Mica Ventura

Não consigo retirar a pagina "portal dos sites"

17 posts neste tópico

Mica Ventura,

 

NÃO tente realizar sozinho nenhum procedimento de limpeza. Em especial, não execute por conta própria ferramentas utilizadas no fórum Remoção de Malware. O uso indevido de algumas ferramentas poderá danificar o seu computador ou, no mínimo, remover parcialmente os sinais de uma infecção que serviriam de informação ao analista. A equipe não será responsabilizada por consequências resultantes de uso indevido e/ou não-informado das ferramentas. - Regra nº8 da Remoção de Malwares

Poste um novo log do Hijackthis.

Por favor, observe o seguinte:

  • Não utilize softwares que não foram indicado.
  • Não inicie novo tópico sobre esse problema. Poste suas respostas sempre neste tópico.
  • Clique em Seguir este tópico, segutpld.png,
    para que receba notificação por e-mail quando o mesmo for respondido.
    Você também pode verificar os tópicos assinados usando a opção Conteúdo que sigo acessível através do Painel de Controle do fórum.
  • As análises podem levar algum tempo, portanto seja paciente.
  • As instruções são específicas para o seu computador, e devem ser aplicadas somente nele.
  • Se algo der errado, não importa. Sempre acompanhe seu tópico, informando-me dos resultados, até que seu computador esteja limpo.
  • Aviso: Evite utilizar as tags <QUOTE> ou <CODE> nos logs, isso prejudica a leitura na hora da analise.
  • Por favor, não abandone seu tópico. Para nós é importante saber se a remoção foi bem sucedida.
  • Se você não receber uma resposta minha em até 5 dias. Me envie uma Mensagem Privada (MP)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Mica Ventura,

 

1)

Baixe o AdwCleaner e salve no desktop.
http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

Execute o arquivo adwcleaner.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo adwcleaner.exe, depois clique em execadmin.png.

Clique em Remover.

Abrirá um bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.

2)

 

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe 1268r49.png e salve no desktop.

Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

*** Usuários do Windows Vista ou Windows 7 Clique com o direito sobre o arquivo JRT.exe, depois clique em execadmin.png.

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

3)

 

Baixe o Malwarebytes' Anti-Malware (MBAM)
http://malwarebytes.org/mbam-download.php

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, com o programa aberto,  marque Verificação Rápida e clique no botão Verificar.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  • Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  • Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  • Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta, juntamente com um novo log do HijackThis.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Em caso de dúvidas, leia o tutorial do programa:
http://linhadefensiva.org/forum/index.php?showtopic=75554

Compartilhar este post


Link para o post
Compartilhar em outros sites
# AdwCleaner v2.303 - Relatório criado em 29/06/2013 às 19:17:26

# Atualizado em 08/06/2013 por Xplode

# Sistema Operacional : Windows 7 Starter Service Pack 1 (32 bits)

# Usuário : agatha - AGATHA-STI

# Modo de Boot : Normal

# Executado de : C:\Users\agatha\Downloads\adwcleaner.exe

# Opção [Verificar]

 

 

***** [serviços] *****

 

Encontrado : eSafeSvc

 

***** [Arquivos/Pastas] *****

 

Arquivo Encontrado : C:\user.js

Arquivo Infected : C:\Users\agatha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( arg. : hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686)

Arquivo Infected : C:\Users\agatha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk ( arg. : hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686)

Arquivo Infected : C:\Users\agatha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk ( arg. : hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686)

Arquivo Infected : C:\Users\agatha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk ( arg. : hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686)

Arquivo Infected : C:\Users\agatha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( arg. : hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686)

Arquivo Infected : C:\Users\agatha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( arg. : hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686)

Arquivo Infected : C:\Users\agatha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( arg. : hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686)

Arquivo Infected : C:\Users\agatha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( arg. : hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686)

Arquivo Infected : C:\Users\agatha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( arg. : hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686)

Arquivo Infected : C:\Users\agatha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( arg. : hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686)

Arquivo Infected : C:\Users\agatha\Desktop\Google Chrome.lnk ( arg. : hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686)

Pasta Encontrado : C:\Program Files\Claro

Pasta Encontrado : C:\Program Files\DealPly

Pasta Encontrado : C:\Program Files\FindLyrics

Pasta Encontrado : C:\Program Files\Search Results Toolbar

Pasta Encontrado : C:\ProgramData\Babylon

Pasta Encontrado : C:\ProgramData\boost_interprocess

Pasta Encontrado : C:\ProgramData\Browser Manager

Pasta Encontrado : C:\ProgramData\eSafe

Pasta Encontrado : C:\Users\agatha\AppData\Local\Babylon

Pasta Encontrado : C:\Users\agatha\AppData\Local\Ilivid

Pasta Encontrado : C:\Users\agatha\AppData\Local\Zoom_Downloader

Pasta Encontrado : C:\Users\agatha\AppData\LocalLow\Conduit

Pasta Encontrado : C:\Users\agatha\AppData\LocalLow\searchresultstb

Pasta Encontrado : C:\Users\agatha\AppData\Roaming\Babylon

Pasta Encontrado : C:\Users\agatha\AppData\Roaming\Claro

Pasta Encontrado : C:\Users\agatha\AppData\Roaming\eIntaller

 

***** [Registro] *****

 

Chave Encontrada : HKCU\Software\AppDataLow\Software\Conduit

Chave Encontrada : HKCU\Software\AppDataLow\Software\SmartBar

Chave Encontrada : HKCU\Software\Conduit

Chave Encontrada : HKCU\Software\InstallCore

Chave Encontrada : HKLM\Software\Babylon

Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Chave Encontrada : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Chave Encontrada : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Chave Encontrada : HKLM\SOFTWARE\Classes\Prod.cap

Chave Encontrada : HKLM\Software\Conduit

Chave Encontrada : HKLM\Software\Desksvc

Chave Encontrada : HKLM\Software\eSafeSecControl

Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSafeSecControl

Chave Encontrada : HKLM\Software\portaldositesSoftware

Chave Encontrada : HKLM\Software\V9

Dados Encontrada : HKLM\...\StartMenuInternet\Google Chrome [(Default)] = "C:\Users\agatha\AppData\Local\Google\Chrome\Application\chrome.exe" hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686

Dados Encontrada : HKLM\...\StartMenuInternet\IEXPLORE.EXE [(Default)] = C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686

 

***** [Navegadores] *****

 

-\\ Internet Explorer v10.0.9200.16611

 

[HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.portaldosites.com/web/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=3735617

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - CustomizeSearch] = hxxp://search.portaldosites.com/web/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=3735617

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686

 

-\\ Google Chrome v27.0.1453.116

 

Arquivo : C:\Users\agatha\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] Arquivo está limpo.

