Ir para conteúdo

Foto

Não consigo retirar a pagina "portal dos sites"


Este tópico foi arquivado. Isto significa que você não pode mais responder ao tópico.
16 respostas neste tópico

#1
Mica Ventura

Mica Ventura

    Novato

  • Novato
  • Pip
  • 8 posts

Não consigo retirar como pagina inicial o site www.portaldosites.com

Arquivo(s) anexado(s)



#2
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 56.600 posts

Mica Ventura,

 

NÃO tente realizar sozinho nenhum procedimento de limpeza. Em especial, não execute por conta própria ferramentas utilizadas no fórum Remoção de Malware. O uso indevido de algumas ferramentas poderá danificar o seu computador ou, no mínimo, remover parcialmente os sinais de uma infecção que serviriam de informação ao analista. A equipe não será responsabilizada por consequências resultantes de uso indevido e/ou não-informado das ferramentas. - Regra nº8 da Remoção de Malwares

Poste um novo log do Hijackthis.

Por favor, observe o seguinte:

  • Não utilize softwares que não foram indicado.
  • Não inicie novo tópico sobre esse problema. Poste suas respostas sempre neste tópico.
  • Clique em Seguir este tópico, segutpld.png,
    para que receba notificação por e-mail quando o mesmo for respondido.
    Você também pode verificar os tópicos assinados usando a opção Conteúdo que sigo acessível através do Painel de Controle do fórum.
  • As análises podem levar algum tempo, portanto seja paciente.
  • As instruções são específicas para o seu computador, e devem ser aplicadas somente nele.
  • Se algo der errado, não importa. Sempre acompanhe seu tópico, informando-me dos resultados, até que seu computador esteja limpo.
  • Aviso: Evite utilizar as tags <QUOTE> ou <CODE> nos logs, isso prejudica a leitura na hora da analise.
  • Por favor, não abandone seu tópico. Para nós é importante saber se a remoção foi bem sucedida.
  • Se você não receber uma resposta minha em até 5 dias. Me envie uma Mensagem Privada (MP)


** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#3
Mica Ventura

Mica Ventura

    Novato

  • Novato
  • Pip
  • 8 posts

Não consigo enviar dois erros que surgem durante o escaneamento que printei e colei no word...

Arquivo(s) anexado(s)



#4
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 56.600 posts

Mica Ventura,

 

1)

Baixe o AdwCleaner e salve no desktop.
http://general-chang...de/2-adwcleaner

Execute o arquivo adwcleaner.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo adwcleaner.exe, depois clique em execadmin.png.

Clique em Remover.

Abrirá um bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.

2)

 

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe 1268r49.png e salve no desktop.

Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

*** Usuários do Windows Vista ou Windows 7 Clique com o direito sobre o arquivo JRT.exe, depois clique em execadmin.png.

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

3)

 

Baixe o Malwarebytes' Anti-Malware (MBAM)
http://malwarebytes....am-download.php

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, com o programa aberto,  marque Verificação Rápida e clique no botão Verificar.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  • Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  • Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  • Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta, juntamente com um novo log do HijackThis.
NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Em caso de dúvidas, leia o tutorial do programa:
http://linhadefensiv...showtopic=75554


** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#5
Mica Ventura

Mica Ventura

    Novato

  • Novato
  • Pip
  • 8 posts
# AdwCleaner v2.303 - Relatório criado em 29/06/2013 às 19:17:26
# Atualizado em 08/06/2013 por Xplode
# Sistema Operacional : Windows 7 Starter Service Pack 1 (32 bits)
# Usuário : agatha - AGATHA-STI
# Modo de Boot : Normal
# Executado de : C:\Users\agatha\Downloads\adwcleaner.exe
# Opção [Verificar]
 
 
***** [Serviços] *****
 
Encontrado : eSafeSvc
 
***** [Arquivos/Pastas] *****
 
Arquivo Encontrado : C:\user.js
Arquivo Infected : C:\Users\agatha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( arg. : hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686)
Arquivo Infected : C:\Users\agatha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk ( arg. : hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686)
Arquivo Infected : C:\Users\agatha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk ( arg. : hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686)
Arquivo Infected : C:\Users\agatha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk ( arg. : hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686)
Arquivo Infected : C:\Users\agatha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( arg. : hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686)
Arquivo Infected : C:\Users\agatha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( arg. : hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686)
Arquivo Infected : C:\Users\agatha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( arg. : hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686)
Arquivo Infected : C:\Users\agatha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( arg. : hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686)
Arquivo Infected : C:\Users\agatha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( arg. : hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686)
Arquivo Infected : C:\Users\agatha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( arg. : hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686)
Arquivo Infected : C:\Users\agatha\Desktop\Google Chrome.lnk ( arg. : hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686)
Pasta Encontrado : C:\Program Files\Claro
Pasta Encontrado : C:\Program Files\DealPly
Pasta Encontrado : C:\Program Files\FindLyrics
Pasta Encontrado : C:\Program Files\Search Results Toolbar
Pasta Encontrado : C:\ProgramData\Babylon
Pasta Encontrado : C:\ProgramData\boost_interprocess
Pasta Encontrado : C:\ProgramData\Browser Manager
Pasta Encontrado : C:\ProgramData\eSafe
Pasta Encontrado : C:\Users\agatha\AppData\Local\Babylon
Pasta Encontrado : C:\Users\agatha\AppData\Local\Ilivid
Pasta Encontrado : C:\Users\agatha\AppData\Local\Zoom_Downloader
Pasta Encontrado : C:\Users\agatha\AppData\LocalLow\Conduit
Pasta Encontrado : C:\Users\agatha\AppData\LocalLow\searchresultstb
Pasta Encontrado : C:\Users\agatha\AppData\Roaming\Babylon
Pasta Encontrado : C:\Users\agatha\AppData\Roaming\Claro
Pasta Encontrado : C:\Users\agatha\AppData\Roaming\eIntaller
 
***** [Registro] *****
 
Chave Encontrada : HKCU\Software\AppDataLow\Software\Conduit
Chave Encontrada : HKCU\Software\AppDataLow\Software\SmartBar
Chave Encontrada : HKCU\Software\Conduit
Chave Encontrada : HKCU\Software\InstallCore
Chave Encontrada : HKLM\Software\Babylon
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Chave Encontrada : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Chave Encontrada : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Chave Encontrada : HKLM\SOFTWARE\Classes\Prod.cap
Chave Encontrada : HKLM\Software\Conduit
Chave Encontrada : HKLM\Software\Desksvc
Chave Encontrada : HKLM\Software\eSafeSecControl
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSafeSecControl
Chave Encontrada : HKLM\Software\portaldositesSoftware
Chave Encontrada : HKLM\Software\V9
Dados Encontrada : HKLM\...\StartMenuInternet\Google Chrome [(Default)] = "C:\Users\agatha\AppData\Local\Google\Chrome\Application\chrome.exe" hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686
Dados Encontrada : HKLM\...\StartMenuInternet\IEXPLORE.EXE [(Default)] = C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686
 
***** [Navegadores] *****
 
-\\ Internet Explorer v10.0.9200.16611
 
[HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.portaldosites.com/web/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=3735617
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - CustomizeSearch] = hxxp://search.portaldosites.com/web/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=3735617
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686
 
-\\ Google Chrome v27.0.1453.116
 
Arquivo : C:\Users\agatha\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] Arquivo está limpo.
 
