Moisés A. 1

Problemas sérios com a TBUpdater.dll

23 posts in this topic

Olá! Boa dia a todos! Estou com um pequeno problema em relação a uma dll. A situação é a seguinte: Alguns dias atrás eu baixei um programa que se chama "adwcleaner" para arrancar vários adwares que estavam bagunçando com os meus navegadores. Resumindo, toda vez que ligo o meu pc aparece a seguinte mensagem: “Houve um problema na inicialização do C:\Program Files(x86)\Home Tab\TBUpdate.dll” “ Não foi possível encontrar o módulo especificado”.  Neste caso como devo agir? Obrigado a todos! Um forte abraço! Fiquem com Deus!

Obs: Os relatórios já foram anexados!

hijackthis.log

FSS.txt

MbrScan.log

Share this post


Link to post
Share on other sites

Moisés A. 1,

 

Por favor, observe o seguinte:

  • NÃO tente realizar sozinho nenhum procedimento de limpeza. Em especial, não execute por conta própria ferramentas utilizadas no fórum Remoção de Malware. O uso indevido de algumas ferramentas poderá danificar o seu computador ou, no mínimo, remover parcialmente os sinais de uma infecção que serviriam de informação ao analista. A equipe não será responsabilizada por consequências resultantes de uso indevido e/ou não-informado das ferramentas. - Regra nº8 da Remoção de Malwares
  • Não inicie novo tópico sobre esse problema. Poste suas respostas sempre neste tópico.
  • Clique em button_seguir.png (se localiza no canto superior direito do post principal) para que receba notificação por e-mail quando o mesmo for respondido. Você também pode verificar os tópicos assinados usando a opção Conteúdo que sigo acessível através do Painel de Controle do fórum.
  • As análises podem levar algum tempo, portanto seja paciente.
  • As instruções são específicas para o seu computador, e devem ser aplicadas somente nele.
  • Se algo der errado, não importa. Sempre acompanhe seu tópico, informando-me dos resultados, até que seu computador esteja limpo.
  • Aviso: Evite utilizar as tags <QUOTE> ou <CODE> nos logs, isso prejudica a leitura na hora da analise.
  • Não abandone seu tópico. Para nós é importante saber se a remoção foi bem sucedida.
  • Se você não receber uma resposta minha em até 5 dias. Me envie uma MP

 

Execute os procedimentos abaixo.

1)

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe 1268r49.png e salve no desktop. Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

* No Windows Vista e Windows 7:

Clique com o direito sobre o JRT.exe e selecione run_as_adm1.png

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

2)

Baixe o Malwarebytes' Anti-Malware (MBAM)
http://www.majorgeek..._malware,1.html

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  • Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  • Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  • Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Em caso de dúvidas, leia o tutorial do programa:
http://linhadefensiv...showtopic=75554

 

 

3)

 

Poste um novo log do HijackThis.

Share this post


Link to post
Share on other sites

Ok,

 

Faça o download do OTL by OldTimer, e salve na sua área de trabalho:
http://oldtimer.geekstogo.com/OTL.exe

** Usuários do Windows Vista e Windows 7/8:
Clique com o direito sobre o arquivo OTL.exe, depois clique em execadmin.png
.

Onde diz Saída, marque Padrão
Marque também estas opções:

  • Data de Criação -> mude para 90 dias
  • Usar WhiteList para Nomes de Companhias.

  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

netsvcs
%SYSTEMDRIVE%\*.*
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%PROGRAMFILES%(x86)\*.*
%LOCALAPPDATA%\*.exe
%LOCALAPPDATA%\*.txt
%LOCALAPPDATA%\*.ini
%LOCALAPPDATA%\*.dll
%LOCALAPPDATA%\*.dat
%USERPROFILE%\*.exe
%USERPROFILE%\*.txt
%USERPROFILE%\*.ini
%USERPROFILE%\*.dll
%USERPROFILE%\*.dat /30
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.com
%systemroot%\*.scr
%appdata%\*.*
%programdata%\*.*
%programdata%\*.exe /s
%programdata%\*.dll /s
%PROGRAMFILES%\Internet Explorer\*.*
C:\windows\system32\Tasks\*.* /64
%windir%\tasks\*.* /s

CREATERESTOREPOINT
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP
HKCU\Software\Microsoft\Internet Explorer\Downloads

%systemdrive%\$Recycle.Bin|@;true;true;true /fp
Net User /c

/md5start

services.*

/md5stop

 

Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão verif.png

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt
Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.
Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.

Share this post


Link to post
Share on other sites

Boa tarde Carlos Turco! Como vai você? Carlos Turco, eu tive de compactar os arquivos porque eles eram muito grandes. Segue abaixo o arquivos anexados e comapctados do "Extra.txt" e do "OTL.txt":

 

Carlos Turco muito obrigado pela ajuda. Mais uma vez, obrigado por contar com o vosso apoio e com a ajuda deste valioso site! Que Deus o abençoe!!!!!!!!!!!!

Extras.txt e OTL.txt.rar

Edited by Moisés A. 1

Share this post


Link to post
Share on other sites

Ok,
 
1)
 
Selecione estas linhas dentro do CODE, clique com o direito sobre a seleção e escolha a opção copiar

OBS: Certifique-se de copiar começando pela letra e sinal de dois pontos ": O" de OTL.
 

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
FF - prefs.js..browser.search.order.1: "Improved Search"
FF - prefs.js..browser.search.useDBForOrder: true
O2 - BHO: (no name) - {da2e16d5-254c-4e11-8fed-2a1b201de379} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {da2e16d5-254c-4e11-8fed-2a1b201de379} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O33 - MountPoints2\{f564e4aa-dab2-11e2-9455-38607726c9ef}\Shell - "" = AutoRun
O33 - MountPoints2\{f564e4aa-dab2-11e2-9455-38607726c9ef}\Shell\AutoRun\command - "" = G:\SISetup.exe
[2013/07/11 05:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu Security
[2013/07/11 05:52:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Baidu Security
[2013/07/11 05:51:01 | 000,000,000 | ---D | C] -- C:\Users\Skytron\AppData\Roaming\Baidu Security
[2013/07/18 16:34:49 | 000,032,206 | ---- | C] () -- C:\Users\Skytron\Desktop\Home tab TBUpdater.dll
[2013/07/18 16:11:07 | 000,003,112 | ---- | M] () -- C:\Windows\SysNative\Tasks\DLL-files.com Fixer

:files
C:\Program Files(x86)\Home Tab
ipconfig /flushdns /c

:Commands
[createrestorepoint]
[purity]
[emptytemp]

Execute o OTL.exe

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).
Clique no botão BotaoConsertar.png

O programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log
 
2)
 
Poste um novo log do HijackThis.

Share this post


Link to post
Share on other sites

Carlos Turco boa tarde! O "OTL" foi carregado autormaticamente, marquei as opções que eram necessárias, o script foi executado, temporariamente desativei o firewall e o antivírus para que não houvesse nenhuma interferência no processo, porém, o próprio "OTL" não solicitou que o meu pc fosse reiniciado. Segue abaixo o relatório do "OTL".  O arquivo do "HijackThis" já está anexado. Obrigado pela ajuda!!!!!!!!!!!!

