Júnior Lima

Não consigo remover o vírus portal dos sites do meu pc.

28 posts in this topic

Não consigo remover o vírus portal dos sites do meu pc. Já tentei de todas as formas possíveis (Painel de Controle> Internet e Redes, Atalho do Navegador, Opções de Internet), mas não consegui. Alguém pode me ajudar? Agradeço muito.

 

Share this post


Link to post
Share on other sites

Júnior Lima,

 

Por favor, observe o seguinte:

  • NÃO tente realizar sozinho nenhum procedimento de limpeza. Em especial, não execute por conta própria ferramentas utilizadas no fórum Remoção de Malware. O uso indevido de algumas ferramentas poderá danificar o seu computador ou, no mínimo, remover parcialmente os sinais de uma infecção que serviriam de informação ao analista. A equipe não será responsabilizada por consequências resultantes de uso indevido e/ou não-informado das ferramentas. - Regra nº8 da Remoção de Malwares
  • Não inicie novo tópico sobre esse problema. Poste suas respostas sempre neste tópico.
  • Clique em button_seguir.png (se localiza no canto superior direito do post principal) para que receba notificação por e-mail quando o mesmo for respondido. Você também pode verificar os tópicos assinados usando a opção Conteúdo que sigo acessível através do Painel de Controle do fórum.
  • As análises podem levar algum tempo, portanto seja paciente.
  • As instruções são específicas para o seu computador, e devem ser aplicadas somente nele.
  • Se algo der errado, não importa. Sempre acompanhe seu tópico, informando-me dos resultados, até que seu computador esteja limpo.
  • Aviso: Evite utilizar as tags <QUOTE> ou <CODE> nos logs, isso prejudica a leitura na hora da analise.
  • Não abandone seu tópico. Para nós é importante saber se a remoção foi bem sucedida.
  • Se você não receber uma resposta minha em até 5 dias. Me envie uma MP

Peço que leia as instruções para usar a área Remoção de Vírus:
http://www.linhadefe...mocao-de-virus/

Ao invés de criar um novo tópico, peço que você continue com este e faça uma resposta colocando o log do HijackThis, MbrScan e FSS de acordo com as instruções presentes na página que lhe passei acima.

Qualquer dúvida é só perguntar.

Share this post


Link to post
Share on other sites

Ok,

 

Execute os procedimentos abaixo.

1)

Baixe o AdwCleaner e salve no desktop.
http://general-chang...de/2-adwcleaner

Execute o arquivo adwcleaner.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo adwcleaner.exe, depois clique em execadmin.png.

Clique em Remover.

Abrirá um bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.

2)

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe 1268r49.png e salve no desktop. Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

* No Windows Vista e Windows 7:

Clique com o direito sobre o JRT.exe e selecione run_as_adm1.png

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

3)

Baixe o Malwarebytes' Anti-Malware (MBAM)
http://download.cnet...4-10804572.html

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  • Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  • Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  • Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Em caso de dúvidas, leia o tutorial do programa:
http://linhadefensiv...showtopic=75554

Share this post


Link to post
Share on other sites

Conforme solicitado Carlos. 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Ultimate x86
Ran by Junior on 02/06/2013 at  0:05:09,98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02/06/2013 at  0:12:48,84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Obs.: O download do Malwarebytes' Anti-Malware (MBAM) não está concluindo, ou seja, a página agradece o download  mas ele não está acontecendo.

Share this post


Link to post
Share on other sites

Conforme solicitado Carlos, o log do MBAM : 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Versão da Base de Dados:  v2013.06.01.05
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
Junior :: JUNIOR-PC [administrador]
 
Proteção: Permitir
 
02/06/2013 00:54:35
mbam-log-2013-06-02 (00-54-35).txt
 
Tipo de Verificação:  Verificação Rápida 
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados:  195546
Tempo decorrido: 10 minuto(s), 15 segundo(s)
 
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
 
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
 
Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Arquivos Detectados: 0
(Não foram detectados ítens maliciosos)
 
(fim)

Obrigado Carlos, eu consegui baixar o programa no Baixaki. Brigadão msm viu pela força! ;)

Share this post


Link to post
Share on other sites

 

Obrigado Carlos, eu consegui baixar o programa no Baixaki.

 

Sugiro a leitura: http://www.linhadefensiva.org/2013/03/alerta-da-linha-instalador-baixaki-e-outros-sites-de-download/

 

Faça o download do OTL by OldTimer, e salve na sua área de trabalho:

http://oldtimer.geekstogo.com/OTL.exe

** Usuários do Windows Vista e Windows 7/8:

Clique com o direito sobre o arquivo OTL.exe, depois clique em execadmin.png .

Onde diz Saída, marque Padrão

Marque também estas opções:

  • Data de Criação -> mude para 90 dias
  • Verificar All Users
  • Usar WhiteList para Nomes de Companhias.

  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

CREATERESTOREPOINT

netsvcs

%SYSTEMDRIVE%\*.*

%systemdrive%\drivers\*.* /s

%systemdrive%\drivers\*.exe

%systemroot%\system32\drivers\*.* /90

%systemroot%\Fonts\*.dll

%systemroot%\Fonts\*.ini

%systemroot%\Fonts\*.ini2

%systemroot%\Fonts\*.com

%systemroot%\*.scr

%PROGRAMFILES%\*.*

%LOCALAPPDATA%\*.exe

%LOCALAPPDATA%\*.txt

%LOCALAPPDATA%\*.ini

%LOCALAPPDATA%\*.dll

%LOCALAPPDATA%\*.dat

%USERPROFILE%\*.exe

%USERPROFILE%\*.txt

%USERPROFILE%\*.ini

%USERPROFILE%\*.dll

%USERPROFILE%\*.dat /30

%appdata%\*.*

%windir%\tasks\*.* /s

%systemroot%\system32\tasks\*.*

%PROGRAMFILES%\Internet Explorer\*.*

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP

HKCU\Software\Microsoft\Internet Explorer\Downloads

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Google\Chrome
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList

%systemdrive%\$Recycle.Bin|@;true;true;true /fp

dir C:\ /S /A:L /C

/md5start

services.*

/md5stop

 

Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão verif.png

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt

Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.

Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.

Share this post


Link to post
Share on other sites
OTL logfile created on: 02/06/2013 15:15:53 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Junior\Desktop

 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16576)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

 

1,19 Gb Total Physical Memory | 0,46 Gb Available Physical Memory | 39,09% Memory free

2,37 Gb Paging File | 1,42 Gb Available in Paging File | 59,77% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 74,43 Gb Total Space | 21,81 Gb Free Space | 29,30% Space Free | Partition Type: NTFS

 

Computer Name: JUNIOR-PC | User Name: Junior | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013/06/02 15:13:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Junior\Desktop\OTL.exe

PRC - [2013/05/31 14:31:51 | 000,047,896 | ---- | M] (WebCake LLC) -- C:\Users\Junior\AppData\Roaming\WebCake\WebCakeDesktop.exe

PRC - [2013/05/31 14:31:51 | 000,023,552 | ---- | M] (WebCake LLC) -- C:\Arquivos de Programas\WebCake\WebCakeDesktop.Updater.exe

PRC - [2013/05/23 02:44:09 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Arquivos de Programas\Google\Chrome\Application\chrome.exe

PRC - [2013/05/19 03:08:25 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2013/05/18 15:02:04 | 000,802,136 | ---- | M] (BitTorrent Inc.) -- C:\Arquivos de Programas\uTorrent\uTorrent.exe

PRC - [2013/05/12 17:59:43 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Users\Junior\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe

PRC - [2013/05/11 07:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/11/20 09:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Media Player\wmplayer.exe

PRC - [2009/04/14 11:43:42 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE

PRC - [2007/05/16 09:27:38 | 001,209,904 | ---- | M] (Nero AG) -- C:\Arquivos de Programas\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

PRC - [2007/05/16 09:27:16 | 000,153,136 | ---- | M] (Nero AG) -- C:\Arquivos de Programas\Common Files\Ahead\Lib\NMBgMonitor.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/05/23 02:44:07 | 000,393,168 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\27.0.1453.94\ppgooglenaclpluginchrome.dll

MOD - [2013/05/23 02:44:06 | 013,136,336 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll

MOD - [2013/05/23 02:43:59 | 004,051,408 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\27.0.1453.94\pdf.dll

MOD - [2013/05/23 02:43:03 | 001,597,392 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll

MOD - [2013/05/19 04:10:55 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll

MOD - [2013/05/19 04:10:19 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll

MOD - [2013/05/19 04:07:30 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll

MOD - [2013/05/19 04:06:52 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll

MOD - [2013/05/19 04:06:40 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll

MOD - [2013/05/19 04:05:21 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll

MOD - [2013/04/13 22:40:52 | 004,537,856 | ---- | M] () -- C:\Users\Junior\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.3.0\libglesv2.dll

MOD - [2013/04/13 22:40:51 | 000,100,864 | ---- | M] () -- C:\Users\Junior\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.3.0\libegl.dll

MOD - [2012/10/05 07:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

MOD - [2010/11/12 20:34:31 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll

MOD - [2010/11/04 22:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll

MOD - [2010/11/04 22:58:04 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll

 

 

========== Services (SafeList) ==========

 

SRV - File not found [Auto | Running] -- C:\Program Files\WebCake\WebCakeDesktop.Updater.exe C:\Users\Junior\AppData\Roaming\WebCake\WebCakeDesktop.exe -- (WebCake Desktop Updater)

SRV - [2013/05/11 07:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/05/06 21:43:03 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2010/11/20 09:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 22:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2006/10/26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)

DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/11/20 09:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2010/11/20 09:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010/11/20 09:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2010/11/20 07:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 07:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2010/11/20 06:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/11/20 06:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010/11/20 06:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2010/08/06 18:25:02 | 000,045,056 | ---- | M] (VIA Technologies, Inc.              ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetn62.sys -- (FETNDIS)

DRV - [2010/02/11 08:59:48 | 000,023,192 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\xfilt.sys -- (xfilt)

DRV - [2010/02/11 08:59:18 | 000,013,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\videX32.sys -- (videX32)

DRV - [2010/01/29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Arquivos de Programas\UltraISO\drivers\ISODrive.sys -- (ISODrive)

DRV - [2009/07/13 20:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)

DRV - [2009/06/18 23:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-966216754-1057593224-3074052687-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

IE - HKU\S-1-5-21-966216754-1057593224-3074052687-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-966216754-1057593224-3074052687-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-966216754-1057593224-3074052687-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br

IE - HKU\S-1-5-21-966216754-1057593224-3074052687-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 21 1A A4 52 38 CE 01  [binary data]

IE - HKU\S-1-5-21-966216754-1057593224-3074052687-1000\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-966216754-1057593224-3074052687-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKU\S-1-5-21-966216754-1057593224-3074052687-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-966216754-1057593224-3074052687-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Junior\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Junior\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Junior\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

 

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},


CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Junior\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll

 

O1 HOSTS File: ([2009/06/10 18:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (WebCake) - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Arquivos de Programas\WebCake\WebCakeIEClient.dll (WebCake LLC)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (no name) - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - No CLSID value found.

