Ir para conteúdo

Foto

Navegador fechando sozinho, dificuldade em remover malwares e virus


Este tópico foi arquivado. Isto significa que você não pode mais responder ao tópico.
10 respostas neste tópico

#1
xseven

xseven

    Novato

  • Novato
  • Pip
  • 5 posts

Postarei o MbrScan aqui, pois ultrapassa o tamanho permitido pra Upload

 

 

Arquivo anexado  hijackthis.log   13,05K   4 Downloads

 

Arquivo anexado  hijackthis.log   13,05K   4 Downloads

 

MbrScan

MBRScan v1.1.1

OS             : Windows 7 Service Pack 1 (64 bit)
PROCESSOR      : AMD64 Family 16 Model 6 Stepping 3, AuthenticAMD
BOOT           : Normal Boot
DATE           : 2013/07/07 (ISO 8601) at 02:11:41
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __SAMSUNG HM500JJ (2AK10001)
BUS_TYPE       : (0x0B)  S-ATA
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0    465.8 Go  [Fixed] ==> HP Recovery Manager

MBR_MD5   : 25D0989E932255C4E17CBA3BFAA72F68
MBR_SHA1  : FD82605E724E9F65E4C0EFECC51D2FC061023145

Device\Harddisk0\Partition1    199.0 Mo      0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2    451.1 Go      0x07 NTFS / HPFS
Device\Harddisk0\Partition3    14.37 Go      0x07 NTFS / HPFS
Device\Harddisk0\Partition4    103.0 Mo      0x0C FAT32 [LBA]
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\Windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0x03203000
SIZE    : 292.0 Ko

DRIVER  : C:\Windows\system32\kdcom.dll => Invisible on the disk
ADDRESS : 0x00B97000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\mcupdate_AuthenticAMD.dll => Invisible on the disk
ADDRESS : 0x00CB9000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\CLFS.SYS => Invisible on the disk
ADDRESS : 0x00CDA000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0x00D38000
SIZE    : 768.0 Ko

DRIVER  : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x00C00000
SIZE    : 656.0 Ko

DRIVER  : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x00CA4000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\System32\Drivers\spac.sys => Invisible on the disk
ADDRESS : 0x00E40000
SIZE    : 1.20 Mo

DRIVER  : C:\Windows\System32\Drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x00F74000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\SCSIPORT.SYS => Invisible on the disk
ADDRESS : 0x00F7D000
SIZE    : 188.0 Ko

DRIVER  : C:\Windows\system32\drivers\ACPI.sys => Invisible on the disk
ADDRESS : 0x01043000
SIZE    : 348.0 Ko

DRIVER  : C:\Windows\system32\drivers\msisadrv.sys => Invisible on the disk
ADDRESS : 0x0109A000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x010A4000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\drivers\pci.sys => Invisible on the disk
ADDRESS : 0x010B1000
SIZE    : 204.0 Ko

DRIVER  : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x010E4000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\compbatt.sys => Invisible on the disk
ADDRESS : 0x010F9000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\BATTC.SYS => Invisible on the disk
ADDRESS : 0x01102000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\drivers\volmgr.sys => Invisible on the disk
ADDRESS : 0x0110E000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x01123000
SIZE    : 368.0 Ko

DRIVER  : C:\Windows\system32\drivers\pciide.sys => Invisible on the disk
ADDRESS : 0x0117F000
SIZE    : 28.0 Ko

DRIVER  : C:\Windows\system32\drivers\PCIIDEX.SYS => Invisible on the disk
ADDRESS : 0x01186000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x01196000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\system32\drivers\atapi.sys => Invisible on the disk
ADDRESS : 0x011B0000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\ataport.SYS => Invisible on the disk
ADDRESS : 0x011B9000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\system32\drivers\msahci.sys => Invisible on the disk
ADDRESS : 0x011E3000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\amdxata.sys => Invisible on the disk
ADDRESS : 0x011EE000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x00FAC000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\system32\drivers\NISx64\1401000.018\SYMDS64.SYS => Invisible on the disk
ADDRESS : 0x01270000
SIZE    : 504.0 Ko

DRIVER  : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x012EE000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\system32\drivers\NISx64\1401000.018\SYMEFA64.SYS => Invisible on the disk
ADDRESS : 0x01442000
SIZE    : 1.10 Mo

DRIVER  : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x0163C000
SIZE    : 1.64 Mo

DRIVER  : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x0155B000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x017DF000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x01302000
SIZE    : 456.0 Ko

DRIVER  : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x01600000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x01611000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x01833000
SIZE    : 972.0 Ko

DRIVER  : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x01926000
SIZE    : 384.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x01986000
SIZE    : 172.0 Ko

DRIVER  : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x01AE9000
SIZE    : 2.02 Mo

DRIVER  : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x01CED000
SIZE    : 296.0 Ko

DRIVER  : C:\Windows\system32\drivers\volsnap.sys => Invisible on the disk
ADDRESS : 0x01D37000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\System32\Drivers\spldr.sys => Invisible on the disk
ADDRESS : 0x01D83000
SIZE    : 32.0 Ko

DRIVER  : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x01D8B000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x01DC5000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk
ADDRESS : 0x01DD7000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\hpdskflt.sys => Invisible on the disk
ADDRESS : 0x01DE0000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x01A00000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\disk.sys => Invisible on the disk
ADDRESS : 0x01A3A000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x01A50000
SIZE    : 192.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\AtiPcie.sys => Invisible on the disk
ADDRESS : 0x01A80000
SIZE    : 32.0 Ko

DRIVER  : C:\Windows\system32\drivers\cdrom.sys => Invisible on the disk
ADDRESS : 0x019B1000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\system32\drivers\NISx64\1401000.018\ccSetx64.sys => Invisible on the disk
ADDRESS : 0x01800000
SIZE    : 184.0 Ko

DRIVER  : C:\Windows\system32\drivers\NISx64\1401000.018\SRTSP64.SYS => Invisible on the disk
ADDRESS : 0x03EC2000
SIZE    : 776.0 Ko

DRIVER  : C:\Windows\system32\drivers\NISx64\1401000.018\SRTSPX64.SYS => Invisible on the disk
ADDRESS : 0x03F84000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\drivers\NISx64\1401000.018\Ironx64.SYS => Invisible on the disk
ADDRESS : 0x03F99000
SIZE    : 228.0 Ko

DRIVER  : C:\Windows\system32\Drivers\SYMEVENT64x86.SYS => Invisible on the disk
ADDRESS : 0x03E00000
SIZE    : 224.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x044AD000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x044B6000
SIZE    : 28.0 Ko

DRIVER  : C:\Windows\System32\drivers\vga.sys => Invisible on the disk
ADDRESS : 0x044BD000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk
ADDRESS : 0x044CB000
SIZE    : 148.0 Ko

DRIVER  : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x044F0000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk
ADDRESS : 0x04500000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the disk
ADDRESS : 0x04509000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the disk
ADDRESS : 0x04512000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x0451B000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x04526000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0x04537000
SIZE    : 136.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0x04559000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\drivers\lmservicedrv.sys => Invisible on the disk
ADDRESS : 0x04566000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0x04573000
SIZE    : 548.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0x04200000
SIZE    : 276.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk
ADDRESS : 0x04245000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0x0424E000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\vwififlt.sys => Invisible on the disk
ADDRESS : 0x03E38000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0x04274000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the disk
ADDRESS : 0x03E4E000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\drivers\termdd.sys => Invisible on the disk
ADDRESS : 0x03E69000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\system32\drivers\NISx64\1401000.018\SYMNETS.SYS => Invisible on the disk
ADDRESS : 0x01374000
SIZE    : 456.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0x01200000
SIZE    : 324.0 Ko

DRIVER  : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0x03E7D000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\drivers\mssmbios.sys => Invisible on the disk
ADDRESS : 0x03E89000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\dvmio.sys => Invisible on the disk
ADDRESS : 0x03026000
SIZE    : 32.0 Ko

DRIVER  : C:\Windows\System32\drivers\discache.sys => Invisible on the disk
ADDRESS : 0x0302E000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0x0303D000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\blbdrive.sys => Invisible on the disk
ADDRESS : 0x0305B000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk
ADDRESS : 0x0499F000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\drivers\wmiacpi.sys => Invisible on the disk
ADDRESS : 0x049C5000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\amdppm.sys => Invisible on the disk
ADDRESS : 0x049CE000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\atikmpag.sys => Invisible on the disk
ADDRESS : 0x04800000
SIZE    : 208.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\atipmdag.sys => Invisible on the disk
ADDRESS : 0x04CA7000
SIZE    : 6.43 Mo

DRIVER  : C:\Windows\System32\Drivers\fastfat.SYS => Invisible on the disk
ADDRESS : 0x05316000
SIZE    : 216.0 Ko

DRIVER  : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0x05478000
SIZE    : 976.0 Ko

DRIVER  : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0x0556C000
SIZE    : 280.0 Ko

DRIVER  : C:\Windows\system32\drivers\HDAudBus.sys => Invisible on the disk
ADDRESS : 0x055B2000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\netr28x.sys => Invisible on the disk
ADDRESS : 0x040B9000
SIZE    : 932.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\vwifibus.sys => Invisible on the disk
ADDRESS : 0x041A2000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbohci.sys => Invisible on the disk
ADDRESS : 0x041AF000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x04000000
SIZE    : 344.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbfilter.sys => Invisible on the disk
ADDRESS : 0x04056000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbehci.sys => Invisible on the disk
ADDRESS : 0x04063000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\drivers\i8042prt.sys => Invisible on the disk
ADDRESS : 0x04074000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\drivers\kbdclass.sys => Invisible on the disk
ADDRESS : 0x04092000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\SynTP.sys => Invisible on the disk
ADDRESS : 0x0534C000
SIZE    : 320.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the disk
ADDRESS : 0x040A1000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\system32\drivers\mouclass.sys => Invisible on the disk
ADDRESS : 0x040A3000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\System32\Drivers\aem0sdl5.SYS => Invisible on the disk
ADDRESS : 0x041BA000
SIZE    : 264.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\Accelerometer.sys => Invisible on the disk
ADDRESS : 0x0544B000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\CmBatt.sys => Invisible on the disk
ADDRESS : 0x040B2000
SIZE    : 20.0 Ko

DRIVER  : C:\Windows\system32\drivers\CompositeBus.sys => Invisible on the disk
ADDRESS : 0x05457000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk
ADDRESS : 0x055D6000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk
ADDRESS : 0x0539C000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk
ADDRESS : 0x055EC000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk
ADDRESS : 0x053C0000
SIZE    : 188.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk
ADDRESS : 0x04C00000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the disk
ADDRESS : 0x04C1B000
SIZE    : 132.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the disk
ADDRESS : 0x04C3C000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\system32\drivers\swenum.sys => Invisible on the disk
ADDRESS : 0x040B7000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\system32\drivers\ks.sys => Invisible on the disk
ADDRESS : 0x04C56000
SIZE    : 268.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\lgbtbs64.sys => Invisible on the disk
ADDRESS : 0x05467000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\umbus.sys => Invisible on the disk
ADDRESS : 0x04834000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the disk
ADDRESS : 0x0306C000
SIZE    : 360.0 Ko