 

*************************

 

AdwCleaner[R1].txt - [7573 octets] - [29/06/2013 19:17:26]

 

########## EOF - C:\AdwCleaner[R1].txt - [7633 octets] ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

Apos reiniciar o note:

 

# AdwCleaner v2.303 - Relatório criado em 29/06/2013 às 19:21:40
# Atualizado em 08/06/2013 por Xplode
# Sistema Operacional : Windows 7 Starter Service Pack 1 (32 bits)
# Usuário : agatha - AGATHA-STI
# Modo de Boot : Normal
# Executado de : C:\Users\agatha\Downloads\adwcleaner.exe
# Opção [Remover]
 
 
***** [serviços] *****
 
Encerrado & Removido : eSafeSvc
 
***** [Arquivos/Pastas] *****
 
Arquivo Désinfected : C:\Users\agatha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Arquivo Désinfected : C:\Users\agatha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Arquivo Désinfected : C:\Users\agatha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk
Arquivo Désinfected : C:\Users\agatha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Arquivo Désinfected : C:\Users\agatha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Arquivo Désinfected : C:\Users\agatha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Arquivo Désinfected : C:\Users\agatha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Arquivo Désinfected : C:\Users\agatha\Desktop\Google Chrome.lnk
Arquivo Removido : C:\user.js
Pasta Removido : C:\Program Files\Claro
Pasta Removido : C:\Program Files\DealPly
Pasta Removido : C:\Program Files\FindLyrics
Pasta Removido : C:\Program Files\Search Results Toolbar
Pasta Removido : C:\ProgramData\Babylon
Pasta Removido : C:\ProgramData\boost_interprocess
Pasta Removido : C:\ProgramData\Browser Manager
Pasta Removido : C:\ProgramData\eSafe
Pasta Removido : C:\Users\agatha\AppData\Local\Babylon
Pasta Removido : C:\Users\agatha\AppData\Local\Ilivid
Pasta Removido : C:\Users\agatha\AppData\Local\Zoom_Downloader
Pasta Removido : C:\Users\agatha\AppData\LocalLow\Conduit
Pasta Removido : C:\Users\agatha\AppData\LocalLow\searchresultstb
Pasta Removido : C:\Users\agatha\AppData\Roaming\Babylon
Pasta Removido : C:\Users\agatha\AppData\Roaming\Claro
Pasta Removido : C:\Users\agatha\AppData\Roaming\eIntaller
 
***** [Registro] *****
 
Chave Removida : HKCU\Software\AppDataLow\Software\Conduit
Chave Removida : HKCU\Software\AppDataLow\Software\SmartBar
Chave Removida : HKCU\Software\Conduit
Chave Removida : HKCU\Software\InstallCore
Chave Removida : HKLM\Software\Babylon
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Chave Removida : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Chave Removida : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Chave Removida : HKLM\SOFTWARE\Classes\Prod.cap
Chave Removida : HKLM\Software\Conduit
Chave Removida : HKLM\Software\Desksvc
Chave Removida : HKLM\Software\eSafeSecControl
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSafeSecControl
Chave Removida : HKLM\Software\portaldositesSoftware
Chave Removida : HKLM\Software\V9
Dados Removida : HKLM\...\StartMenuInternet\Google Chrome [(Default)] = "C:\Users\agatha\AppData\Local\Google\Chrome\Application\chrome.exe" hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686
Dados Removida : HKLM\...\StartMenuInternet\IEXPLORE.EXE [(Default)] = C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686
 
***** [Navegadores] *****
 
-\\ Internet Explorer v10.0.9200.16611
 
Substituído : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686 --> hxxp://www.google.com
Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.portaldosites.com/web/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=3735617 --> hxxp://www.google.com
Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - CustomizeSearch] = hxxp://search.portaldosites.com/web/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=3735617 --> hxxp://www.google.com
Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686 --> hxxp://www.google.com
Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BPVT-00ZEST0_WD-WX91A41X3732X3732&ts=1372337686 --> hxxp://www.google.com
 
-\\ Google Chrome v27.0.1453.116
 
Arquivo : C:\Users\agatha\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] Arquivo está limpo.
 
*************************
 
AdwCleaner[R1].txt - [7702 octets] - [29/06/2013 19:17:26]
AdwCleaner[s1].txt - [5804 octets] - [29/06/2013 19:21:40]
 
########## EOF - C:\AdwCleaner[s1].txt - [5864 octets] ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

Mica Ventura,

 

Ok, porém faltou seguir os passos 2 e 3.

Compartilhar este post


Link para o post
Compartilhar em outros sites
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows 7 Starter x86

Ran by agatha on 30/06/2013 at 20:32:53,38

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 30/06/2013 at 20:42:46,45

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Compartilhar este post


Link para o post
Compartilhar em outros sites

 Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org
 
Versão da Base de Dados:  v2013.06.30.07
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16618
agatha :: AGATHA-STI [limitado]
 
Proteção: Permitir
 
30/06/2013 20:51:46
mbam-log-2013-06-30 (20-51-46).txt
 
Tipo de Verificação:  Verificação Rápida 
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados:  211232
Tempo decorrido: 18 minuto(s), 43 segundo(s)
 
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
 
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
 
Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Valores de Registro Detectadas: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: c:\users\agatha\dxbzelik.exe -> Enviado para a Quarentena e deletado com sucesso.
 
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Arquivos Detectados: 3
C:\Users\agatha\AppData\Roaming\AudioCard\AudioCard.exe (Trojan.BitcoinMiner) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\agatha\Downloads\DownloadManager_Setup.exe (PUP.Bundle.Installer.OI) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\agatha\AppData\Roaming\AudioCard\vAudioCard.exe (Backdoor.Agent) -> Enviado para a Quarentena e deletado com sucesso.
 
(fim)

Logfile of HijackThis v1.99.1
Scan saved at 21:25:22, on 30/06/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Unable to get Internet Explorer version!
 
Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Ares\Ares.exe
C:\Users\agatha\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\agatha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\agatha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\agatha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\agatha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\agatha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\agatha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\agatha\Downloads\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oquefazernainternet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oquefazernainternet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oquefazernainternet.com/q/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Lyrics Bot - {FFB4EE06-DF84-4AC9-8682-237847AB69BD} - C:\Program Files\LyricsBot\116.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [startCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [uTorrent] "C:\Users\agatha\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [iNTERNATIONAL] International
O13 - Gopher Prefix: 
O17 - HKLM\System\CCS\Services\Tcpip\..\{C955522F-2BC7-4B14-AEC7-C5AD56915B1A}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - c:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton Internet Security (NIS) - Unknown owner - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe" /s "NIS" /m "C:\Program Files\Norton Internet Security\Engine\18.7.2.3\diMaster.dll" /prefetch:1 (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files\Scpad\scpVista.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Mica Ventura,

 

Baixe OTL by OldTimer, e salve na sua área de trabalho.

Clique com o direito sobre o arquivo OTL.exe, depois clique em execadmin.png.

Onde diz Saída, marque Padrão
Marque também estas opções:

  • Data de Criação -> mude para 90 dias
  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar


CREATERESTOREPOINT
%SYSTEMDRIVE%\*.*
%systemdrive%\drivers\*.* /s
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.com
%systemroot%\*.scr
%PROGRAMFILES%\*.*
%LOCALAPPDATA%\*.exe
%LOCALAPPDATA%\*.txt
%LOCALAPPDATA%\*.ini
%LOCALAPPDATA%\*.dll
%LOCALAPPDATA%\*.dat
%USERPROFILE%\*.exe
%USERPROFILE%\*.txt
%USERPROFILE%\*.ini
%USERPROFILE%\*.dll
%USERPROFILE%\*.dat /30
%systemroot%\system32\tasks\*.* /s
%windir%\tasks\*.* /s
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP
HKCU\Software\Microsoft\Internet Explorer\Downloads
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Licensing Core
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Google\Chrome
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService
net user /c
/md5start
termsrv.dll
termsrv.dll.bak
/md5stop
%systemdrive%\$Recycle.Bin|@;true;true;true /fp

Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão verif.png

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt
Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.
Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
OTL logfile created on: 07/07/2013 20:26:20 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\agatha\Downloads

 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16614)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

 

1,60 Gb Total Physical Memory | 0,66 Gb Available Physical Memory | 41,04% Memory free

3,21 Gb Paging File | 1,30 Gb Available in Paging File | 40,55% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 292,33 Gb Total Space | 241,48 Gb Free Space | 82,61% Space Free | Partition Type: NTFS

 

Computer Name: AGATHA-STI | User Name: agatha | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013/07/07 20:24:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\agatha\Downloads\OTL.exe

PRC - [2013/06/29 18:41:14 | 001,045,072 | ---- | M] (BitTorrent Inc.) -- C:\Users\agatha\AppData\Roaming\uTorrent\uTorrent.exe

PRC - [2013/06/26 15:55:52 | 000,308,816 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

PRC - [2013/05/09 05:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2013/05/09 05:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2013/05/09 05:58:27 | 000,137,960 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2013/02/16 21:57:44 | 000,916,480 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\Ares.exe