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Arquivos de Programas\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [soundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKU\S-1-5-21-966216754-1057593224-3074052687-1000..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKU\S-1-5-21-966216754-1057593224-3074052687-1000..\Run: [dmn] regsvr32 /s "C:\Users\Junior\AppData\Roaming\JUNIOR-PC.jpg"  File not found

O4 - HKU\S-1-5-21-966216754-1057593224-3074052687-1000..\Run: [Facebook Update] C:\Users\Junior\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKU\S-1-5-21-966216754-1057593224-3074052687-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent Inc.)

O4 - HKU\S-1-5-21-966216754-1057593224-3074052687-1000..\Run: [WebCake Desktop] C:\Users\Junior\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\.DEFAULT..\RunOnce: [sPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)

O4 - HKU\S-1-5-18..\RunOnce: [sPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de Programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - Reg Error: Key error. File not found

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.25.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96EAB73A-97A5-4B36-B229-647CB4C7E859}: DhcpNameServer = 192.168.25.1

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

========== Files/Folders - Created Within 90 Days ==========

 

[2013/06/02 15:13:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Junior\Desktop\OTL.exe

[2013/06/02 00:48:11 | 000,000,000 | ---D | C] -- C:\Users\Junior\AppData\Roaming\Malwarebytes

[2013/06/02 00:47:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/06/02 00:47:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/06/02 00:47:49 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2013/06/02 00:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013/06/02 00:47:33 | 000,000,000 | ---D | C] -- C:\Users\Junior\AppData\Local\Programs

[2013/06/02 00:46:39 | 000,000,000 | ---D | C] -- C:\Users\Junior\AppData\Roaming\WebCake

[2013/06/02 00:46:38 | 000,000,000 | ---D | C] -- C:\Program Files\WebCake

[2013/06/02 00:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer

[2013/06/02 00:46:26 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Junior\Desktop\mbam-setup-1.75.0.1300.exe

[2013/06/01 23:54:50 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013/06/01 23:54:12 | 000,000,000 | ---D | C] -- C:\JRT

[2013/06/01 23:52:13 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Junior\Desktop\JRT.exe

[2013/06/01 23:06:33 | 000,355,651 | ---- | C] (Farbar) -- C:\Users\Junior\Desktop\FSS.exe

[2013/06/01 23:03:11 | 000,147,456 | ---- | C] (Eric_71) -- C:\Users\Junior\Desktop\MbrScan.exe

[2013/06/01 22:58:15 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Users\Junior\Desktop\HijackThis.exe

[2013/05/29 00:29:48 | 000,000,000 | ---D | C] -- C:\Users\Junior\AppData\Local\Adobe

[2013/05/29 00:26:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2013/05/29 00:26:47 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2013/05/29 00:23:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe

[2013/05/28 20:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2013/05/26 23:20:24 | 000,000,000 | ---D | C] -- C:\Users\Junior\AppData\Roaming\WinRAR

[2013/05/26 23:20:23 | 000,000,000 | ---D | C] -- C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

[2013/05/26 23:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

[2013/05/26 23:20:10 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2013/05/20 22:18:14 | 000,000,000 | ---D | C] -- C:\Users\Junior\AppData\Roaming\Ahead

[2013/05/18 14:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent

[2013/05/18 14:58:33 | 000,000,000 | ---D | C] -- C:\Users\Junior\AppData\Roaming\uTorrent

[2013/05/18 11:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2013/05/17 17:18:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview

[2013/05/17 17:16:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders

[2013/05/17 16:53:01 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll

[2013/05/15 22:48:07 | 000,000,000 | ---D | C] -- C:\Users\Junior\AppData\Local\ESET

[2013/05/15 22:09:35 | 000,000,000 | ---D | C] -- C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary

[2013/05/13 18:58:44 | 001,337,960 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Junior\Desktop\SkypeSetup.exe

[2013/05/13 12:10:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt

[2013/05/11 19:26:02 | 000,000,000 | ---D | C] -- C:\Users\Junior\AppData\Local\Facebook

[2013/05/11 12:24:18 | 000,000,000 | ---D | C] -- C:\Users\Junior\AppData\Roaming\Omiga Plus

[2013/05/11 11:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu Security

[2013/05/11 11:26:32 | 000,000,000 | ---D | C] -- C:\Users\Junior\AppData\Roaming\Baidu Security

[2013/05/07 23:25:44 | 000,000,000 | ---D | C] -- C:\77f4e5e960b7c5db6864cd04c1badfb2

[2013/05/07 10:56:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat

[2013/05/06 21:41:07 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0

[2013/05/04 09:34:08 | 000,000,000 | ---D | C] -- C:\Users\Junior\AppData\Local\Microsoft Games

[2013/05/03 10:43:09 | 000,000,000 | ---D | C] -- C:\Users\Junior\AppData\Roaming\Media Player Classic

[2013/04/24 21:51:35 | 000,000,000 | ---D | C] -- C:\Users\Junior\AppData\Roaming\Macromedia

[2013/04/24 21:51:33 | 000,000,000 | ---D | C] -- C:\Users\Junior\AppData\Roaming\Adobe

[2013/04/24 21:50:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\macromed

[2013/04/24 21:50:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2013/04/24 21:48:49 | 000,152,880 | R--- | C] (360.cn) -- C:\Windows\System32\drivers\360FileOem.sys

[2013/04/24 21:48:46 | 000,064,048 | R--- | C] (360安全中心) -- C:\Windows\System32\drivers\360SpOEM.sys

[2013/04/24 21:48:45 | 000,029,744 | R--- | C] (360安全中心) -- C:\Windows\System32\drivers\360RegOem.sys

[2013/04/24 21:48:09 | 000,061,488 | R--- | C] (360安全中心) -- C:\Windows\System32\drivers\360HookOem.sys

[2013/04/24 21:46:39 | 000,000,000 | ---D | C] -- C:\Users\Junior\AppData\Local\Rich Media Player

[2013/04/24 21:46:20 | 000,000,000 | ---D | C] -- C:\Users\Junior\AppData\Roaming\PhotoScape

[2013/04/24 21:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape

[2013/04/24 21:44:53 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape

[2013/04/24 21:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\PSafe

[2013/04/20 21:50:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2013/04/20 21:50:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2013/04/20 21:48:27 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2013/04/16 20:49:33 | 000,000,000 | ---D | C] -- C:\Users\Junior\AppData\Roaming\Youtube Downloader HD

[2013/04/16 20:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Youtube Downloader HD

[2013/04/16 20:49:03 | 000,000,000 | ---D | C] -- C:\Program Files\Youtube Downloader HD

[2013/04/14 07:25:20 | 000,000,000 | ---D | C] -- C:\Users\Junior\Documents\Júnior - Arquivos

[2013/04/13 11:49:10 | 000,000,000 | ---D | C] -- C:\Users\Junior\AppData\Local\Google

[2013/04/13 11:49:08 | 000,000,000 | ---D | C] -- C:\Program Files\Google

[2013/04/13 11:48:57 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2013/04/13 11:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2013/04/13 11:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2013/04/13 10:01:09 | 000,000,000 | ---D | C] -- C:\Users\Junior\AppData\Local\Ahead

[2013/04/13 09:58:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials

[2013/04/13 09:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero

[2013/04/13 09:56:07 | 000,000,000 | ---D | C] -- C:\Program Files\Nero

[2013/04/13 09:56:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead

[2013/04/13 09:49:53 | 000,000,000 | ---D | C] -- C:\Users\Junior\AppData\Local\Diagnostics

[2013/04/13 09:41:18 | 000,000,000 | ---D | C] -- C:\Users\Junior\AppData\Roaming\DRPSu

[2013/04/13 09:14:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

[2013/04/13 09:11:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works

[2013/04/13 09:10:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio

[2013/04/13 09:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER

[2013/04/13 09:10:07 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2013/04/13 09:10:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET

[2013/04/13 09:05:23 | 000,000,000 | ---D | C] -- C:\Users\Junior\AppData\Local\Microsoft Help

[2013/04/13 09:05:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2013/04/13 09:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2013/04/13 09:05:03 | 000,000,000 | -HSD | C] -- C:\Windows\Installer

[2013/04/13 09:04:31 | 000,000,000 | RH-D | C] -- C:\MSOCache

[2013/04/13 09:01:09 | 000,238,944 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\System32\RaCoInst.dll

[2013/04/13 07:58:20 | 000,000,000 | ---D | C] -- C:\Users\Junior\Desktop\Junior

[2013/04/12 20:26:41 | 000,000,000 | ---D | C] -- C:\Windows\Panther

[2013/04/12 16:44:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO

[2013/04/12 16:44:11 | 000,000,000 | ---D | C] -- C:\Program Files\UltraISO

[2013/04/12 16:44:11 | 000,000,000 | ---D | C] -- C:\Users\Junior\Documents\My ISO Files

[2013/04/12 16:44:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EZB Systems

