Ir para conteúdo

Foto

Problemas sérios com a TBUpdater.dll


Este tópico foi arquivado. Isto significa que você não pode mais responder ao tópico.
22 respostas neste tópico

#1
Moisés A. 1

Moisés A. 1

    Novato

  • Novato
  • Pip
  • 12 posts

Olá! Boa dia a todos! Estou com um pequeno problema em relação a uma dll. A situação é a seguinte: Alguns dias atrás eu baixei um programa que se chama "adwcleaner" para arrancar vários adwares que estavam bagunçando com os meus navegadores. Resumindo, toda vez que ligo o meu pc aparece a seguinte mensagem: “Houve um problema na inicialização do C:\Program Files(x86)\Home Tab\TBUpdate.dll” “ Não foi possível encontrar o módulo especificado”.  Neste caso como devo agir? Obrigado a todos! Um forte abraço! Fiquem com Deus!

Obs: Os relatórios já foram anexados!

Arquivo(s) anexado(s)



#2
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 23.396 posts

Moisés A. 1,

 

Por favor, observe o seguinte:

  • NÃO tente realizar sozinho nenhum procedimento de limpeza. Em especial, não execute por conta própria ferramentas utilizadas no fórum Remoção de Malware. O uso indevido de algumas ferramentas poderá danificar o seu computador ou, no mínimo, remover parcialmente os sinais de uma infecção que serviriam de informação ao analista. A equipe não será responsabilizada por consequências resultantes de uso indevido e/ou não-informado das ferramentas. - Regra nº8 da Remoção de Malwares
  • Não inicie novo tópico sobre esse problema. Poste suas respostas sempre neste tópico.
  • Clique em button_seguir.png (se localiza no canto superior direito do post principal) para que receba notificação por e-mail quando o mesmo for respondido. Você também pode verificar os tópicos assinados usando a opção Conteúdo que sigo acessível através do Painel de Controle do fórum.
  • As análises podem levar algum tempo, portanto seja paciente.
  • As instruções são específicas para o seu computador, e devem ser aplicadas somente nele.
  • Se algo der errado, não importa. Sempre acompanhe seu tópico, informando-me dos resultados, até que seu computador esteja limpo.
  • Aviso: Evite utilizar as tags <QUOTE> ou <CODE> nos logs, isso prejudica a leitura na hora da analise.
  • Não abandone seu tópico. Para nós é importante saber se a remoção foi bem sucedida.
  • Se você não receber uma resposta minha em até 5 dias. Me envie uma MP

 

Execute os procedimentos abaixo.

1)

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe 1268r49.png e salve no desktop. Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

* No Windows Vista e Windows 7:

Clique com o direito sobre o JRT.exe e selecione run_as_adm1.png

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

2)

Baixe o Malwarebytes' Anti-Malware (MBAM)
http://www.majorgeek..._malware,1.html

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  • Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  • Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  • Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Em caso de dúvidas, leia o tutorial do programa:
http://linhadefensiv...showtopic=75554

 

 

3)

 

Poste um novo log do HijackThis.



#3
Moisés A. 1

Moisés A. 1

    Novato

  • Novato
  • Pip
  • 12 posts

Carlos Turco boa noite! Vou postar para você os três relatórios relacionados com o TBUpdater.dll. Muito obrigado pela ajuda e eles estão logo abaixo:

Arquivo(s) anexado(s)



#4
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 23.396 posts

Ok,

 

Faça o download do OTL by OldTimer, e salve na sua área de trabalho:
http://oldtimer.geekstogo.com/OTL.exe

** Usuários do Windows Vista e Windows 7/8:
Clique com o direito sobre o arquivo OTL.exe, depois clique em execadmin.png
.

Onde diz Saída, marque Padrão
Marque também estas opções:

  • Data de Criação -> mude para 90 dias
  • Usar WhiteList para Nomes de Companhias.

  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

netsvcs
%SYSTEMDRIVE%\*.*
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%PROGRAMFILES%(x86)\*.*
%LOCALAPPDATA%\*.exe
%LOCALAPPDATA%\*.txt
%LOCALAPPDATA%\*.ini
%LOCALAPPDATA%\*.dll
%LOCALAPPDATA%\*.dat
%USERPROFILE%\*.exe
%USERPROFILE%\*.txt
%USERPROFILE%\*.ini
%USERPROFILE%\*.dll
%USERPROFILE%\*.dat /30
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.com
%systemroot%\*.scr
%appdata%\*.*
%programdata%\*.*
%programdata%\*.exe /s
%programdata%\*.dll /s
%PROGRAMFILES%\Internet Explorer\*.*
C:\windows\system32\Tasks\*.* /64
%windir%\tasks\*.* /s

CREATERESTOREPOINT
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP
HKCU\Software\Microsoft\Internet Explorer\Downloads

%systemdrive%\$Recycle.Bin|@;true;true;true /fp
Net User /c

/md5start

services.*

/md5stop

 

Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão verif.png

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt
Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.
Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.



#5
Moisés A. 1

Moisés A. 1

    Novato

  • Novato
  • Pip
  • 12 posts

Boa tarde Carlos Turco! Como vai você? Carlos Turco, eu tive de compactar os arquivos porque eles eram muito grandes. Segue abaixo o arquivos anexados e comapctados do "Extra.txt" e do "OTL.txt":

 

Carlos Turco muito obrigado pela ajuda. Mais uma vez, obrigado por contar com o vosso apoio e com a ajuda deste valioso site! Que Deus o abençoe!!!!!!!!!!!!

Arquivo(s) anexado(s)


Editado por Moisés A. 1, 18 julho 2013 - 18:16.


#6
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 23.396 posts

Ok,
 
1)
 
Selecione estas linhas dentro do CODE, clique com o direito sobre a seleção e escolha a opção copiar

OBS: Certifique-se de copiar começando pela letra e sinal de dois pontos ": O" de OTL.
 

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
FF - prefs.js..browser.search.order.1: "Improved Search"
FF - prefs.js..browser.search.useDBForOrder: true
O2 - BHO: (no name) - {da2e16d5-254c-4e11-8fed-2a1b201de379} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {da2e16d5-254c-4e11-8fed-2a1b201de379} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O33 - MountPoints2\{f564e4aa-dab2-11e2-9455-38607726c9ef}\Shell - "" = AutoRun
O33 - MountPoints2\{f564e4aa-dab2-11e2-9455-38607726c9ef}\Shell\AutoRun\command - "" = G:\SISetup.exe
[2013/07/11 05:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu Security
[2013/07/11 05:52:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Baidu Security
[2013/07/11 05:51:01 | 000,000,000 | ---D | C] -- C:\Users\Skytron\AppData\Roaming\Baidu Security
[2013/07/18 16:34:49 | 000,032,206 | ---- | C] () -- C:\Users\Skytron\Desktop\Home tab TBUpdater.dll
[2013/07/18 16:11:07 | 000,003,112 | ---- | M] () -- C:\Windows\SysNative\Tasks\DLL-files.com Fixer

:files
C:\Program Files(x86)\Home Tab
ipconfig /flushdns /c

:Commands
[createrestorepoint]
[purity]
[emptytemp]

Execute o OTL.exe

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).
Clique no botão BotaoConsertar.png

O programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log
 
2)
 
Poste um novo log do HijackThis.



