Ir para conteúdo

Foto

Omiga Plus e Winzipper


Este tópico foi arquivado. Isto significa que você não pode mais responder ao tópico.
16 respostas neste tópico

#1
Jean Rodrigo

Jean Rodrigo

    Novato

  • Novato
  • Pip
  • 8 posts

Esses programas entraram em meu computador e e mudaram a página inicial, algumas outras coisas e afetaram a velocidade do computador. Preciso dizer que tentei excluí-los através de algumas ferramentas, então não sei se isso já me incluiria na regra 8 de vocês, mas se puderem me ajudar mesmo assim, ficaria agradecido.

Arquivo(s) anexado(s)



#2
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.786 posts

Jean Rodrigo,

 

Por favor, observe o seguinte:

  • NÃO tente realizar sozinho nenhum procedimento de limpeza. Em especial, não execute por conta própria ferramentas utilizadas no fórum Remoção de Malware. O uso indevido de algumas ferramentas poderá danificar o seu computador ou, no mínimo, remover parcialmente os sinais de uma infecção que serviriam de informação ao analista. A equipe não será responsabilizada por consequências resultantes de uso indevido e/ou não-informado das ferramentas. - Regra nº8 da Remoção de Malwares
  • Não inicie novo tópico sobre esse problema. Poste suas respostas sempre neste tópico.
  • Clique em button_seguir.png (se localiza no canto superior direito do post principal) para que receba notificação por e-mail quando o mesmo for respondido. Você também pode verificar os tópicos assinados usando a opção Conteúdo que sigo acessível através do Painel de Controle do fórum.
  • As análises podem levar algum tempo, portanto seja paciente.
  • As instruções são específicas para o seu computador, e devem ser aplicadas somente nele.
  • Se algo der errado, não importa. Sempre acompanhe seu tópico, informando-me dos resultados, até que seu computador esteja limpo.
  • Aviso: Evite utilizar as tags <QUOTE> ou <CODE> nos logs, isso prejudica a leitura na hora da analise.
  • Não abandone seu tópico. Para nós é importante saber se a remoção foi bem sucedida.
  • Se você não receber uma resposta minha em até 5 dias. Me envie uma MP

Execute os procedimentos abaixo.

1)

Baixe o AdwCleaner e salve no desktop.
http://general-chang...de/2-adwcleaner

Execute o arquivo adwcleaner.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo adwcleaner.exe, depois clique em execadmin.png.

Clique em Remover.

Abrirá um bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.

2)

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe 1268r49.png e salve no desktop. Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

* No Windows Vista e Windows 7:

Clique com o direito sobre o JRT.exe e selecione run_as_adm1.png

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

3)

Baixe o Malwarebytes' Anti-Malware (MBAM)
http://download.cnet...4-10804572.html

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  • Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  • Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  • Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Em caso de dúvidas, leia o tutorial do programa:
http://linhadefensiv...showtopic=75554



#3
Jean Rodrigo

Jean Rodrigo

    Novato

  • Novato
  • Pip
  • 8 posts
Aí vão os resultados.

# AdwCleaner v2.301 - Relatório criado em 04/06/2013 às 11:44:11
# Atualizado em 16/05/2013 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : Sergio Miguel - USUARIO-FUEVY1P
# Modo de Boot : Normal
# Executado de : C:\Documents and Settings\Sergio Miguel\Desktop\adwcleaner.exe
# Opção [Remover]
 
 
***** [Serviços] *****
 
 
***** [Arquivos/Pastas] *****
 
Pasta Removido : C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\337
Pasta Removido : C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\DealPly
 
***** [Registro] *****
 
Chave Removida : HKCU\Software\DealPly
Chave Removida : HKCU\Software\InstallCore
Chave Removida : HKLM\Software\DealPly
 
***** [Navegadores] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
[OK] Registro está limpo.
 
-\\ Mozilla Firefox v [Impossível ler a versão]
 
Arquivo : C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Mozilla\Firefox\Profiles\3k4wfgxr.default\prefs.js
 
[OK] Arquivo está limpo.
 
-\\ Google Chrome v27.0.1453.94
 
Arquivo : C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences
 
[OK] Arquivo está limpo.
 
*************************
 
AdwCleaner[S1].txt - [75130 octets] - [01/06/2013 21:48:35]
AdwCleaner[S2].txt - [1330 octets] - [04/06/2013 11:44:11]
 
########## EOF - C:\AdwCleaner[S2].txt - [1390 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Sergio Miguel on ter 04/06/2013 at 12:10:40,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ter 04/06/2013 at 12:13:23,88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Versão da Base de Dados:  v2013.06.04.05
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Sergio Miguel :: USUARIO-FUEVY1P [administrador]
 
Proteção: Não permitir
 
4/6/2013 12:19:17
mbam-log-2013-06-04 (12-19-17).txt
 
Tipo de Verificação:  Verificação Rápida 
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados:  227313
Tempo decorrido: 8 minuto(s), 37 segundo(s)
 
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
 
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
 
Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Itens de Dados no Registro Detectadas: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Ruim: (1) Bom: (0) -> Enviado para a Quarentena e reparado com sucesso.
 
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Arquivos Detectados: 0
(Não foram detectados ítens maliciosos)
 
(fim)
 


#4
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.786 posts

Faça o download do OTL by OldTimer, e salve na sua área de trabalho:
http://oldtimer.geekstogo.com/OTL.exe

** Usuários do Windows Vista e Windows 7/8:
Clique com o direito sobre o arquivo OTL.exe, depois clique em execadmin.png
.

Onde diz Saída, marque Padrão
Marque também estas opções:

  • Data de Criação -> mude para 90 dias
  • Verificar All Users
  • Usar WhiteList para Nomes de Companhias.

  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

 

CREATERESTOREPOINT
netsvcs
%SYSTEMDRIVE%\*.*
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%PROGRAMFILES%\*.*
%userprofile%\configurações locais\dados de aplicativos\*.exe
%userprofile%\configurações locais\dados de aplicativos\*.txt
%userprofile%\configurações locais\dados de aplicativos\*.ini
%userprofile%\configurações locais\dados de aplicativos\*.dat /30
%userprofile%\configurações locais\dados de aplicativos\*.dll
%userprofile%\*.exe
%userprofile%\*.txt
%userprofile%\*.ini
%userprofile%\*.dat /30
%userprofile%\*.dll
%appdata%\*.*
%windir%\tasks\*.* /s
%PROGRAMFILES%\Internet Explorer\*.*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP
HKCU\Software\Microsoft\Internet Explorer\Downloads
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
/md5start
services.*
/md5stop

 

Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão verif.png

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt
Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.
Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.



#5
Jean Rodrigo

Jean Rodrigo

    Novato

  • Novato
  • Pip
  • 8 posts

Não apareceu nenhum Extra
 

OTL logfile created on: 5/6/2013 18:04:48 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Sergio Miguel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy
 
2,00 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 58,00% Memory free
3,85 Gb Paging File | 2,94 Gb Available in Paging File | 76,32% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 74,56 Gb Total Space | 11,35 Gb Free Space | 15,23% Space Free | Partition Type: NTFS
 
Computer Name: USUARIO-FUEVY1P | User Name: Sergio Miguel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/06/05 17:49:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sergio Miguel\Desktop\OTL.exe
PRC - [2013/06/01 21:34:53 | 000,424,104 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) -- C:\Arquivos de programas\WinZipper\winzipersvc.exe
PRC - [2013/06/01 21:34:31 | 000,420,008 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) -- C:\Arquivos de programas\Omiga Plus\omigaplusSvc.exe
PRC - [2013/05/23 02:44:09 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
PRC - [2013/05/22 05:49:54 | 001,618,280 | ---- | M] (Baidu, Inc.) -- C:\Arquivos de programas\Baidu Security\Cloud Security\BAVSvc.exe
PRC - [2013/05/19 20:03:36 | 000,567,720 | ---- | M] (Baidu Inc.) -- C:\Arquivos de programas\Baidu Security\PC Faster\3.2.0.29\PCFasterSvc.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/12 04:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Dropbox\bin\Dropbox.exe
PRC - [2013/02/27 16:38:44 | 001,259,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2012\avgnsx.exe
PRC - [2012/11/19 16:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2012\avgtray.exe
PRC - [2012/11/08 02:51:06 | 000,768,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2012\avgrsx.exe
PRC - [2012/11/02 02:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2012\avgidsagent.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/06/09 12:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jucheck.exe
PRC - [2011/06/09 12:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
PRC - [2008/04/13 23:20:58 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/01 09:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/01 09:21:30 | 000,271,920 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
PRC - [2007/06/01 09:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/03/30 15:45:12 | 000,500,224 | ---- | M] (LightComm) -- C:\WINDOWS\WinLogT.exe
PRC - [2005/09/14 20:44:14 | 000,065,536 | ---- | M] (ali) -- C:\Arquivos de programas\USB Disk Win98 Driver\Res.exe
PRC - [2005/04/15 08:01:46 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe
PRC - [2003/06/19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2003/01/16 11:32:40 | 000,049,152 | ---- | M] (Ruling Tec Pte Ltd) -- C:\Arquivos de programas\VibrateGameDeviceDriver\rfpicon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/06/01 21:34:54 | 000,612,520 | ---- | M] () -- C:\Arquivos de programas\WinZipper\sqlite3.dll
MOD - [2013/06/01 21:34:32 | 000,612,520 | ---- | M] () -- C:\Arquivos de programas\Omiga Plus\sqlite3.dll
MOD - [2013/05/23 02:44:07 | 000,393,168 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Google\Chrome\Application\27.0.1453.94\ppgooglenaclpluginchrome.dll
MOD - [2013/05/23 02:44:06 | 013,136,336 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
MOD - [2013/05/23 02:43:59 | 004,051,408 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Google\Chrome\Application\27.0.1453.94\pdf.dll
MOD - [2013/05/23 02:43:06 | 000,599,504 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Google\Chrome\Application\27.0.1453.94\libglesv2.dll
MOD - [2013/05/23 02:43:05 | 000,124,368 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Google\Chrome\Application\27.0.1453.94\libegl.dll
MOD - [2013/05/23 02:43:03 | 001,597,392 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll
MOD - [2013/04/17 06:59:06 | 000,532,328 | ---- | M] () -- C:\Arquivos de programas\Baidu Security\Cloud Security\sqlite.dll
MOD - [2009/02/27 18:49:12 | 000,311,296 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\pdfshell.PTB
MOD - [2008/04/13 23:20:33 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006/09/14 00:20:24 | 000,126,464 | ---- | M] () -- C:\Arquivos de programas\WinRAR\RarExt.dll
MOD - [2006/06/01 16:22:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe
MOD - [2001/10/29 01:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfmonnt.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/06/01 21:34:53 | 000,424,104 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) [Auto | Running] -- C:\Arquivos de programas\WinZipper\winzipersvc.exe -- (winzipersvc)
SRV - [2013/06/01 21:34:31 | 000,420,008 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) [Auto | Running] -- C:\Arquivos de programas\Omiga Plus\omigaplusSvc.exe -- (omigaplussvc)
SRV - [2013/05/22 05:49:54 | 001,618,280 | ---- | M] (Baidu, Inc.) [Auto | Running] -- C:\Arquivos de programas\Baidu Security\Cloud Security\BAVSvc.exe -- (BAVSvc)
SRV - [2013/05/19 20:03:36 | 000,567,720 | ---- | M] (Baidu Inc.) [Auto | Running] -- C:\Arquivos de programas\Baidu Security\PC Faster\3.2.0.29\PCFasterSvc.exe -- (PCFasterSvc_{PCFaster_3.2.0.29})
SRV - [2013/05/15 20:16:56 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/02 02:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Arquivos de programas\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Arquivos de programas\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010/12/04 22:42:21 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/06/01 09:21:30 | 000,271,920 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/10/26 12:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator)
SRV - [2003/06/19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\Video3D.sys -- (Video3D)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8139.SYS -- (rtl8139)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\PciCon.sys -- (PciCon)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\SERGIO~1\CONFIG~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\360HookOem.sys -- (360HookOem)
DRV - [2013/04/11 03:18:40 | 000,302,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/12/10 02:28:36 | 000,142,176 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/11/09 22:30:58 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/11/08 02:49:26 | 000,250,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2010/08/19 07:28:04 | 000,106,624 | R--- | M] (HUAWEI Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hwusbser.sys -- (hwmobile)
DRV - [2010/06/02 15:32:22 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/04/13 15:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/04/28 12:33:30 | 000,009,216 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\GF0003.sys -- (GF0003)
DRV - [2005/05/27 14:57:16 | 000,162,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.sys -- (PAC207)
DRV - [2005/04/19 07:40:52 | 002,317,504 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004/12/14 12:55:22 | 000,009,472 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2004/09/23 20:46:03 | 000,004,096 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\csinstdrv.sys -- (CS_INST_DRV)
DRV - [2004/09/12 09:45:28 | 000,008,320 | ---- | M] (Ruling Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DynCal.sys -- (DynCal)
DRV - [2004/07/23 20:07:10 | 000,028,857 | ---- | M] (Siemens Subscriber Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enethusb.sys -- (ENETHUSB)
DRV - [2004/04/25 20:29:54 | 000,921,682 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2003/12/31 08:58:46 | 000,069,504 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2001/08/17 19:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...h?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\..\SearchScopes\{19447F3E-9667-4D94-833A-2E7C3D57A158}: "URL" = http://buscador.terr...e=Search&query={searchTerms}&Image.x=24&Image.y=16
IE - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://br.search.yahoo.com/search?p={searchTerms}&fr=chr-iobit
IE - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = chasqueproxy.ufrgs.br:3128
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Arquivos de programas\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Arquivos de programas\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Arquivos de programas\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Arquivos de programas\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Arquivos de programas\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Arquivos de programas\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Arquivos de programas\AVG\AVG2012\Firefox4\ [2013/05/14 12:05:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\50ce5c1a4ef30@50ce5c1a4ef69.com: C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Mozilla\Firefox\Profiles\3k4wfgxr.default\extensions\50ce5c1a4ef30@50ce5c1a4ef69.com [2012/12/16 20:24:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Arquivos de programas\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/29 12:33:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\findlyrics@findlyrics.co: C:\Arquivos de programas\FindLyrics\FF\ [2013/06/04 12:15:50 | 000,000,000 | ---D | M]
 