[2013/04/12 16:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack

[2013/04/12 16:43:23 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm

[2013/04/12 16:43:17 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack

[2013/04/12 15:36:55 | 000,000,000 | ---D | C] -- C:\Users\Junior\AppData\Local\ElevatedDiagnostics

[2013/04/12 15:35:23 | 000,000,000 | R--D | C] -- C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2013/04/12 15:35:23 | 000,000,000 | R--D | C] -- C:\Users\Junior\Searches

[2013/04/12 15:35:23 | 000,000,000 | R--D | C] -- C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2013/04/12 15:35:09 | 000,000,000 | ---D | C] -- C:\Users\Junior\AppData\Roaming\Identities

[2013/04/12 15:35:05 | 000,000,000 | R--D | C] -- C:\Users\Junior\Contacts

[2013/04/12 15:34:37 | 000,000,000 | ---D | C] -- C:\Users\Junior\AppData\Local\VirtualStore

[2013/04/12 15:34:35 | 000,000,000 | -HSD | C] -- C:\Users\Junior\AppData\Local\Temporary Internet Files

[2013/04/12 15:34:35 | 000,000,000 | -HSD | C] -- C:\Users\Junior\SendTo

[2013/04/12 15:34:35 | 000,000,000 | -HSD | C] -- C:\Users\Junior\Recent

[2013/04/12 15:34:35 | 000,000,000 | -HSD | C] -- C:\Users\Junior\Modelos

[2013/04/12 15:34:35 | 000,000,000 | -HSD | C] -- C:\Users\Junior\Documents\Minhas músicas

[2013/04/12 15:34:35 | 000,000,000 | -HSD | C] -- C:\Users\Junior\Documents\Minhas imagens

[2013/04/12 15:34:35 | 000,000,000 | -HSD | C] -- C:\Users\Junior\Documents\Meus vídeos

[2013/04/12 15:34:35 | 000,000,000 | -HSD | C] -- C:\Users\Junior\Menu Iniciar

[2013/04/12 15:34:35 | 000,000,000 | -HSD | C] -- C:\Users\Junior\AppData\Local\Histórico

[2013/04/12 15:34:35 | 000,000,000 | -HSD | C] -- C:\Users\Junior\Dados de aplicativos

[2013/04/12 15:34:35 | 000,000,000 | -HSD | C] -- C:\Users\Junior\AppData\Local\Dados de aplicativos

[2013/04/12 15:34:35 | 000,000,000 | -HSD | C] -- C:\Users\Junior\Cookies

[2013/04/12 15:34:35 | 000,000,000 | -HSD | C] -- C:\Users\Junior\Configurações locais

[2013/04/12 15:34:35 | 000,000,000 | -HSD | C] -- C:\Users\Junior\Ambiente de rede

[2013/04/12 15:34:35 | 000,000,000 | -HSD | C] -- C:\Users\Junior\Ambiente de impressão

[2013/04/12 15:34:34 | 000,000,000 | --SD | C] -- C:\Users\Junior\AppData\Roaming\Microsoft

[2013/04/12 15:34:34 | 000,000,000 | R--D | C] -- C:\Users\Junior\Videos

[2013/04/12 15:34:34 | 000,000,000 | R--D | C] -- C:\Users\Junior\Saved Games

[2013/04/12 15:34:34 | 000,000,000 | R--D | C] -- C:\Users\Junior\Pictures

[2013/04/12 15:34:34 | 000,000,000 | R--D | C] -- C:\Users\Junior\Music

[2013/04/12 15:34:34 | 000,000,000 | R--D | C] -- C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2013/04/12 15:34:34 | 000,000,000 | R--D | C] -- C:\Users\Junior\Links

[2013/04/12 15:34:34 | 000,000,000 | R--D | C] -- C:\Users\Junior\Favorites

[2013/04/12 15:34:34 | 000,000,000 | R--D | C] -- C:\Users\Junior\Downloads

[2013/04/12 15:34:34 | 000,000,000 | R--D | C] -- C:\Users\Junior\Documents

[2013/04/12 15:34:34 | 000,000,000 | R--D | C] -- C:\Users\Junior\Desktop

[2013/04/12 15:34:34 | 000,000,000 | R--D | C] -- C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2013/04/12 15:34:34 | 000,000,000 | -HSD | C] -- C:\Users\Junior\Meus documentos

[2013/04/12 15:34:34 | 000,000,000 | -H-D | C] -- C:\Users\Junior\AppData

[2013/04/12 15:34:34 | 000,000,000 | ---D | C] -- C:\Users\Junior\AppData\Local\Temp

[2013/04/12 15:34:34 | 000,000,000 | ---D | C] -- C:\Users\Junior\AppData\Local\Microsoft

[2013/04/12 15:34:34 | 000,000,000 | ---D | C] -- C:\Users\Junior\AppData\Roaming\Media Center Programs

[2013/04/12 15:34:24 | 000,000,000 | -HSD | C] -- C:\Program Files\Common Files\Sistema

[2013/04/12 15:34:24 | 000,000,000 | -HSD | C] -- C:\Recovery

[2013/04/12 15:34:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\Modelos

[2013/04/12 15:34:24 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Minhas músicas

[2013/04/12 15:34:24 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Minhas imagens

[2013/04/12 15:34:24 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Meus vídeos

[2013/04/12 15:34:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Iniciar

[2013/04/12 15:34:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoritos

[2013/04/12 15:34:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documentos

[2013/04/12 15:34:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dados de aplicativos

[2013/04/12 15:34:24 | 000,000,000 | -HSD | C] -- C:\Arquivos de Programas

[2013/04/12 15:34:24 | 000,000,000 | -HSD | C] -- C:\Program Files\Arquivos Comuns

[2013/04/12 15:31:07 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2013/04/12 15:27:59 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch

[2013/04/12 15:27:34 | 000,000,000 | -HSD | C] -- C:\System Volume Information

 

========== Files - Modified Within 90 Days ==========

 

[2013/06/02 15:13:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Junior\Desktop\OTL.exe

[2013/06/02 15:07:06 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-966216754-1057593224-3074052687-1000UA.job

[2013/06/02 15:03:45 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/06/02 15:03:45 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/06/02 14:55:01 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/06/02 13:31:04 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-966216754-1057593224-3074052687-1000UA.job

[2013/06/02 11:55:12 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/06/02 00:47:55 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/06/02 00:46:26 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Junior\Desktop\mbam-setup-1.75.0.1300.exe

[2013/06/02 00:21:22 | 000,000,853 | ---- | M] () -- C:\Users\Junior\Desktop\Downloads.lnk

[2013/06/02 00:03:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/06/02 00:03:13 | 955,949,056 | -HS- | M] () -- C:\hiberfil.sys

[2013/06/01 23:52:56 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Junior\Desktop\JRT.exe

[2013/06/01 23:38:51 | 000,632,031 | ---- | M] () -- C:\Users\Junior\Desktop\adwcleaner.exe

[2013/06/01 23:07:04 | 000,355,651 | ---- | M] (Farbar) -- C:\Users\Junior\Desktop\FSS.exe

[2013/06/01 23:05:13 | 000,000,512 | ---- | M] () -- C:\Users\Junior\Desktop\Dump_Hdd0_DR0.mbr

[2013/06/01 23:03:29 | 000,147,456 | ---- | M] (Eric_71) -- C:\Users\Junior\Desktop\MbrScan.exe

[2013/06/01 22:58:30 | 000,218,112 | ---- | M] (Soeperman Enterprises Ltd.) -- C:\Users\Junior\Desktop\HijackThis.exe

[2013/06/01 22:07:52 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-966216754-1057593224-3074052687-1000Core.job

[2013/05/29 19:31:03 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-966216754-1057593224-3074052687-1000Core.job

[2013/05/29 00:27:40 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk

[2013/05/28 20:28:22 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2013/05/28 18:19:22 | 000,663,606 | ---- | M] () -- C:\Windows\System32\prfh0416.dat

[2013/05/28 18:19:22 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013/05/28 18:19:22 | 000,127,896 | ---- | M] () -- C:\Windows\System32\prfc0416.dat

[2013/05/28 18:19:22 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013/05/26 23:06:11 | 000,000,058 | ---- | M] () -- C:\Users\Junior\AppData\Roaming\id

[2013/05/25 21:53:52 | 000,080,704 | ---- | M] () -- C:\Users\Junior\Documents\579246_382517368532822_750311148_n.jpg

[2013/05/23 12:04:18 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/05/23 11:20:49 | 000,050,017 | ---- | M] () -- C:\Users\Junior\Documents\168258_157976807708565_1204530358_n.jpg

[2013/05/23 11:18:47 | 000,050,951 | ---- | M] () -- C:\Users\Junior\Documents\969317_157976744375238_1555274894_n.jpg

[2013/05/20 21:45:42 | 000,007,168 | ---- | M] () -- C:\Users\Junior\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013/05/19 04:01:28 | 000,342,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2013/05/19 03:09:40 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

[2013/05/18 16:30:44 | 000,011,164 | ---- | M] () -- C:\Users\Junior\Documents\971010_434431006653408_633429775_n.jpg

[2013/05/18 14:59:54 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk

[2013/05/18 12:50:43 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2013/05/17 00:54:12 | 000,162,014 | ---- | M] () -- C:\Users\Junior\Desktop\ii_premio_ufes_de_literatura.pdf

[2013/05/13 18:58:45 | 001,337,960 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Junior\Desktop\SkypeSetup.exe

[2013/05/09 05:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2013/05/08 23:06:26 | 000,019,456 | -H-- | M] () -- C:\Users\Junior\Documents\photothumb.db

[2013/05/01 17:09:45 | 000,013,983 | ---- | M] () -- C:\Users\Junior\Documents\559709_134449863398810_228088851_n.jpg

[2013/05/01 08:26:53 | 000,281,640 | ---- | M] () -- C:\Users\Junior\Documents\923565_563046113740016_296354017_n.jpg

[2013/04/24 21:45:57 | 000,000,989 | ---- | M] () -- C:\Users\Junior\Desktop\PhotoScape.lnk

[2013/04/23 14:34:45 | 000,001,304 | ---- | M] () -- C:\Users\Junior\Desktop\Notepad.lnk