*************************
 
AdwCleaner[R1].txt - [7573 octets] - [29/06/2013 19:17:26]
 
########## EOF - C:\AdwCleaner[R1].txt - [7633 octets] ##########


#6
Mica Ventura

Mica Ventura

    Novato

  • Novato
  • Pip
  • 8 posts

Apos reiniciar o note:

 

# AdwCleaner v2.303 - Relatório criado em 29/06/2013 às 19:21:40
# Atualizado em 08/06/2013 por Xplode
# Sistema Operacional : Windows 7 Starter Service Pack 1 (32 bits)
# Usuário : agatha - AGATHA-STI
# Modo de Boot : Normal
# Executado de : C:\Users\agatha\Downloads\adwcleaner.exe
# Opção [Remover]
 
 
***** [Serviços] *****
 
Encerrado & Removido : eSafeSvc
 
***** [Arquivos/Pastas] *****
 
Arquivo Désinfected : C:\Users\agatha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Arquivo Désinfected : C:\Users\agatha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Arquivo Désinfected : C:\Users\agatha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk
Arquivo Désinfected : C:\Users\agatha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Arquivo Désinfected : C:\Users\agatha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Arquivo Désinfected : C:\Users\agatha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Arquivo Désinfected : C:\Users\agatha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Arquivo Désinfected : C:\Users\agatha\Desktop\Google Chrome.lnk
Arquivo Removido : C:\user.js
Pasta Removido : C:\Program Files\Claro
Pasta Removido : C:\Program Files\DealPly
Pasta Removido : C:\Program Files\FindLyrics
Pasta Removido : C:\Program Files\Search Results Toolbar
Pasta Removido : C:\ProgramData\Babylon
Pasta Removido : C:\ProgramData\boost_interprocess
Pasta Removido : C:\ProgramData\Browser Manager
Pasta Removido : C:\ProgramData\eSafe
Pasta Removido : C:\Users\agatha\AppData\Local\Babylon
Pasta Removido : C:\Users\agatha\AppData\Local\Ilivid
Pasta Removido : C:\Users\agatha\AppData\Local\Zoom_Downloader
Pasta Removido : C:\Users\agatha\AppData\LocalLow\Conduit
Pasta Removido : C:\Users\agatha\AppData\LocalLow\searchresultstb
Pasta Removido : C:\Users\agatha\AppData\Roaming\Babylon
Pasta Removido : C:\Users\agatha\AppData\Roaming\Claro
Pasta Removido : C:\Users\agatha\AppData\Roaming\eIntaller
 
***** [Registro] *****
 
Chave Removida : HKCU\Software\AppDataLow\Software\Conduit
Chave Removida : HKCU\Software\AppDataLow\Software\SmartBar
Chave Removida : HKCU\Software\Conduit
Chave Removida : HKCU\Software\InstallCore
Chave Removida : HKLM\Software\Babylon
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Chave Removida : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Chave Removida : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Chave Removida : HKLM\SOFTWARE\Classes\Prod.cap
Chave Removida : HKLM\Software\Conduit
Chave Removida : HKLM\Software\Desksvc
Chave Removida : HKLM\Software\eSafeSecControl
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSafeSecControl
Chave Removida : HKLM\Software\portaldositesSoftware
Chave Removida : HKLM\Software\V9
Dados Removida : HKLM\...\StartMenuInternet\Google Chrome [(Default)] = "C:\Users\agatha\AppData\Local\Google\Chrome\Application\chrome.exe" hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686
Dados Removida : HKLM\...\StartMenuInternet\IEXPLORE.EXE [(Default)] = C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686
 
***** [Navegadores] *****
 
-\\ Internet Explorer v10.0.9200.16611
 
Substituído : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686 --> hxxp://www.google.com
Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.portaldosites.com/web/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=3735617 --> hxxp://www.google.com
Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - CustomizeSearch] = hxxp://search.portaldosites.com/web/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=3735617 --> hxxp://www.google.com
Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686 --> hxxp://www.google.com
Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686 --> hxxp://www.google.com
 
-\\ Google Chrome v27.0.1453.116
 
Arquivo : C:\Users\agatha\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] Arquivo está limpo.
 
*************************
 
AdwCleaner[R1].txt - [7702 octets] - [29/06/2013 19:17:26]
AdwCleaner[S1].txt - [5804 octets] - [29/06/2013 19:21:40]
 
########## EOF - C:\AdwCleaner[S1].txt - [5864 octets] ##########


#7
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 56.600 posts

Mica Ventura,

 

Ok, porém faltou seguir os passos 2 e 3.


** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#8
Mica Ventura

Mica Ventura

    Novato

  • Novato
  • Pip
  • 8 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Starter x86
Ran by agatha on 30/06/2013 at 20:32:53,38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30/06/2013 at 20:42:46,45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#9
Mica Ventura

Mica Ventura

    Novato

  • Novato
  • Pip
  • 8 posts

 Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org
 
Versão da Base de Dados:  v2013.06.30.07
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16618
agatha :: AGATHA-STI [limitado]
 
Proteção: Permitir
 
30/06/2013 20:51:46
mbam-log-2013-06-30 (20-51-46).txt
 
Tipo de Verificação:  Verificação Rápida 
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados:  211232
Tempo decorrido: 18 minuto(s), 43 segundo(s)
 
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
 
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
 
Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Valores de Registro Detectadas: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: c:\users\agatha\dxbzelik.exe -> Enviado para a Quarentena e deletado com sucesso.
 
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Arquivos Detectados: 3
C:\Users\agatha\AppData\Roaming\AudioCard\AudioCard.exe (Trojan.BitcoinMiner) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\agatha\Downloads\DownloadManager_Setup.exe (PUP.Bundle.Installer.OI) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\agatha\AppData\Roaming\AudioCard\vAudioCard.exe (Backdoor.Agent) -> Enviado para a Quarentena e deletado com sucesso.
 
(fim)

Logfile of HijackThis v1.99.1
Scan saved at 21:25:22, on 30/06/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Unable to get Internet Explorer version!
 
Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Ares\Ares.exe
C:\Users\agatha\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\agatha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\agatha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\agatha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\agatha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\agatha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\agatha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\agatha\Downloads\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oquefazernainternet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oquefazernainternet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oquefazer...ternet.com/q/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Lyrics Bot - {FFB4EE06-DF84-4AC9-8682-237847AB69BD} - C:\Program Files\LyricsBot\116.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [uTorrent] "C:\Users\agatha\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix: 
O17 - HKLM\System\CCS\Services\Tcpip\..\{C955522F-2BC7-4B14-AEC7-C5AD56915B1A}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - c:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton Internet Security (NIS) - Unknown owner - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe" /s "NIS" /m "C:\Program Files\Norton Internet Security\Engine\18.7.2.3\diMaster.dll" /prefetch:1 (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files\Scpad\scpVista.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)


#10
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 56.600 posts

Mica Ventura,

 

Baixe OTL by OldTimer, e salve na sua área de trabalho.

Clique com o direito sobre o arquivo OTL.exe, depois clique em execadmin.png.