#7
Moisés A. 1

Moisés A. 1

    Novato

  • Novato
  • Pip
  • 12 posts

Carlos Turco boa tarde! O "OTL" foi carregado autormaticamente, marquei as opções que eram necessárias, o script foi executado, temporariamente desativei o firewall e o antivírus para que não houvesse nenhuma interferência no processo, porém, o próprio "OTL" não solicitou que o meu pc fosse reiniciado. Segue abaixo o relatório do "OTL".  O arquivo do "HijackThis" já está anexado. Obrigado pela ajuda!!!!!!!!!!!!

========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Page| /E : value set successfully!
Prefs.js: "Improved Search" removed from browser.search.order.1
Prefs.js: true removed from browser.search.useDBForOrder
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{da2e16d5-254c-4e11-8fed-2a1b201de379}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da2e16d5-254c-4e11-8fed-2a1b201de379}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{da2e16d5-254c-4e11-8fed-2a1b201de379} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da2e16d5-254c-4e11-8fed-2a1b201de379}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f564e4aa-dab2-11e2-9455-38607726c9ef}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f564e4aa-dab2-11e2-9455-38607726c9ef}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f564e4aa-dab2-11e2-9455-38607726c9ef}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f564e4aa-dab2-11e2-9455-38607726c9ef}\ not found.
File G:\SISetup.exe not found.
C:\ProgramData\Baidu Security\PC Faster\3.2.0.29\sysopt folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster\3.2.0.29\Run\Disable folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster\3.2.0.29\Run folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster\3.2.0.29\Plugins\Plugin.LeakRepair\Hotfix folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster\3.2.0.29\Plugins\Plugin.LeakRepair folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster\3.2.0.29\Plugins folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster\3.2.0.29 folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster folder moved successfully.
C:\ProgramData\Baidu Security folder moved successfully.
C:\Program Files (x86)\Baidu Security\PC Faster\3.2.0.29 folder moved successfully.
C:\Program Files (x86)\Baidu Security\PC Faster folder moved successfully.
C:\Program Files (x86)\Baidu Security\Cloud Security folder moved successfully.
C:\Program Files (x86)\Baidu Security folder moved successfully.
C:\Users\Skytron\AppData\Roaming\Baidu Security\PC Faster\3.2.0.29\Uninstall\Baidu PC Faster Uninstall HK\0 folder moved successfully.
C:\Users\Skytron\AppData\Roaming\Baidu Security\PC Faster\3.2.0.29\Uninstall\Baidu PC Faster Uninstall HK folder moved successfully.
C:\Users\Skytron\AppData\Roaming\Baidu Security\PC Faster\3.2.0.29\Uninstall\Baidu PC Faster Uninstall\0 folder moved successfully.
C:\Users\Skytron\AppData\Roaming\Baidu Security\PC Faster\3.2.0.29\Uninstall\Baidu PC Faster Uninstall folder moved successfully.
C:\Users\Skytron\AppData\Roaming\Baidu Security\PC Faster\3.2.0.29\Uninstall folder moved successfully.
C:\Users\Skytron\AppData\Roaming\Baidu Security\PC Faster\3.2.0.29\Run\Disable folder moved successfully.
C:\Users\Skytron\AppData\Roaming\Baidu Security\PC Faster\3.2.0.29\Run folder moved successfully.
C:\Users\Skytron\AppData\Roaming\Baidu Security\PC Faster\3.2.0.29\RpData folder moved successfully.
C:\Users\Skytron\AppData\Roaming\Baidu Security\PC Faster\3.2.0.29\PopMsg folder moved successfully.
C:\Users\Skytron\AppData\Roaming\Baidu Security\PC Faster\3.2.0.29 folder moved successfully.
C:\Users\Skytron\AppData\Roaming\Baidu Security\PC Faster\1.19.0.2\RpData folder moved successfully.
C:\Users\Skytron\AppData\Roaming\Baidu Security\PC Faster\1.19.0.2 folder moved successfully.
C:\Users\Skytron\AppData\Roaming\Baidu Security\PC Faster folder moved successfully.
C:\Users\Skytron\AppData\Roaming\Baidu Security folder moved successfully.
C:\Users\Skytron\Desktop\Home tab TBUpdater.dll moved successfully.
C:\Windows\SysNative\Tasks\DLL-files.com Fixer moved successfully.
========== FILES ==========
File\Folder C:\Program Files(x86)\Home Tab not found.
< ipconfig /flushdns /c >
Configura‡Æo de IP do Windows
Libera‡Æo do Cache do DNS Resolver bem-sucedida.
C:\Users\Skytron\Desktop\cmd.bat deleted successfully.
C:\Users\Skytron\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 07192013_164111
 

Arquivo(s) anexado(s)



#8
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 23.396 posts

Ok,

 

Baixe o Kaspersky AVP Tool de um desses 2 links:
http://devbuilds.kas...builds/AVPTool/
http://dnl-us6.kaspe...builds/AVPTool/

OBS: Após o cadastro, escolha a versão 11 em Inglês e clique no botão btnversion10pt-br-1.png
Salve-o em sua área de trabalho.

  • Duplo clique no arquivo ”setup" e aguarde a instalação;
    ** Usuários do Windows Vista e Windows 7:
    Clique com o direito sobre o arquivo, depois clique em
    execadmin.png
  • Na próxima tela marque I accept the licence agreement e clique em Start
  • Clique no botão f4uZX.png e marque:
    • Meu computador
    • Disco local (C:) (a letra do disco local pode variar)
  • Clique em Actions e Desmarque os dois quadros.
    Zqewdl.jpg
  • Clique na aba Automatic Scan e logo depois em Start Scan.  Aguarde o término da verificação.
  • Clique no botão AouIc.png, em Detected threats e no botão "Save".
  • Copie o conteúdo do arquivo salvo (se houver algo detectado) e poste na sua próxima resposta.
  • Favor postar também um novo log do HijackThis.


#9
Moisés A. 1

Moisés A. 1

    Novato

  • Novato
  • Pip
  • 12 posts

Carlos Turco boa tarde! Eu peço desculpas por demorado para responde-lo porém, infelizmente, o Kaspersky AVP Tool não está funcionando em meu pc em hipótese alguma. Ele sempre trava e de repente se fecha sozinho. Por causa desses fatos, eu ainda não postei nenhum log. Por uma questão de prudência, eu resolvi desativar o antivirus e o firewall temporariamente para que não houvesse nenhuma interferência no Kaspersky AVP Tool mas, essa atitude foi em vão. Como devo agir nesta situação? Obrigado pela atenção!