[2013/04/23 10:59:45 | 000,001,046 | ---- | M] () -- C:\Users\Junior\Desktop\Júnior - Arquivos para Gravar em DVD.lnk

[2013/04/16 20:49:19 | 000,001,111 | ---- | M] () -- C:\Users\Junior\Desktop\Youtube Downloader HD.lnk

[2013/04/15 07:46:01 | 000,001,880 | ---- | M] () -- C:\Users\Junior\Desktop\Júnior - Meus Arquivos.lnk

[2013/04/14 07:24:11 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2013/04/13 09:58:44 | 000,002,728 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk

[2013/04/13 09:58:44 | 000,002,632 | ---- | M] () -- C:\Users\Public\Desktop\Nero Home Essentials SE.lnk

[2013/04/12 16:44:12 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\UltraISO.lnk

[2013/04/12 15:37:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2013/04/12 15:32:11 | 000,051,953 | ---- | M] () -- C:\Windows\System32\license.rtf

[2013/04/05 17:42:50 | 000,152,880 | R--- | M] (360.cn) -- C:\Windows\System32\drivers\360FileOem.sys

[2013/04/05 17:42:50 | 000,064,048 | R--- | M] (360安全中心) -- C:\Windows\System32\drivers\360SpOEM.sys

[2013/04/05 17:42:50 | 000,061,488 | R--- | M] (360安全中心) -- C:\Windows\System32\drivers\360HookOem.sys

[2013/04/05 17:42:50 | 000,029,744 | R--- | M] (360安全中心) -- C:\Windows\System32\drivers\360RegOem.sys

[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2013/04/02 20:48:16 | 000,151,430 | ---- | M] () -- C:\Users\Junior\Documents\tempo de chuva ii - frank_002.jpg

 

========== Files Created - No Company Name ==========

 

[2013/06/02 00:47:55 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/06/02 00:21:22 | 000,000,853 | ---- | C] () -- C:\Users\Junior\Desktop\Downloads.lnk

[2013/06/01 23:38:37 | 000,632,031 | ---- | C] () -- C:\Users\Junior\Desktop\adwcleaner.exe

[2013/06/01 23:04:21 | 000,000,512 | ---- | C] () -- C:\Users\Junior\Desktop\Dump_Hdd0_DR0.mbr

[2013/05/29 00:27:39 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk

[2013/05/29 00:27:38 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

[2013/05/28 20:28:22 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2013/05/26 23:06:11 | 000,000,058 | ---- | C] () -- C:\Users\Junior\AppData\Roaming\id

[2013/05/25 21:52:53 | 000,080,704 | ---- | C] () -- C:\Users\Junior\Documents\579246_382517368532822_750311148_n.jpg

[2013/05/23 11:20:02 | 000,050,017 | ---- | C] () -- C:\Users\Junior\Documents\168258_157976807708565_1204530358_n.jpg

[2013/05/23 11:17:32 | 000,050,951 | ---- | C] () -- C:\Users\Junior\Documents\969317_157976744375238_1555274894_n.jpg

[2013/05/19 03:09:40 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2013/05/18 16:30:39 | 000,011,164 | ---- | C] () -- C:\Users\Junior\Documents\971010_434431006653408_633429775_n.jpg

[2013/05/18 14:59:54 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk

[2013/05/18 11:56:11 | 000,002,129 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/05/18 11:50:59 | 000,001,056 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/05/18 11:50:53 | 000,001,052 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/05/17 16:56:00 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe

[2013/05/17 16:55:38 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd

[2013/05/17 16:52:35 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2013/05/17 16:52:29 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml

[2013/05/17 16:52:14 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml

[2013/05/17 00:54:11 | 000,162,014 | ---- | C] () -- C:\Users\Junior\Desktop\ii_premio_ufes_de_literatura.pdf

[2013/05/15 22:02:59 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-966216754-1057593224-3074052687-1000UA.job

[2013/05/15 22:02:48 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-966216754-1057593224-3074052687-1000Core.job

[2013/05/11 19:26:20 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-966216754-1057593224-3074052687-1000UA.job

[2013/05/11 19:26:19 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-966216754-1057593224-3074052687-1000Core.job

[2013/05/06 22:07:35 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

[2013/05/06 22:04:27 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

[2013/05/01 17:09:26 | 000,013,983 | ---- | C] () -- C:\Users\Junior\Documents\559709_134449863398810_228088851_n.jpg

[2013/05/01 08:26:39 | 000,281,640 | ---- | C] () -- C:\Users\Junior\Documents\923565_563046113740016_296354017_n.jpg

[2013/04/25 00:02:57 | 000,019,456 | -H-- | C] () -- C:\Users\Junior\Documents\photothumb.db

[2013/04/24 21:45:57 | 000,000,989 | ---- | C] () -- C:\Users\Junior\Desktop\PhotoScape.lnk

[2013/04/23 14:34:45 | 000,001,304 | ---- | C] () -- C:\Users\Junior\Desktop\Notepad.lnk

[2013/04/23 10:59:45 | 000,001,046 | ---- | C] () -- C:\Users\Junior\Desktop\Júnior - Arquivos para Gravar em DVD.lnk

[2013/04/16 21:32:14 | 000,007,168 | ---- | C] () -- C:\Users\Junior\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013/04/16 20:49:19 | 000,001,111 | ---- | C] () -- C:\Users\Junior\Desktop\Youtube Downloader HD.lnk

[2013/04/15 07:46:01 | 000,001,880 | ---- | C] () -- C:\Users\Junior\Desktop\Júnior - Meus Arquivos.lnk

[2013/04/14 09:29:08 | 000,151,430 | ---- | C] () -- C:\Users\Junior\Documents\tempo de chuva ii - frank_002.jpg

[2013/04/14 07:24:11 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2013/04/13 09:58:44 | 000,002,728 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk

[2013/04/13 09:58:44 | 000,002,632 | ---- | C] () -- C:\Users\Public\Desktop\Nero Home Essentials SE.lnk

[2013/04/13 09:01:41 | 000,039,656 | ---- | C] () -- C:\Windows\System32\OEMLOGO.bmp

[2013/04/13 09:01:07 | 000,014,051 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat

[2013/04/13 09:00:22 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll

[2013/04/13 08:59:12 | 000,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll

[2013/04/13 08:58:12 | 000,141,016 | ---- | C] () -- C:\Windows\System32\ALSNDMGR.WAV

[2013/04/12 16:44:12 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\UltraISO.lnk

[2013/04/12 16:43:26 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2013/04/12 16:43:24 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2013/04/12 16:43:23 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2013/04/12 16:43:23 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2013/04/12 16:43:22 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2013/04/12 15:37:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2013/04/12 15:35:26 | 000,001,389 | ---- | C] () -- C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2013/04/12 15:31:58 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk

[2013/04/12 15:31:46 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk

[2013/04/12 15:27:34 | 955,949,056 | -HS- | C] () -- C:\hiberfil.sys

 

========== ZeroAccess Check ==========

 

[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 01:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

========== LOP Check ==========

 

[2013/05/11 11:26:34 | 000,000,000 | ---D | M] -- C:\Users\Junior\AppData\Roaming\Baidu Security

[2013/05/11 12:23:08 | 000,000,000 | ---D | M] -- C:\Users\Junior\AppData\Roaming\DRPSu

[2013/05/11 13:05:10 | 000,000,000 | ---D | M] -- C:\Users\Junior\AppData\Roaming\Omiga Plus

[2013/06/02 01:45:59 | 000,000,000 | ---D | M] -- C:\Users\Junior\AppData\Roaming\PhotoScape

[2013/06/02 15:33:57 | 000,000,000 | ---D | M] -- C:\Users\Junior\AppData\Roaming\uTorrent

[2013/06/02 13:57:15 | 000,000,000 | ---D | M] -- C:\Users\Junior\AppData\Roaming\WebCake

[2013/06/02 03:29:45 | 000,000,000 | ---D | M] -- C:\Users\Junior\AppData\Roaming\Youtube Downloader HD

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

< %SYSTEMDRIVE%\*.* >

[2013/06/01 23:42:39 | 000,004,639 | ---- | M] () -- C:\AdwCleaner[s1].txt

[2009/06/10 18:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2009/06/10 18:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys

[2013/06/02 00:03:13 | 955,949,056 | -HS- | M] () -- C:\hiberfil.sys

[2013/06/02 00:03:14 | 1274,601,472 | -HS- | M] () -- C:\pagefile.sys

 

< %systemdrive%\drivers\*.* /s >

 

< %systemdrive%\drivers\*.exe >

 

< %systemroot%\system32\drivers\*.* /90 >

[2013/04/05 17:42:50 | 000,152,880 | R--- | M] (360.cn) -- C:\Windows\system32\drivers\360FileOem.sys

[2013/04/05 17:42:50 | 000,061,488 | R--- | M] (360安全中心) -- C:\Windows\system32\drivers\360HookOem.sys

[2013/04/05 17:42:50 | 000,029,744 | R--- | M] (360安全中心) -- C:\Windows\system32\drivers\360RegOem.sys

[2013/04/05 17:42:50 | 000,064,048 | R--- | M] (360安全中心) -- C:\Windows\system32\drivers\360SpOEM.sys

[2013/04/10 02:18:40 | 000,728,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\dxgkrnl.sys

[2013/04/10 02:18:40 | 000,218,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\dxgmms1.sys

[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys

[2013/04/12 15:37:02 | 000,000,000 | -H-- | M] () -- C:\Windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2013/04/14 07:24:11 | 000,000,000 | -H-- | M] () -- C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2013/04/12 10:45:29 | 001,211,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ntfs.sys

 

< %systemroot%\Fonts\*.dll >

 

< %systemroot%\Fonts\*.ini >

[2009/06/10 18:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

 

< %systemroot%\Fonts\*.ini2 >

 

< %systemroot%\Fonts\*.com >

[2009/07/14 01:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont

[2009/07/14 01:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont

[2009/07/14 01:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

[2009/07/14 01:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

 

< %systemroot%\*.scr >

 

< %PROGRAMFILES%\*.* >

[2009/07/14 01:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

 