[2009/10/25 16:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Mozilla\Extensions
[2013/06/01 21:49:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Mozilla\Firefox\Profiles\3k4wfgxr.default\extensions
[2009/10/25 16:09:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Mozilla\Firefox\Profiles\3k4wfgxr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/06/01 21:27:13 | 000,000,000 | ---D | M] ("Plus-HD-2.2") -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Mozilla\Firefox\Profiles\3k4wfgxr.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com
[2012/12/16 20:24:45 | 000,000,000 | ---D | M] (Zoomex) -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Mozilla\Firefox\Profiles\3k4wfgxr.default\extensions\50ce5c1a4ef30@50ce5c1a4ef69.com
[2012/06/29 02:05:30 | 000,000,000 | ---D | M] (InternetSearch) -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Mozilla\Firefox\Profiles\3k4wfgxr.default\extensions\plugin@startsearcher.com
[2013/06/01 21:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Mozilla\Firefox\Profiles\3k4wfgxr.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\extensionCode
[2013/06/01 21:26:41 | 000,213,470 | ---- | M] () (No name found) -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Mozilla\Firefox\Profiles\3k4wfgxr.default\extensions\torntv2@torntv.com.xpi
[2013/02/26 23:43:55 | 000,000,359 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Mozilla\Firefox\Profiles\3k4wfgxr.default\searchplugins\search-1.xml
[2013/01/03 02:28:58 | 000,003,269 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\Web Search.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Sergio Miguel\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Sergio Miguel\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Sergio Miguel\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Arquivos de programas\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Arquivos de programas\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Arquivos de programas\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Arquivos de programas\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Arquivos de programas\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Arquivos de programas\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\Sergio Miguel\Configura\u00E7\u00F5es locais\Dados de aplicativos\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Arquivos de programas\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: DealPly  Shopping = C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\hggpkhijoeadmdfmlbdepfbngmhaldci\3.5.0.0_0\
CHR - Extension: FindLyrics = C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\jmhhdaimhfblnamlcdijbaakkifakade\1.111_0\
CHR - Extension: DealPly  Shopping = C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\hggpkhijoeadmdfmlbdepfbngmhaldci\3.5.0.0_0\
CHR - Extension: FindLyrics = C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\jmhhdaimhfblnamlcdijbaakkifakade\1.111_0\
 
O1 HOSTS File: ([2013/06/02 00:07:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Arquivos de programas\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (DealPly Shopping) - {a6c63b7f-2171-47fa-ab34-e64c4737169d} - C:\Arquivos de programas\DealPly\DealPlyIE.dll (DealPly)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Arquivos de programas\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Baidu PC Faster 3.2.0.29] C:\Arquivos de programas\Baidu Security\PC Faster\3.2.0.29\PCFaster.exe (Baidu Inc.)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Arquivos de programas\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [RTBatteryMeter] C:\Arquivos de programas\VibrateGameDeviceDriver\rfpicon.exe (Ruling Tec Pte Ltd)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SplashDisplayer] C:\WINDOWS\system32\ISTHTB.EXE (Intel® Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [USB Storage Toolbox] C:\Arquivos de programas\USB Disk Win98 Driver\Res.exe (ali)
O4 - HKLM..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe (LightComm)
O4 - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008..\Run: [Facebook Update] C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk =  File not found
O4 - Startup: C:\Documents and Settings\Sergio Miguel\Menu Iniciar\Programas\Inicializar\Dropbox.lnk = C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 3.79\AMVConverter\grab.html File not found
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O8 - Extra context menu item: Download with &MediaFairyPro - C:\Arquivos de programas\Media Fairy Pro\hook.html File not found
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 3.79\MediaManager\grab.html File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Arquivos de programas\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O15 - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\..Trusted Domains:   ([]msn in My Computer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.10.1.2 201.10.120.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{155C0005-59E7-4B8C-A8AB-27A8FD85B996}: DhcpNameServer = 201.10.1.2 201.10.120.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{155C0005-59E7-4B8C-A8AB-27A8FD85B996}: NameServer = 200.175.89.139,200.175.5.139
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/23 20:15:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\ARQUIV~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
========== Files/Folders - Created Within 90 Days ==========
 
[2013/06/05 17:49:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sergio Miguel\Desktop\OTL.exe
[2013/06/04 12:22:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security
[2013/06/04 12:22:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sergio Miguel\Menu Iniciar\Programas\Baidu PC Faster
[2013/06/04 12:22:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Baidu PC Faster
[2013/06/04 12:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Baidu
[2013/06/04 12:21:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Baidu
[2013/06/04 12:21:06 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Baidu Security
[2013/06/04 12:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware
[2013/06/04 12:16:45 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/06/04 12:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sergio Miguel\Menu Iniciar\Programas\DealPly
[2013/06/04 12:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Dealply
[2013/06/04 12:15:53 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\DealPly
[2013/06/04 12:15:50 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\FindLyrics
[2013/06/04 12:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Baidu Security
[2013/06/04 12:09:37 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\Sergio Miguel\Desktop\JRT.exe
[2013/06/03 15:02:02 | 000,355,651 | ---- | C] (Farbar) -- C:\Documents and Settings\Sergio Miguel\Desktop\FSS.exe
[2013/06/03 15:00:04 | 000,147,456 | ---- | C] (Eric_71) -- C:\Documents and Settings\Sergio Miguel\Desktop\MbrScan.exe
[2013/06/03 14:54:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sergio Miguel\Desktop\HijackThis
[2013/06/02 00:59:40 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/06/02 00:44:02 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\ESET
[2013/06/02 00:29:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/06/01 23:57:51 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/06/01 23:55:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/06/01 23:55:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/06/01 23:55:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/06/01 23:55:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/06/01 23:54:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/06/01 21:59:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/06/01 21:58:43 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/01 21:34:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\WinZipper
[2013/06/01 21:34:56 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\WinZipper
[2013/06/01 21:34:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Omiga Plus
[2013/06/01 21:34:33 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Omiga Plus
[2013/06/01 21:27:06 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Plus-HD-2.2
[2013/05/14 21:39:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sergio Miguel\.thumbnails
[2013/05/14 21:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\fontconfig
[2013/05/14 21:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sergio Miguel\.gimp-2.8
[2013/05/14 21:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\gegl-0.2
[2013/05/14 21:09:47 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\GIMP 2
[2013/05/14 12:05:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\AVG
[2013/05/07 12:38:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sergio Miguel\Desktop\Desafio jovem
[2013/04/12 21:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Programas RFB
[2013/04/12 21:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sergio Miguel\Menu Iniciar\Programas\Programas RFB2013
[2013/04/12 13:30:03 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\NVIDIA Corporation
[2010/09/16 23:38:14 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\pcouffin.sys
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2013/06/05 18:09:08 | 000,000,454 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{673D5487-71F9-42F9-85DB-9C02E13F04E2}.job
[2013/06/05 17:50:48 | 000,000,041 | ---- | M] () -- C:\WINDOWS\Filzip.ini
[2013/06/05 17:49:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sergio Miguel\Desktop\OTL.exe
[2013/06/05 17:45:46 | 122,173,236 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2013/06/05 17:41:12 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/05 17:39:36 | 000,020,712 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/06/05 17:39:28 | 000,001,214 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-2.2-updater.job
[2013/06/05 17:38:20 | 000,001,928 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-2.2-chromeinstaller.job
[2013/06/05 17:38:19 | 000,001,854 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-2.2-firefoxinstaller.job
[2013/06/05 17:38:19 | 000,001,218 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-2.2-codedownloader.job
[2013/06/05 17:38:19 | 000,001,118 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-2.2-enabler.job
[2013/06/05 17:38:19 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/05 17:38:19 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\FindLyrics Update.job
[2013/06/05 17:38:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/04 22:27:00 | 000,001,200 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2484910839-4182779374-2056553284-1008UA.job
[2013/06/04 22:16:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/06/04 21:30:12 | 000,001,196 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2484910839-4182779374-2056553284-1008UA.job
[2013/06/04 12:22:29 | 000,001,005 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Desktop\Baidu PC Faster.lnk
[2013/06/04 12:16:48 | 000,000,858 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/04 12:15:08 | 000,636,280 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Desktop\malwarebytes-anti-malware-17501300-baixaki-32-bits.exe
[2013/06/04 12:09:40 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Sergio Miguel\Desktop\JRT.exe
[2013/06/04 11:42:51 | 000,632,031 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Desktop\adwcleaner.exe
[2013/06/03 18:30:00 | 000,001,174 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2484910839-4182779374-2056553284-1008Core.job
[2013/06/03 15:02:04 | 000,355,651 | ---- | M] (Farbar) -- C:\Documents and Settings\Sergio Miguel\Desktop\FSS.exe
[2013/06/03 15:01:43 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Desktop\Dump_Hdd0_DR0.mbr
[2013/06/03 15:00:05 | 000,147,456 | ---- | M] (Eric_71) -- C:\Documents and Settings\Sergio Miguel\Desktop\MbrScan.exe
[2013/06/03 00:27:00 | 000,001,148 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2484910839-4182779374-2056553284-1008Core.job
[2013/06/02 00:07:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/06/01 23:57:54 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/06/01 21:49:58 | 000,001,410 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Desktop\Google Chrome.lnk
[2013/05/24 18:05:39 | 000,298,529 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2013/05/16 12:15:48 | 000,360,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/16 00:17:29 | 000,510,868 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
[2013/05/16 00:17:29 | 000,475,094 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/16 00:17:29 | 000,088,884 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
[2013/05/16 00:17:29 | 000,077,210 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/15 00:22:51 | 000,003,568 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\recently-used.xbel
[2013/05/14 12:05:17 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2013/05/06 18:26:42 | 000,000,118 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\default.pls
[2013/05/06 18:26:22 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/04/30 12:35:55 | 002,252,418 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Desktop\esquema alimentar.bmp
[2013/04/30 11:02:40 | 000,107,008 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/12 21:21:22 | 000,001,916 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Receitanet 1.03 .lnk
[2013/04/12 21:21:14 | 000,000,180 | ---- | M] () -- C:\WINDOWS\REC-NET.INI
[2013/04/12 21:20:10 | 000,001,634 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Desktop\IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk
[2013/04/12 13:30:30 | 001,072,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/04/12 13:30:30 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/04/12 13:30:19 | 001,072,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/04/12 13:30:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2013/04/12 12:01:42 | 000,063,804 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/04/11 03:18:40 | 000,302,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/03/12 18:40:14 | 000,001,072 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Menu Iniciar\Programas\Inicializar\Dropbox.lnk
[2013/03/12 18:39:22 | 000,001,080 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Desktop\Dropbox.lnk
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/06/04 12:22:29 | 000,001,005 | ---- | C] () -- C:\Documents and Settings\Sergio Miguel\Desktop\Baidu PC Faster.lnk
[2013/06/04 12:16:48 | 000,000,858 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/04 12:15:52 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\FindLyrics Update.job
[2013/06/04 12:15:06 | 000,636,280 | ---- | C] () -- C:\Documents and Settings\Sergio Miguel\Desktop\malwarebytes-anti-malware-17501300-baixaki-32-bits.exe
[2013/06/04 11:42:48 | 000,632,031 | ---- | C] () -- C:\Documents and Settings\Sergio Miguel\Desktop\adwcleaner.exe
[2013/06/03 15:01:25 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Sergio Miguel\Desktop\Dump_Hdd0_DR0.mbr
[2013/06/01 23:57:54 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/06/01 23:57:51 | 000,261,920 | RHS- | C] () -- C:\cmldr
[2013/06/01 23:55:10 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/06/01 23:55:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/06/01 23:55:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/06/01 23:55:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/06/01 23:55:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/06/01 21:27:46 | 000,001,214 | ---- | C] () -- C:\WINDOWS\tasks\Plus-HD-2.2-updater.job
[2013/06/01 21:27:42 | 000,001,118 | ---- | C] () -- C:\WINDOWS\tasks\Plus-HD-2.2-enabler.job
[2013/06/01 21:27:34 | 000,001,218 | ---- | C] () -- C:\WINDOWS\tasks\Plus-HD-2.2-codedownloader.job
[2013/06/01 21:27:10 | 000,001,854 | ---- | C] () -- C:\WINDOWS\tasks\Plus-HD-2.2-firefoxinstaller.job
[2013/06/01 21:27:08 | 000,001,928 | ---- | C] () -- C:\WINDOWS\tasks\Plus-HD-2.2-chromeinstaller.job
[2013/05/15 00:22:51 | 000,003,568 | ---- | C] () -- C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\recently-used.xbel
[2013/05/14 21:12:45 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\GIMP 2.lnk
[2013/04/30 12:35:55 | 002,252,418 | ---- | C] () -- C:\Documents and Settings\Sergio Miguel\Desktop\esquema alimentar.bmp
[2013/04/12 21:21:22 | 000,001,916 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Receitanet 1.03 .lnk
[2013/04/12 21:21:14 | 000,000,180 | ---- | C] () -- C:\WINDOWS\REC-NET.INI
[2013/04/12 21:20:09 | 000,001,634 | ---- | C] () -- C:\Documents and Settings\Sergio Miguel\Desktop\IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk
[2013/04/12 13:30:19 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/04/12 13:30:19 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/04/12 13:30:19 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/04/12 13:30:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2013/03/06 01:52:33 | 020,480,000 | ---- | C] () -- C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\store-pp.jbs
[2013/02/08 05:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2013/01/03 02:29:29 | 000,011,264 | ---- | C] () -- C:\WINDOWS\Launcher.exe
[2012/12/02 02:41:13 | 000,327,394 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\WPFFontCache_v0400-System.dat
[2012/09/14 00:05:50 | 000,017,030 | ---- | C] () -- C:\Documents and Settings\Sergio Miguel\Configura
[2012/02/16 11:03:38 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/17 21:08:27 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\Dualunis.exe
[2011/09/25 13:41:02 | 000,002,992 | ---- | C] () -- C:\WINDOWS\wp3.ini
[2011/09/23 18:57:03 | 000,002,992 | ---- | C] () -- C:\WINDOWS\wp2.ini
[2011/09/23 18:57:03 | 000,000,019 | ---- | C] () -- C:\WINDOWS\wp.ini
[2011/06/08 22:19:44 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfmonnt.dll
[2011/06/08 22:19:28 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini
[2011/01/13 12:54:44 | 000,000,118 | ---- | C] () -- C:\Documents and Settings\Sergio Miguel\default.pls
[2010/09/16 23:38:37 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\vso_ts_preview.xml
[2010/09/16 23:38:14 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\inst.exe
[2010/09/16 23:38:14 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\pcouffin.cat
[2010/09/16 23:38:14 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\pcouffin.inf
[2005/12/07 12:25:53 | 000,107,008 | ---- | C] () -- C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009/09/16 14:06:02 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 23:20:40 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:53:26 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 23:20:41 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/12/16 20:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\%Installer_PublisherName%
[2010/12/19 14:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Autodesk
[2011/09/30 00:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\AVG10
[2012/08/12 20:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\AVG2012
[2010/01/21 23:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\avg7
[2010/10/31 21:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\avg9
[2013/06/04 12:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Baidu
[2013/06/04 12:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security
[2009/12/25 22:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Chat Republic Games
[2010/10/31 21:55:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Common Files
[2012/07/03 20:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\DAEMON Tools Lite
[2009/04/24 19:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\EPSON
[2013/02/26 23:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\IDM
[2011/09/28 00:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Media Get LLC
[2013/05/14 12:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\MFAData
[2006/10/30 22:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite
[2010/08/29 14:55:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Pinnacle
[2010/09/14 21:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\WinZip
[2004/09/23 20:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dados de aplicativos\InterTrust
[2013/01/30 14:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dados de aplicativos\TuneUp Software
[2012/07/22 21:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\360Safe
[2010/01/21 23:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\AVG7
[2010/12/19 14:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Autodesk
[2010/10/31 21:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\AVG10
[2011/09/30 00:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\AVG2012
[2010/01/21 23:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\AVG7
[2013/06/04 12:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Baidu
[2013/06/04 12:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Baidu Security
[2012/12/20 14:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\BitTorrent
[2008/01/23 18:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\DAEMON Tools
[2012/07/31 22:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\DAEMON Tools Lite
[2013/06/04 12:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Dealply
[2008/07/05 00:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Dev-Cpp
[2013/02/26 23:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\DMCache
[2013/06/01 23:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\drivers
[2013/06/05 17:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Dropbox
[2007/07/24 19:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\FrostWire
[2012/07/09 23:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\GetRightToGo
[2012/12/01 12:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\GrabPro
[2013/02/26 23:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\IDM
[2004/09/23 20:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\InterTrust
[2013/02/27 01:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Media Fairy
[2011/09/28 00:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Media Get LLC
[2010/08/28 14:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Moyea
[2006/10/30 22:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Nokia
[2013/06/02 01:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Omiga Plus
[2012/12/01 13:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Orbit
[2007/09/01 18:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\PC Suite
[2012/12/01 12:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\ProgSense
[2010/04/25 03:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\TreeCardGames
[2013/01/03 15:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\uTorrent
[2010/09/17 00:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Vso
[2013/06/01 21:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\WinZipper
[2010/08/28 16:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Xilisoft
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2013/06/01 21:50:07 | 000,075,130 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2013/06/04 11:52:08 | 000,001,459 | ---- | M] () -- C:\AdwCleaner[S2].txt
[2004/09/23 20:15:16 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/01/21 22:43:07 | 000,000,416 | ---- | M] () -- C:\avexport.bat
[2006/09/30 19:25:41 | 012,320,505 | ---- | M] () -- C:\AVG7QT.DAT
[2011/09/30 01:59:17 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013/06/01 23:57:54 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/04 09:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2004/08/03 23:00:02 | 000,261,920 | RHS- | M] () -- C:\cmldr
[2013/06/02 00:10:20 | 000,020,957 | ---- | M] () -- C:\ComboFix.txt
[2004/09/23 20:15:16 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/10/04 21:14:08 | 000,000,167 | ---- | M] () -- C:\cpu.log
[2011/01/16 20:26:11 | 000,000,010 | ---- | M] () -- C:\csb.log
[2007/12/21 16:08:28 | 000,000,000 | ---- | M] () -- C:\dumpconsole.txt
[2007/12/24 16:12:32 | 000,000,217 | ---- | M] () -- C:\DV.txt
[2004/09/23 20:15:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/11/05 21:01:26 | 000,033,316 | ---- | M] () -- C:\mediamp3.dat
[2004/09/23 20:15:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/09/23 20:28:41 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011/01/05 17:12:57 | 000,251,696 | RHS- | M] () -- C:\ntldr
[2013/06/05 17:38:10 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2012/12/16 20:24:33 | 000,000,110 | ---- | M] () -- C:\prefs.js
[2013/01/03 02:29:26 | 000,000,278 | ---- | M] () -- C:\SetSearchAndHomepageInBrowserLog.txt
[2009/09/10 13:32:53 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/10/24 18:04:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/11/22 22:04:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/01/19 13:14:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/01/19 14:13:17 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/01/19 16:16:20 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/01/19 19:25:03 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/01/19 19:47:18 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/01/19 23:58:48 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/02/03 15:32:20 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/02/03 17:52:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/02/04 21:12:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/02/04 21:13:08 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/02/04 21:47:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/02/05 02:52:23 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/03/19 23:18:21 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/06/15 13:00:23 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/06/15 19:36:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/07/28 17:58:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/08/12 01:07:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/03/19 23:18:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/06/15 13:00:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/06/15 19:36:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/07/28 17:58:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/08/12 01:07:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/09/10 13:32:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008/10/24 18:04:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2008/11/22 22:04:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/01/19 13:14:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/01/19 14:13:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/01/19 16:16:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/01/19 19:25:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/01/19 19:47:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/01/19 23:58:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/02/03 15:32:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/02/03 17:52:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/02/04 21:12:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/02/04 21:13:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/02/04 21:47:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/02/05 02:52:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
 