#10
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 23.396 posts

Boa noite.
 

Como devo agir nesta situação? Obrigado pela atenção!

 
Já tentou no modo de segurança?



#11
Moisés A. 1

Moisés A. 1

    Novato

  • Novato
  • Pip
  • 12 posts

Carlos Turco, bom dia! Eu reiniciei o meu pc para entrar no "Modo de Segurança" apertando a tecla "F8", depois desse procedimento, eu usei o "Kaspersky Virus Removal Tool" e, o mesmo, me apresentou uma mensagem dizendo que o banco de dados estava desatualizado. Pois bem, neste caso, todos nós sabemos que quando um computador está no "Modo de Segurança", não temos acesso à internet e nem ouvimos qualquer som do próprio sistema. Vale a pena usar o "Kaspersky Virus Removal Tool" nessas condições? Este software com o banco de dados desatualizado vai conseguir pegar algum arquivo malicioso e será que isso não atrapalhará a análize de vocês? Obrigado pela atenção! Tenha um ótimo dia!!!!!

Obs: O log do HijackThis eu conseguir postar porém, do Removal Virus Kaspersky Tool não foi possível por que ultrapassou os 500k. Como devo agir?

Arquivo(s) anexado(s)



#12
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 23.396 posts

Moisés A. 1,

 

Você pode baixar o Kaspersky novamente ou executar no modo de segurança com rede. Assim poderá atualizar o banco de dados. ;)



#13
Moisés A. 1

Moisés A. 1

    Novato

  • Novato
  • Pip
  • 12 posts

Carlos Turco, boa noite! Carlos Turco, o problema também consiste no fato de ter que postar o log do Kaspersky Virus Removal Tool pois, o mesmo ultrapassa  500K e seu eu copiar o conteúdo para postar aqui, a situação não mudará em nada em termos de tamanho, ou seja, o arquivo continua sendo bastante extenso. Eu até consigo compactar o relatório do Kaspersky com o Winrar, tanto no formato .rar como no formato .zip, mas, na verdade, o problema está no fato de poder postá-lo. Como faço neste caso? Por outro lado, vou fazer aquilo que você havia recomendado para mim na postagem anterior. Ok? Valeu pela força e obrigado pela ajuda e uma boa noite!



#14
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 23.396 posts

o log do Kaspersky Virus Removal Tool pois, o mesmo ultrapassa  500K e seu eu copiar o conteúdo para postar aqui

 
Possivelmente deixou de executar uma etapa importante:
 
Clique no botão AouIc.png, em Detected threats e no botão "Save".



#15
Moisés A. 1

Moisés A. 1

    Novato

  • Novato
  • Pip
  • 12 posts

Boa dia Carlos Turco! Vou postar os logs Kaspersky Virus Removal Tool e do HijackThis. Obrigado pela atenção! Tenha um bom dia!

Arquivo(s) anexado(s)



#16
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 23.396 posts

Bom dia.

 

Baixe o Farbar Recovery Scan  e salve na sua área de trabalho.
 
Dê um duplo-clique para executar a ferramenta. Aceite o contrato e depois clique no botão Scan.
 
Aguarde e ao final, os logs FRST.txt e Addition.txt serão salvos no seu desktop.
 
Selecione, copie e cole o conteúdo do FRST.txt em sua próxima resposta e anexe o Addition.txt



#17
Moisés A. 1

Moisés A. 1

    Novato

  • Novato
  • Pip
  • 12 posts

Boa tarde Carlos Turco! Eu vou colar o conteúdo do FRST.txt e anexar o Addition.txt. Obrigado pela força!!!!!!!!!!!!!!!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by Skytron (administrator) on 31-07-2013 18:21:58
Running from C:\Users\Skytron\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: Portuguese Brazilian
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(HP) C:\Windows\system32\HPSIsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(OpenOffice.org) C:\Program Files (x86)\BrOffice.org 3\program\soffice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(OpenOffice.org) C:\Program Files (x86)\BrOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [InternetDownload_upgrade] - C:\Program Files (x86)\Versalsoft\InternetDownload\InternetDownload.exe [394752 2010-03-09] (Internet Downloader)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)
IMEO\freemakeaudioconverter.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IMEO\freemakevideodownloader.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IMEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
Startup: C:\Users\Skytron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BrOffice.org 3.2.lnk
ShortcutTarget: BrOffice.org 3.2.lnk -> C:\Program Files (x86)\BrOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qword.com/?s=1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Before = http://www.google.com.br/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {F48DA960-0FD9-4BB5-9826-C0C271C6C74D} URL = http://www.qword.com/search.php?q={searchTerms}&s=2
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files (x86)\Versalsoft\InternetDownload\VDTB.dll ()
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files (x86)\Versalsoft\InternetDownload\VDTB.dll ()
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{967739FC-83B3-4DA7-A2D3-B9285A4232D4}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Users\Skytron\AppData\Roaming\Mozilla\Firefox\Profiles\tj21pk6d.default
FF NewTab: about:blank
FF Homepage: www.google.com.br
FF NetworkProxy: "autoconfig_url", "http://localhost:9000/proxy.pac"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: adblockpopups - C:\Users\Skytron\AppData\Roaming\Mozilla\Firefox\Profiles\tj21pk6d.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: No Name - C:\Users\Skytron\AppData\Roaming\Mozilla\Firefox\Profiles\tj21pk6d.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com.br/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Extension: (Freemake Video Downloader) - C:\Users\Skytron\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0
CHR Extension: (Freemake Youtube Download Button) - C:\Users\Skytron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh\1.0.0_0
CHR Extension: (RealDownloader) - C:\Users\Skytron\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Skytron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-06-13] (Freemake)
S4 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-06-25] (Ellora Assets Corp.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-31] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