DRIVER  : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the disk
ADDRESS : 0x049E3000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\lgvmdm64.sys => Invisible on the disk
ADDRESS : 0x04C99000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\modem.sys => Invisible on the disk
ADDRESS : 0x053EF000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\lgbtpt64.sys => Invisible on the disk
ADDRESS : 0x030C6000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\AtiHdmi.sys => Invisible on the disk
ADDRESS : 0x03E94000
SIZE    : 136.0 Ko

DRIVER  : C:\Windows\system32\drivers\portcls.sys => Invisible on the disk
ADDRESS : 0x015B9000
SIZE    : 244.0 Ko

DRIVER  : C:\Windows\system32\drivers\drmk.sys => Invisible on the disk
ADDRESS : 0x03FD2000
SIZE    : 136.0 Ko

DRIVER  : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk
ADDRESS : 0x05471000
SIZE    : 24.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\stwrt64.sys => Invisible on the disk
ADDRESS : 0x06A1D000
SIZE    : 524.0 Ko

DRIVER  : C:\Windows\System32\win32k.sys => Invisible on the disk
ADDRESS : 0x000A0000
SIZE    : 3.08 Mo

DRIVER  : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the disk
ADDRESS : 0x06AA0000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0x06AAC000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_dumpata.sys => Invisible on the disk
ADDRESS : 0x06ABA000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_msahci.sys => Invisible on the disk
ADDRESS : 0x06AC6000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x06AD1000
SIZE    : 76.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\hidusb.sys => Invisible on the disk
ADDRESS : 0x06AE4000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HIDCLASS.SYS => Invisible on the disk
ADDRESS : 0x06AF2000
SIZE    : 100.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HIDPARSE.SYS => Invisible on the disk
ADDRESS : 0x06B0B000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mouhid.sys => Invisible on the disk
ADDRESS : 0x06B14000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\drivers\AmUStor.SYS => Invisible on the disk
ADDRESS : 0x06B21000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk
ADDRESS : 0x06B2F000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\System32\Drivers\btmusb.sys => Invisible on the disk
ADDRESS : 0x06C08000
SIZE    : 5.95 Mo

DRIVER  : C:\Windows\System32\Drivers\usbvideo.sys => Invisible on the disk
ADDRESS : 0x06B4C000
SIZE    : 184.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the disk
ADDRESS : 0x06B7A000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x005A0000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\System32\Drivers\btmcom.sys => Invisible on the disk
ADDRESS : 0x06B88000
SIZE    : 76.0 Ko

DRIVER  : C:\Windows\System32\cdd.dll => Invisible on the disk
ADDRESS : 0x00630000
SIZE    : 156.0 Ko

DRIVER  : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk
ADDRESS : 0x06B9B000
SIZE    : 140.0 Ko

DRIVER  : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the disk
ADDRESS : 0x06BBE000
SIZE    : 132.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\RMCAST.sys => Invisible on the disk
ADDRESS : 0x05400000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the disk
ADDRESS : 0x06BDF000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\nwifi.sys => Invisible on the disk
ADDRESS : 0x01A88000
SIZE    : 332.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndisuio.sys => Invisible on the disk
ADDRESS : 0x06A00000
SIZE    : 76.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the disk
ADDRESS : 0x030CF000
SIZE    : 96.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\vwifimp.sys => Invisible on the disk
ADDRESS : 0x06A13000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk
ADDRESS : 0x03859000
SIZE    : 804.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk
ADDRESS : 0x03922000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk
ADDRESS : 0x03940000
SIZE    : 96.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
ADDRESS : 0x03958000
SIZE    : 180.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
ADDRESS : 0x03985000
SIZE    : 312.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
ADDRESS : 0x039D3000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk
ADDRESS : 0x072F8000
SIZE    : 664.0 Ko

DRIVER  : C:\Windows\System32\Drivers\secdrv.SYS => Invisible on the disk
ADDRESS : 0x0739E000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
ADDRESS : 0x073A9000
SIZE    : 196.0 Ko

DRIVER  : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk
ADDRESS : 0x073DA000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk
ADDRESS : 0x0722B000
SIZE    : 420.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk
ADDRESS : 0x08075000
SIZE    : 608.0 Ko

DRIVER  : C:\Windows\System32\drivers\ipnat.sys => Invisible on the disk
ADDRESS : 0x0810D000
SIZE    : 188.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\WUDFRd.sys => Invisible on the disk
ADDRESS : 0x0813C000
SIZE    : 196.0 Ko

DRIVER  : C:\Windows\System32\smss.exe => Invisible on the disk
ADDRESS : 0x47F50000
SIZE    : 128.0 Ko

BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)

SystemStartOptions :  NOEXECUTE=OPTIN

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C FB 8E C0 8E D8 8B F4 BF 00   3À.м.|û.À.Ø.ô¿.
0x00000010   06 B9 00 02 FC F3 A4 EA 60 06 00 00 00 00 00 00   .¹..üó¤ê`.......
0x00000020   52 65 63 6F 76 65 72 79 4D 67 72 20 00 28 69 38   RecoveryMgr .(i8
0x00000030   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000040   00 00 00 00 00 00 00 00 00 00 00 00 00 00 0D 0A   ................
0x00000050   00 00 00 00 57 00 00 00 FF FF FF FF FF FF FF FF   ....W...........
0x00000060   86 4C BD BE 30 06 AC B4 0E 33 DB CD 10 0A C0 75   .L½¾0.¬´.3ÛÍ..Àu
0x00000070   F5 E3 0B FE 06 13 06 53 53 E8 6D 00 EB 36 B8 12   õã.þ...SSèm.ë6¸.
0x00000080   5F 66 BA 51 50 48 5F CD 15 80 E3 01 74 20 EB 24   _fºQPH_Í..ã.t ë$
0x00000090   8B 16 6C 04 FA 66 A1 1C 06 BF 54 06 B1 03 F2 66   ..l.úf¡..¿T.±.òf
0x000000A0   AF FB 74 0A A1 3D 00 00 C2 83 F8 24 76 E6 B0 01   ¯ût.¡=..Â.ø$væ°.
0x000000B0   84 C0 75 1C BB C6 7D 66 8B 37 66 8B 3E 2C 06 66   .Àu.»Æ}f.7f.>,.f
0x000000C0   3B F7 74 07 80 C3 10 73 EE EB 05 BB 28 06 EB 10   ;÷t..Ã.sîë.»(.ë.
0x000000D0   BB C2 7D 80 7F FC 00 78 07 80 C3 10 73 F5 EB FE   »Â}..ü.x..Ã.sõëþ
0x000000E0   66 FF 77 04 E8 02 00 FF E4 C8 10 00 00 B4 08 B2   f.w.è...äÈ...´.²
0x000000F0   80 CD 13 8A C1 24 3F FE C6 8A D8 F6 E6 C0 E9 06   .Í..Á$?þÆ.ØöæÀé.
0x00000100   86 CD 41 91 F7 E1 39 56 06 8B 56 06 8B 46 04 73   .ÍA.÷á9V..V..F.s
0x00000110   1C F7 F1 91 92 F6 F3 86 CD C0 E1 06 02 CC 41 8A   .÷ñ..öó.ÍÀá..ÌA.
0x00000120   F0 B8 01 02 BB 00 7C 86 26 13 06 EB 14 83 C4 10   ð¸..».|.&..ë..Ä.
0x00000130   0E 0E 52 50 0E 68 00 7C 6A 01 6A 10 8B F4 B8 00   ..RP.h.|j.j..ô¸.
0x00000140   42 B2 80 CD 13 C9 C2 04 00 1E 50 53 0E 1F BB 1B   B².Í.ÉÂ...PS..».
0x00000150   06 A0 17 04 24 0F 88 47 04 E4 60 3C E0 74 1A 3C   ....$..G.ä`<àt.<
0x00000160   1D 74 10 3C 2A 74 0C 3C 36 74 08 3C 38 74 04 84   .t.<*t.<6t.<8t..
0x00000170   C0 79 06 66 83 27 00 EB 06 FE 07 02 1F 88 07 5B   Ày.f.'.ë.þ.....[
0x00000180   58 1F EA 00 00 00 00 00 00 00 00 00 00 00 00 00   X.ê.............
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 00 00 00 75 05 4E 0C 00 00 80 20   ........u.N....
0x000001C0   21 00 07 7E 25 19 00 08 00 00 00 38 06 00 00 7E   !..~%......8...~
0x000001D0   26 19 07 FE FF FF 00 40 06 00 00 E8 62 38 00 FE   &..þ...@...èb8.þ
0x000001E0   FF FF 07 FE FF FF 00 28 69 38 00 F8 CB 01 00 FE   ...þ...(i8.øË..þ
0x000001F0   FF FF 0C FE FF FF 00 20 35 3A 30 38 03 00 55 AA   ...þ... 5:08..Uª

 

Arquivo(s) anexado(s)

  • Arquivo anexado  FSS.txt   2,33K   2 Downloads


#2
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.240 posts

xseven,

 

Por favor, observe o seguinte:

  • NÃO tente realizar sozinho nenhum procedimento de limpeza. Em especial, não execute por conta própria ferramentas utilizadas no fórum Remoção de Malware. O uso indevido de algumas ferramentas poderá danificar o seu computador ou, no mínimo, remover parcialmente os sinais de uma infecção que serviriam de informação ao analista. A equipe não será responsabilizada por consequências resultantes de uso indevido e/ou não-informado das ferramentas. - Regra nº8 da Remoção de Malwares
  • Não inicie novo tópico sobre esse problema. Poste suas respostas sempre neste tópico.
  • Clique em button_seguir.png (se localiza no canto superior direito do post principal) para que receba notificação por e-mail quando o mesmo for respondido. Você também pode verificar os tópicos assinados usando a opção Conteúdo que sigo acessível através do Painel de Controle do fórum.
  • As análises podem levar algum tempo, portanto seja paciente.
  • As instruções são específicas para o seu computador, e devem ser aplicadas somente nele.
  • Se algo der errado, não importa. Sempre acompanhe seu tópico, informando-me dos resultados, até que seu computador esteja limpo.
  • Aviso: Evite utilizar as tags <QUOTE> ou <CODE> nos logs, isso prejudica a leitura na hora da analise.
  • Não abandone seu tópico. Para nós é importante saber se a remoção foi bem sucedida.
  • Se você não receber uma resposta minha em até 5 dias. Me envie uma MP

Execute os procedimentos abaixo.

1)

Baixe o AdwCleaner e salve no desktop.
http://general-chang...de/2-adwcleaner

Execute o arquivo adwcleaner.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo adwcleaner.exe, depois clique em execadmin.png.

Clique em Remover.

Abrirá um bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.