PRC - [2012/11/22 23:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/08/05 12:08:08 | 000,368,544 | ---- | M] (Banco Bradesco S.A.) -- C:\Program Files\Scpad\scpVista.exe

PRC - [2011/04/16 21:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe

PRC - [2011/04/04 09:03:46 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe

PRC - [2011/04/04 09:03:46 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe

PRC - [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/11/30 22:43:20 | 000,284,160 | ---- | M] (Advanced Micro Devices, Inc.) -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

PRC - [2010/06/17 04:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) -- c:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/06/14 22:28:42 | 000,393,168 | ---- | M] () -- C:\Users\agatha\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll

MOD - [2013/06/14 22:28:41 | 013,140,432 | ---- | M] () -- C:\Users\agatha\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll

MOD - [2013/06/14 22:28:40 | 004,051,408 | ---- | M] () -- C:\Users\agatha\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll

MOD - [2013/06/14 22:27:51 | 000,599,504 | ---- | M] () -- C:\Users\agatha\AppData\Local\Google\Chrome\Application\27.0.1453.116\libglesv2.dll

MOD - [2013/06/14 22:27:50 | 000,124,368 | ---- | M] () -- C:\Users\agatha\AppData\Local\Google\Chrome\Application\27.0.1453.116\libegl.dll

MOD - [2013/06/14 22:27:48 | 001,597,392 | ---- | M] () -- C:\Users\agatha\AppData\Local\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll

MOD - [2013/05/23 09:59:54 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll

MOD - [2013/05/23 09:32:56 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll

MOD - [2013/05/23 09:31:27 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll

MOD - [2013/05/23 09:30:53 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll

MOD - [2013/05/23 09:29:35 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll

MOD - [2013/05/23 09:28:51 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll

MOD - [2013/02/14 21:53:29 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\78967b28f748b8807eaa97c1cb454adc\WindowsFormsIntegration.ni.dll

MOD - [2013/02/14 21:41:02 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll

MOD - [2013/01/15 13:45:44 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll

MOD - [2013/01/15 13:41:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll

MOD - [2013/01/15 13:14:52 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll

MOD - [2013/01/15 13:12:52 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll

MOD - [2013/01/15 13:12:33 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll

MOD - [2013/01/15 13:11:58 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll

MOD - [2012/10/11 21:56:46 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012/10/11 21:56:22 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010/11/30 22:43:26 | 000,095,232 | ---- | M] () -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

MOD - [2010/11/30 22:31:22 | 000,243,712 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

MOD - [2010/11/20 23:32:47 | 000,241,664 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_pt-BR_31bf3856ad364e35\PresentationFramework.resources.dll

MOD - [2010/11/20 23:32:42 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.resources.dll

MOD - [2010/11/20 23:32:40 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Runtime.Remoting.resources.dll

MOD - [2010/11/12 20:34:33 | 000,417,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll

MOD - [2010/11/12 20:34:31 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll

 

 

========== Services (SafeList) ==========

 

SRV - [2013/06/18 18:33:15 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/05/09 05:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2013/05/09 05:58:27 | 000,137,960 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013/01/08 11:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/08/05 12:08:08 | 000,368,544 | ---- | M] (Banco Bradesco S.A.) [Auto | Running] -- C:\Program Files\Scpad\scpVista.exe -- (scpVista)

SRV - [2011/04/16 21:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)

SRV - [2011/04/04 09:03:46 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2010/11/30 22:43:20 | 000,284,160 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)

SRV - [2010/06/17 04:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- c:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)

SRV - [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/05/31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007/05/31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva401.sys -- (XDva401)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva400.sys -- (XDva400)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva399.sys -- (XDva399)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_juwwanecm.sys -- (huawei_wwanecm)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_juextctrl.sys -- (huawei_ext_ctrl)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcacm.sys -- (huawei_cdcacm)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_usbenumfilter.sys -- (ew_usbenumfilter)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)

DRV - [2013/06/28 07:53:29 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)

DRV - [2013/06/28 07:53:28 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2013/06/28 07:53:28 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2013/05/09 05:59:10 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)

DRV - [2013/05/09 05:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2013/05/09 05:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)

DRV - [2013/05/09 05:59:09 | 000,204,784 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)

DRV - [2013/05/09 05:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2013/05/09 05:59:09 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)

DRV - [2013/05/09 05:59:08 | 000,104,752 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)

DRV - [2013/05/09 05:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2013/03/13 15:01:58 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)

DRV - [2012/11/16 16:09:34 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20121128.001\IDSvix86.sys -- (IDSVix86)

DRV - [2012/10/23 20:34:24 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20121106.001\BHDrvx86.sys -- (BHDrvx86)

DRV - [2012/09/13 14:33:27 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20121128.021\NAVEX15.SYS -- (NAVEX15)

DRV - [2012/09/13 14:33:26 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20121128.021\NAVENG.SYS -- (NAVENG)

DRV - [2012/09/10 10:41:06 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)

DRV - [2012/08/09 19:38:48 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2011/12/26 16:51:11 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2011/04/20 22:37:49 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symnets.sys -- (SymNetS)

DRV - [2011/04/04 09:04:40 | 000,190,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV - [2011/04/04 09:04:38 | 001,015,328 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)

DRV - [2011/04/04 09:03:48 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)

DRV - [2011/04/04 09:03:48 | 000,064,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_sata.sys -- (amd_sata)

DRV - [2011/04/04 09:03:48 | 000,035,968 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)

DRV - [2011/04/04 09:03:48 | 000,032,384 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_xata.sys -- (amd_xata)

DRV - [2011/04/04 09:03:46 | 006,576,128 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)

DRV - [2011/04/04 09:03:46 | 000,229,888 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)

DRV - [2011/03/31 00:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\NIS\1207020.003\srtsp.sys -- (SRTSP)

DRV - [2011/03/31 00:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\srtspx.sys -- (SRTSPX)

DRV - [2011/03/26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)

DRV - [2011/03/26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)

DRV - [2011/03/26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)

DRV - [2011/03/26 10:37:12 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)

DRV - [2011/03/14 23:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symefa.sys -- (SymEFA)

DRV - [2011/01/27 03:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symds.sys -- (SymDS)

DRV - [2011/01/27 02:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\ironx86.sys -- (SymIRON)

DRV - [2010/11/20 18:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 18:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/11/20 18:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV - [2010/02/18 08:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)

DRV - [2010/01/14 08:04:04 | 000,106,496 | ---- | M] (ZD Secret Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZDDriver.sys -- (hwdatacard)

DRV - [2009/07/13 20:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009/06/26 14:43:42 | 000,013,680 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\EMSC.sys -- (EMSC)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oquefazernainternet.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{839CDFC2-3294-4C66-8C80-A726A69B2085}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.semptoshiba.com.br [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.oquefazernainternet.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.oquefazernainternet.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_pt-BRBR463

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\agatha\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\agatha\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\agatha\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\agatha\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\agatha\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\agatha\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\ [2012/02/22 09:47:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2 [2013/07/07 13:09:42 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lyricsBot@APDMT.net: C:\Program Files\LyricsBot\116.xpi [2013/06/30 20:14:43 | 000,004,962 | ---- | M] ()

 

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.com.br/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\agatha\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\agatha\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\agatha\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\agatha\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\agatha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Pesquisa do Google = C:\Users\agatha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: avast! Ad Blocker = C:\Users\agatha\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd\8.0_0\

CHR - Extension: avast! Online Security = C:\Users\agatha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\

CHR - Extension: Lyrics Bot = C:\Users\agatha\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjaoindegekegaeihocoidchhbgilbd\1.116_0\

CHR - Extension: Night Time In New York City = C:\Users\agatha\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnimonidkipnhnpgkhgliocfnnpgkhek\1.2_0\