< %systemdrive%\drivers\*.exe >
 
< %systemroot%\system32\drivers\*.* /90 >
[2013/04/11 03:18:40 | 000,302,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
 
< %PROGRAMFILES%\*.* >
[2007/07/24 20:01:28 | 000,001,039 | ---- | M] () -- C:\Arquivos de programas\INSTALL.LOG
 
< %userprofile%\configurações locais\dados de aplicativos\*.exe >
 
< %userprofile%\configurações locais\dados de aplicativos\*.txt >
 
< %userprofile%\configurações locais\dados de aplicativos\*.ini >
[2013/04/30 11:02:40 | 000,107,008 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\configurações locais\dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
< %userprofile%\configurações locais\dados de aplicativos\*.dat /30 >
 
< %userprofile%\configurações locais\dados de aplicativos\*.dll >
 
< %userprofile%\*.exe >
 
< %userprofile%\*.txt >
 
< %userprofile%\*.ini >
[2013/06/04 22:29:12 | 000,000,330 | -HS- | M] () -- C:\Documents and Settings\Sergio Miguel\ntuser.ini
 
< %userprofile%\*.dat /30 >
[2013/06/04 22:29:19 | 015,990,784 | -H-- | M] () -- C:\Documents and Settings\Sergio Miguel\NTUSER.DAT
 
< %userprofile%\*.dll >
 
< %appdata%\*.* >
[2004/09/23 19:57:34 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\desktop.ini
[2010/09/17 00:37:57 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\inst.exe
[2010/09/17 00:37:57 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\pcouffin.cat
[2010/09/17 00:37:57 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\pcouffin.inf
[2010/09/17 00:37:57 | 000,000,033 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\pcouffin.log
[2010/09/17 00:37:57 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\pcouffin.sys
[2010/09/17 00:37:44 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\vso_ts_preview.xml
 
< %windir%\tasks\*.* /s >
[2013/06/04 22:16:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2003/04/30 09:00:00 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\tasks\desktop.ini
[2013/06/03 18:30:00 | 000,001,174 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2484910839-4182779374-2056553284-1008Core.job
[2013/06/04 21:30:12 | 000,001,196 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2484910839-4182779374-2056553284-1008UA.job
[2013/06/05 17:38:19 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\FindLyrics Update.job
[2013/06/05 17:38:19 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/05 17:41:12 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/03 00:27:00 | 000,001,148 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2484910839-4182779374-2056553284-1008Core.job
[2013/06/04 22:27:00 | 000,001,200 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2484910839-4182779374-2056553284-1008UA.job
[2013/06/05 17:38:20 | 000,001,928 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-2.2-chromeinstaller.job
[2013/06/05 17:38:19 | 000,001,218 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-2.2-codedownloader.job
[2013/06/05 17:38:19 | 000,001,118 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-2.2-enabler.job
[2013/06/05 17:38:19 | 000,001,854 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-2.2-firefoxinstaller.job
[2013/06/05 17:39:28 | 000,001,214 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-2.2-updater.job
[2013/06/05 17:38:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2013/06/05 18:09:08 | 000,000,454 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{673D5487-71F9-42F9-85DB-9C02E13F04E2}.job
 
< %PROGRAMFILES%\Internet Explorer\*.* >
[2006/11/07 20:03:36 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\custsat.dll
[2009/03/08 03:35:04 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\ExtExport.exe
[2007/11/13 17:06:21 | 000,000,041 | ---- | M] () -- C:\Arquivos de programas\Internet Explorer\Filzip.ini
[2008/09/19 23:17:00 | 000,000,000 | ---- | M] () -- C:\Arquivos de programas\Internet Explorer\h323log.txt
[2009/03/08 03:24:28 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\hmmapi.dll
[2009/01/11 20:05:26 | 000,002,649 | ---- | M] () -- C:\Arquivos de programas\Internet Explorer\ie8props.propdesc
[2009/03/08 03:35:04 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\iecompat.dll
[2013/04/16 19:26:06 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\iedvtool.dll
[2008/04/13 23:21:01 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\iedw.exe
[2013/04/16 19:26:19 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\ieproxy.dll
[2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
[2010/04/27 23:11:58 | 000,000,918 | ---- | M] () -- C:\Arquivos de programas\Internet Explorer\iexplore.exe.exp.log
[2009/03/08 13:33:36 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe.mui
[2013/04/16 19:26:26 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\jsdbgui.dll
[2009/03/08 03:35:02 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\jsdebuggeride.dll
[2009/03/08 03:35:04 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\JSProfilerCore.dll
[2009/03/08 03:35:12 | 000,233,984 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\jsprofilerui.dll
[2009/01/07 17:20:18 | 000,355,832 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\pdm.dll
[2009/01/07 17:20:54 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\sqmapi.dll
[2013/04/16 19:26:49 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\xpshims.dll
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >
"SavedLegacySettings" = 46 00 00 00 D7 43 01 00 09 00 00 00 1A 00 00 00 63 68 61 73 71 75 65 70 72 6F 78 79 2E 75 66 72 67 73 2E 62 72 3A 33 31 32 38 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 E0 7B 21 2A A0 47 CE 01 01 00 00 00 C0 A8 01 F8 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 FE 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 B4 52 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 77 00 77 00 77 00 2E 00 73 00 77 00 65 00 65 00 74 00 69 00 6D 00 2E 00 63 00 6F 00 6D 00 00 00 03 A8 02 00 00 00 00 00 C0 00 00 00 00 00 00 46 02 00 00 00 11 00 00 00 02 00 00 00 06 00 00 00 00 00 00 00  [Binary data over 200 bytes]
"DefaultConnectionSettings" = 46 00 00 00 C9 47 00 00 09 00 00 00 1A 00 00 00 63 68 61 73 71 75 65 70 72 6F 78 79 2E 75 66 72 67 73 2E 62 72 3A 33 31 32 38 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 E0 7B 21 2A A0 47 CE 01 01 00 00 00 C0 A8 01 F8 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 FE 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 B4 52 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 77 00 77 00 77 00 2E 00 73 00 77 00 65 00 65 00 74 00 69 00 6D 00 2E 00 63 00 6F 00 6D 00 00 00 03 A8 02 00 00 00 00 00 C0 00 00 00 00 00 00 46 02 00 00 00 11 00 00 00 02 00 00 00 06 00 00 00 00 00 00 00  [Binary data over 200 bytes]
"ibest" = 3C 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [binary data]
"iG" = 3C 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [binary data]
"Terra" = 3C 00 00 00 03 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [binary data]
"teste" = 46 00 00 00 4D 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [binary data]
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations >
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments >
 
< HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\System32\CTFMON.EXE -- [2008/04/13 23:20:54 | 000,015,360 | ---- | M] (Microsoft Corporation)
 
< HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP >
 
< HKCU\Software\Microsoft\Internet Explorer\Downloads >
 
< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
 
< MD5 for: SERVICES  >
[2003/04/30 09:00:00 | 000,006,953 | ---- | M] () MD5=89ABDE406B847C6C8B4BEAA1E0B42BEE -- C:\WINDOWS\system32\drivers\etc\services
 
< MD5 for: SERVICES.DAT  >
[2013/04/22 00:04:55 | 000,001,720 | ---- | M] () MD5=43C1700D78D89F0B1F6FA88FD132BE1A -- C:\JRT\services.dat
 
< MD5 for: SERVICES.EXE  >
[2009/02/09 08:17:04 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=38867483E0CB504BB8F277E05729881E -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009/02/09 07:08:21 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=96D7D86D3AA68A57BBE835441DC23107 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/09 08:25:05 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=C52DEB6D8CD4B096BF1A9EC001F36507 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/09 08:25:05 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=C52DEB6D8CD4B096BF1A9EC001F36507 -- C:\WINDOWS\erdnt\cache\services.exe
[2009/02/09 08:25:05 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=C52DEB6D8CD4B096BF1A9EC001F36507 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/09 08:25:05 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=C52DEB6D8CD4B096BF1A9EC001F36507 -- C:\WINDOWS\system32\services.exe
[2004/08/04 09:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=CC73C4430C2FC27FDE16A0A4E3678148 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2004/08/04 00:45:42 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=CC73C4430C2FC27FDE16A0A4E3678148 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe
[2009/02/09 06:53:30 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=E64296F1D45C776FAC6EE8F89EF3C303 -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2008/04/13 23:21:17 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=EE7999BAACA84CFAA03726E677EE2A33 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2008/04/13 23:21:17 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=EE7999BAACA84CFAA03726E677EE2A33 -- C:\WINDOWS\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\services.exe
 
< MD5 for: SERVICES.MOCHIADS.COM.SOL  >
[2013/01/05 12:56:15 | 000,000,336 | ---- | M] () MD5=715A22502B7190B5CA811F0DD3207BDC -- C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WK3VCT3J\mochiads.com\services.mochiads.com.sol
 
< MD5 for: SERVICES.MSC  >
[2004/08/04 09:00:00 | 000,033,074 | ---- | M] () MD5=420018D54146F64F42AC7D60525549F3 -- C:\WINDOWS\system32\services.msc
 
< MD5 for: SERVICES.RDB  >
[2005/10/21 11:00:54 | 003,178,496 | ---- | M] () MD5=61E89F352F7EAFFD5AC9F15E347F9593 -- C:\Arquivos de programas\OpenOffice.org1.1.0\program\services.rdb
 
< End of report >


#6
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.786 posts

 

Não apareceu nenhum Extra

 

Já é a segunda vez que está executando a ferramenta. Qual o motivo?