========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Page| /E : value set successfully!
Prefs.js: "Improved Search" removed from browser.search.order.1
Prefs.js: true removed from browser.search.useDBForOrder
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{da2e16d5-254c-4e11-8fed-2a1b201de379}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da2e16d5-254c-4e11-8fed-2a1b201de379}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{da2e16d5-254c-4e11-8fed-2a1b201de379} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da2e16d5-254c-4e11-8fed-2a1b201de379}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f564e4aa-dab2-11e2-9455-38607726c9ef}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f564e4aa-dab2-11e2-9455-38607726c9ef}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f564e4aa-dab2-11e2-9455-38607726c9ef}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f564e4aa-dab2-11e2-9455-38607726c9ef}\ not found.
File G:\SISetup.exe not found.
C:\ProgramData\Baidu Security\PC Faster\3.2.0.29\sysopt folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster\3.2.0.29\Run\Disable folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster\3.2.0.29\Run folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster\3.2.0.29\Plugins\Plugin.LeakRepair\Hotfix folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster\3.2.0.29\Plugins\Plugin.LeakRepair folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster\3.2.0.29\Plugins folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster\3.2.0.29 folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster folder moved successfully.
C:\ProgramData\Baidu Security folder moved successfully.
C:\Program Files (x86)\Baidu Security\PC Faster\3.2.0.29 folder moved successfully.
C:\Program Files (x86)\Baidu Security\PC Faster folder moved successfully.
C:\Program Files (x86)\Baidu Security\Cloud Security folder moved successfully.
C:\Program Files (x86)\Baidu Security folder moved successfully.
C:\Users\Skytron\AppData\Roaming\Baidu Security\PC Faster\3.2.0.29\Uninstall\Baidu PC Faster Uninstall HK\0 folder moved successfully.
C:\Users\Skytron\AppData\Roaming\Baidu Security\PC Faster\3.2.0.29\Uninstall\Baidu PC Faster Uninstall HK folder moved successfully.
C:\Users\Skytron\AppData\Roaming\Baidu Security\PC Faster\3.2.0.29\Uninstall\Baidu PC Faster Uninstall\0 folder moved successfully.
C:\Users\Skytron\AppData\Roaming\Baidu Security\PC Faster\3.2.0.29\Uninstall\Baidu PC Faster Uninstall folder moved successfully.
C:\Users\Skytron\AppData\Roaming\Baidu Security\PC Faster\3.2.0.29\Uninstall folder moved successfully.
C:\Users\Skytron\AppData\Roaming\Baidu Security\PC Faster\3.2.0.29\Run\Disable folder moved successfully.
C:\Users\Skytron\AppData\Roaming\Baidu Security\PC Faster\3.2.0.29\Run folder moved successfully.
C:\Users\Skytron\AppData\Roaming\Baidu Security\PC Faster\3.2.0.29\RpData folder moved successfully.
C:\Users\Skytron\AppData\Roaming\Baidu Security\PC Faster\3.2.0.29\PopMsg folder moved successfully.
C:\Users\Skytron\AppData\Roaming\Baidu Security\PC Faster\3.2.0.29 folder moved successfully.
C:\Users\Skytron\AppData\Roaming\Baidu Security\PC Faster\1.19.0.2\RpData folder moved successfully.
C:\Users\Skytron\AppData\Roaming\Baidu Security\PC Faster\1.19.0.2 folder moved successfully.
C:\Users\Skytron\AppData\Roaming\Baidu Security\PC Faster folder moved successfully.
C:\Users\Skytron\AppData\Roaming\Baidu Security folder moved successfully.
C:\Users\Skytron\Desktop\Home tab TBUpdater.dll moved successfully.
C:\Windows\SysNative\Tasks\DLL-files.com Fixer moved successfully.
========== FILES ==========
File\Folder C:\Program Files(x86)\Home Tab not found.
< ipconfig /flushdns /c >
Configura‡Æo de IP do Windows
Libera‡Æo do Cache do DNS Resolver bem-sucedida.
C:\Users\Skytron\Desktop\cmd.bat deleted successfully.
C:\Users\Skytron\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 07192013_164111
 

hijackthis.log

Share this post


Link to post
Share on other sites

Ok,

 

Baixe o Kaspersky AVP Tool de um desses 2 links:
http://devbuilds.kas...builds/AVPTool/
http://dnl-us6.kaspe...builds/AVPTool/

OBS: Após o cadastro, escolha a versão 11 em Inglês e clique no botão btnversion10pt-br-1.png
Salve-o em sua área de trabalho.

  • Duplo clique no arquivo ”setup" e aguarde a instalação;
    ** Usuários do Windows Vista e Windows 7:
    Clique com o direito sobre o arquivo, depois clique em
    execadmin.png
  • Na próxima tela marque I accept the licence agreement e clique em Start
  • Clique no botão f4uZX.png e marque:
    • Meu computador
    • Disco local (C:) (a letra do disco local pode variar)
  • Clique em Actions e Desmarque os dois quadros.
    Zqewdl.jpg
  • Clique na aba Automatic Scan e logo depois em Start Scan.  Aguarde o término da verificação.
  • Clique no botão AouIc.png, em Detected threats e no botão "Save".
  • Copie o conteúdo do arquivo salvo (se houver algo detectado) e poste na sua próxima resposta.
  • Favor postar também um novo log do HijackThis.

Share this post


Link to post
Share on other sites

Carlos Turco boa tarde! Eu peço desculpas por demorado para responde-lo porém, infelizmente, o Kaspersky AVP Tool não está funcionando em meu pc em hipótese alguma. Ele sempre trava e de repente se fecha sozinho. Por causa desses fatos, eu ainda não postei nenhum log. Por uma questão de prudência, eu resolvi desativar o antivirus e o firewall temporariamente para que não houvesse nenhuma interferência no Kaspersky AVP Tool mas, essa atitude foi em vão. Como devo agir nesta situação? Obrigado pela atenção!

Share this post


Link to post
Share on other sites

Boa noite.
 

Como devo agir nesta situação? Obrigado pela atenção!

 
Já tentou no modo de segurança?

Share this post


Link to post
Share on other sites

Carlos Turco, bom dia! Eu reiniciei o meu pc para entrar no "Modo de Segurança" apertando a tecla "F8", depois desse procedimento, eu usei o "Kaspersky Virus Removal Tool" e, o mesmo, me apresentou uma mensagem dizendo que o banco de dados estava desatualizado. Pois bem, neste caso, todos nós sabemos que quando um computador está no "Modo de Segurança", não temos acesso à internet e nem ouvimos qualquer som do próprio sistema. Vale a pena usar o "Kaspersky Virus Removal Tool" nessas condições? Este software com o banco de dados desatualizado vai conseguir pegar algum arquivo malicioso e será que isso não atrapalhará a análize de vocês? Obrigado pela atenção! Tenha um ótimo dia!!!!!

Obs: O log do HijackThis eu conseguir postar porém, do Removal Virus Kaspersky Tool não foi possível por que ultrapassou os 500k. Como devo agir?

hijackthis.log

Share this post


Link to post
Share on other sites

Moisés A. 1,

 

Você pode baixar o Kaspersky novamente ou executar no modo de segurança com rede. Assim poderá atualizar o banco de dados. ;)

Share this post


Link to post
Share on other sites

Carlos Turco, boa noite! Carlos Turco, o problema também consiste no fato de ter que postar o log do Kaspersky Virus Removal Tool pois, o mesmo ultrapassa  500K e seu eu copiar o conteúdo para postar aqui, a situação não mudará em nada em termos de tamanho, ou seja, o arquivo continua sendo bastante extenso. Eu até consigo compactar o relatório do Kaspersky com o Winrar, tanto no formato .rar como no formato .zip, mas, na verdade, o problema está no fato de poder postá-lo. Como faço neste caso? Por outro lado, vou fazer aquilo que você havia recomendado para mim na postagem anterior. Ok? Valeu pela força e obrigado pela ajuda e uma boa noite!