2)

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe 1268r49.png e salve no desktop. Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

* No Windows Vista e Windows 7:

Clique com o direito sobre o JRT.exe e selecione run_as_adm1.png

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

3)

Baixe o Malwarebytes' Anti-Malware (MBAM)
http://www.majorgeek..._malware,1.html

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  • Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  • Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  • Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Em caso de dúvidas, leia o tutorial do programa:
http://linhadefensiv...showtopic=75554



#3
xseven

xseven

    Novato

  • Novato
  • Pip
  • 5 posts

Logs solicitados:

 

AdwCleaner

 

# AdwCleaner v2.304 - Relatório criado em 08/07/2013 às 19:27:41
# Atualizado em 03/07/2013 por Xplode
# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)
# Usuário : Grzgori - GRZGORI-PC
# Modo de Boot : Normal
# Executado de : C:\Users\Grzgori\Desktop\adwcleaner.exe
# Opção [Remover]


***** [Serviços] *****

Encerrado & Removido : DvmMDES

***** [Arquivos/Pastas] *****

Arquivo Removido : C:\Users\Grzgori\AppData\Roaming\Mozilla\Firefox\Profiles\515hff3n.default\searchplugins\WebSearch.xml
Arquivo Removido : C:\Windows\Tasks\Dealply.job
Pasta Removido : C:\Program Files (x86)\DealPly
Pasta Removido : C:\ProgramData\InstallMate
Pasta Removido : C:\Users\Grzgori\AppData\Local\Temp\boost_interprocess
Pasta Removido : C:\Users\Grzgori\AppData\Roaming\DealPly
Pasta Removido : C:\Users\Grzgori\AppData\Roaming\Funmoods
Pasta Removido : C:\Users\Grzgori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Pasta Removido : C:\Users\XseVenM\AppData\Local\Temp\boost_interprocess

***** [Registro] *****

Chave Removida : HKCU\Software\AppDataLow\SProtector
Chave Removida : HKCU\Software\DealPly
Chave Removida : HKCU\Software\InstallCore
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3728BA43-F94F-42A4-9E8D-00B930D1DB28}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3728BA43-F94F-42A4-9E8D-00B930D1DB28}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Chave Removida : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Chave Removida : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Chave Removida : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Chave Removida : HKLM\Software\DealPly
Chave Removida : HKLM\Software\DeviceVM
Chave Removida : HKLM\Software\InstallCore
Chave Removida : HKLM\Software\SP Global
Chave Removida : HKLM\Software\SProtector
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3728BA43-F94F-42A4-9E8D-00B930D1DB28}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3728BA43-F94F-

42A4-9E8D-00B930D1DB28}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

***** [Navegadores] *****

-\\ Internet Explorer v8.0.7601.17514

Substituído : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] =

hxxp://websearch.searchdwebs.info/?pid=947&r=2013/07/04&hid=2106219494&lg=EN&cc=BR&unqvl=22 --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (pt-BR)

Arquivo : C:\Users\Grzgori\AppData\Roaming\Mozilla\Firefox\Profiles\515hff3n.default\prefs.js

C:\Users\Grzgori\AppData\Roaming\Mozilla\Firefox\Profiles\515hff3n.default\user.js ... Removido !

Removida : user_pref("aol_toolbar.default.homepage.check", false);
Removida : user_pref("aol_toolbar.default.search.check", false);
Removida : user_pref("browser.search.defaultenginename,S", "WebSearch");
Removida : user_pref("browser.search.defaulturl", "hxxp://websearch.searchdwebs.info/?pid=947&r=2013/07/04&hid=[...]
Removida : user_pref("browser.search.order.1", "WebSearch");
Removida : user_pref("browser.search.order.1,S", "WebSearch");
Removida : user_pref("browser.search.selectedEngine", "Funmoods");
Removida : user_pref("browser.search.selectedEngine,S", "WebSearch");
Removida : user_pref("extensions.51d501623627c.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Removida : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Removida : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Removida : user_pref("extensions.funmoods.aflt", "1543n");
Removida : user_pref("extensions.funmoods.appId", "{EA28B360-05E0-4F93-8150-02891F1D8D3C}");
Removida : user_pref("extensions.funmoods.cd", "2XzuyEtN2Y1L1Qzu0EtDtB0AzztB0D0AtC0CyE0BtBtCtC0CtN0D0Tzu0CyDyDt[...]
Removida : user_pref("extensions.funmoods.cntry", "BR");
Removida : user_pref("extensions.funmoods.cr", "864340132");
Removida : user_pref("extensions.funmoods.cv", "cv5");
Removida : user_pref("extensions.funmoods.dfltLng", "");
Removida : user_pref("extensions.funmoods.dfltSrch", true);
Removida : user_pref("extensions.funmoods.dnsErr", true);
Removida : user_pref("extensions.funmoods.excTlbr", false);
Removida : user_pref("extensions.funmoods.hdrMd5", "E4B7F3B6F494CDAFDE7428933A6888C4");
Removida : user_pref("extensions.funmoods.hmpg", true);
Removida : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=1543n&cd=2XzuyEtN2Y1L1Qzu[...]
Removida : user_pref("extensions.funmoods.id", "E02A82DA1C4B211C");
Removida : user_pref("extensions.funmoods.instlDay", "15891");
Removida : user_pref("extensions.funmoods.instlRef", "");
Removida : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=1543n&cd=2XzuyEtN2Y1L1Q[...]
Removida : user_pref("extensions.funmoods.pnu_base", "{\"newVrsn\":\"198\",\"lastVrsn\":\"198\",\"vrsnLoad\":\"[...]
Removida : user_pref("extensions.funmoods.prdct", "funmoods");
Removida : user_pref("extensions.funmoods.prtnrId", "funmoods");
Removida : user_pref("extensions.funmoods.sg", "none");
Removida : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
Removida : user_pref("extensions.funmoods.tlbrId", "base");
Removida : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=1543n&cd=2XzuyEtN2Y1L[...]
Removida : user_pref("extensions.funmoods.vrsn", "1.8.11.0");
Removida : user_pref("extensions.funmoods.vrsni", "1.8.11.0");
Removida : user_pref("extensions.funmoods_i.hmpg", true);
Removida : user_pref("extensions.funmoods_i.newTab", false);
Removida : user_pref("extensions.funmoods_i.smplGrp", "none");
Removida : user_pref("extensions.funmoods_i.vrsnTs", "1.8.11.012:54:9");
Removida : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "WebSearch");
Removida : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "WebSearch");
Removida : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://websearch.searchdwebs.info/?p[...]
Removida : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://websearch.searchdwebs.info/?pid=947&r=2013[...]
Removida : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Removida : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Removida : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Removida : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v27.0.1453.116

Arquivo : C:\Users\Grzgori\AppData\Local\Google\Chrome\User Data\Default\Preferences

Removida [l.1952] : homepage = "hxxp://websearch.searchdwebs.info/?pid=947&r=2013/07/04&hid=2106219494&lg=EN&cc=BR&u[...]
Removida [l.2119] : urls_to_restore_on_startup = [ "hxxp://websearch.searchdwebs.info/?pid=947&r=2013/07/04&hid=2[...]

*************************

AdwCleaner[S1].txt - [344 octets] - [08/07/2013 19:27:05]
AdwCleaner[S2].txt - [10469 octets] - [08/07/2013 19:27:41]

########## EOF - C:\AdwCleaner[S2].txt - [10530 octets] ##########

 

 

 