CHR - Extension: Gmail = C:\Users\agatha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

 

O1 HOSTS File: ([2009/06/10 18:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (ssh2 Class) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll (Banco Bradesco S.A.)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Lyrics Bot) - {FFB4EE06-DF84-4AC9-8682-237847AB69BD} - C:\Program Files\LyricsBot\116.dll (APDMT LTD)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)

O4 - HKCU..\Run: [uTorrent] C:\Users\agatha\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.127.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{622D14F1-05ED-4908-8044-C756B084E797}: DhcpNameServer = 192.168.127.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C955522F-2BC7-4B14-AEC7-C5AD56915B1A}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE30E200-F7CF-427F-A2E3-FCD811D1FFFB}: DhcpNameServer = 200.169.117.222 200.169.117.221

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll (Banco Bradesco S.A.)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{225b2c48-947c-11e2-b7af-b870f46cc874}\Shell - "" = AutoRun

O33 - MountPoints2\{225b2c48-947c-11e2-b7af-b870f46cc874}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{225b2c69-947c-11e2-b7af-b870f46cc874}\Shell - "" = AutoRun

O33 - MountPoints2\{225b2c69-947c-11e2-b7af-b870f46cc874}\Shell\AutoRun\command - "" = D:\AutoRun.exe

O33 - MountPoints2\{5e081778-c89f-11e2-af69-b870f46cc874}\Shell - "" = AutoRun

O33 - MountPoints2\{5e081778-c89f-11e2-af69-b870f46cc874}\Shell\AutoRun\command - "" = D:\setup.exe

O33 - MountPoints2\{5e0817a4-c89f-11e2-af69-b870f46cc874}\Shell - "" = AutoRun

O33 - MountPoints2\{5e0817a4-c89f-11e2-af69-b870f46cc874}\Shell\AutoRun\command - "" = D:\setup.exe

O33 - MountPoints2\{634937d1-c3a9-11e2-9215-b870f46cc874}\Shell - "" = AutoRun

O33 - MountPoints2\{634937d1-c3a9-11e2-9215-b870f46cc874}\Shell\AutoRun\command - "" = D:\AutoRun.exe

O33 - MountPoints2\{634937dd-c3a9-11e2-9215-b870f46cc874}\Shell - "" = AutoRun

O33 - MountPoints2\{634937dd-c3a9-11e2-9215-b870f46cc874}\Shell\AutoRun\command - "" = D:\AutoRun.exe

O33 - MountPoints2\{7483229d-85d3-11e1-9347-b870f46cc874}\Shell - "" = AutoRun

O33 - MountPoints2\{7483229d-85d3-11e1-9347-b870f46cc874}\Shell\AutoRun\command - "" = D:\AutoRun.exe

O33 - MountPoints2\{7483229f-85d3-11e1-9347-b870f46cc874}\Shell - "" = AutoRun

O33 - MountPoints2\{7483229f-85d3-11e1-9347-b870f46cc874}\Shell\AutoRun\command - "" = D:\AutoRun.exe

O33 - MountPoints2\{7b4fc4e2-94de-11e2-99e1-b870f46cc874}\Shell - "" = AutoRun

O33 - MountPoints2\{7b4fc4e2-94de-11e2-99e1-b870f46cc874}\Shell\AutoRun\command - "" = D:\AutoRun.exe

O33 - MountPoints2\{8d23299d-85b2-11e1-aa58-207c8f5bef3b}\Shell - "" = AutoRun

O33 - MountPoints2\{8d23299d-85b2-11e1-aa58-207c8f5bef3b}\Shell\AutoRun\command - "" = D:\AutoRun.exe

O33 - MountPoints2\{8d2329a5-85b2-11e1-aa58-207c8f5bef3b}\Shell - "" = AutoRun

O33 - MountPoints2\{8d2329a5-85b2-11e1-aa58-207c8f5bef3b}\Shell\AutoRun\command - "" = D:\AutoRun.exe

O33 - MountPoints2\{8e1783dd-85d1-11e1-ab17-b870f46cc874}\Shell - "" = AutoRun

O33 - MountPoints2\{8e1783dd-85d1-11e1-ab17-b870f46cc874}\Shell\AutoRun\command - "" = D:\AutoRun.exe

O33 - MountPoints2\{8e1783df-85d1-11e1-ab17-b870f46cc874}\Shell - "" = AutoRun

O33 - MountPoints2\{8e1783df-85d1-11e1-ab17-b870f46cc874}\Shell\AutoRun\command - "" = D:\AutoRun.exe

O33 - MountPoints2\{91f59358-2f35-11e1-acfb-b870f46cc874}\Shell - "" = AutoRun

O33 - MountPoints2\{91f59358-2f35-11e1-acfb-b870f46cc874}\Shell\AutoRun\command - "" = D:\AutoRun.exe

O33 - MountPoints2\{91f59398-2f35-11e1-acfb-b870f46cc874}\Shell - "" = AutoRun

O33 - MountPoints2\{91f59398-2f35-11e1-acfb-b870f46cc874}\Shell\AutoRun\command - "" = D:\AutoRun.exe

O33 - MountPoints2\{a120fefc-c957-11e2-a64a-b870f46cc874}\Shell - "" = AutoRun

O33 - MountPoints2\{a120fefc-c957-11e2-a64a-b870f46cc874}\Shell\AutoRun\command - "" = D:\Windows/AutoRun.exe

O33 - MountPoints2\{b1c40abc-c8a8-11e2-aca5-b870f46cc874}\Shell - "" = AutoRun

O33 - MountPoints2\{b1c40abc-c8a8-11e2-aca5-b870f46cc874}\Shell\AutoRun\command - "" = D:\setup.exe

O33 - MountPoints2\{b3e57d28-c474-11e2-97d4-b870f46cc874}\Shell - "" = AutoRun

O33 - MountPoints2\{b3e57d28-c474-11e2-97d4-b870f46cc874}\Shell\AutoRun\command - "" = D:\AutoRun.exe

O33 - MountPoints2\{c2755f9f-6f10-11e2-be99-b870f46cc874}\Shell - "" = AutoRun

O33 - MountPoints2\{c2755f9f-6f10-11e2-be99-b870f46cc874}\Shell\AutoRun\command - "" = D:\LGAutoRun.exe

O33 - MountPoints2\{d065b523-c3a3-11e2-900d-b870f46cc874}\Shell - "" = AutoRun

O33 - MountPoints2\{d065b523-c3a3-11e2-900d-b870f46cc874}\Shell\AutoRun\command - "" = D:\AutoRun.exe

O33 - MountPoints2\{dc0bdcfd-a23a-11e2-a17b-b870f46cc874}\Shell - "" = AutoRun

O33 - MountPoints2\{dc0bdcfd-a23a-11e2-a17b-b870f46cc874}\Shell\AutoRun\command - "" = D:\AutoRun.exe

O33 - MountPoints2\D\Shell - "" = AutoRun

O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Windows/AutoRun.exe

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 90 Days ==========

 

[2013/06/30 20:47:30 | 000,000,000 | ---D | C] -- C:\Users\agatha\AppData\Roaming\Malwarebytes

[2013/06/30 20:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/06/30 20:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/06/30 20:46:58 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2013/06/30 20:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013/06/30 20:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\LyricsBot

[2013/06/29 19:53:20 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013/06/29 19:52:57 | 000,000,000 | ---D | C] -- C:\JRT

[2013/06/29 18:39:41 | 000,000,000 | ---D | C] -- C:\Users\agatha\AppData\Roaming\uTorrent

[2013/06/29 17:56:25 | 000,000,000 | ---D | C] -- C:\Users\agatha\Desktop\iPhone 4 GSM iOS 7 Beta 1

[2013/06/29 09:15:12 | 000,000,000 | ---D | C] -- C:\Users\agatha\AppData\Roaming\Mozilla

[2013/06/27 12:33:42 | 000,000,000 | ---D | C] -- C:\Users\agatha\Desktop\HijackThis