Onde diz Saída, marque Padrão
Marque também estas opções:

  • Data de Criação -> mude para 90 dias
  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity
Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar


CREATERESTOREPOINT
%SYSTEMDRIVE%\*.*
%systemdrive%\drivers\*.* /s
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.com
%systemroot%\*.scr
%PROGRAMFILES%\*.*
%LOCALAPPDATA%\*.exe
%LOCALAPPDATA%\*.txt
%LOCALAPPDATA%\*.ini
%LOCALAPPDATA%\*.dll
%LOCALAPPDATA%\*.dat
%USERPROFILE%\*.exe
%USERPROFILE%\*.txt
%USERPROFILE%\*.ini
%USERPROFILE%\*.dll
%USERPROFILE%\*.dat /30
%systemroot%\system32\tasks\*.* /s
%windir%\tasks\*.* /s
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP
HKCU\Software\Microsoft\Internet Explorer\Downloads
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Licensing Core
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Google\Chrome
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService
net user /c
/md5start
termsrv.dll
termsrv.dll.bak
/md5stop
%systemdrive%\$Recycle.Bin|@;true;true;true /fp


Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão verif.png

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt
Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.
Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.


** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#11
Mica Ventura

Mica Ventura

    Novato

  • Novato
  • Pip
  • 8 posts
OTL logfile created on: 07/07/2013 20:26:20 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\agatha\Downloads
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
1,60 Gb Total Physical Memory | 0,66 Gb Available Physical Memory | 41,04% Memory free
3,21 Gb Paging File | 1,30 Gb Available in Paging File | 40,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 292,33 Gb Total Space | 241,48 Gb Free Space | 82,61% Space Free | Partition Type: NTFS
 