R0 45876826; C:\Windows\System32\DRIVERS\45876826.sys [460888 2013-07-20] (Kaspersky Lab ZAO)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-02-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-02-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-04-15] (Marvell Semiconductor, Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-07-29] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
S3 cpuz135; \??\C:\Users\Skytron\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-31 18:21 - 2013-07-31 18:21 - 00000000 ____D C:\FRST
2013-07-31 16:25 - 2013-07-31 16:25 - 01781589 _____ (Farbar) C:\Users\Skytron\Desktop\FRST64.exe
2013-07-31 05:11 - 2013-07-31 06:12 - 891805188 _____ C:\Users\Skytron\Downloads\X.M3n.0r1g3ns.W0lv3r1n3.DVDRIP.Xvid.Dublado.rar
2013-07-31 05:11 - 2013-07-31 05:11 - 00184968 _____ C:\Users\Skytron\Desktop\addon.exe
2013-07-31 05:05 - 2013-07-31 06:44 - 891805188 _____ C:\Users\Skytron\Desktop\X.M3n.0r1g3ns.W0lv3r1n3.DVDRIP.Xvid.Dublado.rar
2013-07-31 04:06 - 2013-07-31 04:11 - 180909848 _____ (                                                            ) C:\Users\Skytron\Desktop\setup_9.0.0.722_31.07.2013_09-25.exe
2013-07-31 00:03 - 2013-07-31 00:03 - 00010736 _____ C:\Users\Skytron\Desktop\Relatório do hijackthis.txt
2013-07-31 00:02 - 2013-07-31 00:02 - 00010736 _____ C:\Users\Skytron\Desktop\hijackthis.log
2013-07-30 23:52 - 2013-07-30 23:52 - 00000214 _____ C:\Users\Skytron\Desktop\Relatório do Kaspersky Virus Removal Tool.txt
2013-07-30 17:36 - 2013-07-30 17:41 - 177123520 _____ C:\Users\Skytron\Desktop\setup_11.0.0.1245.x01_2013_07_23_10_15.exe
2013-07-30 17:34 - 2013-07-31 10:16 - 00000714 _____ C:\Windows\PFRO.log
2013-07-30 17:32 - 2013-07-30 17:32 - 00003738 _____ C:\Windows\System32\Tasks\Programa de atualização online DivX
2013-07-29 20:51 - 2013-07-29 20:54 - 00000000 ____D C:\Windows\system32\MRT
2013-07-29 19:06 - 2013-07-29 19:06 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\DivX
2013-07-29 18:19 - 2013-07-29 18:19 - 00001626 _____ C:\Users\Skytron\Desktop\DivX Movies.lnk
2013-07-29 18:18 - 2013-07-29 18:18 - 00001165 _____ C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-07-29 18:18 - 2013-07-29 18:18 - 00001125 _____ C:\Users\Public\Desktop\DivX Plus Player.lnk
2013-07-29 18:18 - 2013-07-29 18:18 - 00000000 ____D C:\Program Files\DivX
2013-07-29 18:08 - 2013-07-29 18:19 - 00000000 ____D C:\Program Files (x86)\DivX
2013-07-29 17:46 - 2013-07-29 18:19 - 00000000 ____D C:\Users\Todos os Usuários\DivX
2013-07-29 17:46 - 2013-07-29 18:19 - 00000000 ____D C:\ProgramData\DivX
2013-07-29 17:38 - 2013-07-29 17:43 - 00957248 _____ (DivX, LLC) C:\Users\Skytron\Desktop\DivXWebPlayerInstaller.exe
2013-07-29 17:13 - 2013-07-29 17:18 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UniversalSoft
2013-07-29 17:13 - 2013-07-29 17:13 - 00000000 ____D C:\Versalsoft
2013-07-29 17:13 - 2013-07-29 17:13 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Versalsoft Internet Download
2013-07-29 17:13 - 2013-07-29 17:13 - 00000000 ____D C:\Program Files (x86)\Versalsoft
2013-07-29 09:49 - 2013-07-31 17:53 - 00002184 _____ C:\Windows\setupact.log
2013-07-29 09:49 - 2013-07-29 09:49 - 00000000 _____ C:\Windows\setuperr.log
2013-07-29 08:15 - 2013-07-29 08:56 - 00000000 ____D C:\Users\Skytron\Desktop\HijackThis e Relatório do Kaspersky Virus Removal Tool
2013-07-29 07:29 - 2013-07-29 07:29 - 00000000 ____D C:\Users\Skytron\Desktop\Hijack This 70000111
2013-07-29 06:55 - 2013-07-29 06:55 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\BrOffice.org
2013-07-29 01:14 - 2013-07-29 01:14 - 00001122 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-29 01:14 - 2013-07-29 01:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-29 01:14 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-29 00:58 - 2013-07-29 00:58 - 00000117 _____ C:\Users\Skytron\Desktop\Site do Techtudo ensinando como colocar o _Modo de Segurança_ na aba _Inicialização do Sistema_ do MSConfig..txt
2013-07-28 16:49 - 2013-07-28 16:49 - 22544384 _____ C:\Users\Skytron\Desktop\mydiscimage.iso
2013-07-28 16:44 - 2013-07-28 16:49 - 22544384 _____ C:\Users\Skytron\Documents\mydiscimage.iso
2013-07-28 16:29 - 2013-07-29 18:07 - 00000000 _____ C:\END
2013-07-28 16:29 - 2013-07-28 16:29 - 00000000 ____D C:\Users\Todos os Usuários\ashampoo
2013-07-28 16:29 - 2013-07-28 16:29 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\Ashampoo
2013-07-28 16:29 - 2013-07-28 16:29 - 00000000 ____D C:\Users\Skytron\AppData\Local\ashampoo
2013-07-28 16:29 - 2013-07-28 16:29 - 00000000 ____D C:\ProgramData\ashampoo
2013-07-28 16:29 - 2013-07-28 16:29 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2013-07-28 16:06 - 2013-07-28 16:06 - 00000000 ____D C:\Users\Todos os Usuários\Canneverbe Limited
2013-07-28 16:06 - 2013-07-28 16:06 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\Canneverbe Limited
2013-07-28 16:06 - 2013-07-28 16:06 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2013-07-26 06:07 - 2013-07-26 06:07 - 00000000 ____D C:\Program Files\WDCSAM
2013-07-26 06:07 - 2013-07-26 06:07 - 00000000 ____D C:\Program Files\DIFX
2013-07-26 01:16 - 2013-07-26 01:16 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-07-19 19:58 - 2013-07-20 00:16 - 00460888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\45876826.sys
2013-07-19 19:44 - 2013-07-19 19:44 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-19 19:44 - 2013-07-19 19:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-19 19:33 - 2013-07-19 19:33 - 00815496 _____ (Adobe Systems Incorporated) C:\Users\Skytron\Desktop\uninstall_flash_player.exe
2013-07-19 19:28 - 2013-07-19 19:29 - 04190720 _____ C:\Users\Skytron\Desktop\install_flash_player_10_active_x.msi
2013-07-19 18:27 - 2013-07-19 18:27 - 07876512 _____ (Adobe Systems Inc.) C:\Users\Skytron\Desktop\Shockwave_Installer_Slim.exe
2013-07-19 18:21 - 2013-07-19 18:21 - 00002956 _____ C:\Windows\System32\Tasks\{169EA03B-5DB5-4A1D-976A-DF415F9E6443}
2013-07-19 16:59 - 2013-07-19 16:59 - 00000000 ____D C:\Users\Skytron\Desktop\Arquivos que serão anexados no Linha Defensiva
2013-07-19 07:34 - 2013-07-19 07:34 - 00000000 ____D C:\Users\Todos os Usuários\McAfee
2013-07-19 07:34 - 2013-07-19 07:34 - 00000000 ____D C:\ProgramData\McAfee
2013-07-18 18:03 - 2013-07-18 18:07 - 00000000 ____D C:\Users\Skytron\Desktop\Extras.txt e OTL.txt
2013-07-18 17:54 - 2013-07-18 17:55 - 12719620 _____ C:\Users\Skytron\Desktop\Como compactar um arquivo com o WinRAR.flv
2013-07-18 16:27 - 2013-07-18 16:27 - 00602112 _____ (OldTimer Tools) C:\Users\Skytron\Desktop\OTL.exe
2013-07-18 16:26 - 2013-07-18 18:02 - 00000000 ____D C:\Users\Skytron\Desktop\Pasta do otl
2013-07-17 18:20 - 2013-07-17 18:20 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\Malwarebytes
2013-07-17 18:19 - 2013-07-17 18:19 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2013-07-17 18:19 - 2013-07-17 18:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-17 18:13 - 2013-07-17 18:13 - 00000000 ____D C:\Windows\ERUNT
2013-07-17 07:35 - 2013-07-17 19:47 - 00000000 ____D C:\Users\Skytron\Desktop\Softwares Importantes - Linha Defensiva