[2013/06/27 11:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2013/06/27 11:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2013/06/27 11:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2013/06/27 11:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2013/06/27 11:23:16 | 000,204,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys

[2013/06/27 11:23:14 | 000,104,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys

[2013/06/27 11:23:06 | 000,021,576 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys

[2013/06/27 11:22:45 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys

[2013/06/27 11:16:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security

[2013/06/27 11:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2013/06/27 10:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

[2013/06/27 10:13:07 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

[2013/06/27 10:13:03 | 000,369,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys

[2013/06/27 10:12:54 | 000,061,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys

[2013/06/27 10:12:52 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys

[2013/06/27 10:12:50 | 000,770,344 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys

[2013/06/27 10:12:25 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2013/06/27 10:12:23 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2013/06/27 10:10:51 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2013/06/27 10:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2013/06/27 10:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2013/06/27 09:59:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2013/06/27 09:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2013/06/18 19:06:00 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2013/05/31 17:43:46 | 000,000,000 | ---D | C] -- C:\Users\agatha\AppData\Roaming\AudioCard

[2013/05/30 17:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\LyricsOn

[2013/05/30 16:32:14 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbser6k.sys

[2013/05/30 16:32:14 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbnmea.sys

[2013/05/30 16:32:14 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys

[2013/05/30 16:32:13 | 000,009,216 | ---- | C] (MBB Incorporated) -- C:\Windows\System32\drivers\massfilter.sys

[2013/05/30 16:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\InstallAffixationInfo

[2013/05/30 16:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Claro 3G

[2013/05/30 16:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\Claro 3G

[2013/05/29 22:46:00 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2013/05/29 17:40:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3G HSDPA Modem

[2013/05/29 17:40:44 | 000,106,496 | ---- | C] (ZD Secret Incorporated) -- C:\Windows\System32\drivers\ZDDriver.sys

[2013/05/22 23:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2013/05/22 23:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2013/05/02 23:09:32 | 000,000,000 | ---D | C] -- C:\Users\agatha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ

[2013/05/02 23:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ

[2013/05/02 23:09:25 | 000,000,000 | ---D | C] -- C:\Users\agatha\Documents\VirtualDJ

 

========== Files - Modified Within 90 Days ==========

 

[2013/07/07 20:32:02 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/07/07 20:04:15 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\Lyrics Bot Update.job

[2013/07/07 20:01:01 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/07/07 19:51:01 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3748968780-484442121-3243865611-1001UA.job

[2013/07/07 18:07:11 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3748968780-484442121-3243865611-1001UA.job

[2013/07/07 15:51:02 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3748968780-484442121-3243865611-1001Core.job

[2013/07/07 15:07:04 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3748968780-484442121-3243865611-1001Core.job

[2013/07/07 13:17:20 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/07/07 13:17:20 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/07/07 13:08:28 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/07/07 13:07:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/07/07 13:07:37 | 1292,029,952 | -HS- | M] () -- C:\hiberfil.sys

[2013/07/06 20:00:50 | 000,668,070 | ---- | M] () -- C:\Windows\System32\prfh0416.dat

[2013/07/06 20:00:50 | 000,620,150 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013/07/06 20:00:50 | 000,130,306 | ---- | M] () -- C:\Windows\System32\prfc0416.dat

[2013/07/06 20:00:50 | 000,108,332 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013/06/30 20:47:16 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/06/29 19:49:32 | 000,001,501 | ---- | M] () -- C:\Users\agatha\Desktop\Google Chrome.lnk

[2013/06/29 18:41:18 | 000,000,841 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk

[2013/06/29 18:28:02 | 000,022,468 | ---- | M] () -- C:\Users\agatha\Documents\iPhone 4 GSM iOS 7 Beta 1.torrent

[2013/06/29 14:31:24 | 000,088,717 | ---- | M] () -- C:\Users\agatha\Documents\PAPILOSCOPIA.pdf

[2013/06/29 14:31:07 | 003,686,400 | ---- | M] () -- C:\Users\agatha\Documents\classificacao.pdf

[2013/06/28 07:53:29 | 000,175,176 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys

[2013/06/28 07:53:29 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys.sum

[2013/06/28 07:53:28 | 000,770,344 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys

[2013/06/28 07:53:28 | 000,369,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys

[2013/06/28 07:53:28 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSP.sys.sum

[2013/06/28 07:53:28 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSnx.sys.sum

[2013/06/27 11:41:53 | 000,412,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2013/06/27 11:37:49 | 000,001,956 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk

[2013/06/27 11:26:46 | 000,001,720 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2013/06/27 11:23:03 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2013/06/27 11:16:52 | 000,001,970 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk

[2013/06/27 10:16:06 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\Ares.lnk

[2013/06/27 09:59:41 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2013/06/27 07:14:43 | 006,459,589 | ---- | M] () -- C:\Users\agatha\Documents\pericia.rtf

[2013/06/19 13:46:51 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI

[2013/06/18 19:04:50 | 000,000,017 | ---- | M] () -- C:\Users\agatha\AppData\Local\resmon.resmoncfg

[2013/05/31 11:14:14 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf

[2013/05/30 19:07:19 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

[2013/05/30 16:31:38 | 000,001,638 | ---- | M] () -- C:\Users\Public\Desktop\Claro 3G.lnk

[2013/05/22 23:35:49 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2013/05/09 05:59:10 | 000,061,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys

[2013/05/09 05:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys

[2013/05/09 05:59:10 | 000,049,376 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys

[2013/05/09 05:59:09 | 000,204,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys

[2013/05/09 05:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2013/05/09 05:59:09 | 000,021,576 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys

[2013/05/09 05:59:08 | 000,104,752 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys

[2013/05/09 05:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

[2013/05/09 05:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2013/05/09 05:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2013/05/02 23:09:34 | 000,001,011 | ---- | M] () -- C:\Users\agatha\Desktop\VirtualDJ Home FREE.lnk

 

========== Files Created - No Company Name ==========

 

[2013/06/30 20:47:16 | 000,001,034 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/06/30 20:14:43 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\Lyrics Bot Update.job

[2013/06/29 18:41:17 | 000,000,841 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk

[2013/06/29 18:29:20 | 000,022,468 | ---- | C] () -- C:\Users\agatha\Documents\iPhone 4 GSM iOS 7 Beta 1.torrent

[2013/06/29 14:31:24 | 000,088,717 | ---- | C] () -- C:\Users\agatha\Documents\PAPILOSCOPIA.pdf

[2013/06/29 14:31:07 | 003,686,400 | ---- | C] () -- C:\Users\agatha\Documents\classificacao.pdf

[2013/06/28 07:53:29 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum

[2013/06/28 07:53:29 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum

[2013/06/28 07:53:29 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum

[2013/06/27 11:37:49 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

[2013/06/27 11:37:49 | 000,001,956 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk

[2013/06/27 11:26:45 | 000,001,720 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2013/06/27 11:16:51 | 000,001,970 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk

[2013/06/27 10:16:05 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\Ares.lnk

[2013/06/27 10:12:47 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys

[2013/06/27 10:12:41 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys

[2013/06/27 09:59:38 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2013/06/27 07:14:42 | 006,459,589 | ---- | C] () -- C:\Users\agatha\Documents\pericia.rtf

[2013/06/19 13:46:51 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2013/06/18 19:04:50 | 000,000,017 | ---- | C] () -- C:\Users\agatha\AppData\Local\resmon.resmoncfg

[2013/05/31 11:14:14 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf

[2013/05/30 19:07:19 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2013/05/30 16:31:18 | 000,001,638 | ---- | C] () -- C:\Users\Public\Desktop\Claro 3G.lnk

[2013/05/22 23:35:49 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2013/05/02 23:09:34 | 000,001,011 | ---- | C] () -- C:\Users\agatha\Desktop\VirtualDJ Home FREE.lnk