#7
Jean Rodrigo

Jean Rodrigo

    Novato

  • Novato
  • Pip
  • 8 posts

Na primeira mensagem eu mandei, falei que já havia utilizado algumas dessas ferramentas.



#8
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.786 posts

Na primeira mensagem eu mandei, falei que já havia utilizado algumas dessas ferramentas.

 

Ok,

 

Rode novamente o OTL, conforme instrução anterior e dessa vez marque também:

 

Usar SafeList em Exame Extra do Registro

 

Poste os logs gerados.



#9
Jean Rodrigo

Jean Rodrigo

    Novato

  • Novato
  • Pip
  • 8 posts
OTL logfile created on: 5/6/2013 18:49:06 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Sergio Miguel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy
 
2,00 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,53% Memory free
3,85 Gb Paging File | 2,92 Gb Available in Paging File | 75,99% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 74,56 Gb Total Space | 11,31 Gb Free Space | 15,17% Space Free | Partition Type: NTFS
 
Computer Name: USUARIO-FUEVY1P | User Name: Sergio Miguel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/06/05 17:49:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sergio Miguel\Desktop\OTL.exe
PRC - [2013/06/01 21:34:53 | 000,424,104 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) -- C:\Arquivos de programas\WinZipper\winzipersvc.exe
PRC - [2013/06/01 21:34:31 | 000,420,008 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) -- C:\Arquivos de programas\Omiga Plus\omigaplusSvc.exe
PRC - [2013/05/23 02:44:09 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
PRC - [2013/05/22 05:49:54 | 001,618,280 | ---- | M] (Baidu, Inc.) -- C:\Arquivos de programas\Baidu Security\Cloud Security\BAVSvc.exe
PRC - [2013/05/19 20:03:36 | 000,567,720 | ---- | M] (Baidu Inc.) -- C:\Arquivos de programas\Baidu Security\PC Faster\3.2.0.29\PCFasterSvc.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/12 04:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Dropbox\bin\Dropbox.exe
PRC - [2013/02/27 16:38:44 | 001,259,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2012\avgnsx.exe
PRC - [2012/11/19 16:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2012\avgtray.exe
PRC - [2012/11/08 02:51:06 | 000,768,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2012\avgrsx.exe
PRC - [2012/11/02 02:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2012\avgidsagent.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/06/09 12:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jucheck.exe
PRC - [2011/06/09 12:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
PRC - [2008/04/13 23:20:58 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/01 09:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/01 09:21:30 | 000,271,920 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
PRC - [2007/06/01 09:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/03/30 15:45:12 | 000,500,224 | ---- | M] (LightComm) -- C:\WINDOWS\WinLogT.exe
PRC - [2005/09/14 20:44:14 | 000,065,536 | ---- | M] (ali) -- C:\Arquivos de programas\USB Disk Win98 Driver\Res.exe
PRC - [2005/04/15 08:01:46 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe
PRC - [2003/06/19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2003/01/16 11:32:40 | 000,049,152 | ---- | M] (Ruling Tec Pte Ltd) -- C:\Arquivos de programas\VibrateGameDeviceDriver\rfpicon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/06/01 21:34:54 | 000,612,520 | ---- | M] () -- C:\Arquivos de programas\WinZipper\sqlite3.dll
MOD - [2013/06/01 21:34:32 | 000,612,520 | ---- | M] () -- C:\Arquivos de programas\Omiga Plus\sqlite3.dll
MOD - [2013/05/23 02:44:07 | 000,393,168 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Google\Chrome\Application\27.0.1453.94\ppgooglenaclpluginchrome.dll
MOD - [2013/05/23 02:44:06 | 013,136,336 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
MOD - [2013/05/23 02:43:59 | 004,051,408 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Google\Chrome\Application\27.0.1453.94\pdf.dll
MOD - [2013/05/23 02:43:06 | 000,599,504 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Google\Chrome\Application\27.0.1453.94\libglesv2.dll
MOD - [2013/05/23 02:43:05 | 000,124,368 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Google\Chrome\Application\27.0.1453.94\libegl.dll
MOD - [2013/05/23 02:43:03 | 001,597,392 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll
MOD - [2013/04/17 06:59:06 | 000,532,328 | ---- | M] () -- C:\Arquivos de programas\Baidu Security\Cloud Security\sqlite.dll
MOD - [2009/02/27 18:49:12 | 000,311,296 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\pdfshell.PTB
MOD - [2008/04/13 23:20:33 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006/09/14 00:20:24 | 000,126,464 | ---- | M] () -- C:\Arquivos de programas\WinRAR\RarExt.dll
MOD - [2006/06/01 16:22:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe
MOD - [2001/10/29 01:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfmonnt.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/06/01 21:34:53 | 000,424,104 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) [Auto | Running] -- C:\Arquivos de programas\WinZipper\winzipersvc.exe -- (winzipersvc)
SRV - [2013/06/01 21:34:31 | 000,420,008 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) [Auto | Running] -- C:\Arquivos de programas\Omiga Plus\omigaplusSvc.exe -- (omigaplussvc)
SRV - [2013/05/22 05:49:54 | 001,618,280 | ---- | M] (Baidu, Inc.) [Auto | Running] -- C:\Arquivos de programas\Baidu Security\Cloud Security\BAVSvc.exe -- (BAVSvc)
SRV - [2013/05/19 20:03:36 | 000,567,720 | ---- | M] (Baidu Inc.) [Auto | Running] -- C:\Arquivos de programas\Baidu Security\PC Faster\3.2.0.29\PCFasterSvc.exe -- (PCFasterSvc_{PCFaster_3.2.0.29})
SRV - [2013/05/15 20:16:56 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/02 02:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Arquivos de programas\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Arquivos de programas\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010/12/04 22:42:21 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/06/01 09:21:30 | 000,271,920 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/10/26 12:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator)
SRV - [2003/06/19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\Video3D.sys -- (Video3D)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8139.SYS -- (rtl8139)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\PciCon.sys -- (PciCon)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\SERGIO~1\CONFIG~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\360HookOem.sys -- (360HookOem)
DRV - [2013/04/11 03:18:40 | 000,302,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/12/10 02:28:36 | 000,142,176 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/11/09 22:30:58 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/11/08 02:49:26 | 000,250,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2010/08/19 07:28:04 | 000,106,624 | R--- | M] (HUAWEI Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hwusbser.sys -- (hwmobile)
DRV - [2010/06/02 15:32:22 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/04/13 15:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/04/28 12:33:30 | 000,009,216 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\GF0003.sys -- (GF0003)
DRV - [2005/05/27 14:57:16 | 000,162,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.sys -- (PAC207)
DRV - [2005/04/19 07:40:52 | 002,317,504 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004/12/14 12:55:22 | 000,009,472 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2004/09/23 20:46:03 | 000,004,096 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\csinstdrv.sys -- (CS_INST_DRV)
DRV - [2004/09/12 09:45:28 | 000,008,320 | ---- | M] (Ruling Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DynCal.sys -- (DynCal)
DRV - [2004/07/23 20:07:10 | 000,028,857 | ---- | M] (Siemens Subscriber Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enethusb.sys -- (ENETHUSB)
DRV - [2004/04/25 20:29:54 | 000,921,682 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2003/12/31 08:58:46 | 000,069,504 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2001/08/17 19:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...h?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\..\SearchScopes\{19447F3E-9667-4D94-833A-2E7C3D57A158}: "URL" = http://buscador.terr...e=Search&query={searchTerms}&Image.x=24&Image.y=16
IE - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://br.search.yahoo.com/search?p={searchTerms}&fr=chr-iobit
IE - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = chasqueproxy.ufrgs.br:3128
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Arquivos de programas\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Arquivos de programas\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Arquivos de programas\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Arquivos de programas\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Arquivos de programas\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Arquivos de programas\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Arquivos de programas\AVG\AVG2012\Firefox4\ [2013/05/14 12:05:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\50ce5c1a4ef30@50ce5c1a4ef69.com: C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Mozilla\Firefox\Profiles\3k4wfgxr.default\extensions\50ce5c1a4ef30@50ce5c1a4ef69.com [2012/12/16 20:24:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Arquivos de programas\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/29 12:33:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\findlyrics@findlyrics.co: C:\Arquivos de programas\FindLyrics\FF\ [2013/06/04 12:15:50 | 000,000,000 | ---D | M]
 
[2009/10/25 16:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Mozilla\Extensions
[2013/06/01 21:49:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Mozilla\Firefox\Profiles\3k4wfgxr.default\extensions
[2009/10/25 16:09:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Mozilla\Firefox\Profiles\3k4wfgxr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/06/01 21:27:13 | 000,000,000 | ---D | M] ("Plus-HD-2.2") -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Mozilla\Firefox\Profiles\3k4wfgxr.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com
[2012/12/16 20:24:45 | 000,000,000 | ---D | M] (Zoomex) -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Mozilla\Firefox\Profiles\3k4wfgxr.default\extensions\50ce5c1a4ef30@50ce5c1a4ef69.com
[2012/06/29 02:05:30 | 000,000,000 | ---D | M] (InternetSearch) -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Mozilla\Firefox\Profiles\3k4wfgxr.default\extensions\plugin@startsearcher.com
[2013/06/01 21:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Mozilla\Firefox\Profiles\3k4wfgxr.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\extensionCode
[2013/06/01 21:26:41 | 000,213,470 | ---- | M] () (No name found) -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Mozilla\Firefox\Profiles\3k4wfgxr.default\extensions\torntv2@torntv.com.xpi
[2013/02/26 23:43:55 | 000,000,359 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Mozilla\Firefox\Profiles\3k4wfgxr.default\searchplugins\search-1.xml
[2013/01/03 02:28:58 | 000,003,269 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\Web Search.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Sergio Miguel\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Sergio Miguel\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Sergio Miguel\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Arquivos de programas\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Arquivos de programas\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Arquivos de programas\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Arquivos de programas\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Arquivos de programas\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Arquivos de programas\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\Sergio Miguel\Configura\u00E7\u00F5es locais\Dados de aplicativos\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Arquivos de programas\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: DealPly  Shopping = C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\hggpkhijoeadmdfmlbdepfbngmhaldci\3.5.0.0_0\
CHR - Extension: FindLyrics = C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\jmhhdaimhfblnamlcdijbaakkifakade\1.111_0\
CHR - Extension: DealPly  Shopping = C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\hggpkhijoeadmdfmlbdepfbngmhaldci\3.5.0.0_0\
CHR - Extension: FindLyrics = C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\jmhhdaimhfblnamlcdijbaakkifakade\1.111_0\
 
O1 HOSTS File: ([2013/06/02 00:07:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Arquivos de programas\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (DealPly Shopping) - {a6c63b7f-2171-47fa-ab34-e64c4737169d} - C:\Arquivos de programas\DealPly\DealPlyIE.dll (DealPly)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Arquivos de programas\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Baidu PC Faster 3.2.0.29] C:\Arquivos de programas\Baidu Security\PC Faster\3.2.0.29\PCFaster.exe (Baidu Inc.)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Arquivos de programas\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [RTBatteryMeter] C:\Arquivos de programas\VibrateGameDeviceDriver\rfpicon.exe (Ruling Tec Pte Ltd)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SplashDisplayer] C:\WINDOWS\system32\ISTHTB.EXE (Intel® Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [USB Storage Toolbox] C:\Arquivos de programas\USB Disk Win98 Driver\Res.exe (ali)
O4 - HKLM..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe (LightComm)
O4 - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008..\Run: [Facebook Update] C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk =  File not found
O4 - Startup: C:\Documents and Settings\Sergio Miguel\Menu Iniciar\Programas\Inicializar\Dropbox.lnk = C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 3.79\AMVConverter\grab.html File not found
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O8 - Extra context menu item: Download with &MediaFairyPro - C:\Arquivos de programas\Media Fairy Pro\hook.html File not found
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 3.79\MediaManager\grab.html File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Arquivos de programas\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O15 - HKU\S-1-5-21-2484910839-4182779374-2056553284-1008\..Trusted Domains:   ([]msn in My Computer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.10.1.2 201.10.120.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{155C0005-59E7-4B8C-A8AB-27A8FD85B996}: DhcpNameServer = 201.10.1.2 201.10.120.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{155C0005-59E7-4B8C-A8AB-27A8FD85B996}: NameServer = 200.175.89.139,200.175.5.139
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/23 20:15:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\ARQUIV~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
========== Files/Folders - Created Within 90 Days ==========
 