 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.0 (07.08.2013:4)
OS: Windows 7 Home Premium x64
Ran by Grzgori on 08/07/2013 at 19:40:27,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Grzgori\appdata\local\{3EB84A6A-BE52-44E3-9710-67D5CD6F6A22}
Successfully deleted: [Empty Folder] C:\Users\Grzgori\appdata\local\{C75F4DFC-6964-4209-8FE1-20F420DFF522}



~~~ FireFox

Emptied folder: C:\Users\Grzgori\AppData\Roaming\mozilla\firefox\profiles\515hff3n.default\minidumps [88 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/07/2013 at 19:44:59,33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Malwarebytes Anti-Malware

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Versão da Base de Dados:  v2013.04.04.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Grzgori :: GRZGORI-PC [administrador]

08/07/2013 19:45:48
mbam-log-2013-07-08 (19-45-48).txt

Tipo de Verificação:  Verificação Rápida
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados:  242675
Tempo decorrido: 4 minuto(s), 26 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0
(Não foram detectados ítens maliciosos)

(fim)

 



#4
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.240 posts

Bom dia.

 

Faça o download do OTL by OldTimer, e salve na sua área de trabalho:
http://oldtimer.geekstogo.com/OTL.exe

** Usuários do Windows Vista e Windows 7/8:
Clique com o direito sobre o arquivo OTL.exe, depois clique em execadmin.png
.

Onde diz Saída, marque Padrão
Marque também estas opções:

  • Data de Criação -> mude para 90 dias
  • Usar WhiteList para Nomes de Companhias.

  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

netsvcs
%SYSTEMDRIVE%\*.*
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%PROGRAMFILES%(x86)\*.*
%LOCALAPPDATA%\*.exe
%LOCALAPPDATA%\*.txt
%LOCALAPPDATA%\*.ini
%LOCALAPPDATA%\*.dll
%LOCALAPPDATA%\*.dat
%USERPROFILE%\*.exe
%USERPROFILE%\*.txt
%USERPROFILE%\*.ini
%USERPROFILE%\*.dll
%USERPROFILE%\*.dat /30
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.com
%systemroot%\*.scr
%appdata%\*.*
%programdata%\*.*
%programdata%\*.exe /s
%programdata%\*.dll /s
%PROGRAMFILES%\Internet Explorer\*.*
C:\windows\system32\Tasks\*.* /64
%windir%\tasks\*.* /s

CREATERESTOREPOINT
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP
HKCU\Software\Microsoft\Internet Explorer\Downloads

%systemdrive%\$Recycle.Bin|@;true;true;true /fp
Net User /c

/md5start

services.*

/md5stop

 

Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão verif.png

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt
Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.
Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.



#5
xseven

xseven

    Novato

  • Novato
  • Pip
  • 5 posts

o log do OTL:

 

OTL logfile created on: 09/07/2013 20:05:05 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Grzgori\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
3,75 Gb Total Physical Memory | 2,57 Gb Available Physical Memory | 68,69% Memory free
7,49 Gb Paging File | 5,57 Gb Available in Paging File | 74,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,09 Gb Total Space | 194,22 Gb Free Space | 43,06% Space Free | Partition Type: NTFS
Drive D: | 14,37 Gb Total Space | 2,06 Gb Free Space | 14,36% Space Free | Partition Type: NTFS
Drive E: | 99,02 Mb Total Space | 92,73 Mb Free Space | 93,65% Space Free | Partition Type: FAT32
 
Computer Name: GRZGORI-PC | User Name: Grzgori | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/09 20:00:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Grzgori\Desktop\OTL.exe
PRC - [2013/06/11 16:07:18 | 000,308,248 | ---- | M] () -- C:\Program Files (x86)\Driver LM\lmservice.exe
PRC - [2013/01/04 19:31:53 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/20 09:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/05/10 19:12:54 | 000,314,216 | ---- | M] (Mobile Leader Co.,Ltd.) -- C:\Program Files (x86)\LG Electronics\LG PC Suite IV\DeviceMgr.exe
PRC - [2010/05/10 19:12:52 | 000,129,896 | ---- | M] (Mobile Leader Co.,Ltd.) -- C:\Program Files (x86)\LG Electronics\LG PC Suite IV\ConnectionMgr.exe
PRC - [2010/05/10 19:12:48 | 002,363,240 | ---- | M] (Mobile Leader Co.,Ltd.) -- C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe
PRC - [2010/05/10 19:12:44 | 001,452,392 | ---- | M] () -- C:\Program Files (x86)\LG Electronics\LG PC Suite IV\InternetKit.exe
PRC - [2010/05/10 19:12:42 | 000,629,608 | ---- | M] (Mobile Leader Co.,Ltd.) -- C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LGUX.exe
PRC - [2007/05/28 13:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010/05/10 19:12:44 | 001,452,392 | ---- | M] () -- C:\Program Files (x86)\LG Electronics\LG PC Suite IV\InternetKit.exe
MOD - [2010/02/22 11:19:10 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/02/22 11:19:08 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/02/22 11:19:08 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010/03/03 04:12:14 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/08 13:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV - [2013/07/03 03:17:26 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/11 16:07:18 | 000,308,248 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Driver LM\lmservice.exe -- (LM Service)
SRV - [2013/01/04 19:31:53 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe -- (BBUpdate)
SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe -- (BBSvc)
SRV - [2012/04/16 19:11:32 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Arquivos de Programas\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2012/04/16 19:11:27 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/11/26 22:53:56 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Arquivos de Programas\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2011/11/26 22:53:56 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Arquivos de Programas\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 12:11:36 | 000,661,768 | ---- | M] (Motorola, Inc.) [Auto | Running] -- C:\Arquivos de Programas\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2010/03/05 11:50:32 | 004,163,848 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Arquivos de Programas\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager)
SRV - [2010/03/05 11:50:24 | 001,040,136 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Arquivos de Programas\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service)
SRV - [2010/01/27 14:01:04 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Arquivos de Programas\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2010/01/18 15:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Arquivos de Programas\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/28 13:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013/05/24 11:28:52 | 000,041,008 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\lmservicedrv.sys -- (lmservicedrv)
DRV:64bit: - [2011/11/26 22:53:57 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/09/09 00:08:31 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 10:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 08:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010/11/20 06:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/04/10 16:10:26 | 000,925,536 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/03/05 11:51:00 | 000,464,384 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmusb.sys -- (BTMUSB)
DRV:64bit: - [2010/03/03 04:23:12 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/03 03:07:34 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/01 16:04:48 | 000,052,224 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmcom.sys -- (BTMMODEM)
DRV:64bit: - [2010/03/01 16:04:48 | 000,052,224 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmcom.sys -- (BTMCOM)
DRV:64bit: - [2010/01/29 20:30:10 | 000,020,056 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dvmio.sys -- (DVMIO)
DRV:64bit: - [2010/01/28 14:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/22 15:26:50 | 000,305,200 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/01/21 02:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2010/01/21 02:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2010/01/21 02:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2009/12/22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/11/06 03:15:40 | 000,291,328 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/09/29 08:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort)
DRV:64bit: - [2009/09/29 08:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM)
DRV:64bit: - [2009/09/29 08:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtbs64.sys -- (lgbusenum)
DRV:64bit: - [2009/08/23 22:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/08/17 18:58:58 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/08 13:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 13:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/06/10 18:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 18:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 18:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 17:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 17:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 17:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2010/02/22 17:23:46 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/05/23 23:02:12] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/3
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{9B7BA4B2-550E-4EF1-8B14-7B74E9FDF1C1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{9B7BA4B2-550E-4EF1-8B14-7B74E9FDF1C1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{9B7BA4B2-550E-4EF1-8B14-7B74E9FDF1C1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com.br/"
FF - prefs.js..extensions.enabledAddons: %7B00ADD29A-66F4-4f22-BCC0-4C1D29DA647B%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Grzgori\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Grzgori\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files\VDownloader\Addons\npVDownloader.dll (Vitzo)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}: C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}\ [2013/06/13 20:16:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/09/06 18:44:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@vdownloader.com: C:\Program Files\VDownloader\Addons\FireFox [2012/09/05 21:24:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/08/14 20:53:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Grzgori\AppData\Roaming\mozilla\Extensions
[2013/07/05 12:57:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Grzgori\AppData\Roaming\mozilla\Firefox\Profiles\515hff3n.default\extensions
[2013/07/03 03:17:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/07/03 03:17:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/07/03 03:17:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/07/03 03:17:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013/07/03 03:17:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/13 20:16:57 | 000,000,000 | ---D | M] (LG Air Sync) -- C:\PROGRAM FILES (X86)\LG ELECTRONICS\LG PC SUITE IV\LINKAIR\{00ADD29A-66F4-4F22-BCC0-4C1D29DA647B}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
 
O1 HOSTS File: ([2013/06/21 15:26:33 | 000,001,198 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 sls.microsoft.com
O1 - Hosts: 127.0.0.1 genuine.microsoft.com
O1 - Hosts: 127.0.0.1 wat.microsoft.com
O1 - Hosts: 127.0.0.1 mpa.microsoft.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [AutoKMS] C:\Windows\AutoKMS.exe File not found
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll (Motorola, Inc.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Arquivos de Programas\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Arquivos de Programas\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [LG LinkAir] C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe (Mobile Leader Co.,Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Valve\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : E&nviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Notas Ligadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : &Notas Ligadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04A4C453-F95C-4CDA-8BA7-C2AE2ACD0910}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7D4D81F-1D2C-41DD-A1C4-6CA83ED83E2C}: NameServer = 189.40.224.80 189.40.226.80
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/07/04 02:36:00 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{77db86ad-c486-11e0-b020-ab91000fe12c}\Shell - "" = AutoRun
O33 - MountPoints2\{77db86ad-c486-11e0-b020-ab91000fe12c}\Shell\AutoRun\command - "" = K:\LGAutoRun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LGAutoRun.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 90 Days ==========
 
[2013/07/09 19:56:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Grzgori\Desktop\OTL.exe
[2013/07/08 22:03:07 | 000,000,000 | ---D | C] -- C:\Users\Grzgori\Desktop\werliiii
[2013/07/08 19:40:24 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/07 02:10:24 | 000,147,456 | ---- | C] (Eric_71) -- C:\Users\Grzgori\Desktop\MbrScan.exe
[2013/07/07 01:58:19 | 000,356,399 | ---- | C] (Farbar) -- C:\Users\Grzgori\Desktop\FSS.exe
[2013/07/07 01:53:55 | 000,000,000 | ---D | C] -- C:\Users\Grzgori\Desktop\HijackThis