Computer Name: AGATHA-STI | User Name: agatha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/07 20:24:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\agatha\Downloads\OTL.exe
PRC - [2013/06/29 18:41:14 | 001,045,072 | ---- | M] (BitTorrent Inc.) -- C:\Users\agatha\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2013/06/26 15:55:52 | 000,308,816 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2013/05/09 05:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 05:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/05/09 05:58:27 | 000,137,960 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/16 21:57:44 | 000,916,480 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\Ares.exe
PRC - [2012/11/22 23:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/05 12:08:08 | 000,368,544 | ---- | M] (Banco Bradesco S.A.) -- C:\Program Files\Scpad\scpVista.exe
PRC - [2011/04/16 21:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
PRC - [2011/04/04 09:03:46 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/04/04 09:03:46 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/30 22:43:20 | 000,284,160 | ---- | M] (Advanced Micro Devices, Inc.) -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2010/06/17 04:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) -- c:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/06/14 22:28:42 | 000,393,168 | ---- | M] () -- C:\Users\agatha\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
MOD - [2013/06/14 22:28:41 | 013,140,432 | ---- | M] () -- C:\Users\agatha\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
MOD - [2013/06/14 22:28:40 | 004,051,408 | ---- | M] () -- C:\Users\agatha\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll
MOD - [2013/06/14 22:27:51 | 000,599,504 | ---- | M] () -- C:\Users\agatha\AppData\Local\Google\Chrome\Application\27.0.1453.116\libglesv2.dll
MOD - [2013/06/14 22:27:50 | 000,124,368 | ---- | M] () -- C:\Users\agatha\AppData\Local\Google\Chrome\Application\27.0.1453.116\libegl.dll
MOD - [2013/06/14 22:27:48 | 001,597,392 | ---- | M] () -- C:\Users\agatha\AppData\Local\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll
MOD - [2013/05/23 09:59:54 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll
MOD - [2013/05/23 09:32:56 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll
MOD - [2013/05/23 09:31:27 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013/05/23 09:30:53 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll
MOD - [2013/05/23 09:29:35 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013/05/23 09:28:51 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013/02/14 21:53:29 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\78967b28f748b8807eaa97c1cb454adc\WindowsFormsIntegration.ni.dll
MOD - [2013/02/14 21:41:02 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/01/15 13:45:44 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/15 13:41:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/15 13:14:52 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/15 13:12:52 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/15 13:12:33 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/15 13:11:58 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/10/11 21:56:46 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/10/11 21:56:22 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/30 22:43:26 | 000,095,232 | ---- | M] () -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2010/11/30 22:31:22 | 000,243,712 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/11/20 23:32:47 | 000,241,664 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_pt-BR_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2010/11/20 23:32:42 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.resources.dll
MOD - [2010/11/20 23:32:40 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010/11/12 20:34:33 | 000,417,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010/11/12 20:34:31 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/06/18 18:33:15 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/09 05:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/05/09 05:58:27 | 000,137,960 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/08 11:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/05 12:08:08 | 000,368,544 | ---- | M] (Banco Bradesco S.A.) [Auto | Running] -- C:\Program Files\Scpad\scpVista.exe -- (scpVista)
SRV - [2011/04/16 21:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)
SRV - [2011/04/04 09:03:46 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/11/30 22:43:20 | 000,284,160 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2010/06/17 04:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- c:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV - [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva401.sys -- (XDva401)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva400.sys -- (XDva400)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva399.sys -- (XDva399)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2013/06/28 07:53:29 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/06/28 07:53:28 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/06/28 07:53:28 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/05/09 05:59:10 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/05/09 05:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 05:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 05:59:09 | 000,204,784 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2013/05/09 05:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 05:59:09 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013/05/09 05:59:08 | 000,104,752 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2013/05/09 05:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/13 15:01:58 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2012/11/16 16:09:34 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20121128.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/10/23 20:34:24 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20121106.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/09/13 14:33:27 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20121128.021\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/09/13 14:33:26 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20121128.021\NAVENG.SYS -- (NAVENG)
DRV - [2012/09/10 10:41:06 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2012/08/09 19:38:48 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/12/26 16:51:11 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 22:37:49 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symnets.sys -- (SymNetS)
DRV - [2011/04/04 09:04:40 | 000,190,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2011/04/04 09:04:38 | 001,015,328 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2011/04/04 09:03:48 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011/04/04 09:03:48 | 000,064,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_sata.sys -- (amd_sata)
DRV - [2011/04/04 09:03:48 | 000,035,968 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2011/04/04 09:03:48 | 000,032,384 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_xata.sys -- (amd_xata)
DRV - [2011/04/04 09:03:46 | 006,576,128 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/04/04 09:03:46 | 000,229,888 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/03/31 00:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\NIS\1207020.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/31 00:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\srtspx.sys -- (SRTSPX)
DRV - [2011/03/26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2011/03/26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2011/03/26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2011/03/26 10:37:12 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2011/03/14 23:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 03:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symds.sys -- (SymDS)
DRV - [2011/01/27 02:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\ironx86.sys -- (SymIRON)
DRV - [2010/11/20 18:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 18:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 18:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/02/18 08:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2010/01/14 08:04:04 | 000,106,496 | ---- | M] (ZD Secret Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZDDriver.sys -- (hwdatacard)
DRV - [2009/07/13 20:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/06/26 14:43:42 | 000,013,680 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\EMSC.sys -- (EMSC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oquefazernainternet.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{839CDFC2-3294-4C66-8C80-A726A69B2085}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.semptoshiba.com.br [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.oquefazernainternet.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.oquefazernainternet.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_pt-BRBR463
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\agatha\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\agatha\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\agatha\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\agatha\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\agatha\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\agatha\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\ [2012/02/22 09:47:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2 [2013/07/07 13:09:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lyricsBot@APDMT.net: C:\Program Files\LyricsBot\116.xpi [2013/06/30 20:14:43 | 000,004,962 | ---- | M] ()
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\agatha\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\agatha\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\agatha\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\agatha\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\agatha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Pesquisa do Google = C:\Users\agatha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Ad Blocker = C:\Users\agatha\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd\8.0_0\
CHR - Extension: avast! Online Security = C:\Users\agatha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: Lyrics Bot = C:\Users\agatha\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjaoindegekegaeihocoidchhbgilbd\1.116_0\
CHR - Extension: Night Time In New York City = C:\Users\agatha\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnimonidkipnhnpgkhgliocfnnpgkhek\1.2_0\
CHR - Extension: Gmail = C:\Users\agatha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 18:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (ssh2 Class) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll (Banco Bradesco S.A.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Lyrics Bot) - {FFB4EE06-DF84-4AC9-8682-237847AB69BD} - C:\Program Files\LyricsBot\116.dll (APDMT LTD)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O4 - HKCU..\Run: [uTorrent] C:\Users\agatha\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.127.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{622D14F1-05ED-4908-8044-C756B084E797}: DhcpNameServer = 192.168.127.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C955522F-2BC7-4B14-AEC7-C5AD56915B1A}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE30E200-F7CF-427F-A2E3-FCD811D1FFFB}: DhcpNameServer = 200.169.117.222 200.169.117.221
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll (Banco Bradesco S.A.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{225b2c48-947c-11e2-b7af-b870f46cc874}\Shell - "" = AutoRun
O33 - MountPoints2\{225b2c48-947c-11e2-b7af-b870f46cc874}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{225b2c69-947c-11e2-b7af-b870f46cc874}\Shell - "" = AutoRun
O33 - MountPoints2\{225b2c69-947c-11e2-b7af-b870f46cc874}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{5e081778-c89f-11e2-af69-b870f46cc874}\Shell - "" = AutoRun
O33 - MountPoints2\{5e081778-c89f-11e2-af69-b870f46cc874}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{5e0817a4-c89f-11e2-af69-b870f46cc874}\Shell - "" = AutoRun
O33 - MountPoints2\{5e0817a4-c89f-11e2-af69-b870f46cc874}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{634937d1-c3a9-11e2-9215-b870f46cc874}\Shell - "" = AutoRun
O33 - MountPoints2\{634937d1-c3a9-11e2-9215-b870f46cc874}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{634937dd-c3a9-11e2-9215-b870f46cc874}\Shell - "" = AutoRun
O33 - MountPoints2\{634937dd-c3a9-11e2-9215-b870f46cc874}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{7483229d-85d3-11e1-9347-b870f46cc874}\Shell - "" = AutoRun
O33 - MountPoints2\{7483229d-85d3-11e1-9347-b870f46cc874}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{7483229f-85d3-11e1-9347-b870f46cc874}\Shell - "" = AutoRun
O33 - MountPoints2\{7483229f-85d3-11e1-9347-b870f46cc874}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{7b4fc4e2-94de-11e2-99e1-b870f46cc874}\Shell - "" = AutoRun
O33 - MountPoints2\{7b4fc4e2-94de-11e2-99e1-b870f46cc874}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{8d23299d-85b2-11e1-aa58-207c8f5bef3b}\Shell - "" = AutoRun
O33 - MountPoints2\{8d23299d-85b2-11e1-aa58-207c8f5bef3b}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{8d2329a5-85b2-11e1-aa58-207c8f5bef3b}\Shell - "" = AutoRun
O33 - MountPoints2\{8d2329a5-85b2-11e1-aa58-207c8f5bef3b}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{8e1783dd-85d1-11e1-ab17-b870f46cc874}\Shell - "" = AutoRun
O33 - MountPoints2\{8e1783dd-85d1-11e1-ab17-b870f46cc874}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{8e1783df-85d1-11e1-ab17-b870f46cc874}\Shell - "" = AutoRun
O33 - MountPoints2\{8e1783df-85d1-11e1-ab17-b870f46cc874}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{91f59358-2f35-11e1-acfb-b870f46cc874}\Shell - "" = AutoRun
O33 - MountPoints2\{91f59358-2f35-11e1-acfb-b870f46cc874}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{91f59398-2f35-11e1-acfb-b870f46cc874}\Shell - "" = AutoRun
O33 - MountPoints2\{91f59398-2f35-11e1-acfb-b870f46cc874}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{a120fefc-c957-11e2-a64a-b870f46cc874}\Shell - "" = AutoRun
O33 - MountPoints2\{a120fefc-c957-11e2-a64a-b870f46cc874}\Shell\AutoRun\command - "" = D:\Windows/AutoRun.exe
O33 - MountPoints2\{b1c40abc-c8a8-11e2-aca5-b870f46cc874}\Shell - "" = AutoRun
O33 - MountPoints2\{b1c40abc-c8a8-11e2-aca5-b870f46cc874}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{b3e57d28-c474-11e2-97d4-b870f46cc874}\Shell - "" = AutoRun
O33 - MountPoints2\{b3e57d28-c474-11e2-97d4-b870f46cc874}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{c2755f9f-6f10-11e2-be99-b870f46cc874}\Shell - "" = AutoRun
O33 - MountPoints2\{c2755f9f-6f10-11e2-be99-b870f46cc874}\Shell\AutoRun\command - "" = D:\LGAutoRun.exe
O33 - MountPoints2\{d065b523-c3a3-11e2-900d-b870f46cc874}\Shell - "" = AutoRun
O33 - MountPoints2\{d065b523-c3a3-11e2-900d-b870f46cc874}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{dc0bdcfd-a23a-11e2-a17b-b870f46cc874}\Shell - "" = AutoRun
O33 - MountPoints2\{dc0bdcfd-a23a-11e2-a17b-b870f46cc874}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Windows/AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 90 Days ==========
 
[2013/06/30 20:47:30 | 000,000,000 | ---D | C] -- C:\Users\agatha\AppData\Roaming\Malwarebytes
[2013/06/30 20:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/30 20:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/06/30 20:46:58 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/06/30 20:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/06/30 20:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\LyricsBot
[2013/06/29 19:53:20 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/06/29 19:52:57 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/29 18:39:41 | 000,000,000 | ---D | C] -- C:\Users\agatha\AppData\Roaming\uTorrent
[2013/06/29 17:56:25 | 000,000,000 | ---D | C] -- C:\Users\agatha\Desktop\iPhone 4 GSM iOS 7 Beta 1
[2013/06/29 09:15:12 | 000,000,000 | ---D | C] -- C:\Users\agatha\AppData\Roaming\Mozilla
[2013/06/27 12:33:42 | 000,000,000 | ---D | C] -- C:\Users\agatha\Desktop\HijackThis
[2013/06/27 11:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/06/27 11:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/06/27 11:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/06/27 11:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/06/27 11:23:16 | 000,204,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2013/06/27 11:23:14 | 000,104,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2013/06/27 11:23:06 | 000,021,576 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2013/06/27 11:22:45 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2013/06/27 11:16:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2013/06/27 11:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/06/27 10:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/06/27 10:13:07 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/06/27 10:13:03 | 000,369,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/06/27 10:12:54 | 000,061,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/06/27 10:12:52 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/06/27 10:12:50 | 000,770,344 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/06/27 10:12:25 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/06/27 10:12:23 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/06/27 10:10:51 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/06/27 10:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/06/27 10:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/06/27 09:59:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/06/27 09:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/06/18 19:06:00 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/05/31 17:43:46 | 000,000,000 | ---D | C] -- C:\Users\agatha\AppData\Roaming\AudioCard
[2013/05/30 17:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\LyricsOn
[2013/05/30 16:32:14 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbser6k.sys
[2013/05/30 16:32:14 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbnmea.sys
[2013/05/30 16:32:14 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys
[2013/05/30 16:32:13 | 000,009,216 | ---- | C] (MBB Incorporated) -- C:\Windows\System32\drivers\massfilter.sys
[2013/05/30 16:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\InstallAffixationInfo
[2013/05/30 16:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Claro 3G
[2013/05/30 16:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\Claro 3G
[2013/05/29 22:46:00 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/05/29 17:40:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3G HSDPA Modem
[2013/05/29 17:40:44 | 000,106,496 | ---- | C] (ZD Secret Incorporated) -- C:\Windows\System32\drivers\ZDDriver.sys
[2013/05/22 23:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/05/22 23:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/05/02 23:09:32 | 000,000,000 | ---D | C] -- C:\Users\agatha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
[2013/05/02 23:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2013/05/02 23:09:25 | 000,000,000 | ---D | C] -- C:\Users\agatha\Documents\VirtualDJ
 