[2013/06/05 17:49:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sergio Miguel\Desktop\OTL.exe
[2013/06/04 12:22:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security
[2013/06/04 12:22:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sergio Miguel\Menu Iniciar\Programas\Baidu PC Faster
[2013/06/04 12:22:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Baidu PC Faster
[2013/06/04 12:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Baidu
[2013/06/04 12:21:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Baidu
[2013/06/04 12:21:06 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Baidu Security
[2013/06/04 12:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware
[2013/06/04 12:16:45 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/06/04 12:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sergio Miguel\Menu Iniciar\Programas\DealPly
[2013/06/04 12:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Dealply
[2013/06/04 12:15:53 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\DealPly
[2013/06/04 12:15:50 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\FindLyrics
[2013/06/04 12:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Baidu Security
[2013/06/04 12:09:37 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\Sergio Miguel\Desktop\JRT.exe
[2013/06/03 15:02:02 | 000,355,651 | ---- | C] (Farbar) -- C:\Documents and Settings\Sergio Miguel\Desktop\FSS.exe
[2013/06/03 15:00:04 | 000,147,456 | ---- | C] (Eric_71) -- C:\Documents and Settings\Sergio Miguel\Desktop\MbrScan.exe
[2013/06/03 14:54:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sergio Miguel\Desktop\HijackThis
[2013/06/02 00:59:40 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/06/02 00:44:02 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\ESET
[2013/06/02 00:29:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/06/01 23:57:51 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/06/01 23:55:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/06/01 23:55:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/06/01 23:55:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/06/01 23:55:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/06/01 23:54:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/06/01 21:59:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/06/01 21:58:43 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/01 21:34:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\WinZipper
[2013/06/01 21:34:56 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\WinZipper
[2013/06/01 21:34:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Omiga Plus
[2013/06/01 21:34:33 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Omiga Plus
[2013/06/01 21:27:06 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Plus-HD-2.2
[2013/05/14 21:39:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sergio Miguel\.thumbnails
[2013/05/14 21:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\fontconfig
[2013/05/14 21:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sergio Miguel\.gimp-2.8
[2013/05/14 21:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\gegl-0.2
[2013/05/14 21:09:47 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\GIMP 2
[2013/05/14 12:05:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\AVG
[2013/05/07 12:38:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sergio Miguel\Desktop\Desafio jovem
[2013/04/12 21:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Programas RFB
[2013/04/12 21:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sergio Miguel\Menu Iniciar\Programas\Programas RFB2013
[2013/04/12 13:30:03 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\NVIDIA Corporation
[2010/09/16 23:38:14 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\pcouffin.sys
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2013/06/05 18:41:01 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/05 18:39:30 | 000,000,454 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{673D5487-71F9-42F9-85DB-9C02E13F04E2}.job
[2013/06/05 18:30:12 | 000,001,196 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2484910839-4182779374-2056553284-1008UA.job
[2013/06/05 18:30:00 | 000,001,174 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2484910839-4182779374-2056553284-1008Core.job
[2013/06/05 18:27:00 | 000,001,200 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2484910839-4182779374-2056553284-1008UA.job
[2013/06/05 18:16:15 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/06/05 17:50:48 | 000,000,041 | ---- | M] () -- C:\WINDOWS\Filzip.ini
[2013/06/05 17:49:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sergio Miguel\Desktop\OTL.exe
[2013/06/05 17:45:46 | 122,173,236 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2013/06/05 17:39:36 | 000,020,712 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/06/05 17:39:28 | 000,001,214 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-2.2-updater.job
[2013/06/05 17:38:20 | 000,001,928 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-2.2-chromeinstaller.job
[2013/06/05 17:38:19 | 000,001,854 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-2.2-firefoxinstaller.job
[2013/06/05 17:38:19 | 000,001,218 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-2.2-codedownloader.job
[2013/06/05 17:38:19 | 000,001,118 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-2.2-enabler.job
[2013/06/05 17:38:19 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/05 17:38:19 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\FindLyrics Update.job
[2013/06/05 17:38:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/04 12:22:29 | 000,001,005 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Desktop\Baidu PC Faster.lnk
[2013/06/04 12:16:48 | 000,000,858 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/04 12:15:08 | 000,636,280 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Desktop\malwarebytes-anti-malware-17501300-baixaki-32-bits.exe
[2013/06/04 12:09:40 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Sergio Miguel\Desktop\JRT.exe
[2013/06/04 11:42:51 | 000,632,031 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Desktop\adwcleaner.exe
[2013/06/03 15:02:04 | 000,355,651 | ---- | M] (Farbar) -- C:\Documents and Settings\Sergio Miguel\Desktop\FSS.exe
[2013/06/03 15:01:43 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Desktop\Dump_Hdd0_DR0.mbr
[2013/06/03 15:00:05 | 000,147,456 | ---- | M] (Eric_71) -- C:\Documents and Settings\Sergio Miguel\Desktop\MbrScan.exe
[2013/06/03 00:27:00 | 000,001,148 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2484910839-4182779374-2056553284-1008Core.job
[2013/06/02 00:07:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/06/01 23:57:54 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/06/01 21:49:58 | 000,001,410 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Desktop\Google Chrome.lnk
[2013/05/24 18:05:39 | 000,298,529 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2013/05/16 12:15:48 | 000,360,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/16 00:17:29 | 000,510,868 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
[2013/05/16 00:17:29 | 000,475,094 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/16 00:17:29 | 000,088,884 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
[2013/05/16 00:17:29 | 000,077,210 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/15 00:22:51 | 000,003,568 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\recently-used.xbel
[2013/05/14 12:05:17 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2013/05/06 18:26:42 | 000,000,118 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\default.pls
[2013/05/06 18:26:22 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/04/30 12:35:55 | 002,252,418 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Desktop\esquema alimentar.bmp
[2013/04/30 11:02:40 | 000,107,008 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/12 21:21:22 | 000,001,916 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Receitanet 1.03 .lnk
[2013/04/12 21:21:14 | 000,000,180 | ---- | M] () -- C:\WINDOWS\REC-NET.INI
[2013/04/12 21:20:10 | 000,001,634 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Desktop\IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk
[2013/04/12 13:30:30 | 001,072,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/04/12 13:30:30 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/04/12 13:30:19 | 001,072,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/04/12 13:30:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2013/04/12 12:01:42 | 000,063,804 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/04/11 03:18:40 | 000,302,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/03/12 18:40:14 | 000,001,072 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Menu Iniciar\Programas\Inicializar\Dropbox.lnk
[2013/03/12 18:39:22 | 000,001,080 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Desktop\Dropbox.lnk
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/06/04 12:22:29 | 000,001,005 | ---- | C] () -- C:\Documents and Settings\Sergio Miguel\Desktop\Baidu PC Faster.lnk
[2013/06/04 12:16:48 | 000,000,858 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/04 12:15:52 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\FindLyrics Update.job
[2013/06/04 12:15:06 | 000,636,280 | ---- | C] () -- C:\Documents and Settings\Sergio Miguel\Desktop\malwarebytes-anti-malware-17501300-baixaki-32-bits.exe
[2013/06/04 11:42:48 | 000,632,031 | ---- | C] () -- C:\Documents and Settings\Sergio Miguel\Desktop\adwcleaner.exe
[2013/06/03 15:01:25 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Sergio Miguel\Desktop\Dump_Hdd0_DR0.mbr
[2013/06/01 23:57:54 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/06/01 23:57:51 | 000,261,920 | RHS- | C] () -- C:\cmldr
[2013/06/01 23:55:10 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/06/01 23:55:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/06/01 23:55:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/06/01 23:55:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/06/01 23:55:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/06/01 21:27:46 | 000,001,214 | ---- | C] () -- C:\WINDOWS\tasks\Plus-HD-2.2-updater.job
[2013/06/01 21:27:42 | 000,001,118 | ---- | C] () -- C:\WINDOWS\tasks\Plus-HD-2.2-enabler.job
[2013/06/01 21:27:34 | 000,001,218 | ---- | C] () -- C:\WINDOWS\tasks\Plus-HD-2.2-codedownloader.job
[2013/06/01 21:27:10 | 000,001,854 | ---- | C] () -- C:\WINDOWS\tasks\Plus-HD-2.2-firefoxinstaller.job
[2013/06/01 21:27:08 | 000,001,928 | ---- | C] () -- C:\WINDOWS\tasks\Plus-HD-2.2-chromeinstaller.job
[2013/05/15 00:22:51 | 000,003,568 | ---- | C] () -- C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\recently-used.xbel
[2013/05/14 21:12:45 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\GIMP 2.lnk
[2013/04/30 12:35:55 | 002,252,418 | ---- | C] () -- C:\Documents and Settings\Sergio Miguel\Desktop\esquema alimentar.bmp
[2013/04/12 21:21:22 | 000,001,916 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Receitanet 1.03 .lnk
[2013/04/12 21:21:14 | 000,000,180 | ---- | C] () -- C:\WINDOWS\REC-NET.INI
[2013/04/12 21:20:09 | 000,001,634 | ---- | C] () -- C:\Documents and Settings\Sergio Miguel\Desktop\IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk
[2013/04/12 13:30:19 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/04/12 13:30:19 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/04/12 13:30:19 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/04/12 13:30:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2013/03/06 01:52:33 | 020,480,000 | ---- | C] () -- C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\store-pp.jbs
[2013/02/08 05:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2013/01/03 02:29:29 | 000,011,264 | ---- | C] () -- C:\WINDOWS\Launcher.exe
[2012/12/02 02:41:13 | 000,327,394 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\WPFFontCache_v0400-System.dat
[2012/09/14 00:05:50 | 000,017,030 | ---- | C] () -- C:\Documents and Settings\Sergio Miguel\Configura
[2012/02/16 11:03:38 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/17 21:08:27 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\Dualunis.exe
[2011/09/25 13:41:02 | 000,002,992 | ---- | C] () -- C:\WINDOWS\wp3.ini
[2011/09/23 18:57:03 | 000,002,992 | ---- | C] () -- C:\WINDOWS\wp2.ini
[2011/09/23 18:57:03 | 000,000,019 | ---- | C] () -- C:\WINDOWS\wp.ini
[2011/06/08 22:19:44 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfmonnt.dll
[2011/06/08 22:19:28 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini
[2011/01/13 12:54:44 | 000,000,118 | ---- | C] () -- C:\Documents and Settings\Sergio Miguel\default.pls
[2010/09/16 23:38:37 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\vso_ts_preview.xml
[2010/09/16 23:38:14 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\inst.exe
[2010/09/16 23:38:14 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\pcouffin.cat
[2010/09/16 23:38:14 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\pcouffin.inf
[2005/12/07 12:25:53 | 000,107,008 | ---- | C] () -- C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009/09/16 14:06:02 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 23:20:40 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:53:26 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 23:20:41 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/12/16 20:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\%Installer_PublisherName%
[2010/12/19 14:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Autodesk
[2011/09/30 00:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\AVG10
[2012/08/12 20:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\AVG2012
[2010/01/21 23:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\avg7
[2010/10/31 21:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\avg9
[2013/06/04 12:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Baidu
[2013/06/04 12:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security
[2009/12/25 22:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Chat Republic Games
[2010/10/31 21:55:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Common Files
[2012/07/03 20:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\DAEMON Tools Lite
[2009/04/24 19:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\EPSON
[2013/02/26 23:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\IDM
[2011/09/28 00:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Media Get LLC
[2013/05/14 12:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\MFAData
[2006/10/30 22:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite
[2010/08/29 14:55:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Pinnacle
[2010/09/14 21:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\WinZip
[2004/09/23 20:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dados de aplicativos\InterTrust
[2013/01/30 14:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dados de aplicativos\TuneUp Software
[2012/07/22 21:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\360Safe
[2010/01/21 23:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\AVG7
[2010/12/19 14:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Autodesk
[2010/10/31 21:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\AVG10
[2011/09/30 00:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\AVG2012
[2010/01/21 23:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\AVG7
[2013/06/04 12:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Baidu
[2013/06/04 12:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Baidu Security
[2012/12/20 14:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\BitTorrent
[2008/01/23 18:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\DAEMON Tools
[2012/07/31 22:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\DAEMON Tools Lite
[2013/06/04 12:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Dealply
[2008/07/05 00:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Dev-Cpp
[2013/02/26 23:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\DMCache
[2013/06/01 23:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\drivers
[2013/06/05 17:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Dropbox
[2007/07/24 19:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\FrostWire
[2012/07/09 23:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\GetRightToGo
[2012/12/01 12:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\GrabPro
[2013/02/26 23:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\IDM
[2004/09/23 20:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\InterTrust
[2013/02/27 01:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Media Fairy
[2011/09/28 00:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Media Get LLC
[2010/08/28 14:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Moyea
[2006/10/30 22:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Nokia
[2013/06/02 01:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Omiga Plus
[2012/12/01 13:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Orbit
[2007/09/01 18:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\PC Suite
[2012/12/01 12:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\ProgSense
[2010/04/25 03:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\TreeCardGames
[2013/01/03 15:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\uTorrent
[2010/09/17 00:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Vso
[2013/06/01 21:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\WinZipper
[2010/08/28 16:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Xilisoft
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2013/06/01 21:50:07 | 000,075,130 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2013/06/04 11:52:08 | 000,001,459 | ---- | M] () -- C:\AdwCleaner[S2].txt
[2004/09/23 20:15:16 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/01/21 22:43:07 | 000,000,416 | ---- | M] () -- C:\avexport.bat
[2006/09/30 19:25:41 | 012,320,505 | ---- | M] () -- C:\AVG7QT.DAT
[2011/09/30 01:59:17 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013/06/01 23:57:54 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/04 09:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2004/08/03 23:00:02 | 000,261,920 | RHS- | M] () -- C:\cmldr
[2013/06/02 00:10:20 | 000,020,957 | ---- | M] () -- C:\ComboFix.txt
[2004/09/23 20:15:16 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/10/04 21:14:08 | 000,000,167 | ---- | M] () -- C:\cpu.log
[2011/01/16 20:26:11 | 000,000,010 | ---- | M] () -- C:\csb.log
[2007/12/21 16:08:28 | 000,000,000 | ---- | M] () -- C:\dumpconsole.txt
[2007/12/24 16:12:32 | 000,000,217 | ---- | M] () -- C:\DV.txt
[2004/09/23 20:15:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/11/05 21:01:26 | 000,033,316 | ---- | M] () -- C:\mediamp3.dat
[2004/09/23 20:15:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/09/23 20:28:41 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011/01/05 17:12:57 | 000,251,696 | RHS- | M] () -- C:\ntldr
[2013/06/05 17:38:10 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2012/12/16 20:24:33 | 000,000,110 | ---- | M] () -- C:\prefs.js
[2013/01/03 02:29:26 | 000,000,278 | ---- | M] () -- C:\SetSearchAndHomepageInBrowserLog.txt
[2009/09/10 13:32:53 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/10/24 18:04:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/11/22 22:04:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/01/19 13:14:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/01/19 14:13:17 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/01/19 16:16:20 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/01/19 19:25:03 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/01/19 19:47:18 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/01/19 23:58:48 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/02/03 15:32:20 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/02/03 17:52:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/02/04 21:12:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/02/04 21:13:08 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/02/04 21:47:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/02/05 02:52:23 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/03/19 23:18:21 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/06/15 13:00:23 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/06/15 19:36:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/07/28 17:58:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/08/12 01:07:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/03/19 23:18:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/06/15 13:00:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/06/15 19:36:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/07/28 17:58:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/08/12 01:07:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/09/10 13:32:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008/10/24 18:04:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2008/11/22 22:04:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/01/19 13:14:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/01/19 14:13:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/01/19 16:16:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/01/19 19:25:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/01/19 19:47:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/01/19 23:58:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/02/03 15:32:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/02/03 17:52:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/02/04 21:12:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/02/04 21:13:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/02/04 21:47:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/02/05 02:52:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
 