< %LOCALAPPDATA%\*.exe >

 

< %LOCALAPPDATA%\*.txt >

 

< %LOCALAPPDATA%\*.ini >

[2013/05/20 21:45:42 | 000,007,168 | ---- | M] () -- C:\Users\Junior\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

< %LOCALAPPDATA%\*.dll >

 

< %LOCALAPPDATA%\*.dat >

[2013/05/08 22:18:17 | 000,084,576 | ---- | M] () -- C:\Users\Junior\AppData\Local\GDIPFONTCACHEV1.DAT

 

< %USERPROFILE%\*.exe >

 

< %USERPROFILE%\*.txt >

 

< %USERPROFILE%\*.ini >

[2013/04/12 15:34:35 | 000,000,020 | -HS- | M] () -- C:\Users\Junior\ntuser.ini

 

< %USERPROFILE%\*.dll >

 

< %USERPROFILE%\*.dat /30 >

[2013/06/02 15:37:32 | 001,310,720 | -HS- | M] () -- C:\Users\Junior\NTUSER.DAT

 

< %appdata%\*.* >

[2013/05/26 23:06:11 | 000,000,058 | ---- | M] () -- C:\Users\Junior\AppData\Roaming\id

 

< %windir%\tasks\*.* /s >

[2013/05/29 19:31:03 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-966216754-1057593224-3074052687-1000Core.job

[2013/06/02 13:31:04 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-966216754-1057593224-3074052687-1000UA.job

[2013/06/02 11:55:12 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/06/02 14:55:01 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/06/01 22:07:52 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-966216754-1057593224-3074052687-1000Core.job

[2013/06/02 15:07:06 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-966216754-1057593224-3074052687-1000UA.job

[2013/06/02 00:03:32 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2013/05/18 10:48:43 | 000,032,584 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

 

< %systemroot%\system32\tasks\*.* >

[2013/05/28 20:28:58 | 000,002,774 | ---- | M] () -- C:\Windows\system32\tasks\CCleanerSkipUAC

[2013/04/16 20:48:41 | 000,003,514 | ---- | M] () -- C:\Windows\system32\tasks\DealPly

[2013/05/11 11:28:50 | 000,003,376 | ---- | M] () -- C:\Windows\system32\tasks\Desk 365 RunAsStdUser

[2013/05/11 19:26:19 | 000,003,542 | ---- | M] () -- C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-966216754-1057593224-3074052687-1000Core

[2013/05/11 19:26:20 | 000,003,910 | ---- | M] () -- C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-966216754-1057593224-3074052687-1000UA

[2013/05/18 11:50:57 | 000,003,800 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore

[2013/05/18 11:51:00 | 000,004,052 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA

[2013/05/15 22:02:50 | 000,003,488 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-966216754-1057593224-3074052687-1000Core

[2013/05/15 22:02:59 | 000,003,884 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-966216754-1057593224-3074052687-1000UA

[2013/05/11 12:24:31 | 000,003,400 | ---- | M] () -- C:\Windows\system32\tasks\Omiga Plus RunAsStdUser

[2013/06/02 11:32:39 | 000,003,950 | ---- | M] () -- C:\Windows\system32\tasks\User_Feed_Synchronization-{91E9D1BA-509D-451D-9F69-9C0583E3514D}

[2013/06/01 23:58:56 | 000,003,114 | ---- | M] () -- C:\Windows\system32\tasks\{9D972B00-FD5F-4C42-B6FF-6A97AB6266A6}

 

< %PROGRAMFILES%\Internet Explorer\*.* >

[2013/05/19 03:09:40 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ExtExport.exe

[2013/05/19 03:09:40 | 000,002,843 | ---- | M] () -- C:\Program Files\Internet Explorer\ie9props.propdesc

[2013/05/19 03:09:40 | 000,327,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iediagcmd.exe

[2013/05/19 03:09:40 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iedvtool.dll

[2013/05/19 03:09:40 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieinstal.exe

[2013/05/19 03:09:40 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ielowutil.exe

[2013/05/19 03:09:40 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieproxy.dll

[2013/05/19 03:09:40 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEShims.dll

[2010/11/04 23:20:53 | 000,005,436 | ---- | M] () -- C:\Program Files\Internet Explorer\iessetup.ceb

[2009/07/13 22:15:28 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iessetup.dll

[2013/05/19 03:09:40 | 000,770,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe

[2013/05/19 03:09:40 | 000,440,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsdbgui.dll

[2013/05/19 03:09:40 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsdebuggeride.dll

[2013/05/19 03:09:40 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\JSProfilerCore.dll

[2013/05/19 03:09:40 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsprofilerui.dll

[2013/05/19 03:09:40 | 000,285,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\msdbg2.dll

[2013/05/19 03:09:40 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\networkinspection.dll

[2013/05/19 03:09:40 | 000,392,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\pdm.dll

[2013/05/19 03:09:40 | 000,070,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\pdmproxy100.dll

[2013/05/19 03:09:40 | 000,217,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\sqmapi.dll

 

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >

"DefaultConnectionSettings" = 46 00 00 00 E6 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 45 61 3D CF F1 53 CE 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 19 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 41 37 9E 76 04 A1 09 DD 45 28 FB 8A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [binary data over 200 bytes]

"SavedLegacySettings" = 46 00 00 00 F9 01 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 45 61 3D CF F1 53 CE 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 19 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 41 37 9E 76 04 A1 09 DD 45 28 FB 8A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [binary data over 200 bytes]

 

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations >

 

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments >

 

< HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s >

 

< HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP >

 

< HKCU\Software\Microsoft\Internet Explorer\Downloads >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services >

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client]

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Google\Chrome >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList >

 

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

 

< dir C:\ /S /A:L /C >

 O volume na unidade C nÆo tem nome.

 O N£mero de S‚rie do Volume ‚ ECC6-777E

 Pasta de C:\

12/04/2013  15:34    <JUNCTION>     Arquivos de Programas [C:\Program Files]

14/07/2009  01:53    <JUNCTION>     Documents and Settings [C:\Users]

               0 arquivo(s)              0 bytes

 Pasta de C:\Program Files

12/04/2013  15:34    <JUNCTION>     Arquivos Comuns [C:\Program Files\Common Files]

               0 arquivo(s)              0 bytes

 Pasta de C:\Program Files\Common Files

12/04/2013  15:34    <JUNCTION>     Sistema [C:\Program Files\Common Files\System]

               0 arquivo(s)              0 bytes

 Pasta de C:\Program Files\Windows NT

12/04/2013  15:34    <JUNCTION>     Acess¢rios [C:\Program Files\Windows NT\Accessories]

               0 arquivo(s)              0 bytes

 Pasta de C:\ProgramData

14/07/2009  01:53    <JUNCTION>     Application Data [C:\ProgramData]

12/04/2013  15:34    <JUNCTION>     Dados de aplicativos [C:\ProgramData]

14/07/2009  01:53    <JUNCTION>     Desktop [C:\Users\Public\Desktop]

12/04/2013  15:34    <JUNCTION>     Documentos [C:\Users\Public\Documents]

14/07/2009  01:53    <JUNCTION>     Documents [C:\Users\Public\Documents]

14/07/2009  01:53    <JUNCTION>     Favorites [C:\Users\Public\Favorites]

12/04/2013  15:34    <JUNCTION>     Favoritos [C:\Users\Public\Favorites]

12/04/2013  15:34    <JUNCTION>     Menu Iniciar [C:\ProgramData\Microsoft\Windows\Start Menu]

12/04/2013  15:34    <JUNCTION>     Modelos [C:\ProgramData\Microsoft\Windows\Templates]

14/07/2009  01:53    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]

14/07/2009  01:53    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]

               0 arquivo(s)              0 bytes

 Pasta de C:\ProgramData\Microsoft\Windows\Start Menu

12/04/2013  15:34    <JUNCTION>     Programas [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]

               0 arquivo(s)              0 bytes

 Pasta de C:\Users

14/07/2009  01:53    <SYMLINKD>     All Users [C:\ProgramData]

14/07/2009  01:53    <JUNCTION>     Default User [C:\Users\Default]

12/04/2013  15:34    <SYMLINKD>     Todos os Usu rios [C:\ProgramData]

12/04/2013  15:34    <JUNCTION>     Usu rio PadrÆo [C:\Users\Default]

               0 arquivo(s)              0 bytes

 Pasta de C:\Users\All Users

14/07/2009  01:53    <JUNCTION>     Application Data [C:\ProgramData]

12/04/2013  15:34    <JUNCTION>     Dados de aplicativos [C:\ProgramData]

14/07/2009  01:53    <JUNCTION>     Desktop [C:\Users\Public\Desktop]

12/04/2013  15:34    <JUNCTION>     Documentos [C:\Users\Public\Documents]

14/07/2009  01:53    <JUNCTION>     Documents [C:\Users\Public\Documents]

14/07/2009  01:53    <JUNCTION>     Favorites [C:\Users\Public\Favorites]

12/04/2013  15:34    <JUNCTION>     Favoritos [C:\Users\Public\Favorites]

12/04/2013  15:34    <JUNCTION>     Menu Iniciar [C:\ProgramData\Microsoft\Windows\Start Menu]

12/04/2013  15:34    <JUNCTION>     Modelos [C:\ProgramData\Microsoft\Windows\Templates]

14/07/2009  01:53    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]

14/07/2009  01:53    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]

               0 arquivo(s)              0 bytes

 Pasta de C:\Users\All Users\Microsoft\Windows\Start Menu

12/04/2013  15:34    <JUNCTION>     Programas [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]

               0 arquivo(s)              0 bytes

 Pasta de C:\Users\Default

12/04/2013  15:34    <JUNCTION>     Ambiente de impressÆo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

12/04/2013  15:34    <JUNCTION>     Ambiente de rede [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

14/07/2009  01:53    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]

12/04/2013  15:34    <JUNCTION>     Configura‡äes locais [C:\Users\Default\AppData\Local]

14/07/2009  01:53    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]

12/04/2013  15:34    <JUNCTION>     Dados de aplicativos [C:\Users\Default\AppData\Roaming]