========== Files - Modified Within 90 Days ==========
 
[2013/07/07 20:32:02 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/07 20:04:15 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\Lyrics Bot Update.job
[2013/07/07 20:01:01 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/07 19:51:01 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3748968780-484442121-3243865611-1001UA.job
[2013/07/07 18:07:11 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3748968780-484442121-3243865611-1001UA.job
[2013/07/07 15:51:02 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3748968780-484442121-3243865611-1001Core.job
[2013/07/07 15:07:04 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3748968780-484442121-3243865611-1001Core.job
[2013/07/07 13:17:20 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/07 13:17:20 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/07 13:08:28 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/07 13:07:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/07 13:07:37 | 1292,029,952 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/06 20:00:50 | 000,668,070 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2013/07/06 20:00:50 | 000,620,150 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/06 20:00:50 | 000,130,306 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2013/07/06 20:00:50 | 000,108,332 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/30 20:47:16 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/29 19:49:32 | 000,001,501 | ---- | M] () -- C:\Users\agatha\Desktop\Google Chrome.lnk
[2013/06/29 18:41:18 | 000,000,841 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2013/06/29 18:28:02 | 000,022,468 | ---- | M] () -- C:\Users\agatha\Documents\iPhone 4 GSM iOS 7 Beta 1.torrent
[2013/06/29 14:31:24 | 000,088,717 | ---- | M] () -- C:\Users\agatha\Documents\PAPILOSCOPIA.pdf
[2013/06/29 14:31:07 | 003,686,400 | ---- | M] () -- C:\Users\agatha\Documents\classificacao.pdf
[2013/06/28 07:53:29 | 000,175,176 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/06/28 07:53:29 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/28 07:53:28 | 000,770,344 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/06/28 07:53:28 | 000,369,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/06/28 07:53:28 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/28 07:53:28 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/27 11:41:53 | 000,412,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/06/27 11:37:49 | 000,001,956 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/06/27 11:26:46 | 000,001,720 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/06/27 11:23:03 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/06/27 11:16:52 | 000,001,970 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/06/27 10:16:06 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\Ares.lnk
[2013/06/27 09:59:41 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/06/27 07:14:43 | 006,459,589 | ---- | M] () -- C:\Users\agatha\Documents\pericia.rtf
[2013/06/19 13:46:51 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2013/06/18 19:04:50 | 000,000,017 | ---- | M] () -- C:\Users\agatha\AppData\Local\resmon.resmoncfg
[2013/05/31 11:14:14 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
[2013/05/30 19:07:19 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/05/30 16:31:38 | 000,001,638 | ---- | M] () -- C:\Users\Public\Desktop\Claro 3G.lnk
[2013/05/22 23:35:49 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/05/09 05:59:10 | 000,061,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/05/09 05:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/05/09 05:59:10 | 000,049,376 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/05/09 05:59:09 | 000,204,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2013/05/09 05:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/05/09 05:59:09 | 000,021,576 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2013/05/09 05:59:08 | 000,104,752 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2013/05/09 05:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/05/09 05:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/05/09 05:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/05/02 23:09:34 | 000,001,011 | ---- | M] () -- C:\Users\agatha\Desktop\VirtualDJ Home FREE.lnk
 
========== Files Created - No Company Name ==========
 
[2013/06/30 20:47:16 | 000,001,034 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/30 20:14:43 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\Lyrics Bot Update.job
[2013/06/29 18:41:17 | 000,000,841 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2013/06/29 18:29:20 | 000,022,468 | ---- | C] () -- C:\Users\agatha\Documents\iPhone 4 GSM iOS 7 Beta 1.torrent
[2013/06/29 14:31:24 | 000,088,717 | ---- | C] () -- C:\Users\agatha\Documents\PAPILOSCOPIA.pdf
[2013/06/29 14:31:07 | 003,686,400 | ---- | C] () -- C:\Users\agatha\Documents\classificacao.pdf
[2013/06/28 07:53:29 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/28 07:53:29 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/28 07:53:29 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/27 11:37:49 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/06/27 11:37:49 | 000,001,956 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/06/27 11:26:45 | 000,001,720 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/06/27 11:16:51 | 000,001,970 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/06/27 10:16:05 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\Ares.lnk
[2013/06/27 10:12:47 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/06/27 10:12:41 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/06/27 09:59:38 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/06/27 07:14:42 | 006,459,589 | ---- | C] () -- C:\Users\agatha\Documents\pericia.rtf
[2013/06/19 13:46:51 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2013/06/18 19:04:50 | 000,000,017 | ---- | C] () -- C:\Users\agatha\AppData\Local\resmon.resmoncfg
[2013/05/31 11:14:14 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
[2013/05/30 19:07:19 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/05/30 16:31:18 | 000,001,638 | ---- | C] () -- C:\Users\Public\Desktop\Claro 3G.lnk
[2013/05/22 23:35:49 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/05/02 23:09:34 | 000,001,011 | ---- | C] () -- C:\Users\agatha\Desktop\VirtualDJ Home FREE.lnk
[2013/03/04 22:10:28 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/07/01 18:09:39 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/01/17 17:32:34 | 000,016,384 | ---- | C] () -- C:\Users\agatha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/02 19:25:09 | 000,169,656 | ---- | C] () -- C:\Users\agatha\Agatha Ventura Bruna Meirelles_02_01_2012@20_13_34.wav
[2012/01/02 16:46:59 | 000,380,856 | ---- | C] () -- C:\Users\agatha\Agatha Ventura_02_01_2012@17_45_43.wav
 