[2013/07/07 01:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/07/07 01:09:33 | 000,000,000 | ---D | C] -- C:\Users\Grzgori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/07/06 00:52:49 | 000,000,000 | ---D | C] -- C:\Users\Grzgori\AppData\Roaming\Media Player Classic
[2013/07/06 00:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
[2013/07/06 00:52:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MPC-HC
[2013/07/05 12:54:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver LM
[2013/07/05 12:52:49 | 000,000,000 | ---D | C] -- C:\Users\Grzgori\AppData\Roaming\GetRightToGo
[2013/07/04 12:00:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/07/04 02:35:32 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/07/04 02:34:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/07/04 02:02:24 | 000,000,000 | ---D | C] -- C:\Users\Grzgori\AppData\Roaming\EZDownloader
[2013/07/04 01:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp
[2013/07/04 01:04:46 | 000,000,000 | ---D | C] -- C:\Users\Grzgori\AppData\Roaming\Free Desktop Clock 3
[2013/07/04 01:04:08 | 000,000,000 | ---D | C] -- C:\Users\Grzgori\AppData\Local\Programs
[2013/07/03 03:17:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/07/02 18:31:21 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013/06/23 14:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver
[2013/06/23 14:56:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\STALKER-STCS
[2013/06/23 14:50:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deep Silver
[2013/06/16 13:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Demolition Racer Demo
[2013/06/13 20:16:58 | 000,000,000 | ---D | C] -- C:\Users\Grzgori\AppData\Local\LG Electronics
[2013/06/13 20:16:57 | 000,000,000 | ---D | C] -- C:\Users\Grzgori\Documents\LG PC Suite IV
[2013/06/13 20:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG PC Suite IV
[2013/05/24 11:28:52 | 000,041,008 | ---- | C] (NetFilterSDK.com) -- C:\Windows\SysNative\drivers\lmservicedrv.sys
[2013/05/21 21:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2013/07/09 20:00:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Grzgori\Desktop\OTL.exe
[2013/07/09 19:40:47 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2657562104-1521744097-369675392-1000UA.job
[2013/07/09 19:40:47 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/09 19:39:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/09 18:20:32 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2657562104-1521744097-369675392-1000Core.job
[2013/07/09 18:19:39 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/08 22:03:22 | 000,259,904 | ---- | M] () -- C:\Users\Grzgori\Desktop\1.png
[2013/07/08 19:38:05 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/08 19:38:05 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/08 19:29:08 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/08 19:25:52 | 000,650,027 | ---- | M] () -- C:\Users\Grzgori\Desktop\adwcleaner.exe
[2013/07/07 02:11:41 | 000,000,512 | ---- | M] () -- C:\Users\Grzgori\Desktop\Dump_Hdd0_DR0.mbr
[2013/07/07 02:10:25 | 000,147,456 | ---- | M] (Eric_71) -- C:\Users\Grzgori\Desktop\MbrScan.exe
[2013/07/07 01:58:20 | 000,356,399 | ---- | M] (Farbar) -- C:\Users\Grzgori\Desktop\FSS.exe
[2013/07/07 01:43:35 | 000,058,368 | ---- | M] () -- C:\Users\Grzgori\AppData\Local\NAV
[2013/07/07 01:43:35 | 000,057,856 | ---- | M] () -- C:\Users\Grzgori\AppData\Local\NIS
[2013/07/07 01:43:35 | 000,057,856 | ---- | M] () -- C:\Users\Grzgori\AppData\Local\N360
[2013/07/07 01:13:06 | 001,634,792 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/07 01:13:06 | 000,705,984 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2013/07/07 01:13:06 | 000,654,552 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/07 01:13:06 | 000,146,710 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2013/07/07 01:13:06 | 000,121,424 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/07 01:09:34 | 000,001,320 | ---- | M] () -- C:\Users\Grzgori\Desktop\Revo Uninstaller.lnk
[2013/07/06 00:52:29 | 000,001,137 | ---- | M] () -- C:\Users\Grzgori\Desktop\MPC-HC.lnk
[2013/07/05 13:00:16 | 000,002,035 | ---- | M] () -- C:\Users\Grzgori\Desktop\Incoming.lnk
[2013/07/04 11:22:37 | 000,001,165 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/04 02:36:00 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/07/03 01:36:25 | 000,001,471 | ---- | M] () -- C:\Users\Grzgori\Desktop\emule - Atalho.lnk
[2013/06/23 14:57:19 | 000,002,369 | ---- | M] () -- C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Clear Sky.lnk
[2013/06/21 17:47:52 | 000,183,112 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/06/13 20:16:57 | 000,001,284 | ---- | M] () -- C:\Users\Public\Desktop\LG PC Suite IV.lnk
[2013/06/13 20:02:31 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGrzgori.job
[2013/05/24 11:28:52 | 000,041,008 | ---- | M] (NetFilterSDK.com) -- C:\Windows\SysNative\drivers\lmservicedrv.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/08 22:03:18 | 000,259,904 | ---- | C] () -- C:\Users\Grzgori\Desktop\1.png
[2013/07/08 19:20:06 | 000,650,027 | ---- | C] () -- C:\Users\Grzgori\Desktop\adwcleaner.exe
[2013/07/07 01:56:27 | 000,000,512 | ---- | C] () -- C:\Users\Grzgori\Desktop\Dump_Hdd0_DR0.mbr
[2013/07/07 01:43:35 | 000,058,368 | ---- | C] () -- C:\Users\Grzgori\AppData\Local\NAV
[2013/07/07 01:43:35 | 000,057,856 | ---- | C] () -- C:\Users\Grzgori\AppData\Local\NIS
[2013/07/07 01:43:35 | 000,057,856 | ---- | C] () -- C:\Users\Grzgori\AppData\Local\N360
[2013/07/06 00:52:29 | 000,001,137 | ---- | C] () -- C:\Users\Grzgori\Desktop\MPC-HC.lnk
[2013/07/04 11:22:37 | 000,001,165 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/04 02:36:00 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/07/03 01:36:25 | 000,001,471 | ---- | C] () -- C:\Users\Grzgori\Desktop\emule - Atalho.lnk
[2013/07/02 14:31:50 | 000,002,035 | ---- | C] () -- C:\Users\Grzgori\Desktop\Incoming.lnk
[2013/06/23 14:57:19 | 000,002,369 | ---- | C] () -- C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Clear Sky.lnk
[2013/06/13 20:16:57 | 000,001,284 | ---- | C] () -- C:\Users\Public\Desktop\LG PC Suite IV.lnk
[2013/01/12 11:58:05 | 000,000,017 | ---- | C] () -- C:\Users\Grzgori\AppData\Local\resmon.resmoncfg
[2013/01/04 19:32:16 | 000,183,112 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/01/04 19:31:53 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/09/05 21:24:59 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2011/12/31 03:03:23 | 000,000,384 | ---- | C] () -- C:\Windows\asr.INI
[2011/12/21 22:47:23 | 000,000,035 | ---- | C] () -- C:\Windows\A5W.INI
[2011/11/30 19:55:06 | 000,017,408 | ---- | C] () -- C:\Users\Grzgori\AppData\Local\WebpageIcons.db
[2011/11/19 22:27:23 | 000,090,112 | ---- | C] () -- C:\Windows\Cuninst.exe
[2011/11/12 14:57:31 | 000,000,295 | ---- | C] () -- C:\Windows\EReg072.dat
[2011/10/14 18:54:10 | 001,603,496 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/14 18:47:46 | 000,000,161 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2011/08/25 23:54:14 | 000,000,418 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/08/14 20:53:24 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/08/12 19:18:54 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 07:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 05:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/02/23 22:08:49 | 000,000,000 | ---D | M] -- C:\Users\Grzgori\AppData\Roaming\Canon
[2013/07/04 02:06:20 | 000,000,000 | ---D | M] -- C:\Users\Grzgori\AppData\Roaming\EZDownloader
[2013/07/04 01:05:25 | 000,000,000 | ---D | M] -- C:\Users\Grzgori\AppData\Roaming\Free Desktop Clock 3
[2013/07/05 12:53:24 | 000,000,000 | ---D | M] -- C:\Users\Grzgori\AppData\Roaming\GetRightToGo
[2011/08/19 20:47:47 | 000,000,000 | ---D | M] -- C:\Users\Grzgori\AppData\Roaming\SoftGrid Client
[2011/08/25 20:58:09 | 000,000,000 | ---D | M] -- C:\Users\Grzgori\AppData\Roaming\Tific
[2011/08/25 23:44:19 | 000,000,000 | ---D | M] -- C:\Users\Grzgori\AppData\Roaming\TP
[2013/03/29 14:20:35 | 000,000,000 | ---D | M] -- C:\Users\Grzgori\AppData\Roaming\uTorrent
[2012/09/05 21:25:35 | 000,000,000 | ---D | M] -- C:\Users\Grzgori\AppData\Roaming\VDownloader
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2013/07/08 19:27:05 | 000,000,344 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2013/07/08 19:28:01 | 000,010,566 | ---- | M] () -- C:\AdwCleaner[S2].txt
[2013/07/04 02:36:00 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2009/07/13 22:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2013/07/08 19:29:08 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/08 19:29:13 | 4021,182,464 | -HS- | M] () -- C:\pagefile.sys
 
< %systemdrive%\drivers\*.exe >
 
< %systemroot%\system32\drivers\*.* /90 >
 
< %PROGRAMFILES%(x86)\*.* >
 
< %LOCALAPPDATA%\*.exe >
 
< %LOCALAPPDATA%\*.txt >
 
< %LOCALAPPDATA%\*.ini >
 
< %LOCALAPPDATA%\*.dll >
 
< %LOCALAPPDATA%\*.dat >
[2012/06/24 14:15:40 | 000,115,288 | ---- | M] () -- C:\Users\Grzgori\AppData\Local\GDIPFONTCACHEV1.DAT
 
< %USERPROFILE%\*.exe >
 
< %USERPROFILE%\*.txt >
 
< %USERPROFILE%\*.ini >
[2011/08/11 19:50:53 | 000,000,020 | -HS- | M] () -- C:\Users\Grzgori\ntuser.ini
 
< %USERPROFILE%\*.dll >
 
< %USERPROFILE%\*.dat /30 >
[2013/07/09 20:06:19 | 005,767,168 | -HS- | M] () -- C:\Users\Grzgori\ntuser.dat
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/10 17:49:50 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.com >
[2009/07/14 02:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 02:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 02:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 02:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\*.scr >
[2009/07/10 12:25:40 | 000,307,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
< %appdata%\*.* >
 
< %programdata%\*.* >
[2011/05/23 23:14:20 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2010/05/31 18:05:43 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2011/05/23 23:13:50 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2010/05/31 18:01:16 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2011/05/23 23:13:32 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2011/05/23 23:14:07 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2010/05/31 18:00:19 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2010/05/31 18:05:08 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2011/05/23 23:14:32 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
 
< %programdata%\*.exe /s >
[2010/09/21 15:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.3\ARM\29642\AcrobatUpdater.exe
[2010/09/21 15:37:40 | 000,932,288 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.3\ARM\29642\AdobeARM.exe
[2010/09/21 15:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.3\ARM\29642\ReaderUpdater.exe
[2012/01/03 04:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\17654\AcrobatUpdater.exe
[2012/01/03 04:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\17654\AdobeARM.exe
[2012/01/03 04:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\17654\AdobeARMHelper.exe
[2012/01/03 04:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\17654\ReaderUpdater.exe
[2012/01/03 04:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\18686\AcrobatUpdater.exe
[2012/01/03 04:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\18686\AdobeARM.exe
[2012/01/03 04:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\18686\AdobeARMHelper.exe
[2012/01/03 04:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\18686\ReaderUpdater.exe
[2012/01/03 04:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\27116\AcrobatUpdater.exe
[2012/01/03 04:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\27116\AdobeARM.exe
[2012/01/03 04:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\27116\AdobeARMHelper.exe
[2012/01/03 04:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\27116\ReaderUpdater.exe
[2013/04/04 18:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.5\ARM\27251\AcrobatUpdater.exe
[2013/04/04 18:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.5\ARM\27251\AdobeARM.exe
[2013/04/04 18:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.5\ARM\27251\AdobeARMHelper.exe
[2013/04/04 18:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.5\ARM\27251\ReaderUpdater.exe
[2013/07/04 11:22:06 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2012/11/02 19:14:00 | 008,795,216 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
[2010/03/31 15:05:54 | 001,100,664 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\Office14\setup.exe
[2010/03/24 12:51:54 | 000,838,536 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\Office14\Office.pt-br\DW20.EXE
[2010/03/24 12:52:00 | 000,519,584 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\Office14\Office.pt-br\dwtrig20.exe
[2010/03/31 15:06:10 | 000,149,352 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\Office14\SingleImage.WW\ose.exe
[2010/02/28 21:33:12 | 005,336,456 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\pt-br\Office.exe
[2010/03/31 13:18:24 | 001,629,104 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\pt-br\SetupConsumerC2R.exe
[2010/03/31 13:18:24 | 001,629,104 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\pt-br\SetupConsumerC2ROLW.exe