Share this post


Link to post
Share on other sites

o log do Kaspersky Virus Removal Tool pois, o mesmo ultrapassa  500K e seu eu copiar o conteúdo para postar aqui

 

Possivelmente deixou de executar uma etapa importante:

 

Clique no botão AouIc.png, em Detected threats e no botão "Save".

Share this post


Link to post
Share on other sites

Bom dia.

 

Baixe o Farbar Recovery Scan  e salve na sua área de trabalho.
 
Dê um duplo-clique para executar a ferramenta. Aceite o contrato e depois clique no botão Scan.
 
Aguarde e ao final, os logs FRST.txt e Addition.txt serão salvos no seu desktop.
 
Selecione, copie e cole o conteúdo do FRST.txt em sua próxima resposta e anexe o Addition.txt

Share this post


Link to post
Share on other sites

Boa tarde Carlos Turco! Eu vou colar o conteúdo do FRST.txt e anexar o Addition.txt. Obrigado pela força!!!!!!!!!!!!!!!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by Skytron (administrator) on 31-07-2013 18:21:58
Running from C:\Users\Skytron\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: Portuguese Brazilian
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(HP) C:\Windows\system32\HPSIsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(OpenOffice.org) C:\Program Files (x86)\BrOffice.org 3\program\soffice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(OpenOffice.org) C:\Program Files (x86)\BrOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [internetDownload_upgrade] - C:\Program Files (x86)\Versalsoft\InternetDownload\InternetDownload.exe [394752 2010-03-09] (Internet Downloader)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)
IMEO\freemakeaudioconverter.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IMEO\freemakevideodownloader.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IMEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
Startup: C:\Users\Skytron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BrOffice.org 3.2.lnk
ShortcutTarget: BrOffice.org 3.2.lnk -> C:\Program Files (x86)\BrOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qword.com/?s=1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Before = http://www.google.com.br/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {F48DA960-0FD9-4BB5-9826-C0C271C6C74D} URL = http://www.qword.com/search.php?q={searchTerms}&s=2
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files (x86)\Versalsoft\InternetDownload\VDTB.dll ()
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files (x86)\Versalsoft\InternetDownload\VDTB.dll ()
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{967739FC-83B3-4DA7-A2D3-B9285A4232D4}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Users\Skytron\AppData\Roaming\Mozilla\Firefox\Profiles\tj21pk6d.default
FF NewTab: about:blank
FF Homepage: www.google.com.br
FF NetworkProxy: "autoconfig_url", "http://localhost:9000/proxy.pac"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: adblockpopups - C:\Users\Skytron\AppData\Roaming\Mozilla\Firefox\Profiles\tj21pk6d.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: No Name - C:\Users\Skytron\AppData\Roaming\Mozilla\Firefox\Profiles\tj21pk6d.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com.br/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Extension: (Freemake Video Downloader) - C:\Users\Skytron\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0
CHR Extension: (Freemake Youtube Download Button) - C:\Users\Skytron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh\1.0.0_0
CHR Extension: (RealDownloader) - C:\Users\Skytron\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Skytron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-06-13] (Freemake)
S4 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-06-25] (Ellora Assets Corp.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-31] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