========== ZeroAccess Check ==========
 
[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 01:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 18:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/06/30 21:12:04 | 000,000,000 | ---D | M] -- C:\Users\agatha\AppData\Roaming\AudioCard
[2012/11/16 22:59:42 | 000,000,000 | ---D | M] -- C:\Users\agatha\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/12/23 12:03:23 | 000,000,000 | ---D | M] -- C:\Users\agatha\AppData\Roaming\GuiaMultimidia
[2013/07/07 20:47:52 | 000,000,000 | ---D | M] -- C:\Users\agatha\AppData\Roaming\uTorrent
[2013/04/30 22:59:40 | 000,000,000 | ---D | M] -- C:\Users\agatha\AppData\Roaming\VIVO INTERNET
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2012/06/01 21:38:36 | 352,913,637 | ---- | M] () -- C:\A.L6nd8.D8s.Gu5rdi6e7.Dubl2d).rmvb
[2013/06/29 19:19:14 | 000,007,702 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2013/06/29 19:43:10 | 000,005,933 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2012/03/16 16:35:22 | 357,867,931 | ---- | M] () -- C:\Amanhecer Parte 1.rmvb
[2009/06/10 18:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/06/10 18:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2013/07/07 13:07:37 | 1292,029,952 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/07 13:07:45 | 1722,707,968 | -HS- | M] () -- C:\pagefile.sys
 
< %systemdrive%\drivers\*.* /s >
 
< %systemdrive%\drivers\*.exe >
 
< %systemroot%\system32\drivers\*.* /90 >
[2013/05/09 05:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswFsBlk.sys
[2013/05/09 05:59:08 | 000,104,752 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswFW.sys
[2013/05/09 05:59:09 | 000,021,576 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswKbd.sys
[2013/05/09 05:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswMonFlt.sys
[2013/05/09 05:59:09 | 000,204,784 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswNdis2.sys
[2013/05/09 05:59:10 | 000,061,680 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswRdr2.sys
[2013/05/09 05:59:10 | 000,049,376 | ---- | M] () -- C:\Windows\system32\drivers\aswRvrt.sys
[2013/06/28 07:53:28 | 000,770,344 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswSnx.sys
[2013/06/28 07:53:28 | 000,000,175 | ---- | M] () -- C:\Windows\system32\drivers\aswSnx.sys.sum
[2013/06/28 07:53:28 | 000,369,584 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswSP.sys
[2013/06/28 07:53:28 | 000,000,175 | ---- | M] () -- C:\Windows\system32\drivers\aswSP.sys.sum
[2013/05/09 05:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswTdi.sys
[2013/06/28 07:53:29 | 000,175,176 | ---- | M] () -- C:\Windows\system32\drivers\aswVmm.sys
[2013/06/28 07:53:29 | 000,000,175 | ---- | M] () -- C:\Windows\system32\drivers\aswVmm.sys.sum
[2013/04/10 02:18:40 | 000,728,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\dxgkrnl.sys
[2013/04/10 02:18:40 | 000,218,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\dxgmms1.sys
[2013/05/31 11:14:14 | 000,000,000 | -H-- | M] () -- C:\Windows\system32\drivers\Msft_Kernel_netaapl_01009.Wdf
[2013/04/12 10:45:29 | 001,211,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ntfs.sys
[2013/05/08 02:38:00 | 001,293,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tcpip.sys
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/10 18:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.com >
[2009/07/14 01:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\*.scr >
[2013/05/09 05:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/03/08 18:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
 
< %PROGRAMFILES%\*.* >
[2009/07/14 01:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
 
< %LOCALAPPDATA%\*.exe >
 
< %LOCALAPPDATA%\*.txt >
 
< %LOCALAPPDATA%\*.ini >
[2013/01/29 23:18:50 | 000,016,384 | ---- | M] () -- C:\Users\agatha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
< %LOCALAPPDATA%\*.dll >
 
< %LOCALAPPDATA%\*.dat >
[2013/06/27 09:57:47 | 000,110,048 | ---- | M] () -- C:\Users\agatha\AppData\Local\GDIPFONTCACHEV1.DAT
 
< %USERPROFILE%\*.exe >
 
< %USERPROFILE%\*.txt >
 
< %USERPROFILE%\*.ini >
[2011/12/23 12:02:36 | 000,000,020 | -HS- | M] () -- C:\Users\agatha\ntuser.ini
 
< %USERPROFILE%\*.dll >
 
< %USERPROFILE%\*.dat /30 >
[2013/07/07 20:49:17 | 005,242,880 | -HS- | M] () -- C:\Users\agatha\ntuser.dat
 