[2009/10/28 09:48:14 | 000,907,552 | ---- | M] () -- C:\ProgramData\Ralink Driver\RT2860 Wireless LAN Card\Driver\RaInst64.exe
[2008/08/06 16:32:38 | 000,047,616 | ---- | M] () -- C:\ProgramData\Ralink Driver\RT2860 Wireless LAN Card\Driver\RaIOx64.exe
[2011/05/23 23:10:38 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Temp\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
[2011/05/23 23:14:11 | 000,053,319 | ---- | M] ( ) -- C:\ProgramData\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
[2010/05/31 18:05:12 | 000,053,319 | ---- | M] ( ) -- C:\ProgramData\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
[2011/05/23 23:13:36 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
[2011/05/23 23:02:37 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Temp\{3023EBDA-BF1B-4831-B347-E5018555F26E}\PostBuild.exe
[2010/05/31 18:00:24 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
[2010/05/31 17:07:08 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Temp\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\PostBuild.exe
[2011/05/23 23:13:12 | 000,053,319 | ---- | M] ( ) -- C:\ProgramData\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
[2011/05/23 23:12:49 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
[2011/05/23 23:06:31 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Temp\{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}\PostBuild.exe
[2011/05/23 23:08:13 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Temp\{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}\PostBuild.exe
[2011/05/23 23:13:57 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
[2010/05/31 17:59:57 | 000,053,319 | ---- | M] ( ) -- C:\ProgramData\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
[2010/05/31 18:01:22 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
[2011/05/23 23:04:41 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Temp\{D12E3E7F-1B13-4933-A915-16C7DD37A095}\PostBuild.exe
[2011/05/23 23:14:24 | 000,053,319 | ---- | M] ( ) -- C:\ProgramData\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
[2011/05/23 23:01:10 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Temp\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\PostBuild.exe
[2011/05/23 23:09:35 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Temp\{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}\PostBuild.exe
[2011/05/23 23:03:44 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Temp\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}\PostBuild.exe
 
< %programdata%\*.dll /s >
[2010/09/21 15:37:40 | 000,070,584 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.3\ARM\29642\AdobeExtractFiles.dll
[2010/04/19 05:20:00 | 000,182,784 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0401\CNMlr9W.dll
[2010/04/19 05:20:00 | 000,076,288 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0401\CNMsr9W.dll
[2010/04/19 05:20:00 | 000,419,328 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0401\CNMur9W.dll
[2010/04/19 05:20:00 | 000,074,752 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0404\CNMlr9W.dll
[2010/04/19 05:20:00 | 000,031,232 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0404\CNMsr9W.dll
[2010/04/19 05:20:00 | 000,267,776 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0404\CNMur9W.dll
[2010/04/19 05:20:00 | 000,197,632 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0405\CNMlr9W.dll
[2010/04/19 05:20:00 | 000,081,408 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0405\CNMsr9W.dll
[2010/04/19 05:20:00 | 000,434,176 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0405\CNMur9W.dll
[2010/04/19 05:20:00 | 000,201,728 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0406\CNMlr9W.dll
[2010/04/19 05:20:00 | 000,083,456 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0406\CNMsr9W.dll
[2010/04/19 05:20:00 | 000,437,248 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0406\CNMur9W.dll
[2010/04/19 05:20:00 | 000,232,448 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0407\CNMlr9W.dll
[2010/04/19 05:20:00 | 000,096,768 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0407\CNMsr9W.dll
[2010/04/19 05:20:00 | 000,464,896 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0407\CNMur9W.dll
[2010/04/19 05:20:00 | 000,234,496 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0408\CNMlr9W.dll
[2010/04/19 05:20:00 | 000,095,232 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0408\CNMsr9W.dll
[2010/04/19 05:20:00 | 000,475,648 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0408\CNMur9W.dll
[2010/02/04 05:00:00 | 000,189,952 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0409\CNMlr9W.dll
[2010/02/04 05:00:00 | 000,078,336 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0409\CNMsr9W.dll
[2010/02/04 05:00:00 | 000,418,816 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0409\CNMur9W.dll
[2010/04/19 05:20:00 | 000,185,344 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\040b\CNMlr9W.dll
[2010/04/19 05:20:00 | 000,074,752 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\040b\CNMsr9W.dll
[2010/04/19 05:20:00 | 000,423,424 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\040b\CNMur9W.dll
[2010/04/19 05:20:00 | 000,228,864 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\040c\CNMlr9W.dll
[2010/04/19 05:20:00 | 000,093,696 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\040c\CNMsr9W.dll
[2010/04/19 05:20:00 | 000,472,064 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\040c\CNMur9W.dll
[2010/04/19 05:20:00 | 000,201,728 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\040e\CNMlr9W.dll
[2010/04/19 05:20:00 | 000,083,968 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\040e\CNMsr9W.dll
[2010/04/19 05:20:00 | 000,441,856 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\040e\CNMur9W.dll
[2010/04/19 05:20:00 | 000,226,304 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0410\CNMlr9W.dll
[2010/04/19 05:20:00 | 000,094,208 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0410\CNMsr9W.dll
[2010/04/19 05:20:00 | 000,467,968 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0410\CNMur9W.dll
[2010/02/04 05:00:00 | 000,103,424 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0411\CNMlr9W.dll
[2010/02/04 05:00:00 | 000,045,568 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0411\CNMsr9W.dll
[2010/02/04 05:00:00 | 000,300,544 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0411\CNMur9W.dll
[2010/04/19 05:20:00 | 000,106,496 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0412\CNMlr9W.dll
[2010/04/19 05:20:00 | 000,045,056 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0412\CNMsr9W.dll
[2010/04/19 05:20:00 | 000,306,688 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0412\CNMur9W.dll
[2010/04/19 05:20:00 | 000,218,624 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0413\CNMlr9W.dll
[2010/04/19 05:20:00 | 000,087,552 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0413\CNMsr9W.dll
[2010/04/19 05:20:00 | 000,455,168 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0413\CNMur9W.dll
[2010/04/19 05:20:00 | 000,194,560 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0414\CNMlr9W.dll
[2010/04/19 05:20:00 | 000,077,312 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0414\CNMsr9W.dll
[2010/04/19 05:20:00 | 000,424,448 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0414\CNMur9W.dll
[2010/04/19 05:20:00 | 000,219,136 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0415\CNMlr9W.dll
[2010/04/19 05:20:00 | 000,091,648 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0415\CNMsr9W.dll
[2010/04/19 05:20:00 | 000,453,632 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0415\CNMur9W.dll
[2010/04/19 05:20:00 | 000,203,776 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0419\CNMlr9W.dll
[2010/04/19 05:20:00 | 000,082,944 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0419\CNMsr9W.dll
[2010/04/19 05:20:00 | 000,442,368 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0419\CNMur9W.dll
[2010/04/19 05:20:00 | 000,194,048 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\041D\CNMlr9W.dll
[2010/04/19 05:20:00 | 000,078,336 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\041D\CNMsr9W.dll
[2010/04/19 05:20:00 | 000,428,544 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\041D\CNMur9W.dll
[2010/04/19 05:20:00 | 000,168,448 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\041E\CNMlr9W.dll
[2010/04/19 05:20:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\041E\CNMsr9W.dll
[2010/04/19 05:20:00 | 000,413,696 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\041E\CNMur9W.dll
[2010/04/19 05:20:00 | 000,195,584 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\041F\CNMlr9W.dll
[2010/04/19 05:20:00 | 000,079,360 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\041F\CNMsr9W.dll
[2010/04/19 05:20:00 | 000,430,080 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\041F\CNMur9W.dll
[2010/04/19 05:20:00 | 000,201,216 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0421\CNMlr9W.dll
[2010/04/19 05:20:00 | 000,083,456 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0421\CNMsr9W.dll
[2010/04/19 05:20:00 | 000,452,608 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0421\CNMur9W.dll
[2010/04/19 05:20:00 | 000,072,192 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0804\CNMlr9W.dll
[2010/04/19 05:20:00 | 000,030,720 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0804\CNMsr9W.dll
[2010/04/19 05:20:00 | 000,263,680 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0804\CNMur9W.dll
[2010/04/19 05:20:00 | 000,208,896 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0816\CNMlr9W.dll
[2010/04/19 05:20:00 | 000,088,064 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0816\CNMsr9W.dll
[2010/04/19 05:20:00 | 000,451,072 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0816\CNMur9W.dll
[2010/04/19 05:20:00 | 000,227,840 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0c0a\CNMlr9W.dll
[2010/04/19 05:20:00 | 000,093,696 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0c0a\CNMsr9W.dll
[2010/04/19 05:20:00 | 000,473,088 | ---- | M] (CANON INC.) -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MP250 series Printer\LanguageModules\0c0a\CNMur9W.dll
[2010/01/04 17:02:34 | 000,034,088 | ---- | M] (CyberLink) -- C:\ProgramData\CyberLink\Power2Go\P2GoGadget.dll
[2009/12/15 14:49:50 | 000,016,680 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\ProgramData\Hewlett-Packard\System Default Settings - TDC\muires.dll
[2009/06/10 17:31:21 | 000,015,616 | ---- | M] (Microsoft Corp.) -- C:\ProgramData\Microsoft\IdentityCRL\ppcrlconfig.dll
[2009/06/10 17:31:21 | 000,254,216 | ---- | M] (Microsoft Corp.) -- C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll
[2011/09/06 22:56:08 | 000,014,744 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig.dll
[2010/03/24 12:51:58 | 000,526,176 | ---- | M] () -- C:\ProgramData\Microsoft\OEMOffice14\Office14\Office.pt-br\dwdcw20.dll
[2010/03/31 15:06:04 | 000,655,872 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\Office14\Office.pt-br\msvcr90.dll
[2010/03/31 19:23:28 | 000,213,888 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\Office14\Office.pt-br\osetupui.dll
[2010/03/22 19:29:42 | 000,110,992 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\Office14\Office.pt-br\1046\dwintl20.dll
[2010/03/31 15:05:16 | 005,789,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\Office14\SingleImage.WW\osetup.dll
[2010/03/31 15:05:54 | 001,248,016 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\Office14\SingleImage.WW\PidGenX.dll
[2010/03/21 12:49:58 | 000,020,920 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\pt-br\launchofficeintl.dll
[2009/10/28 09:47:58 | 000,252,192 | ---- | M] () -- C:\ProgramData\Ralink Driver\RT2860 Wireless LAN Card\Driver\CoInstaller.dll
[2009/07/13 19:06:52 | 000,705,088 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Ralink Driver\RT2860 Wireless LAN Card\Driver\difxapi.dll
[2010/04/10 16:10:26 | 000,326,432 | ---- | M] (Ralink Technology, Inc.) -- C:\ProgramData\Ralink Driver\RT2860 Wireless LAN Card\Driver\RaCoInstx.dll
 
< %PROGRAMFILES%\Internet Explorer\*.* >
[2010/11/20 09:17:09 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ExtExport.exe
[2009/07/13 22:15:24 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\hmmapi.dll
[2009/06/10 18:17:22 | 000,002,649 | ---- | M] () -- C:\Program Files (x86)\Internet Explorer\ie8props.propdesc
[2011/08/13 01:18:25 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iecompat.dll
[2011/12/16 04:52:04 | 000,860,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
[2010/11/20 09:17:13 | 000,373,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
[2009/07/13 22:14:21 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
[2011/12/16 04:52:04 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
[2010/11/20 09:19:18 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\IEShims.dll
[2010/11/20 09:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2010/11/20 09:19:26 | 000,524,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
[2009/07/13 22:15:35 | 000,122,880 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
[2009/07/13 22:15:35 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\JSProfilerCore.dll
[2010/11/20 09:19:26 | 000,353,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsprofilerui.dll