< %systemdrive%\drivers\*.exe >
 
< %systemroot%\system32\drivers\*.* /90 >
[2013/04/11 03:18:40 | 000,302,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
 
< %PROGRAMFILES%\*.* >
[2007/07/24 20:01:28 | 000,001,039 | ---- | M] () -- C:\Arquivos de programas\INSTALL.LOG
 
< %userprofile%\configurações locais\dados de aplicativos\*.exe >
 
< %userprofile%\configurações locais\dados de aplicativos\*.txt >
 
< %userprofile%\configurações locais\dados de aplicativos\*.ini >
[2013/04/30 11:02:40 | 000,107,008 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\configurações locais\dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
< %userprofile%\configurações locais\dados de aplicativos\*.dat /30 >
 
< %userprofile%\configurações locais\dados de aplicativos\*.dll >
 
< %userprofile%\*.exe >
 
< %userprofile%\*.txt >
 
< %userprofile%\*.ini >
[2013/06/04 22:29:12 | 000,000,330 | -HS- | M] () -- C:\Documents and Settings\Sergio Miguel\ntuser.ini
 
< %userprofile%\*.dat /30 >
[2013/06/04 22:29:19 | 015,990,784 | -H-- | M] () -- C:\Documents and Settings\Sergio Miguel\NTUSER.DAT
 
< %userprofile%\*.dll >
 
< %appdata%\*.* >
[2004/09/23 19:57:34 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\desktop.ini
[2010/09/17 00:37:57 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\inst.exe
[2010/09/17 00:37:57 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\pcouffin.cat
[2010/09/17 00:37:57 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\pcouffin.inf
[2010/09/17 00:37:57 | 000,000,033 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\pcouffin.log
[2010/09/17 00:37:57 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\pcouffin.sys
[2010/09/17 00:37:44 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\vso_ts_preview.xml
 
< %windir%\tasks\*.* /s >
[2013/06/05 18:16:15 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2003/04/30 09:00:00 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\tasks\desktop.ini
[2013/06/05 18:30:00 | 000,001,174 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2484910839-4182779374-2056553284-1008Core.job
[2013/06/05 18:30:12 | 000,001,196 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2484910839-4182779374-2056553284-1008UA.job
[2013/06/05 17:38:19 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\FindLyrics Update.job
[2013/06/05 17:38:19 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/05 18:41:01 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/03 00:27:00 | 000,001,148 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2484910839-4182779374-2056553284-1008Core.job
[2013/06/05 18:27:00 | 000,001,200 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2484910839-4182779374-2056553284-1008UA.job
[2013/06/05 17:38:20 | 000,001,928 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-2.2-chromeinstaller.job
[2013/06/05 17:38:19 | 000,001,218 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-2.2-codedownloader.job
[2013/06/05 17:38:19 | 000,001,118 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-2.2-enabler.job
[2013/06/05 17:38:19 | 000,001,854 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-2.2-firefoxinstaller.job
[2013/06/05 17:39:28 | 000,001,214 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-2.2-updater.job
[2013/06/05 17:38:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2013/06/05 18:54:25 | 000,000,454 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{673D5487-71F9-42F9-85DB-9C02E13F04E2}.job
 
< %PROGRAMFILES%\Internet Explorer\*.* >
[2006/11/07 20:03:36 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\custsat.dll
[2009/03/08 03:35:04 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\ExtExport.exe
[2007/11/13 17:06:21 | 000,000,041 | ---- | M] () -- C:\Arquivos de programas\Internet Explorer\Filzip.ini
[2008/09/19 23:17:00 | 000,000,000 | ---- | M] () -- C:\Arquivos de programas\Internet Explorer\h323log.txt
[2009/03/08 03:24:28 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\hmmapi.dll
[2009/01/11 20:05:26 | 000,002,649 | ---- | M] () -- C:\Arquivos de programas\Internet Explorer\ie8props.propdesc
[2009/03/08 03:35:04 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\iecompat.dll
[2013/04/16 19:26:06 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\iedvtool.dll
[2008/04/13 23:21:01 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\iedw.exe
[2013/04/16 19:26:19 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\ieproxy.dll
[2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
[2010/04/27 23:11:58 | 000,000,918 | ---- | M] () -- C:\Arquivos de programas\Internet Explorer\iexplore.exe.exp.log
[2009/03/08 13:33:36 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe.mui
[2013/04/16 19:26:26 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\jsdbgui.dll
[2009/03/08 03:35:02 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\jsdebuggeride.dll
[2009/03/08 03:35:04 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\JSProfilerCore.dll
[2009/03/08 03:35:12 | 000,233,984 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\jsprofilerui.dll
[2009/01/07 17:20:18 | 000,355,832 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\pdm.dll
[2009/01/07 17:20:54 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\sqmapi.dll
[2013/04/16 19:26:49 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\xpshims.dll
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >
"SavedLegacySettings" = 46 00 00 00 D7 43 01 00 09 00 00 00 1A 00 00 00 63 68 61 73 71 75 65 70 72 6F 78 79 2E 75 66 72 67 73 2E 62 72 3A 33 31 32 38 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 E0 7B 21 2A A0 47 CE 01 01 00 00 00 C0 A8 01 F8 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 FE 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 B4 52 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 77 00 77 00 77 00 2E 00 73 00 77 00 65 00 65 00 74 00 69 00 6D 00 2E 00 63 00 6F 00 6D 00 00 00 03 A8 02 00 00 00 00 00 C0 00 00 00 00 00 00 46 02 00 00 00 11 00 00 00 02 00 00 00 06 00 00 00 00 00 00 00  [Binary data over 200 bytes]
"DefaultConnectionSettings" = 46 00 00 00 C9 47 00 00 09 00 00 00 1A 00 00 00 63 68 61 73 71 75 65 70 72 6F 78 79 2E 75 66 72 67 73 2E 62 72 3A 33 31 32 38 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 E0 7B 21 2A A0 47 CE 01 01 00 00 00 C0 A8 01 F8 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 FE 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 B4 52 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 77 00 77 00 77 00 2E 00 73 00 77 00 65 00 65 00 74 00 69 00 6D 00 2E 00 63 00 6F 00 6D 00 00 00 03 A8 02 00 00 00 00 00 C0 00 00 00 00 00 00 46 02 00 00 00 11 00 00 00 02 00 00 00 06 00 00 00 00 00 00 00  [Binary data over 200 bytes]
"ibest" = 3C 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [binary data]
"iG" = 3C 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [binary data]
"Terra" = 3C 00 00 00 03 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [binary data]
"teste" = 46 00 00 00 4D 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [binary data]
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations >
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments >
 
< HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\System32\CTFMON.EXE -- [2008/04/13 23:20:54 | 000,015,360 | ---- | M] (Microsoft Corporation)
 
< HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP >
 
< HKCU\Software\Microsoft\Internet Explorer\Downloads >
 
< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
 
< MD5 for: SERVICES  >
[2003/04/30 09:00:00 | 000,006,953 | ---- | M] () MD5=89ABDE406B847C6C8B4BEAA1E0B42BEE -- C:\WINDOWS\system32\drivers\etc\services
 
< MD5 for: SERVICES.DAT  >
[2013/04/22 00:04:55 | 000,001,720 | ---- | M] () MD5=43C1700D78D89F0B1F6FA88FD132BE1A -- C:\JRT\services.dat
 
< MD5 for: SERVICES.EXE  >
[2009/02/09 08:17:04 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=38867483E0CB504BB8F277E05729881E -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009/02/09 07:08:21 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=96D7D86D3AA68A57BBE835441DC23107 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/09 08:25:05 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=C52DEB6D8CD4B096BF1A9EC001F36507 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/09 08:25:05 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=C52DEB6D8CD4B096BF1A9EC001F36507 -- C:\WINDOWS\erdnt\cache\services.exe
[2009/02/09 08:25:05 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=C52DEB6D8CD4B096BF1A9EC001F36507 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/09 08:25:05 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=C52DEB6D8CD4B096BF1A9EC001F36507 -- C:\WINDOWS\system32\services.exe
[2004/08/04 09:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=CC73C4430C2FC27FDE16A0A4E3678148 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2004/08/04 00:45:42 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=CC73C4430C2FC27FDE16A0A4E3678148 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe
[2009/02/09 06:53:30 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=E64296F1D45C776FAC6EE8F89EF3C303 -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2008/04/13 23:21:17 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=EE7999BAACA84CFAA03726E677EE2A33 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2008/04/13 23:21:17 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=EE7999BAACA84CFAA03726E677EE2A33 -- C:\WINDOWS\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\services.exe
 
< MD5 for: SERVICES.MOCHIADS.COM.SOL  >
[2013/01/05 12:56:15 | 000,000,336 | ---- | M] () MD5=715A22502B7190B5CA811F0DD3207BDC -- C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WK3VCT3J\mochiads.com\services.mochiads.com.sol
 
< MD5 for: SERVICES.MSC  >
[2004/08/04 09:00:00 | 000,033,074 | ---- | M] () MD5=420018D54146F64F42AC7D60525549F3 -- C:\WINDOWS\system32\services.msc
 
< MD5 for: SERVICES.RDB  >
[2005/10/21 11:00:54 | 003,178,496 | ---- | M] () MD5=61E89F352F7EAFFD5AC9F15E347F9593 -- C:\Arquivos de programas\OpenOffice.org1.1.0\program\services.rdb
 
< End of report >
 

Arquivo(s) anexado(s)



#10
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.786 posts

Olá,

1)

Selecione estas linhas dentro do CODE, clique com o direito sobre a seleção e escolha a opção copiar

OBS: Certifique-se de copiar começando pela letra e sinal de dois pontos ": O" de OTL.
 

:OTL
PRC - [2013/06/01 21:34:53 | 000,424,104 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) -- C:\Arquivos de programas\WinZipper\winzipersvc.exe
PRC - [2013/06/01 21:34:31 | 000,420,008 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) -- C:\Arquivos de programas\Omiga Plus\omigaplusSvc.exe
SRV - [2013/06/01 21:34:53 | 000,424,104 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) [Auto | Running] -- C:\Arquivos de programas\WinZipper\winzipersvc.exe -- (winzipersvc)
SRV - [2013/06/01 21:34:31 | 000,420,008 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) [Auto | Running] -- C:\Arquivos de programas\Omiga Plus\omigaplusSvc.exe -- (omigaplussvc)
[2013/01/03 02:28:58 | 000,003,269 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\Web Search.xml
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\findlyrics@findlyrics.co: C:\Arquivos de programas\FindLyrics\FF\ [2013/06/04 12:15:50 | 000,000,000 | ---D | M]
CHR - Extension: DealPly  Shopping = C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\hggpkhijoeadmdfmlbdepfbngmhaldci\3.5.0.0_0\
CHR - Extension: FindLyrics = C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\jmhhdaimhfblnamlcdijbaakkifakade\1.111_0\
O2 - BHO: (DealPly Shopping) - {a6c63b7f-2171-47fa-ab34-e64c4737169d} - C:\Arquivos de programas\DealPly\DealPlyIE.dll (DealPly)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
[2013/06/04 12:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sergio Miguel\Menu Iniciar\Programas\DealPly
[2013/06/04 12:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Dealply
[2013/06/04 12:15:53 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\DealPly
[2013/06/04 12:15:50 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\FindLyrics
[2013/06/01 21:34:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\WinZipper
[2013/06/01 21:34:56 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\WinZipper
[2013/06/01 21:34:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Omiga Plus
[2013/06/01 21:34:33 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Omiga Plus
[2013/06/05 17:38:19 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\FindLyrics Update.job

:Files
Type C:\ComboFix.txt /c
ipconfig /flushdns /c

:Reg
[HKEY_USERS\S-1-5-21-2484910839-4182779374-2056553284-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dealply" =-

:Commands
[createrestorepoint]
[purity]
[emptytemp]

Execute o OTL.exe

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).
Clique no botão BotaoConsertar.png

O programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

2)

Poste um novo log do HijackThis.