[2013/03/04 22:10:28 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini

[2012/07/01 18:09:39 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2012/01/17 17:32:34 | 000,016,384 | ---- | C] () -- C:\Users\agatha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/01/02 19:25:09 | 000,169,656 | ---- | C] () -- C:\Users\agatha\Agatha Ventura Bruna Meirelles_02_01_2012@20_13_34.wav

[2012/01/02 16:46:59 | 000,380,856 | ---- | C] () -- C:\Users\agatha\Agatha Ventura_02_01_2012@17_45_43.wav

 

========== ZeroAccess Check ==========

 

[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 01:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 18:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

========== LOP Check ==========

 

[2013/06/30 21:12:04 | 000,000,000 | ---D | M] -- C:\Users\agatha\AppData\Roaming\AudioCard

[2012/11/16 22:59:42 | 000,000,000 | ---D | M] -- C:\Users\agatha\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2011/12/23 12:03:23 | 000,000,000 | ---D | M] -- C:\Users\agatha\AppData\Roaming\GuiaMultimidia

[2013/07/07 20:47:52 | 000,000,000 | ---D | M] -- C:\Users\agatha\AppData\Roaming\uTorrent

[2013/04/30 22:59:40 | 000,000,000 | ---D | M] -- C:\Users\agatha\AppData\Roaming\VIVO INTERNET

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

< %SYSTEMDRIVE%\*.* >

[2012/06/01 21:38:36 | 352,913,637 | ---- | M] () -- C:\A.L6nd8.D8s.Gu5rdi6e7.Dubl2d).rmvb

[2013/06/29 19:19:14 | 000,007,702 | ---- | M] () -- C:\AdwCleaner[R1].txt

[2013/06/29 19:43:10 | 000,005,933 | ---- | M] () -- C:\AdwCleaner[s1].txt

[2012/03/16 16:35:22 | 357,867,931 | ---- | M] () -- C:\Amanhecer Parte 1.rmvb

[2009/06/10 18:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2009/06/10 18:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys

[2013/07/07 13:07:37 | 1292,029,952 | -HS- | M] () -- C:\hiberfil.sys

[2013/07/07 13:07:45 | 1722,707,968 | -HS- | M] () -- C:\pagefile.sys

 

< %systemdrive%\drivers\*.* /s >

 

< %systemdrive%\drivers\*.exe >

 

< %systemroot%\system32\drivers\*.* /90 >

[2013/05/09 05:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswFsBlk.sys

[2013/05/09 05:59:08 | 000,104,752 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswFW.sys

[2013/05/09 05:59:09 | 000,021,576 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswKbd.sys

[2013/05/09 05:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswMonFlt.sys

[2013/05/09 05:59:09 | 000,204,784 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswNdis2.sys

[2013/05/09 05:59:10 | 000,061,680 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswRdr2.sys

[2013/05/09 05:59:10 | 000,049,376 | ---- | M] () -- C:\Windows\system32\drivers\aswRvrt.sys

[2013/06/28 07:53:28 | 000,770,344 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswSnx.sys

[2013/06/28 07:53:28 | 000,000,175 | ---- | M] () -- C:\Windows\system32\drivers\aswSnx.sys.sum

[2013/06/28 07:53:28 | 000,369,584 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswSP.sys

[2013/06/28 07:53:28 | 000,000,175 | ---- | M] () -- C:\Windows\system32\drivers\aswSP.sys.sum

[2013/05/09 05:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswTdi.sys

[2013/06/28 07:53:29 | 000,175,176 | ---- | M] () -- C:\Windows\system32\drivers\aswVmm.sys

[2013/06/28 07:53:29 | 000,000,175 | ---- | M] () -- C:\Windows\system32\drivers\aswVmm.sys.sum

[2013/04/10 02:18:40 | 000,728,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\dxgkrnl.sys

[2013/04/10 02:18:40 | 000,218,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\dxgmms1.sys

[2013/05/31 11:14:14 | 000,000,000 | -H-- | M] () -- C:\Windows\system32\drivers\Msft_Kernel_netaapl_01009.Wdf

[2013/04/12 10:45:29 | 001,211,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ntfs.sys

[2013/05/08 02:38:00 | 001,293,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tcpip.sys

 

< %systemroot%\Fonts\*.dll >

 

< %systemroot%\Fonts\*.ini >

[2009/06/10 18:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

 

< %systemroot%\Fonts\*.ini2 >

 

< %systemroot%\Fonts\*.com >

[2009/07/14 01:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont

[2009/07/14 01:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont

[2009/07/14 01:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

[2009/07/14 01:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

 

< %systemroot%\*.scr >

[2013/05/09 05:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2012/03/08 18:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

 

< %PROGRAMFILES%\*.* >

[2009/07/14 01:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

 

< %LOCALAPPDATA%\*.exe >

 

< %LOCALAPPDATA%\*.txt >

 

< %LOCALAPPDATA%\*.ini >

[2013/01/29 23:18:50 | 000,016,384 | ---- | M] () -- C:\Users\agatha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

< %LOCALAPPDATA%\*.dll >

 

< %LOCALAPPDATA%\*.dat >

[2013/06/27 09:57:47 | 000,110,048 | ---- | M] () -- C:\Users\agatha\AppData\Local\GDIPFONTCACHEV1.DAT

 

< %USERPROFILE%\*.exe >

 

< %USERPROFILE%\*.txt >

 

< %USERPROFILE%\*.ini >

[2011/12/23 12:02:36 | 000,000,020 | -HS- | M] () -- C:\Users\agatha\ntuser.ini

 

< %USERPROFILE%\*.dll >

 

< %USERPROFILE%\*.dat /30 >

[2013/07/07 20:49:17 | 005,242,880 | -HS- | M] () -- C:\Users\agatha\ntuser.dat

 

< %systemroot%\system32\tasks\*.* /s >

[2013/06/18 18:33:19 | 000,003,840 | ---- | M] () -- C:\Windows\system32\tasks\Adobe Flash Player Updater

[2013/07/07 12:06:04 | 000,004,182 | ---- | M] () -- C:\Windows\system32\tasks\avast! Emergency Update

[2013/06/27 09:59:50 | 000,002,774 | ---- | M] () -- C:\Windows\system32\tasks\CCleanerSkipUAC

[2013/06/27 09:57:22 | 000,003,378 | ---- | M] () -- C:\Windows\system32\tasks\Desk 365 RunAsStdUser

[2012/11/23 14:02:36 | 000,003,542 | ---- | M] () -- C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-3748968780-484442121-3243865611-1001Core

[2012/11/23 14:02:38 | 000,003,910 | ---- | M] () -- C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-3748968780-484442121-3243865611-1001UA

[2013/05/22 21:55:59 | 000,003,800 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore

[2013/05/22 21:56:00 | 000,004,052 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA

[2013/05/09 15:46:53 | 000,003,658 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-3748968780-484442121-3243865611-1001Core

[2013/05/09 15:46:55 | 000,004,054 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-3748968780-484442121-3243865611-1001UA

[2013/06/30 20:14:44 | 000,003,008 | ---- | M] () -- C:\Windows\system32\tasks\Lyrics Bot Update

[2012/04/13 23:18:03 | 000,003,118 | ---- | M] () -- C:\Windows\system32\tasks\{75042970-3597-478D-A044-EF0F0AE97A7F}

[2012/04/13 23:17:53 | 000,003,118 | ---- | M] () -- C:\Windows\system32\tasks\{9D4876B3-2AAB-41C2-AECA-1299DFB03A3D}

[2012/01/02 14:21:41 | 000,003,172 | ---- | M] () -- C:\Windows\system32\tasks\{EA7F0A25-89D8-4B00-AEE1-C85498890E5C}

[2012/05/05 14:16:16 | 000,003,366 | ---- | M] () -- C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate

[2011/12/25 00:23:45 | 000,004,742 | ---- | M] () -- C:\Windows\system32\tasks\Games\UpdateCheck_S-1-5-21-3748968780-484442121-3243865611-1001

[2013/07/07 13:17:24 | 000,003,856 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows Defender\MP Scheduled Scan

[2012/06/25 13:53:17 | 000,004,158 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task

[2009/07/14 01:41:15 | 000,004,472 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)

[2009/07/14 01:41:15 | 000,003,854 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)

[2009/07/14 01:42:10 | 000,002,900 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter

[2009/07/14 01:42:10 | 000,003,790 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck

[2009/07/14 01:41:45 | 000,003,458 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent

[2009/07/14 01:41:45 | 000,003,614 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater

[2009/07/14 01:37:26 | 000,003,026 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy

[2009/07/14 01:42:29 | 000,001,862 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask

[2009/07/14 01:41:10 | 000,004,130 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\CertificateServicesClient\SystemTask

[2009/07/14 01:41:10 | 000,003,868 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\CertificateServicesClient\UserTask

[2009/07/14 01:53:58 | 000,003,134 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam

[2009/07/14 01:42:29 | 000,002,934 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator

[2009/07/14 01:41:20 | 000,003,946 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask

[2009/07/14 01:41:47 | 000,003,598 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip

[2009/07/14 01:46:36 | 000,003,886 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag

[2009/07/14 01:42:30 | 000,004,018 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Diagnosis\Scheduled

[2009/07/14 01:42:31 | 000,003,554 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications

[2013/02/16 22:49:54 | 000,004,084 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Maintenance\WinSAT

[2009/07/14 01:41:20 | 000,003,304 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector

[2009/07/14 01:41:20 | 000,003,510 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector

[2009/07/14 01:41:56 | 000,003,168 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove

[2009/07/14 01:42:30 | 000,002,602 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Multimedia\SystemSoundsService

[2009/07/14 01:42:09 | 000,002,044 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo

[2009/07/14 01:42:28 | 000,002,832 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor

[2009/07/14 01:41:30 | 000,003,752 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem

[2009/07/14 01:42:30 | 000,004,370 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\RAC\RacTask

[2009/07/14 01:37:40 | 000,003,052 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Ras\MobilityManager

[2009/07/14 01:42:07 | 000,003,956 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Registry\RegIdleBackup

[2009/07/14 01:42:29 | 000,004,596 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask

[2009/07/14 01:42:30 | 000,003,616 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Shell\WindowsParentalControls

[2009/07/14 01:54:03 | 000,003,912 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration

[2009/07/14 01:37:20 | 000,003,942 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask

[2009/07/14 01:46:35 | 000,003,506 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR

[2009/07/14 01:41:33 | 000,002,614 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Task Manager\Interactive

[2009/07/14 01:41:09 | 000,003,950 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1

[2009/07/14 01:41:09 | 000,004,066 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2

[2009/07/14 01:41:29 | 000,002,978 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\TextServicesFramework\MsCtfMonitor

[2009/07/14 01:37:51 | 000,003,388 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime

[2009/07/14 01:37:30 | 000,001,730 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig

[2009/07/14 01:41:23 | 000,003,420 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\User Profile Service\HiveUploadTask

[2009/07/14 01:37:28 | 000,002,682 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\WDI\ResolutionHost

[2009/07/14 01:37:20 | 000,003,048 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting

[2009/07/14 01:37:44 | 000,003,290 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange

[2009/07/14 01:46:36 | 000,003,304 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary

[2010/11/20 18:00:52 | 000,004,330 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification

[2009/07/14 01:54:01 | 000,003,532 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader

[2013/05/30 19:19:09 | 000,003,540 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft\Windows\Wininet\CacheTask

[2013/07/07 19:16:10 | 000,002,988 | ---- | M] () -- C:\Windows\system32\tasks\Symantec\Norton Error Analyzer 18.7.2.3

[2013/07/07 19:16:11 | 000,003,700 | ---- | M] () -- C:\Windows\system32\tasks\Symantec\Norton Error Processor 18.7.2.3

[2011/12/24 23:47:29 | 000,004,482 | ---- | M] () -- C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-3748968780-484442121-3243865611-1001

 

< %windir%\tasks\*.* /s >

[2013/07/07 20:32:02 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/07/07 15:07:04 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3748968780-484442121-3243865611-1001Core.job

[2013/07/07 18:07:11 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3748968780-484442121-3243865611-1001UA.job

[2013/07/07 13:08:28 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/07/07 20:01:01 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/07/07 15:51:02 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3748968780-484442121-3243865611-1001Core.job

[2013/07/07 19:51:01 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3748968780-484442121-3243865611-1001UA.job

[2013/07/07 20:04:15 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\Lyrics Bot Update.job

[2013/07/07 13:08:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2013/06/16 12:16:35 | 000,032,608 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

 

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >

"DefaultConnectionSettings" = 46 00 00 00 1B 03 00 00 01 00 00 00 00 00 00 00 07 00 00 00 2A 2E 6C 6F 63 61 6C 00 00 00 00 00 00 00 00 00 00 00 00 65 D8 6E 4D 62 10 CE 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 00 6E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 C0 A8 00 7B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [binary data over 200 bytes]

"SavedLegacySettings" = 46 00 00 00 F1 16 00 00 01 00 00 00 00 00 00 00 07 00 00 00 2A 2E 6C 6F 63 61 6C 00 00 00 00 00 00 00 00 00 00 00 00 65 D8 6E 4D 62 10 CE 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 00 6E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 C0 A8 00 7B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [binary data over 200 bytes]

"CLARO" = 46 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [binary data]

"Banda Larga 3G" = 46 00 00 00 07 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [binary data]

 

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations >

 

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments >

 

< HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s >

 

< HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP >

 

< HKCU\Software\Microsoft\Internet Explorer\Downloads >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings >

"EnablePunycode" = 1

"CodeBaseSearchPath" = CODEBASE

"WarnOnIntranet" = 1

"MinorVersion" = 0

"ActiveXCache" = C:\Windows\Downloaded Program Files -- [2012/05/12 17:15:21 | 000,000,000 | ---D | M]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ApprovedActiveXInstallSites]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\PluggableProtocols]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Unattend]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Url History]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings >

"EnablePunycode" = 1

"CodeBaseSearchPath" = CODEBASE

"WarnOnIntranet" = 1

"MinorVersion" = 0

"ActiveXCache" = C:\Windows\Downloaded Program Files -- [2012/05/12 17:15:21 | 000,000,000 | ---D | M]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ApprovedActiveXInstallSites]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\PluggableProtocols]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Unattend]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Url History]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]

 

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server >

"RCDependentServices" = CertPropSvcSessionEnv [binary data]

"NotificationTimeOut" = 0

"SnapshotMonitors" = 1

"ProductVersion" = 5.1

"AllowRemoteRPC" = 0

"DelayConMgrTimeout" = 0

"fDenyTSConnections" = 1

"StartRCM" = 0

"TSAdvertise" = 0

"DeleteTempDirsOnExit" = 1

"fSingleSessionPerUser" = 1

"PerSessionTempDir" = 0

"TSUserEnabled" = 0

"InstanceID" = 694de1cf-3b4c-49ce-9258-33b374b

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\ConnectionHandler]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\KeyboardType Mapping]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SessionArbitrationHelper]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SysProcs]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\TerminalTypes]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\VIDEO]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations]

 

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Licensing Core >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon >

"ReportBootOk" = 1

"Shell" = explorer.exe -- [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)

"PreCreateKnownFolders" = {A520A1A4-1780-4FF6-BD18-167343C5AF16}

"Userinit" = C:\Windows\system32\userinit.exe,

"VMApplet" = SystemPropertiesPerformance.exe /pagefile -- [2009/07/13 22:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation)