[2009/06/10 18:14:14 | 000,265,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\msdbg2.dll
[2009/06/10 18:14:15 | 000,355,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\pdm.dll
[2011/04/29 01:57:23 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
 
< C:\windows\system32\Tasks\*.* /64 >
[2011/05/23 23:09:20 | 000,003,200 | ---- | M] () -- C:\Windows\SysNative\Tasks\CLMLSvc
[2013/07/05 12:54:22 | 000,003,370 | ---- | M] () -- C:\Windows\SysNative\Tasks\DealPlyUpdate
[2011/05/23 23:02:17 | 000,003,164 | ---- | M] () -- C:\Windows\SysNative\Tasks\DVDAgent
[2013/07/05 12:54:15 | 000,003,524 | ---- | M] () -- C:\Windows\SysNative\Tasks\Funmoods
[2013/07/05 06:18:10 | 000,003,814 | ---- | M] () -- C:\Windows\SysNative\Tasks\GoogleUpdateTaskMachineCore
[2013/07/05 06:18:11 | 000,004,066 | ---- | M] () -- C:\Windows\SysNative\Tasks\GoogleUpdateTaskMachineUA
[2013/07/04 15:23:21 | 000,003,668 | ---- | M] () -- C:\Windows\SysNative\Tasks\GoogleUpdateTaskUserS-1-5-21-2657562104-1521744097-369675392-1000Core
[2013/07/04 15:23:21 | 000,004,064 | ---- | M] () -- C:\Windows\SysNative\Tasks\GoogleUpdateTaskUserS-1-5-21-2657562104-1521744097-369675392-1000UA
[2013/06/12 21:46:13 | 000,003,198 | ---- | M] () -- C:\Windows\SysNative\Tasks\HPCeeScheduleForGrzgori
[2013/07/08 19:34:31 | 000,003,958 | ---- | M] () -- C:\Windows\SysNative\Tasks\User_Feed_Synchronization-{FA4C04C9-3107-4B6F-9900-A9ED89B0DE25}
[2012/01/19 18:39:19 | 000,003,680 | ---- | M] () -- C:\Windows\SysNative\Tasks\{24327874-59DE-4C8C-A1AD-C5D33F87B21E}
[2012/06/23 12:49:29 | 000,003,378 | ---- | M] () -- C:\Windows\SysNative\Tasks\{B73DBB08-3F68-4F82-927D-3170F2715975}
[2012/01/19 18:41:20 | 000,003,556 | ---- | M] () -- C:\Windows\SysNative\Tasks\{E92F26D6-B5BB-443E-84A1-0FAC64C59058}
[2012/06/23 12:54:06 | 000,003,284 | ---- | M] () -- C:\Windows\SysNative\Tasks\{EA0E36EB-B606-4113-BA69-F0026F50B9A4}
[2009/07/14 02:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 02:08:49 | 000,032,534 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/13 19:58:10 | 000,001,066 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/04/13 19:58:12 | 000,001,070 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/05/23 19:20:53 | 000,001,034 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2657562104-1521744097-369675392-1000Core.job
[2012/05/23 19:20:54 | 000,001,086 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2657562104-1521744097-369675392-1000UA.job
[2012/10/17 18:14:40 | 000,000,340 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForGrzgori.job
 
< %windir%\tasks\*.* /s >
[2013/07/09 18:19:39 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/09 19:40:47 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/09 18:20:32 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2657562104-1521744097-369675392-1000Core.job
[2013/07/09 19:40:47 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2657562104-1521744097-369675392-1000UA.job
[2013/06/13 20:02:31 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGrzgori.job
[2013/07/08 19:29:34 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011/12/01 22:23:50 | 000,032,534 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT
 
<  >
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >
"DefaultConnectionSettings" = 46 00 00 00 B5 10 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 30 01 62 33 EC 7C CE 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 17 00 00 00 00 00 00 00 FE 80 00 00 00 00 00 00 05 2E BD 02 F8 7B 47 AF 0B 00 00 00 32 00 33 00 3A 00 35 00 39 00 3A 00 32 00 37 00 20 00 55 00 54 00 43 00 2D 00 30 00 33 00 30 00 30 00 20 00 32 00 30 00 31 00 33 00 00 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 5C 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 53 00 69 00 64 00 65 00 62 00 61 00 72 00 5C 00 43 00 61 00 63 00 02 00 00 00 C0 A8 02 64 00 00 00 00 00 00 00 00 32 00 64 00 35 00 2D 00 31 00 30 00 38 00 32 00 2D 00 34 00 64 00 66 00 32 00 2D 00 62 00 32 00 66 00 36 00 2D 00 39 00 31 00 38 00 35 00 63 00 33 00 31 00 66 00 39 00 34 00 37 00 32 00 5C 00 5F 00 77 00 63 00 2D 00 42 00 52 00 58 00 58 00 30 00 31 00 36 00 33 00 46 00 70 00 74 00 2D 00 42 00 52 00 5F 00 2E 00 78 00 6D 00 6C 00 00 00  [Binary data over 200 bytes]
"SavedLegacySettings" = 46 00 00 00 5A 29 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [binary data]
"TIM CONNECT FAST" = 46 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [binary data]
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations >
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments >
 
< HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s >
 
< HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP >
 
< HKCU\Software\Microsoft\Internet Explorer\Downloads >
 
< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
 
< Net User /c >
Contas de usu rio para \\GRZGORI-PC
-------------------------------------------------------------------------------
Administrador            Convidado                Grzgori                  
XseVenM                  
Comando conclu¡do com ˆxito.
 
<  >
 
< MD5 for: SERVICES  >
[2009/06/10 18:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.CNF  >
[2011/08/19 21:29:43 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\Grzgori\Documents\Minhas Webs\_vti_pvt\services.cnf
 
< MD5 for: SERVICES.DAT  >
[2013/07/08 13:34:09 | 000,001,962 | ---- | M] () MD5=09280DEAEB690C678226946E491E4C62 -- C:\Users\Grzgori\AppData\Local\Temp\jrt\services.dat
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 22:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 22:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2010/05/31 20:40:54 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=50535783545434F9F2AB62A53C706EFA -- C:\Windows\SysNative\pt-BR\services.exe.mui
[2010/05/31 20:40:54 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=50535783545434F9F2AB62A53C706EFA -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c78e6f42ac5a3207\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009/07/14 01:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 01:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 01:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 17:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 17:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009/06/10 17:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/06/10 18:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/06/10 17:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/06/10 18:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2010/05/31 20:40:50 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\SysNative\pt-BR\services.msc
[2010/05/31 20:40:56 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\SysWOW64\pt-BR\services.msc
[2010/05/31 20:40:50 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_01d03f2e82c3cbfa\services.msc
[2010/05/31 20:40:56 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a5b1a3aaca665ac4\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 17:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 17:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SERVICES.WHM  >
[2008/11/09 19:49:56 | 000,003,678 | ---- | M] () MD5=78C07607AD198E5769746185F8EF2D78 -- C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\pc\html\www.craplist.net\services.whm

< End of report >
 

Arquivo(s) anexado(s)



#6
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.240 posts

Ok,

1)

Selecione estas linhas dentro do CODE, clique com o direito sobre a seleção e escolha a opção copiar

OBS: Certifique-se de copiar começando pela letra e sinal de dois pontos ": O" de OTL.
 

:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O32 - AutoRun File - [2013/07/04 02:36:00 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{77db86ad-c486-11e0-b020-ab91000fe12c}\Shell - "" = AutoRun
O33 - MountPoints2\{77db86ad-c486-11e0-b020-ab91000fe12c}\Shell\AutoRun\command - "" = K:\LGAutoRun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LGAutoRun.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LGAutoRun.exe
[2013/07/05 12:54:22 | 000,003,370 | ---- | M] () -- C:\Windows\SysNative\Tasks\DealPlyUpdate
[2013/07/05 12:54:15 | 000,003,524 | ---- | M] () -- C:\Windows\SysNative\Tasks\Funmoods

:files
ipconfig /flushdns /c

:Commands
[createrestorepoint]
[purity]
[emptytemp]

Execute o OTL.exe

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).
Clique no botão BotaoConsertar.png

O programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

2)

Poste um novo log do HijackThis.



#7
xseven

xseven

    Novato

  • Novato
  • Pip
  • 5 posts

Log do OTL:

 

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77db86ad-c486-11e0-b020-ab91000fe12c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77db86ad-c486-11e0-b020-ab91000fe12c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77db86ad-c486-11e0-b020-ab91000fe12c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77db86ad-c486-11e0-b020-ab91000fe12c}\ not found.
File K:\LGAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File I:\LGAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ not found.
File K:\LGAutoRun.exe not found.
C:\Windows\SysNative\Tasks\DealPlyUpdate moved successfully.
C:\Windows\SysNative\Tasks\Funmoods moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Configura‡Æo de IP do Windows
Libera‡Æo do Cache do DNS Resolver bem-sucedida.
C:\Users\Grzgori\Desktop\cmd.bat deleted successfully.
C:\Users\Grzgori\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 38989 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Grzgori
->Temp folder emptied: 1398646098 bytes
->Temporary Internet Files folder emptied: 51072926 bytes
->Java cache emptied: 1339358 bytes
->FireFox cache emptied: 90244945 bytes
->Flash cache emptied: 60575 bytes
 
User: Public
 
User: TEMP
 
User: Todos os Usuários
 
User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: XseVenM
->Temp folder emptied: 47831 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1895615 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 302092286 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 56340 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.760,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 07102013_213703

Files\Folders moved on Reboot...
File\Folder C:\Users\Grzgori\AppData\Local\Temp\OICE_8FB20A25-A27E-4677-AD99-E7981949676E.0\35ED1441. not found!
File\Folder C:\Users\Grzgori\AppData\Local\Temp\OICE_7D938581-E2E0-49E0-9A06-7CABD3436AF9.0\681562E9. not found!
C:\Users\Grzgori\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77db86ad-c486-11e0-b020-ab91000fe12c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77db86ad-c486-11e0-b020-ab91000fe12c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77db86ad-c486-11e0-b020-ab91000fe12c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77db86ad-c486-11e0-b020-ab91000fe12c}\ not found.
File K:\LGAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File I:\LGAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ not found.
File K:\LGAutoRun.exe not found.
C:\Windows\SysNative\Tasks\DealPlyUpdate moved successfully.
C:\Windows\SysNative\Tasks\Funmoods moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Configura‡Æo de IP do Windows
Libera‡Æo do Cache do DNS Resolver bem-sucedida.
C:\Users\Grzgori\Desktop\cmd.bat deleted successfully.
C:\Users\Grzgori\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 38989 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Grzgori
->Temp folder emptied: 1398646098 bytes
->Temporary Internet Files folder emptied: 51072926 bytes
->Java cache emptied: 1339358 bytes
->FireFox cache emptied: 90244945 bytes
->Flash cache emptied: 60575 bytes
 
User: Public
 
User: TEMP
 
User: Todos os Usuários
 
User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: XseVenM
->Temp folder emptied: 47831 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1895615 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 302092286 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 56340 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.760,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 07102013_213703

Files\Folders moved on Reboot...
File\Folder C:\Users\Grzgori\AppData\Local\Temp\OICE_8FB20A25-A27E-4677-AD99-E7981949676E.0\35ED1441. not found!
File\Folder C:\Users\Grzgori\AppData\Local\Temp\OICE_7D938581-E2E0-49E0-9A06-7CABD3436AF9.0\681562E9. not found!
C:\Users\Grzgori\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

 

Log do HijackThis:

 

Logfile of HijackThis v1.99.1
Scan saved at 22:05:07, on 10/07/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Users\Grzgori\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll (file missing)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Steam] C:\Program Files (x86)\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Grzgori\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [LG LinkAir] C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: E&nviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Notas Ligadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Notas Ligadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7D4D81F-1D2C-41DD-A1C4-6CA83ED83E2C}: NameServer = 189.40.224.80 189.40.226.80