R0 45876826; C:\Windows\System32\DRIVERS\45876826.sys [460888 2013-07-20] (Kaspersky Lab ZAO)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-02-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-02-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-04-15] (Marvell Semiconductor, Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-07-29] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
S3 cpuz135; \??\C:\Users\Skytron\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-31 18:21 - 2013-07-31 18:21 - 00000000 ____D C:\FRST
2013-07-31 16:25 - 2013-07-31 16:25 - 01781589 _____ (Farbar) C:\Users\Skytron\Desktop\FRST64.exe
2013-07-31 05:11 - 2013-07-31 06:12 - 891805188 _____ C:\Users\Skytron\Downloads\X.M3n.0r1g3ns.W0lv3r1n3.DVDRIP.Xvid.Dublado.rar
2013-07-31 05:11 - 2013-07-31 05:11 - 00184968 _____ C:\Users\Skytron\Desktop\addon.exe
2013-07-31 05:05 - 2013-07-31 06:44 - 891805188 _____ C:\Users\Skytron\Desktop\X.M3n.0r1g3ns.W0lv3r1n3.DVDRIP.Xvid.Dublado.rar
2013-07-31 04:06 - 2013-07-31 04:11 - 180909848 _____ (                                                            ) C:\Users\Skytron\Desktop\setup_9.0.0.722_31.07.2013_09-25.exe
2013-07-31 00:03 - 2013-07-31 00:03 - 00010736 _____ C:\Users\Skytron\Desktop\Relatório do hijackthis.txt
2013-07-31 00:02 - 2013-07-31 00:02 - 00010736 _____ C:\Users\Skytron\Desktop\hijackthis.log
2013-07-30 23:52 - 2013-07-30 23:52 - 00000214 _____ C:\Users\Skytron\Desktop\Relatório do Kaspersky Virus Removal Tool.txt
2013-07-30 17:36 - 2013-07-30 17:41 - 177123520 _____ C:\Users\Skytron\Desktop\setup_11.0.0.1245.x01_2013_07_23_10_15.exe
2013-07-30 17:34 - 2013-07-31 10:16 - 00000714 _____ C:\Windows\PFRO.log
2013-07-30 17:32 - 2013-07-30 17:32 - 00003738 _____ C:\Windows\System32\Tasks\Programa de atualização online DivX
2013-07-29 20:51 - 2013-07-29 20:54 - 00000000 ____D C:\Windows\system32\MRT
2013-07-29 19:06 - 2013-07-29 19:06 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\DivX
2013-07-29 18:19 - 2013-07-29 18:19 - 00001626 _____ C:\Users\Skytron\Desktop\DivX Movies.lnk
2013-07-29 18:18 - 2013-07-29 18:18 - 00001165 _____ C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-07-29 18:18 - 2013-07-29 18:18 - 00001125 _____ C:\Users\Public\Desktop\DivX Plus Player.lnk
2013-07-29 18:18 - 2013-07-29 18:18 - 00000000 ____D C:\Program Files\DivX
2013-07-29 18:08 - 2013-07-29 18:19 - 00000000 ____D C:\Program Files (x86)\DivX
2013-07-29 17:46 - 2013-07-29 18:19 - 00000000 ____D C:\Users\Todos os Usuários\DivX
2013-07-29 17:46 - 2013-07-29 18:19 - 00000000 ____D C:\ProgramData\DivX
2013-07-29 17:38 - 2013-07-29 17:43 - 00957248 _____ (DivX, LLC) C:\Users\Skytron\Desktop\DivXWebPlayerInstaller.exe
2013-07-29 17:13 - 2013-07-29 17:18 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UniversalSoft
2013-07-29 17:13 - 2013-07-29 17:13 - 00000000 ____D C:\Versalsoft
2013-07-29 17:13 - 2013-07-29 17:13 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Versalsoft Internet Download
2013-07-29 17:13 - 2013-07-29 17:13 - 00000000 ____D C:\Program Files (x86)\Versalsoft
2013-07-29 09:49 - 2013-07-31 17:53 - 00002184 _____ C:\Windows\setupact.log
2013-07-29 09:49 - 2013-07-29 09:49 - 00000000 _____ C:\Windows\setuperr.log
2013-07-29 08:15 - 2013-07-29 08:56 - 00000000 ____D C:\Users\Skytron\Desktop\HijackThis e Relatório do Kaspersky Virus Removal Tool
2013-07-29 07:29 - 2013-07-29 07:29 - 00000000 ____D C:\Users\Skytron\Desktop\Hijack This 70000111
2013-07-29 06:55 - 2013-07-29 06:55 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\BrOffice.org
2013-07-29 01:14 - 2013-07-29 01:14 - 00001122 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-29 01:14 - 2013-07-29 01:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-29 01:14 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-29 00:58 - 2013-07-29 00:58 - 00000117 _____ C:\Users\Skytron\Desktop\Site do Techtudo ensinando como colocar o _Modo de Segurança_ na aba _Inicialização do Sistema_ do MSConfig..txt
2013-07-28 16:49 - 2013-07-28 16:49 - 22544384 _____ C:\Users\Skytron\Desktop\mydiscimage.iso
2013-07-28 16:44 - 2013-07-28 16:49 - 22544384 _____ C:\Users\Skytron\Documents\mydiscimage.iso
2013-07-28 16:29 - 2013-07-29 18:07 - 00000000 _____ C:\END
2013-07-28 16:29 - 2013-07-28 16:29 - 00000000 ____D C:\Users\Todos os Usuários\ashampoo
2013-07-28 16:29 - 2013-07-28 16:29 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\Ashampoo
2013-07-28 16:29 - 2013-07-28 16:29 - 00000000 ____D C:\Users\Skytron\AppData\Local\ashampoo
2013-07-28 16:29 - 2013-07-28 16:29 - 00000000 ____D C:\ProgramData\ashampoo
2013-07-28 16:29 - 2013-07-28 16:29 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2013-07-28 16:06 - 2013-07-28 16:06 - 00000000 ____D C:\Users\Todos os Usuários\Canneverbe Limited
2013-07-28 16:06 - 2013-07-28 16:06 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\Canneverbe Limited
2013-07-28 16:06 - 2013-07-28 16:06 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2013-07-26 06:07 - 2013-07-26 06:07 - 00000000 ____D C:\Program Files\WDCSAM
2013-07-26 06:07 - 2013-07-26 06:07 - 00000000 ____D C:\Program Files\DIFX
2013-07-26 01:16 - 2013-07-26 01:16 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-07-19 19:58 - 2013-07-20 00:16 - 00460888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\45876826.sys
2013-07-19 19:44 - 2013-07-19 19:44 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-19 19:44 - 2013-07-19 19:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-19 19:33 - 2013-07-19 19:33 - 00815496 _____ (Adobe Systems Incorporated) C:\Users\Skytron\Desktop\uninstall_flash_player.exe
2013-07-19 19:28 - 2013-07-19 19:29 - 04190720 _____ C:\Users\Skytron\Desktop\install_flash_player_10_active_x.msi
2013-07-19 18:27 - 2013-07-19 18:27 - 07876512 _____ (Adobe Systems Inc.) C:\Users\Skytron\Desktop\Shockwave_Installer_Slim.exe
2013-07-19 18:21 - 2013-07-19 18:21 - 00002956 _____ C:\Windows\System32\Tasks\{169EA03B-5DB5-4A1D-976A-DF415F9E6443}
2013-07-19 16:59 - 2013-07-19 16:59 - 00000000 ____D C:\Users\Skytron\Desktop\Arquivos que serão anexados no Linha Defensiva
2013-07-19 07:34 - 2013-07-19 07:34 - 00000000 ____D C:\Users\Todos os Usuários\McAfee
2013-07-19 07:34 - 2013-07-19 07:34 - 00000000 ____D C:\ProgramData\McAfee
2013-07-18 18:03 - 2013-07-18 18:07 - 00000000 ____D C:\Users\Skytron\Desktop\Extras.txt e OTL.txt
2013-07-18 17:54 - 2013-07-18 17:55 - 12719620 _____ C:\Users\Skytron\Desktop\Como compactar um arquivo com o WinRAR.flv
2013-07-18 16:27 - 2013-07-18 16:27 - 00602112 _____ (OldTimer Tools) C:\Users\Skytron\Desktop\OTL.exe
2013-07-18 16:26 - 2013-07-18 18:02 - 00000000 ____D C:\Users\Skytron\Desktop\Pasta do otl
2013-07-17 18:20 - 2013-07-17 18:20 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\Malwarebytes
2013-07-17 18:19 - 2013-07-17 18:19 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2013-07-17 18:19 - 2013-07-17 18:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-17 18:13 - 2013-07-17 18:13 - 00000000 ____D C:\Windows\ERUNT
2013-07-17 07:35 - 2013-07-17 19:47 - 00000000 ____D C:\Users\Skytron\Desktop\Softwares Importantes - Linha Defensiva
2013-07-16 07:25 - 2013-07-16 07:33 - 00000000 ____D C:\Users\Skytron\Desktop\FARBAR SERVICE SCANNER
2013-07-16 07:24 - 2013-07-16 07:30 - 00000000 ____D C:\Users\Skytron\Desktop\MBR SCAN
2013-07-16 07:23 - 2013-07-17 18:31 - 00000000 ____D C:\Users\Skytron\Desktop\HIJACK THIS
2013-07-14 15:56 - 2013-07-14 16:14 - 14957784 _____ C:\Users\Skytron\Desktop\Linha Defensiva - Remoção de Vírus.flv
2013-07-13 22:12 - 2013-06-11 20:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-13 22:12 - 2013-06-11 20:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-13 22:12 - 2013-06-11 20:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-13 22:12 - 2013-06-11 20:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-13 22:12 - 2013-06-11 20:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-13 22:12 - 2013-06-11 20:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-13 22:12 - 2013-06-11 20:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-13 22:12 - 2013-06-11 20:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-13 22:12 - 2013-06-11 20:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-13 22:12 - 2013-06-11 20:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-13 22:12 - 2013-06-11 20:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-13 22:12 - 2013-06-11 20:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-13 22:12 - 2013-06-11 20:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-13 22:12 - 2013-06-11 20:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-13 22:12 - 2013-06-11 20:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-13 22:12 - 2013-06-11 20:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-13 22:12 - 2013-06-11 20:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-13 22:12 - 2013-06-11 20:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-13 22:12 - 2013-06-11 20:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-13 22:12 - 2013-06-11 20:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-13 22:12 - 2013-06-11 20:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-13 22:12 - 2013-06-11 20:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-13 22:12 - 2013-06-11 20:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-13 22:12 - 2013-06-11 20:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-13 22:12 - 2013-06-11 20:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-13 22:12 - 2013-06-11 20:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-13 22:12 - 2013-06-11 20:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-13 22:12 - 2013-06-11 19:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-13 22:12 - 2013-06-11 19:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-13 22:12 - 2013-06-07 00:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-13 22:12 - 2013-06-06 23:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-13 21:00 - 2013-06-05 00:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-13 21:00 - 2013-06-04 03:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-13 21:00 - 2013-06-04 01:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-13 21:00 - 2013-05-06 03:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-13 21:00 - 2013-05-06 01:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-13 20:59 - 2013-04-09 20:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-13 20:59 - 2013-04-02 19:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-12 19:21 - 2013-07-12 19:21 - 00000000 ____D C:\Program Files\CPUID