< %systemroot%\system32\tasks\*.* /s >
[2013/06/18 18:33:19 | 000,003,840 | ---- | M] () -- C:\Windows\system32\tasks\Adobe Flash Player Updater
[2013/07/07 12:06:04 | 000,004,182 | ---- | M] () -- C:\Windows\system32\tasks\avast! Emergency Update
[2013/06/27 09:59:50 | 000,002,774 | ---- | M] () -- C:\Windows\system32\tasks\CCleanerSkipUAC
[2013/06/27 09:57:22 | 000,003,378 | ---- | M] () -- C:\Windows\system32\tasks\Desk 365 RunAsStdUser
[2012/11/23 14:02:36 | 000,003,542 | ---- | M] () -- C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-3748968780-484442121-3243865611-1001Core
[2012/11/23 14:02:38 | 000,003,910 | ---- | M] () -- C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-3748968780-484442121-3243865611-1001UA
[2013/05/22 21:55:59 | 000,003,800 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore
[2013/05/22 21:56:00 | 000,004,052 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA
[2013/05/09 15:46:53 | 000,003,658 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-3748968780-484442121-3243865611-1001Core
[2013/05/09 15:46:55 | 000,004,054 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-3748968780-484442121-3243865611-1001UA
[2013/06/30 20:14:44 | 000,003,008 | ---- | M] () -- C:\Windows\system32\tasks\Lyrics Bot Update
[2012/04/13 23:18:03 | 000,003,118 | ---- | M] () -- C:\Windows\system32\tasks\{75042970-3597-478D-A044-EF0F0AE97A7F}
[2012/04/13 23:17:53 | 000,003,118 | ---- | M] () -- C:\Windows\system32\tasks\{9D4876B3-2AAB-41C2-AECA-1299DFB03A3D}
[2012/01/02 14:21:41 | 000,003,172 | ---- | M] () -- C:\Windows\system32\tasks\{EA7F0A25-89D8-4B00-AEE1-C85498890E5C}
[2012/05/05 14:16:16 | 000,003,366 | ---- | M] () -- C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate
[2011/12/25 00:23:45 | 000,004,742 | ---- | M] () -- C:\Windows\system32\tasks\Games\UpdateCheck_S-1-5-21-3748968780-484442121-3243865611-1001
[2013/07/07 13:17:24 | 000,003,856 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows Defender\MP Scheduled Scan
[2012/06/25 13:53:17 | 000,004,158 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
[2009/07/14 01:41:15 | 000,004,472 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
[2009/07/14 01:41:15 | 000,003,854 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
[2009/07/14 01:42:10 | 000,002,900 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter
[2009/07/14 01:42:10 | 000,003,790 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
[2009/07/14 01:41:45 | 000,003,458 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent
[2009/07/14 01:41:45 | 000,003,614 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater
[2009/07/14 01:37:26 | 000,003,026 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy
[2009/07/14 01:42:29 | 000,001,862 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask
[2009/07/14 01:41:10 | 000,004,130 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\CertificateServicesClient\SystemTask
[2009/07/14 01:41:10 | 000,003,868 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\CertificateServicesClient\UserTask
[2009/07/14 01:53:58 | 000,003,134 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam
[2009/07/14 01:42:29 | 000,002,934 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator
[2009/07/14 01:41:20 | 000,003,946 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask
[2009/07/14 01:41:47 | 000,003,598 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
[2009/07/14 01:46:36 | 000,003,886 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag
[2009/07/14 01:42:30 | 000,004,018 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Diagnosis\Scheduled
[2009/07/14 01:42:31 | 000,003,554 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications
[2013/02/16 22:49:54 | 000,004,084 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Maintenance\WinSAT
[2009/07/14 01:41:20 | 000,003,304 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector
[2009/07/14 01:41:20 | 000,003,510 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector
[2009/07/14 01:41:56 | 000,003,168 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove
[2009/07/14 01:42:30 | 000,002,602 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Multimedia\SystemSoundsService
[2009/07/14 01:42:09 | 000,002,044 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo
[2009/07/14 01:42:28 | 000,002,832 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor
[2009/07/14 01:41:30 | 000,003,752 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
[2009/07/14 01:42:30 | 000,004,370 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\RAC\RacTask
[2009/07/14 01:37:40 | 000,003,052 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Ras\MobilityManager
[2009/07/14 01:42:07 | 000,003,956 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Registry\RegIdleBackup
[2009/07/14 01:42:29 | 000,004,596 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
[2009/07/14 01:42:30 | 000,003,616 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Shell\WindowsParentalControls
[2009/07/14 01:54:03 | 000,003,912 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration
[2009/07/14 01:37:20 | 000,003,942 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
[2009/07/14 01:46:35 | 000,003,506 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR
[2009/07/14 01:41:33 | 000,002,614 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Task Manager\Interactive
[2009/07/14 01:41:09 | 000,003,950 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1
[2009/07/14 01:41:09 | 000,004,066 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2
[2009/07/14 01:41:29 | 000,002,978 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\TextServicesFramework\MsCtfMonitor
[2009/07/14 01:37:51 | 000,003,388 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime
[2009/07/14 01:37:30 | 000,001,730 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig
[2009/07/14 01:41:23 | 000,003,420 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\User Profile Service\HiveUploadTask
[2009/07/14 01:37:28 | 000,002,682 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\WDI\ResolutionHost
[2009/07/14 01:37:20 | 000,003,048 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting
[2009/07/14 01:37:44 | 000,003,290 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange
[2009/07/14 01:46:36 | 000,003,304 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary
[2010/11/20 18:00:52 | 000,004,330 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification
[2009/07/14 01:54:01 | 000,003,532 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2013/05/30 19:19:09 | 000,003,540 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Wininet\CacheTask
[2013/07/07 19:16:10 | 000,002,988 | ---- | M] () -- C:\Windows\system32\tasks\Symantec\Norton Error Analyzer 18.7.2.3
[2013/07/07 19:16:11 | 000,003,700 | ---- | M] () -- C:\Windows\system32\tasks\Symantec\Norton Error Processor 18.7.2.3
[2011/12/24 23:47:29 | 000,004,482 | ---- | M] () -- C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-3748968780-484442121-3243865611-1001
 
< %windir%\tasks\*.* /s >
[2013/07/07 20:32:02 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/07 15:07:04 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3748968780-484442121-3243865611-1001Core.job
[2013/07/07 18:07:11 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3748968780-484442121-3243865611-1001UA.job
[2013/07/07 13:08:28 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/07 20:01:01 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/07 15:51:02 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3748968780-484442121-3243865611-1001Core.job
[2013/07/07 19:51:01 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3748968780-484442121-3243865611-1001UA.job
[2013/07/07 20:04:15 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\Lyrics Bot Update.job
[2013/07/07 13:08:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2013/06/16 12:16:35 | 000,032,608 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >
"DefaultConnectionSettings" = 46 00 00 00 1B 03 00 00 01 00 00 00 00 00 00 00 07 00 00 00 2A 2E 6C 6F 63 61 6C 00 00 00 00 00 00 00 00 00 00 00 00 65 D8 6E 4D 62 10 CE 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 00 6E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 C0 A8 00 7B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [Binary data over 200 bytes]
"SavedLegacySettings" = 46 00 00 00 F1 16 00 00 01 00 00 00 00 00 00 00 07 00 00 00 2A 2E 6C 6F 63 61 6C 00 00 00 00 00 00 00 00 00 00 00 00 65 D8 6E 4D 62 10 CE 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 00 6E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 C0 A8 00 7B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [Binary data over 200 bytes]
"CLARO" = 46 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [binary data]
"Banda Larga 3G" = 46 00 00 00 07 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [binary data]
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations >
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments >
 
< HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s >
 
< HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP >
 
< HKCU\Software\Microsoft\Internet Explorer\Downloads >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings >
"EnablePunycode" = 1
"CodeBaseSearchPath" = CODEBASE
"WarnOnIntranet" = 1
"MinorVersion" = 0
"ActiveXCache" = C:\Windows\Downloaded Program Files -- [2012/05/12 17:15:21 | 000,000,000 | ---D | M]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ApprovedActiveXInstallSites]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\PluggableProtocols]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Unattend]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Url History]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings >
"EnablePunycode" = 1
"CodeBaseSearchPath" = CODEBASE
"WarnOnIntranet" = 1
"MinorVersion" = 0
"ActiveXCache" = C:\Windows\Downloaded Program Files -- [2012/05/12 17:15:21 | 000,000,000 | ---D | M]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ApprovedActiveXInstallSites]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\PluggableProtocols]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Unattend]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Url History]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server >
"RCDependentServices" = CertPropSvcSessionEnv [binary data]
"NotificationTimeOut" = 0
"SnapshotMonitors" = 1
"ProductVersion" = 5.1
"AllowRemoteRPC" = 0
"DelayConMgrTimeout" = 0
"fDenyTSConnections" = 1
"StartRCM" = 0
"TSAdvertise" = 0
"DeleteTempDirsOnExit" = 1
"fSingleSessionPerUser" = 1
"PerSessionTempDir" = 0
"TSUserEnabled" = 0
"InstanceID" = 694de1cf-3b4c-49ce-9258-33b374b
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\ConnectionHandler]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\KeyboardType Mapping]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SessionArbitrationHelper]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SysProcs]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\TerminalTypes]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\VIDEO]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations]
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Licensing Core >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon >
"ReportBootOk" = 1
"Shell" = explorer.exe -- [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
"PreCreateKnownFolders" = {A520A1A4-1780-4FF6-BD18-167343C5AF16}
"Userinit" = C:\Windows\system32\userinit.exe,
"VMApplet" = SystemPropertiesPerformance.exe /pagefile -- [2009/07/13 22:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation)
"AutoRestartShell" = 1
"Background" = 0 0 0
"CachedLogonsCount" = 10
"DebugServerCommand" = no
"ForceUnlockLogon" = 0
"LegalNoticeCaption" = 
"LegalNoticeText" = 
"PasswordExpiryWarning" = 5
"PowerdownAfterShutdown" = 0
"ShutdownWithoutLogon" = 0
"WinStationsDisabled" = 0
"DisableCAD" = 1
"scremoveoption" = 0
"ShutdownFlags" = 43
"AutoAdminLogon" = 0
"DefaultUserName" = agatha
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoLogonChecked]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services >
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client]
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa >
"auditbaseobjects" = 0
"auditbasedirectories" = 0
"crashonauditfail" = 0
"fullprivilegeauditing" =  [binary data]
"Bounds" = 0  [binary data]
"LimitBlankPasswordUse" = 1
"NoLmHash" = 1
"Notification Packages" = scecli [binary data] -- [2010/11/20 18:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation)
"Security Packages" = kerberosmsv1_0schannelwdigestt [Binary data over 200 bytes]
"Authentication Packages" = msv1_0 [binary data] -- [2010/11/20 18:29:20 | 000,257,024 | ---- | M] (Microsoft Corporation)
"LsaPid" = 628
"SecureBoot" = 1
"ProductType" = 11
"disabledomaincreds" = 0
"everyoneincludesanonymous" = 0
"forceguest" = 0
"restrictanonymous" = 0
"restrictanonymoussam" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Google\Chrome >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService >
"DisplayName" = @%SystemRoot%\System32\termsrv.dll,-268
"ImagePath" = %SystemRoot%\System32\svchost.exe -k NetworkService -- [2009/07/13 22:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\System32\termsrv.dll,-267
"ObjectName" = NT Authority\NetworkService
"ErrorControl" = 1
"Start" = 3
"Type" = 32
"DependOnService" = RPCSSTermDD [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeAssignPrimaryTokenPrivilegeSeAu [Binary data over 200 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 00 00 00 00 60 EA 00 00  [binary data]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService\Parameters]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService\Performance]
 
