-BR\services.msc
[2009/07/14 05:30:33 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a5b1a3aaca665ac4\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 17:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 17:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 416 bytes -> C:\windows\System32\drivers:GbpKmAp.lst
@Alternate Data Stream - 2 bytes -> C:\windows\System32:7CFE394F_Uni.gbp
@Alternate Data Stream - 2 bytes -> C:\windows\System32:7CFE394F_Cef.gbp
@Alternate Data Stream - 2 bytes -> C:\windows\System32:7CFE394F_Abn.gbp
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:63238B95
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DBBD301A

< End of report >
 

 

Arquivo(s) anexado(s)



#8
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.020 posts

Bom dia afranionatanael,

 

1)

 

Baixe TFC, by OldTimer.

Feche TODOS os programas e execute o TFC. Clique no botão Start e aguarde. Sua área de trabalho irá desaparecer, não se preocupe, isso faz parte do processo.

Tenha paciência, conforme a quantidade de dados a serem excluídos, o processo pode demorar mais de 2 minutos.

Quando terminar, você será solicitado a reiniciar seu computador. REINICIE.

Caso não lhe seja solicitado, reinicie manualmente.

 

2)

 

Desative temporiariamente seu AntiVirus  

  • Segure o botão Ctrl e clique neste link para abrir o ESET Online Scanner em uma nova janela.
  • Clique neste botão: j9Byf.png?1
  • Para navegadores alternativos: (Caso use o Internet Explorer, pule esta etapa)esetsmartinstaller_enu.png
    • Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Intaller. Salve-o em seu desktop.
    • Duplo clique no ícone em seu desktop.
  • Marque "YES, I accept the Terms of Use."
  • Clique em Start.
  • Aceite qualquer aviso de segurança de seu browser.
  • Em scan settings, marque "Scan Archives" e "Remove found threats"
  • Clique em Advanced settings e marque o seguinte:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas.
  • Quando o scan terminar, clique em List Threats
  • Copie e cole o conteúdo em sua próxima resposta. Obs: Se nada for encontrado, nenhum log será gerado.
  • Clique em Back.
  • Clique em Finish.

Poste também um novo log do HijackThis.



#9
afranionatanael

afranionatanael

    Novato

  • Novato
  • Pip
  • 16 posts

usei o eset online scanner, mais apareceu a seguinte mensagem UNEXPECTED ERROR 2002, NAO APARECEU MAIS NADA APERTEI O BOTÃO back E NÃO TINHA A OPÇÃO finish.

Segue o log pedido do Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 22:58:22, on 14/05/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\wininit.exe
C:\windows\system32\csrss.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\svchost.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\taskeng.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\windows\system32\mfevtps.exe
C:\Program Files\EPSON\MyEpson Portal\mepService.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\Dwm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\Explorer.EXE
C:\Program Files\EPSON\MyEpson Portal\mep.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\windows\system32\svchost.exe
C:\windows\System32\WUDFHost.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Program Files\mcafee.com\agent\McUpdate.exe
C:\Program Files\McAfee Online Backup\MOBK682backup.exe
C:\Program Files\mcafee.com\agent\McUpdate.exe
C:\Program Files\McAfee Online Backup\MOBK682backup.exe
C:\Users\cpu\Desktop\linha Defensiva\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: FindLyrics - {44C9CC91-6A4A-4579-B4B5-899ECDC18DC6} - C:\Program Files\FindLyrics\FindLyrics.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120726195150.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehCef.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\PROGRA~1\GBPLUGIN\gbiehabn.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files\GbPlugin\gbiehuni.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.bancoreal.com.br
O15 - Trusted Zone: http://www.bancosantander.com.br
O15 - Trusted Zone: http://www.itau.com.br
O15 - Trusted Zone: wwws.realsecureweb.com.br
O15 - Trusted Zone: www.santander.com.br
O15 - Trusted Zone: http://www.santander.com.br
O15 - Trusted Zone: www.santanderempresarial.com.br
O15 - Trusted Zone: http://www.santanderempresarial.com.br
O15 - Trusted Zone: www.santandernet.com.br
O15 - Trusted Zone: wwws.santandernet.com.br
O15 - Trusted Zone: wwws2.santandernet.com.br
O15 - Trusted Zone: www.santandernetibe.com.br
O15 - Trusted Zone: www.secureweb.com.br
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.santand...GbPluginABN.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify:  GbPluginAbn - C:\PROGRA~1\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify:  GbPluginUni - C:\Program Files\GbPlugin\gbiehUni.dll
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxdev.dll
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc (file missing)
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - Unknown owner - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc (file missing)
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\windows\system32\mfevtps.exe
O23 - Service: 1% (MOBK682backup) - McAfee, Inc. - C:\Program Files\McAfee Online Backup\MOBK682backup.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MyEpson Portal Service - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\MyEpson Portal\mepService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Unknown owner - C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\diMaster.dll" /prefetch:1 (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
 



#10
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.020 posts

usei o eset online scanner, mais apareceu a seguinte mensagem UNEXPECTED ERROR 2002, NAO APARECEU MAIS NADA APERTEI O BOTÃO back E NÃO TINHA A OPÇÃO finish.