2013-07-16 07:25 - 2013-07-16 07:33 - 00000000 ____D C:\Users\Skytron\Desktop\FARBAR SERVICE SCANNER
2013-07-16 07:24 - 2013-07-16 07:30 - 00000000 ____D C:\Users\Skytron\Desktop\MBR SCAN
2013-07-16 07:23 - 2013-07-17 18:31 - 00000000 ____D C:\Users\Skytron\Desktop\HIJACK THIS
2013-07-14 15:56 - 2013-07-14 16:14 - 14957784 _____ C:\Users\Skytron\Desktop\Linha Defensiva - Remoção de Vírus.flv
2013-07-13 22:12 - 2013-06-11 20:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-13 22:12 - 2013-06-11 20:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-13 22:12 - 2013-06-11 20:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-13 22:12 - 2013-06-11 20:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-13 22:12 - 2013-06-11 20:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-13 22:12 - 2013-06-11 20:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-13 22:12 - 2013-06-11 20:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-13 22:12 - 2013-06-11 20:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-13 22:12 - 2013-06-11 20:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-13 22:12 - 2013-06-11 20:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-13 22:12 - 2013-06-11 20:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-13 22:12 - 2013-06-11 20:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-13 22:12 - 2013-06-11 20:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-13 22:12 - 2013-06-11 20:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-13 22:12 - 2013-06-11 20:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-13 22:12 - 2013-06-11 20:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-13 22:12 - 2013-06-11 20:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-13 22:12 - 2013-06-11 20:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-13 22:12 - 2013-06-11 20:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-13 22:12 - 2013-06-11 20:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-13 22:12 - 2013-06-11 20:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-13 22:12 - 2013-06-11 20:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-13 22:12 - 2013-06-11 20:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-13 22:12 - 2013-06-11 20:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-13 22:12 - 2013-06-11 20:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-13 22:12 - 2013-06-11 20:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-13 22:12 - 2013-06-11 20:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-13 22:12 - 2013-06-11 19:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-13 22:12 - 2013-06-11 19:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-13 22:12 - 2013-06-07 00:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-13 22:12 - 2013-06-06 23:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-13 21:00 - 2013-06-05 00:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-13 21:00 - 2013-06-04 03:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-13 21:00 - 2013-06-04 01:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-13 21:00 - 2013-05-06 03:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-13 21:00 - 2013-05-06 01:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-13 20:59 - 2013-04-09 20:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-13 20:59 - 2013-04-02 19:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-12 19:21 - 2013-07-12 19:21 - 00000000 ____D C:\Program Files\CPUID
2013-07-11 09:37 - 2013-07-11 09:37 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\dll-files.com
2013-07-11 08:57 - 2013-07-11 08:57 - 00003062 _____ C:\Windows\System32\Tasks\{643709A2-B6AA-42C4-AB63-79A82F4EBAAD}
2013-07-11 08:44 - 2013-07-11 08:44 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-11 08:44 - 2013-07-11 08:44 - 00000000 _____ C:\autoexec.bat
2013-07-11 08:43 - 2013-07-11 09:01 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-11 06:27 - 2013-07-11 06:27 - 00003080 _____ C:\Windows\System32\Tasks\{371C2A19-A36B-4FB2-A237-0CA417A9F615}
2013-07-11 06:02 - 2013-07-11 06:02 - 00003062 _____ C:\Windows\System32\Tasks\{2A0B5570-DD0E-4D8B-97DB-0A260FF691B9}
2013-07-11 06:02 - 2013-04-11 16:12 - 00019392 _____ (Dll-Files.com) C:\Windows\system32\roboot64.exe
2013-07-11 06:01 - 2013-07-11 06:30 - 00196674 _____ (Networks Associates Technologies, Inc.) C:\Windows\SysWOW64\rupdate.dll
2013-07-11 05:53 - 2013-07-11 05:54 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\WinRAR
2013-07-11 05:53 - 2013-07-11 05:53 - 00001072 _____ C:\Users\Public\Desktop\WinRAR.lnk
2013-07-11 05:53 - 2013-07-11 05:53 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-07-11 05:53 - 2013-07-11 05:53 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-07-11 04:22 - 2013-07-11 04:14 - 00024064 _____ C:\Windows\zoek-delete.exe
2013-07-11 04:20 - 2013-07-11 04:18 - 00008037 _____ C:\Users\Skytron\Desktop\zoek-results.log
2013-07-11 03:45 - 2013-07-11 03:45 - 01273625 _____ C:\Users\Skytron\Desktop\zoek.exe
2013-07-10 07:08 - 2013-07-31 04:19 - 00000000 ____D C:\Users\Todos os Usuários\Kaspersky Lab
2013-07-10 07:08 - 2013-07-31 04:19 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-09 18:33 - 2013-07-18 18:12 - 00003584 _____ C:\Users\Skytron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-09 15:42 - 2013-07-09 15:42 - 00051496 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2013-07-09 15:08 - 2013-07-09 15:08 - 00001173 _____ C:\Users\Skytron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2013-07-08 19:56 - 2013-07-08 19:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\Skytron\Desktop\HijackThis.exe
2013-07-08 19:37 - 2013-07-08 19:37 - 00000000 ____D C:\_OTL
2013-07-08 16:49 - 2013-07-08 16:50 - 02543616 _____ C:\Users\Skytron\Desktop\00latest-x64.msi
2013-07-08 16:49 - 2013-07-08 16:49 - 02039808 _____ C:\Users\Skytron\Desktop\00latest-x86.msi
2013-07-03 17:16 - 2013-07-03 17:16 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-07-03 17:16 - 1999-12-31 21:00 - 02605400 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2013-07-03 17:16 - 1999-12-31 21:00 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2013-07-03 17:16 - 1999-12-31 21:00 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2013-07-03 17:16 - 1999-12-31 21:00 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2013-07-03 17:16 - 1999-12-31 21:00 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2013-07-03 17:16 - 1999-12-31 21:00 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 08363864 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 07163744 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 05096448 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2013-07-03 17:15 - 1999-12-31 21:00 - 04065296 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2013-07-03 17:15 - 1999-12-31 21:00 - 03615888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 02674320 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 02533952 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 02131288 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 01560168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2013-07-03 17:15 - 1999-12-31 21:00 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 