#11
Jean Rodrigo

Jean Rodrigo

    Novato

  • Novato
  • Pip
  • 8 posts
All processes killed
========== OTL ==========
No active process named winzipersvc.exe was found!
No active process named omigaplusSvc.exe was found!
Service winzipersvc stopped successfully!
Service winzipersvc deleted successfully!
C:\Arquivos de programas\WinZipper\winzipersvc.exe moved successfully.
Service omigaplussvc stopped successfully!
Service omigaplussvc deleted successfully!
C:\Arquivos de programas\Omiga Plus\omigaplusSvc.exe moved successfully.
C:\Arquivos de programas\Mozilla Firefox\searchplugins\Web Search.xml moved successfully.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\findlyrics@findlyrics.co deleted successfully.
C:\Arquivos de programas\FindLyrics\FF\chrome\content folder moved successfully.
C:\Arquivos de programas\FindLyrics\FF\chrome folder moved successfully.
C:\Arquivos de programas\FindLyrics\FF folder moved successfully.
C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\hggpkhijoeadmdfmlbdepfbngmhaldci\3.5.0.0_0\images folder moved successfully.
C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\hggpkhijoeadmdfmlbdepfbngmhaldci\3.5.0.0_0 folder moved successfully.
C:\Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\jmhhdaimhfblnamlcdijbaakkifakade\1.111_0 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a6c63b7f-2171-47fa-ab34-e64c4737169d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6c63b7f-2171-47fa-ab34-e64c4737169d}\ deleted successfully.
C:\Arquivos de programas\DealPly\DealPlyIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
C:\Documents and Settings\Sergio Miguel\Menu Iniciar\Programas\DealPly folder moved successfully.
C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Dealply\UpdateProc folder moved successfully.
C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Dealply folder moved successfully.
C:\Arquivos de programas\DealPly folder moved successfully.
C:\Arquivos de programas\FindLyrics folder moved successfully.
C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\WinZipper folder moved successfully.
C:\Arquivos de programas\WinZipper folder moved successfully.
C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Omiga Plus\wp folder moved successfully.
C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Omiga Plus\sysicons folder moved successfully.
C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Omiga Plus\icons folder moved successfully.
C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Omiga Plus\app\temp folder moved successfully.
C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Omiga Plus\app folder moved successfully.
C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Omiga Plus folder moved successfully.
C:\Arquivos de programas\Omiga Plus folder moved successfully.
C:\WINDOWS\tasks\FindLyrics Update.job moved successfully.
========== FILES ==========
< Type C:\ComboFix.txt /c >
ComboFix 13-06-01.01 - Sergio Miguel 01/06/2013  23:59:52.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.55.1046.18.2047.1337 [GMT -3:00]
Executando de: c:\documents and settings\Sergio Miguel\Meus documentos\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\arquivos de programas\DealPly
c:\arquivos de programas\DealPly\DealPly.crx
c:\arquivos de programas\DealPly\DealPly.xpi
c:\arquivos de programas\DealPly\DealPlyIE.dll
c:\arquivos de programas\DealPly\DealPlyIE64.dll
c:\arquivos de programas\DealPly\DealPlyUpdate.exe
c:\arquivos de programas\DealPly\DealPlyUpdateRun.exe
c:\arquivos de programas\DealPly\DealPlyUpdateVer.exe
c:\arquivos de programas\DealPly\icon.ico
c:\arquivos de programas\DealPly\uninst.exe
c:\arquivos de programas\SSearch
c:\arquivos de programas\SSearch\search.ico
c:\documents and settings\All Users\Dados de aplicativos\1doc2pdf.dll
c:\documents and settings\All Users\Dados de aplicativos\8a4c7d53df58b731a2e8903316062a5e_c
c:\documents and settings\All Users\Dados de aplicativos\pdfdoc2.dll
c:\documents and settings\All Users\Dados de aplicativos\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Sergio Miguel\Meus documentos\~WRL0001.tmp
c:\documents and settings\Sergio Miguel\Meus documentos\~WRL0005.tmp
c:\documents and settings\Sergio Miguel\Meus documentos\~WRL0131.tmp
c:\documents and settings\Sergio Miguel\Meus documentos\~WRL0476.tmp
c:\documents and settings\Sergio Miguel\Meus documentos\~WRL1267.tmp
c:\documents and settings\Sergio Miguel\Meus documentos\~WRL3625.tmp
c:\documents and settings\Sergio Miguel\WINDOWS
c:\windows\htmCache
c:\windows\htmCache\orknome.html
c:\windows\htmCache\orktmp.html
c:\windows\IsUn0416.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\0f99be05ccad0023.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\2ec064dc4ac3deaa.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\3dc47d6a5f99bbac.fb
c:\windows\system32\Cache\463ed403f6680c64.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\79197bdf4e99d507.fb
c:\windows\system32\Cache\8683393e52a04eb3.fb
c:\windows\system32\Cache\9628cbdcfe61645f.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\c78df12d5a4ddda2.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d28df8e41c5557c7.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\SET253.tmp
c:\windows\system32\SET255.tmp
c:\windows\system32\SET263.tmp
c:\windows\system32\SET2A.tmp
c:\windows\system32\SET2A1.tmp
c:\windows\system32\SET2A6.tmp
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2013-05-02 to 2013-06-02  ))))))))))))))))))))))))))))
.
.
2013-06-02 01:11 . 2013-04-04 17:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-02 01:10 . 2013-06-02 01:10 -------- d-----w- c:\documents and settings\Sergio Miguel\Dados de aplicativos\Dealply
2013-06-02 00:59 . 2013-06-02 00:59 -------- d-----w- c:\windows\ERUNT
2013-06-02 00:58 . 2013-06-02 00:58 -------- d-----w- C:\JRT
2013-06-02 00:34 . 2013-06-02 00:34 -------- d-----w- c:\arquivos de programas\WinZipper
2013-06-02 00:34 . 2013-06-02 00:34 -------- d-----w- c:\documents and settings\Sergio Miguel\Dados de aplicativos\WinZipper
2013-06-02 00:34 . 2013-06-02 02:59 -------- d-----w- c:\arquivos de programas\Omiga Plus
2013-06-02 00:34 . 2013-06-02 01:00 -------- d-----w- c:\documents and settings\Sergio Miguel\Dados de aplicativos\Omiga Plus
2013-06-02 00:27 . 2013-06-02 00:27 -------- d-----w- c:\arquivos de programas\Plus-HD-2.2
2013-05-15 00:39 . 2013-05-15 00:59 -------- d-----w- c:\documents and settings\Sergio Miguel\.thumbnails
2013-05-15 00:38 . 2013-05-15 00:38 -------- d-----w- c:\documents and settings\Sergio Miguel\Configurações locais\Dados de aplicativos\fontconfig
2013-05-15 00:37 . 2013-05-15 03:22 -------- d-----w- c:\documents and settings\Sergio Miguel\.gimp-2.8
2013-05-15 00:37 . 2013-05-15 00:37 -------- d-----w- c:\documents and settings\Sergio Miguel\Configurações locais\Dados de aplicativos\gegl-0.2
2013-05-15 00:09 . 2013-05-15 00:12 -------- d-----w- c:\arquivos de programas\GIMP 2
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-02 00:34 . 2011-06-11 03:58 421032 ----a-w- c:\windows\system32\msvcp100.dll
2013-06-02 00:34 . 2011-06-11 03:58 773800 ----a-w- c:\windows\system32\msvcr100.dll
2013-05-15 23:16 . 2013-02-22 20:32 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 23:16 . 2013-02-22 20:32 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-16 22:26 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:26 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:26 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:30 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-04-12 14:01 . 2004-08-04 12:00 1876480 ----a-w- c:\windows\system32\win32k.sys
2013-04-11 06:18 . 2011-07-11 04:14 302368 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-03-08 08:36 . 2004-08-04 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2004-08-04 12:00 2197632 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 15:56 . 2004-08-04 00:40 2074240 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Sergio Miguel\Dados de aplicativos\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Sergio Miguel\Dados de aplicativos\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Sergio Miguel\Dados de aplicativos\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Sergio Miguel\Dados de aplicativos\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"Facebook Update"="c:\documents and settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"Omiga Plus"="c:\arquivos de programas\Omiga Plus\omigaplus.exe" [2013-06-02 1077416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTBatteryMeter"="c:\arquivos de programas\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 49152]
"USB Storage Toolbox"="c:\arquivos de programas\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]
"Easy-PrintToolBox"="c:\arquivos de programas\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]
"AVG_TRAY"="c:\arquivos de programas\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"WinLogT"="c:\windows\WinLogT.exe" [2006-03-30 500224]
"SplashDisplayer"="c:\windows\system32\ISTHTB.EXE" [2004-09-23 643072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-01-03 126976]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2011-06-09 254696]
"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avgbrasil...4&ver=10.0.1187" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Sergio Miguel\Menu Iniciar\Programas\Inicializar\
Dropbox.lnk - c:\documents and settings\Sergio Miguel\Dados de aplicativos\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [N/A]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0c:\arquiv~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"AVG Security Toolbar Service"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Arquivos de programas\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Documents and Settings\\Sergio Miguel\\Configurações locais\\Dados de aplicativos\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Documents and Settings\\Sergio Miguel\\Dados de aplicativos\\Dropbox\\bin\\Dropbox.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Arquivos de programas\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Arquivos de programas\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/4/2012 04:50 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [11/7/2011 01:13 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [11/7/2011 01:13 250080]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/7/2011 01:14 302368]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [3/9/2012 23:14 26984]
R2 avgwd;Watchdog do AVG;c:\arquivos de programas\AVG\AVG2012\avgwdsvc.exe [14/2/2012 04:53 193288]
R2 CS_INST_DRV;CS_INST_DRV;c:\windows\system32\drivers\csinstdrv.sys [23/9/2004 20:46 4096]
R2 MBAMScheduler;MBAMScheduler;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe [1/6/2013 22:11 418376]
R2 MBAMService;MBAMService;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe [1/6/2013 22:11 701512]
R2 omigaplussvc;Omiga plus service;c:\arquivos de programas\Omiga Plus\omigaplusSvc.exe [1/6/2013 21:34 420008]
R2 winzipersvc;WinZiper service;c:\arquivos de programas\WinZipper\winzipersvc.exe [1/6/2013 21:34 424104]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 13:32 142176]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23/12/2011 13:32 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 13:32 17232]
R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [12/9/2004 09:45 8320]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/6/2013 22:11 22856]
S0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys --> c:\windows\system32\drivers\360HookOem.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/12/2007 16:06 691696]
S2 AVGIDSAgent;AVGIDSAgent;c:\arquivos de programas\AVG\AVG2012\avgidsagent.exe [2/11/2012 02:51 5174392]
S2 GF0003;GASIA GF0003 Filter Driver;c:\windows\system32\drivers\GF0003.sys [21/12/2007 15:47 9216]
S3 hwmobile;Huawei FP Handset USB Modem and USB Serial;c:\windows\system32\drivers\hwusbser.sys [30/8/2011 20:33 106624]
S3 PAC207;D-Link DSB-C120 PC Camera;c:\windows\system32\drivers\PFC027.sys [27/5/2005 14:57 162304]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [16/9/2010 23:38 47360]
S4 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe --> c:\arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [?]
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-22 23:16]
.
2013-05-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2484910839-4182779374-2056553284-1008Core.job
- c:\documents and settings\Sergio Miguel\Configura [2012-09-14 03:15]
.
2013-06-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2484910839-4182779374-2056553284-1008UA.job
- c:\documents and settings\Sergio Miguel\Configura [2012-09-14 03:15]
.
2013-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-01-06 13:33]
.
2013-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-01-06 13:33]
.
2013-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2484910839-4182779374-2056553284-1008Core.job
- c:\documents and settings\Sergio Miguel\Configura [2012-09-14 03:15]
.
2013-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2484910839-4182779374-2056553284-1008UA.job
- c:\documents and settings\Sergio Miguel\Configura [2012-09-14 03:15]
.
2013-06-02 c:\windows\Tasks\Plus-HD-2.2-chromeinstaller.job
- c:\arquivos de programas\Plus-HD-2.2\Plus-HD-2.2-chromeinstaller.exe [2013-06-02 00:27]
.
2013-06-02 c:\windows\Tasks\Plus-HD-2.2-codedownloader.job
- c:\arquivos de programas\Plus-HD-2.2\Plus-HD-2.2-codedownloader.exe [2013-06-02 00:27]
.
2013-06-02 c:\windows\Tasks\Plus-HD-2.2-enabler.job
- c:\arquivos de programas\Plus-HD-2.2\Plus-HD-2.2-enabler.exe [2013-06-02 00:27]
.
2013-06-02 c:\windows\Tasks\Plus-HD-2.2-firefoxinstaller.job
- c:\arquivos de programas\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe [2013-06-02 00:27]
.
2013-06-02 c:\windows\Tasks\Plus-HD-2.2-updater.job
- c:\arquivos de programas\Plus-HD-2.2\Plus-HD-2.2-updater.exe [2013-06-02 00:27]
.
2013-06-02 c:\windows\Tasks\User_Feed_Synchronization-{673D5487-71F9-42F9-85DB-9C02E13F04E2}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 06:31]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = chasqueproxy.ufrgs.br:3128
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR
IE: Add to AMV Convert Tool... - c:\arquivos de programas\MP3 Player Utilities 3.79\AMVConverter\grab.html
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: Download with &MediaFairyPro - c:\arquivos de programas\Media Fairy Pro\hook.html
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: MediaManager tool grab multimedia file - c:\arquivos de programas\MP3 Player Utilities 3.79\MediaManager\grab.html
TCP: DhcpNameServer = 201.10.1.2 201.10.120.3
TCP: Interfaces\{155C0005-59E7-4B8C-A8AB-27A8FD85B996}: NameServer = 200.175.89.139,200.175.5.139
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
------- Associação de arquivos/ficheiros -------
.
.scr=AutoCADScriptFile
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-uTorrent - c:\arquivos de programas\uTorrent\uTorrent.exe
HKCU-Run-BitTorrent - c:\arquivos de programas\BitTorrent\BitTorrent.exe
HKCU-Run-Media Fairy Pro - c:\arquivos de programas\Media Fairy Pro\MediaFairyPro.exe
HKLM-Run-SMSERIAL - sm56hlpr.exe
HKLM-Run-ROC_roc_dec12 - c:\arquivos de programas\AVG Secure Search\ROC_roc_dec12.exe
HKLM-Run-ROC_ROC_JULY_P1 - c:\arquivos de programas\AVG Secure Search\ROC_ROC_JULY_P1.exe
AddRemove-DealPly - c:\arquivos de programas\DealPly\uninst.exe
AddRemove-SP_7958fada - c:\arquivos de programas\ZoomEx\uninstall.exe
AddRemove-Sweetpacks Bundle Uninstaller - c:\arquivos de programas\sweetpacks bundle uninstaller\uninstaller.exe
AddRemove-ZoomEx - c:\docume~1\ALLUSE~1\DADOSD~1\InstallMate\ZoomEx\Setup.exe
AddRemove-{92BEC238-55D8-AB35-49DE-1DFA495DE0CE} - c:\docume~1\ALLUSE~1\DADOSD~1\InstallMate\{92BEC238-55D8-AB35-49DE-1DFA495DE0CE}\Setup.exe
AddRemove-MediaGet - c:\documents and settings\Sergio Miguel\Configurações locais\Dados de aplicativos\MediaGet2\mediaget-uninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-02 00:08
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ... 
.
Procurando entradas auto inicializáveis ocultas ... 
.
Procurando ficheiros/arquivos ocultos ... 
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Tempo para conclusão: 2013-06-02  00:10:19
ComboFix-quarantined-files.txt  2013-06-02 03:10
.
Pré-execução: 25 pasta(s) 10.912.632.832 bytes disponíveis
Pós execução: 32 pasta(s) 12.294.881.280 bytes disponíveis
.
WindowsXP-KB310994-SP2-Home-BootDisk-PTB.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /noexecute=optin
.
- - End Of File - - 7016F9DD428CDE9A1E4F8EB8A074F701
C:\Documents and Settings\Sergio Miguel\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Sergio Miguel\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Configuração de IP do Windows
Liberação do cache do DNS Resolver bem-sucedida.
File delete failed. C:\Documents and Settings\Sergio Miguel\Desktop\cmd.bat scheduled to be deleted on reboot.
C:\Documents and Settings\Sergio Miguel\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry value HKEY_USERS\S-1-5-21-2484910839-4182779374-2056553284-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Dealply not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Sergio Miguel
->Temp folder emptied: 77160462 bytes
->Temporary Internet Files folder emptied: 19336051 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1403319 bytes
->Google Chrome cache emptied: 256223664 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3273364 bytes
%systemroot%\System32 .tmp files removed: 2969 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 71521 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 341,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06062013_104953
 