 

 

Vamos utilizar outra ferramenta.

 

Baixe o Kaspersky AVP Tool de um desses 2 links:
http://devbuilds.kas...builds/AVPTool/
http://dnl-us6.kaspe...builds/AVPTool/

OBS: Após o cadastro, escolha a versão 11 em Inglês e clique no botão btnversion10pt-br-1.png
Salve-o em sua área de trabalho.

  • Duplo clique no arquivo ”setup" e aguarde a instalação;
    ** Usuários do Windows Vista e Windows 7:
    Clique com o direito sobre o arquivo, depois clique em
    execadmin.png
  • Na próxima tela marque I accept the licence agreement e clique em Start
  • Clique no botão f4uZX.png e marque:
    • Meu computador
    • Disco local (C:) (a letra do disco local pode variar)
  • Clique em Actions e Marque os dois quadros.
    Zqewdl.jpg
  • Clique na aba Automatic Scan e logo depois em Start Scan.  Aguarde o término da verificação.
  • Clique no botão AouIc.png, em Detected threats e no botão "Save".
  • Copie o conteúdo do arquivo salvo (se houver algo detectado) e poste na sua próxima resposta.
  • Favor postar também um novo log do HijackThis.


#11
afranionatanael

afranionatanael

    Novato

  • Novato
  • Pip
  • 16 posts

Status: Quarantined   (events: 3)    
16/05/2013 14:10:26    Quarantined    Trojan program HEUR:Trojan.Win32.Generic    C:\Documents and Settings\cpu\AppData\Roaming\Microsoft\Windows\security.cpl    High    
16/05/2013 14:10:26    Quarantined    Trojan program HEUR:Trojan.Win32.Generic    C:\Documents and Settings\cpu\AppData\Roaming\Microsoft\Windows\security.cpl//UPX    High    
16/05/2013 15:22:12    Quarantined    Trojan program HEUR:Trojan.Win32.Generic    C:\Windows\System32\languagesv.dll    High    
Status: Deleted   (events: 1)    
16/05/2013 14:29:04    Deleted    Trojan program Trojan-Downloader.WMA.GetCodec.au    C:\Documents and Settings\cpu\Downloads\eMule\Incoming\- amy winehouse back to black - album 2010.mp3    High    
 

 

Logfile of HijackThis v1.99.1
Scan saved at 20:01:50, on 16/05/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files\EPSON\MyEpson Portal\mep.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
C:\Users\cpu\Desktop\linha Defensiva\Recuva.lnk.exe
C:\Users\cpu\AppData\Local\Temp\RarSFX1\8098075.exe
C:\Users\cpu\AppData\Local\Temp\2204565\8098075.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\NOTEPAD.EXE
C:\Users\cpu\Desktop\linha Defensiva\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: FindLyrics - {44C9CC91-6A4A-4579-B4B5-899ECDC18DC6} - C:\Program Files\FindLyrics\FindLyrics.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120726195150.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehCef.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\PROGRA~1\GBPLUGIN\gbiehabn.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files\GbPlugin\gbiehuni.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - Startup: _uninst_96311510.lnk = cpu\AppData\Local\Temp\_uninst_96311510.bat
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.bancoreal.com.br
O15 - Trusted Zone: http://www.bancosantander.com.br
O15 - Trusted Zone: http://www.itau.com.br
O15 - Trusted Zone: wwws.realsecureweb.com.br
O15 - Trusted Zone: www.santander.com.br
O15 - Trusted Zone: http://www.santander.com.br
O15 - Trusted Zone: www.santanderempresarial.com.br
O15 - Trusted Zone: http://www.santanderempresarial.com.br
O15 - Trusted Zone: www.santandernet.com.br
O15 - Trusted Zone: wwws.santandernet.com.br
O15 - Trusted Zone: wwws2.santandernet.com.br
O15 - Trusted Zone: www.santandernetibe.com.br
O15 - Trusted Zone: www.secureweb.com.br
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.santand...GbPluginABN.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify:  GbPluginAbn - C:\PROGRA~1\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify:  GbPluginUni - C:\Program Files\GbPlugin\gbiehUni.dll
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxdev.dll
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc (file missing)
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - Unknown owner - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc (file missing)
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\windows\system32\mfevtps.exe
O23 - Service: 1% (MOBK682backup) - McAfee, Inc. - C:\Program Files\McAfee Online Backup\MOBK682backup.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MyEpson Portal Service - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\MyEpson Portal\mepService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Unknown owner - C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\diMaster.dll" /prefetch:1 (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
 



#12
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.020 posts

Abra o HijackThis.
 