01345368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 01262696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 01015640 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00869520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00537456 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00524656 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00449392 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00433504 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00396632 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00341336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00293889 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2013-07-03 17:15 - 1999-12-31 21:00 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00220776 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00202336 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00141152 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00123744 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00105616 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00074592 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2013-07-02 23:09 - 2013-07-08 20:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-07-31 18:21 - 2013-07-31 18:21 - 00000000 ____D C:\FRST
2013-07-31 18:17 - 2013-06-16 16:12 - 00003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AC7EE339-6863-434B-9C5F-F6FDD0E96BAC}
2013-07-31 17:53 - 2013-07-29 09:49 - 00002184 _____ C:\Windows\setupact.log
2013-07-31 16:25 - 2013-07-31 16:25 - 01781589 _____ (Farbar) C:\Users\Skytron\Desktop\FRST64.exe
2013-07-31 16:25 - 2009-07-14 01:45 - 00039808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-31 16:25 - 2009-07-14 01:45 - 00039808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-31 16:21 - 2013-06-14 20:07 - 01363028 _____ C:\Windows\WindowsUpdate.log
2013-07-31 16:18 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-31 10:17 - 2013-06-14 20:17 - 00000000 ___RD C:\Users\Skytron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-31 10:16 - 2013-07-30 17:34 - 00000714 _____ C:\Windows\PFRO.log
2013-07-31 06:44 - 2013-07-31 05:05 - 891805188 _____ C:\Users\Skytron\Desktop\X.M3n.0r1g3ns.W0lv3r1n3.DVDRIP.Xvid.Dublado.rar
2013-07-31 06:12 - 2013-07-31 05:11 - 891805188 _____ C:\Users\Skytron\Downloads\X.M3n.0r1g3ns.W0lv3r1n3.DVDRIP.Xvid.Dublado.rar
2013-07-31 05:11 - 2013-07-31 05:11 - 00184968 _____ C:\Users\Skytron\Desktop\addon.exe
2013-07-31 04:19 - 2013-07-10 07:08 - 00000000 ____D C:\Users\Todos os Usuários\Kaspersky Lab
2013-07-31 04:19 - 2013-07-10 07:08 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-31 04:11 - 2013-07-31 04:06 - 180909848 _____ (                                                            ) C:\Users\Skytron\Desktop\setup_9.0.0.722_31.07.2013_09-25.exe
2013-07-31 00:03 - 2013-07-31 00:03 - 00010736 _____ C:\Users\Skytron\Desktop\Relatório do hijackthis.txt
2013-07-31 00:02 - 2013-07-31 00:02 - 00010736 _____ C:\Users\Skytron\Desktop\hijackthis.log
2013-07-30 23:52 - 2013-07-30 23:52 - 00000214 _____ C:\Users\Skytron\Desktop\Relatório do Kaspersky Virus Removal Tool.txt
2013-07-30 17:41 - 2013-07-30 17:36 - 177123520 _____ C:\Users\Skytron\Desktop\setup_11.0.0.1245.x01_2013_07_23_10_15.exe
2013-07-30 17:32 - 2013-07-30 17:32 - 00003738 _____ C:\Windows\System32\Tasks\Programa de atualização online DivX
2013-07-30 16:51 - 2013-06-16 15:38 - 00114672 _____ C:\Users\Skytron\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-29 21:33 - 2013-06-19 18:25 - 00000414 _____ C:\Windows\Tasks\SlimDrivers Startup.job
2013-07-29 21:33 - 2009-07-14 01:45 - 00443912 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-29 21:07 - 2013-06-19 18:57 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2013-07-29 21:07 - 2013-06-19 18:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-29 20:56 - 2009-07-13 23:34 - 00000478 _____ C:\Windows\win.ini
2013-07-29 20:54 - 2013-07-29 20:51 - 00000000 ____D C:\Windows\system32\MRT
2013-07-29 19:06 - 2013-07-29 19:06 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\DivX
2013-07-29 18:19 - 2013-07-29 18:19 - 00001626 _____ C:\Users\Skytron\Desktop\DivX Movies.lnk
2013-07-29 18:19 - 2013-07-29 18:08 - 00000000 ____D C:\Program Files (x86)\DivX
2013-07-29 18:19 - 2013-07-29 17:46 - 00000000 ____D C:\Users\Todos os Usuários\DivX
2013-07-29 18:19 - 2013-07-29 17:46 - 00000000 ____D C:\ProgramData\DivX
2013-07-29 18:18 - 2013-07-29 18:18 - 00001165 _____ C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-07-29 18:18 - 2013-07-29 18:18 - 00001125 _____ C:\Users\Public\Desktop\DivX Plus Player.lnk
2013-07-29 18:18 - 2013-07-29 18:18 - 00000000 ____D C:\Program Files\DivX
2013-07-29 18:07 - 2013-07-28 16:29 - 00000000 _____ C:\END
2013-07-29 18:01 - 2013-06-19 18:25 - 00016152 _____ C:\Windows\system32\Drivers\SWDUMon.sys
2013-07-29 18:01 - 2013-06-19 18:25 - 00002846 _____ C:\Windows\System32\Tasks\SlimDrivers Startup
2013-07-29 17:43 - 2013-07-29 17:38 - 00957248 _____ (DivX, LLC) C:\Users\Skytron\Desktop\DivXWebPlayerInstaller.exe
2013-07-29 17:18 - 2013-07-29 17:13 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UniversalSoft
2013-07-29 17:13 - 2013-07-29 17:13 - 00000000 ____D C:\Versalsoft
2013-07-29 17:13 - 2013-07-29 17:13 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Versalsoft Internet Download
2013-07-29 17:13 - 2013-07-29 17:13 - 00000000 ____D C:\Program Files (x86)\Versalsoft
2013-07-29 09:49 - 2013-07-29 09:49 - 00000000 _____ C:\Windows\setuperr.log
2013-07-29 08:56 - 2013-07-29 08:15 - 00000000 ____D C:\Users\Skytron\Desktop\HijackThis e Relatório do Kaspersky Virus Removal Tool
2013-07-29 07:29 - 2013-07-29 07:29 - 00000000 ____D C:\Users\Skytron\Desktop\Hijack This 70000111
2013-07-29 07:26 - 2013-06-14 20:15 - 00000000 ____D C:\Users\Skytron\AppData\Local\VirtualStore
2013-07-29 06:55 - 2013-07-29 06:55 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\BrOffice.org
2013-07-29 01:56 - 2013-06-25 14:13 - 00000000 ____D C:\Windows\pss
2013-07-29 01:14 - 2013-07-29 01:14 - 00001122 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-29 01:14 - 2013-07-29 01:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-29 00:58 - 2013-07-29 00:58 - 00000117 _____ C:\Users\Skytron\Desktop\Site do Techtudo ensinando como colocar o _Modo de Segurança_ na aba _Inicialização do Sistema_ do MSConfig..txt
2013-07-29 00:20 - 2013-06-19 17:05 - 00000000 ___RD C:\Users\Skytron\Desktop\PASTA DE SOFTWARES 2
2013-07-28 18:09 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\rescache
2013-07-28 16:49 - 2013-07-28 16:49 - 22544384 _____ C:\Users\Skytron\Desktop\mydiscimage.iso
2013-07-28 16:49 - 2013-07-28 16:44 - 22544384 _____ C:\Users\Skytron\Documents\mydiscimage.iso
2013-07-28 16:40 - 2013-06-21 02:44 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\vlc
2013-07-28 16:29 - 2013-07-28 16:29 - 00000000 ____D C:\Users\Todos os Usuários\ashampoo
2013-07-28 16:29 - 2013-07-28 16:29 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\Ashampoo
2013-07-28 16:29 - 2013-07-28 16:29 - 00000000 ____D C:\Users\Skytron\AppData\Local\ashampoo
2013-07-28 16:29 - 2013-07-28 16:29 - 00000000 ____D C:\ProgramData\ashampoo