2013-07-11 09:37 - 2013-07-11 09:37 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\dll-files.com
2013-07-11 08:57 - 2013-07-11 08:57 - 00003062 _____ C:\Windows\System32\Tasks\{643709A2-B6AA-42C4-AB63-79A82F4EBAAD}
2013-07-11 08:44 - 2013-07-11 08:44 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-11 08:44 - 2013-07-11 08:44 - 00000000 _____ C:\autoexec.bat
2013-07-11 08:43 - 2013-07-11 09:01 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-11 06:27 - 2013-07-11 06:27 - 00003080 _____ C:\Windows\System32\Tasks\{371C2A19-A36B-4FB2-A237-0CA417A9F615}
2013-07-11 06:02 - 2013-07-11 06:02 - 00003062 _____ C:\Windows\System32\Tasks\{2A0B5570-DD0E-4D8B-97DB-0A260FF691B9}
2013-07-11 06:02 - 2013-04-11 16:12 - 00019392 _____ (Dll-Files.com) C:\Windows\system32\roboot64.exe
2013-07-11 06:01 - 2013-07-11 06:30 - 00196674 _____ (Networks Associates Technologies, Inc.) C:\Windows\SysWOW64\rupdate.dll
2013-07-11 05:53 - 2013-07-11 05:54 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\WinRAR
2013-07-11 05:53 - 2013-07-11 05:53 - 00001072 _____ C:\Users\Public\Desktop\WinRAR.lnk
2013-07-11 05:53 - 2013-07-11 05:53 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-07-11 05:53 - 2013-07-11 05:53 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-07-11 04:22 - 2013-07-11 04:14 - 00024064 _____ C:\Windows\zoek-delete.exe
2013-07-11 04:20 - 2013-07-11 04:18 - 00008037 _____ C:\Users\Skytron\Desktop\zoek-results.log
2013-07-11 03:45 - 2013-07-11 03:45 - 01273625 _____ C:\Users\Skytron\Desktop\zoek.exe
2013-07-10 07:08 - 2013-07-31 04:19 - 00000000 ____D C:\Users\Todos os Usuários\Kaspersky Lab
2013-07-10 07:08 - 2013-07-31 04:19 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-09 18:33 - 2013-07-18 18:12 - 00003584 _____ C:\Users\Skytron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-09 15:42 - 2013-07-09 15:42 - 00051496 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2013-07-09 15:08 - 2013-07-09 15:08 - 00001173 _____ C:\Users\Skytron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2013-07-08 19:56 - 2013-07-08 19:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\Skytron\Desktop\HijackThis.exe
2013-07-08 19:37 - 2013-07-08 19:37 - 00000000 ____D C:\_OTL
2013-07-08 16:49 - 2013-07-08 16:50 - 02543616 _____ C:\Users\Skytron\Desktop\00latest-x64.msi
2013-07-08 16:49 - 2013-07-08 16:49 - 02039808 _____ C:\Users\Skytron\Desktop\00latest-x86.msi
2013-07-03 17:16 - 2013-07-03 17:16 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-07-03 17:16 - 1999-12-31 21:00 - 02605400 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2013-07-03 17:16 - 1999-12-31 21:00 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2013-07-03 17:16 - 1999-12-31 21:00 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2013-07-03 17:16 - 1999-12-31 21:00 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2013-07-03 17:16 - 1999-12-31 21:00 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2013-07-03 17:16 - 1999-12-31 21:00 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 08363864 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 07163744 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 05096448 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2013-07-03 17:15 - 1999-12-31 21:00 - 04065296 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2013-07-03 17:15 - 1999-12-31 21:00 - 03615888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 02674320 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 02533952 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 02131288 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 01560168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2013-07-03 17:15 - 1999-12-31 21:00 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 01345368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 01262696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 01015640 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00869520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00537456 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00524656 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00449392 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00433504 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00396632 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00341336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00293889 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2013-07-03 17:15 - 1999-12-31 21:00 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00220776 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00202336 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00141152 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00123744 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00105616 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00074592 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2013-07-03 17:15 - 1999-12-31 21:00 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2013-07-02 23:09 - 2013-07-08 20:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-07-31 18:21 - 2013-07-31 18:21 - 00000000 ____D C:\FRST
2013-07-31 18:17 - 2013-06-16 16:12 - 00003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AC7EE339-6863-434B-9C5F-F6FDD0E96BAC}
2013-07-31 17:53 - 2013-07-29 09:49 - 00002184 _____ C:\Windows\setupact.log
2013-07-31 16:25 - 2013-07-31 16:25 - 01781589 _____ (Farbar) C:\Users\Skytron\Desktop\FRST64.exe
2013-07-31 16:25 - 2009-07-14 01:45 - 00039808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-31 16:25 - 2009-07-14 01:45 - 00039808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-31 16:21 - 2013-06-14 20:07 - 01363028 _____ C:\Windows\WindowsUpdate.log
2013-07-31 16:18 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-31 10:17 - 2013-06-14 20:17 - 00000000 ___RD C:\Users\Skytron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-31 10:16 - 2013-07-30 17:34 - 00000714 _____ C:\Windows\PFRO.log
2013-07-31 06:44 - 2013-07-31 05:05 - 891805188 _____ C:\Users\Skytron\Desktop\X.M3n.0r1g3ns.W0lv3r1n3.DVDRIP.Xvid.Dublado.rar
2013-07-31 06:12 - 2013-07-31 05:11 - 891805188 _____ C:\Users\Skytron\Downloads\X.M3n.0r1g3ns.W0lv3r1n3.DVDRIP.Xvid.Dublado.rar
2013-07-31 05:11 - 2013-07-31 05:11 - 00184968 _____ C:\Users\Skytron\Desktop\addon.exe
2013-07-31 04:19 - 2013-07-10 07:08 - 00000000 ____D C:\Users\Todos os Usuários\Kaspersky Lab
2013-07-31 04:19 - 2013-07-10 07:08 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-31 04:11 - 2013-07-31 04:06 - 180909848 _____ (                                                            ) C:\Users\Skytron\Desktop\setup_9.0.0.722_31.07.2013_09-25.exe
2013-07-31 00:03 - 2013-07-31 00:03 - 00010736 _____ C:\Users\Skytron\Desktop\Relatório do hijackthis.txt
2013-07-31 00:02 - 2013-07-31 00:02 - 00010736 _____ C:\Users\Skytron\Desktop\hijackthis.log
2013-07-30 23:52 - 2013-07-30 23:52 - 00000214 _____ C:\Users\Skytron\Desktop\Relatório do Kaspersky Virus Removal Tool.txt
2013-07-30 17:41 - 2013-07-30 17:36 - 177123520 _____ C:\Users\Skytron\Desktop\setup_11.0.0.1245.x01_2013_07_23_10_15.exe
2013-07-30 17:32 - 2013-07-30 17:32 - 00003738 _____ C:\Windows\System32\Tasks\Programa de atualização online DivX
2013-07-30 16:51 - 2013-06-16 15:38 - 00114672 _____ C:\Users\Skytron\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-29 21:33 - 2013-06-19 18:25 - 00000414 _____ C:\Windows\Tasks\SlimDrivers Startup.job
2013-07-29 21:33 - 2009-07-14 01:45 - 00443912 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-29 21:07 - 2013-06-19 18:57 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2013-07-29 21:07 - 2013-06-19 18:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-29 20:56 - 2009-07-13 23:34 - 00000478 _____ C:\Windows\win.ini
2013-07-29 20:54 - 2013-07-29 20:51 - 00000000 ____D C:\Windows\system32\MRT
2013-07-29 19:06 - 2013-07-29 19:06 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\DivX
2013-07-29 18:19 - 2013-07-29 18:19 - 00001626 _____ C:\Users\Skytron\Desktop\DivX Movies.lnk
2013-07-29 18:19 - 2013-07-29 18:08 - 00000000 ____D C:\Program Files (x86)\DivX
2013-07-29 18:19 - 2013-07-29 17:46 - 00000000 ____D C:\Users\Todos os Usuários\DivX
2013-07-29 18:19 - 2013-07-29 17:46 - 00000000 ____D C:\ProgramData\DivX
2013-07-29 18:18 - 2013-07-29 18:18 - 00001165 _____ C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-07-29 18:18 - 2013-07-29 18:18 - 00001125 _____ C:\Users\Public\Desktop\DivX Plus Player.lnk
2013-07-29 18:18 - 2013-07-29 18:18 - 00000000 ____D C:\Program Files\DivX
2013-07-29 18:07 - 2013-07-28 16:29 - 00000000 _____ C:\END