** Usuários do Windows Vista e Windows 7/8:
Clique com o direito , depois clique em execadmin.png
.
 
Clique em Do a system scan only e marque as entradas listadas abaixo, em seguida clique em ht-fix.png

 

O2 - BHO: FindLyrics - {44C9CC91-6A4A-4579-B4B5-899ECDC18DC6} - C:\Program Files\FindLyrics\FindLyrics.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

 

Reinicie e poste um novo Log do HijackThis.



#13
afranionatanael

afranionatanael

    Novato

  • Novato
  • Pip
  • 16 posts

Logfile of HijackThis v1.99.1
Scan saved at 21:19:02, on 16/05/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\wininit.exe
C:\windows\system32\csrss.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\svchost.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\svchost.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\windows\system32\mfevtps.exe
C:\windows\system32\rundll32.exe
C:\Program Files\EPSON\MyEpson Portal\mepService.exe
C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
C:\Program Files\EPSON\MyEpson Portal\mep.exe
C:\windows\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\svchost.exe
C:\windows\System32\WUDFHost.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Program Files\McAfee Online Backup\MOBK682backup.exe
C:\windows\system32\sppsvc.exe
C:\Program Files\McAfee Online Backup\MOBK682backup.exe
C:\windows\system32\vssvc.exe
C:\Users\cpu\Desktop\linha Defensiva\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120726195150.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehCef.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\PROGRA~1\GBPLUGIN\gbiehabn.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files\GbPlugin\gbiehuni.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - Startup: _uninst_96311510.lnk = cpu\AppData\Local\Temp\_uninst_96311510.bat
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.bancoreal.com.br
O15 - Trusted Zone: http://www.bancosantander.com.br
O15 - Trusted Zone: http://www.itau.com.br
O15 - Trusted Zone: wwws.realsecureweb.com.br
O15 - Trusted Zone: www.santander.com.br
O15 - Trusted Zone: http://www.santander.com.br
O15 - Trusted Zone: www.santanderempresarial.com.br
O15 - Trusted Zone: http://www.santanderempresarial.com.br
O15 - Trusted Zone: www.santandernet.com.br
O15 - Trusted Zone: wwws.santandernet.com.br
O15 - Trusted Zone: wwws2.santandernet.com.br
O15 - Trusted Zone: www.santandernetibe.com.br
O15 - Trusted Zone: www.secureweb.com.br
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.santand...GbPluginABN.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify:  GbPluginAbn - C:\PROGRA~1\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify:  GbPluginUni - C:\Program Files\GbPlugin\gbiehUni.dll
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxdev.dll
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc (file missing)
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - Unknown owner - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc (file missing)
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\windows\system32\mfevtps.exe
O23 - Service: 1% (MOBK682backup) - McAfee, Inc. - C:\Program Files\McAfee Online Backup\MOBK682backup.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MyEpson Portal Service - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\MyEpson Portal\mepService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Unknown owner - C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\diMaster.dll" /prefetch:1 (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
 



#14
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.020 posts
Olá, O problema inicial persiste?

#15
afranionatanael

afranionatanael

    Novato

  • Novato
  • Pip
  • 16 posts

TUDO BEM CARLOS, O PROBLEMA APARENTEMENTE NÃO PERSISTE MAIS, OBRIGADO PELA AJUDA.

TEM ALGUMA ORIEENTAÇÃO PARA FAZER DIARIAMENTE, SE TIVER MANDE PARA MIM,

OBRIGADO.



#16
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.020 posts

Ok,

 

Os logs estão limpos. :)

 

Para finalizar:

  • Execute o OTL.exe

    Clique no botão Botao_Limpeza_OTL.png.
  • Faça o Download do CCleaner
    • Instale o programa
    • Clique em Registro > procurar erros > corrigir erros selecionados.
    • Depois, clique em Limpador > analisar > executar limpeza.
  • iconjava.png Atualize o Java. Versões antigas têm vunerabilidades que alguns malwares podem usar para infectar seu sistema.
    • Faça download da última versão do Java SE 7u21.
    • Clique em JRE Download
    • Marque a caixa Accept License Agreement..
    • Clique no link para download Windows x86 Offline 30.2 MB jre-7u21-windows-i586.exe e salve no seu desktop.
    • Feche qualquer programa que esteja executando, especialmente navegadores.
    • Vá em Iniciar > Painel de Controle duplo clique em Adicionar ou Remover Programas e remova todas as versões antigas do Java.
      Exemplos de versões antigas
      Java 2 Runtime Environment, SE v1.4.2
      J2SE Runtime Environment 5.0
      J2SE Runtime Environment 5.0 Update 6
    • Selecione qualquer item com nome Java Runtime Environment (JRE ou J2SE).
    • Clique no botão Remover ou Alterar/Remover.
    • Repita quantas vezes for necessária para remover cada versão do Java.
    • Reincie seu computador uma vez que todas as versões do Java tenham sido removidas.
    • Agora vá no seu desktop, clique duas vezes em jre-7u21-windows-i586.exe para instalar a mais nova versão.
    • ATENÇÃO: Desmarque a caixa de instalação da ASK Toolbar.
  • iconadobe.png  Atualize o Adobe Reader. Versões antigas têm vulnerabilidades que são exploradas por malwares.