2013-07-28 16:29 - 2013-07-28 16:29 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2013-07-28 16:07 - 2009-07-14 14:55 - 00663606 _____ C:\Windows\system32\prfh0416.dat
2013-07-28 16:07 - 2009-07-14 14:55 - 00127896 _____ C:\Windows\system32\prfc0416.dat
2013-07-28 16:07 - 2009-07-14 02:13 - 01517030 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-28 16:06 - 2013-07-28 16:06 - 00000000 ____D C:\Users\Todos os Usuários\Canneverbe Limited
2013-07-28 16:06 - 2013-07-28 16:06 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\Canneverbe Limited
2013-07-28 16:06 - 2013-07-28 16:06 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2013-07-26 09:46 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-26 06:07 - 2013-07-26 06:07 - 00000000 ____D C:\Program Files\WDCSAM
2013-07-26 06:07 - 2013-07-26 06:07 - 00000000 ____D C:\Program Files\DIFX
2013-07-26 01:16 - 2013-07-26 01:16 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-07-20 00:16 - 2013-07-19 19:58 - 00460888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\45876826.sys
2013-07-19 19:44 - 2013-07-19 19:44 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-19 19:44 - 2013-07-19 19:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-19 19:33 - 2013-07-19 19:33 - 00815496 _____ (Adobe Systems Incorporated) C:\Users\Skytron\Desktop\uninstall_flash_player.exe
2013-07-19 19:29 - 2013-07-19 19:28 - 04190720 _____ C:\Users\Skytron\Desktop\install_flash_player_10_active_x.msi
2013-07-19 18:27 - 2013-07-19 18:27 - 07876512 _____ (Adobe Systems Inc.) C:\Users\Skytron\Desktop\Shockwave_Installer_Slim.exe
2013-07-19 18:27 - 2013-06-24 15:38 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-07-19 18:21 - 2013-07-19 18:21 - 00002956 _____ C:\Windows\System32\Tasks\{169EA03B-5DB5-4A1D-976A-DF415F9E6443}
2013-07-19 17:35 - 2013-06-16 21:32 - 00000000 ____D C:\Users\Skytron\AppData\Local\Adobe
2013-07-19 16:59 - 2013-07-19 16:59 - 00000000 ____D C:\Users\Skytron\Desktop\Arquivos que serão anexados no Linha Defensiva
2013-07-19 07:34 - 2013-07-19 07:34 - 00000000 ____D C:\Users\Todos os Usuários\McAfee
2013-07-19 07:34 - 2013-07-19 07:34 - 00000000 ____D C:\ProgramData\McAfee
2013-07-18 18:12 - 2013-07-09 18:33 - 00003584 _____ C:\Users\Skytron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-18 18:07 - 2013-07-18 18:03 - 00000000 ____D C:\Users\Skytron\Desktop\Extras.txt e OTL.txt
2013-07-18 18:02 - 2013-07-18 16:26 - 00000000 ____D C:\Users\Skytron\Desktop\Pasta do otl
2013-07-18 17:55 - 2013-07-18 17:54 - 12719620 _____ C:\Users\Skytron\Desktop\Como compactar um arquivo com o WinRAR.flv
2013-07-18 16:27 - 2013-07-18 16:27 - 00602112 _____ (OldTimer Tools) C:\Users\Skytron\Desktop\OTL.exe
2013-07-17 19:47 - 2013-07-17 07:35 - 00000000 ____D C:\Users\Skytron\Desktop\Softwares Importantes - Linha Defensiva
2013-07-17 18:31 - 2013-07-16 07:23 - 00000000 ____D C:\Users\Skytron\Desktop\HIJACK THIS
2013-07-17 18:20 - 2013-07-17 18:20 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\Malwarebytes
2013-07-17 18:19 - 2013-07-17 18:19 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2013-07-17 18:19 - 2013-07-17 18:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-17 18:13 - 2013-07-17 18:13 - 00000000 ____D C:\Windows\ERUNT
2013-07-16 07:33 - 2013-07-16 07:25 - 00000000 ____D C:\Users\Skytron\Desktop\FARBAR SERVICE SCANNER
2013-07-16 07:30 - 2013-07-16 07:24 - 00000000 ____D C:\Users\Skytron\Desktop\MBR SCAN
2013-07-14 16:14 - 2013-07-14 15:56 - 14957784 _____ C:\Users\Skytron\Desktop\Linha Defensiva - Remoção de Vírus.flv
2013-07-14 06:43 - 2009-07-14 15:11 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-14 06:43 - 2009-07-14 02:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-14 06:43 - 2009-07-14 02:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-13 19:58 - 2013-06-14 20:14 - 00000000 ____D C:\Users\Skytron
2013-07-13 19:58 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\registration
2013-07-13 19:58 - 2009-07-14 00:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-12 19:21 - 2013-07-12 19:21 - 00000000 ____D C:\Program Files\CPUID
2013-07-11 09:37 - 2013-07-11 09:37 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\dll-files.com
2013-07-11 09:01 - 2013-07-11 08:43 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-11 08:57 - 2013-07-11 08:57 - 00003062 _____ C:\Windows\System32\Tasks\{643709A2-B6AA-42C4-AB63-79A82F4EBAAD}
2013-07-11 08:44 - 2013-07-11 08:44 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-11 08:44 - 2013-07-11 08:44 - 00000000 _____ C:\autoexec.bat
2013-07-11 06:30 - 2013-07-11 06:01 - 00196674 _____ (Networks Associates Technologies, Inc.) C:\Windows\SysWOW64\rupdate.dll
2013-07-11 06:27 - 2013-07-11 06:27 - 00003080 _____ C:\Windows\System32\Tasks\{371C2A19-A36B-4FB2-A237-0CA417A9F615}
2013-07-11 06:02 - 2013-07-11 06:02 - 00003062 _____ C:\Windows\System32\Tasks\{2A0B5570-DD0E-4D8B-97DB-0A260FF691B9}
2013-07-11 05:54 - 2013-07-11 05:53 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\WinRAR
2013-07-11 05:53 - 2013-07-11 05:53 - 00001072 _____ C:\Users\Public\Desktop\WinRAR.lnk
2013-07-11 05:53 - 2013-07-11 05:53 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-07-11 05:53 - 2013-07-11 05:53 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-07-11 04:18 - 2013-07-11 04:20 - 00008037 _____ C:\Users\Skytron\Desktop\zoek-results.log
2013-07-11 04:14 - 2013-07-11 04:22 - 00024064 _____ C:\Windows\zoek-delete.exe
2013-07-11 03:45 - 2013-07-11 03:45 - 01273625 _____ C:\Users\Skytron\Desktop\zoek.exe
2013-07-09 22:16 - 2009-07-14 02:08 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-09 17:10 - 2013-06-24 15:41 - 00000000 ____D C:\Users\Todos os Usuários\Freemake
2013-07-09 17:10 - 2013-06-24 15:41 - 00000000 ____D C:\Users\Skytron\Documents\Freemake
2013-07-09 17:10 - 2013-06-24 15:41 - 00000000 ____D C:\ProgramData\Freemake
2013-07-09 17:09 - 2013-06-24 15:41 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-07-09 15:42 - 2013-07-09 15:42 - 00051496 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2013-07-09 15:08 - 2013-07-09 15:08 - 00001173 _____ C:\Users\Skytron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2013-07-08 20:05 - 2013-07-02 23:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-08 19:56 - 2013-07-08 19:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\Skytron\Desktop\HijackThis.exe
2013-07-08 19:37 - 2013-07-08 19:37 - 00000000 ____D C:\_OTL
2013-07-08 16:50 - 2013-07-08 16:49 - 02543616 _____ C:\Users\Skytron\Desktop\00latest-x64.msi
2013-07-08 16:49 - 2013-07-08 16:49 - 02039808 _____ C:\Users\Skytron\Desktop\00latest-x86.msi
2013-07-03 17:16 - 2013-07-03 17:16 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-07-03 17:15 - 2013-06-16 16:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-03 17:12 - 2013-06-17 00:07 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-07-03 09:18 - 2013-06-26 20:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-02 18:10 - 2013-06-21 17:56 - 00001143 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-01 08:27 - 2013-06-18 05:09 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