2013-07-29 18:01 - 2013-06-19 18:25 - 00016152 _____ C:\Windows\system32\Drivers\SWDUMon.sys
2013-07-29 18:01 - 2013-06-19 18:25 - 00002846 _____ C:\Windows\System32\Tasks\SlimDrivers Startup
2013-07-29 17:43 - 2013-07-29 17:38 - 00957248 _____ (DivX, LLC) C:\Users\Skytron\Desktop\DivXWebPlayerInstaller.exe
2013-07-29 17:18 - 2013-07-29 17:13 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UniversalSoft
2013-07-29 17:13 - 2013-07-29 17:13 - 00000000 ____D C:\Versalsoft
2013-07-29 17:13 - 2013-07-29 17:13 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Versalsoft Internet Download
2013-07-29 17:13 - 2013-07-29 17:13 - 00000000 ____D C:\Program Files (x86)\Versalsoft
2013-07-29 09:49 - 2013-07-29 09:49 - 00000000 _____ C:\Windows\setuperr.log
2013-07-29 08:56 - 2013-07-29 08:15 - 00000000 ____D C:\Users\Skytron\Desktop\HijackThis e Relatório do Kaspersky Virus Removal Tool
2013-07-29 07:29 - 2013-07-29 07:29 - 00000000 ____D C:\Users\Skytron\Desktop\Hijack This 70000111
2013-07-29 07:26 - 2013-06-14 20:15 - 00000000 ____D C:\Users\Skytron\AppData\Local\VirtualStore
2013-07-29 06:55 - 2013-07-29 06:55 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\BrOffice.org
2013-07-29 01:56 - 2013-06-25 14:13 - 00000000 ____D C:\Windows\pss
2013-07-29 01:14 - 2013-07-29 01:14 - 00001122 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-29 01:14 - 2013-07-29 01:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-29 00:58 - 2013-07-29 00:58 - 00000117 _____ C:\Users\Skytron\Desktop\Site do Techtudo ensinando como colocar o _Modo de Segurança_ na aba _Inicialização do Sistema_ do MSConfig..txt
2013-07-29 00:20 - 2013-06-19 17:05 - 00000000 ___RD C:\Users\Skytron\Desktop\PASTA DE SOFTWARES 2
2013-07-28 18:09 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\rescache
2013-07-28 16:49 - 2013-07-28 16:49 - 22544384 _____ C:\Users\Skytron\Desktop\mydiscimage.iso
2013-07-28 16:49 - 2013-07-28 16:44 - 22544384 _____ C:\Users\Skytron\Documents\mydiscimage.iso
2013-07-28 16:40 - 2013-06-21 02:44 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\vlc
2013-07-28 16:29 - 2013-07-28 16:29 - 00000000 ____D C:\Users\Todos os Usuários\ashampoo
2013-07-28 16:29 - 2013-07-28 16:29 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\Ashampoo
2013-07-28 16:29 - 2013-07-28 16:29 - 00000000 ____D C:\Users\Skytron\AppData\Local\ashampoo
2013-07-28 16:29 - 2013-07-28 16:29 - 00000000 ____D C:\ProgramData\ashampoo
2013-07-28 16:29 - 2013-07-28 16:29 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2013-07-28 16:07 - 2009-07-14 14:55 - 00663606 _____ C:\Windows\system32\prfh0416.dat
2013-07-28 16:07 - 2009-07-14 14:55 - 00127896 _____ C:\Windows\system32\prfc0416.dat
2013-07-28 16:07 - 2009-07-14 02:13 - 01517030 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-28 16:06 - 2013-07-28 16:06 - 00000000 ____D C:\Users\Todos os Usuários\Canneverbe Limited
2013-07-28 16:06 - 2013-07-28 16:06 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\Canneverbe Limited
2013-07-28 16:06 - 2013-07-28 16:06 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2013-07-26 09:46 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-26 06:07 - 2013-07-26 06:07 - 00000000 ____D C:\Program Files\WDCSAM
2013-07-26 06:07 - 2013-07-26 06:07 - 00000000 ____D C:\Program Files\DIFX
2013-07-26 01:16 - 2013-07-26 01:16 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-07-20 00:16 - 2013-07-19 19:58 - 00460888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\45876826.sys
2013-07-19 19:44 - 2013-07-19 19:44 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-19 19:44 - 2013-07-19 19:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-19 19:33 - 2013-07-19 19:33 - 00815496 _____ (Adobe Systems Incorporated) C:\Users\Skytron\Desktop\uninstall_flash_player.exe
2013-07-19 19:29 - 2013-07-19 19:28 - 04190720 _____ C:\Users\Skytron\Desktop\install_flash_player_10_active_x.msi
2013-07-19 18:27 - 2013-07-19 18:27 - 07876512 _____ (Adobe Systems Inc.) C:\Users\Skytron\Desktop\Shockwave_Installer_Slim.exe
2013-07-19 18:27 - 2013-06-24 15:38 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-07-19 18:21 - 2013-07-19 18:21 - 00002956 _____ C:\Windows\System32\Tasks\{169EA03B-5DB5-4A1D-976A-DF415F9E6443}
2013-07-19 17:35 - 2013-06-16 21:32 - 00000000 ____D C:\Users\Skytron\AppData\Local\Adobe
2013-07-19 16:59 - 2013-07-19 16:59 - 00000000 ____D C:\Users\Skytron\Desktop\Arquivos que serão anexados no Linha Defensiva
2013-07-19 07:34 - 2013-07-19 07:34 - 00000000 ____D C:\Users\Todos os Usuários\McAfee
2013-07-19 07:34 - 2013-07-19 07:34 - 00000000 ____D C:\ProgramData\McAfee
2013-07-18 18:12 - 2013-07-09 18:33 - 00003584 _____ C:\Users\Skytron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-18 18:07 - 2013-07-18 18:03 - 00000000 ____D C:\Users\Skytron\Desktop\Extras.txt e OTL.txt
2013-07-18 18:02 - 2013-07-18 16:26 - 00000000 ____D C:\Users\Skytron\Desktop\Pasta do otl
2013-07-18 17:55 - 2013-07-18 17:54 - 12719620 _____ C:\Users\Skytron\Desktop\Como compactar um arquivo com o WinRAR.flv
2013-07-18 16:27 - 2013-07-18 16:27 - 00602112 _____ (OldTimer Tools) C:\Users\Skytron\Desktop\OTL.exe
2013-07-17 19:47 - 2013-07-17 07:35 - 00000000 ____D C:\Users\Skytron\Desktop\Softwares Importantes - Linha Defensiva
2013-07-17 18:31 - 2013-07-16 07:23 - 00000000 ____D C:\Users\Skytron\Desktop\HIJACK THIS
2013-07-17 18:20 - 2013-07-17 18:20 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\Malwarebytes
2013-07-17 18:19 - 2013-07-17 18:19 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2013-07-17 18:19 - 2013-07-17 18:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-17 18:13 - 2013-07-17 18:13 - 00000000 ____D C:\Windows\ERUNT
2013-07-16 07:33 - 2013-07-16 07:25 - 00000000 ____D C:\Users\Skytron\Desktop\FARBAR SERVICE SCANNER
2013-07-16 07:30 - 2013-07-16 07:24 - 00000000 ____D C:\Users\Skytron\Desktop\MBR SCAN
2013-07-14 16:14 - 2013-07-14 15:56 - 14957784 _____ C:\Users\Skytron\Desktop\Linha Defensiva - Remoção de Vírus.flv
2013-07-14 06:43 - 2009-07-14 15:11 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-14 06:43 - 2009-07-14 02:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-14 06:43 - 2009-07-14 02:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-13 19:58 - 2013-06-14 20:14 - 00000000 ____D C:\Users\Skytron
2013-07-13 19:58 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\registration
2013-07-13 19:58 - 2009-07-14 00:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-12 19:21 - 2013-07-12 19:21 - 00000000 ____D C:\Program Files\CPUID
2013-07-11 09:37 - 2013-07-11 09:37 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\dll-files.com
2013-07-11 09:01 - 2013-07-11 08:43 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-11 08:57 - 2013-07-11 08:57 - 00003062 _____ C:\Windows\System32\Tasks\{643709A2-B6AA-42C4-AB63-79A82F4EBAAD}
2013-07-11 08:44 - 2013-07-11 08:44 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-11 08:44 - 2013-07-11 08:44 - 00000000 _____ C:\autoexec.bat
2013-07-11 06:30 - 2013-07-11 06:01 - 00196674 _____ (Networks Associates Technologies, Inc.) C:\Windows\SysWOW64\rupdate.dll
2013-07-11 06:27 - 2013-07-11 06:27 - 00003080 _____ C:\Windows\System32\Tasks\{371C2A19-A36B-4FB2-A237-0CA417A9F615}
2013-07-11 06:02 - 2013-07-11 06:02 - 00003062 _____ C:\Windows\System32\Tasks\{2A0B5570-DD0E-4D8B-97DB-0A260FF691B9}
2013-07-11 05:54 - 2013-07-11 05:53 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\WinRAR
2013-07-11 05:53 - 2013-07-11 05:53 - 00001072 _____ C:\Users\Public\Desktop\WinRAR.lnk
2013-07-11 05:53 - 2013-07-11 05:53 - 00000000 ____D C:\Users\Skytron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-07-11 05:53 - 2013-07-11 05:53 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-07-11 04:18 - 2013-07-11 04:20 - 00008037 _____ C:\Users\Skytron\Desktop\zoek-results.log
2013-07-11 04:14 - 2013-07-11 04:22 - 00024064 _____ C:\Windows\zoek-delete.exe
2013-07-11 03:45 - 2013-07-11 03:45 - 01273625 _____ C:\Users\Skytron\Desktop\zoek.exe
2013-07-09 22:16 - 2009-07-14 02:08 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-09 17:10 - 2013-06-24 15:41 - 00000000 ____D C:\Users\Todos os Usuários\Freemake
2013-07-09 17:10 - 2013-06-24 15:41 - 00000000 ____D C:\Users\Skytron\Documents\Freemake
2013-07-09 17:10 - 2013-06-24 15:41 - 00000000 ____D C:\ProgramData\Freemake
2013-07-09 17:09 - 2013-06-24 15:41 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-07-09 15:42 - 2013-07-09 15:42 - 00051496 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2013-07-09 15:08 - 2013-07-09 15:08 - 00001173 _____ C:\Users\Skytron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2013-07-08 20:05 - 2013-07-02 23:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-08 19:56 - 2013-07-08 19:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\Skytron\Desktop\HijackThis.exe
2013-07-08 19:37 - 2013-07-08 19:37 - 00000000 ____D C:\_OTL
2013-07-08 16:50 - 2013-07-08 16:49 - 02543616 _____ C:\Users\Skytron\Desktop\00latest-x64.msi
2013-07-08 16:49 - 2013-07-08 16:49 - 02039808 _____ C:\Users\Skytron\Desktop\00latest-x86.msi
2013-07-03 17:16 - 2013-07-03 17:16 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-07-03 17:15 - 2013-06-16 16:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-03 17:12 - 2013-06-17 00:07 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-07-03 09:18 - 2013-06-26 20:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-02 18:10 - 2013-06-21 17:56 - 00001143 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-01 08:27 - 2013-06-18 05:09 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