14/07/2009  01:53    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]

12/04/2013  15:34    <JUNCTION>     Menu Iniciar [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]

12/04/2013  15:34    <JUNCTION>     Meus documentos [C:\Users\Default\Documents]

12/04/2013  15:34    <JUNCTION>     Modelos [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]

14/07/2009  01:53    <JUNCTION>     My Documents [C:\Users\Default\Documents]

14/07/2009  01:53    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

14/07/2009  01:53    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

14/07/2009  01:53    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]

14/07/2009  01:53    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]

14/07/2009  01:53    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]

14/07/2009  01:53    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]

               0 arquivo(s)              0 bytes

 Pasta de C:\Users\Default\AppData\Local

14/07/2009  01:53    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]

12/04/2013  15:34    <JUNCTION>     Dados de aplicativos [C:\Users\Default\AppData\Local]

14/07/2009  01:53    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]

12/04/2013  15:34    <JUNCTION>     Hist¢rico [C:\Users\Default\AppData\Local\Microsoft\Windows\History]

14/07/2009  01:53    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]

               0 arquivo(s)              0 bytes

 Pasta de C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu

12/04/2013  15:34    <JUNCTION>     Programas [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]

               0 arquivo(s)              0 bytes

 Pasta de C:\Users\Default\Documents

12/04/2013  15:34    <JUNCTION>     Meus v¡deos [C:\Users\Default\Videos]

12/04/2013  15:34    <JUNCTION>     Minhas imagens [C:\Users\Default\Pictures]

12/04/2013  15:34    <JUNCTION>     Minhas m£sicas [C:\Users\Default\Music]

14/07/2009  01:53    <JUNCTION>     My Music [C:\Users\Default\Music]

14/07/2009  01:53    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]

14/07/2009  01:53    <JUNCTION>     My Videos [C:\Users\Default\Videos]

               0 arquivo(s)              0 bytes

 Pasta de C:\Users\Junior

12/04/2013  15:34    <JUNCTION>     Ambiente de impressÆo [C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

12/04/2013  15:34    <JUNCTION>     Ambiente de rede [C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

12/04/2013  15:34    <JUNCTION>     Configura‡äes locais [C:\Users\Junior\AppData\Local]

12/04/2013  15:34    <JUNCTION>     Cookies [C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Cookies]

12/04/2013  15:34    <JUNCTION>     Dados de aplicativos [C:\Users\Junior\AppData\Roaming]

12/04/2013  15:34    <JUNCTION>     Menu Iniciar [C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu]

12/04/2013  15:34    <JUNCTION>     Meus documentos [C:\Users\Junior\Documents]

12/04/2013  15:34    <JUNCTION>     Modelos [C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Templates]

12/04/2013  15:34    <JUNCTION>     Recent [C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Recent]

12/04/2013  15:34    <JUNCTION>     SendTo [C:\Users\Junior\AppData\Roaming\Microsoft\Windows\SendTo]

               0 arquivo(s)              0 bytes

 Pasta de C:\Users\Junior\AppData\Local

12/04/2013  15:34    <JUNCTION>     Dados de aplicativos [C:\Users\Junior\AppData\Local]

12/04/2013  15:34    <JUNCTION>     Hist¢rico [C:\Users\Junior\AppData\Local\Microsoft\Windows\History]

12/04/2013  15:34    <JUNCTION>     Temporary Internet Files [C:\Users\Junior\AppData\Local\Microsoft\Windows\Temporary Internet Files]

               0 arquivo(s)              0 bytes

 Pasta de C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu

12/04/2013  15:34    <JUNCTION>     Programas [C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]

               0 arquivo(s)              0 bytes

 Pasta de C:\Users\Junior\Documents

12/04/2013  15:34    <JUNCTION>     Meus v¡deos [C:\Users\Junior\Videos]

12/04/2013  15:34    <JUNCTION>     Minhas imagens [C:\Users\Junior\Pictures]

12/04/2013  15:34    <JUNCTION>     Minhas m£sicas [C:\Users\Junior\Music]

               0 arquivo(s)              0 bytes

 Pasta de C:\Users\Public\Documents

12/04/2013  15:34    <JUNCTION>     Meus v¡deos [C:\Users\Public\Videos]

12/04/2013  15:34    <JUNCTION>     Minhas imagens [C:\Users\Public\Pictures]

12/04/2013  15:34    <JUNCTION>     Minhas m£sicas [C:\Users\Public\Music]

14/07/2009  01:53    <JUNCTION>     My Music [C:\Users\Public\Music]

14/07/2009  01:53    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]

14/07/2009  01:53    <JUNCTION>     My Videos [C:\Users\Public\Videos]

               0 arquivo(s)              0 bytes

 Pasta de C:\Users\Todos os Usu rios

14/07/2009  01:53    <JUNCTION>     Application Data [C:\ProgramData]

12/04/2013  15:34    <JUNCTION>     Dados de aplicativos [C:\ProgramData]

14/07/2009  01:53    <JUNCTION>     Desktop [C:\Users\Public\Desktop]

12/04/2013  15:34    <JUNCTION>     Documentos [C:\Users\Public\Documents]

14/07/2009  01:53    <JUNCTION>     Documents [C:\Users\Public\Documents]

14/07/2009  01:53    <JUNCTION>     Favorites [C:\Users\Public\Favorites]

12/04/2013  15:34    <JUNCTION>     Favoritos [C:\Users\Public\Favorites]

12/04/2013  15:34    <JUNCTION>     Menu Iniciar [C:\ProgramData\Microsoft\Windows\Start Menu]

12/04/2013  15:34    <JUNCTION>     Modelos [C:\ProgramData\Microsoft\Windows\Templates]

14/07/2009  01:53    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]

14/07/2009  01:53    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]

               0 arquivo(s)              0 bytes

 Pasta de C:\Users\Todos os Usu rios\Microsoft\Windows\Start Menu

12/04/2013  15:34    <JUNCTION>     Programas [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]

               0 arquivo(s)              0 bytes

     Total de Arquivos na Lista:

               0 arquivo(s)              0 bytes

              97 pasta(s)   23.078.260.736 bytes dispon¡veis

 

< MD5 for: SERVICES  >

[2009/06/10 18:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services

[2009/06/10 18:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

 

< MD5 for: SERVICES.ASFX  >

[2012/09/23 20:43:52 | 000,002,588 | ---- | M] () MD5=0D18AE3100D7B9D49DCB1CE1EABA21F7 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\pt_BR\Services\Services.asfx

 

< MD5 for: SERVICES.CFG  >

[2013/05/11 07:37:26 | 000,558,990 | ---- | M] () MD5=FE8FB005031C2574E990DAC1F9F5ACF8 -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg

 

< MD5 for: SERVICES.DAT  >

[2013/04/22 00:04:55 | 000,001,720 | ---- | M] () MD5=43C1700D78D89F0B1F6FA88FD132BE1A -- C:\JRT\services.dat

 

< MD5 for: SERVICES.EXE  >

[2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe

[2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

 

< MD5 for: SERVICES.EXE.MUI  >

[2009/07/13 23:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui

[2009/07/13 23:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

[2009/07/29 15:45:13 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=DF8309CE62330C8D8AFBAA936531DA93 -- C:\Windows\System32\pt-BR\services.exe.mui

[2009/07/29 15:45:13 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=DF8309CE62330C8D8AFBAA936531DA93 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6b6fd3bef3fcc0d1\services.exe.mui

 

< MD5 for: SERVICES.LNK  >

[2009/07/14 01:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

[2009/07/14 01:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

[2009/07/14 01:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

 

< MD5 for: SERVICES.MOF  >

[2009/06/10 18:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof

[2009/06/10 18:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

 

< MD5 for: SERVICES.MSC  >

[2009/07/13 23:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc

[2009/06/10 18:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc

[2009/07/13 23:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc

[2009/06/10 18:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

[2009/07/29 15:45:12 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\System32\pt-BR\services.msc

[2009/07/29 15:45:12 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a5b1a3aaca665ac4\services.msc

 

< MD5 for: SERVICES.PTXML  >

[2009/07/13 17:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml

[2009/07/13 17:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

 

< End of report >

 

Extras.Txt

Share this post


Link to post
Share on other sites

Faça o download do MiniRegTool e salve no seu desktop.
http://download.blee...MiniRegTool.zip

*** Usuários do Windows Vista ou Windows 7 Clique com o direito sobre o arquivo MiniRegTool.exe, depois clique em execadmin.png.

Entre na pasta MiniRegTool que foi criada e dê um duplo-clique no 2a4wmyh.png MiniRegTool.exe.

Marque a opção Search e deixe as checkboxes marcadas como na imagem:

352ixx3.png

Selecione e copie o texto em negrito:

portaldosites

 

Clique em qualquer lugar da caixa branca do MiniRegTool e em seguida clique em Colar.

Clique em a0vseh.png. Aguarde até abrir um bloco de notas com informações.

Este log é salvo na pasta MiniRegTool com o nome de Result.txt.

Selecione, copie e cole o seu conteúdo na sua próxima resposta.