< net user /c >
Contas de usu rio para \\AGATHA-STI
-------------------------------------------------------------------------------
Administrador            agatha                   Convidado                
Comando conclu¡do com ˆxito.
 
< MD5 for: TERMSRV.DLL  >
[2010/11/20 18:29:19 | 000,521,216 | ---- | M] (Microsoft Corporation) MD5=382C804C92811BE57829D8E550A900E2 -- C:\Windows\System32\termsrv.dll
[2010/11/20 18:29:19 | 000,521,216 | ---- | M] (Microsoft Corporation) MD5=382C804C92811BE57829D8E550A900E2 -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_90a6abb3b286306d\termsrv.dll
 
< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
 
< End of report >

Arquivo(s) anexado(s)



#12
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 56.600 posts

Mica Ventura,

 

Selecione e copie o texto dentro do CODE, clique com o direito sobre a seleção e escolha a opção copiar:

OBS: Certifique-se de copiar começando pela letra e sinal de dois pontos ": O" de OTL.
 

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oquefazernainternet.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.oquefazernainternet.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.oquefazernainternet.com/
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lyricsBot@APDMT.net: C:\Program Files\LyricsBot\116.xpi [2013/06/30 20:14:43 | 000,004,962 | ---- | M] ()
CHR - Extension: Lyrics Bot = C:\Users\agatha\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjaoindegekegaeihocoidchhbgilbd\1.116_0\
O2 - BHO: (Lyrics Bot) - {FFB4EE06-DF84-4AC9-8682-237847AB69BD} - C:\Program Files\LyricsBot\116.dll (APDMT LTD)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
[2013/05/30 17:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\LyricsOn
[2013/07/07 20:04:15 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\Lyrics Bot Update.job
[2013/06/27 09:57:22 | 000,003,378 | ---- | M] () -- C:\Windows\system32\tasks\Desk 365 RunAsStdUser
[2013/06/30 20:14:44 | 000,003,008 | ---- | M] () -- C:\Windows\system32\tasks\Lyrics Bot Update

:Commands
[createrestorepoint]
[purity]
[emptytemp]

Clique com o direito sobre o arquivo OTL.exe, depois clique em execadmin.png.

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).

Clique no botão fixotl.png

O programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

 

Poste também um novo log do Hijackthis.


** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#13
Mica Ventura

Mica Ventura

    Novato

  • Novato
  • Pip
  • 8 posts
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lyricsBot@APDMT.net deleted successfully.
File C:\Program Files\LyricsBot\116.xpi [2013/06/30 20:14:43 | 000,004,962 | ---- | M] not found.
C:\Users\agatha\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjaoindegekegaeihocoidchhbgilbd\1.116_0 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFB4EE06-DF84-4AC9-8682-237847AB69BD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFB4EE06-DF84-4AC9-8682-237847AB69BD}\ deleted successfully.
C:\Program Files\LyricsBot\116.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
C:\Program Files\LyricsOn folder moved successfully.
C:\Windows\Tasks\Lyrics Bot Update.job moved successfully.
C:\Windows\System32\Tasks\Desk 365 RunAsStdUser moved successfully.
C:\Windows\System32\Tasks\Lyrics Bot Update moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
 
[EMPTYTEMP]
 
User: agatha
->Temp folder emptied: 979096 bytes
->Temporary Internet Files folder emptied: 672290 bytes
->Java cache emptied: 1383610 bytes
->Google Chrome cache emptied: 418038978 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 58078 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Todos os Usuários
 
User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 69176871 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 468,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 07132013_231142
 
Files\Folders moved on Reboot...
C:\Users\agatha\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...

Logfile of HijackThis v1.99.1
Scan saved at 23:27:52, on 13/07/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Unable to get Internet Explorer version!
 
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
C:\Users\agatha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\agatha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\agatha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\agatha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Users\agatha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\agatha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\agatha\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oquefazer...ternet.com/q/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [uTorrent] "C:\Users\agatha\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [Google Update] "C:\Users\agatha\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix: 
O17 - HKLM\System\CCS\Services\Tcpip\..\{C955522F-2BC7-4B14-AEC7-C5AD56915B1A}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - c:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton Internet Security (NIS) - Unknown owner - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe" /s "NIS" /m "C:\Program Files\Norton Internet Security\Engine\18.7.2.3\diMaster.dll" /prefetch:1 (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files\Scpad\scpVista.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)


#14
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 56.600 posts

Mica Ventura,

 

   Desative temporiariamente seu AntiVirus 

  • Utilize o Navegador Internet Explorer para utilizar o serviço!
  • Acesse o site    AQUI   
  • Faça o scan de acordo com a imagem abaixo:

    nWRSC.gif
  • Ao final da verificação clique em List of found threats, clique em Export to text file... e marque a caixa "Delete Quarantined files", clique em [FINISH]
    Será gerado um relatório, que estará em:

C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt

Poste esse log.


** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#15
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 56.600 posts
Tópico Arquivado

Como o autor não respondeu ao tópico por mais de 10 dias, o mesmo foi arquivado.

Caso você seja o autor do tópico e quer que o mesmo seja reaberto, envie uma mensagem privada para um moderador ou assistente com um link para este tópico e justifique porque você precisa dele reaberto.
** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#16
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 56.600 posts
TÓPICO REABERTO
 
Tópico reaberto de acordo com o pedido do autor.
** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#17
Felipe-rj

Felipe-rj

    Moderador

  • Moderador
  • 837 posts
Tópico Arquivado

Como o autor não respondeu ao tópico por mais de 10 dias, o mesmo foi arquivado.

Caso você seja o autor do tópico e quer que o mesmo seja reaberto, envie uma mensagem privada para um moderador ou assistente com um link para este tópico e justifique porque você precisa dele reaberto.