safeboot: ==> The system is configured to boot to Safe Mode <===== ATTENTION!


LastRegBack: 2013-07-28 18:02

==================== End Of Log ============================

Addition.txt

Share this post


Link to post
Share on other sites

Ok,
 
Selecione e copie o texto dentro do CODE. Abra o Bloco de notas e cole o que copiou. Salve então no desktop com o nome de fixlist.txt
 

start
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qword.com/?s=1
SearchScopes: HKCU - {F48DA960-0FD9-4BB5-9826-C0C271C6C74D} URL = http://www.qword.com/search.php?q={searchTerms}&s=2
FF NetworkProxy: "autoconfig_url", "http://localhost:9000/proxy.pac"
FF NetworkProxy: "type", 2
2013-07-28 16:29 - 2013-07-29 18:07 - 00000000 _____ C:\END
Task: {D3BB4D53-2055-4F24-8FD3-4281D4D07F94} - System32\Tasks\Browser Updater\Browser Updater => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)
end

 
Execute o FRST64 Clique no botão Fix.

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.
 
Selecione, copie e cole o conteúdo deste log em sua próxima resposta.
 
Poste também um novo log do HijackThis.

Share this post


Link to post
Share on other sites

Bom dia Carlos Turco! Segue abaixo o conteúdo do log do Fixlog.txt e também o arquivo anexo do HijackThis. Obrigado pela força! Tenha um bom dia!!!!!!!!!!!!!!!!!!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-07-2013 03
Ran by Skytron at 2013-08-01 07:45:38 Run:1
Running from C:\Users\Skytron\Desktop
Boot Mode: Normal
==============================================

HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F48DA960-0FD9-4BB5-9826-C0C271C6C74D} => Key deleted successfully.
HKCR\CLSID\{F48DA960-0FD9-4BB5-9826-C0C271C6C74D} => Key not found.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
C:\END => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D3BB4D53-2055-4F24-8FD3-4281D4D07F94} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3BB4D53-2055-4F24-8FD3-4281D4D07F94} => Key not found.
C:\Windows\System32\Tasks\Browser Updater\Browser Updater => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Updater\Browser Updater => Key deleted successfully.