Share this post


Link to post
Share on other sites
MiniRegTool by Farbar Version:29-11-2012

Ran by Junior (administrator) on 2013-06-03 at 00:35:31

 

==========================================

Search Result For: "portaldosites"

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-966216754-1057593224-3074052687-1000\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD800BB-22JHC0_WD-WMAM9S87246272462&ts=1368282424]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-966216754-1057593224-3074052687-1000\Software\Avast Software\WRC\RatingStorage\portaldosites.com]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-966216754-1057593224-3074052687-1000\Software\Avast Software\WRCv2\UrlInfo]

"http://www.portaldosites.com/uninstall.html"="0xBCD7A45100000000010000000A0318A03812070802100218D80422022000"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-966216754-1057593224-3074052687-1000\Software\Avast Software\WRCv2\UrlInfo]

"http://www.portaldosites.com/"="0xE1D7A45100000000010000000A0318A03812070802100218D80422022000"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-966216754-1057593224-3074052687-1000\Software\Avast Software\WRCv2\UrlInfo]


[HKEY_USERS\S-1-5-21-966216754-1057593224-3074052687-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-966216754-1057593224-3074052687-1000\Software\Avast Software\WRC\RatingStorage\<|prefix|>http://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD800BB-22JHC0_WD-WMAM9S87246272462&ts=1368282424]

[HKEY_USERS\S-1-5-21-966216754-1057593224-3074052687-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-966216754-1057593224-3074052687-1000\Software\Avast Software\WRC\RatingStorage\portaldosites.com]

[HKEY_USERS\S-1-5-21-966216754-1057593224-3074052687-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-966216754-1057593224-3074052687-1000\Software\Avast Software\WRCv2\UrlInfo]

"http://www.portaldosites.com/uninstall.html"="0xBCD7A45100000000010000000A0318A03812070802100218D80422022000"

[HKEY_USERS\S-1-5-21-966216754-1057593224-3074052687-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-966216754-1057593224-3074052687-1000\Software\Avast Software\WRCv2\UrlInfo]

"http://www.portaldosites.com/"="0xE1D7A45100000000010000000A0318A03812070802100218D80422022000"

[HKEY_USERS\S-1-5-21-966216754-1057593224-3074052687-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-966216754-1057593224-3074052687-1000\Software\Avast Software\WRCv2\UrlInfo]


 

==== End of Search ====

Share this post


Link to post
Share on other sites

Ok,

1)

Selecione estas linhas dentro do CODE, clique com o direito sobre a seleção e escolha a opção copiar

OBS: Certifique-se de copiar começando pela letra e sinal de dois pontos ": O" de OTL.
 

:OTL
CHR - homepage: http://www.v9.com/?u...&utm_medium=sof
O2 - BHO: (no name) - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - No CLSID value found.
O9 - Extra Button: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - Reg Error: Key error. File not found
[2013/06/02 00:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/05/11 12:24:18 | 000,000,000 | ---D | C] -- C:\Users\Junior\AppData\Roaming\Omiga Plus
[2013/04/24 21:48:49 | 000,152,880 | R--- | C] (360.cn) -- C:\Windows\System32\drivers\360FileOem.sys
[2013/04/24 21:48:46 | 000,064,048 | R--- | C] (360安全中心) -- C:\Windows\System32\drivers\360SpOEM.sys
[2013/04/24 21:48:45 | 000,029,744 | R--- | C] (360安全中心) -- C:\Windows\System32\drivers\360RegOem.sys
[2013/04/24 21:48:09 | 000,061,488 | R--- | C] (360安全中心) -- C:\Windows\System32\drivers\360HookOem.sys
[2013/04/24 21:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\PSafe
[2013/05/26 23:06:11 | 000,000,058 | ---- | M] () -- C:\Users\Junior\AppData\Roaming\id
[2013/04/16 20:48:41 | 000,003,514 | ---- | M] () -- C:\Windows\system32\tasks\DealPly
[2013/05/11 11:28:50 | 000,003,376 | ---- | M] () -- C:\Windows\system32\tasks\Desk 365 RunAsStdUser

:Files
ipconfig /flushdns /c
Type C:\Windows\system32\tasks\{9D972B00-FD5F-4C42-B6FF-6A97AB6266A6} /c

:Commands
[createrestorepoint]
[purity]
[emptytemp]

Execute o OTL.exe

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).
Clique no botão BotaoConsertar.png

O programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

2)

Poste um novo log do HijackThis.

Share this post


Link to post
Share on other sites
All processes killed
========== OTL ==========
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}\ not found.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Cache folder moved successfully.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38} folder moved successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache folder moved successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} folder moved successfully.
C:\ProgramData\Tarma Installer folder moved successfully.
C:\Users\Junior\AppData\Roaming\Omiga Plus\wp folder moved successfully.
C:\Users\Junior\AppData\Roaming\Omiga Plus\sysicons folder moved successfully.
C:\Users\Junior\AppData\Roaming\Omiga Plus\icons folder moved successfully.
C:\Users\Junior\AppData\Roaming\Omiga Plus folder moved successfully.
C:\Windows\System32\drivers\360FileOem.sys moved successfully.
C:\Windows\System32\drivers\360SpOEM.sys moved successfully.
C:\Windows\System32\drivers\360RegOem.sys moved successfully.
C:\Windows\System32\drivers\360HookOem.sys moved successfully.
C:\ProgramData\PSafe\logs folder moved successfully.
C:\ProgramData\PSafe folder moved successfully.
C:\Users\Junior\AppData\Roaming\id moved successfully.
C:\Windows\System32\Tasks\DealPly moved successfully.
C:\Windows\System32\Tasks\Desk 365 RunAsStdUser moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Configura‡Æo de IP do Windows
Libera‡Æo do Cache do DNS Resolver bem-sucedida.
C:\Users\Junior\Desktop\cmd.bat deleted successfully.
C:\Users\Junior\Desktop\cmd.txt deleted successfully.
< Type C:\Windows\system32\tasks\{9D972B00-FD5F-4C42-B6FF-6A97AB6266A6} /c >
<?xml version="1.0" encoding="UTF-16"?>
  <RegistrationInfo />
  <Triggers>
    <RegistrationTrigger>
      <Enabled>true</Enabled>
    </RegistrationTrigger>
  </Triggers>
  <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
      <Duration>PT10M</Duration>
      <WaitTimeout>PT1H</WaitTimeout>
      <StopOnIdleEnd>true</StopOnIdleEnd>
      <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
  </Settings>
  <Actions Context="Author">
    <Exec>
      <Command>C:\Windows\system32\pcalua.exe</Command>
      <Arguments>-a C:\Users\Junior\Desktop\JRT.exe -d C:\Users\Junior\Desktop</Arguments>
    </Exec>
  </Actions>
  <Principals>
    <Principal id="Author">
      <UserId>Junior-PC\Junior</UserId>
      <LogonType>InteractiveToken</LogonType>
      <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
  </Principals>
</Task>
C:\Users\Junior\Desktop\cmd.bat deleted successfully.
C:\Users\Junior\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Junior
->Temp folder emptied: 45220748 bytes
->Temporary Internet Files folder emptied: 9722494 bytes
->Java cache emptied: 707794 bytes
->Google Chrome cache emptied: 261901116 bytes
->Flash cache emptied: 492 bytes
 
User: Public
 
User: Todos os Usuários
 
User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12140 bytes
RecycleBin emptied: 274877 bytes
 
Total Files Cleaned = 303,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06042013_195650
 
Files\Folders moved on Reboot...
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...

Não entendi muito bem o que é para fazer exatamente no item 2, que diz o seguinte : 2) Poste um novo log do HijackThis. Eu executo-o e posto o log depois? 

Share this post


Link to post
Share on other sites

 

Não entendi muito bem o que é para fazer exatamente no item 2, que diz o seguinte : 2) Poste um novo log do HijackThis. Eu executo-o e posto o log depois?

 

Sim. execute o programa novamente e poste o log gerado.

Share this post


Link to post
Share on other sites

Conforme solicitado. 

 

Logfile of HijackThis v1.99.1
Scan saved at 20:23:53, on 05/06/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v10.0 (10.00.9200.16576)
 
Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Junior\AppData\Roaming\WebCake\WebCakeDesktop.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Users\Junior\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\System32\slui.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Junior\Desktop\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: WebCake Layers - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files\WebCake\WebCakeIEClient.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Junior\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Google Update] "C:\Users\Junior\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [dmn] regsvr32 /s "C:\Users\Junior\AppData\Roaming\JUNIOR-PC.jpg" 
O4 - HKCU\..\Run: [WebCake Desktop] "C:\Users\Junior\AppData\Roaming\WebCake\WebCakeDesktop.exe"
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [iNTERNATIONAL] International
O13 - Gopher Prefix: 
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: WebCake Desktop Updater - Unknown owner - C:\Program Files\WebCake\WebCakeDesktop.Updater.exe" "C:\Users\Junior\AppData\Roaming\WebCake\WebCakeDesktop.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Share this post


Link to post
Share on other sites

Ok,

 

Desative seu antivírus, antispyware e firewall, para não causar conflitos.

Baixe o Dr.Web CureIt!

O programa será baixado automaticamente. Salve-o na sua Área de Trabalho.

  • Dê um duplo clique sobre o arquivo drweb-cureit.exe, e clique em Executar na janela de aviso de segurança.
  • O Dr.Web será iniciado no Enhanced Protection Mode (EPM). Dê o Cancel para que seja executado no modo normal.
  • Marque a caixa que permite o envio de estatísticas, e clique em Continue.
  • Clique no botão 2iqy61j.png, e clique em Portuguese.
  • Clique no botão bjbceu.jpg, e clique em Definições
  • Clique em Registro e em Especificar o nivel de registro deixe em Mínimo e clique em OK.
    23utt9v.png
  • Clique em Select objects for scanning, embaixo do botão Iniciar Exame
  • Clique em click para selecionar, marque a caixa My computer, depois clique em Ok.
  • Clique na caixa ao lado de Objetos Examinados, e em seguida em nnscja.png

O scan pode demorar, tenha paciência.



  • Se o programa pedir para reiniciar o computador durante a remoção, reinicie e aguarde para que ele termine de neutralizar as ameaças após o reboot.
  • Ao término da varredura, clique no botão 359jt09.png, caso tenham sido encontradas ameaças.
  • Clique em Open Report.
  • Será aberta uma janela do bloco de notas contendo informações. Selecione seu conteúdo, clique com o botão direito sobre a seleção e escolha Copiar. Cole o conteúdo na próxima resposta.

Poste também um novo log do HijackThis.

Share this post


Link to post
Share on other sites

Estou tentando colar o log do Dr. Web Cureit mas não estou conseguindo. Tentei anexar, mas não consegui fazer o upload porque o arquivo é muito grande. Como posso enviar?

Share this post


Link to post
Share on other sites

Estou tentando colar o log do Dr. Web Cureit mas não estou conseguindo. Tentei anexar, mas não consegui fazer o upload porque o arquivo é muito grande. Como posso enviar?

 

Tente zipar o log. Caso o tamanho ultrapasse o permitido, divida o log em duas repostas.