    Clique aqui e instale a mais nova versão.
  • iconflash.png Mantenha o Flash Player atualizado. Versões antigas também têm vulnerabilidades que são exploradas por malwares. Clique aqui e instale a mais nova versão.
  • worm.pngWorms USB (vírus de pendrive) podem infectar qualquer tipo de dispositivo de armazenamento removível (pendrives, mp3, mp4, celulares, cartões de memória, câmeras fotográficas). Este tipo de malware explora um recurso nativo do Windows chamado Autorun, ou Autoplay (é aquele assistente que aparece quando você insere um cd ou pendrive, perguntando com qual programa você deseja abri-lo). O Autoplay precisa de um arquivo chamado autorun.inf para funcionar.

    Mantenha um cópia limpa e protegida do arquivo autorun.inf em todos os dispositivos removíveis e em todas as unidades do sistema. Deste modo, se acaso você plugar o seu pendrive em algum pc infectado, o malware não vai conseguir sobreescrever o arquivo pré-existente. Mas ainda assim ele poderá copiar seus executáveis maliciosos para o pendrive, tais como .EXE, .SCR, .CMD, .PIF, .BAT, .COM.
    Se você plugar este pendrive em uma máquina limpa e executar algum desses arquivos maliciosos, esse sistema será infectado da mesma forma. Portanto, tenha cuidado e use o bom senso.

    Para criar um arquivo autorun.inf protegido no Windows XP:

    Faça o download do Flash_Disinfector.exe e salve na sua área de trabalho.
    • Conecte todos os dispositivos de armazenamento removível nas portas USBs. Salve o que achar necessário, EXCETO arquivos executáveis, depois formate as mídias, indo em Meu Computador e clicando com o direito sobre a unidade da mídia, escolhendo a opção "Formatar"
    • Execute o Flash_Disinfector.exe.
    • Vá seguindo os prompts que poderão aparecer.
    • Espere até que o programa conclua a busca e depois saia do programa.
    Para Windows Vista e 7: Panda USB Vaccine
  • TFC_icon.pngPara manutenção de sistema, remoção de arquivos temporários e inválidos, baixe TFC, by OldTimer.

    Feche TODOS os programas e execute o TFC. Clique no botão Start e aguarde. Sua área de trabalho irá desaparecer, não se preocupe, isso faz parte do processo.

    Tenha paciência, conforme a quantidade de dados a serem excluídos, o processo pode demorar mais de 2 minutos.

    Quando terminar, você será solicitado a reiniciar seu computador. REINICIE.

    Caso não lhe seja solicitado, reinicie manualmente.
  • iconwu.pngVisite o Windows Update regularmente e verifique por atualizações.
    Novas brechas de segurança são descobertas com freqüência. Muitos malwares exploram essas brechas, infectando sistemas sem depender de nenhuma ação do usuário. A Microsoft corrige essas brechas através das atualizações.
    Por isso é fundamental manter o seu sistema atualizado.
  • Desative e ative novamente a Restauração do Sistema.
  • Aprenda alguns cuidados e dicas para manter seu computador limpo. Leia o artigo Proteja seu pc:
    http://linhadefensiv...proteja-seu-pc/
  • Se não há mais nenhum problema relacionado a malwares, clique no botão denunld.png e peça para fecharem seu tópico.

Se você tiver alguma dúvida relacionada a informática e tecnologia, sinta-se à vontade para postar em qualquer área do forum Linha Defensiva.

Abraço. :legal:



#17
afranionatanael

afranionatanael

    Novato

  • Novato
  • Pip
  • 16 posts

nao consegui baixar USB PANDA VACINNE..



#18
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.020 posts

nao consegui baixar USB PANDA VACINNE..

 

Por qual motivo?



#19
afranionatanael

afranionatanael

    Novato

  • Novato
  • Pip
  • 16 posts

nao consigo baixar panda usb vaccine , a pagina fica me levando a outra pagina e não baixar, pode dar uma olhada para mim,

obrigado.



#20
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.020 posts

nao consigo baixar panda usb vaccine , a pagina fica me levando a outra pagina e não baixar, pode dar uma olhada para mim,

obrigado.

 

Tente desse link:

 

http://download.cnet...b&part=dl-55967