==== End of Fixlog ====

hijackthis.log

Share this post


Link to post
Share on other sites

Desative temporariamente seu Antivírus 

  • Segure o botão Ctrl e clique neste link para abrir o ESET Online Scanner em uma nova janela.
  • Clique neste botão: j9Byf.png?1
  • Para navegadores alternativos: (Caso use o Internet Explorer, pule esta etapa)esetsmartinstaller_enu.png
    • Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Intaller. Salve-o em seu desktop.
    • Duplo clique no ícone em seu desktop.
  • Marque "YES, I accept the Terms of Use."
  • Clique em Start.
  • Aceite qualquer aviso de segurança de seu browser.
  • Em scan settings, marque "Scan Archives" e "Remove found threats"
  • Clique em Advanced settings e marque o seguinte:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas.
  • Quando o scan terminar, clique em List Threats
  • Copie e cole o conteúdo em sua próxima resposta. Obs: Se nada for encontrado, nenhum log será gerado.
  • Clique em Back.
  • Clique em Finish.

Poste também um novo log do HijackThis.

Share this post


Link to post
Share on other sites

Boa noite Carlos Turco! As informações de que você precisa já estão aqui! Obrigado pela atenção!

 

C:\$RECYCLE.BIN\S-1-5-21-1204410739-3933256132-3822942709-1000\$R1FY8Q5.exe    a variant of Win32/InstallCore.CA.gen application
C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll    a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe    a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe    a variant of Win32/Bundled.Toolbar.Ask.D application
C:\Users\Skytron\AppData\Local\Temp\ICReinstall_speccy-122536-32-bits.exe    a variant of Win32/InstallCore.CA.gen application
 

hijackthis.log

Share this post


Link to post
Share on other sites

Ok,

 

Os logs estão limpos. :)

 
Para finalizar:

  • iconjava.png Atualize o Java. Versões antigas têm vunerabilidades que alguns malwares podem usar para infectar seu sistema.
    • Faça download da última versão do Java SE 7u25.
    • Clique em JRE Download
    • Marque a caixa Accept License Agreement..
    • Clique no link para download Windows x86 Offline 30.25 MB jre-7u25-windows-i586.exe e salve no seu desktop.
    • Feche qualquer programa que esteja executando, especialmente navegadores.
    • Vá em Iniciar > Painel de Controle duplo clique em Adicionar ou Remover Programas e remova todas as versões antigas do Java.
      Exemplos de versões antigas
      Java 2 Runtime Environment, SE v1.4.2
      J2SE Runtime Environment 5.0
      J2SE Runtime Environment 5.0 Update 6
    • Selecione qualquer item com nome Java Runtime Environment (JRE ou J2SE).
    • Clique no botão Remover ou Alterar/Remover.
    • Repita quantas vezes for necessária para remover cada versão do Java.
    • Reincie seu computador uma vez que todas as versões do Java tenham sido removidas.
    • Agora vá no seu desktop, clique duas vezes em jre-7u25-windows-i586.exe para instalar a mais nova versão.
    • ATENÇÃO: Desmarque a caixa de instalação da ASK Toolbar.
  • iconadobe.png  Atualize o Adobe Reader. Versões antigas têm vulnerabilidades que são exploradas por malwares.

    Clique aqui e instale a mais nova versão.
  • iconflash.png Mantenha o Flash Player atualizado. Versões antigas também têm vulnerabilidades que são exploradas por malwares. Clique aqui e instale a mais nova versão.
  • worm.pngWorms USB (vírus de pendrive) podem infectar qualquer tipo de dispositivo de armazenamento removível (pendrives, mp3, mp4, celulares, cartões de memória, câmeras fotográficas). Este tipo de malware explora um recurso nativo do Windows chamado Autorun, ou Autoplay (é aquele assistente que aparece quando você insere um cd ou pendrive, perguntando com qual programa você deseja abri-lo). O Autoplay precisa de um arquivo chamado autorun.inf para funcionar.

    Mantenha um cópia limpa e protegida do arquivo autorun.inf em todos os dispositivos removíveis e em todas as unidades do sistema. Deste modo, se acaso você plugar o seu pendrive em algum pc infectado, o malware não vai conseguir sobreescrever o arquivo pré-existente. Mas ainda assim ele poderá copiar seus executáveis maliciosos para o pendrive, tais como .EXE, .SCR, .CMD, .PIF, .BAT, .COM.
    Se você plugar este pendrive em uma máquina limpa e executar algum desses arquivos maliciosos, esse sistema será infectado da mesma forma. Portanto, tenha cuidado e use o bom senso.

    Para criar um arquivo autorun.inf protegido no Windows XP:

    Faça o download do Flash_Disinfector.exe e salve na sua área de trabalho.
    • Conecte todos os dispositivos de armazenamento removível nas portas USBs. Salve o que achar necessário, EXCETO arquivos executáveis, depois formate as mídias, indo em Meu Computador e clicando com o direito sobre a unidade da mídia, escolhendo a opção "Formatar"
    • Execute o Flash_Disinfector.exe.
    • Vá seguindo os prompts que poderão aparecer.
    • Espere até que o programa conclua a busca e depois saia do programa.
    Para Windows Vista e 7: Panda USB Vaccine
  • TFC_icon.pngPara manutenção de sistema, remoção de arquivos temporários e inválidos, baixe TFC, by OldTimer.

    Feche TODOS os programas e execute o TFC. Clique no botão Start e aguarde. Sua área de trabalho irá desaparecer, não se preocupe, isso faz parte do processo.

    Tenha paciência, conforme a quantidade de dados a serem excluídos, o processo pode demorar mais de 2 minutos.

    Quando terminar, você será solicitado a reiniciar seu computador. REINICIE.

    Caso não lhe seja solicitado, reinicie manualmente.
  • iconwu.pngVisite o Windows Update regularmente e verifique por atualizações.
    Novas brechas de segurança são descobertas com freqüência. Muitos malwares exploram essas brechas, infectando sistemas sem depender de nenhuma ação do usuário. A Microsoft corrige essas brechas através das atualizações.
    Por isso é fundamental manter o seu sistema atualizado.
  • Desative e ative novamente a Restauração do Sistema.
  • Aprenda alguns cuidados e dicas para manter seu computador limpo. Leia o artigo Proteja seu pc:
    http://linhadefensiv...proteja-seu-pc/
  • Se não há mais nenhum problema relacionado a malwares, clique no botão denunld.png e peça para fecharem seu tópico.

Se você tiver alguma dúvida relacionada a informática e tecnologia, sinta-se à vontade para postar em qualquer área do forum Linha Defensiva.

Abraço. :legal:

Share this post


Link to post
Share on other sites

PROBLEMA RESOLVIDO


Caso queira solicitar a reabertura do tópico, utilize o botão Denunciar para entrar em contato com a moderação.

Nota: Somente o autor pode realizar essa solicitação na área Remoção de Malware.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.