Share this post


Link to post
Share on other sites

Zipado:

 

 


Log do  HijackThis. 

 

Logfile of HijackThis v1.99.1

Scan saved at 20:53:33, on 09/06/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v10.0 (10.00.9200.16576)
 
Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Junior\AppData\Roaming\WebCake\WebCakeDesktop.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Users\Junior\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\slui.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Junior\Desktop\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Junior\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Google Update] "C:\Users\Junior\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [dmn] regsvr32 /s "C:\Users\Junior\AppData\Roaming\JUNIOR-PC.jpg" 
O4 - HKCU\..\Run: [WebCake Desktop] "C:\Users\Junior\AppData\Roaming\WebCake\WebCakeDesktop.exe"
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [iNTERNATIONAL] International
O13 - Gopher Prefix: 
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: WebCake Desktop Updater - Unknown owner - C:\Program Files\WebCake\WebCakeDesktop.Updater.exe" "C:\Users\Junior\AppData\Roaming\WebCake\WebCakeDesktop.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

cureit.rar

Share this post


Link to post
Share on other sites

Rapaz, tá tudo funcionando direitinho. O pc está até mais rápido. Nem sei como te agradecer viu! 'Brigadão msm fera! Um abração!

Share this post


Link to post
Share on other sites

Ok,
 
Os logs estão limpos. :)

Para finalizar:

  • Execute o OTL.exe

    Clique no botão Botao_Limpeza_OTL.png.
  • iconjava.png Atualize o Java. Versões antigas têm vunerabilidades que alguns malwares podem usar para infectar seu sistema.
    • Faça download da última versão do Java SE 7u21.
    • Clique em JRE Download
    • Marque a caixa Accept License Agreement..
    • Clique no link para download Windows x86 Offline 30.2 MB jre-7u21-windows-i586.exe e salve no seu desktop.
    • Feche qualquer programa que esteja executando, especialmente navegadores.
    • Vá em Iniciar > Painel de Controle duplo clique em Adicionar ou Remover Programas e remova todas as versões antigas do Java.
      Exemplos de versões antigas
      Java 2 Runtime Environment, SE v1.4.2
      J2SE Runtime Environment 5.0
      J2SE Runtime Environment 5.0 Update 6
    • Selecione qualquer item com nome Java Runtime Environment (JRE ou J2SE).
    • Clique no botão Remover ou Alterar/Remover.
    • Repita quantas vezes for necessária para remover cada versão do Java.
    • Reincie seu computador uma vez que todas as versões do Java tenham sido removidas.
    • Agora vá no seu desktop, clique duas vezes em jre-7u21-windows-i586.exe para instalar a mais nova versão.
    • ATENÇÃO: Desmarque a caixa de instalação da ASK Toolbar.
  • iconadobe.png  Atualize o Adobe Reader. Versões antigas têm vulnerabilidades que são exploradas por malwares.

    Clique aqui e instale a mais nova versão.
  • iconflash.png Mantenha o Flash Player atualizado. Versões antigas também têm vulnerabilidades que são exploradas por malwares. Clique aqui e instale a mais nova versão.
  • worm.pngWorms USB (vírus de pendrive) podem infectar qualquer tipo de dispositivo de armazenamento removível (pendrives, mp3, mp4, celulares, cartões de memória, câmeras fotográficas). Este tipo de malware explora um recurso nativo do Windows chamado Autorun, ou Autoplay (é aquele assistente que aparece quando você insere um cd ou pendrive, perguntando com qual programa você deseja abri-lo). O Autoplay precisa de um arquivo chamado autorun.inf para funcionar.

    Mantenha um cópia limpa e protegida do arquivo autorun.inf em todos os dispositivos removíveis e em todas as unidades do sistema. Deste modo, se acaso você plugar o seu pendrive em algum pc infectado, o malware não vai conseguir sobreescrever o arquivo pré-existente. Mas ainda assim ele poderá copiar seus executáveis maliciosos para o pendrive, tais como .EXE, .SCR, .CMD, .PIF, .BAT, .COM.
    Se você plugar este pendrive em uma máquina limpa e executar algum desses arquivos maliciosos, esse sistema será infectado da mesma forma. Portanto, tenha cuidado e use o bom senso.

    Para criar um arquivo autorun.inf protegido no Windows XP:

    Faça o download do Flash_Disinfector.exe e salve na sua área de trabalho.
    • Conecte todos os dispositivos de armazenamento removível nas portas USBs. Salve o que achar necessário, EXCETO arquivos executáveis, depois formate as mídias, indo em Meu Computador e clicando com o direito sobre a unidade da mídia, escolhendo a opção "Formatar"
    • Execute o Flash_Disinfector.exe.
    • Vá seguindo os prompts que poderão aparecer.
    • Espere até que o programa conclua a busca e depois saia do programa.
    Para Windows Vista e 7: Panda USB Vaccine
  • TFC_icon.pngPara manutenção de sistema, remoção de arquivos temporários e inválidos, baixe TFC, by OldTimer.

    Feche TODOS os programas e execute o TFC. Clique no botão Start e aguarde. Sua área de trabalho irá desaparecer, não se preocupe, isso faz parte do processo.

    Tenha paciência, conforme a quantidade de dados a serem excluídos, o processo pode demorar mais de 2 minutos.

    Quando terminar, você será solicitado a reiniciar seu computador. REINICIE.

    Caso não lhe seja solicitado, reinicie manualmente.
  • iconwu.pngVisite o Windows Update regularmente e verifique por atualizações.
    Novas brechas de segurança são descobertas com freqüência. Muitos malwares exploram essas brechas, infectando sistemas sem depender de nenhuma ação do usuário. A Microsoft corrige essas brechas através das atualizações.
    Por isso é fundamental manter o seu sistema atualizado.
  • Desative e ative novamente a Restauração do Sistema.
  • Aprenda alguns cuidados e dicas para manter seu computador limpo. Leia o artigo Proteja seu pc:
    http://linhadefensiv...proteja-seu-pc/
  • Se não há mais nenhum problema relacionado a malwares, clique no botão denunld.png e peça para fecharem seu tópico.

Se você tiver alguma dúvida relacionada a informática e tecnologia, sinta-se à vontade para postar em qualquer área do forum Linha Defensiva.

Abraço. :legal:

Share this post


Link to post
Share on other sites

Baixei o Flash_Disinfector.exe mas o mesmo não está executando. Tentei baixar o Panda Usb Vaccine mas o download não é feito. Só consegui baixar o TFC. 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Similar Content

    • By kellvin marques
      Olá! Sou novo no fórum, estou tendo vários problemas com o meu pc por causa de virus.
      Primeiro conectei um pen drive no computador e o avaste fica acusando vírus o tempo todo, já apaguei tudo mas mesmo assim fica acusando, já tentei executar
      diversos programas de limpeza sitados aqui em outros tópicos mas nada funciona, já tentei fazer vários procedimentos de limpeza com programas como malwarebytes, PenClean, AdwCleaner, ComboFix mas nada adiantou
      esses programas na verdade nenhum executa, todos da um erro (imagem em anexo do erro) que também já vi outros usuários sitando eles aqui!
          O que fazer, me ajudem!
        Desde já agradeço e peço desculpas se infringi alguma regra do fórum...
       
        Aguardandoooo...
       
       

    • By Wellington Junior Camargo
      Não consigo acessar alguns sites, inclusive meu hotmail, mas outros abrem normalmente. Estou tentando salvar arquivos de texto do open office e sempre aparece a mensagem e diz "a estrutura do disco está corrompida e ilegível" Tentei executar o za scan e o mbr mas não consegui. 
    • By Ana Paula Vieira
      meu netbook está muitooo lento. Além disso, abre páginas da Internet 12334...
      Desliga sozinho, informando que houve um erro no sistema. E agora não estou conseguindo acessar a Internet porque dá erro de certificado da página, mesmo a hora e a data estando corretas. O antivírus acusa que uma ameaça foi detectada, mas mesmo escaneando não consigo resolver e nem atualizar para o Windows 10. Por favor, me ajudem!!!
    • By MegaStation
      Olá, estou com um problema muito ruim no meu chrome, uma tal de play-bar.net, fica uma barra de pesquisa que vai direto pro play-bar.net quando pesquisado, como nessa imagem: http://imgur.com/0LNxVar além de abrir pop-ups do nada em qualquer tipo de site como o youtube que não tem esse tipo de propaganda, já tentei usar malwarebytes, adwcleaner, ccleaner, spyhunter 4, mas nenhum encontrou nada, não sei mais o que fazer, alguém pode me ajudar?
    • By fharlang
      Olá, meus amigos. Caso eu tenha criado o tópico no lugar errado, me perdoem. Tentei clicar em "Removação de Malware", mas a opção mostrava-se fechada. Agradeço a colaboração de todos no fórum deste site que foi recomendado pela minha namorada. Vamos lá. Comprei um computador novinho, não faz nem uma semana e já o impregnei de vírus na instalação do cliente do TeamSpeak 3. Tentei ler com atenção todos os tópicos do instalador, mas com certeza algum passou despercebido, ocasionando este desastre. Gostaria de acessar os prints que tirei mostrando os devidos vírus para listá-los aqui, mas quando tento abrir uma imagem fala "Este aplicativo não pode ser aberto pelo administrador interno", como faço pra resolver isso? Tem alguma coisa a ver com os vírus que foram infestados no PC? 

      Eu uso no McAfee no meu computador, foi ele que acusou os possíveis vírus no sistema. Quando percebi que cada vez que eu iniciava o sistema, uma nova instalação (aparentemente oculta) era efetuada. No desespero, instalei o SpyHunter 4 para visualizar melhor os vírus: foi identificado aproximadamente 300 malwares no sistema (até mais), e então, resolvi tirar os tais prints que mencionei acima para mostrar à vocês. Gostaria de eliminar qualquer vestígio deles e entender o motivo de eu não conseguir acessar alguns aplicativos por conta do "administrador interno". 

      Obrigado pela ajuda, amigos.
      ZA-Scan.txt
      FSS.txt
      MbrScan.log
       




  • Recently Browsing   0 members

    No registered users viewing this page.