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bluetooth Device Manager - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
O23 - Service: Bluetooth Media Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\audiosrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\obexsrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Serviço LM (LM Service) - Unknown owner - C:\Program Files (x86)\Driver LM\lmservice.exe
O23 - Service: Microsoft SharePoint Workspace Audit Service - Unknown owner - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10102 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
 

Log do OTL:

 

 

 

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77db86ad-c486-11e0-b020-ab91000fe12c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77db86ad-c486-11e0-b020-ab91000fe12c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77db86ad-c486-11e0-b020-ab91000fe12c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77db86ad-c486-11e0-b020-ab91000fe12c}\ not found.
File K:\LGAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File I:\LGAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ not found.
File K:\LGAutoRun.exe not found.
C:\Windows\SysNative\Tasks\DealPlyUpdate moved successfully.
C:\Windows\SysNative\Tasks\Funmoods moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Configura‡Æo de IP do Windows
Libera‡Æo do Cache do DNS Resolver bem-sucedida.
C:\Users\Grzgori\Desktop\cmd.bat deleted successfully.
C:\Users\Grzgori\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 38989 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Grzgori
->Temp folder emptied: 1398646098 bytes
->Temporary Internet Files folder emptied: 51072926 bytes
->Java cache emptied: 1339358 bytes
->FireFox cache emptied: 90244945 bytes
->Flash cache emptied: 60575 bytes
 
User: Public
 
User: TEMP
 
User: Todos os Usuários
 
User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: XseVenM
->Temp folder emptied: 47831 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1895615 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 302092286 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 56340 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.760,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 07102013_213703

Files\Folders moved on Reboot...
File\Folder C:\Users\Grzgori\AppData\Local\Temp\OICE_8FB20A25-A27E-4677-AD99-E7981949676E.0\35ED1441. not found!
File\Folder C:\Users\Grzgori\AppData\Local\Temp\OICE_7D938581-E2E0-49E0-9A06-7CABD3436AF9.0\681562E9. not found!
C:\Users\Grzgori\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

 

Log do HijackThis:

 

Logfile of HijackThis v1.99.1
Scan saved at 22:05:07, on 10/07/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Users\Grzgori\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll (file missing)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Steam] C:\Program Files (x86)\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Grzgori\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [LG LinkAir] C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: E&nviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Notas Ligadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Notas Ligadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7D4D81F-1D2C-41DD-A1C4-6CA83ED83E2C}: NameServer = 189.40.224.80 189.40.226.80
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bluetooth Device Manager - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
O23 - Service: Bluetooth Media Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\audiosrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\obexsrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Serviço LM (LM Service) - Unknown owner - C:\Program Files (x86)\Driver LM\lmservice.exe
O23 - Service: Microsoft SharePoint Workspace Audit Service - Unknown owner - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10102 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
 


Editado por xseven, 10 julho 2013 - 22:23.


#8
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.240 posts

Desative temporiariamente seu AntiVirus  

  • Segure o botão Ctrl e clique neste link para abrir o ESET Online Scanner em uma nova janela.
  • Clique neste botão: j9Byf.png?1
  • Para navegadores alternativos: (Caso use o Internet Explorer, pule esta etapa)esetsmartinstaller_enu.png
    • Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Intaller. Salve-o em seu desktop.
    • Duplo clique no ícone em seu desktop.
  • Marque "YES, I accept the Terms of Use."
  • Clique em Start.
  • Aceite qualquer aviso de segurança de seu browser.
  • Em scan settings, marque "Scan Archives" e "Remove found threats"
  • Clique em Advanced settings e marque o seguinte:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas.
  • Quando o scan terminar, clique em List Threats
  • Copie e cole o conteúdo em sua próxima resposta. Obs: Se nada for encontrado, nenhum log será gerado.
  • Clique em Back.
  • Clique em Finish.

Poste também um novo log do HijackThis.



#9
xseven

xseven

    Novato

  • Novato
  • Pip
  • 5 posts

Log do ESET Online Scanner:

 

C:\Users\Grzgori\Documents\Downloads\651631631651616313.N.Internet.S..2011.castor.downloads.rar    Win32/Packed.Autoit.E.Gen application    deleted - quarantined
C:\Users\Grzgori\Documents\Downloads\MsgPlus3-Setup.exe    a variant of Win32/MessengerPlus.A application    deleted - quarantined
C:\Users\Grzgori\Documents\Downloads\Setup-MsgPlus-510.exe    a variant of Win32/MessengerPlus.A application    deleted - quarantined
C:\Users\Grzgori\Documents\Downloads\sweet-home-3d-40-baixaki-32-bits.exe    Win32/InstallCore.BL application    cleaned by deleting - quarantined
C:\Users\Grzgori\Documents\Downloads\SweetHome3D-4.0-windows-oc.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Users\Grzgori\Documents\Downloads\u1005.zip    Win32/UltraReach application    deleted - quarantined
C:\Users\Grzgori\Documents\Downloads\VDownloaderInstaller.exe    a variant of Win32/InstallCore.AF application    cleaned by deleting - quarantined
C:\Users\Grzgori\Documents\Meus Documentos Old\Downloads\Setup-MsgPlus-510.exe    a variant of Win32/MessengerPlus.A application    deleted - quarantined
C:\Users\Grzgori\Documents\Meus Documentos Old\Downloads\u1005.zip    Win32/UltraReach application    deleted - quarantined
C:\Users\Grzgori\Downloads\aTube_Catcher.exe    multiple threats    cleaned by deleting - quarantined
C:\Users\Grzgori\Downloads\baixedetudo.net.ANTIVIRUS6PT.rar    multiple threats    deleted - quarantined
C:\Users\Grzgori\Downloads\E.N32.AV.6.&.E.SMTS.6.By.anjinhodj.therebels.rar    MSIL/RiskWare.HackAV.A application    deleted - quarantined
C:\Users\Grzgori\Downloads\free-desktop-clock-30-32-bits.exe    a variant of Win32/InstallCore.BY application    cleaned by deleting - quarantined
C:\Users\Grzgori\Downloads\off-2010-pansaDownloads.blogspot.com\off-2010-pansaDownloads.blogspot.com\Office 2010 Ativador\hosts    Win32/HackHosts application    cleaned by deleting - quarantined
C:\Windows\Installer\44452.msi    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined

 

 

Log of HijackThis:

 

Logfile of HijackThis v1.99.1
Scan saved at 20:33:05, on 12/07/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Users\Grzgori\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll (file missing)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Steam] C:\Program Files (x86)\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Grzgori\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [LG LinkAir] C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: E&nviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Notas Ligadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Notas Ligadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bluetooth Device Manager - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
O23 - Service: Bluetooth Media Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\audiosrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\obexsrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Serviço LM (LM Service) - Unknown owner - C:\Program Files (x86)\Driver LM\lmservice.exe
O23 - Service: Microsoft SharePoint Workspace Audit Service - Unknown owner - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10102 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
 



#10
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.240 posts

Ok,
 

Os logs estão limpos. :)

Para finalizar:

  • Execute o OTL.exe

    Clique no botão Botao_Limpeza_OTL.png.
  • iconjava.png Atualize o Java. Versões antigas têm vunerabilidades que alguns malwares podem usar para infectar seu sistema.
    • Faça download da última versão do Java SE 7u25.
    • Clique em JRE Download
    • Marque a caixa Accept License Agreement..
    • Clique no link para download Windows x86 Offline 30.25 MB jre-7u25-windows-i586.exe e salve no seu desktop.
    • Feche qualquer programa que esteja executando, especialmente navegadores.
    • Vá em Iniciar > Painel de Controle duplo clique em Adicionar ou Remover Programas e remova todas as versões antigas do Java.
      Exemplos de versões antigas
      Java 2 Runtime Environment, SE v1.4.2
      J2SE Runtime Environment 5.0
      J2SE Runtime Environment 5.0 Update 6
    • Selecione qualquer item com nome Java Runtime Environment (JRE ou J2SE).
    • Clique no botão Remover ou Alterar/Remover.
    • Repita quantas vezes for necessária para remover cada versão do Java.
    • Reincie seu computador uma vez que todas as versões do Java tenham sido removidas.
    • Agora vá no seu desktop, clique duas vezes em jre-7u25-windows-i586.exe para instalar a mais nova versão.
    • ATENÇÃO: Desmarque a caixa de instalação da ASK Toolbar.
  • iconadobe.png  Atualize o Adobe Reader. Versões antigas têm vulnerabilidades que são exploradas por malwares.

    Clique aqui e instale a mais nova versão.
  • iconflash.png Mantenha o Flash Player atualizado. Versões antigas também têm vulnerabilidades que são exploradas por malwares. Clique aqui e instale a mais nova versão.
  • worm.pngWorms USB (vírus de pendrive) podem infectar qualquer tipo de dispositivo de armazenamento removível (pendrives, mp3, mp4, celulares, cartões de memória, câmeras fotográficas). Este tipo de malware explora um recurso nativo do Windows chamado Autorun, ou Autoplay (é aquele assistente que aparece quando você insere um cd ou pendrive, perguntando com qual programa você deseja abri-lo). O Autoplay precisa de um arquivo chamado autorun.inf para funcionar.

    Mantenha um cópia limpa e protegida do arquivo autorun.inf em todos os dispositivos removíveis e em todas as unidades do sistema. Deste modo, se acaso você plugar o seu pendrive em algum pc infectado, o malware não vai conseguir sobreescrever o arquivo pré-existente. Mas ainda assim ele poderá copiar seus executáveis maliciosos para o pendrive, tais como .EXE, .SCR, .CMD, .PIF, .BAT, .COM.
    Se você plugar este pendrive em uma máquina limpa e executar algum desses arquivos maliciosos, esse sistema será infectado da mesma forma. Portanto, tenha cuidado e use o bom senso.

    Para criar um arquivo autorun.inf protegido no Windows XP:

    Faça o download do Flash_Disinfector.exe e salve na sua área de trabalho.
    • Conecte todos os dispositivos de armazenamento removível nas portas USBs. Salve o que achar necessário, EXCETO arquivos executáveis, depois formate as mídias, indo em Meu Computador e clicando com o direito sobre a unidade da mídia, escolhendo a opção "Formatar"
    • Execute o Flash_Disinfector.exe.
    • Vá seguindo os prompts que poderão aparecer.
    • Espere até que o programa conclua a busca e depois saia do programa.
    Para Windows Vista e 7: Panda USB Vaccine
  • TFC_icon.pngPara manutenção de sistema, remoção de arquivos temporários e inválidos, baixe TFC, by OldTimer.

    Feche TODOS os programas e execute o TFC. Clique no botão Start e aguarde. Sua área de trabalho irá desaparecer, não se preocupe, isso faz parte do processo.

    Tenha paciência, conforme a quantidade de dados a serem excluídos, o processo pode demorar mais de 2 minutos.

    Quando terminar, você será solicitado a reiniciar seu computador. REINICIE.

    Caso não lhe seja solicitado, reinicie manualmente.
  • iconwu.pngVisite o Windows Update regularmente e verifique por atualizações.
    Novas brechas de segurança são descobertas com freqüência. Muitos malwares exploram essas brechas, infectando sistemas sem depender de nenhuma ação do usuário. A Microsoft corrige essas brechas através das atualizações.
    Por isso é fundamental manter o seu sistema atualizado.
  • Desative e ative novamente a Restauração do Sistema.
  • Aprenda alguns cuidados e dicas para manter seu computador limpo. Leia o artigo Proteja seu pc:
    http://linhadefensiv...proteja-seu-pc/
  • Se não há mais nenhum problema relacionado a malwares, clique no botão denunld.png e peça para fecharem seu tópico.

Se você tiver alguma dúvida relacionada a informática e tecnologia, sinta-se à vontade para postar em qualquer área do forum Linha Defensiva.

Abraço. :legal:



#11
Felipe-rj

Felipe-rj

    Moderador

  • Moderador
  • 837 posts
PROBLEMA RESOLVIDO
 
Caso queira solicitar a reabertura do tópico, utilize o botão Denunciar para entrar em contato com a moderação.

Nota: Somente o autor pode realizar essa solicitação na área Remoção de Malware.