safeboot: ==> The system is configured to boot to Safe Mode <===== ATTENTION!


LastRegBack: 2013-07-28 18:02

==================== End Of Log ============================

Arquivo(s) anexado(s)



#18
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 23.396 posts

Ok,
 
Selecione e copie o texto dentro do CODE. Abra o Bloco de notas e cole o que copiou. Salve então no desktop com o nome de fixlist.txt
 

start
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qword.com/?s=1
SearchScopes: HKCU - {F48DA960-0FD9-4BB5-9826-C0C271C6C74D} URL = http://www.qword.com/search.php?q={searchTerms}&s=2
FF NetworkProxy: "autoconfig_url", "http://localhost:9000/proxy.pac"
FF NetworkProxy: "type", 2
2013-07-28 16:29 - 2013-07-29 18:07 - 00000000 _____ C:\END
Task: {D3BB4D53-2055-4F24-8FD3-4281D4D07F94} - System32\Tasks\Browser Updater\Browser Updater => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)
end

 
Execute o FRST64 Clique no botão Fix.

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.
 
Selecione, copie e cole o conteúdo deste log em sua próxima resposta.
 
Poste também um novo log do HijackThis.



#19
Moisés A. 1

Moisés A. 1

    Novato

  • Novato
  • Pip
  • 12 posts

Bom dia Carlos Turco! Segue abaixo o conteúdo do log do Fixlog.txt e também o arquivo anexo do HijackThis. Obrigado pela força! Tenha um bom dia!!!!!!!!!!!!!!!!!!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-07-2013 03
Ran by Skytron at 2013-08-01 07:45:38 Run:1
Running from C:\Users\Skytron\Desktop
Boot Mode: Normal
==============================================

HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F48DA960-0FD9-4BB5-9826-C0C271C6C74D} => Key deleted successfully.
HKCR\CLSID\{F48DA960-0FD9-4BB5-9826-C0C271C6C74D} => Key not found.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
C:\END => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D3BB4D53-2055-4F24-8FD3-4281D4D07F94} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3BB4D53-2055-4F24-8FD3-4281D4D07F94} => Key not found.
C:\Windows\System32\Tasks\Browser Updater\Browser Updater => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Updater\Browser Updater => Key deleted successfully.

==== End of Fixlog ====

Arquivo(s) anexado(s)



#20
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 23.396 posts

Desative temporariamente seu Antivírus 

  • Segure o botão Ctrl e clique neste link para abrir o ESET Online Scanner em uma nova janela.
  • Clique neste botão: j9Byf.png?1
  • Para navegadores alternativos: (Caso use o Internet Explorer, pule esta etapa)esetsmartinstaller_enu.png
    • Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Intaller. Salve-o em seu desktop.
    • Duplo clique no ícone em seu desktop.
  • Marque "YES, I accept the Terms of Use."
  • Clique em Start.
  • Aceite qualquer aviso de segurança de seu browser.
  • Em scan settings, marque "Scan Archives" e "Remove found threats"
  • Clique em Advanced settings e marque o seguinte:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas.
  • Quando o scan terminar, clique em List Threats
  • Copie e cole o conteúdo em sua próxima resposta. Obs: Se nada for encontrado, nenhum log será gerado.
  • Clique em Back.
  • Clique em Finish.

Poste também um novo log do HijackThis.