"AutoRestartShell" = 1

"Background" = 0 0 0

"CachedLogonsCount" = 10

"DebugServerCommand" = no

"ForceUnlockLogon" = 0

"LegalNoticeCaption" = 

"LegalNoticeText" = 

"PasswordExpiryWarning" = 5

"PowerdownAfterShutdown" = 0

"ShutdownWithoutLogon" = 0

"WinStationsDisabled" = 0

"DisableCAD" = 1

"scremoveoption" = 0

"ShutdownFlags" = 43

"AutoAdminLogon" = 0

"DefaultUserName" = agatha

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoLogonChecked]

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services >

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client]

 

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa >

"auditbaseobjects" = 0

"auditbasedirectories" = 0

"crashonauditfail" = 0

"fullprivilegeauditing" =  [binary data]

"Bounds" = 0  [binary data]

"LimitBlankPasswordUse" = 1

"NoLmHash" = 1

"Notification Packages" = scecli [binary data] -- [2010/11/20 18:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation)

"Security Packages" = kerberosmsv1_0schannelwdigestt [binary data over 200 bytes]

"Authentication Packages" = msv1_0 [binary data] -- [2010/11/20 18:29:20 | 000,257,024 | ---- | M] (Microsoft Corporation)

"LsaPid" = 628

"SecureBoot" = 1

"ProductType" = 11

"disabledomaincreds" = 0

"everyoneincludesanonymous" = 0

"forceguest" = 0

"restrictanonymous" = 0

"restrictanonymoussam" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache]

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Google\Chrome >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome >

 

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService >

"DisplayName" = @%SystemRoot%\System32\termsrv.dll,-268

"ImagePath" = %SystemRoot%\System32\svchost.exe -k NetworkService -- [2009/07/13 22:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)

"Description" = @%SystemRoot%\System32\termsrv.dll,-267

"ObjectName" = NT Authority\NetworkService

"ErrorControl" = 1

"Start" = 3

"Type" = 32

"DependOnService" = RPCSSTermDD [binary data]

"ServiceSidType" = 1

"RequiredPrivileges" = SeAssignPrimaryTokenPrivilegeSeAu [binary data over 200 bytes]

"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 00 00 00 00 60 EA 00 00  [binary data]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService\Parameters]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService\Performance]

 

< net user /c >

Contas de usu rio para \\AGATHA-STI

-------------------------------------------------------------------------------

Administrador            agatha                   Convidado                

Comando conclu¡do com ˆxito.

 

< MD5 for: TERMSRV.DLL  >

[2010/11/20 18:29:19 | 000,521,216 | ---- | M] (Microsoft Corporation) MD5=382C804C92811BE57829D8E550A900E2 -- C:\Windows\System32\termsrv.dll

[2010/11/20 18:29:19 | 000,521,216 | ---- | M] (Microsoft Corporation) MD5=382C804C92811BE57829D8E550A900E2 -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_90a6abb3b286306d\termsrv.dll

 

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

 

< End of report >

Extras.Txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Mica Ventura,

 

Selecione e copie o texto dentro do CODE, clique com o direito sobre a seleção e escolha a opção copiar:

OBS: Certifique-se de copiar começando pela letra e sinal de dois pontos ": O" de OTL.
 

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oquefazernainternet.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.oquefazernainternet.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.oquefazernainternet.com/
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lyricsBot@APDMT.net: C:\Program Files\LyricsBot\116.xpi [2013/06/30 20:14:43 | 000,004,962 | ---- | M] ()
CHR - Extension: Lyrics Bot = C:\Users\agatha\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjaoindegekegaeihocoidchhbgilbd\1.116_0\
O2 - BHO: (Lyrics Bot) - {FFB4EE06-DF84-4AC9-8682-237847AB69BD} - C:\Program Files\LyricsBot\116.dll (APDMT LTD)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
[2013/05/30 17:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\LyricsOn
[2013/07/07 20:04:15 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\Lyrics Bot Update.job
[2013/06/27 09:57:22 | 000,003,378 | ---- | M] () -- C:\Windows\system32\tasks\Desk 365 RunAsStdUser
[2013/06/30 20:14:44 | 000,003,008 | ---- | M] () -- C:\Windows\system32\tasks\Lyrics Bot Update

:Commands
[createrestorepoint]
[purity]
[emptytemp]

Clique com o direito sobre o arquivo OTL.exe, depois clique em execadmin.png.

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).

Clique no botão fixotl.png

O programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

 

Poste também um novo log do Hijackthis.

Compartilhar este post


Link para o post
Compartilhar em outros sites
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lyricsBot@APDMT.net deleted successfully.
File C:\Program Files\LyricsBot\116.xpi [2013/06/30 20:14:43 | 000,004,962 | ---- | M] not found.
C:\Users\agatha\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjaoindegekegaeihocoidchhbgilbd\1.116_0 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFB4EE06-DF84-4AC9-8682-237847AB69BD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFB4EE06-DF84-4AC9-8682-237847AB69BD}\ deleted successfully.
C:\Program Files\LyricsBot\116.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
C:\Program Files\LyricsOn folder moved successfully.
C:\Windows\Tasks\Lyrics Bot Update.job moved successfully.
C:\Windows\System32\Tasks\Desk 365 RunAsStdUser moved successfully.
C:\Windows\System32\Tasks\Lyrics Bot Update moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
 
[EMPTYTEMP]
 
User: agatha
->Temp folder emptied: 979096 bytes
->Temporary Internet Files folder emptied: 672290 bytes
->Java cache emptied: 1383610 bytes
->Google Chrome cache emptied: 418038978 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 58078 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Todos os Usuários
 
User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 69176871 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 468,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 07132013_231142
 
Files\Folders moved on Reboot...
C:\Users\agatha\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...

Logfile of HijackThis v1.99.1
Scan saved at 23:27:52, on 13/07/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Unable to get Internet Explorer version!
 
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
C:\Users\agatha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\agatha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\agatha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\agatha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Users\agatha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\agatha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\agatha\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oquefazernainternet.com/q/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [startCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [uTorrent] "C:\Users\agatha\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [Google Update] "C:\Users\agatha\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [iNTERNATIONAL] International
O13 - Gopher Prefix: 
O17 - HKLM\System\CCS\Services\Tcpip\..\{C955522F-2BC7-4B14-AEC7-C5AD56915B1A}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - c:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton Internet Security (NIS) - Unknown owner - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe" /s "NIS" /m "C:\Program Files\Norton Internet Security\Engine\18.7.2.3\diMaster.dll" /prefetch:1 (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files\Scpad\scpVista.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Mica Ventura,

 

   Desative temporiariamente seu AntiVirus 

  • Utilize o Navegador Internet Explorer para utilizar o serviço!
  • Acesse o site    AQUI   
  • Faça o scan de acordo com a imagem abaixo:

    nWRSC.gif
  • Ao final da verificação clique em List of found threats, clique em Export to text file... e marque a caixa "Delete Quarantined files", clique em [FINISH]
    Será gerado um relatório, que estará em:

C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt

Poste esse log.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

Como o autor não respondeu ao tópico por mais de 10 dias, o mesmo foi arquivado.

Caso você seja o autor do tópico e quer que o mesmo seja reaberto, envie uma mensagem privada para um moderador ou assistente com um link para este tópico e justifique porque você precisa dele reaberto.

Compartilhar este post


Link para o post
Compartilhar em outros sites

TÓPICO REABERTO


Tópico reaberto de acordo com o pedido do autor.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

Como o autor não respondeu ao tópico por mais de 10 dias, o mesmo foi arquivado.

Caso você seja o autor do tópico e quer que o mesmo seja reaberto, envie uma mensagem privada para um moderador ou assistente com um link para este tópico e justifique porque você precisa dele reaberto.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.

  • Quem Está Navegando   0 membros estão online

    Nenhum usuário registrado visualizando esta página.