Files\Folders moved on Reboot...
C:\Documents and Settings\Sergio Miguel\Desktop\cmd.bat moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 

Arquivo(s) anexado(s)



#12
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.786 posts

Desative temporiariamente seu AntiVirus  

  • Segure o botão Ctrl e clique neste link para abrir o ESET Online Scanner em uma nova janela.
  • Clique neste botão: j9Byf.png?1
  • Para navegadores alternativos: (Caso use o Internet Explorer, pule esta etapa)esetsmartinstaller_enu.png
    • Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Intaller. Salve-o em seu desktop.
    • Duplo clique no ícone em seu desktop.
  • Marque "YES, I accept the Terms of Use."
  • Clique em Start.
  • Aceite qualquer aviso de segurança de seu browser.
  • Em scan settings, marque "Scan Archives" e "Remove found threats"
  • Clique em Advanced settings e marque o seguinte:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas.
  • Quando o scan terminar, clique em List Threats
  • Copie e cole o conteúdo em sua próxima resposta. Obs: Se nada for encontrado, nenhum log será gerado.
  • Clique em Back.
  • Clique em Finish.

Poste também um novo log do HijackThis.



#13
Jean Rodrigo

Jean Rodrigo

    Novato

  • Novato
  • Pip
  • 8 posts
C:\Arquivos de programas\intellidownload\torrent.exe Win32/BundleInstaller application cleaned by deleting - quarantined
C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Mozilla\Firefox\Profiles\3k4wfgxr.default\extensions\50ce5c1a4ef30@50ce5c1a4ef69.com\content\bg.js Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\Documents and Settings\Sergio Miguel\Dados de aplicativos\Mozilla\Firefox\Profiles\3k4wfgxr.default\extensions\plugin@startsearcher.com\content\sudoku.js Win32/StartSearcher application cleaned by deleting - quarantined
C:\Documents and Settings\Sergio Miguel\Desktop\malwarebytes-anti-malware-17501300-baixaki-32-bits.exe Win32/InstallCore.BL application cleaned by deleting - quarantined
C:\Documents and Settings\Sergio Miguel\Meus documentos\COPAGAZ - SERGIO\SoftonicDownloader_para_intellicad-2001-standard.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Arquivos de programas\DealPly\DealPlyIE.dll.vir a variant of Win32/DealPly.B application cleaned by deleting - quarantined
C:\System Volume Information\_restore{744E99C1-12B1-47D8-AF69-E6161B443D0C}\RP636\A0243622.exe Win32/InstalleRex.J application cleaned by deleting - quarantined
C:\System Volume Information\_restore{744E99C1-12B1-47D8-AF69-E6161B443D0C}\RP649\A0246550.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\System Volume Information\_restore{744E99C1-12B1-47D8-AF69-E6161B443D0C}\RP649\A0246554.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\System Volume Information\_restore{744E99C1-12B1-47D8-AF69-E6161B443D0C}\RP649\A0246555.ini Win32/Adware.MultiPlug.F application cleaned by deleting - quarantined
C:\System Volume Information\_restore{744E99C1-12B1-47D8-AF69-E6161B443D0C}\RP649\A0246575.dll a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\System Volume Information\_restore{744E99C1-12B1-47D8-AF69-E6161B443D0C}\RP649\A0246577.exe probably a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\System Volume Information\_restore{744E99C1-12B1-47D8-AF69-E6161B443D0C}\RP649\A0246584.dll Win32/BrowserCompanion.B application cleaned by deleting - quarantined
C:\System Volume Information\_restore{744E99C1-12B1-47D8-AF69-E6161B443D0C}\RP649\A0246586.dll Win32/BrowserCompanion.C application cleaned by deleting - quarantined
C:\System Volume Information\_restore{744E99C1-12B1-47D8-AF69-E6161B443D0C}\RP649\A0246587.dll Win32/BrowserCompanion.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{744E99C1-12B1-47D8-AF69-E6161B443D0C}\RP649\A0246625.dll Win32/Toolbar.Funmoods application cleaned by deleting - quarantined
C:\System Volume Information\_restore{744E99C1-12B1-47D8-AF69-E6161B443D0C}\RP649\A0246677.dll Win32/Toolbar.CrossRider application cleaned by deleting - quarantined
C:\System Volume Information\_restore{744E99C1-12B1-47D8-AF69-E6161B443D0C}\RP649\A0246683.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{744E99C1-12B1-47D8-AF69-E6161B443D0C}\RP649\A0246684.dll Win32/SProtector.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{744E99C1-12B1-47D8-AF69-E6161B443D0C}\RP649\A0246764.exe Win32/BrowserCompanion application cleaned by deleting - quarantined
C:\System Volume Information\_restore{744E99C1-12B1-47D8-AF69-E6161B443D0C}\RP649\A0246797.exe a variant of Win32/ELEX.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{744E99C1-12B1-47D8-AF69-E6161B443D0C}\RP649\A0246800.msi a variant of Win32/Toolbar.Linkury.A application deleted - quarantined
C:\System Volume Information\_restore{744E99C1-12B1-47D8-AF69-E6161B443D0C}\RP649\A0246801.exe a variant of Win32/Toolbar.Linkury.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{744E99C1-12B1-47D8-AF69-E6161B443D0C}\RP649\A0246804.msi multiple threats deleted - quarantined
C:\System Volume Information\_restore{744E99C1-12B1-47D8-AF69-E6161B443D0C}\RP649\A0246811.msi multiple threats deleted - quarantined
C:\System Volume Information\_restore{744E99C1-12B1-47D8-AF69-E6161B443D0C}\RP649\A0246843.dll Win32/BrowserCompanion.E application cleaned by deleting - quarantined
C:\System Volume Information\_restore{744E99C1-12B1-47D8-AF69-E6161B443D0C}\RP649\A0246845.exe Win32/BrowserCompanion.F application cleaned by deleting - quarantined
C:\System Volume Information\_restore{744E99C1-12B1-47D8-AF69-E6161B443D0C}\RP649\A0247954.dll a variant of Win32/DealPly.B application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06062013_104953\C_Arquivos de programas\DealPly\DealPlyIE.dll a variant of Win32/DealPly.B application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06062013_104953\C_Arquivos de programas\FindLyrics\chrome.crx Win32/Adware.AddLyrics.F application deleted - quarantined
C:\_OTL\MovedFiles\06062013_104953\C_Arquivos de programas\FindLyrics\FF\chrome\content\main.js Win32/Adware.AddLyrics.F application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06062013_104953\C_Documents and Settings\Sergio Miguel\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\jmhhdaimhfblnamlcdijbaakkifakade\1.111_0\contentscript.js Win32/Adware.AddLyrics.F application cleaned by deleting - quarantined
 

Arquivo(s) anexado(s)



#14
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.786 posts

Olá,

 

O problema inicial persiste?



#15
Jean Rodrigo

Jean Rodrigo

    Novato

  • Novato
  • Pip
  • 8 posts

Olá, Omiga plus, Winzziper e Dealply saíram, mas tem um Baidu PC Faster que se instalou entre esse processo todo. Não sei se esse é um malvare.



#16
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.786 posts

Bom dia.

 

Olá, Omiga plus, Winzziper e Dealply saíram, mas tem um Baidu PC Faster que se instalou entre esse processo todo. Não sei se esse é um malvare.

http://www.baixaki.c...u-pc-faster.htm

 

Se não utiliza, desinstale pelo painel de controle.

 

Para finalizar:

  • Execute o OTL.exe

    Clique no botão Botao_Limpeza_OTL.png.
  • Faça o Download do CCleaner
    • Instale o programa
    • Clique em Registro > procurar erros > corrigir erros selecionados.
    • Depois, clique em Limpador > analisar > executar limpeza.
  • iconjava.png Atualize o Java. Versões antigas têm vunerabilidades que alguns malwares podem usar para infectar seu sistema.
    • Faça download da última versão do Java SE 7u21.
    • Clique em JRE Download
    • Marque a caixa Accept License Agreement..
    • Clique no link para download Windows x86 Offline 30.2 MB jre-7u21-windows-i586.exe e salve no seu desktop.
    • Feche qualquer programa que esteja executando, especialmente navegadores.
    • Vá em Iniciar > Painel de Controle duplo clique em Adicionar ou Remover Programas e remova todas as versões antigas do Java.
      Exemplos de versões antigas
      Java 2 Runtime Environment, SE v1.4.2
      J2SE Runtime Environment 5.0
      J2SE Runtime Environment 5.0 Update 6
    • Selecione qualquer item com nome Java Runtime Environment (JRE ou J2SE).
    • Clique no botão Remover ou Alterar/Remover.
    • Repita quantas vezes for necessária para remover cada versão do Java.
    • Reincie seu computador uma vez que todas as versões do Java tenham sido removidas.
    • Agora vá no seu desktop, clique duas vezes em jre-7u21-windows-i586.exe para instalar a mais nova versão.
    • ATENÇÃO: Desmarque a caixa de instalação da ASK Toolbar.
  • iconadobe.png  Atualize o Adobe Reader. Versões antigas têm vulnerabilidades que são exploradas por malwares.

    Clique aqui e instale a mais nova versão.
  • iconflash.png Mantenha o Flash Player atualizado. Versões antigas também têm vulnerabilidades que são exploradas por malwares. Clique aqui e instale a mais nova versão.
  • worm.pngWorms USB (vírus de pendrive) podem infectar qualquer tipo de dispositivo de armazenamento removível (pendrives, mp3, mp4, celulares, cartões de memória, câmeras fotográficas). Este tipo de malware explora um recurso nativo do Windows chamado Autorun, ou Autoplay (é aquele assistente que aparece quando você insere um cd ou pendrive, perguntando com qual programa você deseja abri-lo). O Autoplay precisa de um arquivo chamado autorun.inf para funcionar.

    Mantenha um cópia limpa e protegida do arquivo autorun.inf em todos os dispositivos removíveis e em todas as unidades do sistema. Deste modo, se acaso você plugar o seu pendrive em algum pc infectado, o malware não vai conseguir sobreescrever o arquivo pré-existente. Mas ainda assim ele poderá copiar seus executáveis maliciosos para o pendrive, tais como .EXE, .SCR, .CMD, .PIF, .BAT, .COM.
    Se você plugar este pendrive em uma máquina limpa e executar algum desses arquivos maliciosos, esse sistema será infectado da mesma forma. Portanto, tenha cuidado e use o bom senso.

    Para criar um arquivo autorun.inf protegido no Windows XP:

    Faça o download do Flash_Disinfector.exe e salve na sua área de trabalho.
    • Conecte todos os dispositivos de armazenamento removível nas portas USBs. Salve o que achar necessário, EXCETO arquivos executáveis, depois formate as mídias, indo em Meu Computador e clicando com o direito sobre a unidade da mídia, escolhendo a opção "Formatar"
    • Execute o Flash_Disinfector.exe.
    • Vá seguindo os prompts que poderão aparecer.
    • Espere até que o programa conclua a busca e depois saia do programa.
    Para Windows Vista e 7: Panda USB Vaccine
  • TFC_icon.pngPara manutenção de sistema, remoção de arquivos temporários e inválidos, baixe TFC, by OldTimer.

    Feche TODOS os programas e execute o TFC. Clique no botão Start e aguarde. Sua área de trabalho irá desaparecer, não se preocupe, isso faz parte do processo.

    Tenha paciência, conforme a quantidade de dados a serem excluídos, o processo pode demorar mais de 2 minutos.

    Quando terminar, você será solicitado a reiniciar seu computador. REINICIE.

    Caso não lhe seja solicitado, reinicie manualmente.
  • iconwu.pngVisite o Windows Update regularmente e verifique por atualizações.
    Novas brechas de segurança são descobertas com freqüência. Muitos malwares exploram essas brechas, infectando sistemas sem depender de nenhuma ação do usuário. A Microsoft corrige essas brechas através das atualizações.
    Por isso é fundamental manter o seu sistema atualizado.
  • Desative e ative novamente a Restauração do Sistema.
  • Aprenda alguns cuidados e dicas para manter seu computador limpo. Leia o artigo Proteja seu pc:
    http://linhadefensiv...proteja-seu-pc/
  • Se não há mais nenhum problema relacionado a malwares, clique no botão denunld.png e peça para fecharem seu tópico.

Se você tiver alguma dúvida relacionada a informática e tecnologia, sinta-se à vontade para postar em qualquer área do forum Linha Defensiva.

Abraço. :legal:



#17
netcriptus

netcriptus

    Coordenador de Moderação

  • Coordenador
  • 1.846 posts
PROBLEMA RESOLVIDO
 
Caso queira solicitar a reabertura do tópico, utilize o botão Denunciar para entrar em contato com a moderação.

Nota: Somente o autor pode realizar essa solicitação na área Remoção de Malware.
Linha Defensiva no Twitter!
Imagem Postada
Sorria, você está sendo Googlado.